diff options
| author | Brent Cook <bcook@openbsd.org> | 2014-10-27 19:22:03 -0500 |
|---|---|---|
| committer | Brent Cook <bcook@openbsd.org> | 2014-11-03 01:19:36 -0600 |
| commit | 0aeb93b9fc9ecf0f9c2e98444545de485168823d (patch) | |
| tree | 605cc1566e5c0ad6698c076b9d5dc2ebeb3f705d /tests | |
| parent | 8abf8e1e1577f51deb5c3bc01f076205f1bfb268 (diff) | |
| download | portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.tar.gz portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.tar.bz2 portable-0aeb93b9fc9ecf0f9c2e98444545de485168823d.zip | |
override native arc4random_buf on FreeBSD
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.am.tpl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tests/Makefile.am.tpl b/tests/Makefile.am.tpl index 5a760da..ec7301c 100644 --- a/tests/Makefile.am.tpl +++ b/tests/Makefile.am.tpl | |||
| @@ -3,7 +3,8 @@ include $(top_srcdir)/Makefile.am.common | |||
| 3 | AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes | 3 | AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes |
| 4 | AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1 | 4 | AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1 |
| 5 | 5 | ||
| 6 | LDADD = $(top_builddir)/ssl/libssl.la | 6 | LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) |
| 7 | LDADD += $(top_builddir)/ssl/libssl.la | ||
| 7 | LDADD += $(top_builddir)/crypto/libcrypto.la | 8 | LDADD += $(top_builddir)/crypto/libcrypto.la |
| 8 | 9 | ||
| 9 | TESTS = | 10 | TESTS = |