virRandomBytes: Use gnutls_rnd whenever possible

While /dev/urandom is not terrible source of random data gnutls_rnd is better. Prefer that one. Also, since nearly every platform we build on already has gnutls (if not all of them) this is going to be used by default. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>

virRandomBytes: Use gnutls_rnd whenever possible
While /dev/urandom is not terrible source of random data gnutls_rnd is better. Prefer that one. Also, since nearly every platform we build on already has gnutls (if not all of them) this is going to be used by default. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com>
b87dda75 · Michal Privoznik · 8981c750 · b87dda75 · b87dda75
隐藏空白更改
内联并排

Showing with 19 addition and 19 deletion

src/util/vircrypto.c src/util/vircrypto.c +1 -19

src/util/virrandom.c src/util/virrandom.c +18 -0

未找到文件。
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -330,23 +330,5 @@ int
 virCryptoGenerateRandom(unsigned char *buf,
                        size_t buflen)
 {
-#if WITH_GNUTLS
-    int rv;
-
-    /* Generate the byte stream using gnutls_rnd() if possible */
-    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("failed to generate byte stream: %s"),
-                       gnutls_strerror(rv));
-        return -1;
-    }
-#else
-    /* If we don't have gnutls_rnd(), we will generate a less cryptographically
-     * strong master buf from /dev/urandom.
-     */
-    if (virRandomBytes(buf, buflen) < 0)
-        return -1;
-#endif
-
-    return 0;
+    return virRandomBytes(buf, buflen);
 }
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -29,6 +29,10 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef WITH_GNUTLS
+# include <gnutls/gnutls.h>
+# include <gnutls/crypto.h>
+#endif

 #include "virrandom.h"
 #include "virthread.h"
@@ -175,6 +179,19 @@ int
 virRandomBytes(unsigned char *buf,
               size_t buflen)
 {
+#if WITH_GNUTLS
+    int rv;
+
+    /* Generate the byte stream using gnutls_rnd() if possible */
+    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to generate byte stream: %s"),
+                       gnutls_strerror(rv));
+        return -1;
+    }
+
+#else /* !WITH_GNUTLS */
+
    int fd;

    if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
@@ -200,6 +217,7 @@ virRandomBytes(unsigned char *buf,
    }

    VIR_FORCE_CLOSE(fd);
+#endif /* !WITH_GNUTLS */

    return 0;
 }