From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582318308862.926024961777; Tue, 29 May 2018 01:25:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A525E30C7458; Tue, 29 May 2018 08:25:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 165A91001918; Tue, 29 May 2018 08:25:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 715614CA82; Tue, 29 May 2018 08:25:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PC8Z005759 for ; Tue, 29 May 2018 04:25:12 -0400 Received: by smtp.corp.redhat.com (Postfix) id 63276422BA; Tue, 29 May 2018 08:25:12 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id DA06763F7E; Tue, 29 May 2018 08:25:11 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:37 +0200 Message-Id: <0ce0ff54d9cf72e76878e3fad46285e2d8d47d64.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 01/10] virRandomBytes: Fix return value X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 29 May 2018 08:25:16 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In libvirt when a function wants to return an error code it should be a negative value. Returning a positive value (or zero) means success. But virRandomBytes() does not follow this rule. Signed-off-by: Michal Privoznik Reviewed-by: Eric Blake --- src/util/vircrypto.c | 4 ++-- src/util/virrandom.c | 6 +++--- src/util/viruuid.c | 4 ++-- tests/vircryptotest.c | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index bbc2a01f22..4079013d6d 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -346,8 +346,8 @@ virCryptoGenerateRandom(size_t nbytes) /* If we don't have gnutls_rnd(), we will generate a less cryptographi= cally * strong master buf from /dev/urandom. */ - if ((ret =3D virRandomBytes(buf, nbytes))) { - virReportSystemError(ret, "%s", _("failed to generate byte stream"= )); + if ((ret =3D virRandomBytes(buf, nbytes)) < 0) { + virReportSystemError(-ret, "%s", _("failed to generate byte stream= ")); VIR_FREE(buf); return NULL; } diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 41daa404b2..9597640840 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -168,7 +168,7 @@ uint32_t virRandomInt(uint32_t max) * Generate a stream of random bytes from /dev/urandom * into @buf of size @buflen * - * Returns 0 on success or an errno on failure + * Returns 0 on success or an -errno on failure */ int virRandomBytes(unsigned char *buf, @@ -177,7 +177,7 @@ virRandomBytes(unsigned char *buf, int fd; =20 if ((fd =3D open("/dev/urandom", O_RDONLY)) < 0) - return errno; + return -errno; =20 while (buflen > 0) { ssize_t n; @@ -186,7 +186,7 @@ virRandomBytes(unsigned char *buf, if (errno =3D=3D EINTR) continue; VIR_FORCE_CLOSE(fd); - return n < 0 ? errno : ENODATA; + return n < 0 ? -errno : -ENODATA; } =20 buf +=3D n; diff --git a/src/util/viruuid.c b/src/util/viruuid.c index 3cbaae0b85..61877aeba4 100644 --- a/src/util/viruuid.c +++ b/src/util/viruuid.c @@ -76,11 +76,11 @@ virUUIDGenerate(unsigned char *uuid) if (uuid =3D=3D NULL) return -1; =20 - if ((err =3D virRandomBytes(uuid, VIR_UUID_BUFLEN))) { + if ((err =3D virRandomBytes(uuid, VIR_UUID_BUFLEN)) < 0) { char ebuf[1024]; VIR_WARN("Falling back to pseudorandom UUID," " failed to generate random bytes: %s", - virStrerror(err, ebuf, sizeof(ebuf))); + virStrerror(-err, ebuf, sizeof(ebuf))); err =3D virUUIDGeneratePseudoRandomBytes(uuid, VIR_UUID_BUFLEN); } =20 diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c index d9ffc6f34c..b6313e73ad 100644 --- a/tests/vircryptotest.c +++ b/tests/vircryptotest.c @@ -88,8 +88,8 @@ testCryptoEncrypt(const void *opaque) VIR_ALLOC_N(iv, ivlen) < 0) goto cleanup; =20 - if (virRandomBytes(enckey, enckeylen) || - virRandomBytes(iv, ivlen)) { + if (virRandomBytes(enckey, enckeylen) < 0 || + virRandomBytes(iv, ivlen) < 0) { fprintf(stderr, "Failed to generate random bytes\n"); goto cleanup; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582326572455.17465040245156; Tue, 29 May 2018 01:25:26 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 39CF430CE82D; Tue, 29 May 2018 08:25:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 04121608F6; Tue, 29 May 2018 08:25:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 94127180BA80; Tue, 29 May 2018 08:25:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PD7P005764 for ; Tue, 29 May 2018 04:25:13 -0400 Received: by smtp.corp.redhat.com (Postfix) id 22EF563F58; Tue, 29 May 2018 08:25:13 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9D98B63536; Tue, 29 May 2018 08:25:12 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:38 +0200 Message-Id: <803dd3a3a3b9bb2d29eb897cd1024182a5209103.