godot/thirdparty/mbedtls/patches/windows-entropy-bcrypt.diff
Rémi Verschelde b9d008de3d
mbedtls: Backport Windows fix to use bcrypt for entropy
We had a slightly older version of it for UWP, as the wincrypt API isn't allowed there.
We removed this with UWP in #81416, but since this was enabled inconditionally before,
this actually changed behavior for Windows compared to Godot 4.1 and earlier.

This change is also needed to properly supported Windows Store.
2023-10-27 10:25:50 +02:00

57 lines
1.8 KiB
Diff

Backported from: https://github.com/Mbed-TLS/mbedtls/pull/8047
diff --git a/thirdparty/mbedtls/library/entropy_poll.c b/thirdparty/mbedtls/library/entropy_poll.c
index 3420616a06..fec2abc2e4 100644
--- a/thirdparty/mbedtls/library/entropy_poll.c
+++ b/thirdparty/mbedtls/library/entropy_poll.c
@@ -51,32 +51,34 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#if !defined(_WIN32_WINNT)
-#define _WIN32_WINNT 0x0400
-#endif
#include <windows.h>
-#include <wincrypt.h>
+#include <bcrypt.h>
+#include <intsafe.h>
int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
size_t *olen)
{
- HCRYPTPROV provider;
((void) data);
*olen = 0;
- if (CryptAcquireContext(&provider, NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
+ /*
+ * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
+ * 64-bit Windows platforms. Extract entropy in chunks of len (dependent
+ * on ULONG_MAX) size.
+ */
+ while (len != 0) {
+ unsigned long ulong_bytes =
+ (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len;
+
+ if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes,
+ BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
- if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
- CryptReleaseContext(provider, 0);
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ *olen += ulong_bytes;
+ len -= ulong_bytes;
}
- CryptReleaseContext(provider, 0);
- *olen = len;
-
return 0;
}
#else /* _WIN32 && !EFIX64 && !EFI32 */