On 12/03/2013 11:08 PM, Eric Blake wrote:
> On 12/03/2013 03:44 PM, Eric Blake wrote:
>
>>
>> Libvirt would prefer a solution that uses nettle, at least when used in
>> RHEL.
>
> Correction: libvirt would prefer a solution that uses gnutls, and could
> live with a solution that uses openssl. Certification-wise, indirect
> use of nettle via gnutls is fine, but direct use of either nettle or
> libgcrypt raises eyebrows at Red Hat.
>
>>
>> if we have --enable-crypto={basic|nettle|openssl|gcrypt}, then distro
>> packagers can choose WHICH library they want to drag in, rather than
>> forcing a binary decision of using or avoiding a single library.
>
> Does gnutls also expose enough low-level crypto to be added to the list
> of libraries providing optimized crypto hashing?
Looks like it does:
http://www.gnutls.org/manual/html_node/Hash-and-HMAC-functions.html#Hash-and-HMAC-functions
