Windows vulnerability fix: CryptAcquireContext vulnerability fix. Add checks to random generator to abort in case of error and display a diagnose message to the user.

2025-11-11 11:08:02 -06:00 · 2015-04-05 22:21:59 +02:00
parent a284922ce4
commit 2784652ab8
13 changed files with 171 additions and 24 deletions
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1383,7 +1383,12 @@ namespace VeraCrypt
 		request.WipeAlgorithm = wipeAlgorithm;
 		
 		if (Randinit() != ERR_SUCCESS)
-			throw ParameterIncorrect (SRC_POS);
+		{
+			if (CryptoAPILastError == ERROR_SUCCESS)
+				throw RandInitFailed (SRC_POS, GetLastError ());
+			else
+				throw CryptoApiFailed (SRC_POS, CryptoAPILastError);
+		}

 		/* force the display of the random enriching dialog */
 		SetRandomPoolEnrichedByUserStatus (FALSE);
@@ -1421,9 +1426,17 @@ namespace VeraCrypt

 	void BootEncryption::WipeHiddenOSCreationConfig ()
 	{
-		if (IsHiddenOSRunning() || Randinit() != ERR_SUCCESS)
+		if (IsHiddenOSRunning())
 			throw ParameterIncorrect (SRC_POS);

+		if (Randinit() != ERR_SUCCESS)
+		{
+			if (CryptoAPILastError == ERROR_SUCCESS)
+				throw RandInitFailed (SRC_POS, GetLastError ());
+			else
+				throw CryptoApiFailed (SRC_POS, CryptoAPILastError);
+		}
+
 		Device device (GetSystemDriveConfiguration().DevicePath);
 		device.CheckOpened();
 		byte mbr[TC_SECTOR_SIZE_BIOS];
@@ -2280,7 +2293,13 @@ namespace VeraCrypt
 			RandSetHashFunction (pkcs5);
 		}

-		throw_sys_if (Randinit () != 0);
+		if (Randinit() != 0)
+		{
+			if (CryptoAPILastError == ERROR_SUCCESS)
+				throw RandInitFailed (SRC_POS, GetLastError ());
+			else
+				throw CryptoApiFailed (SRC_POS, CryptoAPILastError);
+		}
 		finally_do ({ RandStop (FALSE); });

 		/* force the display of the random enriching dialog */