git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Adriaan de Jong <dejong@fox-it.com>
	Mon, 2 Apr 2012 07:28:02 +0000 (09:28 +0200)
committer	David Sommerseth <davids@redhat.com>
	Fri, 27 Apr 2012 21:31:44 +0000 (23:31 +0200)
commit	6efeaa2e4462bc10f395d8aceed363c3e77b35a3
tree	48732b5de9c86e8989dfeca0756b4162a3072088	tree \| snapshot
parent	4e846b39a35b5f9501e4283be0af620d7c9c8b5c	commit \| diff

Added support for new PolarSSL 1.1 RNG

This patch, while retaining PolarSSL 1.0 support, introduces the PolarSSL 1.1 DRBG.
This RNG adds a number of features, including support for personalisation strings
and multiple entropy sources.

Personalisation strings have been implemented, based on PID, program name, place
within memory, and a hash of the user's certificate.

The entropy sources used are the platform default ones. Which ones these are
depends on how PolarSSL was built, but usually this includes:

- /dev/urandom or the Windows CryptoAPI RNG
- the HAVEGE RNG
- the output of PolarSSL's hardclock() call (usually RDTSC)

Finally, this patch moves to only one instance of the RNG per OpenVPN instance,
instead of one per keystate

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: Eelse-jan Stutvoet <stutvoet@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1333351687-3732-1-git-send-email-dejong@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6210
Signed-off-by: David Sommerseth <davids@redhat.com>

src/openvpn/crypto_polarssl.c		diff \| blob \| blame \| history
src/openvpn/crypto_polarssl.h		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_backend.h		diff \| blob \| blame \| history
src/openvpn/ssl_polarssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_polarssl.h		diff \| blob \| blame \| history