1 json-c: fix CVE-2013-6371 and CVE-2013-6370
3 * CVE-2013-6371: hash collision denial of service
4 * CVE-2013-6370: buffer overflow if size_t is larger than int
6 Upstream-Status: Backport [1]
8 [1] https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
10 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
12 diff --git a/Makefile.am b/Makefile.am
13 index 24b9bdf..26ced27 100644
16 @@ -23,7 +23,8 @@ libjson_cinclude_HEADERS = \
24 #libjsonx_includedir = $(libdir)/json-c-@VERSION@
26 @@ -41,7 +42,8 @@ libjson_c_la_SOURCES = \
36 diff --git a/Makefile.am.inc b/Makefile.am.inc
37 index fd68a25..fec591b 100644
41 -AM_CFLAGS = -Wall -Werror -Wextra -Wwrite-strings -Wno-unused-parameter -std=gnu99 -D_GNU_SOURCE -D_REENTRANT
42 +AM_CFLAGS = -Wall -Werror -Wno-error=deprecated-declarations -Wextra -Wwrite-strings -Wno-unused-parameter -std=gnu99 -D_GNU_SOURCE -D_REENTRANT
44 diff --git a/json_object.h b/json_object.h
45 index 1005734..200ac40 100644
49 #ifndef _json_object_h_
50 #define _json_object_h_
53 +#define THIS_FUNCTION_IS_DEPRECATED(func) func __attribute__ ((deprecated))
54 +#elif defined(_MSC_VER)
55 +#define THIS_FUNCTION_IS_DEPRECATED(func) __declspec(deprecated) func
57 +#define THIS_FUNCTION_IS_DEPRECATED(func) func
60 #include "json_inttypes.h"
63 @@ -279,8 +287,8 @@ extern void json_object_object_add(struct json_object* obj, const char *key,
64 * @returns the json_object associated with the given field name
65 * @deprecated Please use json_object_object_get_ex
67 -extern struct json_object* json_object_object_get(struct json_object* obj,
69 +THIS_FUNCTION_IS_DEPRECATED(extern struct json_object* json_object_object_get(struct json_object* obj,
72 /** Get the json_object associated with a given object field.
74 diff --git a/json_tokener.c b/json_tokener.c
75 index a1019c0..19de8ef 100644
78 @@ -81,6 +81,7 @@ static const char* json_tokener_errors[] = {
79 "object value separator ',' expected",
80 "invalid string sequence",
82 + "buffer size overflow"
85 const char *json_tokener_error_desc(enum json_tokener_error jerr)
86 @@ -243,6 +244,16 @@ struct json_object* json_tokener_parse_ex(struct json_tokener *tok,
88 tok->err = json_tokener_success;
90 + /* this interface is presently not 64-bit clean due to the int len argument
91 + and the internal printbuf interface that takes 32-bit int len arguments
92 + so the function limits the maximum string size to INT32_MAX (2GB).
93 + If the function is called with len == -1 then strlen is called to check
94 + the string length is less than INT32_MAX (2GB) */
95 + if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) {
96 + tok->err = json_tokener_error_size;
100 while (PEEK_CHAR(c, tok)) {
103 diff --git a/json_tokener.h b/json_tokener.h
104 index 5471d97..a72d2bd 100644
107 @@ -33,7 +33,8 @@ enum json_tokener_error {
108 json_tokener_error_parse_object_key_sep,
109 json_tokener_error_parse_object_value_sep,
110 json_tokener_error_parse_string,
111 - json_tokener_error_parse_comment
112 + json_tokener_error_parse_comment,
113 + json_tokener_error_size
116 enum json_tokener_state {
117 @@ -163,6 +164,11 @@ extern void json_tokener_set_flags(struct json_tokener *tok, int flags);
118 * responsible for calling json_tokener_parse_ex with an appropriate str
119 * parameter starting with the extra characters.
121 + * This interface is presently not 64-bit clean due to the int len argument
122 + * so the function limits the maximum string size to INT32_MAX (2GB).
