Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecureZeroMemory with RtlGenRandom and Warnings #70

Closed
AtropineTears opened this issue Aug 2, 2019 · 3 comments
Closed

SecureZeroMemory with RtlGenRandom and Warnings #70

AtropineTears opened this issue Aug 2, 2019 · 3 comments

Comments

@AtropineTears
Copy link

Not sure if this is the correct place to discuss this or whether this is a problem at all.

In Microsoft's documentation for RtlGenRandom, it states:

When you have finished using the random number, free the RandomBuffer buffer by calling the SecureZeroMemory function.

Is this done/called automatically in this crate?

Also, it has a warning:

The RtlGenRandom function is available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions. Instead, use the CryptGenRandom function.

And CryptGenRandom is deprecated. I already read the issue thread about why you don't want to use BCryptGenRandom rn because it doesn't support Windows XP, but I honestly think the change should be made soon. BCryptGenRandom works on minimum of Windows Vista.
@josephlr
Copy link
Member

josephlr commented Aug 2, 2019
edited
Loading

Is this done/called automatically in this crate

Nope, this crate specifically implements one function:

pub fn getrandom(dest: &mut [u8]) -> Result<(), Error>

and that's it. Things like SecureZeroMemory are orthogonal to this crate, and would be be handled by a "Secure Buffer Mangement" crate like secstr. That crate's SecVec<u8> implements BorrowMut<[u8]>, so it can be used with getrandom like any u8 array or Vec<u8>.

Both securely managing secrets in memory and generating good random bytes are tricky problems, but they are different problems. Keeping them in separate crates seems to be the best bet.

And CryptGenRandom is deprecated. I already read the issue thread about why you don't want to use BCryptGenRandom rn because it doesn't support Windows XP, but I honestly think the change should be made soon. BCryptGenRandom works on minimum of Windows Vista.

I think discussion around this are best handled in #65 (so that everyone involved will see it).

@newpavlov
Copy link
Member

Regarding deprecation of RtlGenRandom see this message. There is a proposal to use getrandom inside std, so as long as Windows XP (and preferably Vista) support is not officially dropped by Rust, we have to stay conservative.

I think we can close this issue in favor of #65?

@AtropineTears
Copy link
Author

Yes, I'll close the issue and any further discussion can be done on #65

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@newpavlov @josephlr @AtropineTears