VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-07 15:24:56 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-02-08 01:50:03 +0100
commite5b9cee8681dc45340321f759079b344a3b2676c (patch)
tree7e4875ccf109ebd2d2a858ec0368f2d9d46e2a5a /src/Driver
parent6bb1f24ed571bccd4d1d247dafdc1dda6eaa3d8d (diff)
downloadVeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.tar.gz
VeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.zip
Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default
Diffstat (limited to 'src/Driver')
-rw-r--r--src/Driver/DriveFilter.c7
-rw-r--r--src/Driver/Ntdriver.c1
2 files changed, 5 insertions, 3 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index a02ca3e5..6228009f 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -1535,10 +1535,11 @@ static VOID SetupThreadProc (PVOID threadArg)
KeQuerySystemTime( &iSeed );
WHIRLPOOL_init (&tctx);
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
- // use RDSEED or RDRAND from CPU as source of entropy if present
- if ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+ // use RDSEED or RDRAND from CPU as source of entropy if enabled
+ if ( IsCpuRngEnabled() &&
+ ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
|| (HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
- )
+ ))
{
WHIRLPOOL_add (digest, sizeof(digest), &tctx);
}
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 83c050a8..7e3a08bd 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -4382,6 +4382,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
}
EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+ EnableCpuRng ((flags & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE;
AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE;