mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 22:32:46 +00:00
Bug 1816953 - Stop hooking BCryptGenRandom. r=cmartin,handyman
In bug 1788004, we started hooking BCryptGenRandom on the machines where calling it for the first time fails. This was useful to mitigate Rust panics linked to RNG function failures in the Rust stdlib and in the getrandom crate. Both now have proper fallbacks again, so we can remove our hook. Differential Revision: https://phabricator.services.mozilla.com/D174966
This commit is contained in:
parent
52dbff7568
commit
6929e31dcb
@ -91,8 +91,6 @@ MFBT_API bool GenerateRandomBytesFromOS(void* aBuffer, size_t aLength) {
|
||||
MOZ_ASSERT(aLength > 0);
|
||||
|
||||
#if defined(XP_WIN)
|
||||
// Note: This function is used as a fallback for BCryptGenRandom in
|
||||
// WindowsBCryptInitialization(). Do not use BCryptGenRandom here!
|
||||
return !!RtlGenRandom(aBuffer, aLength);
|
||||
|
||||
#elif defined(USE_ARC4RANDOM) // defined(XP_WIN)
|
||||
|
@ -14,38 +14,10 @@
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
static WindowsDllInterceptor BCryptIntercept;
|
||||
static WindowsDllInterceptor::FuncHookType<decltype(&::BCryptGenRandom)>
|
||||
stub_BCryptGenRandom;
|
||||
|
||||
NTSTATUS WINAPI patched_BCryptGenRandom(BCRYPT_ALG_HANDLE aAlgorithm,
|
||||
PUCHAR aBuffer, ULONG aSize,
|
||||
ULONG aFlags) {
|
||||
// If we are using the hook, we know that BCRYPT_USE_SYSTEM_PREFERRED_RNG is
|
||||
// broken, so let's use the fallback directly in that case.
|
||||
if (!aAlgorithm && (aFlags & BCRYPT_USE_SYSTEM_PREFERRED_RNG) && aBuffer &&
|
||||
aSize && mozilla::GenerateRandomBytesFromOS(aBuffer, aSize)) {
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
return stub_BCryptGenRandom(aAlgorithm, aBuffer, aSize, aFlags);
|
||||
}
|
||||
|
||||
bool WindowsBCryptInitialization() {
|
||||
UCHAR buffer[32];
|
||||
NTSTATUS status = ::BCryptGenRandom(nullptr, buffer, sizeof(buffer),
|
||||
BCRYPT_USE_SYSTEM_PREFERRED_RNG);
|
||||
if (NT_SUCCESS(status)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
BCryptIntercept.Init(L"bcrypt.dll");
|
||||
if (!stub_BCryptGenRandom.Set(BCryptIntercept, "BCryptGenRandom",
|
||||
patched_BCryptGenRandom)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
status = ::BCryptGenRandom(nullptr, buffer, sizeof(buffer),
|
||||
BCRYPT_USE_SYSTEM_PREFERRED_RNG);
|
||||
return NT_SUCCESS(status);
|
||||
}
|
||||
|
||||
|
@ -11,19 +11,12 @@
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
// This functions ensures that calling BCryptGenRandom will work later:
|
||||
// - It triggers a first call to BCryptGenRandom() to pre-load
|
||||
// bcryptPrimitives.dll while the current thread still has an unrestricted
|
||||
// impersonation token. We need to perform that operation in sandboxed
|
||||
// processes to warmup the BCryptGenRandom() call that is used by others,
|
||||
// especially Rust. See bug 1746524, bug 1751094, bug 1751177.
|
||||
// - If that first call fails, we detect it and hook BCryptGenRandom to
|
||||
// install a fallback based on RtlGenRandom for calls that use flag
|
||||
// BCRYPT_USE_SYSTEM_PREFERRED_RNG. We need this because BCryptGenRandom
|
||||
// failures are currently fatal and on some machines BCryptGenRandom is
|
||||
// broken (usually Windows 7). We hope to remove this hook in the future
|
||||
// once the Rust stdlib and the getrandom crate both have their own
|
||||
// RtlGenRandom-based fallback. See bug 1788004.
|
||||
// This functions ensures that calling BCryptGenRandom will work later. It
|
||||
// triggers a first call to BCryptGenRandom() to pre-load bcryptPrimitives.dll.
|
||||
// In sandboxed processes, this must happen while the current thread still has
|
||||
// an unrestricted impersonation token. We need to perform that operation to
|
||||
// warmup the BCryptGenRandom() calls is used by others, especially Rust. See
|
||||
// bug 1746524, bug 1751094, bug 1751177, bug 1788004.
|
||||
MFBT_API bool WindowsBCryptInitialization();
|
||||
|
||||
} // namespace mozilla
|
||||
|
Loading…
Reference in New Issue
Block a user