Page MenuHome GnuPG

libgcrypt: random: Remove the feature getting randomness from random daemon
Open, NormalPublic

Description

random daemon has been experimental and not used.
Now, most machine has random generator hardware.

It's good to stop use of the daemon in libgcrypt.

See D544: Deprecation of random daemon part 1 (remove use of random daemon).

Event Timeline

gniibe triaged this task as Normal priority.Nov 30 2021, 5:11 AM
gniibe created this task.
gniibe renamed this task from libgcrypt: random: Remove access to random daemon to libgcrypt: random: Remove the feature getting randomness from random daemon.Nov 30 2021, 10:57 AM

the random daemon is still part of the configure.ac and the undefined _gcry_daemon_initialize_basics() and _gcry_daemon_randomize() is still used under the USE_RANDOM_DAEMON guard in several places. I think at least the following cases should be removed too (or the configure check to be modified to throw error or warning):

$ git grep -i random_daemon
[...]
configure.ac:              [use_random_daemon=$enableval],
configure.ac:              [use_random_daemon=no])
configure.ac:AC_MSG_RESULT($use_random_daemon)
configure.ac:if test x$use_random_daemon = xyes ; then
configure.ac:    AC_DEFINE(USE_RANDOM_DAEMON,1,
configure.ac:AM_CONDITIONAL(USE_RANDOM_DAEMON, test x$use_random_daemon = xyes)
configure.ac:if test "$use_random_daemon" = "yes"; then
[...]
random/random-csprng.c:#ifdef USE_RANDOM_DAEMON
random/random-csprng.c:#endif /*USE_RANDOM_DAEMON*/
random/random.h:#ifdef USE_RANDOM_DAEMON
random/random.h:#endif /*USE_RANDOM_DAEMON*/
[...]
src/Makefile.am:if USE_RANDOM_DAEMON
src/Makefile.am:endif USE_RANDOM_DAEMON
src/Makefile.am:if USE_RANDOM_DAEMON
src/Makefile.am:endif USE_RANDOM_DAEMON
[...]

Good catch. I pushed the change to remove use of random daemon remained.

Still, build of random daemon (gcryptrnd) itself is remained (in configure.ac and src/gcryptrnd.c and src/getrandom.c).

It is unlikely that there are some users for gcryptrnd, but still, it's better for libgcrypt to be conservative for the migration; The plan is: (1) Remove the use of the random daemon in 1.10, then, (2) Remove the random daemon in 1.11.

Pushed another patch to clarify the semantics of --enable-random-daemon;
It's only for building gcryptrnd and the test program getrandom.