A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_9_BASE 2015-08-25T17:22:56+00:00 2015-08-25T17:22:56+00:00 deraadt 2015-08-25T17:22:56+00:00 urn:sha1:fbe008c26edb3f5528ff750684198fb495993d3a 2014-11-03T06:23:30+00:00 bcook 2014-11-03T06:23:30+00:00 urn:sha1:97f48e5c1a29dd52ce16c023eaa14f5da0110610 The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.