Use better PRNG

[libvirt] [PATCH 00/10] Use better PRNG

Posted by Michal Privoznik 5 years, 10 months ago

This is inspired by bug reported here [1]. Even though Eric suggested
calling this Linux syscall when building without gnutls [2] I've decided
to not implement it. Firstly, we build with gnuls everywhere (even
Windows), secondly I see no appealing reason to special case Linux -
/dev/urandom is good for both Linux and FreeBSD.

Once these are merged I'm probably going to send patch set that makes
gnutls mandatory. I'm tired of all those WITH_GNUTLS if-defs (esp. in
function arguments). But that is orthogonal to what I'm solving here.

Also, I'm not quite sure this is a release material, so I'm fine with
merging this after the release.

1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html
2: https://www.redhat.com/archives/libvirt-users/2018-May/msg00100.html

Michal Privoznik (10):
  virRandomBytes: Fix return value
  virCryptoGenerateRandom: rename ret
  virCryptoGenerateRandom: Explain gnults error
  virCryptoGenerateRandom: Don't allocate return buffer
  virRandomBytes: Prefer saferead over plain read
  virRandomBytes: Report error
  virRandomBytes: Use gnutls_rnd whenever possible
  virrandom: Make virRandomBits better
  virUUIDGenerate don't fall back to virRandomBits
  vircrypto: Drop virCryptoGenerateRandom

 src/libvirt_private.syms |   1 -
 src/qemu/qemu_domain.c   |  13 ++++--
 src/util/vircrypto.c     |  41 -------------------
 src/util/vircrypto.h     |   2 -
 src/util/virrandom.c     | 103 ++++++++++++++++-------------------------------
 src/util/viruuid.c       |  25 ++----------
 tests/qemuxml2argvmock.c |  13 ------
 tests/vircryptotest.c    |   4 +-
 8 files changed, 48 insertions(+), 154 deletions(-)

-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 00/10] Use better PRNG

Posted by Eric Blake 5 years, 10 months ago

On 05/29/2018 03:24 AM, Michal Privoznik wrote:
> This is inspired by bug reported here [1]. Even though Eric suggested
> calling this Linux syscall when building without gnutls [2] I've decided
> to not implement it. Firstly, we build with gnuls everywhere (even
> Windows), secondly I see no appealing reason to special case Linux -
> /dev/urandom is good for both Linux and FreeBSD.
> 
> Once these are merged I'm probably going to send patch set that makes
> gnutls mandatory. I'm tired of all those WITH_GNUTLS if-defs (esp. in
> function arguments). But that is orthogonal to what I'm solving here.
> 
> Also, I'm not quite sure this is a release material, so I'm fine with
> merging this after the release.
> 
> 1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html
> 2: https://www.redhat.com/archives/libvirt-users/2018-May/msg00100.html

I'm not sure if we're getting a CVE assigned for this (if Red Hat 
security gets back to me on that question, and says a CVE is warranted, 
then maybe it still is a candidate for this release).  But if a CVE is 
assigned, the fact that this issue has been public since 2014 means that 
one more broken release added to years of neglect regarding the issue 
won't hurt much.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list