lib: remove use of RANDOM_FILE

It could previously be set with configure/cmake and used in rare cases
for reading randomness: with ancient mbedTLS or rustls without
arc4random.

We now get randomness in this order:

1. The TLS library's way to provide random
2. On Windows: Curl_win32_random
3. if arc4random exists, use that
4. weak non-crytographically strong pseudo-random

Closes #14749

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6bd2144186242c0a8307b778dcc530de4a361686..fd73acb5bcb5ee2e4323952852da226d411f4d8a 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1440,12 +1440,6 @@ if(SIZEOF_SUSECONDS_T)
   set(HAVE_SUSECONDS_T 1)
 endif()
 
-if(NOT WIN32 AND NOT CMAKE_CROSSCOMPILING AND
-   (NOT DEFINED RANDOM_FILE OR RANDOM_FILE))
-  find_file(RANDOM_FILE "urandom" "/dev")
-  mark_as_advanced(RANDOM_FILE)
-endif()
-
 # Check for some functions that are used
 if(WIN32)
   set(CMAKE_REQUIRED_LIBRARIES "ws2_32")

diff --git a/lib/config-os400.h b/lib/config-os400.h
index d5a527e7075b0c44b136310b78d89ed9b991c90d..29aa818fbc29e762a2d85694eff8fc79571d307a 100644 (file)
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -65,9 +65,6 @@
 /* Define this to 'int' if ssize_t is not an available typedefed type */
 #undef ssize_t
 
-/* Define this as a suitable file to read random data from */
-#undef RANDOM_FILE
-
 /* Define to 1 if you have the alarm function. */
 #define HAVE_ALARM 1
 

diff --git a/lib/config-plan9.h b/lib/config-plan9.h
index 6f3a15a5ef7d207c7dd25fae05d34632efc71897..e56aca15cff184e6377aaee86d0079050d0d6788 100644 (file)
--- a/lib/config-plan9.h
+++ b/lib/config-plan9.h
@@ -41,7 +41,6 @@
 #define PACKAGE_STRING "curl -"
 #define PACKAGE_TARNAME "curl"
 #define PACKAGE_VERSION "-"
-#define RANDOM_FILE "/dev/random"
 #define VERSION "0.0.0" /* TODO */
 
 #define STDC_HEADERS 1

diff --git a/lib/config-riscos.h b/lib/config-riscos.h
index 2303f129417f853b699233ad3ab299f465c16717..580e822e510db74b2dd2f8c1b1981f2ec2c40e87 100644 (file)
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -63,9 +63,6 @@
 /* Define this to 'int' if ssize_t is not an available typedefed type */
 #undef ssize_t
 
-/* Define this as a suitable file to read random data from */
-#undef RANDOM_FILE
-
 /* Define if you have the alarm function. */
 #define HAVE_ALARM
 

diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 0a895aaa6ec89dff84259fbfdb4a4e1b28ca7ab1..d803885b3d1460636a6df329f1523968fa0b9356 100644 (file)
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -638,9 +638,6 @@
 /* Define to the version of this package. */
 #cmakedefine PACKAGE_VERSION ${PACKAGE_VERSION}
 
-/* a suitable file to read random data from */
-#cmakedefine RANDOM_FILE "${RANDOM_FILE}"
-
 /*
  Note: SIZEOF_* variables are fetched with CMake through check_type_size().
  As per CMake documentation on CheckTypeSize, C preprocessor code is

diff --git a/lib/rand.c b/lib/rand.c
index 44984f29e8188924819d465b6dc8f0bdee238aeb..de96fc93ef4a64950bcd27c3898ab179133f3724 100644 (file)
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -154,20 +154,6 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
   }
 #endif
 
-#if defined(RANDOM_FILE) && !defined(_WIN32)
-  if(!seeded) {
-    /* if there is a random file to read a seed from, use it */
-    int fd = open(RANDOM_FILE, O_RDONLY);
-    if(fd > -1) {
-      /* read random data into the randseed variable */
-      ssize_t nread = read(fd, &randseed, sizeof(randseed));
-      if(nread == sizeof(randseed))
-        seeded = TRUE;
-      close(fd);
-    }
-  }
-#endif
-
   if(!seeded) {
     struct curltime now = Curl_now();
     infof(data, "WARNING: using weak random seed");

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 122006adddbd3b82f9a71c6b63d5e1b737b17f38..aacf68c59a8e8f786ecd1239827e5c5e581e3f4c 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -998,12 +998,6 @@ static CURLcode ossl_seed(struct Curl_easy *data)
   return CURLE_SSL_CONNECT_ERROR;
 #else
 
-#ifdef RANDOM_FILE
-  RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH);
-  if(rand_enough())
-    return CURLE_OK;
-#endif
-
   /* fallback to a custom seeding of the PRNG using a hash based on a current
      time */
   do {

diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
index e33b56378125e567264c0a3f688d83cf99c8a242..ad32b2ef0f8269e9d73b847679bd3d5164f44bc2 100644 (file)
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -359,32 +359,6 @@ if test X"$OPT_OPENSSL" != Xno &&
   AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
 fi
 
-dnl **********************************************************************
-dnl Check for the random seed preferences
-dnl **********************************************************************
-
-if test X"$OPENSSL_ENABLED" = X"1"; then
-  dnl Check for user-specified random device
-  AC_ARG_WITH(random,
-  AS_HELP_STRING([--with-random=FILE],
-                 [read randomness from FILE (default=/dev/urandom)]),
-    [ RANDOM_FILE="$withval" ],
-    [
-      if test x$cross_compiling != xyes; then
-        dnl Check for random device
-        AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
-      else
-        AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
-      fi
-    ]
-  )
-  if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno; then
-    AC_SUBST(RANDOM_FILE)
-    AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
-    [a suitable file to read random data from])
-  fi
-fi
-
 dnl ---
 dnl We require OpenSSL with SRP support.
 dnl ---