Implemented libstrongswan.plugins.random.strong_equals_true option

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index db63d36f4247a608a30e24808e0e48c2b2487f2b..1ded5243124ff9f41bb921fdae1825714e643ac0 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -905,6 +905,10 @@ File to read random bytes from, instead of @random_device@
 .BR libstrongswan.plugins.random.urandom " [@urandom_device@]"
 File to read pseudo random bytes from, instead of @urandom_device@
 .TP
+.BR libstrongswan.plugins.random.strong_equals_true " [no]"
+If set to yes the RNG_STRONG class reads random bytes from the same source as
+the RNG_TRUE class.
+.TP
 .BR libstrongswan.plugins.unbound.resolv_conf " [/etc/resolv.conf]"
 File to read DNS resolver configuration from
 .TP

diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 24c711a69bfe2b8f4be31a8d26c4921907187a4a..8ac1ac366bd21b898fb1a7cdbe0dd615d47cb08e 100644 (file)
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -51,6 +51,9 @@ static int dev_random = -1;
 /** /dev/urandom file descriptor */
 static int dev_urandom = -1;
 
+/** Is strong randomness equivalent to true randomness? */
+static bool strong_equals_true = FALSE;
+
 /**
  * See header.
  */
@@ -67,6 +70,14 @@ int random_plugin_get_dev_urandom()
        return dev_urandom;
 }
 
+/**
+ * See header.
+ */
+bool random_plugin_get_strong_equals_true()
+{
+       return strong_equals_true;
+}
+
 /**
  * Open a random device file
  */
@@ -131,6 +142,8 @@ plugin_t *random_plugin_create()
                },
        );
 
+       strong_equals_true = lib->settings->get_bool(lib->settings,
+                                               "libstrongswan.plugins.random.strong_equals_true", FALSE);
        urandom_file = lib->settings->get_str(lib->settings,
                                                "libstrongswan.plugins.random.urandom", DEV_URANDOM);
        random_file = lib->settings->get_str(lib->settings,

diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index c34fa81962396ce4b188f45bac887af5d5ac4902..ff79bef0caedfdea9284ad6875a4f5717db1eb8c 100644 (file)
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -49,4 +49,9 @@ int random_plugin_get_dev_random();
  */
 int random_plugin_get_dev_urandom();
 
+/**
+ * Must strong randomness be equivalent to true randomness?
+ */
+bool random_plugin_get_strong_equals_true();
+
 #endif /** RANDOM_PLUGIN_H_ @}*/

diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 568844899d63529798fa2921bac971196ec362fe..36d5446b8865d921e7ac1299c624cd78b6c838ad 100644 (file)
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality)
                        this->fd = random_plugin_get_dev_random();
                        break;
                case RNG_STRONG:
+                       this->fd = random_plugin_get_strong_equals_true() ?
+                                                       random_plugin_get_dev_random() :
+                                                       random_plugin_get_dev_urandom();
+                       break;
                case RNG_WEAK:
                default:
                        this->fd = random_plugin_get_dev_urandom();