qpdf/libqpdf/SecureRandomDataProvider.cc

#include <qpdf/SecureRandomDataProvider.hh>

#include <qpdf/qpdf-config.h>
#include <qpdf/QUtil.hh>
#ifdef _WIN32
# include <windows.h>
# include <direct.h>
# include <io.h>
# ifndef SKIP_OS_SECURE_RANDOM
#  include <wincrypt.h>
# endif
#endif

SecureRandomDataProvider::SecureRandomDataProvider()
{
}

SecureRandomDataProvider::~SecureRandomDataProvider()
{
}

#ifdef SKIP_OS_SECURE_RANDOM

void
SecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)
{
    throw std::logic_error("SecureRandomDataProvider::provideRandomData called when support was not compiled in");
}

RandomDataProvider*
SecureRandomDataProvider::getInstance()
{
    return 0;
}

#else

#ifdef _WIN32

class WindowsCryptProvider
{
  public:
    WindowsCryptProvider()
    {
        if (!CryptAcquireContext(&crypt_prov,
                                 "Container",
                                 NULL,
                                 PROV_RSA_FULL,
                                 CRYPT_MACHINE_KEYSET))
        {
#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
     defined(__clang__))
#           pragma GCC diagnostic push
#           pragma GCC diagnostic ignored "-Wold-style-cast"
#           pragma GCC diagnostic ignored "-Wsign-compare"
#           pragma GCC diagnostic ignored "-Wsign-conversion"
#endif
            if (GetLastError() == NTE_BAD_KEYSET)
            {
                if (! CryptAcquireContext(&crypt_prov,
                                          "Container",
                                          NULL,
                                          PROV_RSA_FULL,
                                          CRYPT_NEWKEYSET|CRYPT_MACHINE_KEYSET))
                {
                    throw std::runtime_error(
                        "unable to acquire crypt context with new keyset: " +
                        getErrorMessage());
                }
            }
            else if (GetLastError() == NTE_EXISTS)
            {
                throw std::runtime_error(
                    "unable to acquire crypt context; the key container"
                    " already exists, but you are attempting to create it."
                    " If a previous attempt to open the key failed with"
                    " NTE_BAD_KEYSET, it implies that access to the key"
                    " container is denied. Error: " + getErrorMessage());
            }
            else if (GetLastError() == NTE_KEYSET_NOT_DEF)
            {
                throw std::runtime_error(
                    "unable to acquire crypt context; the Crypto Service"
                    " Provider (CSP) may not be set up correctly. Use of"
                    " Regsvr32.exe on CSP DLLs (Rsabase.dll or Rsaenh.dll)"
                    " may fix the problem, depending on the provider being"
                    " used. Error: " + getErrorMessage());
            }
            else
            {
                throw std::runtime_error(
                    "unable to acquire crypt context: " +
                    getErrorMessage());
            }
#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
     defined(__clang__))
#           pragma GCC diagnostic pop
#endif
        }
    }
    ~WindowsCryptProvider()
    {
        // Ignore error
        CryptReleaseContext(crypt_prov, 0);
    }

    HCRYPTPROV crypt_prov;

  private:
    std::string getErrorMessage()
    {
        DWORD errorMessageID = ::GetLastError();
        LPSTR messageBuffer = nullptr;
        size_t size = FormatMessageA(
            FORMAT_MESSAGE_ALLOCATE_BUFFER |
            FORMAT_MESSAGE_FROM_SYSTEM |
            FORMAT_MESSAGE_IGNORE_INSERTS, NULL, errorMessageID,
            MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
            reinterpret_cast<LPSTR>(&messageBuffer), 0, NULL);
        std::string message(messageBuffer, size);
        LocalFree(messageBuffer);
        return ("error number " +
                QUtil::int_to_string_base(errorMessageID, 16) +
                ": " + message);
    }
};
#endif

void
SecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)
{
#if defined(_WIN32)

    // Optimization: make the WindowsCryptProvider static as long as
    // it can be done in a thread-safe fashion.
    WindowsCryptProvider c;
    if (! CryptGenRandom(c.crypt_prov, static_cast<DWORD>(len),
                         reinterpret_cast<BYTE*>(data)))
    {
        throw std::runtime_error("unable to generate secure random data");
    }

#elif defined(RANDOM_DEVICE)

