qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] crypto: add "none" random provider

From: Daniel P . Berrangé
Subject: Re: [PATCH] crypto: add "none" random provider
Date: Thu, 21 May 2020 11:07:20 +0100
User-agent: Mutt/1.13.4 (2020-02-15) 
On Wed, May 20, 2020 at 03:20:23PM +0200, Marek Marczykowski-Górecki wrote:
> In case of not using random-number needing feature, it makes sense to
> skip RNG init too. This is especially helpful when QEMU is sandboxed in
> Stubdomain under Xen, where there is very little entropy so initial
> getrandom() call delays the startup several seconds. In that setup, no
> random bytes are needed at all.
> 
> Signed-off-by: Marek Marczykowski-Górecki <address@hidden>
> ---
>  configure            | 11 +++++++++++
>  crypto/Makefile.objs |  3 ++-
>  crypto/random-none.c | 38 ++++++++++++++++++++++++++++++++++++++
>  3 files changed, 51 insertions(+), 1 deletion(-)
>  create mode 100644 crypto/random-none.c
> 
> diff --git a/configure b/configure
> index 26084fc53a..79a3affe70 100755
> --- a/configure
> +++ b/configure
> @@ -509,6 +509,7 @@ libpmem=""
>  default_devices="yes"
>  plugins="no"
>  fuzzing="no"
> +rng_none="no"
>  
>  supported_cpu="no"
>  supported_os="no"
> @@ -1601,6 +1602,10 @@ for opt do
>    ;;
>    --gdb=*) gdb_bin="$optarg"
>    ;;
> +  --enable-rng-none) rng_none=yes
> +  ;;
> +  --disable-rng-none) rng_none=no
> +  ;;
>    *)
>        echo "ERROR: unknown option $opt"
>        echo "Try '$0 --help' for more information"
> @@ -1894,6 +1899,7 @@ disabled with --disable-FEATURE, default is enabled if 
> available:
>    debug-mutex     mutex debugging support
>    libpmem         libpmem support
>    xkbcommon       xkbcommon support
> +  rng-none        dummy RNG, avoid using /dev/(u)random and getrandom()
>  
>  NOTE: The object files are built at the place where configure is launched
>  EOF
> @@ -6733,6 +6739,7 @@ echo "default devices   $default_devices"
>  echo "plugin support    $plugins"
>  echo "fuzzing support   $fuzzing"
>  echo "gdb               $gdb_bin"
> +echo "rng-none          $rng_none"
>  
>  if test "$supported_cpu" = "no"; then
>      echo
> @@ -7705,6 +7712,10 @@ if test "$edk2_blobs" = "yes" ; then
>    echo "DECOMPRESS_EDK2_BLOBS=y" >> $config_host_mak
>  fi
>  
> +if test "$rng_none" = "yes"; then
> +  echo "CONFIG_RNG_NONE=y" >> $config_host_mak
> +fi
> +
>  # use included Linux headers
>  if test "$linux" = "yes" ; then
>    mkdir -p linux-headers
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index c2a371b0b4..cdee92b4e5 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -35,5 +35,6 @@ crypto-obj-y += block-luks.o
>  
>  util-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
>  util-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
> -util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += 
> random-platform.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if 
> $(CONFIG_GNUTLS),n,$(CONFIG_RNG_NONE))) += random-none.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(if 
> $(CONFIG_RNG_NONE),n,y))) += random-platform.o
>  util-obj-y += aes.o init.o
> diff --git a/crypto/random-none.c b/crypto/random-none.c
> new file mode 100644
> index 0000000000..102f8a4dce
> --- /dev/null
> +++ b/crypto/random-none.c
> @@ -0,0 +1,38 @@
> +/*
> + * QEMU Crypto "none" random number provider
> + *
> + * Copyright (c) 2020 Marek Marczykowski-Górecki
> + *                      <address@hidden>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "crypto/random.h"
> +#include "qapi/error.h"
> +
> +int qcrypto_random_init(Error **errp)
> +{
> +    return 0;
> +}
> +
> +int qcrypto_random_bytes(void *buf,
> +                         size_t buflen,
> +                         Error **errp)
> +{
> +    error_setg(errp, "Random bytes not available with \"none\" rng");
> +    return -1;
> +}

Reviewed-by: Daniel P. Berrangé <address@hidden>


and queued.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
reply via email to
[Prev in Thread] Current Thread [Next in Thread]