From: Tobias Heider <tobias.heider@canonical.com>
Date: Fri, 29 Sep 2023 07:57:41 +0000 (+0200)
Subject: compat: use OpenSSL RAND_priv_bytes() for entropy (#248)
X-Git-Tag: v10.0.3~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd34035851d9a9cf3a4bc4ffeb554749ebd68720;p=thirdparty%2Fdhcpcd.git

compat: use OpenSSL RAND_priv_bytes() for entropy (#248)

* compat: use OpenSSL RAND_priv_bytes() for entropy

Use OpenSSL random number generator to seed arc4random() if available,
if it fails fall back to /dev/urandom.

* tests: link eloop-bench against LDADD lib

arc4random might depend on libcrypto so we need to link it.
---

diff --git a/compat/arc4random.c b/compat/arc4random.c
index edc5fff9..8f28f616 100644
--- a/compat/arc4random.c
+++ b/compat/arc4random.c
@@ -40,6 +40,10 @@
 #include <sys/types.h>
 #include <sys/time.h>
 
+#if defined(HAVE_OPENSSL)
+#include <openssl/rand.h>
+#endif
+
 #define KEYSTREAM_ONLY
 #include "chacha_private.h"
 
@@ -93,6 +97,11 @@ _dhcpcd_getentropy(void *buf, size_t length)
 	struct timeval	 tv;
 	uint8_t		*rand = (uint8_t *)buf;
 
+#if defined (HAVE_OPENSSL)
+	if (RAND_priv_bytes(buf, (int)length) == 1)
+		return (0);
+#endif
+
 	if (length < sizeof(tv)) {
 		gettimeofday(&tv, NULL);
 		memcpy(buf, &tv, sizeof(tv));
diff --git a/tests/eloop-bench/Makefile b/tests/eloop-bench/Makefile
index 2827c607..a0ebafd9 100644
--- a/tests/eloop-bench/Makefile
+++ b/tests/eloop-bench/Makefile
@@ -39,7 +39,7 @@ distclean: clean
 depend:
 
 ${PROG}: ${DEPEND} ${OBJS}
-	${CC} ${LDFLAGS} -o $@ ${OBJS}
+	${CC} ${LDFLAGS} -o $@ ${OBJS} ${LDADD}
 
 test: ${PROG}
 	./${PROG}