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 02/10] virCryptoGenerateRandom: rename ret X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Tue, 29 May 2018 08:25:25 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This function allocates a buffer, fills it in with random bytes and then returns it. However, the buffer is held in @buf variable, therefore having @ret variable which does not hold return value of the function is misleading. Signed-off-by: Michal Privoznik Reviewed-by: Eric Blake --- src/util/vircrypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 4079013d6d..930fa3b215 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -329,16 +329,16 @@ uint8_t * virCryptoGenerateRandom(size_t nbytes) { uint8_t *buf; - int ret; + int rv; =20 if (VIR_ALLOC_N(buf, nbytes) < 0) return NULL; =20 #if WITH_GNUTLS /* Generate the byte stream using gnutls_rnd() if possible */ - if ((ret =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) { + if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("failed to generate byte stream, ret=3D%d"), ret); + _("failed to generate byte stream, rv=3D%d"), rv); VIR_FREE(buf); return NULL; } @@ -346,8 +346,8 @@ virCryptoGenerateRandom(size_t nbytes) /* If we don't have gnutls_rnd(), we will generate a less cryptographi= cally * strong master buf from /dev/urandom. */ - if ((ret =3D virRandomBytes(buf, nbytes)) < 0) { - virReportSystemError(-ret, "%s", _("failed to generate byte stream= ")); + if ((rv =3D virRandomBytes(buf, nbytes)) < 0) { + virReportSystemError(-rv, "%s", _("failed to generate byte stream"= )); VIR_FREE(buf); return NULL; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15275823272221009.658615131624; Tue, 29 May 2018 01:25:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 014805A1C7; Tue, 29 May 2018 08:25:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C31D72010CA0; Tue, 29 May 2018 08:25:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 794BB4CA84; Tue, 29 May 2018 08:25:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PEhG005772 for ; Tue, 29 May 2018 04:25:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id D702163F58; Tue, 29 May 2018 08:25:13 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5DD74422BA; Tue, 29 May 2018 08:25:13 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:39 +0200 Message-Id: <224003dd6234cfd21be375193d6ff71beffe6bcb.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 03/10] virCryptoGenerateRandom: Explain gnults error X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 29 May 2018 08:25:25 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When generating random stream using gnults fails an error is reported. However, the error is not helpful as it contains only an integer error code (a negative number). Use gnutls_strerror() to turn the error code into a string explaining what went wrong. Signed-off-by: Michal Privoznik --- src/util/vircrypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 930fa3b215..9879c31555 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -323,7 +323,8 @@ virCryptoEncryptData(virCryptoCipher algorithm, * Since the gnutls_rnd could be missing, provide an alternate less * secure mechanism to at least have something. * - * Returns pointer memory containing byte stream on success, NULL on failu= re + * Returns pointer memory containing byte stream on success, + * NULL on failure (with error reported) */ uint8_t * virCryptoGenerateRandom(size_t nbytes) @@ -338,7 +339,8 @@ virCryptoGenerateRandom(size_t