summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-02-23 10:44:43 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2017-03-06 22:24:33 +0100
commite475ebb8d6b13f4289385c28a0efb0c35ebd1509 (patch)
treede2a64c04a8a789fa6dd470b7651507b5e4c196c /lib
parentfc4385c2527565669aec92204af836b7bf345f4d (diff)
downloadgnutls-e475ebb8d6b13f4289385c28a0efb0c35ebd1509.tar.gz
rnd: reduce calls to _rnd_get_system_entropy
That is, no longer obtain the initial nonces for the RNG via _rnd_get_system_entropy() but instead use time-based ones which are typically faster kernel calls. This reduces the number of expensive system calls done during thread and process initialization. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/nettle/rnd.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 590f37c6b4..0fb8cee9c3 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -30,12 +30,12 @@
#include <system.h>
#include <atfork.h>
#include <errno.h>
+#include <minmax.h>
#define PRNG_KEY_SIZE CHACHA_KEY_SIZE
/* after this number of bytes PRNG will rekey */
#define PRNG_RESEED_BYTES (1048576)
-
struct prng_ctx_st {
struct chacha_ctx ctx;
size_t counter;
@@ -67,23 +67,23 @@ static int single_prng_init(struct prng_ctx_st *ctx,
unsigned init)
{
uint8_t nonce[CHACHA_NONCE_SIZE];
- int ret;
+
+ memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */
if (init == 0) {
/* use the previous key to generate IV as well */
- memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */
chacha_crypt(&ctx->ctx, sizeof(nonce), nonce, nonce);
/* Add key continuity by XORing the new key with data generated
* from the old key */
chacha_crypt(&ctx->ctx, new_key_size, new_key, new_key);
} else {
+ struct timespec now; /* current time */
+
ctx->forkid = _gnutls_get_forkid();
- /* when initializing read the IV from the system randomness source */
- ret = _rnd_get_system_entropy(nonce, sizeof(nonce));
- if (ret < 0)
- return gnutls_assert_val(ret);
+ gettime(&now);
+ memcpy(nonce, &now, MIN(sizeof(nonce), sizeof(now)));
}
chacha_set_key(&ctx->ctx, new_key);