Continuing to struggle with making OpenVPN as tiny as possible :)
The attached patch adds checking for PolarSSL version on crypto_polarssl.c and depending on which version we are using (1.0.x or 1.1.x) chooses a new shiny havege_random() function,
or an old ugly while{} loop hack to generate randomness.
--- a/crypto_polarssl.c +++ b/crypto_polarssl.c @@ -41,6 +41,7 @@ #include <polarssl/md5.h> #include <polarssl/cipher.h> #include <polarssl/havege.h> +#include <polarssl/version.h> /* * @@ -157,25 +158,24 @@ rand_bytes (uint8_t *output, int len) { static havege_state hs = {0}; - static bool hs_initialised = false; - const int int_size = sizeof(int); - if (!hs_initialised) - { - /* Initialise PolarSSL RNG */ - havege_init(&hs); - hs_initialised = true; - } + /* Initialise PolarSSL RNG */ + havege_init(&hs); +#if (POLARSSL_VERSION_MAJOR >= 1 && POLARSSL_VERSION_MINOR >= 1) + havege_random(&hs, output, len); +#else + const int int_size = sizeof(int); while (len > 0) { - const int blen = min_int (len, int_size); - const int rand_int = havege_rand(&hs); + const int blen = min_int (len, int_size); + const int rand_int = havege_rand(&hs); memcpy (output, &rand_int, blen); output += blen; len -= blen; } +#endif return 1; }