nbytes) /* Generate the byte stream using gnutls_rnd() if possible */ if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("failed to generate byte stream, rv=3D%d"), rv); + _("failed to generate byte stream: %s"), + gnutls_strerror(rv)); VIR_FREE(buf); return NULL; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582333869220.7294406579199; Tue, 29 May 2018 01:25:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C39F8C0CDE10; Tue, 29 May 2018 08:25:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8AE492010CA4; Tue, 29 May 2018 08:25:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 31CA04BB78; Tue, 29 May 2018 08:25:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PFL8005778 for ; Tue, 29 May 2018 04:25:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9710863F5C; Tue, 29 May 2018 08:25:14 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1D0EE422BA; Tue, 29 May 2018 08:25:13 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:40 +0200 Message-Id: <999e700c112c9009379fc3aab7cb01ba379d4332.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 04/10] virCryptoGenerateRandom: Don't allocate return buffer X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 29 May 2018 08:25:32 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" To unify our vir*Random() functions we need to make virCryptoGenerateRandom NOT allocate return buffer. It should just fill given buffer with random data. Signed-off-by: Michal Privoznik --- src/qemu/qemu_domain.c | 12 ++++++++---- src/util/vircrypto.c | 29 ++++++++++++----------------- src/util/vircrypto.h | 3 ++- tests/qemuxml2argvmock.c | 14 ++++---------- 4 files changed, 26 insertions(+), 32 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 47910acb83..2d13a03344 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -930,12 +930,13 @@ qemuDomainMasterKeyCreate(virDomainObjPtr vm) if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET)) return 0; =20 - if (!(priv->masterKey =3D - virCryptoGenerateRandom(QEMU_DOMAIN_MASTER_KEY_LEN))) + if (VIR_ALLOC_N(priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN) < 0) return -1; - priv->masterKeyLen =3D QEMU_DOMAIN_MASTER_KEY_LEN; =20 + if (virCryptoGenerateRandom(priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LE= N) < 0) + return -1; + return 0; } =20 @@ -1214,8 +1215,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr pri= v, if (!(secinfo->s.aes.alias =3D qemuDomainGetSecretAESAlias(srcalias, i= sLuks))) goto cleanup; =20 + if (VIR_ALLOC_N(raw_iv, ivlen) < 0) + goto cleanup; + /* Create a random initialization vector */ - if (!(raw_iv =3D virCryptoGenerateRandom(ivlen))) + if (virCryptoGenerateRandom(raw_iv, ivlen) < 0) goto cleanup; =20 /* Encode the IV and save that since qemu will need it */ diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 9879c31555..673e1648e8 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -316,44 +316,39 @@ virCryptoEncryptData(virCryptoCipher algorithm, #endif =20 /* virCryptoGenerateRandom: - * @nbytes: Size in bytes of random byte stream to generate + * @buf: Pointer to location to store bytes + * @buflen: Number of bytes to store * - * Generate a random stream of nbytes length and return it. + * Generate a random stream of @buflen length and store it into @buf. * * Since the gnutls_rnd could be missing, provide an alternate less * secure mechanism to at least have something. * - * Returns pointer memory containing byte stream on success, - * NULL on failure (with error reported) + * Returns 0 on success or -1 on failure (with error reported) */ -uint8_t * -virCryptoGenerateRandom(size_t nbytes) +int +virCryptoGenerateRandom(unsigned char *buf, + size_t buflen) { - uint8_t *buf; int rv; =20 - if (VIR_ALLOC_N(buf, nbytes) < 0) - return NULL; - #if WITH_GNUTLS /* Generate the byte stream using gnutls_rnd() if possible */ - if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) { + if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to generate byte stream: %s"), gnutls_strerror(rv)); - VIR_FREE(buf); - return