Implement secure_random()

[lovvik]

as asked by issue #683

• Implemented secure_random()
• Added 2 build directories
• Changed calls of fast_random() in src, tests and benchmarks
• Added -lcrypto linking

[adrianopol]

hello!
it's enough to validate the presence of openssl/rand.h here; validating every single file's presence we use in the project is too redundant

[lovvik]

i don't really get why, but this how i could get -lcrypto to be linked.
This, on the other hand results in linkage errors :

        conf.env.AddManualDependency(libs=['ssl','crypto'], prefix=ossl_prefix)

    if not conf.CheckLibWithHeaderExt('ssl', 'openssl/rand.h', 'C', run=not is_crosscompiling): #or not conf.CheckLibWithHeaderExt('crypto', 'openssl/crypto.h', 'C', run=not is_crosscompiling):
        env.Die("OpenSSL not found (see 'config.log' for details)") ```

[adrianopol]

i don't really get why, but this how i could get -lcrypto to be linked.

Ah, sorry, you are checking a different library here. Then it's OK.

You can also make shorten the condition:

if not conf.CheckLibWithHeaderExt(['ssl', 'crypto'], ['openssl/rand.h', 'openssl/crypto.h'], 'C', run=not is_crosscompiling):

[gavv]

Seems we have AddPkgConfigDependency('libssl'), but don't have AddPkgConfigDependency('libcrypto'), it should be added, because they're different packages in pkg-config:

pkg-config --cflags --libs libssl
-lssl 

pkg-config --cflags --libs libcrypto
-lcrypto 

And in this case it indeed makes sense to add a second check. openssl/rand.h checks that libssl worked, and openssl/crypto.h checks that lubcrypto worked.

i don't really get why, but this how i could get -lcrypto to be linked.

Likely CheckLibWithHeaderExt adds it, but we should no rely on it. Actually it's probably a bug that should be fixed (not in this PR of course).

Also please avoid long lines.

[lovvik]

Hello, i now have this. The AddPkgConfigDependency('libcrypto') does it (even without CheckLib...) . is it ok ?

elif 'openssl' in system_dependencies:
    ossl_prefix = None
    # macOS: fallback to use a brew-installed openssl
    if meta.platform == 'darwin' and not is_crosscompiling:
        ossl_prefix = env.FindBrewPackage('openssl')

    conf = Configure(env, custom_tests=env.CustomTests)

    if not conf.AddPkgConfigDependency('libssl', '--cflags --libs', add_prefix=ossl_prefix):
        conf.env.AddManualDependency(libs=['ssl'], prefix=ossl_prefix)

    if not conf.AddPkgConfigDependency('libcrypto', '--cflags --libs', add_prefix=ossl_prefix):
        conf.env.AddManualDependency(libs=['crypto'], prefix=ossl_prefix)

    if not conf.CheckLibWithHeaderExt('ssl', 'openssl/rand.h', 'C', run=not is_crosscompiling) or \
        not conf.CheckLibWithHeaderExt('crypto', 'openssl/crypto.h', 'C', run=not is_crosscompiling):
        env.Die("OpenSSL not found (see 'config.log' for details)")

    env = conf.Finish()

[gavv]

LGTM!

[adrianopol]

it was not intended to remove the original fast_random version, so please just keep it

[adrianopol]

why?

[adrianopol]

this should be implemented in target_nocsprng (as written in #683)

[lovvik]

Hello, i don't understand. That is target_nocsprng.

[adrianopol]

I mean, the fast_random implementation should be the only in this file, and secure_random() function implemented through calls to fast_random*() is the only one to go to the target_nocsprng directory.

[adrianopol]

see above

[adrianopol]

the original file should be kept

[lovvik]

this was asked by gavv : #683 (comment)

[adrianopol]

this should not be changed

[adrianopol]

this should not be changed

[adrianopol]

this should not be changed

[adrianopol]

this should not be changed; checkout the task description and revert other places please

[gavv]

Thanks for PR!

Regarding my comment from matrix that you linked above: #683 (comment)

I guess I was not very clear.

The idea is:

• fast_random is always available and has a single cross-platform implementation; it's not affected by this task at all
• secure_random is always available
• but secure_random can have two different implementations: using OpenSSL, and fallback using fast_random (which as you remember is always available)
• some parts of the code use fast_random, some use secure_random, depending on requirements; CSPRNG is needed when RTP RFC mandates it; but it's slower and can fail, so it's not used everywhere
• regarding tests:
  • we need tests for fast_random and for secure_random; they're different tests at least because these functions have different signatures
  • tests for fast_random should be be affected by this task at all
  • tests for secure_random can have only one implementation, no matter if secure_random is implemented via OpenSSL or fast_random

That's what I tried to say in that comment, we don't need two separate implementations of tests for secure_random, however we still need separate tests for fast_random and secure_random.

[lovvik]

oh...i really misinterpreted it all. It will be fixed.

[github-actions]

🤖 The latest upstream change made this pull request unmergeable. Please resolve the merge conflicts.