From 0f25d2969f09ba4263dc37944e1f10405a2df461 Mon Sep 17 00:00:00 2001 From: Adriaan de Jong Date: Mon, 2 Apr 2012 09:28:03 +0200 Subject: [PATCH] Added a configuration option to enable prediction resistance in the PolarSSL random number generator. Signed-off-by: Eelse-jan Stutvoet Signed-off-by: Adriaan de Jong Acked-by: James Yonan Message-Id: 1333351687-3732-2-git-send-email-dejong@fox-it.com URL: http://article.gmane.org/gmane.network.openvpn.devel/6213 Signed-off-by: David Sommerseth --- doc/openvpn.8 | 14 ++++++++++++++ src/openvpn/crypto_polarssl.c | 9 +++++++++ src/openvpn/crypto_polarssl.h | 7 +++++++ src/openvpn/init.c | 6 ++++++ src/openvpn/options.c | 22 ++++++++++++++++++++++ src/openvpn/options.h | 3 +++ src/openvpn/syshead.h | 8 ++++++++ 7 files changed, 69 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 53d6bdb2e..ee46de622 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3846,6 +3846,20 @@ space-saving optimization that uses the unique identifier for datagram replay protection as the IV. .\"********************************************************* .TP +.B \-\-use-prediction-resistance +Enable prediction resistance on PolarSSL's RNG. + +Enabling prediction resistance causes the RNG to reseed in each +call for random. Reseeding this often can quickly deplete the kernel +entropy pool. + +If you need this option, please consider running a daemon that adds +entropy to the kernel pool. + +Note that this option only works with PolarSSL versions greater +than 1.1. +.\"********************************************************* +.TP .B \-\-test-crypto Do a self-test of OpenVPN's crypto options by encrypting and decrypting test packets using the data channel encryption options diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c index 158ccfcd8..96d41b73c 100644 --- a/src/openvpn/crypto_polarssl.c +++ b/src/openvpn/crypto_polarssl.c @@ -219,6 +219,15 @@ havege_state * rand_ctx_get() #endif /* (POLARSSL_VERSION_NUMBER >= 0x01010000) */ +#ifdef ENABLE_PREDICTION_RESISTANCE +void rand_ctx_enable_prediction_resistance() +{ + ctr_drbg_context *cd_ctx = rand_ctx_get(); + + ctr_drbg_set_prediction_resistance(cd_ctx, 1); +} +#endif /* ENABLE_PREDICTION_RESISTANCE */ + int rand_bytes (uint8_t *output, int len) { diff --git a/src/openvpn/crypto_polarssl.h b/src/openvpn/crypto_polarssl.h index 2f303db7c..615287842 100644 --- a/src/openvpn/crypto_polarssl.h +++ b/src/openvpn/crypto_polarssl.h @@ -96,4 +96,11 @@ ctr_drbg_context * rand_ctx_get(); havege_state * rand_ctx_get(); #endif +#ifdef ENABLE_PREDICTION_RESISTANCE +/** + * Enable prediction resistance on the random number generator. + */ +void rand_ctx_enable_prediction_resistance(); +#endif + #endif /* CRYPTO_POLARSSL_H_ */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index d022edcac..61ced5d8c 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2008,6 +2008,12 @@ init_crypto_pre (struct context *c, const unsigned int flags) if (c->options.mute_replay_warnings) c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; + +#ifdef ENABLE_PREDICTION_RESISTANCE + if (c->options.use_prediction_resistance) + rand_ctx_enable_prediction_resistance(); +#endif + } /* diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 33fcb877d..019be5768 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -545,6 +545,10 @@ static const char usage_message[] = " using file.\n" "--test-crypto : Run a self-test of crypto features enabled.\n" " For debugging only.\n" +#ifdef ENABLE_PREDICTION_RESISTANCE + "--use-prediction-resistance: Enable prediction resistance on the random\n" + " number generator.\n" +#endif #ifdef ENABLE_SSL "\n" "TLS Key Negotiation Options:\n" @@ -837,6 +841,9 @@ init_options (struct options *o, const bool init_gc) o->replay_time = DEFAULT_TIME_BACKTRACK; o->use_iv = true; o->key_direction = KEY_DIRECTION_BIDIRECTIONAL; +#ifdef ENABLE_PREDICTION_RESISTANCE + o->use_prediction_resistance = false; +#endif #ifdef ENABLE_SSL o->key_method = 2; o->tls_timeout = 2; @@ -1581,6 +1588,9 @@ show_settings (const struct options *o) SHOW_STR (packet_id_file); SHOW_BOOL (use_iv); SHOW_BOOL (test_crypto); +#ifdef ENABLE_PREDICTION_RESISTANCE + SHOW_BOOL (use_prediction_resistance); +#endif #ifdef ENABLE_SSL SHOW_BOOL (tls_server); @@ -3018,6 +3028,11 @@ options_string (const struct options *o, buf_printf (&out, ",no-replay"); if (!o->use_iv) buf_printf (&out, ",no-iv"); + +#ifdef ENABLE_PREDICTION_RESISTANCE + if (o->use_prediction_resistance) + buf_printf (&out, ",use-prediction-resistance"); +#endif } #ifdef ENABLE_SSL @@ -6416,6 +6431,13 @@ add_option (struct options *options, options->keysize = keysize; } #endif +#ifdef ENABLE_PREDICTION_RESISTANCE + else if (streq (p[0], "use-prediction-resistance")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->use_prediction_resistance = true; + } +#endif #ifdef ENABLE_SSL else if (streq (p[0], "show-tls")) { diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 9e78d00b5..1be3dfaf4 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -520,6 +520,9 @@ struct options const char *packet_id_file; bool use_iv; bool test_crypto; +#ifdef ENABLE_PREDICTION_RESISTANCE + bool use_prediction_resistance; +#endif #ifdef ENABLE_SSL /* TLS (control channel) parms */ diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 0595b67d2..19562837c 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -538,6 +538,14 @@ socket_defined (const socket_descriptor_t sd) #define MANAGMENT_EXTERNAL_KEY #endif +/* Enable PolarSSL RNG prediction resistance support */ +#ifdef ENABLE_CRYPTO_POLARSSL +#include +#if POLARSSL_VERSION_NUMBER >= 0x01010000 +#define ENABLE_PREDICTION_RESISTANCE +#endif +#endif /* ENABLE_CRYPTO_POLARSSL */ + /* * MANAGEMENT_IN_EXTRA allows the management interface to * read multi-line inputs from clients. -- 2.47.2