Remove the entropy source reading /dev/random

Instead if System_RNG is backed by /dev/urandom, have the RNG block once on init on a read of /dev/random. That guarantees that we are seeded on old Linux kernels. On basically every other platform besides old Linux this code was redundant with the entropy source that just reads from the system RNG since typically on such systems, /dev/random, /dev/urandom, arc4random, and getentropy all source from the same RNG.
author: Jack Lloyd <[email protected]> 2021-03-01 08:00:28 -0500
committer: Jack Lloyd <[email protected]> 2021-03-01 08:00:28 -0500
commit: 7cb30894b20bf233e12de38e574507362a362590 (patch)
tree: e1163f3a91a221805243a94b8582535778e213b0 /src/lib/entropy
parent: 4547d7f4ead5806a8c026b2bc97f8c3caa7090db (diff)
4 files changed, 2 insertions, 184 deletions
diff --git a/src/lib/entropy/dev_random/dev_random.cpp b/src/lib/entropy/dev_random/dev_random.cpp
deleted file mode 100644
index 44fcbace3..000000000
--- a/src/lib/entropy/dev_random/dev_random.cpp
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
-* Reader of /dev/random and company
-* (C) 1999-2009,2013 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/dev_random.h>
-#include <botan/exceptn.h>
-
-#include <sys/types.h>
-#include <sys/select.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-
-namespace Botan {
-
-/**
-Device_EntropySource constructor
-Open a file descriptor to each (available) device in fsnames
-*/
-Device_EntropySource::Device_EntropySource(const std::vector<std::string>& fsnames)
-   {
-#ifndef O_NONBLOCK
-  #define O_NONBLOCK 0
-#endif
-
-#ifndef O_NOCTTY
-  #define O_NOCTTY 0
-#endif
-
-   const int flags = O_RDONLY | O_NONBLOCK | O_NOCTTY;
-
-   m_max_fd = 0;
-
-   for(auto fsname : fsnames)
-      {
-      int fd = ::open(fsname.c_str(), flags);
-
-      if(fd < 0)
-         {
-         /*
-         ENOENT or EACCES is normal as some of the named devices may not exist
-         on this system. But any other errno value probably indicates
-         either a bug in the application or file descriptor exhaustion.
-         */
-         if(errno != ENOENT && errno != EACCES)
-            throw System_Error("Opening OS RNG device failed", errno);
-         }
-      else
-         {
-         if(fd > FD_SETSIZE)
-            {
-            ::close(fd);
-            throw Invalid_State("Open of OS RNG succeeded but returned fd is too large for fd_set");
-            }
-
-         m_dev_fds.push_back(fd);
-         m_max_fd = std::max(m_max_fd, fd);
-         }
-      }
-   }
-
-/**
-Device_EntropySource destructor: close all open devices
-*/
-Device_EntropySource::~Device_EntropySource()
-   {
-   for(int fd : m_dev_fds)
-      {
-      // ignoring return value here, can't throw in destructor anyway
-      ::close(fd);
-      }
-   }
-
-/**
-* Gather entropy from a RNG device
-*/
-size_t Device_EntropySource::poll(RandomNumberGenerator& rng)
-   {
-   size_t bits = 0;
-
-   if(m_dev_fds.size() > 0)
-      {
-      fd_set read_set;
-      FD_ZERO(&read_set);
-
-      for(int dev_fd : m_dev_fds)
-         {
-         FD_SET(dev_fd, &read_set);
-         }
-
-      secure_vector<uint8_t> io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST);
-
-      struct ::timeval timeout;
-      timeout.tv_sec = (BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS / 1000);
-      timeout.tv_usec = (BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS % 1000) * 1000;
-
-      if(::select(m_max_fd + 1, &read_set, nullptr, nullptr, &timeout) > 0)
-         {
-         for(int dev_fd : m_dev_fds)
-            {
-            if(FD_ISSET(dev_fd, &read_set))
-               {
-               const ssize_t got = ::read(dev_fd, io_buf.data(), io_buf.size());
-
-               if(got > 0)
-                  {
-                  rng.add_entropy(io_buf.data(), static_cast<size_t>(got));
-                  bits += got * 8;
-                  }
-               }
-            }
-         }
-      }
-
-   return bits;
-   }
-
-}
diff --git a/src/lib/entropy/dev_random/dev_random.h b/src/lib/entropy/dev_random/dev_random.h
deleted file mode 100644
index 6195f8564..000000000
--- a/src/lib/entropy/dev_random/dev_random.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-* /dev/random EntropySource
-* (C) 1999-2009 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_ENTROPY_SRC_DEVICE_H_
-#define BOTAN_ENTROPY_SRC_DEVICE_H_
-
-#include <botan/entropy_src.h>
-#include <vector>
-#include <string>
-
-namespace Botan {
-
-/**
-* Entropy source reading from kernel devices like /dev/random
-*/
-class Device_EntropySource final : public Entropy_Source
-   {
-   public:
-      std::string name() const override { return "dev_random"; }
-
-      size_t poll(RandomNumberGenerator& rng) override;
-
-      explicit Device_EntropySource(const std::vector<std::string>& fsnames);
-
-      ~Device_EntropySource();
-   private:
-      std::vector<int> m_dev_fds;
-      int m_max_fd;
-   };
-
-}
-
-#endif
diff --git a/src/lib/entropy/dev_random/info.txt b/src/lib/entropy/dev_random/info.txt
deleted file mode 100644
index 3872411f3..000000000
--- a/src/lib/entropy/dev_random/info.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-<defines>
-ENTROPY_SRC_DEV_RANDOM -> 20131128
-</defines>
-
-<header:internal>
-dev_random.h
-</header:internal>
-
-<os_features>
-dev_random,posix1
-</os_features>
diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
index 01716ac6b..edf896a02 100644
--- a/src/lib/entropy/entropy_srcs.cpp
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -20,10 +20,6 @@
   #include <botan/internal/rdseed.h>
 #endif
 
