Kristaps Dzonsons <[email protected]> writes: > Hi,
Hi, > json-c has some... peculiarities, such as how it seeds the random number > generator for its hashing function. > > https://github.com/json-c/json-c/blob/master/random_seed.c > > I'm not sure how responsive the project is, hence posting here, but the > existing code causes /dev/urandom to be touched, which makes the library > not fit well within pledge; and if in a chroot and failing that instead > of getting killed, has a horrible fall-back. Indeed, that's a bunch of horrible code. Not that I'm blaming upstream, the ecosystem out just doesn't provide what developers need. > Enclosed is a patch that uses arc4random as the only choice. I guess it > should be in a fancy autoconf thing, but this is a bit more direct. The > patch is off 0.12, which is in ports, and not the GH version. Here's a fancy autoconf thing. I'll try to get this accepted upstream, along with the test for the gcc atomics test. Index: Makefile =================================================================== RCS file: /cvs/ports/devel/json-c/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 25 Aug 2015 11:37:02 -0000 1.13 +++ Makefile 9 May 2016 19:09:57 -0000 @@ -4,7 +4,7 @@ COMMENT= JSON implementation in C DISTNAME= json-c-0.12 CATEGORIES= devel -REVISION= 0 +REVISION= 1 SHARED_LIBS += json-c 0.0 # 2.1 @@ -19,7 +19,7 @@ CONFIGURE_STYLE= autoconf autoheader AUTOCONF_VERSION= 2.69 # not enabled by default at present, but we want to make sure we -# don't use it if it's later enabled as it disables using random(4). +# don't use it if it's later enabled, we patch to use arc4random instead. # (the cpuid code will probably break with PIE on i386 too). CONFIGURE_ARGS= --disable-rdrand Index: patches/patch-configure_ac =================================================================== RCS file: /cvs/ports/devel/json-c/patches/patch-configure_ac,v retrieving revision 1.1 diff -u -p -r1.1 patch-configure_ac --- patches/patch-configure_ac 25 Aug 2015 11:37:02 -0000 1.1 +++ patches/patch-configure_ac 9 May 2016 19:06:18 -0000 @@ -1,10 +1,23 @@ $OpenBSD: patch-configure_ac,v 1.1 2015/08/25 11:37:02 jca Exp $ ---- configure.ac.orig Mon Aug 24 20:07:25 2015 -+++ configure.ac Mon Aug 24 20:06:41 2015 -@@ -66,6 +66,21 @@ int main(int c,char* v) {return 0;} - AC_MSG_RESULT(no) - ]) - +--- configure.ac.orig Fri Apr 11 03:47:07 2014 ++++ configure.ac Mon May 9 21:06:15 2016 +@@ -43,6 +43,7 @@ AC_FUNC_MEMCMP + AC_FUNC_MALLOC + AC_FUNC_REALLOC + AC_CHECK_FUNCS(strcasecmp strdup strerror snprintf vsnprintf vasprintf open vsyslog strncasecmp setlocale) ++AC_SEARCH_LIBS(arc4random, bsd, [AC_DEFINE(HAVE_ARC4RANDOM, [1], [Define to 1 if you have the `arc4random' function.])]) + AC_CHECK_DECLS([INFINITY], [], [], [[#include <math.h>]]) + AC_CHECK_DECLS([nan], [], [], [[#include <math.h>]]) + AC_CHECK_DECLS([isnan], [], [], [[#include <math.h>]]) +@@ -61,6 +62,21 @@ __asm__(".section .gnu.json_object_get,\n\t.ascii \"Pl + int main(int c,char* v) {return 0;} + ]])], [ + AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.]) ++ AC_MSG_RESULT(yes) ++], [ ++ AC_MSG_RESULT(no) ++]) ++ +AC_MSG_CHECKING([if compiler supports __sync_val_compare_and_swap with int objects]) +AC_LINK_IFELSE([AC_LANG_SOURCE([[ +int @@ -15,11 +28,6 @@ $OpenBSD: patch-configure_ac,v 1.1 2015/ +} +]])], [ + AC_DEFINE(HAS___SYNC_VAL_COMPARE_AND_SWAP_INT, 1, [Define if compiler supports __sync_val_compare_and_swap.]) -+ AC_MSG_RESULT(yes) -+], [ -+ AC_MSG_RESULT(no) -+]) -+ - AC_LANG_POP([C]) - - AM_PROG_LIBTOOL + AC_MSG_RESULT(yes) + ], [ + AC_MSG_RESULT(no) Index: patches/patch-random_seed_c =================================================================== RCS file: patches/patch-random_seed_c diff -N patches/patch-random_seed_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-random_seed_c 9 May 2016 18:43:21 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- random_seed.c.orig Fri Apr 11 02:41:08 2014 ++++ random_seed.c Mon May 9 20:43:17 2016 +@@ -227,6 +227,9 @@ int json_c_get_random_seed() + #if HAVE_RDRAND + if (has_rdrand()) return get_rdrand_seed(); + #endif ++#if HAVE_ARC4RANDOM ++ return arc4random(); ++#endif + #if HAVE_DEV_RANDOM + if (has_dev_urandom()) return get_dev_random_seed(); + #endif -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
