From f5eafc4a103728d39799be4e527ee765f02c042d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Mon, 23 Jun 2025 01:16:00 +0200
Subject: [PATCH] Use getrandom(2) instead of /dev/urandom where available

---
 src/crypto/random.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/crypto/random.c b/src/crypto/random.c
index 643d15801b..a19216ffe9 100644
--- a/src/crypto/random.c
+++ b/src/crypto/random.c
@@ -65,9 +65,20 @@ static void generate_system_random_bytes(size_t n, void *result) {
 #include <stdlib.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/random.h>
 #include <unistd.h>
 
 static void generate_system_random_bytes(size_t n, void *result) {
+#if __linux__ || __NetBSD__ || __FreeBSD__ || __DragonFly__
+  auto got = getrandom(result, n, 0);
+  if (got != -1) {
+    result = padd(result, got);
+    n -= got;
+  }
+#endif
+  if (n == 0)
+    return;
+
   int fd;
   if ((fd = open("/dev/urandom", O_RDONLY | O_NOCTTY | O_CLOEXEC)) < 0) {
     err(EXIT_FAILURE, "open /dev/urandom");