From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 31 Aug 2024 21:07:12 +0000 (+0200)
Subject: lib: remove use of RANDOM_FILE
X-Git-Tag: curl-8_10_0~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=269fdd4c6ed5d837d57448ac977f6f300968df15;p=thirdparty%2Fcurl.git

lib: remove use of RANDOM_FILE

It could previously be set with configure/cmake and used in rare cases
for reading randomness: with ancient mbedTLS or rustls without
arc4random.

We now get randomness in this order:

1. The TLS library's way to provide random
2. On Windows: Curl_win32_random
3. if arc4random exists, use that
4. weak non-crytographically strong pseudo-random

Closes #14749
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6bd2144186..fd73acb5bc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1440,12 +1440,6 @@ if(SIZEOF_SUSECONDS_T)
   set(HAVE_SUSECONDS_T 1)
 endif()
 
-if(NOT WIN32 AND NOT CMAKE_CROSSCOMPILING AND
-   (NOT DEFINED RANDOM_FILE OR RANDOM_FILE))
-  find_file(RANDOM_FILE "urandom" "/dev")
-  mark_as_advanced(RANDOM_FILE)
-endif()
-
 # Check for some functions that are used
 if(WIN32)
   set(CMAKE_REQUIRED_LIBRARIES "ws2_32")
diff --git a/lib/config-os400.h b/lib/config-os400.h
index d5a527e707..29aa818fbc 100644
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -65,9 +65,6 @@
 /* Define this to 'int' if ssize_t is not an available typedefed type */
 #undef ssize_t
 
-/* Define this as a suitable file to read random data from */
-#undef RANDOM_FILE
-
 /* Define to 1 if you have the alarm function. */
 #define HAVE_ALARM 1
 
diff --git a/lib/config-plan9.h b/lib/config-plan9.h
index 6f3a15a5ef..e56aca15cf 100644
--- a/lib/config-plan9.h
+++ b/lib/config-plan9.h
@@ -41,7 +41,6 @@
 #define PACKAGE_STRING "curl -"
 #define PACKAGE_TARNAME "curl"
 #define PACKAGE_VERSION "-"
-#define RANDOM_FILE "/dev/random"
 #define VERSION "0.0.0" /* TODO */
 
 #define STDC_HEADERS 1
diff --git a/lib/config-riscos.h b/lib/config-riscos.h
index 2303f12941..580e822e51 100644
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -63,9 +63,6 @@
 /* Define this to 'int' if ssize_t is not an available typedefed type */
 #undef ssize_t
 
-/* Define this as a suitable file to read random data from */
-#undef RANDOM_FILE
-
 /* Define if you have the alarm function. */
 #define HAVE_ALARM
 
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 0a895aaa6e..d803885b3d 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -638,9 +638,6 @@
 /* Define to the version of this package. */
 #cmakedefine PACKAGE_VERSION ${PACKAGE_VERSION}
 
-/* a suitable file to read random data from */
-#cmakedefine RANDOM_FILE "${RANDOM_FILE}"
-
 /*
  Note: SIZEOF_* variables are fetched with CMake through check_type_size().
  As per CMake documentation on CheckTypeSize, C preprocessor code is
diff --git a/lib/rand.c b/lib/rand.c
index 44984f29e8..de96fc93ef 100644
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -154,20 +154,6 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
   }
 #endif
 
-#if defined(RANDOM_FILE) && !defined(_WIN32)
-  if(!seeded) {
-    /* if there is a random file to read a seed from, use it */
-    int fd = open(RANDOM_FILE, O_RDONLY);
-    if(fd > -1) {
-      /* read random data into the randseed variable */
-      ssize_t nread = read(fd, &randseed, sizeof(randseed));
-      if(nread == sizeof(randseed))
-        seeded = TRUE;
-      close(fd);
-    }
-  }
-#endif
-
   if(!seeded) {
     struct curltime now = Curl_now();
     infof(data, "WARNING: using weak random seed");
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 122006addd..aacf68c59a 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -998,12 +998,6 @@ static CURLcode ossl_seed(struct Curl_easy *data)
   return CURLE_SSL_CONNECT_ERROR;
 #else
 
-#ifdef RANDOM_FILE
-  RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH);
-  if(rand_enough())
-    return CURLE_OK;
-#endif
-
   /* fallback to a custom seeding of the PRNG using a hash based on a current
      time */
   do {
diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
index e33b563781..ad32b2ef0f 100644
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -359,32 +359,6 @@ if test X"$OPT_OPENSSL" != Xno &&
   AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
 fi
 
-dnl **********************************************************************
-dnl Check for the random seed preferences
-dnl **********************************************************************
-
-if test X"$OPENSSL_ENABLED" = X"1"; then
-  dnl Check for user-specified random device
-  AC_ARG_WITH(random,
-  AS_HELP_STRING([--with-random=FILE],
-                 [read randomness from FILE (default=/dev/urandom)]),
-    [ RANDOM_FILE="$withval" ],
-    [
-      if test x$cross_compiling != xyes; then
-        dnl Check for random device
-        AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
-      else
-        AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
-      fi
-    ]
-  )
-  if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno; then
-    AC_SUBST(RANDOM_FILE)
-    AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
-    [a suitable file to read random data from])
-  fi
-fi
-
 dnl ---
 dnl We require OpenSSL with SRP support.
 dnl ---