[v2] use bcrypt instead of the old wincrypt API

Message ID 20180403095237.24936-1-robux4@ycbcr.xyz
State New
Headers show
Series
  • [v2] use bcrypt instead of the old wincrypt API
Related show

Commit Message

Steve Lhomme April 3, 2018, 9:52 a.m.
When targeting Windows Vista and above
The wincrypt API is deprecated and not allowed for Windows Store apps.

Wincrypt can be removed after XP support is dropped.
---
 configure               |  4 +++-
 libavutil/random_seed.c | 17 +++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

Comments

Martin Storsjö April 14, 2018, 9:14 p.m. | #1
On Tue, 3 Apr 2018, Steve Lhomme wrote:

> When targeting Windows Vista and above
> The wincrypt API is deprecated and not allowed for Windows Store apps.
>
> Wincrypt can be removed after XP support is dropped.
> ---
> configure               |  4 +++-
> libavutil/random_seed.c | 17 +++++++++++++++--
> 2 files changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/configure b/configure
> index 77754d0f51..0ab975bb1c 100755
> --- a/configure
> +++ b/configure
> @@ -1703,6 +1703,7 @@ SYSTEM_FUNCS="
> "
> 
> SYSTEM_LIBRARIES="
> +    bcrypt
>     sdl
>     vaapi_1
>     vaapi_drm
> @@ -2611,7 +2612,7 @@ avdevice_extralibs="libm_extralibs"
> avformat_extralibs="libm_extralibs"
> avfilter_extralibs="pthreads_extralibs libm_extralibs"
> avresample_extralibs="libm_extralibs"
> -avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
> +avutil_extralibs="bcrypt_extralibs clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
> swscale_extralibs="libm_extralibs"
> 
> # programs
> @@ -4581,6 +4582,7 @@ check_lib ole32    "windows.h"            CoTaskMemFree        -lole32
> check_lib shell32  "windows.h shellapi.h" CommandLineToArgvW   -lshell32
> check_lib wincrypt "windows.h wincrypt.h" CryptGenRandom       -ladvapi32
> check_lib psapi    "windows.h psapi.h"    GetProcessMemoryInfo -lpsapi
> +test_cpp_condition windows.h "_WIN32_WINNT >= 0x0600" && check_lib bcrypt "windows.h bcrypt.h" BCryptGenRandom  -lbcrypt
> 
> check_struct "sys/time.h sys/resource.h" "struct rusage" ru_maxrss
> 
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 089d883916..d11bff2ef6 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -23,7 +23,10 @@
> #if HAVE_UNISTD_H
> #include <unistd.h>
> #endif
> -#if HAVE_WINCRYPT
> +#if HAVE_BCRYPT
> +#include <windows.h>
> +#include <bcrypt.h>
> +#elif HAVE_WINCRYPT
> #include <windows.h>
> #include <wincrypt.h>
> #endif
> @@ -96,7 +99,17 @@ uint32_t av_get_random_seed(void)
> {
>     uint32_t seed;
> 
> -#if HAVE_WINCRYPT
> +#if HAVE_BCRYPT
> +    BCRYPT_ALG_HANDLE algo_handle;
> +    NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
> +                                               MS_PRIMITIVE_PROVIDER, 0);
> +    if (BCRYPT_SUCCESS(ret)) {
> +        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
> +        BCryptCloseAlgorithmProvider(algo_handle, 0);
> +        if (BCRYPT_SUCCESS(ret))
> +            return seed;
> +    }
> +#elif HAVE_WINCRYPT
>     HCRYPTPROV provider;
>     if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
>                             CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
> -- 
> 2.16.2

This is ok with me and I can push it (perhaps with removing the check for 
_WIN32_WINNT >= 0x600). I guess removing wincrypt can be left as a 
separate later patch?

// Martin
Martin Storsjö April 15, 2018, 8:12 p.m. | #2
On Sun, 15 Apr 2018, Martin Storsjö wrote:

> On Tue, 3 Apr 2018, Steve Lhomme wrote:
>
>> When targeting Windows Vista and above
>> The wincrypt API is deprecated and not allowed for Windows Store apps.
>>
>> Wincrypt can be removed after XP support is dropped.
>> ---
>> configure               |  4 +++-
>> libavutil/random_seed.c | 17 +++++++++++++++--
>> 2 files changed, 18 insertions(+), 3 deletions(-)
>>
>> diff --git a/configure b/configure
>> index 77754d0f51..0ab975bb1c 100755
>> --- a/configure
>> +++ b/configure
>> @@ -1703,6 +1703,7 @@ SYSTEM_FUNCS="
>> "
>> 
>> SYSTEM_LIBRARIES="
>> +    bcrypt
>>     sdl
>>     vaapi_1
>>     vaapi_drm
>> @@ -2611,7 +2612,7 @@ avdevice_extralibs="libm_extralibs"
>> avformat_extralibs="libm_extralibs"
>> avfilter_extralibs="pthreads_extralibs libm_extralibs"
>> avresample_extralibs="libm_extralibs"
>> -avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs 
> d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs 
> pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs 
> vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
>> +avutil_extralibs="bcrypt_extralibs clock_gettime_extralibs cuda_extralibs 
> cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs 
> nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs 
> vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs 
> wincrypt_extralibs"
>> swscale_extralibs="libm_extralibs"
>> 
>> # programs
>> @@ -4581,6 +4582,7 @@ check_lib ole32    "windows.h" 
> CoTaskMemFree        -lole32
>> check_lib shell32  "windows.h shellapi.h" CommandLineToArgvW   -lshell32
>> check_lib wincrypt "windows.h wincrypt.h" CryptGenRandom       -ladvapi32
>> check_lib psapi    "windows.h psapi.h"    GetProcessMemoryInfo -lpsapi
>> +test_cpp_condition windows.h "_WIN32_WINNT >= 0x0600" && check_lib bcrypt 
> "windows.h bcrypt.h" BCryptGenRandom  -lbcrypt
>> 
>> check_struct "sys/time.h sys/resource.h" "struct rusage" ru_maxrss
>> 
>> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
>> index 089d883916..d11bff2ef6 100644
>> --- a/libavutil/random_seed.c
>> +++ b/libavutil/random_seed.c
>> @@ -23,7 +23,10 @@
>> #if HAVE_UNISTD_H
>> #include <unistd.h>
>> #endif
>> -#if HAVE_WINCRYPT
>> +#if HAVE_BCRYPT
>> +#include <windows.h>
>> +#include <bcrypt.h>
>> +#elif HAVE_WINCRYPT
>> #include <windows.h>
>> #include <wincrypt.h>
>> #endif
>> @@ -96,7 +99,17 @@ uint32_t av_get_random_seed(void)
>> {
>>     uint32_t seed;
>> 
>> -#if HAVE_WINCRYPT
>> +#if HAVE_BCRYPT
>> +    BCRYPT_ALG_HANDLE algo_handle;
>> +    NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, 
> BCRYPT_RNG_ALGORITHM,
>> +                                               MS_PRIMITIVE_PROVIDER, 0);
>> +    if (BCRYPT_SUCCESS(ret)) {
>> +        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, 
> sizeof(seed), 0);
>> +        BCryptCloseAlgorithmProvider(algo_handle, 0);
>> +        if (BCRYPT_SUCCESS(ret))
>> +            return seed;
>> +    }
>> +#elif HAVE_WINCRYPT
>>     HCRYPTPROV provider;
>>     if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
>>                             CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
>> -- 
>> 2.16.2
>
> This is ok with me and I can push it (perhaps with removing the check for 
> _WIN32_WINNT >= 0x600). I guess removing wincrypt can be left as a 
> separate later patch?

As the form pushed in ffmpeg was with removing wincrypt at the same time, 
I'd prefer using that form here as well. I'll send a version of the patch 
in that form, and push a day later unless there's anything further to 
change.

// Martin

Patch

diff --git a/configure b/configure
index 77754d0f51..0ab975bb1c 100755
--- a/configure
+++ b/configure
@@ -1703,6 +1703,7 @@  SYSTEM_FUNCS="
 "
 
 SYSTEM_LIBRARIES="
+    bcrypt
     sdl
     vaapi_1
     vaapi_drm
@@ -2611,7 +2612,7 @@  avdevice_extralibs="libm_extralibs"
 avformat_extralibs="libm_extralibs"
 avfilter_extralibs="pthreads_extralibs libm_extralibs"
 avresample_extralibs="libm_extralibs"
-avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
+avutil_extralibs="bcrypt_extralibs clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
 swscale_extralibs="libm_extralibs"
 
 # programs
@@ -4581,6 +4582,7 @@  check_lib ole32    "windows.h"            CoTaskMemFree        -lole32
 check_lib shell32  "windows.h shellapi.h" CommandLineToArgvW   -lshell32
 check_lib wincrypt "windows.h wincrypt.h" CryptGenRandom       -ladvapi32
 check_lib psapi    "windows.h psapi.h"    GetProcessMemoryInfo -lpsapi
+test_cpp_condition windows.h "_WIN32_WINNT >= 0x0600" && check_lib bcrypt "windows.h bcrypt.h" BCryptGenRandom  -lbcrypt
 
 check_struct "sys/time.h sys/resource.h" "struct rusage" ru_maxrss
 
diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 089d883916..d11bff2ef6 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -23,7 +23,10 @@ 
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#if HAVE_WINCRYPT
+#if HAVE_BCRYPT
+#include <windows.h>
+#include <bcrypt.h>
+#elif HAVE_WINCRYPT
 #include <windows.h>
 #include <wincrypt.h>
 #endif
@@ -96,7 +99,17 @@  uint32_t av_get_random_seed(void)
 {
     uint32_t seed;
 
-#if HAVE_WINCRYPT
+#if HAVE_BCRYPT
+    BCRYPT_ALG_HANDLE algo_handle;
+    NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
+                                               MS_PRIMITIVE_PROVIDER, 0);
+    if (BCRYPT_SUCCESS(ret)) {
+        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
+        BCryptCloseAlgorithmProvider(algo_handle, 0);
+        if (BCRYPT_SUCCESS(ret))
+            return seed;
+    }
+#elif HAVE_WINCRYPT
     HCRYPTPROV provider;
     if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
                             CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {