From 5cd15ffdceace3a077d4719ef7c1704336d602e1 Mon Sep 17 00:00:00 2001
From: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Date: Wed, 2 Feb 2022 15:35:26 +0100
Subject: [PATCH 1/2] random: use arc4random on OpenBSD

Following best practices on OpenBSD. The getentropy(2) man page states:
"getentropy() is not intended for regular code;
 please use the arc4random(3) family of functions instead."
---
 src/random.cpp | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/random.cpp b/src/random.cpp
index 5dae80fe313..fa53a0f7b93 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -305,16 +305,14 @@ void GetOSRand(unsigned char *ent32)
             RandFailure();
         }
     }
-#elif defined(HAVE_GETENTROPY) && defined(__OpenBSD__)
-    /* On OpenBSD this can return up to 256 bytes of entropy, will return an
-     * error if more are requested.
-     * The call cannot return less than the requested number of bytes.
-       getentropy is explicitly limited to openbsd here, as a similar (but not
-       the same) function may exist on other platforms via glibc.
+#elif defined(__OpenBSD__)
+    /* OpenBSD. From the arc4random(3) man page:
+       "Use of these functions is encouraged for almost all random number
+        consumption because the other interfaces are deficient in either
+        quality, portability, standardization, or availability."
+       The function call is always successful.
      */
-    if (getentropy(ent32, NUM_OS_RANDOM_BYTES) != 0) {
-        RandFailure();
-    }
+    arc4random_buf(ent32, NUM_OS_RANDOM_BYTES);
     // Silence a compiler warning about unused function.
     (void)GetDevURandom;
 #elif defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX)

From 0c49e52b22be1baa8d51670e4f3c437fd3c0baa7 Mon Sep 17 00:00:00 2001
From: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Date: Wed, 2 Feb 2022 17:22:42 +0100
Subject: [PATCH 2/2] build: remove unneeded getentropy detection
 (HAVE_GETENTROPY)

---
 configure.ac   | 7 -------
 src/random.cpp | 4 +---
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/configure.ac b/configure.ac
index bef39739963..f69c5ecb46c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1109,13 +1109,6 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <unistd.h>
  [ AC_MSG_RESULT([no])]
 )
 
-AC_MSG_CHECKING([for getentropy])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <unistd.h>]],
- [[ getentropy(nullptr, 32) ]])],
- [ AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETENTROPY], [1], [Define this symbol if the BSD getentropy system call is available]) ],
- [ AC_MSG_RESULT([no])]
-)
-
 AC_MSG_CHECKING([for getentropy via random.h])
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <unistd.h>
  #include <sys/random.h>]],
diff --git a/src/random.cpp b/src/random.cpp
index fa53a0f7b93..b8625105243 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -32,10 +32,8 @@
 #include <sys/syscall.h>
 #include <linux/random.h>
 #endif
-#if defined(HAVE_GETENTROPY) || (defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX))
-#include <unistd.h>
-#endif
 #if defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX)
+#include <unistd.h>
 #include <sys/random.h>
 #endif
 #ifdef HAVE_SYSCTL_ARND