Re: [Qemu-devel] error: qcrypto_random_bytes() tried to read from /dev/[u]random, even on windows

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: GM.Ijewski@web.de
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] error: qcrypto_random_bytes() tried to read from /dev/[u]random, even on windows
Date: Mon, 24 Apr 2017 13:50:16 +0100	[thread overview]
Message-ID: <20170424125016.GM20809@redhat.com> (raw)
In-Reply-To: <trinity-b0e235ed-b74e-40f5-b249-c73867fd5ee9-1493036276162@3capp-webde-bs07>

For subject line, better to describe the change made, rather than
the problem.

On Mon, Apr 24, 2017 at 02:17:56PM +0200, GM.Ijewski@web.de wrote:
> Now it calls CryptGenRandom() if is it compiled for windows.
>  
> It might be possible to save the cryptographic provider in between
> invocations, e.g. by making it static -- I have no idea how computationally
> intensive that operation actually is.

I'd think most people should really just enable gnutls during build. This just
has to provide a fallback that's good enough to be functional. If someone really
cares about performance of this fallback, they can send patches later....

>
> Signed-off-by: Geert Martin Ijewski <gm.ijewski@web.de>
>  
> diff --git a/crypto/random-platform.c b/crypto/random-platform.c
> index 82b755a..7aa0476 100644
> --- a/crypto/random-platform.c
> +++ b/crypto/random-platform.c
> @@ -26,6 +26,7 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
>                           size_t buflen G_GNUC_UNUSED,
>                           Error **errp)
>  {
> +#ifndef _WIN32
>      int fd;
>      int ret = -1;
>      int got;
> @@ -61,4 +62,26 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
>   cleanup:
>      close(fd);
>      return ret;
> +#else
> +    HCRYPTPROV   hCryptProv;
> +
> +    if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
> +        if (NTE_BAD_KEYSET == GetLastError()) {
> +            if (!CryptAcquireContext(&hCryptProv, NULL, NULL,
> +                                     PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
> +                error_setg_errno(errp, GetLastError(),
> +                         "Unable to create cryptographic provider");

You forgot to "return -1' here

> +            }
> +        }

You need to have an 'else' branch here that reports an error too,
in cae the first CryptAcquireContext returns err != NTE_BSD_KEYSET.

> +    }
> +
> +    if (!CryptGenRandom(hCryptProv, buflen, buf)) {
> +        error_setg_errno(errp, GetLastError(),
> +                         "Unable to read random bytes");
> +        return -1;
> +    }
> +
> +    CryptReleaseContext(hCryptProv, 0);
> +    return 0;
> +#endif
>  }
> diff --git a/include/sysemu/os-win32.h b/include/sysemu/os-win32.h
> index ff18b23..4a5d908 100644
> --- a/include/sysemu/os-win32.h
> +++ b/include/sysemu/os-win32.h
> @@ -29,6 +29,7 @@
>  #include <winsock2.h>
>  #include <windows.h>
>  #include <ws2tcpip.h>
> +#include <Wincrypt.h>

It would be preferrable to put this in random-platform.c to avoid
polluting the global namespace

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

next prev parent reply	other threads:[~2017-04-24 12:50 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-24 12:17 [Qemu-devel] error: qcrypto_random_bytes() tried to read from /dev/[u]random, even on windows GM.Ijewski
2017-04-24 12:50 ` Daniel P. Berrange [this message]
2017-04-24 13:30   ` Peter Maydell
2017-04-24 13:36     ` Daniel P. Berrange
2017-04-24 13:52       ` Peter Maydell
2017-04-24 13:57         ` Daniel P. Berrange
2017-04-24 14:05           ` Peter Maydell
2017-04-24 15:41             ` Daniel P. Berrange
2017-04-24 15:42               ` Peter Maydell
2017-04-24 15:52                 ` Daniel P. Berrange
2017-04-24 16:33                   ` Geert Martin Ijewski
2017-04-24 16:39                     ` Daniel P. Berrange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170424125016.GM20809@redhat.com \
    --to=berrange@redhat.com \
    --cc=GM.Ijewski@web.de \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.