plugins/attr.opt \
plugins/attr-sql.opt \
plugins/bliss.opt \
+ plugins/botan.opt \
plugins/bypass-lan.opt \
plugins/certexpire.opt \
plugins/coupling.opt \
--- /dev/null
+charon.plugins.botan.internal_rng_only = no
+ Force the use of Botan's internal RNG.
+
+ If enabled, only Botan's internal RNG will be used throughout the plugin.
+ Otherwise, and if supported by Botan, rng_t implementations provided by
+ other loaded plugins will be used as RNG.
[PKG_CHECK_MODULES(botan, [botan-2])])
AC_SUBST(botan_CFLAGS)
AC_SUBST(botan_LIBS)
+ saved_LIBS=$LIBS
+ LIBS="$botan_LIBS"
+ AC_CHECK_FUNCS(botan_rng_init_custom)
+ LIBS=$saved_LIBS
fi
if test x$uci = xtrue; then
return NULL;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
free(this);
return NULL;
return NULL;
}
- if (botan_rng_init(&rng, "system"))
+ if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}
this = create_empty(oid);
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
chunk_clear(&pkcs8);
free(this);
break;
}
- if (botan_rng_init(&rng, "system"))
+ if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}
return NULL;
}
- if (botan_rng_init(&rng, "system"))
+ if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}
goto error;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
goto error;
}
return FALSE;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
return FALSE;
}
return FALSE;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
botan_pk_op_sign_destroy(sign_op);
return FALSE;
}
return rng_name;
}
+
+#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
+
+CALLBACK(get_random, int,
+ rng_t *rng, uint8_t *out, size_t out_len)
+{
+ if (!rng->get_bytes(rng, out_len, out))
+ {
+ return -1;
+ }
+ return 0;
+}
+
+CALLBACK(destroy_rng, void,
+ rng_t *rng)
+{
+ if (rng)
+ {
+ rng->destroy(rng);
+ }
+}
+
+#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
+
+/*
+ * Described in header
+ */
+bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality)
+{
+#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
+ if (!lib->settings->get_bool(lib->settings,
+ "%s.plugins.botan.internal_rng_only", FALSE, lib->ns))
+ {
+ rng_t *rng = lib->crypto->create_rng(lib->crypto, quality);
+
+ if (!rng)
+ {
+ DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
+ quality);
+ return FALSE;
+ }
+ if (botan_rng_init_custom(botan_rng, "strongswan", rng,
+ get_random, NULL, destroy_rng))
+ {
+ DBG1(DBG_LIB, "Botan RNG creation failed");
+ return FALSE;
+ }
+ }
+ else
+#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
+ {
+ const char *rng_name = botan_map_rng_quality(quality);
+
+ if (!rng_name || botan_rng_init(botan_rng, rng_name))
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
*/
const char *botan_map_rng_quality(rng_quality_t quality);
+/**
+ * Get RNG for Botan API calls.
+ *
+ * @param botan_rng Botan RNG
+ * @param quality RNG quality requested
+ * @return TRUE if Botan RNG creation was successful
+ */
+bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality);
+
#endif /** BOTAN_UTIL_H_ @}*/
* THE SOFTWARE.
*/
+#include "botan_util.h"
#include "botan_util_keys.h"
#include "botan_ec_public_key.h"
#include "botan_ec_private_key.h"
break;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
return NULL;
}
break;
}
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
return NULL;
}
},
);
- if (botan_rng_init(&rng, "user"))
+ if (!botan_get_rng(&rng, RNG_STRONG))
{
free(this);
return NULL;