Call RtlGenRandom directly in RAND_bytes.
It works within the Chromium sandbox, unlike CryptAcquireContext
and CryptGenRandom which requires the HCRYPTPROV be pre-warmed and held within
the sandbox. Also account for the mismatch between size_t and ULONG/DWORD.
See https://chromium.googlesource.com/chromium/src/+/master/base/rand_util_win.cc
BUG=crbug.com/429919
Change-Id: Ia684124736c0c039ca9410509973192a597856ab
Reviewed-on: https://boringssl-review.googlesource.com/2190
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/rand/windows.c b/crypto/rand/windows.c
index 967dd9b..ed6e5e9 100644
--- a/crypto/rand/windows.c
+++ b/crypto/rand/windows.c
@@ -14,57 +14,36 @@
#include <openssl/rand.h>
-#include <openssl/thread.h>
-
-
#if defined(OPENSSL_WINDOWS)
+#include <limits.h>
#include <stdlib.h>
#include <Windows.h>
-#include <Wincrypt.h>
-static char global_provider_init;
-static HCRYPTPROV global_provider;
+/* #define needed to link in RtlGenRandom(), a.k.a. SystemFunction036. See the
+ * "Community Additions" comment on MSDN here:
+ * http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694.aspx */
+#define SystemFunction036 NTAPI SystemFunction036
+#include <NTSecAPI.h>
+#undef SystemFunction036
+
void RAND_cleanup(void) {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- CryptReleaseContext(global_provider, 0);
- global_provider_init = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
int RAND_bytes(uint8_t *out, size_t requested) {
- HCRYPTPROV provider = 0;
- int ok;
-
- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
- if (!global_provider_init) {
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- if (!global_provider_init) {
- if (CryptAcquireContext(&global_provider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- global_provider_init = 1;
- }
+ while (requested > 0) {
+ ULONG output_bytes_this_pass = ULONG_MAX;
+ if (requested < output_bytes_this_pass) {
+ output_bytes_this_pass = requested;
}
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
+ if (RtlGenRandom(out, output_bytes_this_pass) == FALSE) {
+ abort();
+ return 0;
+ }
+ requested -= output_bytes_this_pass;
+ out += output_bytes_this_pass;
}
-
- ok = global_provider_init;
- provider = global_provider;
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
-
- if (!ok) {
- abort();
- return ok;
- }
-
- if (TRUE != CryptGenRandom(provider, requested, out)) {
- abort();
- return 0;
- }
-
return 1;
}