diff options
author | Arne Schwabe | 2021-11-07 10:01:47 +0100 |
---|---|---|
committer | Gert Doering | 2021-11-07 20:01:29 +0100 |
commit | a2f6604d55ea34c33668cab632928a2da2ae11f1 (patch) | |
tree | a0989e62c5e03ee78076032677c7a62ab747cda2 /src/openvpn/options.h | |
parent | e739f41d05084c1bc9bfb6c5d49c74de37e53dc7 (diff) | |
download | openvpn-a2f6604d55ea34c33668cab632928a2da2ae11f1.zip openvpn-a2f6604d55ea34c33668cab632928a2da2ae11f1.tar.gz |
Remove custom PRNG function
Remove the custom PRNG from OpenVPN and instead rely always on the random
number generator from the SSL library. The only place that this is in a
performance critical place is the CBC IV generation. Even with that in mind
a micro benchmark shows no significant enough change with OpenSSL 3.0:
------------------------------------------------------------------------
Benchmark Time CPU Iterations
------------------------------------------------------------------------
BM_OpenSSL_RAND 842 ns 842 ns 753401
BM_OpenVPN_RAND 743 ns 743 ns 826690
BM_Encrypt_AES_CBC_dummy 1044 ns 1044 ns 631530
BM_Encrypt_AES_CBC_RAND_bytes 1892 ns 1891 ns 346566
BM_Encrypt_AES_CBC_prng_bytes 1818 ns 1817 ns 373970
(source https://gist.github.com/schwabe/029dc5e5a690df8e2e3f774a13ec7bce)
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20211107090147.3150261-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23116.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/options.h')
-rw-r--r-- | src/openvpn/options.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 98c21a2..20b34ed 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -518,8 +518,6 @@ struct options * ciphername if NCP fails */ const char *ncp_ciphers; const char *authname; - const char *prng_hash; - int prng_nonce_secret_len; const char *engine; bool replay; bool mute_replay_warnings; |