Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/rand: Legacy RtlGenRandom use on Windows [1.20 backport] #64412

Closed
gopherbot opened this issue Nov 27, 2023 · 3 comments
Closed

crypto/rand: Legacy RtlGenRandom use on Windows [1.20 backport] #64412

gopherbot opened this issue Nov 27, 2023 · 3 comments
Labels
FrozenDueToAge
Milestone
Go1.20.12

Comments

@gopherbot
Copy link
Contributor

@rolandshoemaker requested issue #53192 to be considered for backport to the next 1.20 minor release.

@gopherbot please open backport issues, this reduces the impact of a security issue.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Nov 27, 2023
@gopherbot gopherbot mentioned this issue Nov 27, 2023
Closed
@gopherbot gopherbot added this to the Go1.20.12 milestone Nov 27, 2023
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/545356 mentions this issue: [release-branch.go1.20] crypto/rand,runtime: switch RtlGenRandom for ProcessPrng

@rolandshoemaker rolandshoemaker added Security CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Nov 28, 2023
@gopherbot
Copy link
Contributor Author

Closed by merging 1bd7657 to release-branch.go1.20.

gopherbot pushed a commit that referenced this issue Nov 28, 2023
@rolandshoemaker @gopherbot
[release-branch.go1.20] crypto/rand,runtime: switch RtlGenRandom for …
1bd7657 
…ProcessPrng

RtlGenRandom is a semi-undocumented API, also known as
SystemFunction036, which we use to generate random data on Windows.
It's definition, in cryptbase.dll, is an opaque wrapper for the
documented API ProcessPrng. Instead of using RtlGenRandom, switch to
using ProcessPrng, since the former is simply a wrapper for the latter,
there should be no practical change on the user side, other than a minor
change in the DLLs we load.

Updates #53192
Fixes #64412

Change-Id: Ie6891bf97b1d47f5368cccbe92f374dba2c2672a
Reviewed-on: https://go-review.googlesource.com/c/go/+/536235
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Quim Muntal <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
(cherry picked from commit 693def1)
Reviewed-on: https://go-review.googlesource.com/c/go/+/545356
Auto-Submit: Dmitri Shuralyov <[email protected]>
@dmitshur
Copy link
Contributor

This cherry-pick doesn't apply to Go 1.20 because it supports older Windows versions where ProcessPrng isn't available. The change was rolled back in CL 545995. Re-closing as "not planned".

@dmitshur dmitshur closed this as not planned Won't fix, can't repro, duplicate, stale Nov 29, 2023
@dmitshur dmitshur removed Security CherryPickApproved Used during the release process for point releases labels Nov 29, 2023
@golang golang locked and limited conversation to collaborators Nov 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.20.12
Development

No branches or pull requests
3 participants
@dmitshur @rolandshoemaker @gopherbot