Mbed TLS 3: Remove prediction resistance option

author Max Fillinger <maximilian.fillinger@sentyron.com>

Mon, 16 Feb 2026 15:10:27 +0000 (16:10 +0100)

committer Gert Doering <gert@greenie.muc.de>

Mon, 16 Feb 2026 15:20:55 +0000 (16:20 +0100)
author Max Fillinger <maximilian.fillinger@sentyron.com>
Mon, 16 Feb 2026 15:10:27 +0000 (16:10 +0100)
committer Gert Doering <gert@greenie.muc.de>
Mon, 16 Feb 2026 15:20:55 +0000 (16:20 +0100)
diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst

index ed581b1e230eb1560c941e59c3a1cc0f69118944..f46dfececee9d2e7b1bf1d114d1a897be74ecb1a 100644 (file)
--- a/doc/man-sections/generic-options.rst
+++ b/doc/man-sections/generic-options.rst
@@ -462,16 +462,6 @@ which mode OpenVPN is configured as.
      success/failure via :code:`auth_control_file` when using deferred auth
      method and pending authentication via :code:`auth_pending_file`.
  
---use-prediction-resistance
-  Enable prediction resistance on mbed TLS's RNG.
-
-  Enabling prediction resistance causes the RNG to reseed in each call for
-  random. Reseeding this often can quickly deplete the kernel entropy
-  pool.
-
-  If you need this option, please consider running a daemon that adds
-  entropy to the kernel pool.
-
  --user user
    Change the user ID of the OpenVPN process to ``user`` after
    initialization, dropping privileges in the process. This option is
diff --git a/doc/man-sections/unsupported-options.rst b/doc/man-sections/unsupported-options.rst

index f1332f3dbfd5d1e32057418a817a0bd7dc51c9ec..c2739059f0b3e095e949869d291cf698eb4ebdff 100644 (file)
--- a/doc/man-sections/unsupported-options.rst
+++ b/doc/man-sections/unsupported-options.rst
@@ -65,3 +65,8 @@ longer supported
    Removed in OpenVPN 2.7. OpenVPN will always use ovpn-dco as the default
    driver on Windows. It will fall back to tap-windows6 if options are used
    that are incompatible with ovpn-dco.
+
+--use-prediction-resistance
+  Removed in OpenVPN 2.8. This option caused the Mbed TLS 3 random number
+  generator to be reseeded on every call. It has been removed because this
+  is excessive.
diff --git a/src/openvpn/crypto_mbedtls_legacy.c b/src/openvpn/crypto_mbedtls_legacy.c

index a99134926948fcbefd9fdee4157b25b42fe1b029..b8e7d6ab64ca5d93b3c3b2254095da77dcd76057 100644 (file)
--- a/src/openvpn/crypto_mbedtls_legacy.c
+++ b/src/openvpn/crypto_mbedtls_legacy.c
@@ -366,16 +366,6 @@ rand_ctx_get(void)
      return &cd_ctx;
  }
  
-#ifdef ENABLE_PREDICTION_RESISTANCE
-void
-rand_ctx_enable_prediction_resistance(void)
-{
-    mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
-
-    mbedtls_ctr_drbg_set_prediction_resistance(cd_ctx, 1);
-}
-#endif /* ENABLE_PREDICTION_RESISTANCE */
-
  int
  rand_bytes(uint8_t *output, int len)
  {
diff --git a/src/openvpn/crypto_mbedtls_legacy.h b/src/openvpn/crypto_mbedtls_legacy.h

index af710379e509d6bf926e55ff0e6db0a2b014206d..1005057b9641ce7e2163630d88700cbb0e646c2d 100644 (file)
--- a/src/openvpn/crypto_mbedtls_legacy.h
+++ b/src/openvpn/crypto_mbedtls_legacy.h
@@ -89,14 +89,6 @@ typedef mbedtls_operation_t crypto_operation_t;
   */
  mbedtls_ctr_drbg_context *rand_ctx_get(void);
  
-#ifdef ENABLE_PREDICTION_RESISTANCE
-/**
- * Enable prediction resistance on the random number generator.
- */
-void rand_ctx_enable_prediction_resistance(void);
-
-#endif
-
  /**
   * Log the supplied mbed TLS error, prefixed by supplied prefix.
   *
diff --git a/src/openvpn/init.c b/src/openvpn/init.c

index 70c0b5d10fda08c7782647fd92d56bd790611b22..1391aa85ccf840074cafe56cbc6f9e1d6e36704a 100644 (file)
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2989,13 +2989,6 @@ init_crypto_pre(struct context *c, const unsigned int flags)
              packet_id_persist_load(&c->c1.pid_persist, c->options.packet_id_file);
          }
      }
-
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    if (c->options.use_prediction_resistance)
-    {
-        rand_ctx_enable_prediction_resistance();
-    }
-#endif
  }
  
