Windows: Add option to enable use of CPU RDRAND/RDSEED as source of entropy which is now disabled by default

2025-11-12 19:38:26 -06:00 · 2019-02-07 15:24:56 +01:00
parent 6bb1f24ed5
commit e5b9cee868
48 changed files with 108 additions and 15 deletions
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -820,7 +820,10 @@ void LoadSettingsAndCheckModified (HWND hwndDlg, BOOL bOnlyCheckModified, BOOL*
 {
 	char langid[6] = {0};
 	if (!bOnlyCheckModified)
+	{
 	   EnableHwEncryption ((ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
+	   EnableCpuRng ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);
+	}

 	WipeAlgorithmId savedWipeAlgorithm = TC_WIPE_NONE;

@@ -11099,6 +11102,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 				EnableWindow (GetDlgItem (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG), FALSE);
 			}

+			if (HasRDRAND() || HasRDSEED())
+			{
+				CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG, (driverConfig & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? BST_CHECKED : BST_UNCHECKED);
+			}
+			else
+			{
+				CheckDlgButton (hwndDlg, IDC_ENABLE_CPU_RNG,  BST_UNCHECKED);
+				EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_CPU_RNG), FALSE);
+			}
+
 			SYSTEM_INFO sysInfo;
 			GetSystemInfo (&sysInfo);

@@ -11154,6 +11167,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 				}

 				BOOL disableHW = !IsDlgButtonChecked (hwndDlg, IDC_ENABLE_HARDWARE_ENCRYPTION);
+				BOOL enableCpuRng = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_CPU_RNG);
 				BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
 				BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
 				BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
@@ -11196,12 +11210,14 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 					SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM, allowTrimCommand);
 					if (IsOSAtLeast (WIN_8_1))
 						SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG, allowWindowsDefrag);
+					SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_CPU_RNG, enableCpuRng);

 					DWORD bytesReturned;
 					if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
 						handleWin32Error (hwndDlg, SRC_POS);

 					EnableHwEncryption (!disableHW);
+					EnableCpuRng (enableCpuRng);

 					uint32 cpuFreeCount = 0;
 					if (IsDlgButtonChecked (hwndDlg, IDC_LIMIT_ENC_THREAD_POOL))
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -311,7 +311,7 @@ BEGIN
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
 END

-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 265
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 279
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - Performance Options"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -329,15 +329,17 @@ BEGIN
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
    CONTROL         "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
-    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,244,59,14
-    DEFPUSHBUTTON   "OK",IDOK,257,244,50,14
-    PUSHBUTTON      "Cancel",IDCANCEL,314,244,50,14
+    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,258,59,14
+    DEFPUSHBUTTON   "OK",IDOK,257,258,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,314,258,50,14
    LTEXT           "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
    GROUPBOX        "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
    GROUPBOX        "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
-    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,58
+    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,72
    CONTROL         "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
+    CONTROL         "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
 END

 IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -506,7 +508,7 @@ BEGIN
        LEFTMARGIN, 7
        RIGHTMARGIN, 364
        TOPMARGIN, 7
-        BOTTOMMARGIN, 258
+        BOTTOMMARGIN, 272
    END

    IDD_FAVORITE_VOLUMES, DIALOG
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -192,6 +192,7 @@
 #define IDC_ALLOW_WINDOWS_DEFRAG        1169
 #define IDC_LOWER_BOX                   1170
 #define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
+#define IDC_ENABLE_CPU_RNG              1172
 #define IDM_HELP                        40001
 #define IDM_ABOUT                       40002
 #define IDM_UNMOUNT_VOLUME              40003
@@ -268,7 +269,7 @@
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        120
 #define _APS_NEXT_COMMAND_VALUE         40069
-#define _APS_NEXT_CONTROL_VALUE         1172
+#define _APS_NEXT_CONTROL_VALUE         1173
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif