diff options
| author | Brent Cook <bcook@openbsd.org> | 2014-10-27 19:22:03 -0500 |
|---|---|---|
| committer | Brent Cook <bcook@openbsd.org> | 2014-11-03 01:19:36 -0600 |
| commit | 0aeb93b9fc9ecf0f9c2e98444545de485168823d (patch) | |
| tree | 605cc1566e5c0ad6698c076b9d5dc2ebeb3f705d /crypto/compat/arc4random.h | |
| parent | 8abf8e1e1577f51deb5c3bc01f076205f1bfb268 (diff) | |
| download | portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.tar.gz portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.tar.bz2 portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.zip | |
override native arc4random_buf on FreeBSD
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
Diffstat (limited to 'crypto/compat/arc4random.h')
| -rw-r--r-- | crypto/compat/arc4random.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/compat/arc4random.h b/crypto/compat/arc4random.h index 9dae794..7af7fc1 100644 --- a/crypto/compat/arc4random.h +++ b/crypto/compat/arc4random.h | |||
| @@ -1,7 +1,12 @@ | |||
| 1 | #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H | 1 | #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H |
| 2 | #define LIBCRYPTOCOMPAT_ARC4RANDOM_H | 2 | #define LIBCRYPTOCOMPAT_ARC4RANDOM_H |
| 3 | 3 | ||
| 4 | #if defined(__linux__) | 4 | #include <sys/param.h> |
| 5 | |||
| 6 | #if defined(__FreeBSD__) | ||
| 7 | #include "arc4random_freebsd.h" | ||
| 8 | |||
| 9 | #elif defined(__linux__) | ||
| 5 | #include "arc4random_linux.h" | 10 | #include "arc4random_linux.h" |
| 6 | 11 | ||
| 7 | #elif defined(__APPLE__) | 12 | #elif defined(__APPLE__) |