Opened 6 years ago

Closed 5 years ago

#10816 closed defect (fixed)

Don't exclude NTE_BAD_KEYSET error for windows

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.6.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client, windows, crypto, 026-triaged-1, nickm-patch
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  if (!provider_set) {
    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
                             CRYPT_VERIFYCONTEXT)) {
      if ((unsigned long)GetLastError() != (unsigned long)NTE_BAD_KEYSET) {
        log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
        return -1;
      }
    }
    provider_set = 1;
  }

According to http://msdn.microsoft.com/en-us/library/windows/desktop/aa379886%28v=vs.85%29.aspx NTE_BAD_KEYSET is

The key container could not be opened. A common cause of this error is that the key container does not exist. To create a key container, call CryptAcquireContext using the CRYPT_NEWKEYSET flag. This error code can also indicate that access to an existing key container is denied. Access rights to the container can be granted by the key set creator by using CryptSetProvParam.

Such error code can't be returned for used parametrs, but if something gone wrong in system then current processing this code blocks any next tries to get random data and hides real reason for any next CryptGenRandom failures.

Child Tickets

Change History (6)

comment:1 Changed 6 years ago by cypherpunks

Component: - Select a componentTor

comment:2 Changed 6 years ago by nickm

Keywords: tor-client windows crypto added
Milestone: Tor: 0.2.6.x-final

Yeah, we should fix this before anybody else cut-and-pastes the mistake from us. I'd call this do-in-0.2.5, except that

Such error code can't be returned for used parametrs

so it's okay to put it in 0.2.6 IMO.

comment:3 Changed 5 years ago by nickm

Keywords: 026-triaged-1 added

comment:4 Changed 5 years ago by nickm

Status: newneeds_review

The obvious fix is in branch "bug10816" in my public repo.

comment:5 Changed 5 years ago by nickm

Keywords: nickm-patch added

Apply a nickm-patch keyword to tickets in needs_review in 0.2.6 where I wrote the patch, so I know which ones I can('t) review myself.

comment:6 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Still seems obviously right. Merged it.

Note: See TracTickets for help on using tickets.