Hardening: periodically reset the PRNG's nonce value

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-07-05 13:50:48 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-22 17:22:51 +0200
commit: 557624e0a7282cf31cd3b58f8155f11f0517f254 (patch)
tree: e4f2475c36a09677edc6a2f9fc8e109de88414bf /crypto.h
parent: 7dd8bbf574672b60d4776bee0ef9908cf1f49c2f (diff)
download: openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.gz
openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.xz
openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto.h b/crypto.h
index c037ad9..293f984 100644
--- a/crypto.h
+++ b/crypto.h
@@ -295,6 +295,9 @@ void crypto_adjust_frame_parameters(struct frame *frame,
 /* Maximum length of the nonce used by the PRNG */
 #define NONCE_SECRET_LEN_MAX 64
 
+/** Number of bytes of random to allow before resetting the nonce */
+#define PRNG_NONCE_RESET_BYTES 1024
+
 /**
  * Pseudo-random number generator initialisation.
  * (see \c prng_rand_bytes())
author	Adriaan de Jong <dejong@fox-it.com>	2011-07-05 13:50:48 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-22 17:22:51 +0200
commit	557624e0a7282cf31cd3b58f8155f11f0517f254 (patch)
tree	e4f2475c36a09677edc6a2f9fc8e109de88414bf /crypto.h
parent	7dd8bbf574672b60d4776bee0ef9908cf1f49c2f (diff)
download	openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.gz openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.tar.xz openvpn-557624e0a7282cf31cd3b58f8155f11f0517f254.zip