pajoye Tue, 12 Jul 2011 11:46:41 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=313175
Log: - Bug #55169, improve fix, allow non interactive user, hash-like ops only usage Bug: https://bugs.php.net/55169 (Assigned) mcrypt_create_iv always fails to gather sufficient random data Changed paths: U php/php-src/branches/PHP_5_3/win32/winutil.c U php/php-src/branches/PHP_5_4/win32/winutil.c U php/php-src/trunk/win32/winutil.c Modified: php/php-src/branches/PHP_5_3/win32/winutil.c =================================================================== --- php/php-src/branches/PHP_5_3/win32/winutil.c 2011-07-12 10:50:39 UTC (rev 313174) +++ php/php-src/branches/PHP_5_3/win32/winutil.c 2011-07-12 11:46:41 UTC (rev 313175) @@ -87,11 +87,14 @@ #endif if (has_crypto_ctx == 0) { - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */ + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) { /* Could mean that the key container does not exist, let try - again by asking for a new one */ + again by asking for a new one. If it fails here, it surely means that the user running + this process does not have the permission(s) to use this container. + */ if (GetLastError() == NTE_BAD_KEYSET) { - if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) { has_crypto_ctx = 1; } else { has_crypto_ctx = 0; Modified: php/php-src/branches/PHP_5_4/win32/winutil.c =================================================================== --- php/php-src/branches/PHP_5_4/win32/winutil.c 2011-07-12 10:50:39 UTC (rev 313174) +++ php/php-src/branches/PHP_5_4/win32/winutil.c 2011-07-12 11:46:41 UTC (rev 313175) @@ -87,11 +87,14 @@ #endif if (has_crypto_ctx == 0) { - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */ + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) { /* Could mean that the key container does not exist, let try - again by asking for a new one */ + again by asking for a new one. If it fails here, it surely means that the user running + this process does not have the permission(s) to use this container. + */ if (GetLastError() == NTE_BAD_KEYSET) { - if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) { has_crypto_ctx = 1; } else { has_crypto_ctx = 0; Modified: php/php-src/trunk/win32/winutil.c =================================================================== --- php/php-src/trunk/win32/winutil.c 2011-07-12 10:50:39 UTC (rev 313174) +++ php/php-src/trunk/win32/winutil.c 2011-07-12 11:46:41 UTC (rev 313175) @@ -87,11 +87,14 @@ #endif if (has_crypto_ctx == 0) { - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */ + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) { /* Could mean that the key container does not exist, let try - again by asking for a new one */ + again by asking for a new one. If it fails here, it surely means that the user running + this process does not have the permission(s) to use this container. + */ if (GetLastError() == NTE_BAD_KEYSET) { - if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) { has_crypto_ctx = 1; } else { has_crypto_ctx = 0;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php