Use ProcessPrng on Windows #415
Conversation
josephlr
force-pushed
the
windows
branch
2 times, most recently
from
5495418 to
5223c3e
Compare
josephlr
force-pushed
the
windows
branch
7 times, most recently
from
1d62b41 to
03abb05
Compare
briansmith
left a comment
briansmith
left a comment
There was a problem hiding this comment.
Besides the lines I commented on, I didn't review the rest.
|
@briansmith the above are really good point w.r.t. sandboxing. I think that it would be good to have general documentation along the lines of "before starting a sandbox, you should first successfully call
I think that this won't cause issues in some sandboxes provided that |
josephlr
force-pushed
the
windows
branch
7 times, most recently
from
6825ae5 to
4bfd348
Compare
|
@newpavlov and @briansmith this is now ready for review! |
src/windows.rs
Outdated
| #[repr(transparent)] | ||
| #[derive(PartialEq, Eq)] | ||
| pub struct BOOL(pub i32); | ||
| pub const TRUE: BOOL = BOOL(1i32); |
There was a problem hiding this comment.
It's unfortunate to have this ugliness without the program that generated it to confirm that it actually created this ugliness. However, I also think it's fine because of how repr(transparent) works so it isn't the end of the world.
There was a problem hiding this comment.
I think this is a good point. For both APIs I didn't directly use the output of windows-bindgen, but instead took that output as a starting point, then deleted lines until I got code that looked decent.
I think that referencing windows-bindgen in the comments at all was misleading, so I changed the comments to just reference the API metadata names directly. Given that, I also changed the BOOL/BOOLEAN types to just be typedefs (which is more honest IMO).
There was a problem hiding this comment.
For reference, here's the full output for running windows-bindgen with the following arguments:
// Bindings generated by `windows-bindgen` 0.56.0
#![allow(
non_snake_case,
non_upper_case_globals,
non_camel_case_types,
dead_code,
clippy::all
)]
#[inline]
pub unsafe fn RtlGenRandom(
randombuffer: *mut core::ffi::c_void,
randombufferlength: u32,
) -> BOOLEAN {
windows_targets::link!("advapi32.dll" "system" "SystemFunction036" fn RtlGenRandom(randombuffer : *mut core::ffi::c_void, randombufferlength : u32) -> BOOLEAN);
RtlGenRandom(randombuffer, randombufferlength)
}
#[inline]
pub unsafe fn ProcessPrng(pbdata: &mut [u8]) -> BOOL {
windows_targets::link!("bcryptprimitives.dll" "system" fn ProcessPrng(pbdata : *mut u8, cbdata : usize) -> BOOL);
ProcessPrng(
core::mem::transmute(pbdata.as_ptr()),
pbdata.len().try_into().unwrap(),
)
}
#[repr(transparent)]
#[derive(PartialEq, Eq)]
pub struct BOOL(pub i32);
impl Default for BOOL {
fn default() -> Self {
unsafe { core::mem::zeroed() }
}
}
impl Clone for BOOL {
fn clone(&self) -> Self {
*self
}
}
impl Copy for BOOL {}
impl core::fmt::Debug for BOOL {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
f.debug_tuple("BOOL").field(&self.0).finish()
}
}
impl windows_core::TypeKind for BOOL {
type TypeKind = windows_core::CopyType;
}
#[repr(transparent)]
#[derive(PartialEq, Eq)]
pub struct BOOLEAN(pub u8);
impl Default for BOOLEAN {
fn default() -> Self {
unsafe { core::mem::zeroed() }
}
}
impl Clone for BOOLEAN {
fn clone(&self) -> Self {
*self
}
}
impl Copy for BOOLEAN {}
impl core::fmt::Debug for BOOLEAN {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
f.debug_tuple("BOOLEAN").field(&self.0).finish()
}
}
impl windows_core::TypeKind for BOOLEAN {
type TypeKind = windows_core::CopyType;
}
pub const TRUE: BOOL = BOOL(1i32);Signed-off-by: Joe Richey <[email protected]>
Signed-off-by: Joe Richey <[email protected]>
This picks up rust-random/getrandom#415. It's still apparently not supported until Windows XP, but seems like it compiles better.
4 participants
Use
ProcessPrngon Windows 10 and up, and useRtlGenRandomon older legacy Windows versions. Don't useBCryptGenRandomdue to stability issues.