random_seed: use bcrypt instead of the old wincrypt API

Message ID 20180415201740.80240-1-martin@martin.st
State New
Headers show
Series
  • random_seed: use bcrypt instead of the old wincrypt API
Related show

Commit Message

Martin Storsjö April 15, 2018, 8:17 p.m.
From: Steve Lhomme <robux4@ycbcr.xyz>

Remove the wincrypt API calls since we don't support XP anymore and
bcrypt is available since Vista, even on Windows Store builds.
---
 configure               |  6 +++---
 libavutil/random_seed.c | 19 ++++++++++---------
 2 files changed, 13 insertions(+), 12 deletions(-)

Comments

James Almer April 15, 2018, 9:56 p.m. | #1
On 4/15/2018 5:17 PM, Martin Storsjö wrote:
> From: Steve Lhomme <robux4@ycbcr.xyz>
> 
> Remove the wincrypt API calls since we don't support XP anymore and
> bcrypt is available since Vista, even on Windows Store builds.
> ---
>  configure               |  6 +++---
>  libavutil/random_seed.c | 19 ++++++++++---------
>  2 files changed, 13 insertions(+), 12 deletions(-)
> 
> diff --git a/configure b/configure
> index 3c7b6a0981..0eba9b24f3 100755
> --- a/configure
> +++ b/configure
> @@ -1703,12 +1703,12 @@ SYSTEM_FUNCS="
>  "
>  
>  SYSTEM_LIBRARIES="
> +    bcrypt
>      sdl
>      vaapi_1
>      vaapi_drm
>      vaapi_x11
>      vdpau_x11
> -    wincrypt
>  "
>  
>  TOOLCHAIN_FEATURES="
> @@ -2610,7 +2610,7 @@ avdevice_extralibs="libm_extralibs"
>  avformat_extralibs="libm_extralibs"
>  avfilter_extralibs="pthreads_extralibs libm_extralibs"
>  avresample_extralibs="libm_extralibs"
> -avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
> +avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs bcrypt_extralibs"
>  swscale_extralibs="libm_extralibs"
>  
>  # programs
> @@ -4579,9 +4579,9 @@ check_header windows.h
>  # so we also check that atomics actually work here
>  check_builtin stdatomic stdatomic.h "atomic_int foo; atomic_store(&foo, 0)"
>  
> +check_lib bcrypt   "windows.h bcrypt.h"   BCryptGenRandom      -lbcrypt
>  check_lib ole32    "windows.h"            CoTaskMemFree        -lole32
>  check_lib shell32  "windows.h shellapi.h" CommandLineToArgvW   -lshell32
> -check_lib wincrypt "windows.h wincrypt.h" CryptGenRandom       -ladvapi32
>  check_lib psapi    "windows.h psapi.h"    GetProcessMemoryInfo -lpsapi
>  
>  check_struct "sys/time.h sys/resource.h" "struct rusage" ru_maxrss
> diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
> index 089d883916..388cb401ba 100644
> --- a/libavutil/random_seed.c
> +++ b/libavutil/random_seed.c
> @@ -23,9 +23,9 @@
>  #if HAVE_UNISTD_H
>  #include <unistd.h>
>  #endif
> -#if HAVE_WINCRYPT
> +#if HAVE_BCRYPT
>  #include <windows.h>
> -#include <wincrypt.h>
> +#include <bcrypt.h>
>  #endif
>  #include <fcntl.h>
>  #include <math.h>
> @@ -96,13 +96,14 @@ uint32_t av_get_random_seed(void)
>  {
>      uint32_t seed;
>  
> -#if HAVE_WINCRYPT
> -    HCRYPTPROV provider;
> -    if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
> -                            CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
> -        BOOL ret = CryptGenRandom(provider, sizeof(seed), (PBYTE) &seed);
> -        CryptReleaseContext(provider, 0);
> -        if (ret)
> +#if HAVE_BCRYPT
> +    BCRYPT_ALG_HANDLE algo_handle;
> +    NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
> +                                               MS_PRIMITIVE_PROVIDER, 0);

FWIW, there seems to be an old mingw-w64 release that has bcrypt.h, the
BCryptGenRandom and BCryptOpenAlgorithmProvider prototypes, but it's
missing defines like BCRYPT_RNG_ALGORITHM, MS_PRIMITIVE_PROVIDER and
BCRYPT_SUCCESS.

