Signed-off-by: Eelse-jan Stutvoet <stutvoet@fox-it.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: 1333351687-3732-2-git-send-email-dejong@fox-it.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6213
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -3846,6 +3846,20 @@ space-saving optimization that uses the unique identifier for |
3846 | 3846 |
datagram replay protection as the IV. |
3847 | 3847 |
.\"********************************************************* |
3848 | 3848 |
.TP |
3849 |
+.B \-\-use-prediction-resistance |
|
3850 |
+Enable prediction resistance on PolarSSL's RNG. |
|
3851 |
+ |
|
3852 |
+Enabling prediction resistance causes the RNG to reseed in each |
|
3853 |
+call for random. Reseeding this often can quickly deplete the kernel |
|
3854 |
+entropy pool. |
|
3855 |
+ |
|
3856 |
+If you need this option, please consider running a daemon that adds |
|
3857 |
+entropy to the kernel pool. |
|
3858 |
+ |
|
3859 |
+Note that this option only works with PolarSSL versions greater |
|
3860 |
+than 1.1. |
|
3861 |
+.\"********************************************************* |
|
3862 |
+.TP |
|
3849 | 3863 |
.B \-\-test-crypto |
3850 | 3864 |
Do a self-test of OpenVPN's crypto options by encrypting and |
3851 | 3865 |
decrypting test packets using the data channel encryption options |
... | ... |
@@ -219,6 +219,15 @@ havege_state * rand_ctx_get() |
219 | 219 |
|
220 | 220 |
#endif /* (POLARSSL_VERSION_NUMBER >= 0x01010000) */ |
221 | 221 |
|
222 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
223 |
+void rand_ctx_enable_prediction_resistance() |
|
224 |
+{ |
|
225 |
+ ctr_drbg_context *cd_ctx = rand_ctx_get(); |
|
226 |
+ |
|
227 |
+ ctr_drbg_set_prediction_resistance(cd_ctx, 1); |
|
228 |
+} |
|
229 |
+#endif /* ENABLE_PREDICTION_RESISTANCE */ |
|
230 |
+ |
|
222 | 231 |
int |
223 | 232 |
rand_bytes (uint8_t *output, int len) |
224 | 233 |
{ |
... | ... |
@@ -96,4 +96,11 @@ ctr_drbg_context * rand_ctx_get(); |
96 | 96 |
havege_state * rand_ctx_get(); |
97 | 97 |
#endif |
98 | 98 |
|
99 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
100 |
+/** |
|
101 |
+ * Enable prediction resistance on the random number generator. |
|
102 |
+ */ |
|
103 |
+void rand_ctx_enable_prediction_resistance(); |
|
104 |
+#endif |
|
105 |
+ |
|
99 | 106 |
#endif /* CRYPTO_POLARSSL_H_ */ |
... | ... |
@@ -2008,6 +2008,12 @@ init_crypto_pre (struct context *c, const unsigned int flags) |
2008 | 2008 |
|
2009 | 2009 |
if (c->options.mute_replay_warnings) |
2010 | 2010 |
c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS; |
2011 |
+ |
|
2012 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
2013 |
+ if (c->options.use_prediction_resistance) |
|
2014 |
+ rand_ctx_enable_prediction_resistance(); |
|
2015 |
+#endif |
|
2016 |
+ |
|
2011 | 2017 |
} |
2012 | 2018 |
|
2013 | 2019 |
/* |
... | ... |
@@ -545,6 +545,10 @@ static const char usage_message[] = |
545 | 545 |
" using file.\n" |
546 | 546 |
"--test-crypto : Run a self-test of crypto features enabled.\n" |
547 | 547 |
" For debugging only.\n" |
548 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
549 |
+ "--use-prediction-resistance: Enable prediction resistance on the random\n" |
|
550 |
+ " number generator.\n" |
|
551 |
+#endif |
|
548 | 552 |
#ifdef ENABLE_SSL |
549 | 553 |
"\n" |
550 | 554 |
"TLS Key Negotiation Options:\n" |
... | ... |
@@ -837,6 +841,9 @@ init_options (struct options *o, const bool init_gc) |
837 | 837 |
o->replay_time = DEFAULT_TIME_BACKTRACK; |
838 | 838 |
o->use_iv = true; |
839 | 839 |
o->key_direction = KEY_DIRECTION_BIDIRECTIONAL; |
840 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
841 |
+ o->use_prediction_resistance = false; |
|
842 |
+#endif |
|
840 | 843 |
#ifdef ENABLE_SSL |
841 | 844 |
o->key_method = 2; |
842 | 845 |
o->tls_timeout = 2; |
... | ... |
@@ -1581,6 +1588,9 @@ show_settings (const struct options *o) |
1581 | 1581 |
SHOW_STR (packet_id_file); |
1582 | 1582 |
SHOW_BOOL (use_iv); |
1583 | 1583 |
SHOW_BOOL (test_crypto); |
1584 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
1585 |
+ SHOW_BOOL (use_prediction_resistance); |
|
1586 |
+#endif |
|
1584 | 1587 |
|
1585 | 1588 |
#ifdef ENABLE_SSL |
1586 | 1589 |
SHOW_BOOL (tls_server); |
... | ... |
@@ -3018,6 +3028,11 @@ options_string (const struct options *o, |
3018 | 3018 |
buf_printf (&out, ",no-replay"); |
3019 | 3019 |
if (!o->use_iv) |
3020 | 3020 |
buf_printf (&out, ",no-iv"); |
3021 |
+ |
|
3022 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
3023 |
+ if (o->use_prediction_resistance) |
|
3024 |
+ buf_printf (&out, ",use-prediction-resistance"); |
|
3025 |
+#endif |
|
3021 | 3026 |
} |
3022 | 3027 |
|
3023 | 3028 |
#ifdef ENABLE_SSL |
... | ... |
@@ -6416,6 +6431,13 @@ add_option (struct options *options, |
6416 | 6416 |
options->keysize = keysize; |
6417 | 6417 |
} |
6418 | 6418 |
#endif |
6419 |
+#ifdef ENABLE_PREDICTION_RESISTANCE |
|
6420 |
+ else if (streq (p[0], "use-prediction-resistance")) |
|
6421 |
+ { |
|
6422 |
+ VERIFY_PERMISSION (OPT_P_GENERAL); |
|
6423 |
+ options->use_prediction_resistance = true; |
|
6424 |
+ } |
|
6425 |
+#endif |
|
6419 | 6426 |
#ifdef ENABLE_SSL |
6420 | 6427 |
else if (streq (p[0], "show-tls")) |
6421 | 6428 |
{ |
... | ... |
@@ -538,6 +538,14 @@ socket_defined (const socket_descriptor_t sd) |
538 | 538 |
#define MANAGMENT_EXTERNAL_KEY |
539 | 539 |
#endif |
540 | 540 |
|
541 |
+/* Enable PolarSSL RNG prediction resistance support */ |
|
542 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
543 |
+#include <polarssl/version.h> |
|
544 |
+#if POLARSSL_VERSION_NUMBER >= 0x01010000 |
|
545 |
+#define ENABLE_PREDICTION_RESISTANCE |
|
546 |
+#endif |
|
547 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
548 |
+ |
|
541 | 549 |
/* |
542 | 550 |
* MANAGEMENT_IN_EXTRA allows the management interface to |
543 | 551 |
* read multi-line inputs from clients. |