override native arc4random_buf on FreeBSD

The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@

2 files changed, 10 insertions, 1 deletions

diff --git a/crypto/Makefile.am.tpl b/crypto/Makefile.am.tpl
index 0ace78a..d9ca553 100644
--- a/crypto/Makefile.am.tpl
+++ b/crypto/Makefile.am.tpl
@@ -61,6 +61,9 @@ if !HAVE_ARC4RANDOM_BUF
 libcompat_la_SOURCES += compat/arc4random.c
 
 if !HAVE_GETENTROPY
+if HOST_FREEBSD
+libcompat_la_SOURCES += compat/getentropy_freebsd.c
+endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/getentropy_linux.c
 endif
@@ -88,6 +91,7 @@ endif
 
 noinst_HEADERS = des/ncbc_enc.c
 noinst_HEADERS += compat/arc4random.h
+noinst_HEADERS += compat/arc4random_freebsd.h
 noinst_HEADERS += compat/arc4random_linux.h
 noinst_HEADERS += compat/arc4random_osx.h
 noinst_HEADERS += compat/arc4random_solaris.h
diff --git a/crypto/compat/arc4random.h b/crypto/compat/arc4random.h
index 9dae794..7af7fc1 100644
--- a/crypto/compat/arc4random.h
+++ b/crypto/compat/arc4random.h
@@ -1,7 +1,12 @@
 #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
 #define LIBCRYPTOCOMPAT_ARC4RANDOM_H
 
-#if defined(__linux__)
+#include <sys/param.h>
+
+#if defined(__FreeBSD__)
+#include "arc4random_freebsd.h"
+
+#elif defined(__linux__)
 #include "arc4random_linux.h"
 
 #elif defined(__APPLE__)