From 2ffea78176d5d761be9f0cecd5ba646aed2945b2 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Thu, 2 Sep 2021 17:44:42 -0400
Subject: Read from /dev/urandom instead of using getentropy(3)

getentropy(3) is kind of an awkward function. May as well be generic
as possible and read some random bytes from /dev/urandom, since for
-x we don't really need to worry about being in some execution
environment where that's unavailable. I'm also happy to remove that
special-case include for macOS since its crypt(3) isn't even usable
anyway.
---
 bounce.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/bounce.c b/bounce.c
index d135f97..af7f510 100644
--- a/bounce.c
+++ b/bounce.c
@@ -51,11 +51,6 @@
 #include <sys/capsicum.h>
 #endif
 
-// For getentropy(2):
-#ifdef __APPLE__
-#include <sys/random.h>
-#endif
-
 #ifndef SIGINFO
 #define SIGINFO SIGUSR2
 #endif
@@ -587,12 +582,13 @@ static void hashPass(void) {
 #else
 static void hashPass(void) {
 	byte rand[12];
-	int error = getentropy(rand, sizeof(rand));
-	if (error) err(EX_OSERR, "getentropy");
-
+	FILE *file = fopen("/dev/urandom", "r");
+	if (!file) err(EX_OSFILE, "/dev/urandom");
+	size_t n = fread(rand, sizeof(rand), 1, file);
+	if (!n) err(EX_IOERR, "/dev/urandom");
+	fclose(file);
 	char salt[3 + BASE64_SIZE(sizeof(rand))] = "$6$";
 	base64(&salt[3], rand, sizeof(rand));
-
 	char *pass = getpass("Password: ");
 	printf("%s\n", crypt(pass, salt));
 }
-- 
cgit 1.4.1