Skip to content

Commit

Permalink
Windows: Use ProcessPrng for random keys
Browse files Browse the repository at this point in the history
  • Loading branch information
ChrisDenton committed Feb 25, 2024
1 parent 43fdd49 commit 08caefb
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 44 deletions.
15 changes: 15 additions & 0 deletions library/std/src/sys/pal/windows/c.rs
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,21 @@ pub unsafe fn NtWriteFile(
}
}

// Use raw-dylib to import ProcessPrng as we can't rely on there being an import library.
cfg_if::cfg_if! {
if #[cfg(not(target_vendor = "win7"))] {
#[cfg(target_arch = "x86")]
#[link(name = "bcryptprimitives", kind = "raw-dylib", import_name_type = "undecorated")]
extern "system" {
pub fn ProcessPrng(pbdata: *mut u8, cbdata: usize) -> BOOL;
}
#[cfg(not(target_arch = "x86"))]
#[link(name = "bcryptprimitives", kind = "raw-dylib")]
extern "system" {
pub fn ProcessPrng(pbdata: *mut u8, cbdata: usize) -> BOOL;
}
}}

// Functions that aren't available on every version of Windows that we support,
// but we still use them and just provide some form of a fallback implementation.
compat_fn_with_fallback! {
Expand Down
4 changes: 0 additions & 4 deletions library/std/src/sys/pal/windows/c/bindings.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2180,10 +2180,6 @@ Windows.Win32.Networking.WinSock.WSATRY_AGAIN
Windows.Win32.Networking.WinSock.WSATYPE_NOT_FOUND
Windows.Win32.Networking.WinSock.WSAVERNOTSUPPORTED
Windows.Win32.Security.Authentication.Identity.RtlGenRandom
Windows.Win32.Security.Cryptography.BCRYPT_ALG_HANDLE
Windows.Win32.Security.Cryptography.BCRYPT_USE_SYSTEM_PREFERRED_RNG
Windows.Win32.Security.Cryptography.BCryptGenRandom
Windows.Win32.Security.Cryptography.BCRYPTGENRANDOM_FLAGS
Windows.Win32.Security.SECURITY_ATTRIBUTES
Windows.Win32.Security.TOKEN_ACCESS_MASK
Windows.Win32.Security.TOKEN_ACCESS_PSEUDO_HANDLE
Expand Down
12 changes: 0 additions & 12 deletions library/std/src/sys/pal/windows/c/windows_sys.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,6 @@ extern "system" {
pub fn RtlGenRandom(randombuffer: *mut ::core::ffi::c_void, randombufferlength: u32)
-> BOOLEAN;
}
#[link(name = "bcrypt")]
extern "system" {
pub fn BCryptGenRandom(
halgorithm: BCRYPT_ALG_HANDLE,
pbbuffer: *mut u8,
cbbuffer: u32,
dwflags: BCRYPTGENRANDOM_FLAGS,
) -> NTSTATUS;
}
#[link(name = "kernel32")]
extern "system" {
pub fn AcquireSRWLockExclusive(srwlock: *mut SRWLOCK) -> ();
Expand Down Expand Up @@ -889,9 +880,6 @@ impl ::core::clone::Clone for ARM64_NT_NEON128_0 {
*self
}
}
pub type BCRYPTGENRANDOM_FLAGS = u32;
pub type BCRYPT_ALG_HANDLE = *mut ::core::ffi::c_void;
pub const BCRYPT_USE_SYSTEM_PREFERRED_RNG: BCRYPTGENRANDOM_FLAGS = 2u32;
pub const BELOW_NORMAL_PRIORITY_CLASS: PROCESS_CREATION_FLAGS = 16384u32;
pub type BOOL = i32;
pub type BOOLEAN = u8;
Expand Down
41 changes: 13 additions & 28 deletions library/std/src/sys/pal/windows/rand.rs
Original file line number Diff line number Diff line change
@@ -1,42 +1,27 @@
use crate::mem;
use crate::ptr;
use crate::sys::c;
use core::mem;
use core::ptr;

#[cfg(not(target_vendor = "win7"))]
#[inline]
pub fn hashmap_random_keys() -> (u64, u64) {
let mut v = (0, 0);
let ret = unsafe {
c::BCryptGenRandom(
ptr::null_mut(),
core::ptr::addr_of_mut!(v) as *mut u8,
mem::size_of_val(&v) as c::ULONG,
c::BCRYPT_USE_SYSTEM_PREFERRED_RNG,
)
};
if c::nt_success(ret) { v } else { fallback_rng() }
let ret = unsafe { c::ProcessPrng(ptr::addr_of_mut!(v).cast::<u8>(), mem::size_of_val(&v)) };
// ProcessPrng is documented as always returning `TRUE`.
// https://learn.microsoft.com/en-us/windows/win32/seccng/processprng#return-value
debug_assert_eq!(ret, c::TRUE);
v
}

/// Generate random numbers using the fallback RNG function (RtlGenRandom)
///
/// This is necessary because of a failure to load the SysWOW64 variant of the
/// bcryptprimitives.dll library from code that lives in bcrypt.dll
/// See <https://bugzilla.mozilla.org/show_bug.cgi?id=1788004#c9>
#[cfg(not(target_vendor = "uwp"))]
#[inline(never)]
fn fallback_rng() -> (u64, u64) {
#[cfg(target_vendor = "win7")]
pub fn hashmap_random_keys() -> (u64, u64) {
use crate::ffi::c_void;
use crate::io;

let mut v = (0, 0);
let ret = unsafe {
c::RtlGenRandom(core::ptr::addr_of_mut!(v) as *mut c_void, mem::size_of_val(&v) as c::ULONG)
c::RtlGenRandom(ptr::addr_of_mut!(v).cast::<c_void>(), mem::size_of_val(&v) as c::ULONG)
};

if ret != 0 { v } else { panic!("fallback RNG broken: {}", io::Error::last_os_error()) }
}

/// We can't use RtlGenRandom with UWP, so there is no fallback
#[cfg(target_vendor = "uwp")]
#[inline(never)]
fn fallback_rng() -> (u64, u64) {
panic!("fallback RNG broken: RtlGenRandom() not supported on UWP");
if ret != 0 { v } else { panic!("RNG broken: {}", io::Error::last_os_error()) }
}

0 comments on commit 08caefb

Please sign in to comment.