Re: [Qemu-block] [PATCH v2 02/17] crypto: add cryptographic random byte source

[Eric Blake]

On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> There are three backend impls provided. The preferred
> is gnutls, which is backed by nettle in modern distros.
> The gcrypt impl is provided for cases where QEMU build
> against gnutls is disabled, but crypto is still desired.
> No nettle impl is provided, since it is non-trivial to
> use the nettle APIs for random numbers. Users of nettle
> should ensure gnutls is enabled for QEMU.
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---

> +++ b/crypto/Makefile.objs
> @@ -8,6 +8,10 @@ crypto-obj-y += tlscredsanon.o
>  crypto-obj-y += tlscredsx509.o
>  crypto-obj-y += tlssession.o
>  crypto-obj-y += secret.o
> +crypto-obj-$(if $(CONFIG_GNUTLS),n,$(CONFIG_GCRYPT)) += random-gcrypt.o
> +crypto-obj-$(CONFIG_GNUTLS) += random-gnutls.o
>  
>  # Let the userspace emulators avoid linking gnutls/etc
>  crypto-aes-obj-y = aes.o
> +
> +stub-obj-y += random-stub.o
> \ No newline at end of file

You'll want to fix that newline.

> +++ b/crypto/random-gcrypt.c

> +
> +#include <config-host.h>

Now that we are starting to include "qemu/osdep.h" first everywhere,
you'll want to pick that up on rebase.

> +++ b/include/crypto/random.h

> +
> +/**
> + * qcrypto_random_bytes:
> + * @buf: the buffer to fill
> + * @buflen: length of @buf in bytes
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Fill @buf with @buflen bytes of random data

s/of/of cryptographically strong/

> + *
> + * Returns 0 on sucess, -1 on error
> + */
> +int qcrypto_random_bytes(uint8_t *buf,
> +                         size_t buflen,
> +                         Error **errp);
> +

With those tweaks,
Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature