From nobody Mon May 6 07:51:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493159758616796.5629749338701; Tue, 25 Apr 2017 15:35:58 -0700 (PDT) Received: from localhost ([::1]:51684 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d393t-0007iK-9d for importer@patchew.org; Tue, 25 Apr 2017 18:35:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58206) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d38kT-0007s9-QU for qemu-devel@nongnu.org; Tue, 25 Apr 2017 18:15:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d38kP-0001St-Lr for qemu-devel@nongnu.org; Tue, 25 Apr 2017 18:15:53 -0400 Received: from mout.web.de ([212.227.15.14]:65437) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d38kP-0001Rw-AP for qemu-devel@nongnu.org; Tue, 25 Apr 2017 18:15:49 -0400 Received: from DESKTOP-JU125PR.Speedport_W_723V_1_43_000 ([217.94.8.34]) by smtp.web.de (mrweb002 [213.165.67.108]) with ESMTPSA (Nemesis) id 0Md4ZG-1ckv8g3pIo-00IBJk; Wed, 26 Apr 2017 00:15:41 +0200 From: Geert Martin Ijewski To: qemu-devel@nongnu.org Date: Wed, 26 Apr 2017 00:15:01 +0200 Message-Id: <1493158501-22284-1-git-send-email-gm.ijewski@web.de> X-Mailer: git-send-email 1.9.1 X-Provags-ID: V03:K0:u0mIGd7WRxK/KMXnfLtkYpRkUDxJrOrW78Gb3m4152mKEQutFl0 m4q4GxPsSKuP4IIwhBM3/3t3u+YT5EMbeBpBUEVXLl58vUccm/SU3lWz7augzyiubxSW1fM dXBsw0c/tNww0jjSTIDTDQ2Herc923cYB8EOQtTufq8BY0PxpCO3vfMFz3+TBNz3QeOF6QZ qld7epHTg0DHBzRgnpU3g== X-UI-Out-Filterresults: notjunk:1;V01:K0:9PuW6n6UDLw=:TZzrkaUs9fOWtWaAPa1d1H toOKR8GPttj0k8qoIBMnlPCkrYsmyKqXdP1gY3YzbcR12fYOhA22BKDfqYNa/B+hstuJb/uK3 OivrMdZEhtLJrt2UwIaO/YZDRvO9Xopnv99imgparDfzY4tDkxdrQkMG168wXmBoQw3+1Onyt HG5/v4t0hup1xN8k6QPrV5Q8LaVxU9ngIi1mhhzmQCslJY3bUOXzbj1l7c85vBrfZrE3FSx0u 8xpJXA+rAmGgC98+QvoLhcBXgS6ZWj/bQZBbDmNWhoTgPQZT25ELofHV+0QCSaEd9Hgt/nfkG 7XQ143DEEBzYJE7aRuL2yEixU6DgQ1XC8su+EowiLC9XZ3gescfVxvY4dOk87bq9dgNRlKXZK yKvIVMlJCibmgC3KllLk/U8LGYyMHZVHlrJb2m59KNX0vFWn/eQD1116u77Vpa6x/1KrBEpF1 PFlLCoNM9qG1H9CoDntSK0Bpo7lAeZtam5zbuN5J7/DijiylxEjK6KPX8jJy8+IEkf2cQ+1oX g2UJgMui/ug4SHoQ7dKl9oJ/BD0P8e1cxMWwZ2fRWGrPfqUK5bu/hsiy0w9Eg1Kif4DsN3lP/ aoT2JsGox8BxUafuR2Amlz762IiWfFebb+nsp6LEybhTfR2lmFcmrx/TigNYK7XuDZofi3yIo qe/0z1ceIoMA9EqB66pb6GKsg4LUnb141lEKRl4DmDEWuFOOdG8wpydrfvxC+k4k96hgSE2Li Te+ApNbEVy80r6RRJdep3KOrKzTLQxj2V2nusVBQQYmteFu+3e52rb0Qtm0= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.15.14 Subject: [Qemu-devel] [PATCH v5] crypto: qcrypto_random_bytes() now works on windows w/o any other crypto libs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Geert Martin Ijewski Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If no crypto library is included in the build, QEMU uses qcrypto_random_bytes() to generate random data. That function tried to open /dev/urandom or /dev/random and if opening both files failed it errored out. Those files obviously do not exist on windows, so there the code uses CryptGenRandom(). Furthermore there was some refactoring and a new function qcrypto_random_init() was introduced. If a proper crypto library (gnutls or libgcrypt) is included in the build, this function does nothing. If neither is included it initializes the (platform specific) handles that are used by qcrypto_random_bytes(). Either: * a handle to /dev/urandom | /dev/random on unix like systems * a handle to a cryptographic service provider on windows Signed-off-by: Geert Martin Ijewski Reviewed-by: