sal: rtlRandomPool: require OS random device, abort if not present

Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).

In case this does not succeed, there is a fallback to a custom
implementation of a PRNG of unknown design that has never been
substantially changed since initial CVS import, and is presumably not
what would be considered state of the art today, particularly if there's
no actual entropy available to seed it.

Except for a few miscellaneous usages in URE (presumably to avoid
dependencies on non-URE libs), rtlRandomPool is almost always used to
generate material for encryption of documents, which is demanding and
probably beyond what a pure user-space PRNG implementation without
entropy from the OS can provide.

So remove the custom PRNG and instead abort() if reading from the OS
random device fails for whatever reason.

rtl_random_addBytes() becomes a no-op and is therefore deprecated.

Presumably the only kind of environment where random device would be
unavailable in practice is running in some sort of chroot or container
that is missing the device or has incorrect permissions on it; better to
fail hard than to produce encrypted documents of questionable security.

[1] https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s?view=msvc-170

Change-Id: I3f020c2d11570f8351381d70188ce59bfec9f720
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163056
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

0 files changed, 0 insertions, 0 deletions