FIX: Improve PRNG seeding on Windows to ensure uniqueness of generated numbers (#5265)

Fix for the pseudo-random seed on Windows. The function `rand_r` isn't present on Windows and the global seed wasn't based on the current microseconds and thread id. Also it wasn't called on every thread as required on this platform but only once per process. The fix allows on this platform the uniqueness of client side member id generation in next-generation consumer group protocol.
Happening since 1.x

* Multiple platforms secure random generation
* Run KIP-848 tests on MinGW-w64
* Changes to srand per thread on Windows.
It's necessary on Windows to avoid using the same jitter values for all clients and avoid a stampede effect on brokers.
* Run macOS local quick tests with KIP-848 as well
* Run KIP-848 local quick tests on arm64 glibc and alpine
* Increase 0153 with a different number of maximum open files

Author: emasab

.semaphore/semaphore-integration.yml

@@ -47,15 +47,7 @@ blocks:
       jobs:
         - name: 'Build'
           commands:
-            - ./configure --install-deps --source-deps-only --enable-static --disable-lz4-ext --enable-strip
-            - make -j all examples check
-            - examples/rdkafka_example -X builtin.features
-            - otool -L src/librdkafka.dylib
-            - otool -L src-cpp/librdkafka++.dylib
-            - make -j -C tests build
-            - make -C tests run_local_quick
-            - DESTDIR="$PWD/dest" make install
-            - (cd dest && tar cvzf ../artifacts/librdkafka.tgz .)
+            - packaging/macos/build-release-artifacts.sh
 
 
   - name: 'OSX x64'
@@ -73,15 +65,7 @@ blocks:
       jobs:
         - name: 'Build'
           commands:
-            - ./configure --install-deps --source-deps-only --enable-static --disable-lz4-ext --enable-strip
-            - make -j all examples check
-            - examples/rdkafka_example -X builtin.features
-            - otool -L src/librdkafka.dylib
-            - otool -L src-cpp/librdkafka++.dylib
-            - make -j -C tests build
-            - make -C tests run_local_quick
-            - DESTDIR="$PWD/dest" make install
-            - (cd dest && tar cvzf ../artifacts/librdkafka.tgz .)
+            - packaging/macos/build-release-artifacts.sh
 
   - name: 'Linux Ubuntu amd64: integration tests'
     dependencies: []

CHANGELOG.md

@@ -2,9 +2,17 @@
 
 librdkafka v2.13.0 is a feature release:
 
-* Strip trailing dot of hostname to fix SSL certificate verification issue (#5253).
 * [KIP-482](https://cwiki.apache.org/confluence/display/KAFKA/KIP-482%3A+The+Kafka+Protocol+should+Support+Optional+Tagged+Fields) Upgrade CreateAcls, DescribeAcls, DeleteAcls to the first version supporting this KIP (#5081).
 * [KIP-482](https://cwiki.apache.org/confluence/display/KAFKA/KIP-482%3A+The+Kafka+Protocol+should+Support+Optional+Tagged+Fields) Upgrade DescribeGroups, DeleteTopics, DeleteRecords, CreatePartitions, DeleteGroups to the first version supporting this KIP (#5083).
+* Strip trailing dot of hostname to fix SSL certificate verification issue (#5253).
+* Fix memory management for interceptors in rd_kafka_conf to prevent
+double-free errors (#5240).
+* Fix for the pseudo-random generator seed on Windows involving as well
+  the uniqueness of the new consumer group protocol member id (#5265).
+* Add secure random generation functionality used for UUID uniqueness
+  and secure salt generation in `rd_kafka_UserScramCredentialUpsertion`
+  using OpenSSL or the POSIX or WIN32 equivalent calls when it
+  isn't available (#5265).
 
 
 ## Fixes
@@ -14,6 +22,19 @@ librdkafka v2.13.0 is a feature release:
 * Issues: #4348.
   Strip trailing dot of hostname to fix SSL certificate verification issue.
   Happening since 1.x (#5253).
+* Issues: #4142.
+  Fix memory management for interceptors in rd_kafka_conf to prevent double-free errors.
+  In case the client instance fails the users needs to destroy the configuration
+  data structure, it was causing a double-free because the interceptors were
+  already freed in the constructor.
+  Happening since 1.x (#5240).
+* Issues: #5263, #3929.
+  Fix for the pseudo-random seed on Windows. The function `rand_r` isn't present
+  on Windows and the global seed wasn't based on the current microseconds and thread
+  id. Also it wasn't called on every thread as required on this platform but
+  only once per process. The fix allows on this platform the uniqueness of client side 
+  member id generation in next-generation consumer group protocol.
+  Happening since 1.x (#5265).
 
