diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go index a5ccd19de32994..107e154494c742 100644 --- a/src/crypto/rand/rand.go +++ b/src/crypto/rand/rand.go @@ -14,7 +14,7 @@ import "io" // On Linux and FreeBSD, Reader uses getrandom(2) if available, /dev/urandom otherwise. // On OpenBSD, Reader uses getentropy(2). // On other Unix-like systems, Reader reads from /dev/urandom. -// On Windows systems, Reader uses the CryptGenRandom API. +// On Windows systems, Reader uses the BCryptGenRandom API. // On Wasm, Reader uses the Web Crypto API. var Reader io.Reader diff --git a/src/crypto/rand/rand_windows.go b/src/crypto/rand/rand_windows.go index 78a4ed6d67b5c8..3088f2db1169cf 100644 --- a/src/crypto/rand/rand_windows.go +++ b/src/crypto/rand/rand_windows.go @@ -9,48 +9,19 @@ package rand import ( "os" - "sync" - "sync/atomic" "syscall" - "time" ) -// Implemented by using Windows CryptoAPI 2.0. +// Implemented by using the Cryptography Next Generation (CNG) API. func init() { Reader = &rngReader{} } -// A rngReader satisfies reads by reading from the Windows CryptGenRandom API. -type rngReader struct { - used int32 // atomic; whether this rngReader has been used - prov syscall.Handle - mu sync.Mutex -} +type rngReader struct{} func (r *rngReader) Read(b []byte) (n int, err error) { - if atomic.CompareAndSwapInt32(&r.used, 0, 1) { - // First use of randomness. Start timer to warn about - // being blocked on entropy not being available. - t := time.AfterFunc(60*time.Second, warnBlocked) - defer t.Stop() - } - r.mu.Lock() - if r.prov == 0 { - const provType = syscall.PROV_RSA_FULL - const flags = syscall.CRYPT_VERIFYCONTEXT | syscall.CRYPT_SILENT - err := syscall.CryptAcquireContext(&r.prov, nil, nil, provType, flags) - if err != nil { - r.mu.Unlock() - return 0, os.NewSyscallError("CryptAcquireContext", err) - } - } - r.mu.Unlock() - - if len(b) == 0 { - return 0, nil - } - err = syscall.CryptGenRandom(r.prov, uint32(len(b)), &b[0]) + err = syscall.BCryptGenRandom(nil, &b[0], uint32(len(b)), syscall.BCRYPT_USE_SYSTEM_PREFERRED_RNG) if err != nil { - return 0, os.NewSyscallError("CryptGenRandom", err) + return 0, os.NewSyscallError("BCryptGenRandom", err) } - return len(b), nil + return int(uint32(len(b))), nil } diff --git a/src/syscall/syscall_windows.go b/src/syscall/syscall_windows.go index 89c0a930cb6b93..3ff323940861c4 100644 --- a/src/syscall/syscall_windows.go +++ b/src/syscall/syscall_windows.go @@ -234,6 +234,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) = advapi32.CryptAcquireContextW //sys CryptReleaseContext(provhandle Handle, flags uint32) (err error) = advapi32.CryptReleaseContext //sys CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) = advapi32.CryptGenRandom +//sys BCryptGenRandom(algorithmhandle Handle, buf *uint8, buflen uint32, flags uint32) (err error) = bcrypt.BCryptGenRandom //sys GetEnvironmentStrings() (envs *uint16, err error) [failretval==nil] = kernel32.GetEnvironmentStringsW //sys FreeEnvironmentStrings(envs *uint16) (err error) = kernel32.FreeEnvironmentStringsW //sys GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) = kernel32.GetEnvironmentVariableW