[DEV] random: use RtlGenRandom() on Windows

Yves-Marie Morgan · Yves-Marie Morgan · commit 5803d9d9dc82 · 2021-05-05T14:35:00.000+02:00
rand_s() is readily available in Windows's CRT, accessible through <stdlib.h>. Unfortunately its output is limited to an integer, thus requiring multiple calls to fill a large buffer. RtlGenRandom() is the other hand can accomodate any buffer size, but is a pure Windows (NT) function, not available in Windows's CRT, as it's declared in <ntsecapi.h> and available in advapi32.dll. And according to Microsoft documentation, the availability of the function is unclear, it's future too. https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom But according to Rust community the function is used in Firefox, Chromium, etc, thus it's unlikely to be removed. rust-random/rand#111 Especially since the rand_s() documentation state its uses RtlGenRandom(): https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s?view=vs-2019 So rand_s() uses RtlGenRandom(), hence make use of advapi32.dll, then there's no need to use rand_s() when RtlGenRandom() is available. This patch makes use of RtlGenRandom(), and fallback to rand_s() if the former fail. Note: for newer Windows versions (>= 10), RtlGenRandom() could be replaced by newer, recommanded functions: BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, buffer, len, 0); https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom https://docs.microsoft.com/en-us/windows/win32/seccng/cng-algorithm-pseudo-handles
diff --git a/src/random.c b/src/random.c
@@ -31,6 +31,10 @@
 
 #ifdef _WIN32
 #  define _CRT_RAND_S
+#  define WIN32_LEAN_AND_MEAN
+#  include <windows.h>
+#  include <ntsecapi.h>
+#  define HAVE_RTLGENRANDOM 1
 #endif  /* _WIN32 */
 
 #include "futils/random.h"
@@ -50,6 +54,14 @@ int futils_random_bytes(void *buffer, size_t len)
 	uint8_t *p = buffer;
 	int ret = 0;
 	unsigned int val = 0;
+
+#ifdef HAVE_RTLGENRANDOM
+	if (!RtlGenRandom(buffer, len))
+		ULOGE("RtlGenRandom");
+	else
+		return 0;
+#endif
+
 	while (len) {
 		size_t chunk = sizeof(val);
 		if (chunk > len)
