Continuing to struggle with making OpenVPN as tiny as possible :)
The attached patch adds checking for PolarSSL version on
crypto_polarssl.c and depending
on which version we are using (1.0.x or 1.1.x) chooses a new shiny
havege_random() function,
or an old ugly while{} loop hack to generate randomness.
--- a/crypto_polarssl.c
+++ b/crypto_polarssl.c
@@ -41,6 +41,7 @@
#include <polarssl/md5.h>
#include <polarssl/cipher.h>
#include <polarssl/havege.h>
+#include <polarssl/version.h>
/*
*
@@ -157,25 +158,24 @@
rand_bytes (uint8_t *output, int len)
{
static havege_state hs = {0};
- static bool hs_initialised = false;
- const int int_size = sizeof(int);
- if (!hs_initialised)
- {
- /* Initialise PolarSSL RNG */
- havege_init(&hs);
- hs_initialised = true;
- }
+ /* Initialise PolarSSL RNG */
+ havege_init(&hs);
+#if (POLARSSL_VERSION_MAJOR >= 1 && POLARSSL_VERSION_MINOR >= 1)
+ havege_random(&hs, output, len);
+#else
+ const int int_size = sizeof(int);
while (len > 0)
{
- const int blen = min_int (len, int_size);
- const int rand_int = havege_rand(&hs);
+ const int blen = min_int (len, int_size);
+ const int rand_int = havege_rand(&hs);
memcpy (output, &rand_int, blen);
output += blen;
len -= blen;
}
+#endif
return 1;
}
