src/crypto/rand/rand.go | 2 +- src/crypto/rand/rand_windows.go | 7 ++----- src/internal/syscall/windows/syscall_windows.go | 2 +- src/internal/syscall/windows/zsyscall_windows.go | 21 +++++++++++---------- src/runtime/os_windows.go | 23 ++++++++--------------- diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go index af85b966df6e43fe35964b3b79c61fb415ab4e46..0f3dca4e0ee5370a31c190a6142a8ac1f94a4a4c 100644 --- a/src/crypto/rand/rand.go +++ b/src/crypto/rand/rand.go @@ -15,7 +15,7 @@ // On Linux, FreeBSD, Dragonfly and Solaris, Reader uses getrandom(2) if // available, /dev/urandom otherwise. // On OpenBSD and macOS, Reader uses getentropy(2). // On other Unix-like systems, Reader reads from /dev/urandom. -// On Windows systems, Reader uses the RtlGenRandom API. +// On Windows systems, Reader uses the ProcessPrng API. // On Wasm, Reader uses the Web Crypto API. var Reader io.Reader diff --git a/src/crypto/rand/rand_windows.go b/src/crypto/rand/rand_windows.go index 6c0655c72b692ae444a85025ecc3d27d65107404..7380f1f0f1e6e6ee21a912318fdefdf1655e1a0c 100644 --- a/src/crypto/rand/rand_windows.go +++ b/src/crypto/rand/rand_windows.go @@ -15,11 +15,8 @@ func init() { Reader = &rngReader{} } type rngReader struct{} -func (r *rngReader) Read(b []byte) (n int, err error) { - // RtlGenRandom only returns 1<<32-1 bytes at a time. We only read at - // most 1<<31-1 bytes at a time so that this works the same on 32-bit - // and 64-bit systems. - if err := batched(windows.RtlGenRandom, 1<<31-1)(b); err != nil { +func (r *rngReader) Read(b []byte) (int, error) { + if err := windows.ProcessPrng(b); err != nil { return 0, err } return len(b), nil diff --git a/src/internal/syscall/windows/syscall_windows.go b/src/internal/syscall/windows/syscall_windows.go index 8ace2a27e79fcb5f84fa87b959469468050de263..b7bf886f3896302c9a37540b7e7f4195a1b3e5c4 100644 --- a/src/internal/syscall/windows/syscall_windows.go +++ b/src/internal/syscall/windows/syscall_windows.go @@ -366,4 +366,4 @@ //sys CreateEnvironmentBlock(block **uint16, token syscall.Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock //sys DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock -//sys RtlGenRandom(buf []byte) (err error) = advapi32.SystemFunction036 +//sys ProcessPrng(buf []byte) (err error) = bcryptprimitives.ProcessPrng diff --git a/src/internal/syscall/windows/zsyscall_windows.go b/src/internal/syscall/windows/zsyscall_windows.go index afd64e318e516daea2e2d429bd172a934b252200..7ed6234451fa2b27b294b8a13e6dc7b441fd34e8 100644 --- a/src/internal/syscall/windows/zsyscall_windows.go +++ b/src/internal/syscall/windows/zsyscall_windows.go @@ -37,13 +37,14 @@ return e } var ( - modadvapi32 = syscall.NewLazyDLL(sysdll.Add("advapi32.dll")) - modiphlpapi = syscall.NewLazyDLL(sysdll.Add("iphlpapi.dll")) - modkernel32 = syscall.NewLazyDLL(sysdll.Add("kernel32.dll")) - modnetapi32 = syscall.NewLazyDLL(sysdll.Add("netapi32.dll")) - modpsapi = syscall.NewLazyDLL(sysdll.Add("psapi.dll")) - moduserenv = syscall.NewLazyDLL(sysdll.Add("userenv.dll")) - modws2_32 = syscall.NewLazyDLL(sysdll.Add("ws2_32.dll")) + modadvapi32 = syscall.NewLazyDLL(sysdll.Add("advapi32.dll")) + modbcryptprimitives = syscall.NewLazyDLL(sysdll.Add("bcryptprimitives.dll")) + modiphlpapi = syscall.NewLazyDLL(sysdll.Add("iphlpapi.dll")) + modkernel32 = syscall.NewLazyDLL(sysdll.Add("kernel32.dll")) + modnetapi32 = syscall.NewLazyDLL(sysdll.Add("netapi32.dll")) + modpsapi = syscall.NewLazyDLL(sysdll.Add("psapi.dll")) + moduserenv = syscall.NewLazyDLL(sysdll.Add("userenv.dll")) + modws2_32 = syscall.NewLazyDLL(sysdll.Add("ws2_32.dll")) procAdjustTokenPrivileges = modadvapi32.NewProc("AdjustTokenPrivileges") procDuplicateTokenEx = modadvapi32.NewProc("DuplicateTokenEx") @@ -52,7 +53,7 @@ procLookupPrivilegeValueW = modadvapi32.NewProc("LookupPrivilegeValueW") procOpenThreadToken = modadvapi32.NewProc("OpenThreadToken") procRevertToSelf = modadvapi32.NewProc("RevertToSelf") procSetTokenInformation = modadvapi32.NewProc("SetTokenInformation") - procSystemFunction036 = modadvapi32.NewProc("SystemFunction036") + procProcessPrng = modbcryptprimitives.NewProc("ProcessPrng") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetACP = modkernel32.NewProc("GetACP") procGetComputerNameExW = modkernel32.NewProc("GetComputerNameExW") @@ -144,12 +145,12 @@ } return } -func RtlGenRandom(buf []byte) (err error) { +func ProcessPrng(buf []byte) (err error) { var _p0 *byte if len(buf) > 0 { _p0 = &buf[0] } - r1, _, e1 := syscall.Syscall(procSystemFunction036.Addr(), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0) + r1, _, e1 := syscall.Syscall(procProcessPrng.Addr(), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0) if r1 == 0 { err = errnoErr(e1) } diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go index 44718f1d21459e164f4dcf7f3592160ef9d81059..a88d3a8ac6ed78db6813fde4537ae559f8f3c60b 100644 --- a/src/runtime/os_windows.go +++ b/src/runtime/os_windows.go @@ -122,15 +122,8 @@ _LoadLibraryExA, _LoadLibraryExW, _ stdFunction - // Use RtlGenRandom to generate cryptographically random data. - // This approach has been recommended by Microsoft (see issue - // 15589 for details). - // The RtlGenRandom is not listed in advapi32.dll, instead - // RtlGenRandom function can be found by searching for SystemFunction036. - // Also some versions of Mingw cannot link to SystemFunction036 - // when building executable as Cgo. So load SystemFunction036 - // manually during runtime startup. - _RtlGenRandom stdFunction + // Use ProcessPrng to generate cryptographically random data. + _ProcessPrng stdFunction // Load ntdll.dll manually during startup, otherwise Mingw // links wrong printf function to cgo executable (see issue @@ -256,12 +249,12 @@ _LoadLibraryExA = windowsFindfunc(k32, []byte("LoadLibraryExA\000")) _LoadLibraryExW = windowsFindfunc(k32, []byte("LoadLibraryExW\000")) useLoadLibraryEx = (_LoadLibraryExW != nil && _LoadLibraryExA != nil && _AddDllDirectory != nil) - var advapi32dll = []byte("advapi32.dll\000") - a32 := windowsLoadSystemLib(advapi32dll) - if a32 == 0 { - throw("advapi32.dll not found") + var bcryptprimitivesdll = []byte("bcryptprimitives.dll\000") + bcryptPrimitives := windowsLoadSystemLib(bcryptprimitivesdll) + if bcryptPrimitives == 0 { + throw("bcryptprimitives.dll not found") } - _RtlGenRandom = windowsFindfunc(a32, []byte("SystemFunction036\000")) + _ProcessPrng = windowsFindfunc(bcryptPrimitives, []byte("ProcessPrng\000")) var ntdll = []byte("ntdll.dll\000") n32 := windowsLoadSystemLib(ntdll) @@ -644,7 +637,7 @@ //go:nosplit func getRandomData(r []byte) { n := 0 - if stdcall2(_RtlGenRandom, uintptr(unsafe.Pointer(&r[0])), uintptr(len(r)))&0xff != 0 { + if stdcall2(_ProcessPrng, uintptr(unsafe.Pointer(&r[0])), uintptr(len(r)))&0xff != 0 { n = len(r) } extendRandom(r, n)