diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-23 10:44:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-06 22:24:33 +0100 |
commit | e475ebb8d6b13f4289385c28a0efb0c35ebd1509 (patch) | |
tree | de2a64c04a8a789fa6dd470b7651507b5e4c196c /lib | |
parent | fc4385c2527565669aec92204af836b7bf345f4d (diff) | |
download | gnutls-e475ebb8d6b13f4289385c28a0efb0c35ebd1509.tar.gz |
rnd: reduce calls to _rnd_get_system_entropy
That is, no longer obtain the initial nonces for the RNG
via _rnd_get_system_entropy() but instead use time-based ones
which are typically faster kernel calls. This reduces the number
of expensive system calls done during thread and
process initialization.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/nettle/rnd.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index 590f37c6b4..0fb8cee9c3 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -30,12 +30,12 @@ #include <system.h> #include <atfork.h> #include <errno.h> +#include <minmax.h> #define PRNG_KEY_SIZE CHACHA_KEY_SIZE /* after this number of bytes PRNG will rekey */ #define PRNG_RESEED_BYTES (1048576) - struct prng_ctx_st { struct chacha_ctx ctx; size_t counter; @@ -67,23 +67,23 @@ static int single_prng_init(struct prng_ctx_st *ctx, unsigned init) { uint8_t nonce[CHACHA_NONCE_SIZE]; - int ret; + + memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */ if (init == 0) { /* use the previous key to generate IV as well */ - memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */ chacha_crypt(&ctx->ctx, sizeof(nonce), nonce, nonce); /* Add key continuity by XORing the new key with data generated * from the old key */ chacha_crypt(&ctx->ctx, new_key_size, new_key, new_key); } else { + struct timespec now; /* current time */ + ctx->forkid = _gnutls_get_forkid(); - /* when initializing read the IV from the system randomness source */ - ret = _rnd_get_system_entropy(nonce, sizeof(nonce)); - if (ret < 0) - return gnutls_assert_val(ret); + gettime(&now); + memcpy(nonce, &now, MIN(sizeof(nonce), sizeof(now))); } chacha_set_key(&ctx->ctx, new_key); |