crypto: add "none" random provider · jcs.org/qemu@b767d25

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

crypto: add "none" random provider

In case of not using random-number needing feature, it makes sense to
skip RNG init too. This is especially helpful when QEMU is sandboxed in
Stubdomain under Xen, where there is very little entropy so initial
getrandom() call delays the startup several seconds. In that setup, no
random bytes are needed at all.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

authored by

Marek Marczykowski-Górecki and committed by

Daniel P. Berrangé 5 years ago b767d257 7d3660e7

+51 -1

3 changed files

expand all

configure

crypto

Makefile.objs

random-none.c

+11

configure

··· 509 509 default_devices="yes" 510 510 plugins="no" 511 511 fuzzing="no" 512 + rng_none="no" 512 513 513 514 supported_cpu="no" 514 515 supported_os="no" ··· 1601 1602 ;; 1602 1603 --gdb=*) gdb_bin="$optarg" 1603 1604 ;; 1605 + --enable-rng-none) rng_none=yes 1606 + ;; 1607 + --disable-rng-none) rng_none=no 1608 + ;; 1604 1609 *) 1605 1610 echo "ERROR: unknown option $opt" 1606 1611 echo "Try '$0 --help' for more information" ··· 1898 1903 debug-mutex mutex debugging support 1899 1904 libpmem libpmem support 1900 1905 xkbcommon xkbcommon support 1906 + rng-none dummy RNG, avoid using /dev/(u)random and getrandom() 1901 1907 1902 1908 NOTE: The object files are built at the place where configure is launched 1903 1909 EOF ··· 6767 6773 echo "plugin support $plugins" 6768 6774 echo "fuzzing support $fuzzing" 6769 6775 echo "gdb $gdb_bin" 6776 + echo "rng-none $rng_none" 6770 6777 6771 6778 if test "$supported_cpu" = "no"; then 6772 6779 echo ··· 7742 7749 7743 7750 if test "$edk2_blobs" = "yes" ; then 7744 7751 echo "DECOMPRESS_EDK2_BLOBS=y" >> $config_host_mak 7752 + fi 7753 + 7754 + if test "$rng_none" = "yes"; then 7755 + echo "CONFIG_RNG_NONE=y" >> $config_host_mak 7745 7756 fi 7746 7757 7747 7758 # use included Linux headers

+2 -1

crypto/Makefile.objs

··· 35 35 36 36 util-obj-$(CONFIG_GCRYPT) += random-gcrypt.o 37 37 util-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o 38 - util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o 38 + util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(CONFIG_RNG_NONE))) += random-none.o 39 + util-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,$(if $(CONFIG_RNG_NONE),n,y))) += random-platform.o 39 40 util-obj-y += aes.o init.o

+38

crypto/random-none.c

··· 1 + /* 2 + * QEMU Crypto "none" random number provider 3 + * 4 + * Copyright (c) 2020 Marek Marczykowski-Górecki 5 + * <marmarek@invisiblethingslab.com> 6 + * 7 + * This library is free software; you can redistribute it and/or 8 + * modify it under the terms of the GNU Lesser General Public 9 + * License as published by the Free Software Foundation; either 10 + * version 2.1 of the License, or (at your option) any later version. 11 + * 12 + * This library is distributed in the hope that it will be useful, 13 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 + * Lesser General Public License for more details. 16 + * 17 + * You should have received a copy of the GNU Lesser General Public 18 + * License along with this library; if not, see <http://www.gnu.org/licenses/>. 19 + * 20 + */ 21 + 22 + #include "qemu/osdep.h" 23 + 24 + #include "crypto/random.h" 25 + #include "qapi/error.h" 26 + 27 + int qcrypto_random_init(Error **errp) 28 + { 29 + return 0; 30 + } 31 + 32 + int qcrypto_random_bytes(void *buf, 33 + size_t buflen, 34 + Error **errp) 35 + { 36 + error_setg(errp, "Random bytes not available with \"none\" rng"); 37 + return -1; 38 + }