Using pthread_atfork instead of __register_atfork with uClibc on noMMU

uClibc on noMMU doesn't provide __register_atfork().
Reported by redbirdtek on Github issue.
https://github.com/libressl-portab

Using pthread_atfork instead of __register_atfork with uClibc on noMMU

uClibc on noMMU doesn't provide __register_atfork().
Reported by redbirdtek on Github issue.
https://github.com/libressl-portable/portable/issues/538

ok bcook@

show more ...

Tighten behavior of _rs_allocate failure for portable arc4random implementations.

In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a

Tighten behavior of _rs_allocate failure for portable arc4random implementations.

In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.

ok deraadt@

show more ...

Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.

Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then for

Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.

Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.

Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.

ok beck@

show more ...

back in september I did the large abstraction refactoring to allow these
other systems to fit into the same mold, so add copyright

munmap correct object in (extremely unlikely, and effectively terminal)
case of failing to map the 2nd object.
found by Paul Maurers

Move more OS-specific functionality to arc4random.h headers.

Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows,

Move more OS-specific functionality to arc4random.h headers.

Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.

ok deraadt@

show more ...

Move _ARC4_ATFORK handlers from thread_private.h in portable.

move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modules

fixup typos

Change _rs_allocate so it can combine the two regions (rs and rsx)
into one if a system has an awesome getentropy(). In that case it
is valid to totally throw away the rsx state in the child. If th

Change _rs_allocate so it can combine the two regions (rs and rsx)
into one if a system has an awesome getentropy(). In that case it
is valid to totally throw away the rsx state in the child. If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix. _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew

show more ...

Cleanup portable arc4random fork detection code:

1. Use "len" parameter instead of sizeof(*rs).

2. Simplify the atfork handler to be strictly async signal safe by
simply writing to a global volatil

Cleanup portable arc4random fork detection code:

1. Use "len" parameter instead of sizeof(*rs).

2. Simplify the atfork handler to be strictly async signal safe by
simply writing to a global volatile sig_atomic_t object, and then
checking for this in _rs_forkdetect(). (Idea from discussions with
Szabolcs Nagy and Rich Felker.)

3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO
fork semantics to avoid any skew in behavior across platforms.

ok deraadt

show more ...

Seperate arc4random's os-dependent parts into static inline functions,
making it much easier for libressl -portable to fill in the gaps.
ok bcook beck