diff options
Diffstat (limited to 'openvpn/src/openvpn/crypto_polarssl.h')
-rw-r--r-- | openvpn/src/openvpn/crypto_polarssl.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/openvpn/src/openvpn/crypto_polarssl.h b/openvpn/src/openvpn/crypto_polarssl.h index 358483a9..bfabb91b 100644 --- a/openvpn/src/openvpn/crypto_polarssl.h +++ b/openvpn/src/openvpn/crypto_polarssl.h @@ -30,8 +30,10 @@ #ifndef CRYPTO_POLARSSL_H_ #define CRYPTO_POLARSSL_H_ +#include <polarssl/version.h> #include <polarssl/cipher.h> #include <polarssl/md.h> +#include <polarssl/ctr_drbg.h> /** Generic cipher key type %context. */ typedef cipher_info_t cipher_kt_t; @@ -71,4 +73,23 @@ typedef md_context_t hmac_ctx_t; #define SHA_DIGEST_LENGTH 20 #define DES_KEY_LENGTH 8 +/** + * Returns a singleton instance of the PolarSSL random number generator. + * + * For PolarSSL 1.1+, this is the CTR_DRBG random number generator. If it + * hasn't been initialised yet, the RNG will be initialised using the default + * entropy sources. Aside from the default platform entropy sources, an + * additional entropy source, the HAVEGE random number generator will also be + * added. During initialisation, a personalisation string will be added based + * on the time, the PID, and a pointer to the random context. + */ +ctr_drbg_context * rand_ctx_get(); + +#ifdef ENABLE_PREDICTION_RESISTANCE +/** + * Enable prediction resistance on the random number generator. + */ +void rand_ctx_enable_prediction_resistance(); +#endif + #endif /* CRYPTO_POLARSSL_H_ */ |