123 + * If the function is called with len == -1 then strlen is called to check
124 + * the string length is less than INT32_MAX (2GB)
128 json_object *jobj = NULL;
129 diff --git a/linkhash.c b/linkhash.c
130 index 5043148..712c387 100644
137 +#ifdef HAVE_ENDIAN_H
138 +# include <endian.h> /* attempt to define endianness */
141 +#include "random_seed.h"
142 #include "linkhash.h"
144 void lh_abort(const char *msg, ...)
145 @@ -39,14 +44,378 @@ int lh_ptr_equal(const void *k1, const void *k2)
150 + * hashlittle from lookup3.c, by Bob Jenkins, May 2006, Public Domain.
151 + * http://burtleburtle.net/bob/c/lookup3.c
152 + * minor modifications to make functions static so no symbols are exported
153 + * minor mofifications to compile with -Werror
157 +-------------------------------------------------------------------------------
158 +lookup3.c, by Bob Jenkins, May 2006, Public Domain.
160 +These are functions for producing 32-bit hashes for hash table lookup.
161 +hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
162 +are externally useful functions. Routines to test the hash are included
163 +if SELF_TEST is defined. You can use this free for any purpose. It's in
164 +the public domain. It has no warranty.
166 +You probably want to use hashlittle(). hashlittle() and hashbig()
167 +hash byte arrays. hashlittle() is is faster than hashbig() on
168 +little-endian machines. Intel and AMD are little-endian machines.
169 +On second thought, you probably want hashlittle2(), which is identical to
170 +hashlittle() except it returns two 32-bit hashes for the price of one.
171 +You could implement hashbig2() if you wanted but I haven't bothered here.
173 +If you want to find a hash of, say, exactly 7 integers, do
174 + a = i1; b = i2; c = i3;
176 + a += i4; b += i5; c += i6;
180 +then use c as the hash value. If you have a variable length array of
181 +4-byte integers to hash, use hashword(). If you have a byte array (like
182 +a character string), use hashlittle(). If you have several byte arrays, or
183 +a mix of things, see the comments above hashlittle().
185 +Why is this so big? I read 12 bytes at a time into 3 4-byte integers,
186 +then mix those integers. This is fast (you can do a lot more thorough
187 +mixing with 12*3 instructions on 3 integers than you can with 3 instructions
188 +on 1 byte), but shoehorning those bytes into integers efficiently is messy.
189 +-------------------------------------------------------------------------------
193 + * My best guess at if you are big-endian or little-endian. This may
196 +#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
197 + __BYTE_ORDER == __LITTLE_ENDIAN) || \
198 + (defined(i386) || defined(__i386__) || defined(__i486__) || \
199 + defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL))
200 +# define HASH_LITTLE_ENDIAN 1
201 +# define HASH_BIG_ENDIAN 0
202 +#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
203 + __BYTE_ORDER == __BIG_ENDIAN) || \
204 + (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel))
205 +# define HASH_LITTLE_ENDIAN 0
206 +# define HASH_BIG_ENDIAN 1
208 +# define HASH_LITTLE_ENDIAN 0
209 +# define HASH_BIG_ENDIAN 0
212 +#define hashsize(n) ((uint32_t)1<<(n))
213 +#define hashmask(n) (hashsize(n)-1)
214 +#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
217 +-------------------------------------------------------------------------------
218 +mix -- mix 3 32-bit values reversibly.
220 +This is reversible, so any information in (a,b,c) before mix() is
221 +still in (a,b,c) after mix().
223 +If four pairs of (a,b,c) inputs are run through mix(), or through
224 +mix() in reverse, there are at least 32 bits of the output that
225 +are sometimes the same for one pair and different for another pair.
226 +This was tested for:
227 +* pairs that differed by one bit, by two bits, in any combination
228 + of top bits of (a,b,c), or in any combination of bottom bits of
230 +* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
231 + the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
232 + is commonly produced by subtraction) look like a single 1-bit
234 +* the base values were pseudorandom, all zero but one bit set, or
235 + all zero plus a counter that starts at zero.
237 +Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
242 +Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
243 +for "differ" defined as + with a one-bit base and a two-bit delta. I
244 +used http://burtleburtle.net/bob/hash/avalanche.html to choose
245 +the operations, constants, and arrangements of the variables.
