summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-09-02 17:44:42 -0400
committerJune McEnroe <june@causal.agency>2021-09-02 17:44:42 -0400
commit2ffea78176d5d761be9f0cecd5ba646aed2945b2 (patch)
tree635e1b325426207ffa1a1dfc3b401c85b2f42dcb
parentSeparate stateSync intro messages (diff)
downloadpounce-2ffea78176d5d761be9f0cecd5ba646aed2945b2.tar.gz
pounce-2ffea78176d5d761be9f0cecd5ba646aed2945b2.zip
Read from /dev/urandom instead of using getentropy(3)
getentropy(3) is kind of an awkward function. May as well be generic
as possible and read some random bytes from /dev/urandom, since for
-x we don't really need to worry about being in some execution
environment where that's unavailable. I'm also happy to remove that
special-case include for macOS since its crypt(3) isn't even usable
anyway.
-rw-r--r--bounce.c14
1 files changed, 5 insertions, 9 deletions
diff --git a/bounce.c b/bounce.c
index d135f97..af7f510 100644
--- a/bounce.c
+++ b/bounce.c
@@ -51,11 +51,6 @@
 #include <sys/capsicum.h>
 #endif
 
-// For getentropy(2):
-#ifdef __APPLE__
-#include <sys/random.h>
-#endif
-
 #ifndef SIGINFO
 #define SIGINFO SIGUSR2
 #endif
@@ -587,12 +582,13 @@ static void hashPass(void) {
 #else
 static void hashPass(void) {
 	byte rand[12];
-	int error = getentropy(rand, sizeof(rand));
-	if (error) err(EX_OSERR, "getentropy");
-
+	FILE *file = fopen("/dev/urandom", "r");
+	if (!file) err(EX_OSFILE, "/dev/urandom");
+	size_t n = fread(rand, sizeof(rand), 1, file);
+	if (!n) err(EX_IOERR, "/dev/urandom");
+	fclose(file);
 	char salt[3 + BASE64_SIZE(sizeof(rand))] = "$6$";
 	base64(&salt[3], rand, sizeof(rand));
-
 	char *pass = getpass("Password: ");
 	printf("%s\n", crypt(pass, salt));
 }