Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: If Secure Desktop is started and random generator was not initialized before us, then stop random generator after we finish in order to avoid consuming CPU because of periodic fast poll thread. Next time a critical operation that requires RNG is performed, it will be initialized again. We do this because since the addition of secure desktop support, every time secure desktop is displayed, the RNG fast poll thread was started even if the user will never perform any critical operation that requires random bytes.

Browse Source
This commit is contained in:
Mounir IDRASSI
2019-10-03 19:30:50 +02:00
parent 1298f83aa4
commit ccda60f82f
1 changed files with 70 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/Common/Dlgcode.c
View File

@@ -13392,7 +13392,8 @@ BOOL DeleteDirectory (const wchar_t* szDirName)
static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCount)
{
BOOL bRet = FALSE;
if (Randinit () != ERR_SUCCESS)
int alreadyInitialized = 0;
if (RandinitWithCheck (&alreadyInitialized) != ERR_SUCCESS)
{
handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);
}
@@ -13416,6 +13417,19 @@ static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCou
}
burn (indexes, maxCharsCount + 1);
free (indexes);
/* If RNG was not initialized before us, then stop it in order to
* stop the fast poll thread which consumes CPU. Next time a critical operation
* that requires RNG is performed, it will be initialized again.
*
* We do this because since the addition of secure desktop support, every time
* secure desktop is displayed, the RNG fast poll thread was started even if the
* user will never perform any critical operation that requires random bytes.
*/
if (!alreadyInitialized)
{
RandStop (FALSE);
}
}
return bRet;
@@ -13583,7 +13597,13 @@ INT_PTR SecureDesktopDialogBoxParam(
INT_PTR retValue = 0;
BOOL bEffectiveUseSecureDesktop = bCmdUseSecureDesktopValid? bCmdUseSecureDesktop : bUseSecureDesktop;
if (bEffectiveUseSecureDesktop && GenerateRandomString (hWndParent, szDesktopName, 64))
if (bEffectiveUseSecureDesktop)
{
EnterCriticalSection (&csSecureDesktop);
bSecureDesktopOngoing = TRUE;
finally_do ({ bSecureDesktopOngoing = FALSE; LeaveCriticalSection (&csSecureDesktop); });
if (GenerateRandomString (hWndParent, szDesktopName, 64))
{
map<DWORD, BOOL> ctfmonBeforeList, ctfmonAfterList;
DWORD desktopAccess = DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
@@ -13591,10 +13611,6 @@ INT_PTR SecureDesktopDialogBoxParam(
HDESK hInputDesk = NULL;
EnterCriticalSection (&csSecureDesktop);
bSecureDesktopOngoing = TRUE;
finally_do ({ bSecureDesktopOngoing = FALSE; LeaveCriticalSection (&csSecureDesktop); });
// wait for the input desktop to be available before switching to
// secure desktop. Under Windows 10, the user session can be started
// in the background even before the user has authenticated and in this
@@ -13654,6 +13670,7 @@ INT_PTR SecureDesktopDialogBoxParam(
burn (szDesktopName, sizeof (szDesktopName));
}
}
if (!bSuccess)
{