247 +This does not achieve avalanche. There are input bits of (a,b,c)
248 +that fail to affect some output bits of (a,b,c), especially of a. The
249 +most thoroughly mixed value is c, but it doesn't really even achieve
252 +This allows some parallelism. Read-after-writes are good at doubling
253 +the number of bits affected, so the goal of mixing pulls in the opposite
254 +direction as the goal of parallelism. I did what I could. Rotates
255 +seem to cost as much as shifts on every machine I could lay my hands
256 +on, and rotates are much kinder to the top and bottom bits, so I used
258 +-------------------------------------------------------------------------------
260 +#define mix(a,b,c) \
262 + a -= c; a ^= rot(c, 4); c += b; \
263 + b -= a; b ^= rot(a, 6); a += c; \
264 + c -= b; c ^= rot(b, 8); b += a; \
265 + a -= c; a ^= rot(c,16); c += b; \
266 + b -= a; b ^= rot(a,19); a += c; \
267 + c -= b; c ^= rot(b, 4); b += a; \
271 +-------------------------------------------------------------------------------
272 +final -- final mixing of 3 32-bit values (a,b,c) into c
274 +Pairs of (a,b,c) values differing in only a few bits will usually
275 +produce values of c that look totally different. This was tested for
276 +* pairs that differed by one bit, by two bits, in any combination
277 + of top bits of (a,b,c), or in any combination of bottom bits of
279 +* "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
280 + the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
281 + is commonly produced by subtraction) look like a single 1-bit
283 +* the base values were pseudorandom, all zero but one bit set, or
284 + all zero plus a counter that starts at zero.
286 +These constants passed:
287 + 14 11 25 16 4 14 24
288 + 12 14 25 16 4 14 24
289 +and these came close:
293 +-------------------------------------------------------------------------------
295 +#define final(a,b,c) \
297 + c ^= b; c -= rot(b,14); \
298 + a ^= c; a -= rot(c,11); \
299 + b ^= a; b -= rot(a,25); \
300 + c ^= b; c -= rot(b,16); \
301 + a ^= c; a -= rot(c,4); \
302 + b ^= a; b -= rot(a,14); \
303 + c ^= b; c -= rot(b,24); \
308 +-------------------------------------------------------------------------------
309 +hashlittle() -- hash a variable-length key into a 32-bit value
310 + k : the key (the unaligned variable-length array of bytes)
311 + length : the length of the key, counting by bytes
312 + initval : can be any 4-byte value
313 +Returns a 32-bit value. Every bit of the key affects every bit of
314 +the return value. Two keys differing by one or two bits will have
315 +totally different hash values.
317 +The best hash table sizes are powers of 2. There is no need to do
318 +mod a prime (mod is sooo slow!). If you need less than 32 bits,
319 +use a bitmask. For example, if you need only 10 bits, do
320 + h = (h & hashmask(10));
321 +In which case, the hash table should have hashsize(10) elements.
323 +If you are hashing n strings (uint8_t **)k, do it like this:
324 + for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
326 +By Bob Jenkins, 2006. bob_jenkins@burtleburtle.net. You may use this
327 +code any way you wish, private, educational, or commercial. It's free.
329 +Use for hash table lookup, or anything where one collision in 2^^32 is
330 +acceptable. Do NOT use for cryptographic purposes.
331 +-------------------------------------------------------------------------------
334 +static uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
336 + uint32_t a,b,c; /* internal state */
337 + union { const void *ptr; size_t i; } u; /* needed for Mac Powerbook G4 */
339 + /* Set up the internal state */
340 + a = b = c = 0xdeadbeef + ((uint32_t)length) + initval;
343 + if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
344 + const uint32_t *k = (const uint32_t *)key; /* read 32-bit chunks */
346 + /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
347 + while (length > 12)
357 + /*----------------------------- handle the last (probably partial) block */
359 + * "k[2]&0xffffff" actually reads beyond the end of the string, but
360 + * then masks off the part it's not allowed to read. Because the
361 + * string is aligned, the masked-off tail is in the same word as the
362 + * rest of the string. Every machine with memory protection I've seen
363 + * does it on word boundaries, so is OK with this. But VALGRIND will
364 + * still catch it and complain. The masking trick does make the hash
365 + * noticably faster for short strings (like English words).
371 + case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
372 + case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break;
373 + case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break;
374 + case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break;
375 + case 8 : b+=k[1]; a+=k[0]; break;
376 + case 7 : b+=k[1]&0xffffff; a+=k[0]; break;
377 + case 6 : b+=k[1]&0xffff; a+=k[0]; break;
378 + case 5 : b+=k[1]&0xff; a+=k[0]; break;
379 + case 4 : a+=k[0]; break;
380 + case 3 : a+=k[0]&0xffffff; break;
381 + case 2 : a+=k[0]&0xffff; break;
382 + case 1 : a+=k[0]&0xff; break;
383 + case 0 : return c; /* zero length strings require no mixing */
386 +#else /* make valgrind happy */
388 + const uint8_t *k8 = (const uint8_t *)k;
391 + case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
392 + case 11: c+=((uint32_t)k8[10])<<16; /* fall through */
393 + case 10: c+=((uint32_t)k8[9])<<8; /* fall through */
394 + case 9 : c+=k8[8]; /* fall through */
395 + case 8 : b+=k[1]; a+=k[0]; break;
396 + case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */
397 + case 6 : b+=((uint32_t)k8[5])<<8; /* fall through */
398 + case 5 : b+=k8[4]; /* fall through */
399 + case 4 : a+=k[0]; break;
400 + case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */
401 + case 2 : a+=((uint32_t)k8[1])<<8; /* fall through */
402 + case 1 : a+=k8[0]; break;
406 +#endif /* !valgrind */
408 + } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
409 + const uint16_t *k = (const uint16_t *)key; /* read 16-bit chunks */
412 + /*--------------- all but last block: aligned reads and different mixing */
413 + while (length > 12)
415 + a += k[0] + (((uint32_t)k[1])<<16);
416 + b += k[2] + (((uint32_t)k[3])<<16);
417 + c += k[4] + (((uint32_t)k[5])<<16);
423 + /*----------------------------- handle the last (probably partial) block */
424 + k8 = (const uint8_t *)k;
427 + case 12: c+=k[4]+(((uint32_t)k[5])<<16);
428 + b+=k[2]+(((uint32_t)k[3])<<16);
429 + a+=k[0]+(((uint32_t)k[1])<<16);
431 + case 11: c+=((uint32_t)k8[10])<<16; /* fall through */
433 + b+=k[2]+(((uint32_t)k[3])<<16);
434 + a+=k[0]+(((uint32_t)k[1])<<16);
436 + case 9 : c+=k8[8]; /* fall through */
437 + case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
438 + a+=k[0]+(((uint32_t)k[1])<<16);
440 + case 7 : b+=((uint32_t)k8[6])<<16; /* fall through */
442 + a+=k[0]+(((uint32_t)k[1])<<16);
444 + case 5 : b+=k8[4]; /* fall through */
445 + case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
447 + case 3 : a+=((uint32_t)k8[2])<<16; /* fall through */
452 + case 0 : return c; /* zero length requires no mixing */
455 + } else { /* need to read the key one byte at a time */
456 + const uint8_t *k = (const uint8_t *)key;
458 + /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
459 + while (length > 12)
462 + a += ((uint32_t)k[1])<<8;
463 + a += ((uint32_t)k[2])<<16;
464 + a += ((uint32_t)k[3])<<24;
466 + b += ((uint32_t)k[5])<<8;
467 + b += ((uint32_t)k[6])<<16;
468 + b += ((uint32_t)k[7])<<24;
470 + c += ((uint32_t)k[9])<<8;
471 + c += ((uint32_t)k[10])<<16;
472 + c += ((uint32_t)k[11])<<24;
478 + /*-------------------------------- last block: affect all 32 bits of (c) */
479 + switch(length) /* all the case statements fall through */
481 + case 12: c+=((uint32_t)k[11])<<24;
482 + case 11: c+=((uint32_t)k[10])<<16;
483 + case 10: c+=((uint32_t)k[9])<<8;
485 + case 8 : b+=((uint32_t)k[7])<<24;
486 + case 7 : b+=((uint32_t)k[6])<<16;
487 + case 6 : b+=((uint32_t)k[5])<<8;
489 + case 4 : a+=((uint32_t)k[3])<<24;
490 + case 3 : a+=((uint32_t)k[2])<<16;
491 + case 2 : a+=((uint32_t)k[1])<<8;
502 unsigned long lh_char_hash(const void *k)
504 - unsigned int h = 0;
505 - const char* data = (const char*)k;
507 - while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME;
508 + static volatile int random_seed = -1;
510 + if (random_seed == -1) {
512 + /* we can't use -1 as it is the unitialized sentinel */
513 + while ((seed = json_c_get_random_seed()) == -1);
514 +#if defined __GNUC__
515 + __sync_val_compare_and_swap(&random_seed, -1, seed);
516 +#elif defined _MSC_VER
517 + InterlockedCompareExchange(&random_seed, seed, -1);
519 +#warning "racy random seed initializtion if used by multiple threads"
520 + random_seed = seed; /* potentially racy */
525 + return hashlittle((const char*)k, strlen((const char*)k), random_seed);
528 int lh_char_equal(const void *k1, const void *k2)
529 diff --git a/linkhash.h b/linkhash.h
530 index 378de0b..950d09f 100644
533 @@ -246,7 +246,7 @@ extern struct lh_entry* lh_table_lookup_entry(struct lh_table *t, const void *k)
534 * @return a pointer to the found value or NULL if it does not exist.
