From nobody Wed May 14 07:07:04 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152605385156238.80147213136968; Fri, 11 May 2018 08:50:51 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 300437E42B; Fri, 11 May 2018 15:50:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 01633100195A; Fri, 11 May 2018 15:50:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B176E3FAD8; Fri, 11 May 2018 15:50:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4BFoNY1017743 for ; Fri, 11 May 2018 11:50:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3824D7D55C; Fri, 11 May 2018 15:50:23 +0000 (UTC) Received: from icr.brq.redhat.com (unknown [10.43.2.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id D155183B86 for ; Fri, 11 May 2018 15:50:22 +0000 (UTC) From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Date: Fri, 11 May 2018 17:50:15 +0200 Message-Id: <1305bd5706523581c896b238e58a73861107a754.1526053739.git.jtomko@redhat.com> In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 5/5] vircrypto: Rely on GnuTLS for hash functions X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 11 May 2018 15:50:50 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Ditch the use of gnulib's digest functions in favor of GnuTLS, which might be more likely to get FIPS-certified. Signed-off-by: J=C3=A1n Tomko --- bootstrap.conf | 2 -- src/util/vircrypto.c | 32 +++++++++++++++++++++++--------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 9559922fce..c4ef54ff13 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -37,8 +37,6 @@ connect configmake count-leading-zeros count-one-bits -crypto/md5 -crypto/sha256 dirname-lgpl environ execinfo diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 1a2dcc28b7..62a027353b 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -26,8 +26,6 @@ #include "viralloc.h" #include "virrandom.h" =20 -#include "md5.h" -#include "sha256.h" #ifdef WITH_GNUTLS # include # if HAVE_GNUTLS_CRYPTO_H @@ -41,15 +39,18 @@ VIR_LOG_INIT("util.crypto"); =20 static const char hex[] =3D "0123456789abcdef"; =20 +#define VIR_CRYPTO_LARGEST_DIGEST_SIZE VIR_CRYPTO_HASH_SIZE_SHA256 + +#if WITH_GNUTLS + struct virHashInfo { - void *(*func)(const char *buf, size_t len, void *res); + gnutls_digest_algorithm_t algorithm; size_t hashlen; } hashinfo[] =3D { - { md5_buffer, MD5_DIGEST_SIZE }, - { sha256_buffer, SHA256_DIGEST_SIZE }, + { GNUTLS_DIG_MD5, VIR_CRYPTO_HASH_SIZE_MD5 }, + { GNUTLS_DIG_SHA256, VIR_CRYPTO_HASH_SIZE_SHA256 }, }; =20 -#define VIR_CRYPTO_LARGEST_DIGEST_SIZE SHA256_DIGEST_SIZE =20 verify(ARRAY_CARDINALITY(hashinfo) =3D=3D VIR_CRYPTO_HASH_LAST); =20 @@ -58,20 +59,33 @@ virCryptoHashBuf(virCryptoHash hash, const char *input, unsigned char *output) { + int rc; if (hash >=3D VIR_CRYPTO_HASH_LAST) { virReportError(VIR_ERR_INVALID_ARG, _("Unknown crypto hash %d"), hash); return -1; } =20 - if (!(hashinfo[hash].func(input, strlen(input), output))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to compute hash of data")); + rc =3D gnutls_hash_fast(hashinfo[hash].algorithm, input, strlen(input)= , output); + if (rc < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to compute hash of data: %s"), + gnutls_strerror(rc)); return -1; } =20 return 0; } +#else +int +virCryptoHashBuf(virCryptoHash hash, + const char *input ATTRIBUTE_UNUSED, + unsigned char *output ATTRIBUTE_UNUSED) +{ + virReportError(VIR_ERR_INVALID_ARG, + _("algorithm=3D%d is not supported"), hash); +} +#endif =20 int virCryptoHashString(virCryptoHash hash, --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list