On Tue, 27 Sep 2022, Steve Lhomme wrote:
Hi,
On 2022-09-26 23:33, Martin Storsjö wrote:
FWIW, CryptGenRandom is not available in UWP mode at all, which is why
libwinstorecompat has got a reimplementation of it. It is reimplemented on
top of the Windows.Security.Cryptography.CryptographicBuffer API. I'm CCing
Hugo and Steve who have been involved in winstorecompat, in case they have
anything to add about why they chose to implement it on top of that instead
of on top of BCrypt.
IIRC at the time BCrypt was probably not allowed in UWP (Win8+). Now BCrypt
would be a better choice.
Ah, I see. Yes, it seems BCrypt is available for store apps since Windows
10, but unavailable in 8.x. Thanks for the additional context!
Now whether to use `RtlGenRandom` or `BCryptGenRandom` as the replacement:
For UWP, `BCryptGenRandom` is the only choice. For desktop, a comment in a
BoringSSL issue
<https://bugs.chromium.org/p/boringssl/issues/detail?id=307#c9> claims
that they both use "the same internal RNG infrastructure".
It seems we'd be better off replacing this use of `CryptGenRandom` with
`RtlGenRandom` for desktop and `BCryptGenRandom` for UWP. Do you think
this make sense?
I would suggest the other way around. Use BCrypt everywhere except for XP (if
it's that the issue for having 2 different code path). If anyone builds for
Vista and above the code would only use BCrypt. And if one day XP is dropped,
it's easier to spot this code running only on XP.
Well the problem is that this is called from libmingwex.a code - we don't
have ifdefs for various targets and/or UWP there; for the UWP cases, any
problematic API it touches would need to be stubbed out by linking in
winstorecompat between this and the platform APIs. Therefore, ideally it
would be just one single api call, which is easy to catch in
winstorecompat, instead of a longer sequence of various system functions.
Also we'd currently have to try to load bcrypt with
LoadLibrary/GetProcAddress, and we can't use those to load system
functions in UWP.
// Martin
_______________________________________________
Mingw-w64-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