535 * @deprecated Use lh_table_lookup_ex instead.
537 -extern const void* lh_table_lookup(struct lh_table *t, const void *k);
538 +THIS_FUNCTION_IS_DEPRECATED(extern const void* lh_table_lookup(struct lh_table *t, const void *k));
541 * Lookup a record in the table
542 diff --git a/random_seed.c b/random_seed.c
544 index 0000000..3b520d4
551 + * Copyright (c) 2013 Metaparadigm Pte. Ltd.
552 + * Michael Clark <michael@metaparadigm.com>
554 + * This library is free software; you can redistribute it and/or modify
555 + * it under the terms of the MIT license. See COPYING for details.
562 +#define DEBUG_SEED(s)
565 +#if defined ENABLE_RDRAND
569 +#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
570 +#define HAS_X86_CPUID 1
572 +static void do_cpuid(int regs[], int h)
574 + __asm__ __volatile__(
575 +#if defined __x86_64__
581 +#if defined __x86_64__
586 + : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3])
590 +#elif defined _MSC_VER
592 +#define HAS_X86_CPUID 1
593 +#define do_cpuid __cpuid
601 +static int has_rdrand()
603 + // CPUID.01H:ECX.RDRAND[bit 30] == 1
606 + return (regs[2] & (1 << 30)) != 0;
611 +/* get_rdrand_seed - GCC x86 and X64 */
613 +#if defined __GNUC__ && (defined __i386__ || defined __x86_64__)
615 +#define HAVE_RDRAND 1
617 +static int get_rdrand_seed()
619 + DEBUG_SEED("get_rdrand_seed");
622 + __asm__ __volatile__("1: .byte 0x0F\n"
632 +#if defined _MSC_VER
634 +#if _MSC_VER >= 1700
635 +#define HAVE_RDRAND 1
637 +/* get_rdrand_seed - Visual Studio 2012 and above */
639 +static int get_rdrand_seed()
641 + DEBUG_SEED("get_rdrand_seed");
643 + while (_rdrand32_step(&r) == 0);
647 +#elif defined _M_IX86
648 +#define HAVE_RDRAND 1
650 +/* get_rdrand_seed - Visual Studio 2010 and below - x86 only */
652 +static int get_rdrand_seed()
654 + DEBUG_SEED("get_rdrand_seed");
658 + __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
660 + __asm mov _eax, eax
667 +#endif /* defined ENABLE_RDRAND */
670 +/* has_dev_urandom */
672 +#if defined (__APPLE__) || defined(__unix__) || defined(__linux__)
679 +#include <sys/stat.h>
681 +#define HAVE_DEV_RANDOM 1
683 +static const char *dev_random_file = "/dev/urandom";
685 +static int has_dev_urandom()
688 + if (stat(dev_random_file, &buf)) {
691 + return ((buf.st_mode & S_IFCHR) != 0);
695 +/* get_dev_random_seed */
697 +static int get_dev_random_seed()
699 + DEBUG_SEED("get_dev_random_seed");
701 + int fd = open(dev_random_file, O_RDONLY);
703 + fprintf(stderr, "error opening %s: %s", dev_random_file, strerror(errno));
708 + ssize_t nread = read(fd, &r, sizeof(r));
709 + if (nread != sizeof(r)) {
710 + fprintf(stderr, "error read %s: %s", dev_random_file, strerror(errno));
713 + else if (nread != sizeof(r)) {
714 + fprintf(stderr, "error short read %s", dev_random_file);
724 +/* get_cryptgenrandom_seed */
728 +#define HAVE_CRYPTGENRANDOM 1
730 +#include <windows.h>
731 +#pragma comment(lib, "advapi32.lib")
