On 07/06/2016 05:58 AM, Alberto Garcia wrote: > On Tue 05 Jul 2016 12:49:59 PM CEST, "Daniel P. Berrange" > <berra...@redhat.com> wrote: > >> GLib >= 2.16 provides GChecksum API which is good enough >> for md5, sha1, sha256 and sha512. Use this as a final >> fallback if neither nettle or gcrypt are available. This >> lets us remove the stub hash impl, and so callers can >> be sure those 4 algs are always available at compile >> time. They may still be disabled at runtime, so a check >> for qcrypto_hash_supports() is still best practice to >> report good error messages. > > Sorry if I missed the explanation, but how do you disable them at > runtime ?
FIPS is a common case where portions of a crypto lib are disabled at runtime based on whether the system is running in FIPS mode or not. I don't think any of the hashes in the glib fallback are necessarily covered by FIPS disabling, so much as the qcrypto interface being interested in generically catering to this behavior across the various implementations. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
