From nobody Thu May 15 07:23:20 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527582339002481.9295727529869;
 Tue, 29 May 2018 01:25:39 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7DE4381DE3;
	Tue, 29 May 2018 08:25:37 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4E09BA0A98;
	Tue, 29 May 2018 08:25:37 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EEC821800C9C;
	Tue, 29 May 2018 08:25:36 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4T8PGte005799 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 29 May 2018 04:25:17 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id CDC0463F58; Tue, 29 May 2018 08:25:16 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 51E4A63536;
	Tue, 29 May 2018 08:25:16 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 29 May 2018 10:24:43 +0200
Message-Id: 
 <7908157d5d022ea297d651e3dab58fe731ca21d8.1527581861.git.mprivozn@redhat.com>
In-Reply-To: <cover.1527581861.git.mprivozn@redhat.com>
References: <cover.1527581861.git.mprivozn@redhat.com>
In-Reply-To: <cover.1527581861.git.mprivozn@redhat.com>
References: <cover.1527581861.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 07/10] virRandomBytes: Use gnutls_rnd whenever
	possible
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Tue, 29 May 2018 08:25:38 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

While /dev/urandom is not terrible source of random data
gnutls_rnd is better. Prefer that one.

Also, since nearly every platform we build on already has gnutls
(if not all of them) this is going to be used by default.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/util/vircrypto.c | 20 +-------------------
 src/util/virrandom.c | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index e5f2319720..3f3ba0267a 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -330,23 +330,5 @@ int
 virCryptoGenerateRandom(unsigned char *buf,
                         size_t buflen)
 {
-#if WITH_GNUTLS
-    int rv;
-
-    /* Generate the byte stream using gnutls_rnd() if possible */
-    if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("failed to generate byte stream: %s"),
-                       gnutls_strerror(rv));
-        return -1;
-    }
-#else
-    /* If we don't have gnutls_rnd(), we will generate a less cryptographi=
cally
-     * strong master buf from /dev/urandom.
-     */
-    if (virRandomBytes(buf, buflen) < 0)
-        return -1;
-#endif
-
-    return 0;
+    return virRandomBytes(buf, buflen);
 }
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 230745d311..444b0f9802 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -29,6 +29,10 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef WITH_GNUTLS
+# include <gnutls/gnutls.h>
+# include <gnutls/crypto.h>
+#endif
=20
 #include "virrandom.h"
 #include "virthread.h"
@@ -175,6 +179,19 @@ int
 virRandomBytes(unsigned char *buf,
                size_t buflen)
 {
+#if WITH_GNUTLS
+    int rv;
+
+    /* Generate the byte stream using gnutls_rnd() if possible */
+    if ((rv =3D gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to generate byte stream: %s"),
+                       gnutls_strerror(rv));
+        return -1;
+    }
+
+#else /* !WITH_GNUTLS */
+
     int fd;
=20
     if ((fd =3D open(RANDOM_SOURCE, O_RDONLY)) < 0) {
@@ -200,6 +217,7 @@ virRandomBytes(unsigned char *buf,
     }
=20
     VIR_FORCE_CLOSE(fd);
+#endif /* !WITH_GNUTLS */
=20
     return 0;
 }
--=20
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list