NULL; + return -1; } #else /* If we don't have gnutls_rnd(), we will generate a less cryptographi= cally * strong master buf from /dev/urandom. */ - if ((rv =3D virRandomBytes(buf, nbytes)) < 0) { + if ((rv =3D virRandomBytes(buf, buflen)) < 0) { virReportSystemError(-rv, "%s", _("failed to generate byte stream"= )); - VIR_FREE(buf); - return NULL; + return -1; } #endif =20 - return buf; + return 0; } diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 9b5dada53d..649ceff1a1 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -65,6 +65,7 @@ int virCryptoEncryptData(virCryptoCipher algorithm, ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) ATTRIBUTE_RETURN_CHECK; =20 -uint8_t *virCryptoGenerateRandom(size_t nbytes) ATTRIBUTE_NOINLINE; +int virCryptoGenerateRandom(unsigned char *buf, + size_t buflen) ATTRIBUTE_NOINLINE; =20 #endif /* __VIR_CRYPTO_H__ */ diff --git a/tests/qemuxml2argvmock.c b/tests/qemuxml2argvmock.c index 6d78063f00..44b6504de9 100644 --- a/tests/qemuxml2argvmock.c +++ b/tests/qemuxml2argvmock.c @@ -190,17 +190,11 @@ virCommandPassFD(virCommandPtr cmd ATTRIBUTE_UNUSED, /* nada */ } =20 -uint8_t * -virCryptoGenerateRandom(size_t nbytes) +int +virCryptoGenerateRandom(unsigned char *buf, + size_t buflen) { - uint8_t *buf; - - if (VIR_ALLOC_N(buf, nbytes) < 0) - return NULL; - - ignore_value(virRandomBytes(buf, nbytes)); - - return buf; + return virRandomBytes(buf, buflen); } =20 int --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152758233264189.00531493996743; Tue, 29 May 2018 01:25:32 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AD40C30C3A16; Tue, 29 May 2018 08:25:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 65531A0A98; Tue, 29 May 2018 08:25:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 109E74CA84; Tue, 29 May 2018 08:25:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PFSS005787 for ; Tue, 29 May 2018 04:25:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5B48263536; Tue, 29 May 2018 08:25:15 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id D2C7764002; Tue, 29 May 2018 08:25:14 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:41 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 05/10] virRandomBytes: Prefer saferead over plain read X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 29 May 2018 08:25:31 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Michal Privoznik --- src/util/virrandom.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 9597640840..ea55fe654d 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -182,9 +182,7 @@ virRandomBytes(unsigned char *buf, while (buflen > 0) { ssize_t n; =20 - if ((n =3D read(fd, buf, buflen)) <=3D 0) { - if (errno =3D=3D EINTR) - continue; + if ((n =3D saferead(fd, buf, buflen)) <=3D 0) { VIR_FORCE_CLOSE(fd); return n < 0 ? -errno : -ENODATA; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582337694853.6863791705855; Tue, 29 May 2018 01:25:37 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C09FC0D265D; Tue, 29 May 2018 08:25:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1612E1BBC4; Tue, 29 May 2018 08:25:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B23A74CA89; Tue, 29 May 2018 08:25:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PG9L005794 for ; Tue, 29 May 2018 04:25:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 17475422BA; Tue, 29 May 2018 08:25:16 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 92A3464002; Tue, 29 May 2018 08:25:15 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:42 +0200 Message-Id: <0d96fdb2bd21d374c24a4cb057ed9e4b01c2c9d9.