nonce: Allow overriding the RNG quality used to generate nonces
authorTobias Brunner <tobias@strongswan.org>
Tue, 23 Apr 2019 09:14:44 +0000 (11:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 29 Apr 2019 08:49:35 +0000 (10:49 +0200)
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.

src/libstrongswan/plugins/nonce/nonce_nonceg.c
src/libstrongswan/plugins/nonce/nonce_nonceg.h
src/libstrongswan/plugins/nonce/nonce_plugin.c

index 5f4162e..ab85626 100644 (file)
@@ -71,7 +71,7 @@ nonce_nonceg_t *nonce_nonceg_create()
                },
        );
 
-       this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+       this->rng = lib->crypto->create_rng(lib->crypto, NONCE_RNG_QUALITY);
        if (!this->rng)
        {
                DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
index a4953c5..6383558 100644 (file)
 #ifndef NONCE_NONCEG_H_
 #define NONCE_NONCEG_H_
 
+#ifndef NONCE_RNG_QUALITY
+#define NONCE_RNG_QUALITY RNG_WEAK
+#endif
+
 typedef struct nonce_nonceg_t nonce_nonceg_t;
 
 #include <library.h>
index 7241621..f8f4bca 100644 (file)
@@ -43,7 +43,7 @@ METHOD(plugin_t, get_features, int,
        static plugin_feature_t f[] = {
                PLUGIN_REGISTER(NONCE_GEN, nonce_nonceg_create),
                        PLUGIN_PROVIDE(NONCE_GEN),
-                               PLUGIN_DEPENDS(RNG, RNG_WEAK),
+                               PLUGIN_DEPENDS(RNG, NONCE_RNG_QUALITY),
        };
        *features = f;
        return countof(f);