From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PULL v1 1/3] crypto: use /dev/[u]random as a final fallback random source
Date: Thu, 21 Jul 2016 11:09:55 +0100 [thread overview]
Message-ID: <1469095797-5098-2-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1469095797-5098-1-git-send-email-berrange@redhat.com>
If neither gcrypt or gnutls are available to provide a
cryptographic random number generator, fallback to consuming
bytes directly from /dev/[u]random.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
crypto/Makefile.objs | 2 +-
crypto/{random-stub.c => random-platform.c} | 37 +++++++++++++++++++++++++++--
2 files changed, 36 insertions(+), 3 deletions(-)
rename crypto/{random-stub.c => random-platform.c} (52%)
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 1f86f4f..febffba 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -12,6 +12,7 @@ crypto-obj-y += tlssession.o
crypto-obj-y += secret.o
crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
+crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS_RND),n,y)) += random-platform.o
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
@@ -28,6 +29,5 @@ crypto-obj-y += block-luks.o
# Let the userspace emulators avoid linking gnutls/etc
crypto-aes-obj-y = aes.o
-stub-obj-y += random-stub.o
stub-obj-y += pbkdf-stub.o
stub-obj-y += hash-stub.o
diff --git a/crypto/random-stub.c b/crypto/random-platform.c
similarity index 52%
rename from crypto/random-stub.c
rename to crypto/random-platform.c
index 63bbf41..82b755a 100644
--- a/crypto/random-stub.c
+++ b/crypto/random-platform.c
@@ -26,6 +26,39 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
size_t buflen G_GNUC_UNUSED,
Error **errp)
{
- error_setg(errp, "No random byte source provided in this build");
- return -1;
+ int fd;
+ int ret = -1;
+ int got;
+
+ /* TBD perhaps also add support for BSD getentropy / Linux
+ * getrandom syscalls directly */
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd == -1 && errno == ENOENT) {
+ fd = open("/dev/random", O_RDONLY);
+ }
+
+ if (fd < 0) {
+ error_setg(errp, "No /dev/urandom or /dev/random found");
+ return -1;
+ }
+
+ while (buflen > 0) {
+ got = read(fd, buf, buflen);
+ if (got < 0) {
+ error_setg_errno(errp, errno,
+ "Unable to read random bytes");
+ goto cleanup;
+ } else if (!got) {
+ error_setg(errp,
+ "Unexpected EOF reading random bytes");
+ goto cleanup;
+ }
+ buflen -= got;
+ buf += got;
+ }
+
+ ret = 0;
+ cleanup:
+ close(fd);
+ return ret;
}
--
2.7.4
next prev parent reply other threads:[~2016-07-21 10:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-21 10:09 [Qemu-devel] [PULL v1 0/3] Merge qcrypto-next 2016/07/21 Daniel P. Berrange
2016-07-21 10:09 ` Daniel P. Berrange [this message]
2016-07-21 10:09 ` [Qemu-devel] [PULL v1 2/3] crypto: use glib as fallback for hash algorithm Daniel P. Berrange
2016-07-21 10:09 ` [Qemu-devel] [PULL v1 3/3] crypto: don't open-code qcrypto_hash_supports Daniel P. Berrange
2016-07-21 11:42 ` [Qemu-devel] [PULL v1 0/3] Merge qcrypto-next 2016/07/21 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1469095797-5098-2-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).