Dev news

Commit fdd06d99ec for strongswan.org

commit fdd06d99ecc42143100b307ba6d294532e83c7b3
Author: Markus Theil <markus.theil@secunet.com>
Date:   Thu Apr 9 19:35:50 2026 +0200

    botan: Make RNG types configurable

    This allows for usage of ESDM or jitterentropy as Botan RNG without
    patching strongSwan.

    Signed-off-by: Markus Theil <markus.theil@secunet.com>

diff --git a/conf/plugins/botan.opt b/conf/plugins/botan.opt
index dfda14ee1f..56620c28b1 100644
--- a/conf/plugins/botan.opt
+++ b/conf/plugins/botan.opt
@@ -4,3 +4,15 @@ charon.plugins.botan.internal_rng_only = no
 	If enabled, only Botan's internal RNG will be used throughout the plugin.
 	Otherwise, and if supported by Botan, rng_t implementations provided by
 	other loaded plugins will be used as RNG.
+
+charon.plugins.botan.rng.strong = user-threadsafe
+	Name of the Botan RNG used for RNG_STRONG and RNG_WEAK quality.
+
+	Name of the Botan RNG instance to use for RNG_STRONG and RNG_WEAK quality
+	(e.g. user, user-threadsafe or system).
+
+charon.plugins.botan.rng.true = system
+	Name of the Botan RNG used for RNG_TRUE quality.
+
+	Name of the Botan RNG instance to use for RNG_TRUE quality (e.g. user,
+	user-threadsafe or system).
diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c
index 6ee4ab6d01..0c867037a0 100644
--- a/src/libstrongswan/plugins/botan/botan_util.c
+++ b/src/libstrongswan/plugins/botan/botan_util.c
@@ -372,7 +372,7 @@ bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret)
  */
 const char *botan_map_rng_quality(rng_quality_t quality)
 {
-	const char *rng_name;
+	const char *rng_name_default, *setting;

 	switch (quality)
 	{
@@ -385,18 +385,21 @@ const char *botan_map_rng_quality(rng_quality_t quality)
 			 * with leak-detective (lots of reports of frees of unknown memory)
 			 * there is a fallback to the default */
 #ifdef BOTAN_TARGET_OS_HAS_THREADS
-			rng_name = "user-threadsafe";
+			rng_name_default = "user-threadsafe";
 #else
-			rng_name = "user";
+			rng_name_default = "user";
 #endif
+			setting = "strong";
 			break;
 		case RNG_TRUE:
-			rng_name = "system";
+			rng_name_default = "system";
+			setting = "true";
 			break;
 		default:
 			return NULL;
 	}
-	return rng_name;
+	return lib->settings->get_str(lib->settings, "%s.plugins.botan.rng.%s",
+								  (char*)rng_name_default, lib->ns, setting);
 }

 #ifdef HAVE_BOTAN_RNG_INIT_CUSTOM