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 06/10] virRandomBytes: Report error X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 29 May 2018 08:25:36 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Instead of having each caller report error move it into the function. This way we can produce more accurate error messages too. Signed-off-by: Michal Privoznik --- src/util/vircrypto.c | 6 ++---- src/util/virrandom.c | 18 +++++++++++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 673e1648e8..e5f2319720 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -330,9 +330,9 @@ int virCryptoGenerateRandom(unsigned char *buf, size_t buflen) { +#if WITH_GNUTLS int rv; =20 -#if WITH_GNUTLS /* Generate the byte stream using gnutls_rnd() if possible */ if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -344,10 +344,8 @@ virCryptoGenerateRandom(unsigned char *buf, /* If we don't have gnutls_rnd(), we will generate a less cryptographi= cally * strong master buf from /dev/urandom. */ - if ((rv =3D virRandomBytes(buf, buflen)) < 0) { - virReportSystemError(-rv, "%s", _("failed to generate byte stream"= )); + if (virRandomBytes(buf, buflen) < 0) return -1; - } #endif =20 return 0; diff --git a/src/util/virrandom.c b/src/util/virrandom.c index ea55fe654d..230745d311 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -43,6 +43,8 @@ =20 VIR_LOG_INIT("util.random"); =20 +#define RANDOM_SOURCE "/dev/urandom" + /* The algorithm of virRandomBits relies on gnulib's guarantee that * 'random_r' matches the POSIX requirements on 'random' of being * evenly distributed among exactly [0, 2**31) (that is, we always get @@ -107,7 +109,6 @@ uint64_t virRandomBits(int nbits) if (virRandomInitialize() < 0) { /* You're already hosed, so this particular non-random value * isn't any worse. */ - VIR_WARN("random number generation is broken"); return 0; } =20 @@ -165,10 +166,10 @@ uint32_t virRandomInt(uint32_t max) * @buf: Pointer to location to store bytes * @buflen: Number of bytes to store * - * Generate a stream of random bytes from /dev/urandom + * Generate a stream of random bytes from RANDOM_SOURCE * into @buf of size @buflen * - * Returns 0 on success or an -errno on failure + * Returns 0 on success or -1 (with error reported) */ int virRandomBytes(unsigned char *buf, @@ -176,13 +177,20 @@ virRandomBytes(unsigned char *buf, { int fd; =20 - if ((fd =3D open("/dev/urandom", O_RDONLY)) < 0) - return -errno; + if ((fd =3D open(RANDOM_SOURCE, O_RDONLY)) < 0) { + virReportSystemError(errno, + _("unable to open %s"), + RANDOM_SOURCE); + return -1; + } =20 while (buflen > 0) { ssize_t n; =20 if ((n =3D saferead(fd, buf, buflen)) <=3D 0) { + virReportSystemError(errno, + _("unable to read from %s"), + RANDOM_SOURCE); VIR_FORCE_CLOSE(fd); return n < 0 ? -errno : -ENODATA; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582339002481.9295727529869; Tue, 29 May 2018 01:25:39 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7DE4381DE3; Tue, 29 May 2018 08:25:37 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4E09BA0A98; Tue, 29 May 2018 08:25:37 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EEC821800C9C; Tue, 29 May 2018 08:25:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PGte005799 for ; Tue, 29 May 2018 04:25:17 -0400 Received: by smtp.corp.redhat.com (Postfix) id CDC0463F58; Tue, 29 May 2018 08:25:16 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51E4A63536; Tue, 29 May 2018 08:25:16 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:43 +0200 Message-Id: <7908157d5d022ea297d651e3dab58fe731ca21d8.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 07/10] virRandomBytes: Use gnutls_rnd whenever possible X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 29 May 2018 08:25:38 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" While /dev/urandom is not terrible source of random data gnutls_rnd is better. Prefer that one. Also, since nearly every platform we build on already has gnutls (if not all of them) this is going to be used by default. Signed-off-by: Michal Privoznik --- src/util/vircrypto.c | 20 +------------------- src/util/virrandom.c | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index e5f2319720..3f3ba0267a 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -330,23 +330,5 @@ int virCryptoGenerateRandom(unsigned char *buf, size_t buflen) { -#if WITH_GNUTLS - int rv; - - /* Generate the byte stream using gnutls_rnd() if possible */ - if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("failed