nonce: Allow overriding the RNG quality used to generate nonces

Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.

src/libstrongswan/plugins/nonce/nonce_nonceg.c

@@ -71,7 +71,7 @@ nonce_nonceg_t *nonce_nonceg_create()
 		},
 	);
 
-	this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+	this->rng = lib->crypto->create_rng(lib->crypto, NONCE_RNG_QUALITY);
 	if (!this->rng)
 	{
 		DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,

src/libstrongswan/plugins/nonce/nonce_nonceg.h

@@ -21,6 +21,10 @@
 #ifndef NONCE_NONCEG_H_
 #define NONCE_NONCEG_H_
 
+#ifndef NONCE_RNG_QUALITY
+#define NONCE_RNG_QUALITY RNG_WEAK
+#endif
+
 typedef struct nonce_nonceg_t nonce_nonceg_t;
 
 #include <library.h>

src/libstrongswan/plugins/nonce/nonce_plugin.c

@@ -43,7 +43,7 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(NONCE_GEN, nonce_nonceg_create),
 			PLUGIN_PROVIDE(NONCE_GEN),
-				PLUGIN_DEPENDS(RNG, RNG_WEAK),
+				PLUGIN_DEPENDS(RNG, NONCE_RNG_QUALITY),
 	};
 	*features = f;
 	return countof(f);