Implement High-Quality Random Number Generation Using AES-CTR Mode with OpenSSL and AES-NI Support

[Knogle]

In this pull request, I present my implementation of a pseudo-random number generator (PRNG) utilizing the AES-CTR (Advanced Encryption Standard - Counter mode) in 128-bit mode. This implementation is designed to produce high-quality random numbers, which are essential for a wide range of cryptographic applications. By integrating with the OpenSSL library and exploiting AES-NI (Advanced Encryption Standard New Instructions) hardware acceleration when available, I ensure both the security and efficiency of the random number generation process.

Key Features:

AES-CTR Mode: I chose AES in Counter mode due to its renowned capability to generate secure and unpredictable pseudo-random sequences. This mode operates by encrypting incrementing counter values, with the encryption output serving as the stream of random bytes.

128-bit AES: Utilizing a 128-bit key size for AES encryption provides a strong security measure while maintaining efficient performance, adhering to current cryptographic standards for pseudo-random number generation.

Integration with OpenSSL: OpenSSL, being a well-established and rigorously tested cryptographic library, is used to manage AES operations. This integration ensures a high level of security and performance for the AES-CTR operations within our PRNG.

Leveraging AES-NI Support: My implementation automatically detects and utilizes AES-NI, a set of instructions that enhance AES operations on most modern processors. This feature significantly improves the speed of random number generation, reducing CPU usage and enhancing scalability.

Implementation Details:

Initialization: At the outset, the PRNG's state is initialized with a distinct 128-bit key and an initial counter value, using OpenSSL's AES_set_encrypt_key to prepare the AES key structure for subsequent operations.

Generating Random Numbers: For generating random numbers, the current counter value is encrypted under the configured AES key in CTR mode. The output of this encryption serves as the source of pseudo-random bytes, with the counter incremented after each operation to maintain the uniqueness of subsequent inputs.

State Management: The PRNG's internal state, including the AES key, counter (IV), and encryption buffer (ecount), is securely managed within an aes_ctr_state_t structure. This careful management is crucial for preserving the integrity and unpredictability of the random number stream.

Optimizing for Hardware: By optimizing for AES-NI, my implementation ensures enhanced performance through hardware acceleration, providing an efficient solution for generating random numbers across various applications.

This PRNG implementation stands as a robust and efficient tool for generating high-quality pseudo-random numbers, crucial for cryptographic operations, secure communications, and randomized algorithms. The combination of AES-CTR mode, OpenSSL's reliability, and the performance benefits of AES-NI hardware acceleration results in a superior random number generator.

I have ensured that the implementation is well-documented with clear comments, making it accessible for review, understanding, and maintenance, following best practices in both software development and cryptographic standards.

I look forward to receiving feedback on this pull request to further improve and ensure the effectiveness of the PRNG implementation.

Test of randomness:

• Mean frequency per byte value: Approximately 100,289
• Variance: Approximately 92,612
• Standard deviation: Approximately 304

[PartialVolume]

Thanks for the PR, much appreciated. I see it's failing on the coding style, if you could run make format to correct the coding style and recommit. Once the C.I. passes I'll try to review and commit in the next week or two. Thanks again.

[PartialVolume]

There are also a few issues with the compilation on Ubuntu.

/home/runner/work/nwipe/nwipe/src/aes/aes_ctr_prng.c:23: undefined reference to `AES_set_encrypt_key'
/usr/bin/ld: aes/aes_ctr_prng.o: in function `aes_ctr_prng_genrand_int32':
/home/runner/work/nwipe/nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `AES_encrypt'
/usr/bin/ld: /home/runner/work/nwipe/nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `CRYPTO_ctr128_encrypt'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:449: nwipe] Error 1
make[2]: Leaving directory '/home/runner/work/nwipe/nwipe/src'
make[1]: *** [Makefile:374: all-recursive] Error 1
make[1]: Leaving directory '/home/runner/work/nwipe/nwipe'
make: *** [Makefile:315: all] Error 2
Error: Process completed with exit code 2.