Daniel P. Berrange --- crypto/init.c | 6 ++++++ crypto/random-gcrypt.c | 2 ++ crypto/random-gnutls.c | 3 +++ crypto/random-platform.c | 45 +++++++++++++++++++++++++++++++++++++-------- include/crypto/random.h | 9 +++++++++ 5 files changed, 57 insertions(+), 8 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index f65207e..f131c42 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -32,6 +32,8 @@ #include #endif =20 +#include "crypto/random.h" + /* #define DEBUG_GNUTLS */ =20 /* @@ -146,5 +148,9 @@ int qcrypto_init(Error **errp) gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); #endif =20 + if (qcrypto_random_init(errp) < 0) { + return -1; + } + return 0; } diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c index 0de9a09..9f1c9ee 100644 --- a/crypto/random-gcrypt.c +++ b/crypto/random-gcrypt.c @@ -31,3 +31,5 @@ int qcrypto_random_bytes(uint8_t *buf, gcry_randomize(buf, buflen, GCRY_STRONG_RANDOM); return 0; } + +int qcrypto_random_init(Error **errp G_GNUC_UNUSED) { return 0; } diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c index 04b45a8..5350003 100644 --- a/crypto/random-gnutls.c +++ b/crypto/random-gnutls.c @@ -41,3 +41,6 @@ int qcrypto_random_bytes(uint8_t *buf, =20 return 0; } + + +int qcrypto_random_init(Error **errp G_GNUC_UNUSED) { return 0; } diff --git a/crypto/random-platform.c b/crypto/random-platform.c index 82b755a..0eddb91 100644 --- a/crypto/random-platform.c +++ b/crypto/random-platform.c @@ -22,14 +22,16 @@ =20 #include "crypto/random.h" =20 -int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, - size_t buflen G_GNUC_UNUSED, - Error **errp) -{ - int fd; - int ret =3D -1; - int got; +#ifdef _WIN32 +#include +static HCRYPTPROV hCryptProv; +#else +static int fd; /* a file handle to either /dev/urandom or /dev/random */ +#endif =20 +int qcrypto_random_init(Error **errp) +{ +#ifndef _WIN32 /* TBD perhaps also add support for BSD getentropy / Linux * getrandom syscalls directly */ fd =3D open("/dev/urandom", O_RDONLY); @@ -41,6 +43,25 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, error_setg(errp, "No /dev/urandom or /dev/random found"); return -1; } +#else + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) { + error_setg_win32(errp, GetLastError(), + "Unable to create cryptographic provider"); + return -1; + } +#endif + + return 0; +} + +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, + size_t buflen G_GNUC_UNUSED, + Error **errp) +{ +#ifndef _WIN32 + int ret =3D -1; + int got; =20 while (buflen > 0) { got =3D read(fd, buf, buflen); @@ -59,6 +80,14 @@ int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, =20 ret =3D 0; cleanup: - close(fd); return ret; +#else + if (!CryptGenRandom(hCryptProv, buflen, buf)) { + error_setg_win32(errp, GetLastError(), + "Unable to read random bytes"); + return -1; + } + + return 0; +#endif } diff --git a/include/crypto/random.h b/include/crypto/random.h index a101353..a07229c 100644 --- a/include/crypto/random.h +++ b/include/crypto/random.h @@ -40,5 +40,14 @@ int qcrypto_random_bytes(uint8_t *buf, size_t buflen, Error **errp); =20 +/** + * qcrypto_random_init: + * @errp: pointer to a NULL-initialized error object + * + * Initializes the handles used by qcrypto_random_bytes + * + * Returns 0 on success, -1 on error + */ +int qcrypto_random_init(Error **errp); =20 #endif /* QCRYPTO_RANDOM_H */ --=20 2.10.1.windows.1