to generate byte stream: %s"), - gnutls_strerror(rv)); - return -1; - } -#else - /* If we don't have gnutls_rnd(), we will generate a less cryptographi= cally - * strong master buf from /dev/urandom. - */ - if (virRandomBytes(buf, buflen) < 0) - return -1; -#endif - - return 0; + return virRandomBytes(buf, buflen); } diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 230745d311..444b0f9802 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -29,6 +29,10 @@ #include #include #include +#ifdef WITH_GNUTLS +# include +# include +#endif =20 #include "virrandom.h" #include "virthread.h" @@ -175,6 +179,19 @@ int virRandomBytes(unsigned char *buf, size_t buflen) { +#if WITH_GNUTLS + int rv; + + /* Generate the byte stream using gnutls_rnd() if possible */ + if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to generate byte stream: %s"), + gnutls_strerror(rv)); + return -1; + } + +#else /* !WITH_GNUTLS */ + int fd; =20 if ((fd =3D open(RANDOM_SOURCE, O_RDONLY)) < 0) { @@ -200,6 +217,7 @@ virRandomBytes(unsigned char *buf, } =20 VIR_FORCE_CLOSE(fd); +#endif /* !WITH_GNUTLS */ =20 return 0; } --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582342161234.57107964062936; Tue, 29 May 2018 01:25:42 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1D3C30D10F7; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 842FD30A6A8E; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2508C1800FD6; Tue, 29 May 2018 08:25:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PIet005803 for ; Tue, 29 May 2018 04:25:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8D58463536; Tue, 29 May 2018 08:25:17 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1428C63F7E; Tue, 29 May 2018 08:25:16 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:44 +0200 Message-Id: <843dc484513e94d390e844b0737ed07bc3b6487e.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 08/10] virrandom: Make virRandomBits better X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 29 May 2018 08:25:41 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that we have strong PRNG generator implemented in virRandomBytes() let's use that instead of gnulib's random_r. Problem with the latter is in way we seed it: current UNIX time and libvirtd's PID are not that random as one might think. Imagine two hosts booting at the same time. There's a fair chance that those hosts spawn libvirtds at the same time and with the same PID. This will result in both daemons generating the same sequence of say MAC addresses [1]. 1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html Signed-off-by: Michal Privoznik --- src/util/virrandom.c | 63 ++----------------------------------------------= ---- 1 file changed, 2 insertions(+), 61 deletions(-) diff --git a/src/util/virrandom.c b/src/util/virrandom.c index 444b0f9802..01cc82a052 100644 --- a/src/util/virrandom.c +++ b/src/util/virrandom.c @@ -49,53 +49,6 @@ VIR_LOG_INIT("util.random"); =20 #define RANDOM_SOURCE "/dev/urandom" =20 -/* The algorithm of virRandomBits relies on gnulib's guarantee that - * 'random_r' matches the POSIX requirements on 'random' of being - * evenly distributed among exactly [0, 2**31) (that is, we always get - * exactly 31 bits). While this happens to be the value of RAND_MAX - * on glibc, note that POSIX only requires RAND_MAX to be tied to the - * weaker 'rand', so there are platforms where RAND_MAX is smaller - * than the range of 'random_r'. For the results to be evenly - * distributed among up to 64 bits, we also rely on the period of - * 'random_r' to be at least 2**64, which POSIX only guarantees for - * 'random' if you use 256 bytes of state. */ -enum { - RANDOM_BITS_PER_ITER =3D 31, - RANDOM_BITS_MASK =3D (1U << RANDOM_BITS_PER_ITER) - 1, - RANDOM_STATE_SIZE =3D 256, -}; - -static char randomState[RANDOM_STATE_SIZE]; -static struct random_data randomData; -static virMutex randomLock =3D VIR_MUTEX_INITIALIZER; - - -static int -virRandomOnceInit(void) -{ - unsigned int seed =3D time(NULL) ^ getpid(); - -#if 0 - /* Normally we want a decent