diff options
| -rw-r--r-- | curvetun.c | 8 | ||||
| -rw-r--r-- | rnd.c | 6 | ||||
| -rw-r--r-- | rnd.h | 7 |
3 files changed, 11 insertions, 10 deletions
@@ -43,8 +43,6 @@ #include "crypto_scalarmult_curve25519.h" #include "crypto_auth_hmacsha512256.h" -#define CURVETUN_ENTROPY_SOURCE "/dev/random" - enum working_mode { MODE_UNKNOW, MODE_KEYGEN, @@ -260,14 +258,14 @@ static void create_keypair(char *home) char path[PATH_MAX]; const char * errstr = NULL; - printf("Reading from %s (this may take a while) ...\n", CURVETUN_ENTROPY_SOURCE); + printf("Reading from %s (this may take a while) ...\n", HIG_ENTROPY_SOURCE); - fd = open_or_die(CURVETUN_ENTROPY_SOURCE, O_RDONLY); + fd = open_or_die(HIG_ENTROPY_SOURCE, O_RDONLY); ret = read_exact(fd, secretkey, sizeof(secretkey), 0); if (ret != sizeof(secretkey)) { err = EIO; - errstr = "Cannot read from "CURVETUN_ENTROPY_SOURCE"!\n"; + errstr = "Cannot read from "HIG_ENTROPY_SOURCE"!\n"; goto out; } @@ -13,7 +13,7 @@ static void randombytes(unsigned char *x, unsigned long long xlen) if (fd_rnd == -1) { for (;;) { - fd_rnd = open("/dev/urandom", O_RDONLY); + fd_rnd = open(LOW_ENTROPY_SOURCE, O_RDONLY); if (fd_rnd != -1) break; sleep(1); @@ -37,10 +37,6 @@ static void randombytes(unsigned char *x, unsigned long long xlen) } } -/* Note: it's not really secure, but the name only suggests it's better to use - * than rand(3) when transferring bytes over the network in non-security - * critical structure members. secrand() is only used to fill up salts actually. - */ int secrand(void) { int ret; @@ -1,6 +1,13 @@ #ifndef RND_H #define RND_H +#define HIG_ENTROPY_SOURCE "/dev/random" +#define LOW_ENTROPY_SOURCE "/dev/urandom" + +/* Note: it's not really secure, but the name only suggests it's better to use + * than rand(3) when transferring bytes over the network in non-security + * critical structure members. secrand() is only used to fill up salts actually. + */ extern int secrand(void); #endif /* RND_H */ |