diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2012-04-02 09:28:03 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-04-27 23:33:27 +0200 |
commit | 0f25d2969f09ba4263dc37944e1f10405a2df461 (patch) | |
tree | 14cd353b6ed7f02b70f1b3636fa65bdde79a7518 /src/openvpn/crypto_polarssl.c | |
parent | 6efeaa2e4462bc10f395d8aceed363c3e77b35a3 (diff) | |
download | openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.gz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.xz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.zip |
Added a configuration option to enable prediction resistance in the PolarSSL random number generator.
Signed-off-by: Eelse-jan Stutvoet <stutvoet@fox-it.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1333351687-3732-2-git-send-email-dejong@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6213
Signed-off-by: David Sommerseth <davids@redhat.com>
Notes
Notes:
This patch was ACKed by James Yonan in an IRC meeting March 29, 2012.
Currently, the meeting minutes have not been made public.
(David Sommerseth, Fri Apr 27 21:36:04 UTC 2012)
Diffstat (limited to 'src/openvpn/crypto_polarssl.c')
-rw-r--r-- | src/openvpn/crypto_polarssl.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c index 158ccfc..96d41b7 100644 --- a/src/openvpn/crypto_polarssl.c +++ b/src/openvpn/crypto_polarssl.c @@ -219,6 +219,15 @@ havege_state * rand_ctx_get() #endif /* (POLARSSL_VERSION_NUMBER >= 0x01010000) */ +#ifdef ENABLE_PREDICTION_RESISTANCE +void rand_ctx_enable_prediction_resistance() +{ + ctr_drbg_context *cd_ctx = rand_ctx_get(); + + ctr_drbg_set_prediction_resistance(cd_ctx, 1); +} +#endif /* ENABLE_PREDICTION_RESISTANCE */ + int rand_bytes (uint8_t *output, int len) { |