-#if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
-  #include <botan/internal/dev_random.h>
-#endif
-
 #if defined(BOTAN_HAS_ENTROPY_SRC_WIN32)
   #include <botan/internal/es_win32.h>
 #endif
@@ -99,14 +95,14 @@ class Processor_RNG_EntropySource final : public Entropy_Source
 std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
    {
 #if defined(BOTAN_HAS_SYSTEM_RNG)
-   if(name == "system_rng" || name == "win32_cryptoapi")
+   if(name == "system_rng")
       {
       return std::unique_ptr<Entropy_Source>(new System_RNG_EntropySource);
       }
 #endif
 
 #if defined(BOTAN_HAS_PROCESSOR_RNG)
-   if(name == "hwrng" || name == "rdrand" || name == "p9_darn")
+   if(name == "hwrng")
       {
       if(Processor_RNG::available())
          {
@@ -129,13 +125,6 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
       }
 #endif
 
-#if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
-   if(name == "dev_random")
-      {
-      return std::unique_ptr<Entropy_Source>(new Device_EntropySource(BOTAN_SYSTEM_RNG_POLL_DEVICES));
-      }
-#endif
-
 #if defined(BOTAN_HAS_ENTROPY_SRC_PROC_WALKER)
    if(name == "proc_walk" && OS::running_in_privileged_state() == false)
       {
@@ -224,4 +213,3 @@ Entropy_Sources& Entropy_Sources::global_sources()
    }
 
 }
-
author	Jack Lloyd <[email protected]>	2021-03-01 08:00:28 -0500
committer	Jack Lloyd <[email protected]>	2021-03-01 08:00:28 -0500
commit	7cb30894b20bf233e12de38e574507362a362590 (patch)
tree	e1163f3a91a221805243a94b8582535778e213b0 /src/lib/entropy
parent	4547d7f4ead5806a8c026b2bc97f8c3caa7090db (diff)