From 35e669fd1a0fb3f8af5e127c7d62d4c2a0ae3503 Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Sun, 3 Jan 2016 20:47:20 -0600
Subject: whitelist NetBSD 7.0 native arc4random(3) implementation.

NetBSD 7 improves arc4random(3) over earlier versions by adding fork
detection, stronger assertions on seed failure.
---
 m4/check-libc.m4       |  4 +---
 m4/check-os-options.m4 | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

(limited to 'm4')

diff --git a/m4/check-libc.m4 b/m4/check-libc.m4
index 44721a0..4a0debf 100644
--- a/m4/check-libc.m4
+++ b/m4/check-libc.m4
@@ -56,9 +56,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # Override arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$HOST_OS" != xdarwin \
-	   -a "x$HOST_OS" != xfreebsd \
-	   -a "x$HOST_OS" != xnetbsd \
+	[test "x$USE_BUILTIN_ARC4RANDOM" != yes \
 	   -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 # Check for getentropy fallback dependencies
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
index 28209f1..d8c4969 100644
--- a/m4/check-os-options.m4
+++ b/m4/check-os-options.m4
@@ -17,11 +17,17 @@ case $host_os in
 		;;
 	*darwin*)
 		BUILD_NC=yes
+                # weak seed on failure to open /dev/random, based on latest public source
+                # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
+                USE_BUILTIN_ARC4RANDOM=yes
 		HOST_OS=darwin
 		HOST_ABI=macosx
 		;;
 	*freebsd*)
 		BUILD_NC=yes
+                # fork detection missing, weak seed on failure
+                # https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
+                USE_BUILTIN_ARC4RANDOM=yes
 		HOST_OS=freebsd
 		HOST_ABI=elf
 		AC_SUBST([PROG_LDADD], ['-lthr'])
@@ -44,6 +50,16 @@ case $host_os in
 		;;
 	*netbsd*)
 		BUILD_NC=yes
+               AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/param.h>
+#if __NetBSD_Version__ < 700000001
+        undefined
+#endif
+                       ]], [[]])],
+                       [ USE_BUILTIN_ARC4RANDOM=no ],
+                       [ USE_BUILTIN_ARC4RANDOM=yes ]
+               )
+
 		HOST_OS=netbsd
 		CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
 		;;
-- 
cgit v1.2.3-55-g6feb