diff options
author | Daniel Borkmann <dborkman@redhat.com> | 2013-06-04 12:01:56 +0200 |
---|---|---|
committer | Daniel Borkmann <dborkman@redhat.com> | 2013-06-04 12:01:56 +0200 |
commit | 7ea4576392b014490e6308ad82d695cc85a0b8bd (patch) | |
tree | 82b2c8d497acfa9c2b1e8f3d75f1153d00583a62 | |
parent | b1d59d3eda7ee4f09b30f807d72aac2af58409ac (diff) |
rnd: move entropy source definition to rnd
It's better off there anyway.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
-rw-r--r-- | curvetun.c | 8 | ||||
-rw-r--r-- | rnd.c | 6 | ||||
-rw-r--r-- | rnd.h | 7 |
3 files changed, 11 insertions, 10 deletions
@@ -43,8 +43,6 @@ #include "crypto_scalarmult_curve25519.h" #include "crypto_auth_hmacsha512256.h" -#define CURVETUN_ENTROPY_SOURCE "/dev/random" - enum working_mode { MODE_UNKNOW, MODE_KEYGEN, @@ -260,14 +258,14 @@ static void create_keypair(char *home) char path[PATH_MAX]; const char * errstr = NULL; - printf("Reading from %s (this may take a while) ...\n", CURVETUN_ENTROPY_SOURCE); + printf("Reading from %s (this may take a while) ...\n", HIG_ENTROPY_SOURCE); - fd = open_or_die(CURVETUN_ENTROPY_SOURCE, O_RDONLY); + fd = open_or_die(HIG_ENTROPY_SOURCE, O_RDONLY); ret = read_exact(fd, secretkey, sizeof(secretkey), 0); if (ret != sizeof(secretkey)) { err = EIO; - errstr = "Cannot read from "CURVETUN_ENTROPY_SOURCE"!\n"; + errstr = "Cannot read from "HIG_ENTROPY_SOURCE"!\n"; goto out; } @@ -13,7 +13,7 @@ static void randombytes(unsigned char *x, unsigned long long xlen) if (fd_rnd == -1) { for (;;) { - fd_rnd = open("/dev/urandom", O_RDONLY); + fd_rnd = open(LOW_ENTROPY_SOURCE, O_RDONLY); if (fd_rnd != -1) break; sleep(1); @@ -37,10 +37,6 @@ static void randombytes(unsigned char *x, unsigned long long xlen) } } -/* Note: it's not really secure, but the name only suggests it's better to use - * than rand(3) when transferring bytes over the network in non-security - * critical structure members. secrand() is only used to fill up salts actually. - */ int secrand(void) { int ret; @@ -1,6 +1,13 @@ #ifndef RND_H #define RND_H +#define HIG_ENTROPY_SOURCE "/dev/random" +#define LOW_ENTROPY_SOURCE "/dev/urandom" + +/* Note: it's not really secure, but the name only suggests it's better to use + * than rand(3) when transferring bytes over the network in non-security + * critical structure members. secrand() is only used to fill up salts actually. + */ extern int secrand(void); #endif /* RND_H */ |