CVSROOT: /cvs
Module name: src
Changes by: bc...@cvs.openbsd.org 2014/11/02 23:23:30
Added files:
lib/libcrypto/crypto: arc4random_freebsd.h getentropy_freebsd.c
Log message:
Add hooks to override native arc4random_buf on FreeBSD.
The FreeBSD-native arc4random_buf implementation falls back to weak sources of
entropy if the sysctl fails. Remove these dangerous fallbacks by overriding
locally.
Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with pthread_atfork()
simply fail silently. So, it is not always possible to detect a PID wraparound.
I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation.
Tested on FreeBSD 9 and 10.
