pajoye Tue, 12 Jul 2011 11:46:41 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=313175
Log:
- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage
Bug: https://bugs.php.net/55169 (Assigned) mcrypt_create_iv always fails to
gather sufficient random data
Changed paths:
U php/php-src/branches/PHP_5_3/win32/winutil.c
U php/php-src/branches/PHP_5_4/win32/winutil.c
U php/php-src/trunk/win32/winutil.c
Modified: php/php-src/branches/PHP_5_3/win32/winutil.c
===
--- php/php-src/branches/PHP_5_3/win32/winutil.c2011-07-12 10:50:39 UTC
(rev 313174)
+++ php/php-src/branches/PHP_5_3/win32/winutil.c2011-07-12 11:46:41 UTC
(rev 313175)
@@ -87,11 +87,14 @@
#endif
if (has_crypto_ctx == 0) {
- if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, 0)) {
+ /* CRYPT_VERIFYCONTEXT only hashingco-like use, no need to
acces prv keys */
+ if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
/* Could mean that the key container does not exist,
let try
-again by asking for a new one */
+ again by asking for a new one. If it fails here, it
surely means that the user running
+ this process does not have the permission(s) to use this
container.
+ */
if (GetLastError() == NTE_BAD_KEYSET) {
- if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+ if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET |
CRYPT_VERIFYCONTEXT )) {
has_crypto_ctx = 1;
} else {
has_crypto_ctx = 0;
Modified: php/php-src/branches/PHP_5_4/win32/winutil.c
===
--- php/php-src/branches/PHP_5_4/win32/winutil.c2011-07-12 10:50:39 UTC
(rev 313174)
+++ php/php-src/branches/PHP_5_4/win32/winutil.c2011-07-12 11:46:41 UTC
(rev 313175)
@@ -87,11 +87,14 @@
#endif
if (has_crypto_ctx == 0) {
- if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, 0)) {
+ /* CRYPT_VERIFYCONTEXT only hashingco-like use, no need to
acces prv keys */
+ if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
/* Could mean that the key container does not exist,
let try
-again by asking for a new one */
+ again by asking for a new one. If it fails here, it
surely means that the user running
+ this process does not have the permission(s) to use this
container.
+ */
if (GetLastError() == NTE_BAD_KEYSET) {
- if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+ if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET |
CRYPT_VERIFYCONTEXT )) {
has_crypto_ctx = 1;
} else {
has_crypto_ctx = 0;
Modified: php/php-src/trunk/win32/winutil.c
===
--- php/php-src/trunk/win32/winutil.c 2011-07-12 10:50:39 UTC (rev 313174)
+++ php/php-src/trunk/win32/winutil.c 2011-07-12 11:46:41 UTC (rev 313175)
@@ -87,11 +87,14 @@
#endif
if (has_crypto_ctx == 0) {
- if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, 0)) {
+ /* CRYPT_VERIFYCONTEXT only hashingco-like use, no need to
acces prv keys */
+ if (!CryptAcquireContext(hCryptProv, NULL, NULL,
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
/* Could mean that the key container does not exist,
let try
-again by asking for a new one */
+ again by asking for a new one. If it fails here, it
surely means that the user running
+ this process does not have the permission(s) to use this
container.
+ */
if (GetLastError() == NTE_BAD_KEYSET) {
- if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+ if (CryptAcquireContext(hCryptProv, NULL,
NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET |
CRYPT_VERIFYCONTEXT )) {