From c546c1ba7146a1a71c051926adf73c772c3be480 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 23 Apr 2019 11:14:44 +0200
Subject: [PATCH] nonce: Allow overriding the RNG quality used to generate
 nonces

Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
---
 src/libstrongswan/plugins/nonce/nonce_nonceg.c | 2 +-
 src/libstrongswan/plugins/nonce/nonce_nonceg.h | 4 ++++
 src/libstrongswan/plugins/nonce/nonce_plugin.c | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
index 5f4162ed9f..ab85626371 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
@@ -71,7 +71,7 @@ nonce_nonceg_t *nonce_nonceg_create()
 		},
 	);
 
-	this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+	this->rng = lib->crypto->create_rng(lib->crypto, NONCE_RNG_QUALITY);
 	if (!this->rng)
 	{
 		DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.h b/src/libstrongswan/plugins/nonce/nonce_nonceg.h
index a4953c54eb..6383558a7c 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.h
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.h
@@ -21,6 +21,10 @@
 #ifndef NONCE_NONCEG_H_
 #define NONCE_NONCEG_H_
 
+#ifndef NONCE_RNG_QUALITY
+#define NONCE_RNG_QUALITY RNG_WEAK
+#endif
+
 typedef struct nonce_nonceg_t nonce_nonceg_t;
 
 #include <library.h>
diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.c b/src/libstrongswan/plugins/nonce/nonce_plugin.c
index 724162193e..f8f4bca696 100644
--- a/src/libstrongswan/plugins/nonce/nonce_plugin.c
+++ b/src/libstrongswan/plugins/nonce/nonce_plugin.c
@@ -43,7 +43,7 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(NONCE_GEN, nonce_nonceg_create),
 			PLUGIN_PROVIDE(NONCE_GEN),
-				PLUGIN_DEPENDS(RNG, RNG_WEAK),
+				PLUGIN_DEPENDS(RNG, NONCE_RNG_QUALITY),
 	};
 	*features = f;
 	return countof(f);