Add hooks to override native arc4random_buf on FreeBSD. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	bcook <>	2014-11-03 06:23:30 +0000
committer	bcook <>	2014-11-03 06:23:30 +0000
commit	97f48e5c1a29dd52ce16c023eaa14f5da0110610 (patch)
tree	9c175467713d63cf2e0e331b942d923c801a93d4 /src/lib/libcrypto/comp/comp_err.c
parent	44fdefc6525622fe6d745eb387fa3266f9028afb (diff)
download	openbsd-97f48e5c1a29dd52ce16c023eaa14f5da0110610.tar.gz openbsd-97f48e5c1a29dd52ce16c023eaa14f5da0110610.tar.bz2 openbsd-97f48e5c1a29dd52ce16c023eaa14f5da0110610.zip

Add hooks to override native arc4random_buf on FreeBSD.

The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.

Diffstat (limited to 'src/lib/libcrypto/comp/comp_err.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: