aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--man/strongswan.conf.5.in4
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.c13
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.h5
-rw-r--r--src/libstrongswan/plugins/random/random_rng.c4
4 files changed, 26 insertions, 0 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index db63d36f4..1ded52431 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -905,6 +905,10 @@ File to read random bytes from, instead of @random_device@
.BR libstrongswan.plugins.random.urandom " [@urandom_device@]"
File to read pseudo random bytes from, instead of @urandom_device@
.TP
+.BR libstrongswan.plugins.random.strong_equals_true " [no]"
+If set to yes the RNG_STRONG class reads random bytes from the same source as
+the RNG_TRUE class.
+.TP
.BR libstrongswan.plugins.unbound.resolv_conf " [/etc/resolv.conf]"
File to read DNS resolver configuration from
.TP
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 24c711a69..8ac1ac366 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -51,6 +51,9 @@ static int dev_random = -1;
/** /dev/urandom file descriptor */
static int dev_urandom = -1;
+/** Is strong randomness equivalent to true randomness? */
+static bool strong_equals_true = FALSE;
+
/**
* See header.
*/
@@ -68,6 +71,14 @@ int random_plugin_get_dev_urandom()
}
/**
+ * See header.
+ */
+bool random_plugin_get_strong_equals_true()
+{
+ return strong_equals_true;
+}
+
+/**
* Open a random device file
*/
static bool open_dev(char *file, int *fd)
@@ -131,6 +142,8 @@ plugin_t *random_plugin_create()
},
);
+ strong_equals_true = lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.random.strong_equals_true", FALSE);
urandom_file = lib->settings->get_str(lib->settings,
"libstrongswan.plugins.random.urandom", DEV_URANDOM);
random_file = lib->settings->get_str(lib->settings,
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index c34fa8196..ff79bef0c 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -49,4 +49,9 @@ int random_plugin_get_dev_random();
*/
int random_plugin_get_dev_urandom();
+/**
+ * Must strong randomness be equivalent to true randomness?
+ */
+bool random_plugin_get_strong_equals_true();
+
#endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 568844899..36d5446b8 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality)
this->fd = random_plugin_get_dev_random();
break;
case RNG_STRONG:
+ this->fd = random_plugin_get_strong_equals_true() ?
+ random_plugin_get_dev_random() :
+ random_plugin_get_dev_urandom();
+ break;
case RNG_WEAK:
default:
this->fd = random_plugin_get_dev_urandom();