-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows: should we fall back to RtlGenRandom if BCryptGenRandom fails #314
Comments
Unfortunately, it does not look like anyone has uncovered root of the issue. So the most practical choice (though I personally dislike it) will be to follow |
|
AFAIK there are no security issues with |
Given
|
Looking at various docs/implementations, it seems like |
Just some notes from std:
An alternative to using a |
Thanks for the explainer @ChrisDenton. For those not aware, Rust libstd changed the implementation recently to a BCrypt-Only solution: rust-lang/rust#101325 rust-lang/rust#101476 rust-lang/rust#102044 It also seems like the libstd folks also ran into the crash I noted in #318 when using |
I'm going to experiment in #318 with a Bcrypt only solution, and see how that works. |
Hi all, As an FYI, Rust Std had to undo its "BCrypt fallback" change, and is going back to As I said in the discussion on there -- There's a good chance this isn't a Firefox-specific issue; it's likely that any Rust program that uses Thanks! |
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
Note that So I don't think the problem is (directly) related to loading |
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes rust-random#314
Hello,
I think that if we move to |
* Add in a RtlGenRandom fallback for non-UWP Windows In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes #314 * style suggestion Co-authored-by: Artyom Pavlov <newpavlov@gmail.com> * appease clippy --------- Co-authored-by: Artyom Pavlov <newpavlov@gmail.com>
As an update on this, #337 went with the approach of:
Given all the headache we've had w/ Windows, we aren't going to use a sparsely documented primitive function like |
Update: BoringSSL has switched to ProcessPrng. google/boringssl@e79649b |
In #65 we decided to use
BCryptGenRandom
instead ofRtlGenRandom
. I still think this is the correct decision.However, Rust has seen issues (rust-lang/rust#94098 and rust-lang/rust#99341) around such use. To fix these issues they decided to use
RtlGenRandom
again, but only as a fallback mechanism (rust-lang/rust#96917).Should we do the same?
The text was updated successfully, but these errors were encountered: