From patchwork Sat Nov 6 22:01:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2060 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id gNz2H0mWh2H0AwAAIUCqbw (envelope-from ) for ; Sun, 07 Nov 2021 04:03:05 -0500 Received: from proxy9.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id uOzWH0mWh2HaXgAAfY0hYg (envelope-from ) for ; Sun, 07 Nov 2021 04:03:05 -0500 Received: from smtp16.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1d.rsapps.net with LMTPS id 8IRNH0mWh2HVHQAA7h+8OQ (envelope-from ) for ; Sun, 07 Nov 2021 04:03:05 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp16.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 845976f2-3fa9-11ec-aa67-525400ca3ad5-1-1 Received: from [216.105.38.7] ([216.105.38.7:58944] helo=lists.sourceforge.net) by smtp16.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F0/A3-02350-84697816; Sun, 07 Nov 2021 04:03:05 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1mje3u-0006Z7-3y; Sun, 07 Nov 2021 09:02:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mje3r-0006YZ-L0 for openvpn-devel@lists.sourceforge.net; Sun, 07 Nov 2021 09:01:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PuDLNZNl4uRCUbFuDWpCVfA0KxnGxLjRzTn9aWN8ye8=; b=jGfV5GCYRn+xpYaA5rY6MXLuMl 8aEYd2LldxkY2+MHbUrnjeO6sN989noTm37tkmIhyvs6MMkKbL+2oSy8M9A3DfpgWx5u7lhowt+LO p5gh7J7I3hNU7VWlFrtr4i2XY29mxKKg/oeR7sFGffSaivL6oht0Ch9xe4q64DGcbN5g=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=PuDLNZNl4uRCUbFuDWpCVfA0KxnGxLjRzTn9aWN8ye8=; b=k ltNktyBw+pRi9Be0YC/FvRKY5lW6XQgyzmfIoqVwi3zM2hGNbhCesVAAPTTczf+lFuyAGum/rDSNt A3m7lIRhjEfYLLI1vgPp23MdqDdosDyeUBsSIcT6P1S5kcaIm2PrAOmVqmvk+ZiGvy6sCPIEuVV9m blbT90MF97TM0Mq8=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mje3m-004qw1-On for openvpn-devel@lists.sourceforge.net; Sun, 07 Nov 2021 09:01:58 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mje3e-0004N0-TS for openvpn-devel@lists.sourceforge.net; Sun, 07 Nov 2021 10:01:46 +0100 Received: (nullmailer pid 3150311 invoked by uid 10006); Sun, 07 Nov 2021 09:01:47 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sun, 7 Nov 2021 10:01:47 +0100 Message-Id: <20211107090147.3150261-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Remove the custom PRNG from OpenVPN and instead rely always on the random number generator from the SSL library. The only place that this is in a performance critical place is the CBC IV generation. E [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1mje3m-004qw1-On Subject: [Openvpn-devel] [PATCH] Remove custom PRNG function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Remove the custom PRNG from OpenVPN and instead rely always on the random number generator from the SSL library. The only place that this is in a performance critical place is the CBC IV generation. Even with that in mind a micro benchmark shows no significant enough change with OpenSSL 3.0: ------------------------------------------------------------------------ Benchmark Time CPU Iterations ------------------------------------------------------------------------ BM_OpenSSL_RAND 842 ns 842 ns 753401 BM_OpenVPN_RAND 743 ns 743 ns 826690 BM_Encrypt_AES_CBC_dummy 1044 ns 1044 ns 631530 BM_Encrypt_AES_CBC_RAND_bytes 1892 ns 1891 ns 346566 BM_Encrypt_AES_CBC_prng_bytes 1818 ns 1817 ns 373970 (source https://gist.github.com/schwabe/029dc5e5a690df8e2e3f774a13ec7bce) Signed-off-by: Arne Schwabe Acked-by: Steffan Karger --- Changes.rst | 6 ++ doc/man-sections/advanced-options.rst | 17 ------ src/openvpn/crypto.c | 88 +-------------------------- src/openvpn/crypto.h | 20 ------ src/openvpn/init.c | 30 --------- src/openvpn/options.c | 30 +-------- src/openvpn/options.h | 2 - src/openvpn/ps.c | 5 +- src/openvpn/ssl.c | 1 - 9 files changed, 9 insertions(+), 190 deletions(-) diff --git a/Changes.rst b/Changes.rst index b08bff3d7..174e233c8 100644 --- a/Changes.rst +++ b/Changes.rst @@ -94,6 +94,11 @@ TLS 1.0 and 1.1 are deprecated Should backwards compatibility with older OpenVPN peers be required, please see the ``--compat-mode`` instead. +``--prng`` has beeen removed + OpenVPN used to implement its own PRNG based on a hash. However implementing + a PRNG is better left to a crypto library. So we use mbed TLS or OpenSSL + PRNG instead now. + Compression no longer enabled by default Unless an explicit compression option is specified in the configuration, @@ -111,6 +116,7 @@ PF (Packet Filtering) support has been removed User-visible Changes -------------------- - CHACHA20-POLY1305 is included in the default of ``--data-ciphers`` when available. +- Option ``--prng`` is ignored as we rely on the SSL library radnom generator. Overview of changes in 2.5 ========================== diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index 24ea8ddb3..cdec95021 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -45,23 +45,6 @@ used when debugging or testing out special usage scenarios. Preserve most recently authenticated remote IP address and port number across :code:`SIGUSR1` or ``--ping-restart`` restarts. ---prng args - *(Advanced)* Change the PRNG (Pseudo-random number generator) parameters - - Valid syntaxes: - :: - - prng alg - prng alg nsl - - Changes the PRNG to use digest algorithm **alg** (default :code:`sha1`), - and set ``nsl`` (default :code:`16`) to the size in bytes of the nonce - secret length (between 16 and 64). - - Set ``alg`` to :code:`none` to disable the PRNG and use the OpenSSL - RAND\_bytes function instead for all of OpenVPN's pseudo-random number - needs. - --rcvbuf size Set the TCP/UDP socket receive buffer size. Defaults to operating system default. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 0676c8491..1d242ac5a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1681,96 +1681,10 @@ key_len_err: return 0; } -/* - * Random number functions, used in cases where we want - * reasonably strong cryptographic random number generation - * without depleting our entropy pool. Used for random - * IV values and a number of other miscellaneous tasks. - */ - -static uint8_t *nonce_data = NULL; /* GLOBAL */ -static const md_kt_t *nonce_md = NULL; /* GLOBAL */ -static int nonce_secret_len = 0; /* GLOBAL */ - -/* Reset the nonce value, also done periodically to refresh entropy */ -static void -prng_reset_nonce(void) -{ - const int size = md_kt_size(nonce_md) + nonce_secret_len; -#if 1 /* Must be 1 for real usage */ - if (!rand_bytes(nonce_data, size)) - { - msg(M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG"); - } -#else - /* Only for testing -- will cause a predictable PRNG sequence */ - { - int i; - for (i = 0; i < size; ++i) - { - nonce_data[i] = (uint8_t) i; - } - } -#endif -} - -void -prng_init(const char *md_name, const int nonce_secret_len_parm) -{ - prng_uninit(); - nonce_md = md_name ? md_kt_get(md_name) : NULL; - if (nonce_md) - { - ASSERT(nonce_secret_len_parm >= NONCE_SECRET_LEN_MIN && nonce_secret_len_parm <= NONCE_SECRET_LEN_MAX); - nonce_secret_len = nonce_secret_len_parm; - { - const int size = md_kt_size(nonce_md) + nonce_secret_len; - dmsg(D_CRYPTO_DEBUG, "PRNG init md=%s size=%d", md_kt_name(nonce_md), size); - nonce_data = (uint8_t *) malloc(size); - check_malloc_return(nonce_data); - prng_reset_nonce(); - } - } -} - -void -prng_uninit(void) -{ - free(nonce_data); - nonce_data = NULL; - nonce_md = NULL; - nonce_secret_len = 0; -} - void prng_bytes(uint8_t *output, int len) { - static size_t processed = 0; - - if (nonce_md) - { - const int md_size = md_kt_size(nonce_md); - while (len > 0) - { - const int blen = min_int(len, md_size); - md_full(nonce_md, nonce_data, md_size + nonce_secret_len, nonce_data); - memcpy(output, nonce_data, blen); - output += blen; - len -= blen; - - /* Ensure that random data is reset regularly */ - processed += blen; - if (processed > PRNG_NONCE_RESET_BYTES) - { - prng_reset_nonce(); - processed = 0; - } - } - } - else - { - ASSERT(rand_bytes(output, len)); - } + ASSERT(rand_bytes(output, len)); } /* an analogue to the random() function, but use prng_bytes */ diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 8e50c632a..795a4d2cd 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -460,24 +460,6 @@ bool read_pem_key_file(struct buffer *key, const char *pem_name, const char *key_file, bool key_inline); -/* Minimum length of the nonce used by the PRNG */ -#define NONCE_SECRET_LEN_MIN 16 - -/* Maximum length of the nonce used by the PRNG */ -#define NONCE_SECRET_LEN_MAX 64 - -/** Number of bytes of random to allow before resetting the nonce */ -#define PRNG_NONCE_RESET_BYTES 1024 - -/** - * Pseudo-random number generator initialisation. - * (see \c prng_rand_bytes()) - * - * @param md_name Name of the message digest to use - * @param nonce_secret_len_param Length of the nonce to use - */ -void prng_init(const char *md_name, const int nonce_secret_len_parm); - /* * Message digest-based pseudo random number generator. * @@ -495,8 +477,6 @@ void prng_init(const char *md_name, const int nonce_secret_len_parm); */ void prng_bytes(uint8_t *output, int len); -void prng_uninit(void); - /* an analogue to the random() function, but use prng_bytes */ long int get_random(void); diff --git a/src/openvpn/init.c b/src/openvpn/init.c index a9986e529..ce376c7cf 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -797,11 +797,6 @@ init_static(void) init_ssl_lib(); - /* init PRNG used for IV generation */ - /* When forking, copy this to more places in the code to avoid fork - * random-state predictability */ - prng_init(NULL, 0); - #ifdef PID_TEST packet_id_interactive_test(); /* test the sequence number code */ return false; @@ -876,29 +871,6 @@ init_static(void) return false; #endif -#ifdef PRNG_TEST - { - struct gc_arena gc = gc_new(); - uint8_t rndbuf[8]; - int i; - prng_init("sha1", 16); - /*prng_init (NULL, 0);*/ - const int factor = 1; - for (i = 0; i < factor * 8; ++i) - { -#if 1 - prng_bytes(rndbuf, sizeof(rndbuf)); -#else - ASSERT(rand_bytes(rndbuf, sizeof(rndbuf))); -#endif - printf("[%d] %s\n", i, format_hex(rndbuf, sizeof(rndbuf), 0, &gc)); - } - gc_free(&gc); - prng_uninit(); - return false; - } -#endif /* ifdef PRNG_TEST */ - #ifdef BUFFER_LIST_AGGREGATE_TEST /* test buffer_list_aggregate function */ { @@ -2927,8 +2899,6 @@ do_init_crypto_tls_c1(struct context *c) init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, true, warn); } - /* Initialize PRNG with config-specified digest */ - prng_init(options->prng_hash, options->prng_nonce_secret_len); /* initialize tls-auth/crypt/crypt-v2 key */ do_init_tls_wrap_key(c); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d2a2ead46..ee92b51d2 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -526,8 +526,6 @@ static const char usage_message[] = " (default=%s).\n" " Set alg=none to disable encryption.\n" "--data-ciphers list : List of ciphers that are allowed to be negotiated.\n" - "--prng alg [nsl] : For PRNG, use digest algorithm alg, and\n" - " nonce_secret_len=nsl. Set alg=none to disable PRNG.\n" #ifndef ENABLE_CRYPTO_MBEDTLS "--engine [name] : Enable OpenSSL hardware crypto engine functionality.\n" #endif @@ -843,8 +841,6 @@ init_options(struct options *o, const bool init_gc) o->ifconfig_pool_persist_refresh_freq = 600; o->scheduled_exit_interval = 5; o->authname = "SHA1"; - o->prng_hash = "SHA1"; - o->prng_nonce_secret_len = 16; o->replay = true; o->replay_window = DEFAULT_SEQ_BACKTRACK; o->replay_time = DEFAULT_TIME_BACKTRACK; @@ -1719,8 +1715,6 @@ show_settings(const struct options *o) SHOW_STR(ciphername); SHOW_STR(ncp_ciphers); SHOW_STR(authname); - SHOW_STR(prng_hash); - SHOW_INT(prng_nonce_secret_len); #ifndef ENABLE_CRYPTO_MBEDTLS SHOW_BOOL(engine); #endif /* ENABLE_CRYPTO_MBEDTLS */ @@ -8284,29 +8278,7 @@ add_option(struct options *options, } else if (streq(p[0], "prng") && p[1] && !p[3]) { - VERIFY_PERMISSION(OPT_P_GENERAL); - if (streq(p[1], "none")) - { - options->prng_hash = NULL; - } - else - { - options->prng_hash = p[1]; - } - if (p[2]) - { - const int sl = atoi(p[2]); - if (sl >= NONCE_SECRET_LEN_MIN && sl <= NONCE_SECRET_LEN_MAX) - { - options->prng_nonce_secret_len = sl; - } - else - { - msg(msglevel, "prng parameter nonce_secret_len must be between %d and %d", - NONCE_SECRET_LEN_MIN, NONCE_SECRET_LEN_MAX); - goto err; - } - } + msg(M_WARN, "NOTICE: --prng option ignored (SSL library PRNG is used)"); } else if (streq(p[0], "no-replay") && !p[1]) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index eb599c5ff..b62a2a927 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -527,8 +527,6 @@ struct options * ciphername if NCP fails */ const char *ncp_ciphers; const char *authname; - const char *prng_hash; - int prng_nonce_secret_len; const char *engine; struct provider_list providers; bool replay; diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index a61176172..a0f8a00e9 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -912,10 +912,7 @@ port_share_open(const char *host, /* no blocking on control channel back to parent */ set_nonblock(fd[1]); - - /* initialize prng */ - prng_init(NULL, 0); - + /* execute the event loop */ port_share_proxy(hostaddr, fd[1], max_initial_buf, journal_dir); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 9b47ae294..26b0d4bea 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -345,7 +345,6 @@ void free_ssl_lib(void) { crypto_uninit_lib(); - prng_uninit(); tls_free_lib(); }