seed. But if reproducible debugging - * of a fixed pseudo-random sequence is ever required, uncomment - * this block to let an environment variable force the seed. */ - const char *debug =3D virGetEnvBlockSUID("VIR_DEBUG_RANDOM_SEED"); - - if (debug && virStrToLong_ui(debug, NULL, 0, &seed) < 0) - return -1; -#endif - - if (initstate_r(seed, - randomState, - sizeof(randomState), - &randomData) < 0) - return -1; - - return 0; -} - -VIR_ONCE_GLOBAL_INIT(virRandom) - /** * virRandomBits: * @nbits: Number of bits of randommess required @@ -108,26 +61,14 @@ VIR_ONCE_GLOBAL_INIT(virRandom) uint64_t virRandomBits(int nbits) { uint64_t ret =3D 0; - int32_t bits; =20 - if (virRandomInitialize() < 0) { + if (virRandomBytes((unsigned char *) &ret, sizeof(ret)) < 0) { /* You're already hosed, so this particular non-random value * isn't any worse. */ return 0; } =20 - virMutexLock(&randomLock); - - while (nbits > RANDOM_BITS_PER_ITER) { - random_r(&randomData, &bits); - ret =3D (ret << RANDOM_BITS_PER_ITER) | (bits & RANDOM_BITS_MASK); - nbits -=3D RANDOM_BITS_PER_ITER; - } - - random_r(&randomData, &bits); - ret =3D (ret << nbits) | (bits & ((1 << nbits) - 1)); - - virMutexUnlock(&randomLock); + ret &=3D (1U << nbits) - 1; return ret; } =20 --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582343572181.7445466770331; Tue, 29 May 2018 01:25:43 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 36E1CC081F49; Tue, 29 May 2018 08:25:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F35AE608F6; Tue, 29 May 2018 08:25:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A741B1800FED; Tue, 29 May 2018 08:25:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PInH005804 for ; Tue, 29 May 2018 04:25:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4CCBE63F6A; Tue, 29 May 2018 08:25:18 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id C7DB463F53; Tue, 29 May 2018 08:25:17 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:45 +0200 Message-Id: <029f656de7228ec02f147fc060e50be917ce9e60.1527581861.git.mprivozn@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 09/10] virUUIDGenerate don't fall back to virRandomBits X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 29 May 2018 08:25:42 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If virRandomBytes() fails there is no point calling virRandomBits() because it uses virRandomBytes() internally again. Signed-off-by: Michal Privoznik --- src/util/viruuid.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/src/util/viruuid.c b/src/util/viruuid.c index 61877aeba4..f588a62ec6 100644 --- a/src/util/viruuid.c +++ b/src/util/viruuid.c @@ -48,18 +48,6 @@ VIR_LOG_INIT("util.uuid"); =20 static unsigned char host_uuid[VIR_UUID_BUFLEN]; =20 -static int -virUUIDGeneratePseudoRandomBytes(unsigned char *buf, - int buflen) -{ - while (buflen > 0) { - *buf++ =3D virRandomBits(8); - buflen--; - } - - return 0; -} - /** * virUUIDGenerate: * @uuid: array of VIR_UUID_BUFLEN bytes to store the new UUID @@ -71,18 +59,11 @@ virUUIDGeneratePseudoRandomBytes(unsigned char *buf, int virUUIDGenerate(unsigned char *uuid) { - int err; - if (uuid =3D=3D NULL) return -1; =20 - if ((err =3D virRandomBytes(uuid, VIR_UUID_BUFLEN)) < 0) { - char ebuf[1024]; - VIR_WARN("Falling back to pseudorandom UUID," - " failed to generate random bytes: %s", - virStrerror(-err, ebuf, sizeof(ebuf))); - err =3D virUUIDGeneratePseudoRandomBytes(uuid, VIR_UUID_BUFLEN); - } + if (virRandomBytes(uuid, VIR_UUID_BUFLEN) < 0) + return -1; =20 /* * Make UUID RFC 4122 compliant. Following form will be used: @@ -103,7 +84,7 @@ virUUIDGenerate(unsigned char *uuid) uuid[6] =3D (uuid[6] & 0x0F) | (4 << 4); uuid[8] =3D (uuid[8] & 0x3F) | (2 << 6); =20 - return err; + return 0; } =20 /** --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 13:51:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527582328105929.9291478064699; Tue, 29 May 2018 01:25:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9E6BA30D2575; Tue, 29 May 2018 08:25:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 