override native arc4random_buf on FreeBSD

The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@

1 files changed, 6 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index 0f75e81..88613d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,6 +13,10 @@ case $host_os in
                 HOST_OS=darwin;
                 LDFLAGS="$LDFLAGS -Qunused-arguments"
                 ;;
+        *freebsd*)
+                HOST_OS=freebsd;
+                AC_SUBST([PROG_LDADD], ['-lthr'])
+                ;;
         *linux*)
                 HOST_OS=linux;
                 CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
@@ -33,6 +37,7 @@ case $host_os in
 esac
 
 AM_CONDITIONAL(HOST_DARWIN, test x$HOST_OS = xdarwin)
+AM_CONDITIONAL(HOST_FREEBSD, test x$HOST_OS = xfreebsd)
 AM_CONDITIONAL(HOST_LINUX, test x$HOST_OS = xlinux)
 AM_CONDITIONAL(HOST_SOLARIS, test x$HOST_OS = xsolaris)
 AM_CONDITIONAL(HOST_WIN, test x$HOST_OS = xwin)
@@ -81,7 +86,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # overrides for arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-        [test "x$HOST_OS" != xdarwin -a "x$NO_ARC4RANDOM_BUF" = xtrue])
+        [test "x$HOST_OS" != xdarwin -a "x$HOST_OS" != xfreebsd -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[