diff --git a/src/syscall/types_windows.go b/src/syscall/types_windows.go index 0349f3b180dea0..2f5b906fe2dbdc 100644 --- a/src/syscall/types_windows.go +++ b/src/syscall/types_windows.go @@ -241,6 +241,9 @@ const ( CRYPT_SILENT = 0x00000040 CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x00000080 + // bcrypt.h + BCRYPT_USE_SYSTEM_PREFERRED_RNG = 0x00000002 + USAGE_MATCH_TYPE_AND = 0 USAGE_MATCH_TYPE_OR = 1 diff --git a/src/syscall/zsyscall_windows.go b/src/syscall/zsyscall_windows.go index 2348f6534f7af7..be54bd16f1d825 100644 --- a/src/syscall/zsyscall_windows.go +++ b/src/syscall/zsyscall_windows.go @@ -35,17 +35,18 @@ func errnoErr(e Errno) error { } var ( - modkernel32 = NewLazyDLL(sysdll.Add("kernel32.dll")) - modadvapi32 = NewLazyDLL(sysdll.Add("advapi32.dll")) - modshell32 = NewLazyDLL(sysdll.Add("shell32.dll")) - modmswsock = NewLazyDLL(sysdll.Add("mswsock.dll")) - modcrypt32 = NewLazyDLL(sysdll.Add("crypt32.dll")) - modws2_32 = NewLazyDLL(sysdll.Add("ws2_32.dll")) - moddnsapi = NewLazyDLL(sysdll.Add("dnsapi.dll")) - modiphlpapi = NewLazyDLL(sysdll.Add("iphlpapi.dll")) - modsecur32 = NewLazyDLL(sysdll.Add("secur32.dll")) - modnetapi32 = NewLazyDLL(sysdll.Add("netapi32.dll")) - moduserenv = NewLazyDLL(sysdll.Add("userenv.dll")) + modkernel32 = NewLazyDLL(sysdll.Add("kernel32.dll") + modadvapi32 = NewLazyDLL(sysdll.Add("advapi32.dll") + modbcrypt = NewLazyDLL(sysdll.Add("bcrypt.dll") + modshell32 = NewLazyDLL(sysdll.Add("shell32.dll") + modmswsock = NewLazyDLL(sysdll.Add("mswsock.dll") + modcrypt32 = NewLazyDLL(sysdll.Add("crypt32.dll") + modws2_32 = NewLazyDLL(sysdll.Add("ws2_32.dll") + moddnsapi = NewLazyDLL(sysdll.Add("dnsapi.dll") + modiphlpapi = NewLazyDLL(sysdll.Add("iphlpapi.dll") + modsecur32 = NewLazyDLL(sysdll.Add("secur32.dll") + modnetapi32 = NewLazyDLL(sysdll.Add("netapi32.dll") + moduserenv = NewLazyDLL(sysdll.Add("userenv.dll") procGetLastError = modkernel32.NewProc("GetLastError") procLoadLibraryW = modkernel32.NewProc("LoadLibraryW") @@ -95,6 +96,7 @@ var ( procCryptAcquireContextW = modadvapi32.NewProc("CryptAcquireContextW") procCryptReleaseContext = modadvapi32.NewProc("CryptReleaseContext") procCryptGenRandom = modadvapi32.NewProc("CryptGenRandom") + procBCryptGenRandom = modbcrypt.NewProc("BCryptGenRandom") procGetEnvironmentStringsW = modkernel32.NewProc("GetEnvironmentStringsW") procFreeEnvironmentStringsW = modkernel32.NewProc("FreeEnvironmentStringsW") procGetEnvironmentVariableW = modkernel32.NewProc("GetEnvironmentVariableW") @@ -821,6 +823,18 @@ func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) { return } +func BCryptGenRandom(algorithmhandle Handle, buf *uint8, buflen uint32, flags uint32) (err error) { + r1, _, e1 := Syscall6(procBCryptGenRandom.Addr(), 4, uintptr(algorithmhandle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(flags), 0, 0) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = EINVAL + } + } + return +} + func GetEnvironmentStrings() (envs *uint16, err error) { r0, _, e1 := Syscall(procGetEnvironmentStringsW.Addr(), 0, 0, 0, 0) envs = (*uint16)(unsafe.Pointer(r0))