From: Eric Blake <eblake@redhat.com>
To: Alberto Garcia <berto@igalia.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <famz@redhat.com>,
qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v1 1/2] crypto: use glib as fallback for hash algorithm
Date: Wed, 6 Jul 2016 08:53:56 -0600 [thread overview]
Message-ID: <577D1B84.9040203@redhat.com> (raw)
In-Reply-To: <w518txfc713.fsf@maestria.local.igalia.com>
[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]
On 07/06/2016 05:58 AM, Alberto Garcia wrote:
> On Tue 05 Jul 2016 12:49:59 PM CEST, "Daniel P. Berrange" <berrange@redhat.com> wrote:
>
>> GLib >= 2.16 provides GChecksum API which is good enough
>> for md5, sha1, sha256 and sha512. Use this as a final
>> fallback if neither nettle or gcrypt are available. This
>> lets us remove the stub hash impl, and so callers can
>> be sure those 4 algs are always available at compile
>> time. They may still be disabled at runtime, so a check
>> for qcrypto_hash_supports() is still best practice to
>> report good error messages.
>
> Sorry if I missed the explanation, but how do you disable them at
> runtime ?
FIPS is a common case where portions of a crypto lib are disabled at
runtime based on whether the system is running in FIPS mode or not. I
don't think any of the hashes in the glib fallback are necessarily
covered by FIPS disabling, so much as the qcrypto interface being
interested in generically catering to this behavior across the various
implementations.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2016-07-06 14:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-05 10:49 [Qemu-devel] [PATCH v1 0/2] Use GChecksum as fallback hash impl Daniel P. Berrange
2016-07-05 10:49 ` [Qemu-devel] [PATCH v1 1/2] crypto: use glib as fallback for hash algorithm Daniel P. Berrange
2016-07-05 15:03 ` Eric Blake
2016-07-05 15:32 ` Daniel P. Berrange
2016-07-06 11:58 ` Alberto Garcia
2016-07-06 14:53 ` Eric Blake [this message]
2016-07-07 9:18 ` Daniel P. Berrange
2016-07-07 8:52 ` Alberto Garcia
2016-07-05 10:50 ` [Qemu-devel] [PATCH v1 2/2] Revert "block: don't register quorum driver if SHA256 support is unavailable" Daniel P. Berrange
2016-07-05 15:04 ` Eric Blake
2016-07-07 8:53 ` Alberto Garcia
2016-07-05 16:43 ` [Qemu-devel] [PATCH v1 3/2] crypto: don't open-code qcrypto_hash_supports Daniel P. Berrange
2016-07-05 22:26 ` Eric Blake
2016-07-07 8:55 ` Alberto Garcia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=577D1B84.9040203@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=berto@igalia.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).