VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-11-13 02:04:13 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-11-13 02:04:13 +0100
commitec4b44c238b47e11eee327a8dc4d74b90175eab2 (patch)
treeca6f194804c7fa136fca4b378c09ab16bab62ef7 /src
parenta1ade61c59abe516d12d0720ef34fd4b6a31fd4c (diff)
downloadVeraCrypt-ec4b44c238b47e11eee327a8dc4d74b90175eab2.tar.gz
VeraCrypt-ec4b44c238b47e11eee327a8dc4d74b90175eab2.zip
Windows: Use BCryptGenRandom instead of deprecated CryptGenRandom to generate secure random bytes
Diffstat (limited to 'src')
-rw-r--r--src/Common/Random.c48
1 files changed, 21 insertions, 27 deletions
diff --git a/src/Common/Random.c b/src/Common/Random.c
index ee3fcf53..0be4d601 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -19,6 +19,7 @@
#include "Crypto\jitterentropy.h"
#include "Crypto\rdrand.h"
#include <Strsafe.h>
+#include <bcrypt.h>
static unsigned __int8 buffer[RNG_POOL_SIZE];
static unsigned char *pRandPool = NULL;
@@ -89,16 +90,17 @@ BOOL volatile bThreadTerminate = FALSE; /* This variable is shared among thread'
HANDLE hNetAPI32 = NULL;
// CryptoAPI
-BOOL CryptoAPIAvailable = FALSE;
DWORD CryptoAPILastError = ERROR_SUCCESS;
-HCRYPTPROV hCryptProv;
+typedef DWORD (WINAPI *RtlNtStatusToDosError_t)(NTSTATUS);
+RtlNtStatusToDosError_t pRtlNtStatusToDosError = NULL;
/* Init the random number generator, setup the hooks, and start the thread */
int RandinitWithCheck ( int* pAlreadyInitialized)
{
BOOL bIgnoreHookError = FALSE;
DWORD dwLastError = ERROR_SUCCESS;
+ HMODULE ntdll;
if (GetMaxPkcs5OutSize() > RNG_POOL_SIZE)
TC_THROW_FATAL_EXCEPTION;
@@ -143,14 +145,14 @@ int RandinitWithCheck ( int* pAlreadyInitialized)
goto error;
}
- if (!CryptAcquireContext (&hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
- {
- CryptoAPIAvailable = FALSE;
- CryptoAPILastError = GetLastError ();
+ ntdll = GetModuleHandleW(L"ntdll.dll");
+ if (!ntdll) {
+ // If ntdll.dll is not found, return a fallback error code
+ CryptoAPILastError = ERROR_MOD_NOT_FOUND;
goto error;
}
else
- CryptoAPIAvailable = TRUE;
+ pRtlNtStatusToDosError = (RtlNtStatusToDosError_t)GetProcAddress(ntdll, "RtlNtStatusToDosError");
if (!(PeriodicFastPollThreadHandle = (HANDLE) _beginthreadex (NULL, 0, PeriodicFastPollThreadProc, NULL, 0, NULL)))
goto error;
@@ -199,12 +201,6 @@ void RandStop (BOOL freePool)
hNetAPI32 = NULL;
}
- if (CryptoAPIAvailable)
- {
- CryptReleaseContext (hCryptProv, 0);
- CryptoAPIAvailable = FALSE;
- CryptoAPILastError = ERROR_SUCCESS;
- }
hMouse = NULL;
hKeyboard = NULL;
@@ -675,6 +671,7 @@ BOOL SlowPoll (void)
DWORD dwSize, status;
LPWSTR lpszLanW, lpszLanS;
int nDrive;
+ NTSTATUS bStatus = 0;
/* Find out whether this is an NT server or workstation if necessary */
if (isWorkstation == -1)
@@ -783,18 +780,16 @@ BOOL SlowPoll (void)
CloseHandle (hDevice);
}
- // CryptoAPI: We always have a valid CryptoAPI context when we arrive here but
- // we keep the check for clarity purpose
- if ( !CryptoAPIAvailable )
- return FALSE;
- if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer))
+
+ bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
+ if (NT_SUCCESS(bStatus))
{
RandaddBuf (buffer, sizeof (buffer));
}
else
{
- /* return error in case CryptGenRandom fails */
- CryptoAPILastError = GetLastError ();
+ /* return error in case BCryptGenRandom fails */
+ CryptoAPILastError = pRtlNtStatusToDosError (bStatus);
return FALSE;
}
@@ -838,6 +833,7 @@ BOOL FastPoll (void)
MEMORYSTATUSEX memoryStatus;
HANDLE handle;
POINT point;
+ NTSTATUS bStatus = 0;
/* Get various basic pieces of system information */
RandaddIntPtr (GetActiveWindow ()); /* Handle of active window */
@@ -928,18 +924,16 @@ BOOL FastPoll (void)
RandaddBuf ((unsigned char *) &dwTicks, sizeof (dwTicks));
}
- // CryptoAPI: We always have a valid CryptoAPI context when we arrive here but
- // we keep the check for clarity purpose
- if ( !CryptoAPIAvailable )
- return FALSE;
- if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer))
+
+ bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
+ if (NT_SUCCESS(bStatus))
{
RandaddBuf (buffer, sizeof (buffer));
}
else
{
- /* return error in case CryptGenRandom fails */
- CryptoAPILastError = GetLastError ();
+ /* return error in case BCryptGenRandom fails */
+ CryptoAPILastError = pRtlNtStatusToDosError (bStatus);
return FALSE;
}