An extra check for the latter like

check_cpp_condition bcrypt bcrypt.h "defined BCRYPT_RNG_ALGORITHM"

would be needed to disable bcrypt on those broken/incomplete toolchains
and prevent compilation failures.

> +    if (BCRYPT_SUCCESS(ret)) {
> +        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
> +        BCryptCloseAlgorithmProvider(algo_handle, 0);
> +        if (BCRYPT_SUCCESS(ret))
>              return seed;
>      }
>  #endif
>
Diego Biurrun April 16, 2018, 6:28 a.m. | #2
On Sun, Apr 15, 2018 at 11:17:40PM +0300, Martin Storsjö wrote:
> --- a/configure
> +++ b/configure
> @@ -2610,7 +2610,7 @@ avdevice_extralibs="libm_extralibs"
> -avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
> +avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs bcrypt_extralibs"

This was previously sorted.

OK

Diego

Patch

diff --git a/configure b/configure
index 3c7b6a0981..0eba9b24f3 100755
--- a/configure
+++ b/configure
@@ -1703,12 +1703,12 @@  SYSTEM_FUNCS="
 "
 
 SYSTEM_LIBRARIES="
+    bcrypt
     sdl
     vaapi_1
     vaapi_drm
     vaapi_x11
     vdpau_x11
-    wincrypt
 "
 
 TOOLCHAIN_FEATURES="
@@ -2610,7 +2610,7 @@  avdevice_extralibs="libm_extralibs"
 avformat_extralibs="libm_extralibs"
 avfilter_extralibs="pthreads_extralibs libm_extralibs"
 avresample_extralibs="libm_extralibs"
-avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs wincrypt_extralibs"
+avutil_extralibs="clock_gettime_extralibs cuda_extralibs cuvid_extralibs d3d11va_extralibs libm_extralibs libmfx_extralibs nanosleep_extralibs pthreads_extralibs user32_extralibs vaapi_extralibs vaapi_drm_extralibs vaapi_x11_extralibs vdpau_x11_extralibs bcrypt_extralibs"
 swscale_extralibs="libm_extralibs"
 
 # programs
@@ -4579,9 +4579,9 @@  check_header windows.h
 # so we also check that atomics actually work here
 check_builtin stdatomic stdatomic.h "atomic_int foo; atomic_store(&foo, 0)"
 
+check_lib bcrypt   "windows.h bcrypt.h"   BCryptGenRandom      -lbcrypt
 check_lib ole32    "windows.h"            CoTaskMemFree        -lole32
 check_lib shell32  "windows.h shellapi.h" CommandLineToArgvW   -lshell32
-check_lib wincrypt "windows.h wincrypt.h" CryptGenRandom       -ladvapi32
 check_lib psapi    "windows.h psapi.h"    GetProcessMemoryInfo -lpsapi
 
 check_struct "sys/time.h sys/resource.h" "struct rusage" ru_maxrss
diff --git a/libavutil/random_seed.c b/libavutil/random_seed.c
index 089d883916..388cb401ba 100644
--- a/libavutil/random_seed.c
+++ b/libavutil/random_seed.c
@@ -23,9 +23,9 @@ 
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#if HAVE_WINCRYPT
+#if HAVE_BCRYPT
 #include <windows.h>
-#include <wincrypt.h>
+#include <bcrypt.h>
 #endif
 #include <fcntl.h>
 #include <math.h>
@@ -96,13 +96,14 @@  uint32_t av_get_random_seed(void)
 {
     uint32_t seed;
 
-#if HAVE_WINCRYPT
-    HCRYPTPROV provider;
-    if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
-                            CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-        BOOL ret = CryptGenRandom(provider, sizeof(seed), (PBYTE) &seed);
-        CryptReleaseContext(provider, 0);
-        if (ret)
+#if HAVE_BCRYPT
+    BCRYPT_ALG_HANDLE algo_handle;
+    NTSTATUS ret = BCryptOpenAlgorithmProvider(&algo_handle, BCRYPT_RNG_ALGORITHM,
+                                               MS_PRIMITIVE_PROVIDER, 0);
+    if (BCRYPT_SUCCESS(ret)) {
+        NTSTATUS ret = BCryptGenRandom(algo_handle, (UCHAR*)&seed, sizeof(seed), 0);
+        BCryptCloseAlgorithmProvider(algo_handle, 0);
+        if (BCRYPT_SUCCESS(ret))
             return seed;
     }
 #endif