Remove custom PRNG function

Remove the custom PRNG from OpenVPN and instead rely always on the random
number generator from the SSL library. The only place that this is in a
performance critical place is the CBC IV generation. Even with that in mind
a micro benchmark shows no significant enough change with OpenSSL 3.0:

------------------------------------------------------------------------
Benchmark                              Time             CPU   Iterations
------------------------------------------------------------------------
BM_OpenSSL_RAND                      842 ns          842 ns       753401
BM_OpenVPN_RAND                      743 ns          743 ns       826690
BM_Encrypt_AES_CBC_dummy            1044 ns         1044 ns       631530
BM_Encrypt_AES_CBC_RAND_bytes       1892 ns         1891 ns       346566
BM_Encrypt_AES_CBC_prng_bytes       1818 ns         1817 ns       373970

(source https://gist.github.com/schwabe/029dc5e5a690df8e2e3f774a13ec7bce)

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20211107090147.3150261-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23116.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 0 insertions, 2 deletions

diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 98c21a2..20b34ed 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -518,8 +518,6 @@ struct options
                                     * ciphername if NCP fails */
     const char *ncp_ciphers;
     const char *authname;
-    const char *prng_hash;
-    int prng_nonce_secret_len;
     const char *engine;
     bool replay;
     bool mute_replay_warnings;