override native arc4random_buf on FreeBSD

The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@

5 files changed, 19 insertions, 4 deletions

diff --git a/apps/Makefile.am.tpl b/apps/Makefile.am.tpl
index 433fca2..5f1dd21 100644
--- a/apps/Makefile.am.tpl
+++ b/apps/Makefile.am.tpl
@@ -3,7 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 bin_PROGRAMS = openssl
 
 openssl_CFLAGS = $(USER_CFLAGS)
-openssl_LDADD = $(PLATFORM_LDADD)
+openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
 openssl_LDADD += $(top_builddir)/ssl/libssl.la
 openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
 
diff --git a/configure.ac b/configure.ac
index 0f75e81..88613d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,6 +13,10 @@ case $host_os in
                 HOST_OS=darwin;
                 LDFLAGS="$LDFLAGS -Qunused-arguments"
                 ;;
+        *freebsd*)
+                HOST_OS=freebsd;
+                AC_SUBST([PROG_LDADD], ['-lthr'])
+                ;;
         *linux*)
                 HOST_OS=linux;
                 CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
@@ -33,6 +37,7 @@ case $host_os in
 esac
 
 AM_CONDITIONAL(HOST_DARWIN, test x$HOST_OS = xdarwin)
+AM_CONDITIONAL(HOST_FREEBSD, test x$HOST_OS = xfreebsd)
 AM_CONDITIONAL(HOST_LINUX, test x$HOST_OS = xlinux)
 AM_CONDITIONAL(HOST_SOLARIS, test x$HOST_OS = xsolaris)
 AM_CONDITIONAL(HOST_WIN, test x$HOST_OS = xwin)
@@ -81,7 +86,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # overrides for arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-        [test "x$HOST_OS" != xdarwin -a "x$NO_ARC4RANDOM_BUF" = xtrue])
+        [test "x$HOST_OS" != xdarwin -a "x$HOST_OS" != xfreebsd -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[
diff --git a/crypto/Makefile.am.tpl b/crypto/Makefile.am.tpl
index 0ace78a..d9ca553 100644
--- a/crypto/Makefile.am.tpl
+++ b/crypto/Makefile.am.tpl
@@ -61,6 +61,9 @@ if !HAVE_ARC4RANDOM_BUF
 libcompat_la_SOURCES += compat/arc4random.c
 
 if !HAVE_GETENTROPY
+if HOST_FREEBSD
+libcompat_la_SOURCES += compat/getentropy_freebsd.c
+endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/getentropy_linux.c
 endif
@@ -88,6 +91,7 @@ endif
 
 noinst_HEADERS = des/ncbc_enc.c
 noinst_HEADERS += compat/arc4random.h
+noinst_HEADERS += compat/arc4random_freebsd.h
 noinst_HEADERS += compat/arc4random_linux.h
 noinst_HEADERS += compat/arc4random_osx.h
 noinst_HEADERS += compat/arc4random_solaris.h
diff --git a/crypto/compat/arc4random.h b/crypto/compat/arc4random.h
index 9dae794..7af7fc1 100644
--- a/crypto/compat/arc4random.h
+++ b/crypto/compat/arc4random.h
@@ -1,7 +1,12 @@
 #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
 #define LIBCRYPTOCOMPAT_ARC4RANDOM_H
 
-#if defined(__linux__)
+#include <sys/param.h>
+
+#if defined(__FreeBSD__)
+#include "arc4random_freebsd.h"
+
+#elif defined(__linux__)
 #include "arc4random_linux.h"
 
 #elif defined(__APPLE__)
diff --git a/tests/Makefile.am.tpl b/tests/Makefile.am.tpl
index 5a760da..ec7301c 100644
--- a/tests/Makefile.am.tpl
+++ b/tests/Makefile.am.tpl
@@ -3,7 +3,8 @@ include $(top_srcdir)/Makefile.am.common
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
 
-LDADD = $(top_builddir)/ssl/libssl.la
+LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
+LDADD += $(top_builddir)/ssl/libssl.la
 LDADD += $(top_builddir)/crypto/libcrypto.la
 
 TESTS =