From c09466abffa0f26af6ec95aa80b8b2efe5efee12 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 31 Jul 2023 11:52:44 +0000 Subject: [PATCH] egd: delete feature detection and related source code EGD is Entropy Gathering Daemon, a socket-based entropy source supported by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it a while ago. Its detection in CMake was broken all along because OpenSSL libs were not linked at the point of feature check. Delete detection from both cmake and autotools, along with the related source snippet, and the `--with-egd-socket=` `./configure` option. Closes #11556 --- CMake/Platforms/WindowsCache.cmake | 1 - CMakeLists.txt | 4 ---- lib/config-amigaos.h | 1 - lib/config-mac.h | 2 -- lib/config-os400.h | 6 ------ lib/config-riscos.h | 6 ------ lib/curl_config.h.cmake | 6 ------ lib/setup-vms.h | 1 - lib/vtls/openssl.c | 14 -------------- m4/curl-openssl.m4 | 12 ------------ packages/vms/gnv_conftest.c_first | 2 -- scripts/ciconfig.pl | 1 - 12 files changed, 56 deletions(-) diff --git a/CMake/Platforms/WindowsCache.cmake b/CMake/Platforms/WindowsCache.cmake index 37712377e4..c69c33cc36 100644 --- a/CMake/Platforms/WindowsCache.cmake +++ b/CMake/Platforms/WindowsCache.cmake @@ -66,7 +66,6 @@ if(NOT UNIX) set(HAVE_GETPWUID 0) set(HAVE_GETEUID 0) set(HAVE_UTIME 1) - set(HAVE_RAND_EGD 0) set(HAVE_GMTIME_R 0) set(HAVE_GETHOSTBYNAME_R 0) set(HAVE_SIGNAL 1) diff --git a/CMakeLists.txt b/CMakeLists.txt index f301a22553..e19deb605e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,7 +50,6 @@ # # The following variables are available: # HAVE_SSL_SET0_WBIO: `SSL_set0_wbio` present in OpenSSL -# HAVE_RAND_EGD: `RAND_egd` present in OpenSSL # HAVE_AWSLC: OpenSSL is AWS-LC # HAVE_BORINGSSL: OpenSSL is BoringSSL # HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL @@ -598,9 +597,6 @@ if(USE_OPENSSL OR USE_WOLFSSL) if(NOT DEFINED HAVE_SSL_SET0_WBIO) openssl_check_symbol_exists(SSL_set0_wbio "openssl/ssl.h" HAVE_SSL_SET0_WBIO) endif() - if(NOT DEFINED HAVE_RAND_EGD) - openssl_check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) - endif() endif() option(USE_NGHTTP2 "Use Nghttp2 library" OFF) diff --git a/lib/config-amigaos.h b/lib/config-amigaos.h index 11f36a121a..a6a518abb3 100644 --- a/lib/config-amigaos.h +++ b/lib/config-amigaos.h @@ -40,7 +40,6 @@ #define HAVE_NETINET_IN_H 1 #define HAVE_NET_IF_H 1 #define HAVE_PWD_H 1 -#define HAVE_RAND_EGD 1 #define HAVE_SELECT 1 #define HAVE_SETJMP_H 1 #define HAVE_SIGNAL 1 diff --git a/lib/config-mac.h b/lib/config-mac.h index 8bd2fbd09c..ff6fdb25ae 100644 --- a/lib/config-mac.h +++ b/lib/config-mac.h @@ -77,8 +77,6 @@ #define CURL_DISABLE_LDAP 1 -#define HAVE_RAND_EGD 1 - #define HAVE_IOCTL_FIONBIO 1 #define SIZEOF_INT 4 diff --git a/lib/config-os400.h b/lib/config-os400.h index 8d48955eef..db8e9082e2 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -68,9 +68,6 @@ /* Define this as a suitable file to read random data from */ #undef RANDOM_FILE -/* Define this to your Entropy Gathering Daemon socket pathname */ -#undef EGD_SOCKET - /* Define to 1 if you have the alarm function. */ #define HAVE_ALARM 1 @@ -143,9 +140,6 @@ /* Define if you have the header file. */ #define HAVE_PWD_H -/* Define if you have the `RAND_egd' function. */ -#undef HAVE_RAND_EGD - /* Define if you have the `select' function. */ #define HAVE_SELECT diff --git a/lib/config-riscos.h b/lib/config-riscos.h index 246473194e..a9268e1e90 100644 --- a/lib/config-riscos.h +++ b/lib/config-riscos.h @@ -66,9 +66,6 @@ /* Define this as a suitable file to read random data from */ #undef RANDOM_FILE -/* Define this to your Entropy Gathering Daemon socket pathname */ -#undef EGD_SOCKET - /* Define if you want to enable IPv6 support */ #undef ENABLE_IPV6 @@ -135,9 +132,6 @@ /* Define if you have the header file. */ #undef HAVE_PWD_H -/* Define if you have the `RAND_egd' function. */ -#undef HAVE_RAND_EGD - /* Define if you have the `select' function. */ #define HAVE_SELECT diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 30bb0e458f..cdc59333cd 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -135,9 +135,6 @@ /* Use Windows LDAP implementation */ #cmakedefine USE_WIN32_LDAP 1 -/* your Entropy Gathering Daemon socket pathname */ -#cmakedefine EGD_SOCKET ${EGD_SOCKET} - /* Define if you want to enable IPv6 support */ #cmakedefine ENABLE_IPV6 1 @@ -400,9 +397,6 @@ /* Define to 1 if OpenSSL has the `SSL_set0_wbio` function. */ #cmakedefine HAVE_SSL_SET0_WBIO 1 -/* Define to 1 if you have the `RAND_egd' function. */ -#cmakedefine HAVE_RAND_EGD 1 - /* Define to 1 if you have the recv function. */ #cmakedefine HAVE_RECV 1 diff --git a/lib/setup-vms.h b/lib/setup-vms.h index 46657b2cd4..645cc1a9cd 100644 --- a/lib/setup-vms.h +++ b/lib/setup-vms.h @@ -262,7 +262,6 @@ static struct passwd *vms_getpwuid(uid_t uid) #define PKCS12_parse PKCS12_PARSE #define RAND_add RAND_ADD #define RAND_bytes RAND_BYTES -#define RAND_egd RAND_EGD #define RAND_file_name RAND_FILE_NAME #define RAND_load_file RAND_LOAD_FILE #define RAND_status RAND_STATUS diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 51f7b26f85..fa8938abc4 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -996,20 +996,6 @@ static CURLcode ossl_seed(struct Curl_easy *data) return CURLE_OK; #endif -#if defined(HAVE_RAND_EGD) && defined(EGD_SOCKET) - /* available in OpenSSL 0.9.5 and later */ - /* EGD_SOCKET is set at configure time or not at all */ - { - /* If there's an option and a define, the option overrides the - define */ - int ret = RAND_egd(EGD_SOCKET); - if(-1 != ret) { - if(rand_enough()) - return CURLE_OK; - } - } -#endif - /* fallback to a custom seeding of the PRNG using a hash based on a current time */ do { diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4 index b3a63225a7..3cbbb5e8dd 100644 --- a/m4/curl-openssl.m4 +++ b/m4/curl-openssl.m4 @@ -259,8 +259,6 @@ if test "x$OPT_OPENSSL" != xno; then if test X"$OPENSSL_ENABLED" = X"1"; then dnl These can only exist if OpenSSL exists - AC_CHECK_FUNCS( RAND_egd ) - AC_MSG_CHECKING([for BoringSSL]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ @@ -363,16 +361,6 @@ dnl Check for the random seed preferences dnl ********************************************************************** if test X"$OPENSSL_ENABLED" = X"1"; then - AC_ARG_WITH(egd-socket, - AS_HELP_STRING([--with-egd-socket=FILE], - [Entropy Gathering Daemon socket pathname]), - [ EGD_SOCKET="$withval" ] - ) - if test -n "$EGD_SOCKET" ; then - AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", - [your Entropy Gathering Daemon socket pathname] ) - fi - dnl Check for user-specified random device AC_ARG_WITH(random, AS_HELP_STRING([--with-random=FILE], diff --git a/packages/vms/gnv_conftest.c_first b/packages/vms/gnv_conftest.c_first index 5b56608616..317b1abfc7 100644 --- a/packages/vms/gnv_conftest.c_first +++ b/packages/vms/gnv_conftest.c_first @@ -33,7 +33,6 @@ char SSL_connect(void) {return 0;} char ENGINE_init(void) {return 0;} char RAND_status(void) {return 0;} /* char RAND_screen(void) {return 0;} In headers, but not present */ -char RAND_egd(void) {return 0;} char CRYPTO_cleanup_all_ex_data(void) {return 0;} char SSL_get_shutdown(void) {return 0;} char ENGINE_load_builtin_engines (void) {return 0;} @@ -46,7 +45,6 @@ char ENGINE_load_builtin_engines (void) {return 0;} #define ENGINE_init ENGINE_INIT #define RAND_status RAND_STATUS /* #define RAND_screen RAND_SCREEN */ -#define RAND_egd RAND_EGD #define CRYPTO_cleanup_all_ex_data CRYPTO_CLEANUP_ALL_EX_DATA #define SSL_get_shutdown SSL_GET_SHUTDOWN #define ENGINE_load_builtin_engines ENGINE_LOAD_BUILTIN_ENGINES diff --git a/scripts/ciconfig.pl b/scripts/ciconfig.pl index a3ac4f6c9c..7c31f8e4a0 100755 --- a/scripts/ciconfig.pl +++ b/scripts/ciconfig.pl @@ -83,7 +83,6 @@ my %defaulton = ( 'zstd' => 1, 'brotli' => 1, 'random' => 1, - 'egd-socket' => 1, 'ca-bundle' => 1, 'ca-path' => 1, 'libssh2' => 1, -- 2.47.3