aboutsummaryrefslogtreecommitdiffstats
path: root/src/pluto
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/crypto.c15
-rw-r--r--src/pluto/crypto.h2
-rw-r--r--src/pluto/plutomain.c7
-rw-r--r--src/pluto/timer.c9
-rw-r--r--src/pluto/timer.h2
5 files changed, 23 insertions, 12 deletions
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 1adccc74e..f47ad1eeb 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -235,7 +235,7 @@ static struct dh_desc dh_desc_ecp_224 = {
ke_size: 2*224 / BITS_PER_BYTE
};
-void init_crypto(void)
+bool init_crypto(void)
{
enumerator_t *enumerator;
encryption_algorithm_t encryption_alg;
@@ -275,13 +275,13 @@ void init_crypto(void)
}
enumerator->destroy(enumerator);
- if (no_sha1)
+ if (no_sha1 || no_md5)
{
- exit_log("pluto cannot run without a SHA-1 hasher");
- }
- if (no_md5)
- {
- exit_log("pluto cannot run without an MD5 hasher");
+ plog("pluto cannot run without a %s%s%s hasher",
+ (no_sha1) ? "SHA-1" : "",
+ (no_sha1 && no_md5) ? " and " : "",
+ (no_md5) ? "MD5" : "");
+ return FALSE;
}
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
@@ -363,6 +363,7 @@ void init_crypto(void)
ike_alg_add((struct ike_alg *)desc);
}
enumerator->destroy(enumerator);
+ return TRUE;
}
void free_crypto(void)
diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h
index 06c4e1d1a..019ba5764 100644
--- a/src/pluto/crypto.h
+++ b/src/pluto/crypto.h
@@ -20,7 +20,7 @@
#include "ike_alg.h"
-extern void init_crypto(void);
+extern bool init_crypto(void);
extern void free_crypto(void);
extern const struct dh_desc unset_group; /* magic signifier */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index af0c98821..5d0e008f3 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -655,13 +655,16 @@ int main(int argc, char **argv)
lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
print_plugins();
+ if (!init_secret() || !init_crypto())
+ {
+ plog("initialization failed - aborting pluto");
+ exit_pluto(SS_RC_INITIALIZATION_FAILED);
+ }
init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
init_virtual_ip(virtual_private);
scx_init(pkcs11_module_path, pkcs11_init_args);
xauth_init();
- init_secret();
init_states();
- init_crypto();
init_demux();
init_kernel();
init_adns();
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index a61baa966..89082f88e 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -140,14 +140,21 @@ void event_schedule(enum event_type type, time_t tm, struct state *st)
* Generate the secret value for responder cookies, and
* schedule an event for refresh.
*/
-void init_secret(void)
+bool init_secret(void)
{
rng_t *rng;
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+
+ if (rng == NULL)
+ {
+ plog("secret initialization failed, no RNG supported");
+ return FALSE;
+ }
rng->get_bytes(rng, sizeof(secret_of_the_day), secret_of_the_day);
rng->destroy(rng);
event_schedule(EVENT_REINIT_SECRET, EVENT_REINIT_SECRET_DELAY, NULL);
+ return true;
}
/**
diff --git a/src/pluto/timer.h b/src/pluto/timer.h
index 322aeba6a..c8e9b727c 100644
--- a/src/pluto/timer.h
+++ b/src/pluto/timer.h
@@ -31,4 +31,4 @@ extern void delete_event(struct state *st);
extern void delete_dpd_event(struct state *st);
extern void daily_log_event(void);
extern void free_events(void);
-extern void init_secret(void);
+extern bool init_secret(void);
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-28 17:54:10 +0000