From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [PATCH] crypto: add "none" random provider
Date: Thu, 21 May 2020 11:07:20 +0100 [thread overview]
Message-ID: <20200521100720.GC2211791@redhat.com> (raw)
In-Reply-To: <20200520132022.6913-1-marmarek@invisiblethingslab.com>
On Wed, May 20, 2020 at 03:20:23PM +0200, Marek Marczykowski-Górecki wrote:
> In case of not using random-number needing feature, it makes sense to
> skip RNG init too. This is especially helpful when QEMU is sandboxed in
> Stubdomain under Xen, where there is very little entropy so initial
> getrandom() call delays the startup several seconds. In that setup, no
> random bytes are needed at all.
>
> Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
> ---
> configure | 11 +++++++++++
> crypto/Makefile.objs | 3 ++-
> crypto/random-none.c | 38 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 51 insertions(+), 1 deletion(-)
> create mode 100644 crypto/random-none.c
>
> diff --git a/configure b/configure
> index 26084fc53a..79a3affe70 100755
> --- a/configure
> +++ b/configure
> @@ -509,6 +509,7 @@ libpmem=""
> default_devices="yes"
> plugins="no"
> fuzzing="no"
> +rng_none="no"
>
> supported_cpu="no"
> supported_os="no"
> @@ -1601,6 +1602,10 @@ for opt do
> ;;
> --gdb=*) gdb_bin="$optarg"
> ;;
> + --enable-rng-none) rng_none=yes
> + ;;
> + --disable-rng-none) rng_none=no
> + ;;
> *)
> echo "ERROR: unknown option $opt"
> echo "Try '$0 --help' for more information"
> @@ -1894,6 +1899,7 @@ disabled with --disable-FEATURE, default is enabled if available:
> debug-mutex mutex debugging support
> libpmem libpmem support
> xkbcommon xkbcommon support
> + rng-none dummy RNG, avoid using /dev/(u)random and getrandom()
>
> NOTE: The object files are built at the place where configure is launched
> EOF
> @@ -6733,6 +6739,7 @@ echo "default devices $default_devices"
> echo "plugin support $plugins"
> echo "fuzzing support $fuzzing"
> echo "gdb $gdb_bin"
> +echo "rng-none $rng_none"
>
> if test "$supported_cpu" = "no"; then
> echo
> @@ -7705,6 +7712,10 @@ if test "$edk2_blobs" = "yes" ; then
> echo "DECOMPRESS_EDK2_BLOBS=y" >> $config_host_mak
> fi
>
> +if test "$rng_none" = "yes"; then
> + echo "CONFIG_RNG_NONE=y" >> $config_host_mak
> +fi
> +
> # use included Linux headers
> if test "$linux" = "yes" ; then
> mkdir -p linux-headers
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index c2a371b0b4..cdee92b4e5 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -35,5 +35,6 @@ crypto-obj-y += block-luks.o
>
> util-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
> util-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
> -util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(CONFIG_RNG_NONE))) += random-none.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(if $(CONFIG_RNG_NONE),n,y))) += random-platform.o
> util-obj-y += aes.o init.o
> diff --git a/crypto/random-none.c b/crypto/random-none.c
> new file mode 100644
> index 0000000000..102f8a4dce
> --- /dev/null
> +++ b/crypto/random-none.c
> @@ -0,0 +1,38 @@
> +/*
> + * QEMU Crypto "none" random number provider
> + *
> + * Copyright (c) 2020 Marek Marczykowski-Górecki
> + * <marmarek@invisiblethingslab.com>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "crypto/random.h"
> +#include "qapi/error.h"
> +
> +int qcrypto_random_init(Error **errp)
> +{
> + return 0;
> +}
> +
> +int qcrypto_random_bytes(void *buf,
> + size_t buflen,
> + Error **errp)
> +{
> + error_setg(errp, "Random bytes not available with \"none\" rng");
> + return -1;
> +}
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
and queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2020-05-21 10:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 13:20 [PATCH] crypto: add "none" random provider Marek Marczykowski-Górecki
2020-05-21 10:07 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200521100720.GC2211791@redhat.com \
--to=berrange@redhat.com \
--cc=marmarek@invisiblethingslab.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).