diff options
| author | Pierre Joye <pajoye@php.net> | 2011-07-12 11:46:41 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2011-07-12 11:46:41 +0000 |
| commit | 76285595b470418835c6bc4c5ee8bcb2a98215c2 (patch) | |
| tree | 7de810e9a6ee17fe6a8dc95e58b83a1030a26e6b | |
| parent | a10a6135db3e96f1c6aa9fecfe2f49e6aeccfb2a (diff) | |
| download | php-git-76285595b470418835c6bc4c5ee8bcb2a98215c2.tar.gz | |
- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage
| -rw-r--r-- | win32/winutil.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/win32/winutil.c b/win32/winutil.c index f3043f50aa..a7a6922f64 100644 --- a/win32/winutil.c +++ b/win32/winutil.c @@ -87,11 +87,14 @@ PHPAPI int php_win32_get_random_bytes(unsigned char *buf, size_t size) { /* {{{ #endif if (has_crypto_ctx == 0) { - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */ + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) { /* Could mean that the key container does not exist, let try - again by asking for a new one */ + again by asking for a new one. If it fails here, it surely means that the user running + this process does not have the permission(s) to use this container. + */ if (GetLastError() == NTE_BAD_KEYSET) { - if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) { has_crypto_ctx = 1; } else { has_crypto_ctx = 0; |