From fc3b03c9371413f1bb4467936e559563cc648c6e Mon Sep 17 00:00:00 2001
From: Jannis Muething <js.muething@gmail.com>
Date: Thu, 15 Feb 2024 04:25:16 +0100
Subject: [PATCH] Secure random number generator for SRTP key when using
 PJ_SSL_SOCK_IMP_APPLE (#3860)

---
 pjmedia/src/pjmedia/transport_srtp_sdes.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pjmedia/src/pjmedia/transport_srtp_sdes.c b/pjmedia/src/pjmedia/transport_srtp_sdes.c
index 0faa6b25c..d84d5e354 100644
--- a/pjmedia/src/pjmedia/transport_srtp_sdes.c
+++ b/pjmedia/src/pjmedia/transport_srtp_sdes.c
@@ -34,6 +34,9 @@
 #  endif
 #endif
 
+#if (PJ_SSL_SOCK_IMP == PJ_SSL_SOCK_IMP_APPLE)
+    #include <Security/SecRandom.h>
+#endif
 
 #include <pj/rand.h>
 
@@ -134,6 +137,16 @@ static pj_status_t generate_crypto_attr_value(pj_pool_t *pool,
                           "(native err=%d)", err));
                 return PJMEDIA_ERRNO_FROM_LIBSRTP(1);
             }
+#elif defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0) && \
+      (PJ_SSL_SOCK_IMP == PJ_SSL_SOCK_IMP_APPLE)
+            int err = SecRandomCopyBytes(kSecRandomDefault,
+                                         crypto_suites[cs_idx].cipher_key_len,
+                                         &key);
+            if (err != errSecSuccess) {
+                PJ_LOG(4,(THIS_FILE, "Failed generating random key "
+                          "(native err=%d)", err));
+                return PJMEDIA_ERRNO_FROM_LIBSRTP(1);
+            }
 #else
             PJ_LOG(3,(THIS_FILE, "Warning: simple random generator is used "
                                  "for generating SRTP key"));