[Knogle]

Thanks a lot, i will format the code properly! The code is requiring at least OpenSSL 1.1.0, as AES_ctr128_encrypt was replaced by CRYPTO_ctr128_encrypt.

If necessary i could create a version for SSL versions prior to 1.1.0, which only requires minimal changes. In order to compile, i've used OpenSSL 3.1.1.

[PartialVolume]

I just tried compiling on Ubuntu 22.04 which is running openssl 3.0.2 and it failed with the following error. So doesn't seem to be due to an earlier openssl prior to 1.0.1.

/usr/bin/ld: prng.o: in function `nwipe_aes_ctr_prng_init':
/home/nick/Data/MIC/Technical_Data/Software/nwipe_tmp/knogle/nwipe/src/prng.c:268: undefined reference to `aes_ctr_prng_init'
/usr/bin/ld: prng.o: in function `nwipe_aes_ctr_prng_read':
/home/nick/Data/MIC/Technical_Data/Software/nwipe_tmp/knogle/nwipe/src/prng.c:281: undefined reference to `aes_ctr_prng_genrand_int32'
/usr/bin/ld: /home/nick/Data/MIC/Technical_Data/Software/nwipe_tmp/knogle/nwipe/src/prng.c:289: undefined reference to `aes_ctr_prng_genrand_int32'

[Knogle]

Hmmm okay that looks weird. For my Fedora 39 i got the following during build. Did you try building the fb71e92 commit?

I will give it a try on Ubuntu 23.10.

Thanks a lot already!

