override native arc4random_buf on FreeBSD

The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.

Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.

This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.

ok beck@ deraadt@

apps/Makefile.am.tpl

@@ -3,7 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 bin_PROGRAMS = openssl
 
 openssl_CFLAGS = $(USER_CFLAGS)
-openssl_LDADD = $(PLATFORM_LDADD)
+openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
 openssl_LDADD += $(top_builddir)/ssl/libssl.la
 openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
 

configure.ac

@@ -13,6 +13,10 @@ case $host_os in
 		HOST_OS=darwin;
 		LDFLAGS="$LDFLAGS -Qunused-arguments"
 		;;
+	*freebsd*)
+		HOST_OS=freebsd;
+		AC_SUBST([PROG_LDADD], ['-lthr'])
+		;;
 	*linux*)
 		HOST_OS=linux;
 		CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
@@ -33,6 +37,7 @@ case $host_os in
 esac
 
 AM_CONDITIONAL(HOST_DARWIN, test x$HOST_OS = xdarwin)
+AM_CONDITIONAL(HOST_FREEBSD, test x$HOST_OS = xfreebsd)
 AM_CONDITIONAL(HOST_LINUX, test x$HOST_OS = xlinux)
 AM_CONDITIONAL(HOST_SOLARIS, test x$HOST_OS = xsolaris)
 AM_CONDITIONAL(HOST_WIN, test x$HOST_OS = xwin)
@@ -81,7 +86,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # overrides for arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$HOST_OS" != xdarwin -a "x$NO_ARC4RANDOM_BUF" = xtrue])
+	[test "x$HOST_OS" != xdarwin -a "x$HOST_OS" != xfreebsd -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[

crypto/Makefile.am.tpl

@@ -61,6 +61,9 @@ if !HAVE_ARC4RANDOM_BUF
 libcompat_la_SOURCES += compat/arc4random.c
 
 if !HAVE_GETENTROPY
+if HOST_FREEBSD
+libcompat_la_SOURCES += compat/getentropy_freebsd.c
+endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/getentropy_linux.c
 endif
@@ -88,6 +91,7 @@ endif
 
 noinst_HEADERS = des/ncbc_enc.c
 noinst_HEADERS += compat/arc4random.h
+noinst_HEADERS += compat/arc4random_freebsd.h
 noinst_HEADERS += compat/arc4random_linux.h
 noinst_HEADERS += compat/arc4random_osx.h
 noinst_HEADERS += compat/arc4random_solaris.h

crypto/compat/arc4random.h

@@ -1,7 +1,12 @@
 #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
 #define LIBCRYPTOCOMPAT_ARC4RANDOM_H
 
-#if defined(__linux__)
+#include <sys/param.h>
+
+#if defined(__FreeBSD__)
+#include "arc4random_freebsd.h"
+
+#elif defined(__linux__)
 #include "arc4random_linux.h"
 
 #elif defined(__APPLE__)

tests/Makefile.am.tpl

@@ -3,7 +3,8 @@ include $(top_srcdir)/Makefile.am.common
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
 
-LDADD = $(top_builddir)/ssl/libssl.la
+LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
+LDADD += $(top_builddir)/ssl/libssl.la
 LDADD += $(top_builddir)/crypto/libcrypto.la
 
 TESTS =