This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/lib/Support/Windows/
-
lib/
-
Support/
-
Windows/
1/2
Process.inc

Differential D77553

[Support,Windows] Tolerate failure of CryptGenRandom
ClosedPublic

Authored by simon_tatham on Apr 6 2020, 7:55 AM.

Download Raw Diff

Details

Reviewers

hans
sammccall

Commits

rGaab9e9de4d99: [Support,Windows] Tolerate failure of CryptGenRandom

Summary

In Unix/Process.inc, we seed a random number generator from
/dev/urandom if possible, but if not, we're happy to fall back to
ordinary pseudorandom strategies, like the current time and PID.

The corresponding function on Windows calls CryptGenRandom, but it
doesn't have a fallback if that strategy fails. But CryptGenRandom
can fail, if a cryptography provider isn't properly initialized, or
occasionally (by our observation) simply intermittently.

If it's reasonable on Unix to implement traditional pseudorandom-number
seeding as a fallback, then it's surely reasonable to do the same on
Windows. So this patch adds a last-ditch use of ordinary rand(), using
much the same strategy as the Unix fallback code.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

simon_tatham created this revision.Apr 6 2020, 7:55 AM

Herald added a project: Restricted Project. · View Herald TranscriptApr 6 2020, 7:55 AM

Herald added subscribers: llvm-commits, hiraditya. · View Herald Transcript

Harbormaster failed remote builds in B51950: Diff 255342!Apr 6 2020, 9:45 AM

Seems reasonable to me.

llvm/lib/Support/Windows/Process.inc
455	Why do you need the static_cast<void>?

This revision is now accepted and ready to land.Apr 6 2020, 9:58 AM

simon_tatham marked an inline comment as done.Apr 7 2020, 1:12 AM

simon_tatham added inline comments.

llvm/lib/Support/Windows/Process.inc
455	I must admit that I copied the idiom from the corresponding function in `unix/Process.inc` without really thinking about what the cast was doing there. But now I look, it was added on purpose in rL261270, apparently in the expectation that at some point it would be useful for suppress a warning.

Closed by commit rGaab9e9de4d99: [Support,Windows] Tolerate failure of CryptGenRandom (authored by simon_tatham). · Explain WhyApr 7 2020, 1:36 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

lib/

Support/

Windows/

Process.inc

40 lines

Diff 255613

llvm/lib/Support/Windows/Process.inc

	Show First 20 Lines • Show All 433 Lines • ▼ Show 20 Lines
	}			}

	const char *Process::ResetColor() {			const char *Process::ResetColor() {
	if (UseANSI) return "\033[0m";			if (UseANSI) return "\033[0m";
	SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), defaultColors());			SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), defaultColors());
	return 0;			return 0;
	}			}

				static unsigned GetRandomNumberSeed() {
				// Generate a random number seed from the millisecond-resolution Windows
				// system clock and the current process id.
				FILETIME Time;
				GetSystemTimeAsFileTime(&Time);
				DWORD Pid = GetCurrentProcessId();
				return hash_combine(Time.dwHighDateTime, Time.dwLowDateTime, Pid);
				}

				static unsigned GetPseudoRandomNumber() {
				// Arrange to call srand once when this function is first used, and
				// otherwise (if GetRandomNumber always succeeds in using
				// CryptGenRandom) don't bother at all.
				static int x = (static_cast<void>(::srand(GetRandomNumberSeed())), 0);
				hansUnsubmitted Not Done Reply Inline Actions Why do you need the static_cast<void>? hans: Why do you need the static_cast<void>?
				simon_tathamAuthorUnsubmitted Done Reply Inline Actions I must admit that I copied the idiom from the corresponding function in `unix/Process.inc` without really thinking about what the cast was doing there. But now I look, it was added on purpose in rL261270, apparently in the expectation that at some point it would be useful for suppress a warning. simon_tatham: I must admit that I copied the idiom from the corresponding function in `unix/Process.inc`…
				(void)x;
				return ::rand();
				}

	unsigned Process::GetRandomNumber() {			unsigned Process::GetRandomNumber() {
				// Try to use CryptGenRandom.
	HCRYPTPROV HCPC;			HCRYPTPROV HCPC;
	if (!::CryptAcquireContextW(&HCPC, NULL, NULL, PROV_RSA_FULL,			if (::CryptAcquireContextW(&HCPC, NULL, NULL, PROV_RSA_FULL,
	CRYPT_VERIFYCONTEXT))			CRYPT_VERIFYCONTEXT)) {
	ReportLastErrorFatal("Could not acquire a cryptographic context");

	ScopedCryptContext CryptoProvider(HCPC);			ScopedCryptContext CryptoProvider(HCPC);
	unsigned Ret;			unsigned Ret;
	if (!::CryptGenRandom(CryptoProvider, sizeof(Ret),			if (::CryptGenRandom(CryptoProvider, sizeof(Ret),
	reinterpret_cast<BYTE *>(&Ret)))			reinterpret_cast<BYTE *>(&Ret)))
	ReportLastErrorFatal("Could not generate a random number");
	return Ret;			return Ret;
	}			}

				// If that fails, fall back to pseudo-random numbers.
				return GetPseudoRandomNumber();
				}

	typedef NTSTATUS(WINAPI* RtlGetVersionPtr)(PRTL_OSVERSIONINFOW);			typedef NTSTATUS(WINAPI* RtlGetVersionPtr)(PRTL_OSVERSIONINFOW);
	#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)			#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)

	llvm::VersionTuple llvm::GetWindowsOSVersion() {			llvm::VersionTuple llvm::GetWindowsOSVersion() {
	HMODULE hMod = ::GetModuleHandleW(L"ntdll.dll");			HMODULE hMod = ::GetModuleHandleW(L"ntdll.dll");
	if (hMod) {			if (hMod) {
	auto getVer = (RtlGetVersionPtr)::GetProcAddress(hMod, "RtlGetVersion");			auto getVer = (RtlGetVersionPtr)::GetProcAddress(hMod, "RtlGetVersion");
	if (getVer) {			if (getVer) {
	Show All 15 Lines