chairman@fedora:/tmp/nwipe$ make make all-recursive make[1]: Entering directory '/tmp/nwipe' Making all in src make[2]: Entering directory '/tmp/nwipe/src' depbase=echo nwipe.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT nwipe.o -MD -MP -MF $depbase.Tpo -c -o nwipe.o nwipe.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo gui.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT gui.o -MD -MP -MF $depbase.Tpo -c -o gui.o gui.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo pass.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT pass.o -MD -MP -MF $depbase.Tpo -c -o pass.o pass.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo device.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT device.o -MD -MP -MF $depbase.Tpo -c -o device.o device.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo isaac_rand/isaac_rand.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT isaac_rand/isaac_rand.o -MD -MP -MF $depbase.Tpo -c -o isaac_rand/isaac_rand.o isaac_rand/isaac_rand.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo isaac_rand/isaac64.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT isaac_rand/isaac64.o -MD -MP -MF $depbase.Tpo -c -o isaac_rand/isaac64.o isaac_rand/isaac64.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo mt19937ar-cok/mt19937ar-cok.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT mt19937ar-cok/mt19937ar-cok.o -MD -MP -MF $depbase.Tpo -c -o mt19937ar-cok/mt19937ar-cok.o mt19937ar-cok/mt19937ar-cok.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo aes/aes_ctr_prng.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT aes/aes_ctr_prng.o -MD -MP -MF $depbase.Tpo -c -o aes/aes_ctr_prng.o aes/aes_ctr_prng.c &&\ mv -f $depbase.Tpo $depbase.Po aes/aes_ctr_prng.c: In function ‘aes_ctr_prng_init’: aes/aes_ctr_prng.c:22:5: warning: ‘AES_set_encrypt_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 22 | AES_set_encrypt_key( key, 128, &state->aes_key ); // 128 Bit key | ^~~~~~~ In file included from aes/aes_ctr_prng.h:5, from aes/aes_ctr_prng.c:1: /usr/include/openssl/aes.h:51:5: note: declared here 51 | int AES_set_encrypt_key(const unsigned char userKey, const int bits, | ^~~~~~~ aes/aes_ctr_prng.c: In function ‘aes_ctr_prng_genrand_int32’: aes/aes_ctr_prng.c:48:28: warning: ‘AES_encrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 48 | (block128_f) AES_encrypt ); | ^ /usr/include/openssl/aes.h:57:6: note: declared here 57 | void AES_encrypt(const unsigned char in, unsigned char out, | ^~~ depbase=`echo logging.o | sed 's|[^/]$|.deps/&|;s|.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT logging.o -MD -MP -MF $depbase.Tpo -c -o logging.o logging.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo method.o | sed 's|[^/]$|.deps/&|;s|.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT method.o -MD -MP -MF $depbase.Tpo -c -o method.o method.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo options.o | sed 's|[^/]$|.deps/&|;s|.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT options.o -MD -MP -MF $depbase.Tpo -c -o options.o options.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo prng.o | sed 's|[^/]$|.deps/&|;s|.o$||'`;\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT prng.o -MD -MP -MF $depbase.Tpo -c -o prng.o prng.c &&\ mv -f $depbase.Tpo $depbase.Po prng.c: In function ‘nwipe_aes_ctr_prng_init’: prng.c:268:5: warning: implicit declaration of function ‘aes_ctr_prng_init’; did you mean ‘nwipe_aes_ctr_prng_init’? [-Wimplicit-function-declaration] 268 | aes_ctr_prng_init( (aes_ctr_state_t) state, (unsigned long) ( seed->s ), seed->length / sizeof( unsigned long ) ); | ^~~~~ | nwipe_aes_ctr_prng_init prng.c: In function ‘nwipe_aes_ctr_prng_read’: prng.c:281:32: warning: implicit declaration of function ‘aes_ctr_prng_genrand_int32’; did you mean ‘aes_ctr_generate_uint32’? [-Wimplicit-function-declaration] 281 | u32_to_buffer( bufpos, aes_ctr_prng_genrand_int32( (aes_ctr_state_t) state ), SIZE_OF_AES_CTR_PRNG ); | ^~~~~~ | aes_ctr_generate_uint32 depbase=echo version.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT version.o -MD -MP -MF $depbase.Tpo -c -o version.o version.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo temperature.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT temperature.o -MD -MP -MF $depbase.Tpo -c -o temperature.o temperature.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo PDFGen/pdfgen.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT PDFGen/pdfgen.o -MD -MP -MF $depbase.Tpo -c -o PDFGen/pdfgen.o PDFGen/pdfgen.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo create_pdf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT create_pdf.o -MD -MP -MF $depbase.Tpo -c -o create_pdf.o create_pdf.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo embedded_images/shred_db.jpg.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT embedded_images/shred_db.jpg.o -MD -MP -MF $depbase.Tpo -c -o embedded_images/shred_db.jpg.o embedded_images/shred_db.jpg.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo embedded_images/tick_erased.jpg.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT embedded_images/tick_erased.jpg.o -MD -MP -MF $depbase.Tpo -c -o embedded_images/tick_erased.jpg.o embedded_images/tick_erased.jpg.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo embedded_images/redcross.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT embedded_images/redcross.o -MD -MP -MF $depbase.Tpo -c -o embedded_images/redcross.o embedded_images/redcross.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo hpa_dco.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT hpa_dco.o -MD -MP -MF $depbase.Tpo -c -o hpa_dco.o hpa_dco.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo miscellaneous.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT miscellaneous.o -MD -MP -MF $depbase.Tpo -c -o miscellaneous.o miscellaneous.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo embedded_images/nwipe_exclamation.jpg.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT embedded_images/nwipe_exclamation.jpg.o -MD -MP -MF $depbase.Tpo -c -o embedded_images/nwipe_exclamation.jpg.o embedded_images/nwipe_exclamation.jpg.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo conf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT conf.o -MD -MP -MF $depbase.Tpo -c -o conf.o conf.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo customers.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT customers.o -MD -MP -MF $depbase.Tpo -c -o customers.o customers.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo hddtemp_scsi/get_scsi_temp.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT hddtemp_scsi/get_scsi_temp.o -MD -MP -MF $depbase.Tpo -c -o hddtemp_scsi/get_scsi_temp.o hddtemp_scsi/get_scsi_temp.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo hddtemp_scsi/scsi.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT hddtemp_scsi/scsi.o -MD -MP -MF $depbase.Tpo -c -o hddtemp_scsi/scsi.o hddtemp_scsi/scsi.c &&\ mv -f $depbase.Tpo $depbase.Po depbase=echo hddtemp_scsi/scsicmds.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';\ gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -MT hddtemp_scsi/scsicmds.o -MD -MP -MF $depbase.Tpo -c -o hddtemp_scsi/scsicmds.o hddtemp_scsi/scsicmds.c &&\ mv -f $depbase.Tpo $depbase.Po gcc -g -O2 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -lcrypto -o nwipe nwipe.o gui.o pass.o device.o isaac_rand/isaac_rand.o isaac_rand/isaac64.o mt19937ar-cok/mt19937ar-cok.o aes/aes_ctr_prng.o logging.o method.o options.o prng.o version.o temperature.o PDFGen/pdfgen.o create_pdf.o embedded_images/shred_db.jpg.o embedded_images/tick_erased.jpg.o embedded_images/redcross.o hpa_dco.o miscellaneous.o embedded_images/nwipe_exclamation.jpg.o conf.o customers.o hddtemp_scsi/get_scsi_temp.o hddtemp_scsi/scsi.o hddtemp_scsi/scsicmds.o -lparted -lpthread -lpanel -lncurses -ltinfo -lconfig make[2]: Leaving directory '/tmp/nwipe/src' Making all in man make[2]: Entering directory '/tmp/nwipe/man' make[2]: Nothing to be done for 'all'. make[2]: Leaving directory '/tmp/nwipe/man' make[2]: Entering directory '/tmp/nwipe' make[2]: Leaving directory '/tmp/nwipe' make[1]: Leaving directory '/tmp/nwipe'

