From 03bfb228ffd95c37e135bb9a5a37160c247e28a9 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 18 Nov 2008 01:25:05 +0000 Subject: Added --prng option to control PRNG (pseudo-random number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3503 e7ae566f-a301-0410-adde-c780ea21d3b5 --- init.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'init.c') diff --git a/init.c b/init.c index 455712a..903fda4 100644 --- a/init.c +++ b/init.c @@ -401,7 +401,7 @@ init_static (void) /* init PRNG used for IV generation */ /* When forking, copy this to more places in the code to avoid fork random-state predictability */ - prng_init (); + prng_init (NULL, 0); #endif #ifdef PID_TEST @@ -473,6 +473,29 @@ init_static (void) } #endif +#ifdef PRNG_TEST + { + struct gc_arena gc = gc_new (); + uint8_t rndbuf[8]; + int i; + prng_init ("sha1", 16); + //prng_init (NULL, 0); + const int factor = 1; + for (i = 0; i < factor * 8; ++i) + { +#if 1 + prng_bytes (rndbuf, sizeof (rndbuf)); +#else + ASSERT(RAND_bytes (rndbuf, sizeof (rndbuf))); +#endif + printf ("[%d] %s\n", i, format_hex (rndbuf, sizeof (rndbuf), 0, &gc)); + } + gc_free (&gc); + prng_uninit (); + return false; + } +#endif + return true; } @@ -1634,6 +1657,9 @@ do_init_crypto_tls_c1 (struct context *c) options->ciphername_defined, options->authname, options->authname_defined, options->keysize, true, true); + /* Initialize PRNG with config-specified digest */ + prng_init (options->prng_hash, options->prng_nonce_secret_len); + /* TLS handshake authentication (--tls-auth) */ if (options->tls_auth_file) { -- cgit v1.2.3