diff options
| author | Pierre Joye <pajoye@php.net> | 2011-07-12 11:46:41 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2011-07-12 11:46:41 +0000 |
| commit | b8251d54a84b7c2f8e18ed02ed2da33e687dfd32 (patch) | |
| tree | 772e5286ea61c0f10f774ad10934d42e7f843c9f | |
| parent | 1ee8ff3b7d9d2cf9c39723186231aa10ce0b0e79 (diff) | |
| download | php-git-b8251d54a84b7c2f8e18ed02ed2da33e687dfd32.tar.gz | |
- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage
| -rw-r--r-- | win32/winutil.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/win32/winutil.c b/win32/winutil.c index c6ec942969..9300fae934 100644 --- a/win32/winutil.c +++ b/win32/winutil.c @@ -87,11 +87,14 @@ PHPAPI int php_win32_get_random_bytes(unsigned char *buf, size_t size) { /* {{{ #endif if (has_crypto_ctx == 0) { - if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { + /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */ + if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) { /* Could mean that the key container does not exist, let try - again by asking for a new one */ + again by asking for a new one. If it fails here, it surely means that the user running + this process does not have the permission(s) to use this container. + */ if (GetLastError() == NTE_BAD_KEYSET) { - if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) { has_crypto_ctx = 1; } else { has_crypto_ctx = 0; |