[Knogle]

Okay, to be honest, right on the moment i don't know where to start troubleshooting this issue. Somehow it seems to be distribution specific. Having the same OpenSSL versions on Ubuntu 23.10 and Fedora 39, i am able to build on Fedora 39, but on Ubuntu not, encountering the same errors as you did.

[PartialVolume]

I've not studied the code in any depth yet but doesn't it look like the functions that are not defined in Ubuntu and Fedora are misnamed? i.e the declaration or definition don't match. But like I said I've not studied the code so I could be wrong. It just caught my eye that the functions names are very similar and I think in your last but one comment the compiler may have also suggested this. [Edited, as I see it was also failing in Fedora too]

src/prng.c

aes_ctr_prng_init()
aes_ctr_prng_genrand_int32()

should be

init_aes_ctr()
aes_ctr_generate_uint32()

As declared in the header?

src/aes/aes_ctr_prng.h

// Initializes the AES-CTR random number generator
void init_aes_ctr( aes_ctr_state_t* state, const unsigned char* key );

// Generates a 32-bit integer using AES-CTR
unsigned int aes_ctr_generate_uint32( aes_ctr_state_t* state );

[PartialVolume]

However, it's not just as simple as changing the names as there is an issue with incompatible pointer types which would also need to be resolved.

warning: passing argument 2 of ‘init_aes_ctr’ from incompatible pointer type [-Wincompatible-pointer-types]
  269 |         (aes_ctr_state_t*) *state, (unsigned long*) ( seed->s ), seed->length / sizeof( unsigned long ) );
      |                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                    |
      |                                    long unsigned int *
In file included from prng.c:28:
aes/aes_ctr_prng.h:17:65: note: expected ‘const unsigned char *’ but argument is of type ‘long unsigned int *’
   17 | void init_aes_ctr( aes_ctr_state_t* state, const unsigned char* key );
      |                                            ~~~~~~~~~~~~~~~~~~~~~^~~
prng.c:268:5: error: too many arguments to function ‘init_aes_ctr’
  268 |     init_aes_ctr(
      |     ^~~~~~~~~~~~

It might help me to know the origin of this code to understand this a bit better.

