Closed Bug 1818700 Opened 3 years ago Closed 2 years ago

Use a RtlGenRandom-based fallback for BCryptGenRandom in WebRTC on Windows

Categories

(Core :: WebRTC, enhancement)

Product:
Core
Component:
WebRTC
Platform:
All
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: yannis, Unassigned)

References

Details

Bug 1788004 has highlighted the following:

  • Code relying on BCryptGenRandom can fail on Windows 7 if bcryptprimitives.dll fails to load. For some reason, we have users that encounter this problem. To estimate how many users are affected, look at the crashes in that bug.
  • The proper way to fix this is to add fallback code that uses RtlGenRandom, which doesn't require bcryptprimitives.dll on Windows 7. See for example this discussion for the getrandom Rust crate.
  • We will be pushing a temporary fix in Firefox for code that uses the following specific way of calling into that function: BCryptGenRandom(nullptr, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG);. Besides the fact that this is only temporary, note that other ways of calling are not covered!

We have a call which is not covered by the temporary fix in the following lines from abseil-cpp, a dependency from libwebrtc:

bool ReadSeedMaterialFromOSEntropyImpl(absl::Span<uint32_t> values) {
  BCRYPT_ALG_HANDLE hProvider;
  NTSTATUS ret;
  ret = BCryptOpenAlgorithmProvider(&hProvider, BCRYPT_RNG_ALGORITHM,
                                    MS_PRIMITIVE_PROVIDER, 0);
  if (!(BCRYPT_SUCCESS(ret))) {
    ABSL_RAW_LOG(ERROR, "Failed to open crypto provider.");
    return false;
  }
  ret = BCryptGenRandom(
      hProvider,                                             // provider
      reinterpret_cast<UCHAR*>(values.data()),               // buffer
      static_cast<ULONG>(sizeof(uint32_t) * values.size()),  // bytes
      0);                                                    // flags
  BCryptCloseAlgorithmProvider(hProvider, 0);
  return BCRYPT_SUCCESS(ret);
}

We should study the impact of a failure in that code: Is that code reached and used in Firefox? What happens if it fails?

Then, depending on the impact, we may want to do one of the following:

  • apply a patch locally in our tree if that's possible;
  • contribute a patch to the upstream library.
See Also: → 1788004

According to pushing to try with typos, this is dead code.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.