Replace “RAND_bytes” by “getentropy”

This removes the dependency on libcrypto.

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>

2 files changed, 11 insertions, 7 deletions

diff --git a/bounce.c b/bounce.c
index 990a61d..9a72db5 100644
--- a/bounce.c
+++ b/bounce.c
@@ -31,7 +31,6 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <limits.h>
-#include <openssl/rand.h>
 #include <poll.h>
 #include <pwd.h>
 #include <signal.h>
@@ -52,6 +51,11 @@
 #include <sys/capsicum.h>
 #endif
 
+// For getentropy(2):
+#ifdef __APPLE__
+#include <sys/random.h>
+#endif
+
 #ifndef SIGINFO
 #define SIGINFO SIGUSR2
 #endif
@@ -62,8 +66,8 @@ bool verbose;
 
 static void hashPass(void) {
 	byte rand[12];
-	int n = RAND_bytes(rand, sizeof(rand));
-	if (n < 1) errx(EX_OSERR, "RAND_bytes failure");
+	int error = getentropy(rand, sizeof(rand));
+	if (error) err(EX_OSERR, "getentropy");
 
 	char salt[3 + BASE64_SIZE(sizeof(rand))] = "$6$";
 	base64(&salt[3], rand, sizeof(rand));
diff --git a/configure b/configure
index 5911471..95ea53c 100755
--- a/configure
+++ b/configure
@@ -32,7 +32,7 @@ done
 
 case "$(uname)" in
 	(FreeBSD)
-		ldlibs -lcrypt -lcrypto
+		ldlibs -lcrypt
 		config libtls
 		defstr OPENSSL_BIN /usr/bin/openssl
 		defstr CERTBOT_PATH /usr/local/etc/letsencrypt
@@ -41,18 +41,18 @@ case "$(uname)" in
 	(Linux)
 		cflags -D_GNU_SOURCE
 		ldlibs -lcrypt
-		config libcrypto libtls
+		config libtls
 		defvar OPENSSL_BIN openssl exec_prefix /bin/openssl
 		;;
 	(Darwin)
 		cflags -D__STDC_WANT_LIB_EXT1__=1
 		cflags "-D'explicit_bzero(b,l)=memset_s((b),(l),0,(l))'"
-		config libcrypto libtls
+		config libtls
 		defvar OPENSSL_BIN openssl exec_prefix /bin/openssl
 		;;
 	(*)
 		ldlibs -lcrypt
-		config libcrypto libtls
+		config libtls
 		defvar OPENSSL_BIN openssl exec_prefix /bin/openssl
 		;;
 esac