    // Optimization: wrap the file open and close in a class so that
    // the file is closed in a destructor, then make this static to
    // keep the file handle open.  Only do this if it can be done in a
    // thread-safe fashion.
    FILE* f = QUtil::safe_fopen(RANDOM_DEVICE, "rb");
    size_t fr = fread(data, 1, len, f);
    fclose(f);
    if (fr != len)
    {
        throw std::runtime_error(
            "unable to read " +
            QUtil::uint_to_string(len) +
            " bytes from " + std::string(RANDOM_DEVICE));
    }

#else

#  error "Don't know how to generate secure random numbers on this platform.  See random number generation in the top-level README.md"

#endif
}

RandomDataProvider*
SecureRandomDataProvider::getInstance()
{
    static SecureRandomDataProvider instance;
    return &instance;
}

#endif
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`#include <qpdf/SecureRandomDataProvider.hh>`

			`#include <qpdf/qpdf-config.h>`
			`#include <qpdf/QUtil.hh>`
			`#ifdef _WIN32`
Make windows includes lowercase (fixes #123) For cross compiling. 2017-07-22 13:42:41 +00:00			`# include <windows.h>`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`# include <direct.h>`
			`# include <io.h>`
			`# ifndef SKIP_OS_SECURE_RANDOM`
Make windows includes lowercase (fixes #123) For cross compiling. 2017-07-22 13:42:41 +00:00			`# include <wincrypt.h>`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`# endif`
			`#endif`

			`SecureRandomDataProvider::SecureRandomDataProvider()`
			`{`
			`}`

			`SecureRandomDataProvider::~SecureRandomDataProvider()`
			`{`
			`}`

Allow OS-provided secure random to be disabled 2013-11-30 17:25:01 +00:00			`#ifdef SKIP_OS_SECURE_RANDOM`

			`void`
			`SecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)`
			`{`
			`throw std::logic_error("SecureRandomDataProvider::provideRandomData called when support was not compiled in");`
			`}`

			`RandomDataProvider*`
			`SecureRandomDataProvider::getInstance()`
			`{`
			`return 0;`
			`}`

			`#else`

Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`#ifdef _WIN32`

			`class WindowsCryptProvider`
			`{`
			`public:`
			`WindowsCryptProvider()`
			`{`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`if (!CryptAcquireContext(&crypt_prov,`
			`"Container",`
			`NULL,`
			`PROV_RSA_FULL,`
Fix for Windows unable to acquire crypt context with new keyset (fixes #387) Fix is based on guidance https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting and is the proper fix for #285/#286 2019-11-29 20:20:28 +00:00			`CRYPT_MACHINE_KEYSET))`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`{`
Fix compiler warnings for clang/mac OS X 2017-08-22 11:20:55 +00:00			`#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) \|\| \`
			`defined(__clang__))`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`# pragma GCC diagnostic push`
			`# pragma GCC diagnostic ignored "-Wold-style-cast"`
			`# pragma GCC diagnostic ignored "-Wsign-compare"`
Fix sign and conversion warnings (major) This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition. 2019-06-21 03:35:23 +00:00			`# pragma GCC diagnostic ignored "-Wsign-conversion"`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`#endif`
			`if (GetLastError() == NTE_BAD_KEYSET)`
			`{`
			`if (! CryptAcquireContext(&crypt_prov,`
Provide error message in Windows crypto code (fixes #286) Thanks to github user zdenop for supplying some additional error-handling code. 2019-06-22 19:32:18 +00:00			`"Container",`
			`NULL,`
			`PROV_RSA_FULL,`
Fix for Windows unable to acquire crypt context with new keyset (fixes #387) Fix is based on guidance https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting and is the proper fix for #285/#286 2019-11-29 20:20:28 +00:00			`CRYPT_NEWKEYSET\|CRYPT_MACHINE_KEYSET))`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`{`
			`throw std::runtime_error(`
Provide error message in Windows crypto code (fixes #286) Thanks to github user zdenop for supplying some additional error-handling code. 2019-06-22 19:32:18 +00:00			`"unable to acquire crypt context with new keyset: " +`
			`getErrorMessage());`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`}`
			`}`
Fix for Windows unable to acquire crypt context with new keyset (fixes #387) Fix is based on guidance https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting and is the proper fix for #285/#286 2019-11-29 20:20:28 +00:00			`else if (GetLastError() == NTE_EXISTS)`
			`{`
			`throw std::runtime_error(`
			`"unable to acquire crypt context; the key container"`
			`" already exists, but you are attempting to create it."`
			`" If a previous attempt to open the key failed with"`
			`" NTE_BAD_KEYSET, it implies that access to the key"`
			`" container is denied. Error: " + getErrorMessage());`
			`}`
			`else if (GetLastError() == NTE_KEYSET_NOT_DEF)`
			`{`
			`throw std::runtime_error(`
			`"unable to acquire crypt context; the Crypto Service"`
			`" Provider (CSP) may not be set up correctly. Use of"`
			`" Regsvr32.exe on CSP DLLs (Rsabase.dll or Rsaenh.dll)"`
			`" may fix the problem, depending on the provider being"`
			`" used. Error: " + getErrorMessage());`
			`}`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`else`
			`{`
Provide error message in Windows crypto code (fixes #286) Thanks to github user zdenop for supplying some additional error-handling code. 2019-06-22 19:32:18 +00:00			`throw std::runtime_error(`
			`"unable to acquire crypt context: " +`
			`getErrorMessage());`
Handle Microsoft crypt provider without prior keys As reported in issue #40, a call to CryptAcquireContext in SecureRandomDataProvider fails in a fresh windows install prior to any user keys being created in AppData\Roaming\Microsoft\Crypto\RSA. Thanks michalrames. 2015-05-24 19:41:28 +00:00			`}`
Fix for Windows unable to acquire crypt context with new keyset (fixes #387) Fix is based on guidance https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting and is the proper fix for #285/#286 2019-11-29 20:20:28 +00:00			`#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) \|\| \`
			`defined(__clang__))`
			`# pragma GCC diagnostic pop`
			`#endif`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`}`
			`}`
			`~WindowsCryptProvider()`
			`{`
			`// Ignore error`
			`CryptReleaseContext(crypt_prov, 0);`
			`}`

