Implement secure_random() function using OpenSSL #683
Labels
easy hacks
The solution is expected to be straightforward even if you are new to the project
enhancement
help wanted
An important and awaited task but we have no human resources for it yet
security
Security, encryption
There are a few RTP/RTCP fields that are required to be populated using cryptographically secure PRNG. Currently we fill them using regular PRNG (core::fast_random), which will become a security issue when we add encryption.
We need to implement a new function
core::secure_random
:We already have OpenSSL support, so we can implement
secure_random()
using RAND module from OpenSSL.Since OpenSSL can be disabled at build time via
--disable-openssl
scons option, we should actually add two implementations:roc_core/target_openssl
- main implementation, using OpenSSLroc_core/target_nocsprng
- alternative fallback implementation that uses fast_random()Scons will automatically use target_openssl when OpenSSL is enabled, and target_nocsprng when it's disabled (this feature is already implemented in SConstruct). See here about target directories.
Then we should switch the following classes/functions from fast_random() to secure_random():
Each one has a few calls to fast_random(), which should be replaced with secure_random() and error checking (use StatusErrRand when status code is expected).
We also should add simple tests for secure_random() similar to fast_random().
The text was updated successfully, but these errors were encountered: