From: Victor Julien <victor@inliniac.net>
Date: Thu, 19 Oct 2017 07:51:18 +0000 (+0200)
Subject: random: support getrandom(2) if available
X-Git-Tag: suricata-4.0.2~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2944%2Fhead;p=thirdparty%2Fsuricata.git

random: support getrandom(2) if available

Ticket: #2193
---

diff --git a/configure.ac b/configure.ac
index b31307a1ae..9e7b8c9209 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,6 +130,7 @@
     AC_CHECK_HEADER(glob.h,,[AC_ERROR(glob.h not found ...)])
     AC_CHECK_HEADERS([dirent.h fnmatch.h])
     AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
+    AC_CHECK_HEADERS([sys/random.h])
 
     AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
     [[#ifdef HAVE_SYS_SOCKET_H
@@ -168,6 +169,12 @@
     AC_FUNC_REALLOC
     AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strdup strerror strncasecmp strtol strtoul memchr memrchr clock_gettime])
 
+    AC_CHECK_DECL([getrandom],
+        AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
+        [], [
+            #include <sys/random.h> 
+            ])
+
     OCFLAGS=$CFLAGS
     CFLAGS=""
     AC_CHECK_FUNCS([strlcpy strlcat])
diff --git a/src/suricata-common.h b/src/suricata-common.h
index 41e969abd8..ec34a8c6ce 100644
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@@ -168,6 +168,10 @@
 #include <sys/mman.h>
 #endif
 
+#if HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
+
 #if HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
diff --git a/src/util-random.c b/src/util-random.c
index 35a29056ab..1abc036d33 100644
--- a/src/util-random.c
+++ b/src/util-random.c
@@ -51,6 +51,21 @@ long int RandomGet(void)
 
     return value;
 }
+#elif defined(HAVE_GETRANDOM)
+long int RandomGet(void)
+{
+    if (g_disable_randomness)
+        return 0;
+
+    long int value = 0;
+    int ret = getrandom(&value, sizeof(value), 0);
+    /* ret should be sizeof(value), but if it is > 0 and < sizeof(value)
+     * it's still better than nothing so we return what we have */
+    if (ret <= 0) {
+        return -1;
+    }
+    return value;
+}
 #elif defined(HAVE_CLOCK_GETTIME)
 long int RandomGet(void)
 {