summarylogtreecommitdiffstats
path: root/0001-rand-Use-crypto-libs-instead-of-CryptGenRandom.patch
blob: 6b090c4e7dc373c85c76eaae481c25a827b8462d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
From 3fa32bb651f0cbd3ee86a3f221ecb3bb24a9d585 Mon Sep 17 00:00:00 2001
From: Nirbheek Chauhan <nirbheek@centricular.com>
Date: Tue, 16 Jun 2020 03:49:14 +0530
Subject: [PATCH 1/2] rand: Use crypto libs instead of CryptGenRandom()

We will always have either openssl or gnutls, which are better sources
for random nonces. Also, CryptGenRandom is deprecated API that's not
available on WinRT/UWP.
---
 stun/rand.c | 37 +++----------------------------------
 1 file changed, 3 insertions(+), 34 deletions(-)

diff --git a/stun/rand.c b/stun/rand.c
index cc0927f..1361245 100644
--- a/stun/rand.c
+++ b/stun/rand.c
@@ -39,36 +39,7 @@
 
 #include "rand.h"
 
-
-#ifdef _WIN32
-
-#include <windows.h>
-#include <wincrypt.h>
-
-void nice_RAND_nonce (uint8_t *dst, int len)
-{
-  HCRYPTPROV hCryptProv;
-  LPCSTR container = "Libnice key container";
-
-  if(!CryptAcquireContext(&hCryptProv, container, NULL, PROV_RSA_FULL, 0)) {
-    /* non existing container. try to create a new one */
-    // I hope this cast here doesn't cause issues
-    // gcc was complaining about comparing signed and unsigned values
-    if (GetLastError() == (DWORD) NTE_BAD_KEYSET) {
-      if(!CryptAcquireContext(&hCryptProv, container, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
-        return;
-      }
-    }
-    return;
-  }
-
-  CryptGenRandom (hCryptProv, len, dst);
-
-  CryptReleaseContext(hCryptProv,0);
-}
-#else
-
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
 
 #include <openssl/rand.h>
 
@@ -77,7 +48,7 @@ void nice_RAND_nonce (uint8_t *dst, int len)
   RAND_bytes (dst, len);
 }
 
-#else
+#elif defined(HAVE_GNUTLS)
 
 #include <sys/types.h>
 #include <gnutls/gnutls.h>
@@ -88,6 +59,4 @@ void nice_RAND_nonce (uint8_t *dst, int len)
   gnutls_rnd (GNUTLS_RND_NONCE, dst, len);
 }
 
-#endif /* HAVE_OPENSSL */
-
-#endif /* _WIN32 */
+#endif
-- 
2.27.0.windows.1