Windows: Use BCryptGenRandom instead of deprecated CryptGenRandom to generate secure random bytes

src/Common/Random.c

@@ -19,6 +19,7 @@
 #include "Crypto\jitterentropy.h"
 #include "Crypto\rdrand.h"
 #include <Strsafe.h>
+#include <bcrypt.h>
 
 static unsigned __int8 buffer[RNG_POOL_SIZE];
 static unsigned char *pRandPool = NULL;
@@ -89,16 +90,17 @@ BOOL volatile bThreadTerminate = FALSE;	/* This variable is shared among thread'
 HANDLE hNetAPI32 = NULL;
 
 // CryptoAPI
-BOOL CryptoAPIAvailable = FALSE;
 DWORD CryptoAPILastError = ERROR_SUCCESS;
-HCRYPTPROV hCryptProv;
 
+typedef DWORD (WINAPI *RtlNtStatusToDosError_t)(NTSTATUS);
+RtlNtStatusToDosError_t pRtlNtStatusToDosError = NULL;
 
 /* Init the random number generator, setup the hooks, and start the thread */
 int RandinitWithCheck ( int* pAlreadyInitialized)
 {
 	BOOL bIgnoreHookError = FALSE;
 	DWORD dwLastError = ERROR_SUCCESS;
+	HMODULE ntdll;
 	if (GetMaxPkcs5OutSize() > RNG_POOL_SIZE)
 		TC_THROW_FATAL_EXCEPTION;
 
@@ -143,14 +145,14 @@ int RandinitWithCheck ( int* pAlreadyInitialized)
 		goto error;
 	}
 
-	if (!CryptAcquireContext (&hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+	ntdll = GetModuleHandleW(L"ntdll.dll");
-	{
+	if (!ntdll) {
-		CryptoAPIAvailable = FALSE;
+		// If ntdll.dll is not found, return a fallback error code
-		CryptoAPILastError = GetLastError ();
+		CryptoAPILastError = ERROR_MOD_NOT_FOUND;
 		goto error;
 	}
 	else
-		CryptoAPIAvailable = TRUE;
+		pRtlNtStatusToDosError = (RtlNtStatusToDosError_t)GetProcAddress(ntdll, "RtlNtStatusToDosError");
 
 	if (!(PeriodicFastPollThreadHandle = (HANDLE) _beginthreadex (NULL, 0, PeriodicFastPollThreadProc, NULL, 0, NULL)))
 		goto error;
@@ -199,12 +201,6 @@ void RandStop (BOOL freePool)
 		hNetAPI32 = NULL;
 	}
 
-	if (CryptoAPIAvailable)
-	{
-		CryptReleaseContext (hCryptProv, 0);
-		CryptoAPIAvailable = FALSE;
-		CryptoAPILastError = ERROR_SUCCESS;
-	}
 
 	hMouse = NULL;
 	hKeyboard = NULL;
@@ -675,6 +671,7 @@ BOOL SlowPoll (void)
 	DWORD dwSize, status;
 	LPWSTR lpszLanW, lpszLanS;
 	int nDrive;
+	NTSTATUS bStatus = 0;
 
 	/* Find out whether this is an NT server or workstation if necessary */
 	if (isWorkstation == -1)
@@ -783,18 +780,16 @@ BOOL SlowPoll (void)
 		CloseHandle (hDevice);
 	}
 
-	// CryptoAPI: We always have a valid CryptoAPI context when we arrive here but
+
-	//            we keep the check for clarity purpose
+	bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
-	if ( !CryptoAPIAvailable )
+	if (NT_SUCCESS(bStatus))
-		return FALSE;
-	if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer))
 	{
 		RandaddBuf (buffer, sizeof (buffer));
 	}
 	else
 	{
-		/* return error in case CryptGenRandom fails */
+		/* return error in case BCryptGenRandom fails */
-		CryptoAPILastError = GetLastError ();
+		CryptoAPILastError = pRtlNtStatusToDosError (bStatus);
 		return FALSE;
 	}
 
@@ -838,6 +833,7 @@ BOOL FastPoll (void)
 	MEMORYSTATUSEX memoryStatus;
 	HANDLE handle;
 	POINT point;
+	NTSTATUS bStatus = 0;
 
 	/* Get various basic pieces of system information */
 	RandaddIntPtr (GetActiveWindow ());	/* Handle of active window */
@@ -928,18 +924,16 @@ BOOL FastPoll (void)
 		RandaddBuf ((unsigned char *) &dwTicks, sizeof (dwTicks));
 	}
 
-	// CryptoAPI: We always have a valid CryptoAPI context when we arrive here but
+
-	//            we keep the check for clarity purpose
+	bStatus = BCryptGenRandom(NULL, buffer, sizeof(buffer), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
-	if ( !CryptoAPIAvailable )
+	if (NT_SUCCESS(bStatus))
-		return FALSE;
-	if (CryptGenRandom (hCryptProv, sizeof (buffer), buffer))
 	{
 		RandaddBuf (buffer, sizeof (buffer));
 	}
 	else
 	{
-		/* return error in case CryptGenRandom fails */
+		/* return error in case BCryptGenRandom fails */
-		CryptoAPILastError = GetLastError ();
+		CryptoAPILastError = pRtlNtStatusToDosError (bStatus);
 		return FALSE;
 	}