pajoye                                   Tue, 12 Jul 2011 11:46:41 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=313175

Log:
- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage

Bug: https://bugs.php.net/55169 (Assigned) mcrypt_create_iv always fails to 
gather sufficient random data
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/win32/winutil.c
    U   php/php-src/branches/PHP_5_4/win32/winutil.c
    U   php/php-src/trunk/win32/winutil.c

Modified: php/php-src/branches/PHP_5_3/win32/winutil.c
===================================================================
--- php/php-src/branches/PHP_5_3/win32/winutil.c        2011-07-12 10:50:39 UTC 
(rev 313174)
+++ php/php-src/branches/PHP_5_3/win32/winutil.c        2011-07-12 11:46:41 UTC 
(rev 313175)
@@ -87,11 +87,14 @@
 #endif

        if (has_crypto_ctx == 0) {
-               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, 0)) {
+               /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to 
acces prv keys */
+               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
                        /* Could mean that the key container does not exist, 
let try
-                                again by asking for a new one */
+                          again by asking for a new one. If it fails here, it 
surely means that the user running
+               this process does not have the permission(s) to use this 
container.
+             */
                        if (GetLastError() == NTE_BAD_KEYSET) {
-                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | 
CRYPT_VERIFYCONTEXT )) {
                                        has_crypto_ctx = 1;
                                } else {
                                        has_crypto_ctx = 0;

Modified: php/php-src/branches/PHP_5_4/win32/winutil.c
===================================================================
--- php/php-src/branches/PHP_5_4/win32/winutil.c        2011-07-12 10:50:39 UTC 
(rev 313174)
+++ php/php-src/branches/PHP_5_4/win32/winutil.c        2011-07-12 11:46:41 UTC 
(rev 313175)
@@ -87,11 +87,14 @@
 #endif

        if (has_crypto_ctx == 0) {
-               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, 0)) {
+               /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to 
acces prv keys */
+               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
                        /* Could mean that the key container does not exist, 
let try
-                                again by asking for a new one */
+                          again by asking for a new one. If it fails here, it 
surely means that the user running
+               this process does not have the permission(s) to use this 
container.
+             */
                        if (GetLastError() == NTE_BAD_KEYSET) {
-                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | 
CRYPT_VERIFYCONTEXT )) {
                                        has_crypto_ctx = 1;
                                } else {
                                        has_crypto_ctx = 0;

Modified: php/php-src/trunk/win32/winutil.c
===================================================================
--- php/php-src/trunk/win32/winutil.c   2011-07-12 10:50:39 UTC (rev 313174)
+++ php/php-src/trunk/win32/winutil.c   2011-07-12 11:46:41 UTC (rev 313175)
@@ -87,11 +87,14 @@
 #endif

        if (has_crypto_ctx == 0) {
-               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, 0)) {
+               /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to 
acces prv keys */
+               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, 
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
                        /* Could mean that the key container does not exist, 
let try
-                                again by asking for a new one */
+                          again by asking for a new one. If it fails here, it 
surely means that the user running
+               this process does not have the permission(s) to use this 
container.
+             */
                        if (GetLastError() == NTE_BAD_KEYSET) {
-                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+                               if (CryptAcquireContext(&hCryptProv, NULL, 
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | 
CRYPT_VERIFYCONTEXT )) {
                                        has_crypto_ctx = 1;
                                } else {
                                        has_crypto_ctx = 0;

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to