			`HCRYPTPROV crypt_prov;`
Provide error message in Windows crypto code (fixes #286) Thanks to github user zdenop for supplying some additional error-handling code. 2019-06-22 19:32:18 +00:00
			`private:`
			`std::string getErrorMessage()`
			`{`
			`DWORD errorMessageID = ::GetLastError();`
			`LPSTR messageBuffer = nullptr;`
			`size_t size = FormatMessageA(`
			`FORMAT_MESSAGE_ALLOCATE_BUFFER \|`
			`FORMAT_MESSAGE_FROM_SYSTEM \|`
			`FORMAT_MESSAGE_IGNORE_INSERTS, NULL, errorMessageID,`
			`MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),`
			`reinterpret_cast<LPSTR>(&messageBuffer), 0, NULL);`
			`std::string message(messageBuffer, size);`
			`LocalFree(messageBuffer);`
			`return ("error number " +`
			`QUtil::int_to_string_base(errorMessageID, 16) +`
			`": " + message);`
			`}`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`};`
			`#endif`

			`void`
			`SecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)`
			`{`
			`#if defined(_WIN32)`

			`// Optimization: make the WindowsCryptProvider static as long as`
			`// it can be done in a thread-safe fashion.`
			`WindowsCryptProvider c;`
Fix sign and conversion warnings (major) This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition. 2019-06-21 03:35:23 +00:00			`if (! CryptGenRandom(c.crypt_prov, static_cast<DWORD>(len),`
			`reinterpret_cast<BYTE*>(data)))`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`{`
			`throw std::runtime_error("unable to generate secure random data");`
			`}`

			`#elif defined(RANDOM_DEVICE)`

			`// Optimization: wrap the file open and close in a class so that`
			`// the file is closed in a destructor, then make this static to`
			`// keep the file handle open. Only do this if it can be done in a`
			`// thread-safe fashion.`
			`FILE* f = QUtil::safe_fopen(RANDOM_DEVICE, "rb");`
			`size_t fr = fread(data, 1, len, f);`
			`fclose(f);`
			`if (fr != len)`
			`{`
			`throw std::runtime_error(`
			`"unable to read " +`
Fix sign and conversion warnings (major) This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition. 2019-06-21 03:35:23 +00:00			`QUtil::uint_to_string(len) +`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`" bytes from " + std::string(RANDOM_DEVICE));`
			`}`

			`#else`

Update references to README files Most of the README files have been renamed. Refer to the new names. 2017-08-22 17:10:47 +00:00			`# error "Don't know how to generate secure random numbers on this platform. See random number generation in the top-level README.md"`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00
			`#endif`
			`}`

			`RandomDataProvider*`
			`SecureRandomDataProvider::getInstance()`
			`{`
			`static SecureRandomDataProvider instance;`
			`return &instance;`
			`}`
Allow OS-provided secure random to be disabled 2013-11-30 17:25:01 +00:00
			`#endif`