diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-11-13 02:04:13 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-11-13 02:04:13 +0100 |
commit | ec4b44c238b47e11eee327a8dc4d74b90175eab2 (patch) | |
tree | ca6f194804c7fa136fca4b378c09ab16bab62ef7 /src | |
parent | a1ade61c59abe516d12d0720ef34fd4b6a31fd4c (diff) | |
download | VeraCrypt-ec4b44c238b47e11eee327a8dc4d74b90175eab2.tar.gz VeraCrypt-ec4b44c238b47e11eee327a8dc4d74b90175eab2.zip |
Windows: Use BCryptGenRandom instead of deprecated CryptGenRandom to generate secure random bytes
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/Random.c | 48 |
1 files changed, 21 insertions, 27 deletions
diff --git a/src/Common/Random.c b/src/Common/Random.c index ee3fcf53..0be4d601 100644 --- a/src/Common/Random.c +++ b/src/Common/Random.c @@ -19,6 +19,7 @@ #include "Crypto\jitterentropy.h" #include "Crypto\rdrand.h" #include <Strsafe.h> +#include <bcrypt.h> static unsigned __int8 buffer[RNG_POOL_SIZE]; static unsigned char *pRandPool = NULL; @@ -89,16 +90,17 @@ BOOL volatile bThreadTerminate = FALSE; /* This variable is shared among thread' HANDLE hNetAPI32 = NULL; // CryptoAPI -BOOL CryptoAPIAvailable = FALSE; DWORD CryptoAPILastError = ERROR_SUCCESS; -HCRYPTPROV hCryptProv; +typedef DWORD (WINAPI *RtlNtStatusToDosError_t)(NTSTATUS); +RtlNtStatusToDosError_t pRtlNtStatusToDosError = NULL; /* Init the random number generator, setup the hooks, and start the thread */ int RandinitWithCheck ( int* pAlreadyInitialized) { BOOL bIgnoreHookError = FALSE; DWORD dwLastError = ERROR_SUCCESS; + HMODULE ntdll; if (GetMaxPkcs5OutSize() > RNG_POOL_SIZE) TC_THROW_FATAL_EXCEPTION; @@ -143,14 +145,14 @@ int RandinitWithCheck ( int* pAlreadyInitialized) goto error; } - if (!CryptAcquireContext (&hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) - { - CryptoAPIAvailable = FALSE; - CryptoAPILastError = GetLastError (); + ntdll = GetModuleHandleW(L"ntdll.dll"); + if (!ntdll) { + // If ntdll.dll is not found, return a fallback error code + CryptoAPILastError = ERROR_MOD_NOT_FOUND; goto error; } else - CryptoAPIAvailable = TRUE; + pRtlNtStatusToDosError = (RtlNtStatusToDosError_t)GetProcAddress(ntdll, "RtlNtStatusToDosError"); if (!(PeriodicFastPollThreadHandle = (HANDLE) _beginthreadex (NULL, 0, PeriodicFastPollThreadProc, NULL, 0, NULL))) goto error; @@ -199,12 +201,6 @@ void RandStop (BOOL freePool) hNetAPI32 = NULL; } - if (CryptoAPIAvailable) - { - CryptReleaseContext (hCryptProv, 0); - CryptoAPIAvailable = FALSE; - CryptoAPILastError = ERROR_SUCCESS; - } hMouse = NULL; hKeyboard = NULL; @@ -675,6 +671,7 @@ BOOL SlowPoll (void) DWORD dwSize, status; LPWSTR lpszLanW, lpszLanS; int nDrive; + NTSTATUS bStatus = 0; /* Find out whether this is an NT server or workstation if necessary */ if (isWorkstation == -1) @@ -783,18 +780,16 @@ BOOL SlowPoll (void) CloseHandle (hDevice); } - // CryptoAPI: We always have a valid CryptoAPI context when we arrive here but - // we keep the check for clarity purpose - if ( !CryptoAPIAvailable ) - return FALSE; - if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer)) + + bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if (NT_SUCCESS(bStatus)) { RandaddBuf (buffer, sizeof (buffer)); } else { - /* return error in case CryptGenRandom fails */ - CryptoAPILastError = GetLastError (); + /* return error in case BCryptGenRandom fails */ + CryptoAPILastError = pRtlNtStatusToDosError (bStatus); return FALSE; } @@ -838,6 +833,7 @@ BOOL FastPoll (void) MEMORYSTATUSEX memoryStatus; HANDLE handle; POINT point; + NTSTATUS bStatus = 0; /* Get various basic pieces of system information */ RandaddIntPtr (GetActiveWindow ()); /* Handle of active window */ @@ -928,18 +924,16 @@ BOOL FastPoll (void) RandaddBuf ((unsigned char *) &dwTicks, sizeof (dwTicks)); } - // CryptoAPI: We always have a valid CryptoAPI context when we arrive here but - // we keep the check for clarity purpose - if ( !CryptoAPIAvailable ) - return FALSE; - if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer)) + + bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if (NT_SUCCESS(bStatus)) { RandaddBuf (buffer, sizeof (buffer)); } else { - /* return error in case CryptGenRandom fails */ - CryptoAPILastError = GetLastError (); + /* return error in case BCryptGenRandom fails */ + CryptoAPILastError = pRtlNtStatusToDosError (bStatus); return FALSE; } |