66A06A0A7E; Tue, 29 May 2018 08:25:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 032BF1800FC2; Tue, 29 May 2018 08:25:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4T8PJBt005814 for ; Tue, 29 May 2018 04:25:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0D16963F5C; Tue, 29 May 2018 08:25:19 +0000 (UTC) Received: from moe.brq.redhat.com (unknown [10.43.2.192]) by smtp.corp.redhat.com (Postfix) with ESMTP id 872FC422BA; Tue, 29 May 2018 08:25:18 +0000 (UTC) From: Michal Privoznik To: libvir-list@redhat.com Date: Tue, 29 May 2018 10:24:46 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 10/10] vircrypto: Drop virCryptoGenerateRandom X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Tue, 29 May 2018 08:25:27 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that virCryptoGenerateRandom() is plain wrapper over virRandomBytes() we can drop it in favour of the latter. Signed-off-by: Michal Privoznik --- src/libvirt_private.syms | 1 - src/qemu/qemu_domain.c | 5 +++-- src/util/vircrypto.c | 18 ------------------ src/util/vircrypto.h | 3 --- tests/qemuxml2argvmock.c | 7 ------- 5 files changed, 3 insertions(+), 31 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8d381ee11b..18c0c3e954 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1649,7 +1649,6 @@ virConfWriteMem; =20 # util/vircrypto.h virCryptoEncryptData; -virCryptoGenerateRandom; virCryptoHashBuf; virCryptoHashString; virCryptoHaveCipher; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 2d13a03344..e49398432f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -51,6 +51,7 @@ #include "viratomic.h" #include "virprocess.h" #include "vircrypto.h" +#include "virrandom.h" #include "virsystemd.h" #include "secret_util.h" #include "logging/log_manager.h" @@ -934,7 +935,7 @@ qemuDomainMasterKeyCreate(virDomainObjPtr vm) return -1; priv->masterKeyLen =3D QEMU_DOMAIN_MASTER_KEY_LEN; =20 - if (virCryptoGenerateRandom(priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LE= N) < 0) + if (virRandomBytes(priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN) < 0) return -1; =20 return 0; @@ -1219,7 +1220,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, goto cleanup; =20 /* Create a random initialization vector */ - if (virCryptoGenerateRandom(raw_iv, ivlen) < 0) + if (virRandomBytes(raw_iv, ivlen) < 0) goto cleanup; =20 /* Encode the IV and save that since qemu will need it */ diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 3f3ba0267a..d734ce6ad7 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -314,21 +314,3 @@ virCryptoEncryptData(virCryptoCipher algorithm, return -1; } #endif - -/* virCryptoGenerateRandom: - * @buf: Pointer to location to store bytes - * @buflen: Number of bytes to store - * - * Generate a random stream of @buflen length and store it into @buf. - * - * Since the gnutls_rnd could be missing, provide an alternate less - * secure mechanism to at least have something. - * - * Returns 0 on success or -1 on failure (with error reported) - */ -int -virCryptoGenerateRandom(unsigned char *buf, - size_t buflen) -{ - return virRandomBytes(buf, buflen); -} diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 649ceff1a1..e3c70d7d9a 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -65,7 +65,4 @@ int virCryptoEncryptData(virCryptoCipher algorithm, ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) ATTRIBUTE_RETURN_CHECK; =20 -int virCryptoGenerateRandom(unsigned char *buf, - size_t buflen) ATTRIBUTE_NOINLINE; - #endif /* __VIR_CRYPTO_H__ */ diff --git a/tests/qemuxml2argvmock.c b/tests/qemuxml2argvmock.c index 44b6504de9..a4de7f0c46 100644 --- a/tests/qemuxml2argvmock.c +++ b/tests/qemuxml2argvmock.c @@ -190,13 +190,6 @@ virCommandPassFD(virCommandPtr cmd ATTRIBUTE_UNUSED, /* nada */ } =20 -int -virCryptoGenerateRandom(unsigned char *buf, - size_t buflen) -{ - return virRandomBytes(buf, buflen); -} - int virNetDevOpenvswitchGetVhostuserIfname(const char *path ATTRIBUTE_UNUSED, char **ifname) --=20 2.16.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list