Add hooks to override native arc4random_buf on FreeBSD. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	bcook <>	2014-11-03 06:23:30 +0000
committer	bcook <>	2014-11-03 06:23:30 +0000
commit	a3eca90dbf58e4b053bf7a401300f044cfdc2256 (patch)
tree	9c175467713d63cf2e0e331b942d923c801a93d4 /src/lib/libcrypto/comp/comp_lib.c
parent	ae4a0ba982e7f6609f71539c65c23a5bdfdf446d (diff)
download	openbsd-a3eca90dbf58e4b053bf7a401300f044cfdc2256.tar.gz openbsd-a3eca90dbf58e4b053bf7a401300f044cfdc2256.tar.bz2 openbsd-a3eca90dbf58e4b053bf7a401300f044cfdc2256.zip

Add hooks to override native arc4random_buf on FreeBSD.

The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.

Diffstat (limited to 'src/lib/libcrypto/comp/comp_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: