[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] crypto: add "none" random provider
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH] crypto: add "none" random provider |
Date: |
Thu, 21 May 2020 11:07:20 +0100 |
User-agent: |
Mutt/1.13.4 (2020-02-15) |
On Wed, May 20, 2020 at 03:20:23PM +0200, Marek Marczykowski-Górecki wrote:
> In case of not using random-number needing feature, it makes sense to
> skip RNG init too. This is especially helpful when QEMU is sandboxed in
> Stubdomain under Xen, where there is very little entropy so initial
> getrandom() call delays the startup several seconds. In that setup, no
> random bytes are needed at all.
>
> Signed-off-by: Marek Marczykowski-Górecki <address@hidden>
> ---
> configure | 11 +++++++++++
> crypto/Makefile.objs | 3 ++-
> crypto/random-none.c | 38 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 51 insertions(+), 1 deletion(-)
> create mode 100644 crypto/random-none.c
>
> diff --git a/configure b/configure
> index 26084fc53a..79a3affe70 100755
> --- a/configure
> +++ b/configure
> @@ -509,6 +509,7 @@ libpmem=""
> default_devices="yes"
> plugins="no"
> fuzzing="no"
> +rng_none="no"
>
> supported_cpu="no"
> supported_os="no"
> @@ -1601,6 +1602,10 @@ for opt do
> ;;
> --gdb=*) gdb_bin="$optarg"
> ;;
> + --enable-rng-none) rng_none=yes
> + ;;
> + --disable-rng-none) rng_none=no
> + ;;
> *)
> echo "ERROR: unknown option $opt"
> echo "Try '$0 --help' for more information"
> @@ -1894,6 +1899,7 @@ disabled with --disable-FEATURE, default is enabled if
> available:
> debug-mutex mutex debugging support
> libpmem libpmem support
> xkbcommon xkbcommon support
> + rng-none dummy RNG, avoid using /dev/(u)random and getrandom()
>
> NOTE: The object files are built at the place where configure is launched
> EOF
> @@ -6733,6 +6739,7 @@ echo "default devices $default_devices"
> echo "plugin support $plugins"
> echo "fuzzing support $fuzzing"
> echo "gdb $gdb_bin"
> +echo "rng-none $rng_none"
>
> if test "$supported_cpu" = "no"; then
> echo
> @@ -7705,6 +7712,10 @@ if test "$edk2_blobs" = "yes" ; then
> echo "DECOMPRESS_EDK2_BLOBS=y" >> $config_host_mak
> fi
>
> +if test "$rng_none" = "yes"; then
> + echo "CONFIG_RNG_NONE=y" >> $config_host_mak
> +fi
> +
> # use included Linux headers
> if test "$linux" = "yes" ; then
> mkdir -p linux-headers
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index c2a371b0b4..cdee92b4e5 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -35,5 +35,6 @@ crypto-obj-y += block-luks.o
>
> util-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
> util-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
> -util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) +=
> random-platform.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if
> $(CONFIG_GNUTLS),n,$(CONFIG_RNG_NONE))) += random-none.o
> +util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(if
> $(CONFIG_RNG_NONE),n,y))) += random-platform.o
> util-obj-y += aes.o init.o
> diff --git a/crypto/random-none.c b/crypto/random-none.c
> new file mode 100644
> index 0000000000..102f8a4dce
> --- /dev/null
> +++ b/crypto/random-none.c
> @@ -0,0 +1,38 @@
> +/*
> + * QEMU Crypto "none" random number provider
> + *
> + * Copyright (c) 2020 Marek Marczykowski-Górecki
> + * <address@hidden>
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see
> <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "crypto/random.h"
> +#include "qapi/error.h"
> +
> +int qcrypto_random_init(Error **errp)
> +{
> + return 0;
> +}
> +
> +int qcrypto_random_bytes(void *buf,
> + size_t buflen,
> + Error **errp)
> +{
> + error_setg(errp, "Random bytes not available with \"none\" rng");
> + return -1;
> +}
Reviewed-by: Daniel P. Berrangé <address@hidden>
and queued.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|