[PartialVolume]

I believe some of these aes functions are now deprecated in openssl 3 if you take a look at openssl/aes.h

Low-level encryption functions such as AES_encrypt(3) and AES_decrypt(3) have been informally discouraged
from use for a long time. Applications should instead use the high level EVP APIs EVP_EncryptInit_ex(3), 
EVP_EncryptUpdate(3), and EVP_EncryptFinal_ex(3) or EVP_DecryptInit_ex(3), EVP_DecryptUpdate(3) and
EVP_DecryptFinal_ex(3).

Are you using openssl below v3 on the Fedora version you are running, could be why it works?

[Knogle]

Wait, i screwed up.

[PartialVolume]

There doesn't appear to be any entry for selecting the AES PRNG in the gui. I thought I saw that you had made some changes to gui.c?

and yes the compile worked ok.

[Knogle]

Now, using the latest commit, now again only on Fedora, i was able to build again. I have screwed up in between, and uploaded a build without the changes i made. The latest commit should be working now (At least on Fedora) Can you let me know which issue you encountered in the code? Maybe i could give a detailed explanation regarding the parts i've implemented.

build_log.log

[PartialVolume]

Workflow and formatting is still failing:

While if I clone your master it builds ok but is missing the gui code?

[Knogle]

Can you give it a try here? https://github.com/Knogle/nwipe The gui.c should match already since my latest commit, from 20 minutes ago. e9b126d24f8d188a224126394a39e7fbe1b26734

[PartialVolume]

Looks like if you force pushed unless it contains all previous changes in the latest forced push it ends up missing stuff, like the gui.c changes.

[Knogle]

Can you maybe perform a new clone of my master? In my case it's working properly, cloning my repo from scratch. Otherwise i could try forking it again, and add the changed files from scratch, maybe it's messed up.

[PartialVolume]

Cloned from your master. Strange because the previous clone of your master compiled ok!

nwipe/src/aes/aes_ctr_prng.c:22: undefined reference to `AES_set_encrypt_key'
nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `CRYPTO_ctr128_encrypt'
nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `AES_encrypt'

[PartialVolume]

Otherwise i could try forking it again, and add the changed files from scratch, maybe it's messed up.

Might be an option worth trying.

[Knogle]

Cloned from your master. Strange because the previous clone of your master compiled ok!

nwipe/src/aes/aes_ctr_prng.c:22: undefined reference to `AES_set_encrypt_key'
nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `CRYPTO_ctr128_encrypt'
nwipe/src/aes/aes_ctr_prng.c:41: undefined reference to `AES_encrypt'

Ah yes! That's the current state i have on my Ubuntu machine as well, so it's "up to date" now. However, i still don't know, how my Fedora machine manages to compile the same code tbh. I will try to research a little more.

[PartialVolume]

Yes I think the forced push is where you are losing previous commits. I don't think I've ever used a forced commit. But then I tend to create a branch submit one or more commits to the branch then just push the branch and then generate a PR

[Knogle]

Yes I think the forced push is where you are losing previous commits. I don't think I've ever used a forced commit. But then I tend to create a branch submit one or more commits to the branch then just push the branch and then generate a PR

Oh okay, i will try to investigate further tomorrow. Have you a Fedora 39 machine, or did you try building it there already? I think somehow library versions/ or locations may differ. I've done a fresh clone of the master branch again, and on one machine it builds, on the other i get those reference issues.

[PartialVolume]

I also get this error "This commit doesn't belong to any branch on this repository..." which I don't normally see on a PR. I don't know if that will cause an issue merging or not or whether it's a benign warning as you are not creating a branch to submit your PR.

[Knogle]

I also get this error "This commit doesn't belong to any branch on this repository..." which I don't normally see on a PR. I don't know if that will cause an issue merging or not or whether it's a benign warning as you are not creating a branch to submit your PR.

Ahhh okay i see, its borked somehow. I will start with a new fork, and set up the changes.

[PartialVolume]

Just as a reminder for myself configure needs to check for openssl header files and libcrypt?