From: Daniel P. Berrangé <berra...@redhat.com> Both gnutls and gcrypt can be configured to exclude support for certain algorithms via a runtime check against system crypto policies. Thus it is not sufficient to have a compile time test for hash support in their pbkdf implementations.
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> (cherry picked from commit e6c09ea4f9e5f8af92a6453642b84b9efd52892f) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c index a8d8e64f4d..bc0719c831 100644 --- a/crypto/pbkdf-gcrypt.c +++ b/crypto/pbkdf-gcrypt.c @@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash) case QCRYPTO_HASH_ALG_SHA384: case QCRYPTO_HASH_ALG_SHA512: case QCRYPTO_HASH_ALG_RIPEMD160: - return true; + return qcrypto_hash_supports(hash); default: return false; } diff --git a/crypto/pbkdf-gnutls.c b/crypto/pbkdf-gnutls.c index 2dfbbd382c..911b565bea 100644 --- a/crypto/pbkdf-gnutls.c +++ b/crypto/pbkdf-gnutls.c @@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash) case QCRYPTO_HASH_ALG_SHA384: case QCRYPTO_HASH_ALG_SHA512: case QCRYPTO_HASH_ALG_RIPEMD160: - return true; + return qcrypto_hash_supports(hash); default: return false; } -- 2.39.5