 
 

configure.self

@@ -216,6 +216,16 @@ void foo (void) {
    (void)rand_r(&seed);
 }"
 
+    # Check if getentropy() is available
+    mkl_compile_check "getentropy" "HAVE_GETENTROPY" disable CC "" \
+"#define _DEFAULT_SOURCE
+#include <unistd.h>
+#include <sys/random.h>
+int foo (void) {
+   char seed[16];
+   return getentropy((void *)seed, sizeof(seed));
+}"
+
     # Check if strndup() is available (isn't on Solaris 10)
     mkl_compile_check "strndup" "HAVE_STRNDUP" disable CC "" \
 "#include <string.h>

packaging/cmake/config.h.in

@@ -43,6 +43,7 @@
 #cmakedefine01 HAVE_REGEX
 #cmakedefine01 HAVE_STRNDUP
 #cmakedefine01 HAVE_RAND_R
+#cmakedefine01 HAVE_GETENTROPY
 #cmakedefine01 HAVE_PTHREAD_SETNAME_GNU
 #cmakedefine01 HAVE_PTHREAD_SETNAME_DARWIN
 #cmakedefine01 HAVE_PTHREAD_SETNAME_FREEBSD

packaging/cmake/try_compile/getentropy_test.c

@@ -0,0 +1,7 @@
+#include <unistd.h>
+#include <sys/random.h>
+
+int main() {
+        char seed[16];
+        return getentropy(seed, sizeof(seed));
+}

packaging/cmake/try_compile/rdkafka_setup.cmake

@@ -16,6 +16,12 @@ try_compile(
     "${TRYCOMPILE_SRC_DIR}/rand_r_test.c"
 )
 
+try_compile(
+    HAVE_GETENTROPY
+    "${CMAKE_CURRENT_BINARY_DIR}/try_compile"
+    "${TRYCOMPILE_SRC_DIR}/getentropy_test.c"
+)
+
 try_compile(
     HAVE_PTHREAD_SETNAME_GNU
     "${CMAKE_CURRENT_BINARY_DIR}/try_compile"

packaging/macos/build-release-artifacts.sh

@@ -0,0 +1,26 @@
+./configure --install-deps --source-deps-only --enable-static --disable-lz4-ext --enable-strip
+make -j all examples check
+examples/rdkafka_example -X builtin.features
+otool -L src/librdkafka.dylib
+otool -L src-cpp/librdkafka++.dylib
+make -j -C tests build
+export TEST_CONSUMER_GROUP_PROTOCOL=classic
+make -C tests run_local_quick
+export TEST_CONSUMER_GROUP_PROTOCOL=consumer
+# Skip tests needing special limits
+TESTS_WITH_INCREASED_NLIMIT="0153"
+export TESTS_SKIP="$TESTS_WITH_INCREASED_NLIMIT"
+make -C tests run_local_quick
+# Now run only those tests with different limits
+
+# Tests needing increased number of file descriptors
+PREV_N=$(ulimit -n)
+ulimit -n 2048
+export TESTS_SKIP=""
+export TESTS="$TESTS_WITH_INCREASED_NLIMIT"
+make -C tests run_local_quick
+ulimit -n $PREV_N
+
+
+DESTDIR="$PWD/dest" make install
+(cd dest && tar cvzf ../artifacts/librdkafka.tgz .)

packaging/mingw-w64/run-tests.sh

@@ -3,4 +3,7 @@
 set -e
 
 cd tests
-./test-runner.exe -l -Q -p1 0000
+export TEST_CONSUMER_GROUP_PROTOCOL=classic
+./test-runner.exe -l -Q -p1
+export TEST_CONSUMER_GROUP_PROTOCOL=consumer
+./test-runner.exe -l -Q -p1 

packaging/tools/build-release-artifacts.sh

@@ -123,6 +123,7 @@ fi
 # Run quick test suite, mark it as CI to avoid time/resource sensitive
 # tests to fail in case the worker is under-powered.
 CI=true make -C tests run_local_quick
+CI=true TEST_CONSUMER_GROUP_PROTOCOL=consumer make -C tests run_local_quick
 
 
 # Install librdkafka and then make a tar ball of the installed files.

src/rd.h

@@ -44,6 +44,11 @@
 #ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 200809L /* for timespec on solaris */
 #endif
+#else
+#ifndef _CRT_RAND_S
+#define _CRT_RAND_S  /* for rand_s() on MSVC. It needs to be defined before    \
+                      * including <stdlib.h>. */
+#endif
 #endif
 
 #include <stdio.h>