diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2012-04-02 09:28:03 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-04-27 23:33:27 +0200 |
| commit | 0f25d2969f09ba4263dc37944e1f10405a2df461 (patch) | |
| tree | 14cd353b6ed7f02b70f1b3636fa65bdde79a7518 /src/openvpn/init.c | |
| parent | 6efeaa2e4462bc10f395d8aceed363c3e77b35a3 (diff) | |
| download | openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.gz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.tar.xz openvpn-0f25d2969f09ba4263dc37944e1f10405a2df461.zip | |
Added a configuration option to enable prediction resistance in the PolarSSL random number generator.
Signed-off-by: Eelse-jan Stutvoet <stutvoet@fox-it.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1333351687-3732-2-git-send-email-dejong@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6213
Signed-off-by: David Sommerseth <davids@redhat.com>
Notes
Notes:
This patch was ACKed by James Yonan in an IRC meeting March 29, 2012.
Currently, the meeting minutes have not been made public.
(David Sommerseth, Fri Apr 27 21:36:04 UTC 2012)
Diffstat (limited to 'src/openvpn/init.c')
| -rw-r--r-- | src/openvpn/init.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index d022edc..61ced5d 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2008,6 +2008,12 @@ init_crypto_pre (struct context *c, const unsigned int flags) if (c->options.mute_replay_warnings) c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; + +#ifdef ENABLE_PREDICTION_RESISTANCE + if (c->options.use_prediction_resistance) + rand_ctx_enable_prediction_resistance(); +#endif + } /* |