  
diff --git a/src/openvpn/options.c b/src/openvpn/options.c

index 09a5d48f89ef1d79a2002820f809d0f2b3f6c515..cdb02e9c0fe61ef7b400c24ab82d9266615c519e 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -565,10 +565,6 @@ static const char usage_message[] =
      "                  using file.\n"
      "--test-crypto   : Run a self-test of crypto features enabled.\n"
      "                  For debugging only.\n"
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    "--use-prediction-resistance: Enable prediction resistance on the random\n"
-    "                             number generator.\n"
-#endif
      "\n"
      "TLS Key Negotiation Options:\n"
      "(These options are meaningful only for TLS-mode)\n"
@@ -871,9 +867,6 @@ init_options(struct options *o, const bool init_gc)
      o->replay_window = DEFAULT_SEQ_BACKTRACK;
      o->replay_time = DEFAULT_TIME_BACKTRACK;
      o->key_direction = KEY_DIRECTION_BIDIRECTIONAL;
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    o->use_prediction_resistance = false;
-#endif
      o->tls_timeout = 2;
      o->renegotiate_bytes = -1;
      o->renegotiate_seconds = 3600;
@@ -1840,9 +1833,6 @@ show_settings(const struct options *o)
      SHOW_INT(replay_time);
      SHOW_STR(packet_id_file);
      SHOW_BOOL(test_crypto);
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    SHOW_BOOL(use_prediction_resistance);
-#endif
  
      SHOW_BOOL(tls_server);
      SHOW_BOOL(tls_client);
@@ -4475,13 +4465,6 @@ options_string(const struct options *o, const struct frame *frame, struct tuntap
          {
              buf_printf(&out, ",secret");
          }
-
-#ifdef ENABLE_PREDICTION_RESISTANCE
-        if (o->use_prediction_resistance)
-        {
-            buf_printf(&out, ",use-prediction-resistance");
-        }
-#endif
      }
  
      /*
@@ -8542,13 +8525,6 @@ add_option(struct options *options, char *p[], bool is_inline, const char *file,
              options->providers.names[j] = p[j];
          }
      }
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    else if (streq(p[0], "use-prediction-resistance") && !p[1])
-    {
-        VERIFY_PERMISSION(OPT_P_GENERAL);
-        options->use_prediction_resistance = true;
-    }
-#endif
      else if (streq(p[0], "show-tls") && !p[1])
      {
          VERIFY_PERMISSION(OPT_P_GENERAL);
diff --git a/src/openvpn/options.h b/src/openvpn/options.h

index 16cfdb53d91c374ae9d1bcde21ea5b42af254bb1..cf9936b100aa91f5ccd4313405525918c60d82fd 100644 (file)
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -584,9 +584,6 @@ struct options
      int replay_time;
      const char *packet_id_file;
      bool test_crypto;
-#ifdef ENABLE_PREDICTION_RESISTANCE
-    bool use_prediction_resistance;
-#endif
  
      /* TLS (control channel) parms */
      bool tls_server;
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h

index 067ee9d1b9ab40071c7c66b0299680c1d0f1ad91..1d6cdc2b3cfe9c778607405819615b84e60cb373 100644 (file)
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -474,13 +474,6 @@ socket_defined(const socket_descriptor_t sd)
  #define PORT_SHARE 0
  #endif
  
-#ifdef ENABLE_CRYPTO_MBEDTLS
-#include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER < 0x04000000
-#define ENABLE_PREDICTION_RESISTANCE
-#endif /* MBEDTLS_VERSION_NUMBER < 0x04000000 */
-#endif /* ENABLE_CRYPTO_MBEDTLS */
-
  /*
   * Do we support Unix domain sockets?
   */
author	Max Fillinger <maximilian.fillinger@sentyron.com>
	Mon, 16 Feb 2026 15:10:27 +0000 (16:10 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 16 Feb 2026 15:20:55 +0000 (16:20 +0100)
doc/man-sections/generic-options.rst		patch \| blob \| blame \| history
doc/man-sections/unsupported-options.rst		patch \| blob \| blame \| history
src/openvpn/crypto_mbedtls_legacy.c		patch \| blob \| blame \| history
src/openvpn/crypto_mbedtls_legacy.h		patch \| blob \| blame \| history
src/openvpn/init.c		patch \| blob \| blame \| history
src/openvpn/options.c		patch \| blob \| blame \| history
src/openvpn/options.h		patch \| blob \| blame \| history
src/openvpn/syshead.h		patch \| blob \| blame \| history