Implemented libstrongswan.plugins.random.strong_equals_true option
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 Nov 2013 23:11:40 +0000 (00:11 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 Nov 2013 23:11:40 +0000 (00:11 +0100)
man/strongswan.conf.5.in
src/libstrongswan/plugins/random/random_plugin.c
src/libstrongswan/plugins/random/random_plugin.h
src/libstrongswan/plugins/random/random_rng.c

index db63d36..1ded524 100644 (file)
@@ -905,6 +905,10 @@ File to read random bytes from, instead of @random_device@
 .BR libstrongswan.plugins.random.urandom " [@urandom_device@]"
 File to read pseudo random bytes from, instead of @urandom_device@
 .TP
+.BR libstrongswan.plugins.random.strong_equals_true " [no]"
+If set to yes the RNG_STRONG class reads random bytes from the same source as
+the RNG_TRUE class.
+.TP
 .BR libstrongswan.plugins.unbound.resolv_conf " [/etc/resolv.conf]"
 File to read DNS resolver configuration from
 .TP
index 24c711a..8ac1ac3 100644 (file)
@@ -51,6 +51,9 @@ static int dev_random = -1;
 /** /dev/urandom file descriptor */
 static int dev_urandom = -1;
 
+/** Is strong randomness equivalent to true randomness? */
+static bool strong_equals_true = FALSE;
+
 /**
  * See header.
  */
@@ -68,6 +71,14 @@ int random_plugin_get_dev_urandom()
 }
 
 /**
+ * See header.
+ */
+bool random_plugin_get_strong_equals_true()
+{
+       return strong_equals_true;
+}
+
+/**
  * Open a random device file
  */
 static bool open_dev(char *file, int *fd)
@@ -131,6 +142,8 @@ plugin_t *random_plugin_create()
                },
        );
 
+       strong_equals_true = lib->settings->get_bool(lib->settings,
+                                               "libstrongswan.plugins.random.strong_equals_true", FALSE);
        urandom_file = lib->settings->get_str(lib->settings,
                                                "libstrongswan.plugins.random.urandom", DEV_URANDOM);
        random_file = lib->settings->get_str(lib->settings,
index c34fa81..ff79bef 100644 (file)
@@ -49,4 +49,9 @@ int random_plugin_get_dev_random();
  */
 int random_plugin_get_dev_urandom();
 
+/**
+ * Must strong randomness be equivalent to true randomness?
+ */
+bool random_plugin_get_strong_equals_true();
+
 #endif /** RANDOM_PLUGIN_H_ @}*/
index 5688448..36d5446 100644 (file)
@@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality)
                        this->fd = random_plugin_get_dev_random();
                        break;
                case RNG_STRONG:
+                       this->fd = random_plugin_get_strong_equals_true() ?
+                                                       random_plugin_get_dev_random() :
+                                                       random_plugin_get_dev_urandom();
+                       break;
                case RNG_WEAK:
                default:
                        this->fd = random_plugin_get_dev_urandom();