From 0aeb93b9fc9ecf0f9c2e98444545de485168823d Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Mon, 27 Oct 2014 19:22:03 -0500
Subject: override native arc4random_buf on FreeBSD

The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@
---
 apps/Makefile.am.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/Makefile.am.tpl b/apps/Makefile.am.tpl
index 433fca2..5f1dd21 100644
--- a/apps/Makefile.am.tpl
+++ b/apps/Makefile.am.tpl
@@ -3,7 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 bin_PROGRAMS = openssl
 
 openssl_CFLAGS = $(USER_CFLAGS)
-openssl_LDADD = $(PLATFORM_LDADD)
+openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
 openssl_LDADD += $(top_builddir)/ssl/libssl.la
 openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
 
-- 
cgit v1.2.3-55-g6feb