diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-05 13:50:48 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 17:22:51 +0200 |
commit | 557624e0a7282cf31cd3b58f8155f11f0517f254 (patch) | |
tree | e4f2475c36a09677edc6a2f9fc8e109de88414bf /crypto.h | |
parent | 7dd8bbf574672b60d4776bee0ef9908cf1f49c2f (diff) | |
download | openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.gz openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.xz openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.zip |
Hardening: periodically reset the PRNG's nonce value
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'crypto.h')
-rw-r--r-- | crypto.h | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -295,6 +295,9 @@ void crypto_adjust_frame_parameters(struct frame *frame, /* Maximum length of the nonce used by the PRNG */ #define NONCE_SECRET_LEN_MAX 64 +/** Number of bytes of random to allow before resetting the nonce */ +#define PRNG_NONCE_RESET_BYTES 1024 + /** * Pseudo-random number generator initialisation. * (see \c prng_rand_bytes()) |