summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-07-31 23:35:12 -0400
committerJune McEnroe <june@causal.agency>2020-07-31 23:35:12 -0400
commit04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8 (patch)
tree1d2e37d449f46029b2610a0a4576637c5780c102
parentRewrite configure script for all platforms (diff)
downloadpounce-04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8.tar.gz
pounce-04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8.zip
Use RAND_bytes instead of arc4random_buf
This adds an actual dependency on libcrypto, but removes a dependency on
BSD (or LibreSSL libcrypto specifically).
-rw-r--r--bounce.c8
-rw-r--r--compat.h3
-rwxr-xr-xconfigure2
3 files changed, 7 insertions, 6 deletions
diff --git a/bounce.c b/bounce.c
index 8ed4234..c9b27b0 100644
--- a/bounce.c
+++ b/bounce.c
@@ -31,6 +31,7 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <limits.h>
+#include <openssl/rand.h>
 #include <poll.h>
 #include <pwd.h>
 #include <signal.h>
@@ -56,11 +57,14 @@
 bool verbose;
 
 static void hashPass(void) {
-	char *pass = getpass("Password: ");
 	byte rand[12];
-	arc4random_buf(rand, sizeof(rand));
+	int n = RAND_bytes(rand, sizeof(rand));
+	if (n < 1) errx(EX_OSERR, "RAND_bytes failure");
+
 	char salt[3 + BASE64_SIZE(sizeof(rand))] = "$6$";
 	base64(&salt[3], rand, sizeof(rand));
+
+	char *pass = getpass("Password: ");
 	printf("%s\n", crypt(pass, salt));
 }
 
diff --git a/compat.h b/compat.h
index f5d9ff3..63109a0 100644
--- a/compat.h
+++ b/compat.h
@@ -34,9 +34,6 @@ void explicit_bzero(void *b, size_t len);
 size_t strlcpy(char *restrict dst, const char *restrict src, size_t dstsize);
 size_t strlcat(char *restrict dst, const char *restrict src, size_t dstsize);
 #endif
-uint32_t arc4random(void);
-void arc4random_buf(void *buf, size_t nbytes);
-uint32_t arc4random_uniform(uint32_t upper_bound);
 
 #ifndef SIGINFO
 #define SIGINFO SIGUSR2
diff --git a/configure b/configure
index c617b1f..f007db3 100755
--- a/configure
+++ b/configure
@@ -33,7 +33,7 @@ done
 case "$(uname)" in
 	(FreeBSD)
 		ldlibs -lcrypt
-		config libtls
+		config libcrypto libtls
 		defvar OPENSSL_BIN openssl exec_prefix /bin/openssl
 		defstr CERTBOT_PATH /usr/local/etc/letsencrypt
 		echo 'INSTALLS = install-rcs install-dirs'