From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 3 Oct 2013 08:24:59 +0000 (+0200)
Subject: crypto-factory: Try next available RNG implementation if constructor fails
X-Git-Tag: 5.1.1rc1~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec91f15e3ba3e622c3bc206c0eeac7c35bfd8ce8;p=thirdparty%2Fstrongswan.git

crypto-factory: Try next available RNG implementation if constructor fails
---

diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 7a47b9536e..a1d7997776 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -235,7 +235,6 @@ METHOD(crypto_factory_t, create_signer, signer_t*,
 	}
 	enumerator->destroy(enumerator);
 	this->lock->unlock(this->lock);
-
 	return signer;
 }
 
@@ -308,14 +307,13 @@ METHOD(crypto_factory_t, create_rng, rng_t*,
 {
 	enumerator_t *enumerator;
 	entry_t *entry;
-	u_int diff = ~0;
-	rng_constructor_t constr = NULL;
+	rng_t *rng = NULL;
 
 	this->lock->read_lock(this->lock);
 	enumerator = this->rngs->create_enumerator(this->rngs);
 	while (enumerator->enumerate(enumerator, &entry))
 	{	/* find the best matching quality, but at least as good as requested */
-		if (entry->algo >= quality && diff > entry->algo - quality)
+		if (entry->algo >= quality)
 		{
 			if (this->test_on_create &&
 				!this->tester->test_rng(this->tester, quality,
@@ -324,21 +322,16 @@ METHOD(crypto_factory_t, create_rng, rng_t*,
 			{
 				continue;
 			}
-			diff = entry->algo - quality;
-			constr = entry->create_rng;
-			if (diff == 0)
-			{	/* perfect match, won't get better */
+			rng = entry->create_rng(quality);
+			if (rng)
+			{
 				break;
 			}
 		}
 	}
 	enumerator->destroy(enumerator);
 	this->lock->unlock(this->lock);
-	if (constr)
-	{
-		return constr(quality);
-	}
-	return NULL;
+	return rng;
 }
 
 METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*,