Merge branch 'ondrej-use-uv_random' into 'main'

Switch the CSPRNG function from RAND_bytes() to uv_random()

See merge request isc-projects/bind9!6803

CHANGES

@@ -1,3 +1,7 @@
+5980.	[func]		The internal isc_entropy API provider has been
+			changed from OpenSSL RAND_bytes() to uv_random()
+			to use system provided entropy. [GL !6803]
+
 5979.	[func]		Implement DoT support for nsupdate. [GL #1781]
 
 5978.	[port]		The ability to use pkcs11 via engine_pkcs11 has been

lib/isc/Makefile.am

@@ -26,6 +26,7 @@ libisc_la_HEADERS =			\
 	include/isc/deprecated.h	\
 	include/isc/dir.h		\
 	include/isc/endian.h		\
+	include/isc/entropy.h		\
 	include/isc/errno.h		\
 	include/isc/error.h		\
 	include/isc/event.h		\
@@ -132,7 +133,6 @@ libisc_la_SOURCES =		\
 	crc64.c			\
 	dir.c			\
 	entropy.c		\
-	entropy_private.h	\
 	errno.c			\
 	errno2result.c		\
 	errno2result.h		\

lib/isc/entropy.c

@@ -11,18 +11,14 @@
  * information regarding copyright ownership.
  */
 
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
+#include <isc/entropy.h>
 #include <isc/types.h>
 #include <isc/util.h>
-
-#include "entropy_private.h"
+#include <isc/uv.h>
 
 void
 isc_entropy_get(void *buf, size_t buflen) {
-	if (RAND_bytes(buf, buflen) < 1) {
-		FATAL_ERROR(__FILE__, __LINE__, "RAND_bytes(): %s",
-			    ERR_error_string(ERR_get_error(), NULL));
-	}
+	int r = uv_random(NULL, NULL, buf, buflen, 0, NULL);
+
+	UV_RUNTIME_CHECK(uv_random, r);
 }

lib/isc/hash.c

@@ -15,16 +15,16 @@
 #include <stdbool.h>
 #include <stddef.h>
 
-#include "entropy_private.h"
-#include "isc/ascii.h"
-#include "isc/hash.h" /* IWYU pragma: keep */
-#include "isc/once.h"
-#include "isc/random.h"
-#include "isc/result.h"
-#include "isc/siphash.h"
-#include "isc/string.h"
-#include "isc/types.h"
-#include "isc/util.h"
+#include <isc/ascii.h>
+#include <isc/entropy.h>
+#include <isc/hash.h> /* IWYU pragma: keep */
+#include <isc/once.h>
+#include <isc/random.h>
+#include <isc/result.h>
+#include <isc/siphash.h>
+#include <isc/string.h>
+#include <isc/types.h>
+#include <isc/util.h>
 
 static uint8_t isc_hash_key[16];
 static uint8_t isc_hash32_key[8];

lib/isc/include/isc/entropy.h

@@ -17,13 +17,11 @@
 
 #include <isc/lang.h>
 
-/*! \file isc/entropy_private.h
+/*! \file isc/entropy.h
  * \brief Implements wrapper around CSPRNG cryptographic library calls
  * for getting cryptographically secure pseudo-random numbers.
  *
- * - If OpenSSL is used, it uses RAND_bytes()
- * - If PKCS#11 is used, it uses pkcs_C_GenerateRandom()
- *
+ * Uses synchronous version of uv_random().
  */
 
 ISC_LANG_BEGINDECLS

lib/isc/nonce.c

@@ -11,10 +11,9 @@
  * information regarding copyright ownership.
  */
 
+#include <isc/entropy.h>
 #include <isc/nonce.h>
 
-#include "entropy_private.h"
-
 void
 isc_nonce_buf(void *buf, size_t buflen) {
 	isc_entropy_get(buf, buflen);

lib/isc/random.c

@@ -35,13 +35,13 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <isc/entropy.h>
 #include <isc/random.h>
 #include <isc/result.h>
 #include <isc/thread.h>
 #include <isc/types.h>
 #include <isc/util.h>
 
-#include "entropy_private.h"
 #include "random_p.h"
 
 /*