From: Tobias Brunner Date: Tue, 23 Apr 2019 09:14:44 +0000 (+0200) Subject: nonce: Allow overriding the RNG quality used to generate nonces X-Git-Tag: 5.8.0rc1~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c546c1ba7146a1a71c051926adf73c772c3be480;p=thirdparty%2Fstrongswan.git nonce: Allow overriding the RNG quality used to generate nonces Usually, changing this won't be necessary (actually, some plugins specifically use different DRGBs for RNG_WEAK in order to separate the public nonces from random data used for e.g. DH). But for experts with special plugin configurations this might be more flexible and avoids code changes. --- diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c index 5f4162ed9f..ab85626371 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c @@ -71,7 +71,7 @@ nonce_nonceg_t *nonce_nonceg_create() }, ); - this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + this->rng = lib->crypto->create_rng(lib->crypto, NONCE_RNG_QUALITY); if (!this->rng) { DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names, diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.h b/src/libstrongswan/plugins/nonce/nonce_nonceg.h index a4953c54eb..6383558a7c 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.h +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.h @@ -21,6 +21,10 @@ #ifndef NONCE_NONCEG_H_ #define NONCE_NONCEG_H_ +#ifndef NONCE_RNG_QUALITY +#define NONCE_RNG_QUALITY RNG_WEAK +#endif + typedef struct nonce_nonceg_t nonce_nonceg_t; #include diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.c b/src/libstrongswan/plugins/nonce/nonce_plugin.c index 724162193e..f8f4bca696 100644 --- a/src/libstrongswan/plugins/nonce/nonce_plugin.c +++ b/src/libstrongswan/plugins/nonce/nonce_plugin.c @@ -43,7 +43,7 @@ METHOD(plugin_t, get_features, int, static plugin_feature_t f[] = { PLUGIN_REGISTER(NONCE_GEN, nonce_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), - PLUGIN_DEPENDS(RNG, RNG_WEAK), + PLUGIN_DEPENDS(RNG, NONCE_RNG_QUALITY), }; *features = f; return countof(f);