diff options
author | June McEnroe <june@causal.agency> | 2020-07-31 23:35:12 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2020-07-31 23:35:12 -0400 |
commit | 04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8 (patch) | |
tree | 1d2e37d449f46029b2610a0a4576637c5780c102 | |
parent | Rewrite configure script for all platforms (diff) | |
download | pounce-04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8.tar.gz pounce-04ad4ecc7b4b5db1bbe10372a6820ed88e2799e8.zip |
Use RAND_bytes instead of arc4random_buf
This adds an actual dependency on libcrypto, but removes a dependency on BSD (or LibreSSL libcrypto specifically).
-rw-r--r-- | bounce.c | 8 | ||||
-rw-r--r-- | compat.h | 3 | ||||
-rwxr-xr-x | configure | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/bounce.c b/bounce.c index 8ed4234..c9b27b0 100644 --- a/bounce.c +++ b/bounce.c @@ -31,6 +31,7 @@ #include <fcntl.h> #include <getopt.h> #include <limits.h> +#include <openssl/rand.h> #include <poll.h> #include <pwd.h> #include <signal.h> @@ -56,11 +57,14 @@ bool verbose; static void hashPass(void) { - char *pass = getpass("Password: "); byte rand[12]; - arc4random_buf(rand, sizeof(rand)); + int n = RAND_bytes(rand, sizeof(rand)); + if (n < 1) errx(EX_OSERR, "RAND_bytes failure"); + char salt[3 + BASE64_SIZE(sizeof(rand))] = "$6$"; base64(&salt[3], rand, sizeof(rand)); + + char *pass = getpass("Password: "); printf("%s\n", crypt(pass, salt)); } diff --git a/compat.h b/compat.h index f5d9ff3..63109a0 100644 --- a/compat.h +++ b/compat.h @@ -34,9 +34,6 @@ void explicit_bzero(void *b, size_t len); size_t strlcpy(char *restrict dst, const char *restrict src, size_t dstsize); size_t strlcat(char *restrict dst, const char *restrict src, size_t dstsize); #endif -uint32_t arc4random(void); -void arc4random_buf(void *buf, size_t nbytes); -uint32_t arc4random_uniform(uint32_t upper_bound); #ifndef SIGINFO #define SIGINFO SIGUSR2 diff --git a/configure b/configure index c617b1f..f007db3 100755 --- a/configure +++ b/configure @@ -33,7 +33,7 @@ done case "$(uname)" in (FreeBSD) ldlibs -lcrypt - config libtls + config libcrypto libtls defvar OPENSSL_BIN openssl exec_prefix /bin/openssl defstr CERTBOT_PATH /usr/local/etc/letsencrypt echo 'INSTALLS = install-rcs install-dirs' |