diff options
| author | Arne Schwabe | 2021-11-07 10:01:47 +0100 |
|---|---|---|
| committer | Gert Doering | 2021-11-07 20:01:29 +0100 |
| commit | a2f6604d55ea34c33668cab632928a2da2ae11f1 (patch) | |
| tree | a0989e62c5e03ee78076032677c7a62ab747cda2 /src/openvpn/crypto.c | |
| parent | e739f41d05084c1bc9bfb6c5d49c74de37e53dc7 (diff) | |
| download | openvpn-a2f6604d55ea34c33668cab632928a2da2ae11f1.zip openvpn-a2f6604d55ea34c33668cab632928a2da2ae11f1.tar.gz | |
Remove custom PRNG function
Remove the custom PRNG from OpenVPN and instead rely always on the random
number generator from the SSL library. The only place that this is in a
performance critical place is the CBC IV generation. Even with that in mind
a micro benchmark shows no significant enough change with OpenSSL 3.0:
------------------------------------------------------------------------
Benchmark Time CPU Iterations
------------------------------------------------------------------------
BM_OpenSSL_RAND 842 ns 842 ns 753401
BM_OpenVPN_RAND 743 ns 743 ns 826690
BM_Encrypt_AES_CBC_dummy 1044 ns 1044 ns 631530
BM_Encrypt_AES_CBC_RAND_bytes 1892 ns 1891 ns 346566
BM_Encrypt_AES_CBC_prng_bytes 1818 ns 1817 ns 373970
(source https://gist.github.com/schwabe/029dc5e5a690df8e2e3f774a13ec7bce)
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20211107090147.3150261-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23116.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto.c')
| -rw-r--r-- | src/openvpn/crypto.c | 88 |
1 files changed, 1 insertions, 87 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index ce04115..1517933 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1632,96 +1632,10 @@ key_len_err: return 0; } -/* - * Random number functions, used in cases where we want - * reasonably strong cryptographic random number generation - * without depleting our entropy pool. Used for random - * IV values and a number of other miscellaneous tasks. - */ - -static uint8_t *nonce_data = NULL; /* GLOBAL */ -static const md_kt_t *nonce_md = NULL; /* GLOBAL */ -static int nonce_secret_len = 0; /* GLOBAL */ - -/* Reset the nonce value, also done periodically to refresh entropy */ -static void -prng_reset_nonce(void) -{ - const int size = md_kt_size(nonce_md) + nonce_secret_len; -#if 1 /* Must be 1 for real usage */ - if (!rand_bytes(nonce_data, size)) - { - msg(M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG"); - } -#else - /* Only for testing -- will cause a predictable PRNG sequence */ - { - int i; - for (i = 0; i < size; ++i) - { - nonce_data[i] = (uint8_t) i; - } - } -#endif -} - -void -prng_init(const char *md_name, const int nonce_secret_len_parm) -{ - prng_uninit(); - nonce_md = md_name ? md_kt_get(md_name) : NULL; - if (nonce_md) - { - ASSERT(nonce_secret_len_parm >= NONCE_SECRET_LEN_MIN && nonce_secret_len_parm <= NONCE_SECRET_LEN_MAX); - nonce_secret_len = nonce_secret_len_parm; - { - const int size = md_kt_size(nonce_md) + nonce_secret_len; - dmsg(D_CRYPTO_DEBUG, "PRNG init md=%s size=%d", md_kt_name(nonce_md), size); - nonce_data = (uint8_t *) malloc(size); - check_malloc_return(nonce_data); - prng_reset_nonce(); - } - } -} - -void -prng_uninit(void) -{ - free(nonce_data); - nonce_data = NULL; - nonce_md = NULL; - nonce_secret_len = 0; -} - void prng_bytes(uint8_t *output, int len) { - static size_t processed = 0; - - if (nonce_md) - { - const int md_size = md_kt_size(nonce_md); - while (len > 0) - { - const int blen = min_int(len, md_size); - md_full(nonce_md, nonce_data, md_size + nonce_secret_len, nonce_data); - memcpy(output, nonce_data, blen); - output += blen; - len -= blen; - - /* Ensure that random data is reset regularly */ - processed += blen; - if (processed > PRNG_NONCE_RESET_BYTES) - { - prng_reset_nonce(); - processed = 0; - } - } - } - else - { - ASSERT(rand_bytes(output, len)); - } + ASSERT(rand_bytes(output, len)); } /* an analogue to the random() function, but use prng_bytes */ |