733 +static int get_cryptgenrandom_seed()
735 + DEBUG_SEED("get_cryptgenrandom_seed");
737 + HCRYPTPROV hProvider = 0;
740 + if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
741 + fprintf(stderr, "error CryptAcquireContextW");
745 + if (!CryptGenRandom(hProvider, sizeof(r), (BYTE*)&r)) {
746 + fprintf(stderr, "error CryptGenRandom");
750 + CryptReleaseContext(hProvider, 0);
762 +static int get_time_seed()
764 + DEBUG_SEED("get_time_seed");
766 + return (int)time(NULL) * 433494437;
770 +/* json_c_get_random_seed */
772 +int json_c_get_random_seed()
775 + if (has_rdrand()) return get_rdrand_seed();
778 + if (has_dev_urandom()) return get_dev_random_seed();
780 +#if HAVE_CRYPTGENRANDOM
781 + return get_cryptgenrandom_seed();
783 + return get_time_seed();
785 diff --git a/random_seed.h b/random_seed.h
787 index 0000000..7362d67
794 + * Copyright (c) 2013 Metaparadigm Pte. Ltd.
795 + * Michael Clark <michael@metaparadigm.com>
797 + * This library is free software; you can redistribute it and/or modify
798 + * it under the terms of the MIT license. See COPYING for details.
809 +extern int json_c_get_random_seed();
819 --- a/config.h.in 2013-04-03 04:04:18.000000000 +0200
820 +++ b/config.h.in 2014-04-10 10:32:09.318409377 +0200
822 /* Define if .gnu.warning accepts long strings. */
823 #undef HAS_GNU_WARNING_LONG
825 +/* Enable RDRANR Hardware RNG Hash Seed */
826 +#undef ENABLE_RDRAND
828 /* Define to 1 if you have the <dlfcn.h> header file. */
831 /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
834 +/* Define to 1 if you have the <endian.h> header file. */
835 +#undef HAVE_ENDIAN_H
837 /* Define to 1 if you have the <fcntl.h> header file. */
840 --- a/configure.in 2014-04-10 10:32:56.443006786 +0200
841 +++ b/configure.in 2014-04-10 10:34:26.480080755 +0200
844 AM_CONDITIONAL(ENABLE_OLDNAME_COMPAT, [test "x${enable_oldname_compat}" != "xno"])
846 +AC_ARG_ENABLE(rdrand,
847 + AS_HELP_STRING([--enable-rdrand],
848 + [Enable RDRAND Hardware RNG Hash Seed generation on supported x86/x64 platforms.]),
849 + [if test x$enableval = xyes; then
851 + AC_DEFINE(ENABLE_RDRAND, 1, [Enable RDRANR Hardware RNG Hash Seed])
854 +if test "x$enable_rdrand" = "xyes"; then
855 + AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed enabled on supported x86/x64 platforms])
857 + AC_MSG_RESULT([RDRAND Hardware RNG Hash Seed disabled. Use --enable-rdrand to enable])
860 # Checks for programs.
862 # Checks for libraries.
864 AC_CONFIG_HEADER(config.h)
865 AC_CONFIG_HEADER(json_config.h)
867 -AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h)
868 +AC_CHECK_HEADERS(fcntl.h limits.h strings.h syslog.h unistd.h [sys/cdefs.h] [sys/param.h] stdarg.h locale.h endian.h)
869 AC_CHECK_HEADER(inttypes.h,[AC_DEFINE([JSON_C_HAVE_INTTYPES_H],[1],[Public define for json_inttypes.h])])
871 # Checks for typedefs, structures, and compiler characteristics.