From 8abf8e1e1577f51deb5c3bc01f076205f1bfb268 Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Mon, 27 Oct 2014 20:01:21 -0500
Subject: override native arc4random_buf on OS X

While the native OS X implementation is fork-safe, it does not seed
safely, as of the latest released OS X libc sources, version 997.90.3.
It only uses weak sources of entropy if accessing /dev/urandom fails.

ok beck@ deraadt@
---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 6ae06a1..0f75e81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,6 +79,10 @@ AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
 AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
 AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
 
+# overrides for arc4random_buf implementations with known issues
+AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
+	[test "x$HOST_OS" != xdarwin -a "x$NO_ARC4RANDOM_BUF" = xtrue])
+
 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
 #include <stdarg.h>
-- 
cgit v1.2.3-55-g6feb