Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement secure_random() function using OpenSSL #683

Open
gavv opened this issue Jan 30, 2024 · 2 comments
Open

Implement secure_random() function using OpenSSL #683

gavv opened this issue Jan 30, 2024 · 2 comments
Assignees
@lovvik
Labels
easy hacks The solution is expected to be straightforward even if you are new to the project enhancement help wanted An important and awaited task but we have no human resources for it yet security Security, encryption
Projects
kanban board

Comments

@gavv
Copy link
Member

gavv commented Jan 30, 2024

There are a few RTP/RTCP fields that are required to be populated using cryptographically secure PRNG. Currently we fill them using regular PRNG (core::fast_random), which will become a security issue when we add encryption.

We need to implement a new function core::secure_random:

ROC_ATTR_NODISCARD bool secure_random(void* buf, size_t bufsz);

We already have OpenSSL support, so we can implement secure_random() using RAND module from OpenSSL.

Since OpenSSL can be disabled at build time via --disable-openssl scons option, we should actually add two implementations:

  • in roc_core/target_openssl - main implementation, using OpenSSL
  • in roc_core/target_nocsprng - alternative fallback implementation that uses fast_random()

Scons will automatically use target_openssl when OpenSSL is enabled, and target_nocsprng when it's disabled (this feature is already implemented in SConstruct). See here about target directories.

Then we should switch the following classes/functions from fast_random() to secure_random():

(Each one has a few calls to fast_random()).

We also should add simple tests for secure_random() similar to fast_random().
@gavv gavv added enhancement help wanted An important and awaited task but we have no human resources for it yet easy hacks The solution is expected to be straightforward even if you are new to the project security Security, encryption labels Jan 30, 2024
@gavv gavv added this to Frontlog in kanban board Jan 30, 2024
@gavv gavv moved this from Frontlog to Help wanted in kanban board Jan 30, 2024
@lovvik
Copy link

lovvik commented Feb 19, 2024

Hello, @Yannise-A and I are students at Paris 8 University. We're taking an Open source development course this semester, and would like to work on this, to begin with.

@gavv
Copy link
Member Author

gavv commented Feb 20, 2024

@lovvik @Yannise-A you're both welcome, thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lovvik lovvik

Labels
easy hacks The solution is expected to be straightforward even if you are new to the project enhancement help wanted An important and awaited task but we have no human resources for it yet security Security, encryption
Projects
kanban board
Help wanted
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gavv @lovvik