diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-02-07 15:24:56 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-02-08 01:50:03 +0100 |
commit | e5b9cee8681dc45340321f759079b344a3b2676c (patch) | |
tree | 7e4875ccf109ebd2d2a858ec0368f2d9d46e2a5a /src/Driver | |
parent | 6bb1f24ed571bccd4d1d247dafdc1dda6eaa3d8d (diff) | |
download | VeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.tar.gz VeraCrypt-e5b9cee8681dc45340321f759079b344a3b2676c.zip |
Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default
Diffstat (limited to 'src/Driver')
-rw-r--r-- | src/Driver/DriveFilter.c | 7 | ||||
-rw-r--r-- | src/Driver/Ntdriver.c | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index a02ca3e5..6228009f 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -1535,10 +1535,11 @@ static VOID SetupThreadProc (PVOID threadArg) KeQuerySystemTime( &iSeed ); WHIRLPOOL_init (&tctx); WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); - // use RDSEED or RDRAND from CPU as source of entropy if present - if ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest))) + // use RDSEED or RDRAND from CPU as source of entropy if enabled + if ( IsCpuRngEnabled() && + ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest))) || (HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest))) - ) + )) { WHIRLPOOL_add (digest, sizeof(digest), &tctx); } diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 83c050a8..7e3a08bd 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -4382,6 +4382,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); + EnableCpuRng ((flags & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE); EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE; AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE; |