summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-06-04 12:01:56 +0200
committerDaniel Borkmann <dborkman@redhat.com>2013-06-04 12:01:56 +0200
commit7ea4576392b014490e6308ad82d695cc85a0b8bd (patch)
tree82b2c8d497acfa9c2b1e8f3d75f1153d00583a62
parentb1d59d3eda7ee4f09b30f807d72aac2af58409ac (diff)
rnd: move entropy source definition to rnd
It's better off there anyway. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
-rw-r--r--curvetun.c8
-rw-r--r--rnd.c6
-rw-r--r--rnd.h7
3 files changed, 11 insertions, 10 deletions
diff --git a/curvetun.c b/curvetun.c
index 00fcd2e..458bd0c 100644
--- a/curvetun.c
+++ b/curvetun.c
@@ -43,8 +43,6 @@
#include "crypto_scalarmult_curve25519.h"
#include "crypto_auth_hmacsha512256.h"
-#define CURVETUN_ENTROPY_SOURCE "/dev/random"
-
enum working_mode {
MODE_UNKNOW,
MODE_KEYGEN,
@@ -260,14 +258,14 @@ static void create_keypair(char *home)
char path[PATH_MAX];
const char * errstr = NULL;
- printf("Reading from %s (this may take a while) ...\n", CURVETUN_ENTROPY_SOURCE);
+ printf("Reading from %s (this may take a while) ...\n", HIG_ENTROPY_SOURCE);
- fd = open_or_die(CURVETUN_ENTROPY_SOURCE, O_RDONLY);
+ fd = open_or_die(HIG_ENTROPY_SOURCE, O_RDONLY);
ret = read_exact(fd, secretkey, sizeof(secretkey), 0);
if (ret != sizeof(secretkey)) {
err = EIO;
- errstr = "Cannot read from "CURVETUN_ENTROPY_SOURCE"!\n";
+ errstr = "Cannot read from "HIG_ENTROPY_SOURCE"!\n";
goto out;
}
diff --git a/rnd.c b/rnd.c
index ad32175..3a7481d 100644
--- a/rnd.c
+++ b/rnd.c
@@ -13,7 +13,7 @@ static void randombytes(unsigned char *x, unsigned long long xlen)
if (fd_rnd == -1) {
for (;;) {
- fd_rnd = open("/dev/urandom", O_RDONLY);
+ fd_rnd = open(LOW_ENTROPY_SOURCE, O_RDONLY);
if (fd_rnd != -1)
break;
sleep(1);
@@ -37,10 +37,6 @@ static void randombytes(unsigned char *x, unsigned long long xlen)
}
}
-/* Note: it's not really secure, but the name only suggests it's better to use
- * than rand(3) when transferring bytes over the network in non-security
- * critical structure members. secrand() is only used to fill up salts actually.
- */
int secrand(void)
{
int ret;
diff --git a/rnd.h b/rnd.h
index 3d36d8e..dd128a1 100644
--- a/rnd.h
+++ b/rnd.h
@@ -1,6 +1,13 @@
#ifndef RND_H
#define RND_H
+#define HIG_ENTROPY_SOURCE "/dev/random"
+#define LOW_ENTROPY_SOURCE "/dev/urandom"
+
+/* Note: it's not really secure, but the name only suggests it's better to use
+ * than rand(3) when transferring bytes over the network in non-security
+ * critical structure members. secrand() is only used to fill up salts actually.
+ */
extern int secrand(void);
#endif /* RND_H */