octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-02 22:50:20 +00:00
Code Issues Releases Wiki Activity

Fix for Windows unable to acquire crypt context with new keyset (fixes #387)

Browse Source 
Fix is based on guidance
https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting
and is the proper fix for #285/#286
This commit is contained in:
Cloudmersive 2019-11-29 12:20:28 -08:00 committed by Jay Berkenbilt
parent 73a0e3a932
commit a8b6ff5763
2 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -1,5 +1,8 @@
2020-01-14 Jay Berkenbilt <ejb@ql.org> 2020-01-14 Jay Berkenbilt <ejb@ql.org>
* Fix for Windows being unable to acquire crypt context with a new
keyset. Thanks to Cloudmersive for the fix. Fixes #387.
* Rewrite fix-qdf in C++. This means fix-qdf is a proper * Rewrite fix-qdf in C++. This means fix-qdf is a proper
executable now, and there is no longer a runtime requirement on executable now, and there is no longer a runtime requirement on
perl. perl.

30
libqpdf/SecureRandomDataProvider.cc
View File

@ -46,7 +46,7 @@ class WindowsCryptProvider
"Container", "Container",
NULL, NULL,
PROV_RSA_FULL, PROV_RSA_FULL,
0)) CRYPT_MACHINE_KEYSET))
{ {
#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \ #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
defined(__clang__)) defined(__clang__))
@ -56,28 +56,46 @@ class WindowsCryptProvider
# pragma GCC diagnostic ignored "-Wsign-conversion" # pragma GCC diagnostic ignored "-Wsign-conversion"
#endif #endif
if (GetLastError() == NTE_BAD_KEYSET) if (GetLastError() == NTE_BAD_KEYSET)
#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
defined(__clang__))
# pragma GCC diagnostic pop
#endif
{ {
if (! CryptAcquireContext(&crypt_prov, if (! CryptAcquireContext(&crypt_prov,
"Container", "Container",
NULL, NULL,
PROV_RSA_FULL, PROV_RSA_FULL,
CRYPT_NEWKEYSET)) CRYPT_NEWKEYSET|CRYPT_MACHINE_KEYSET))
{ {
throw std::runtime_error( throw std::runtime_error(
"unable to acquire crypt context with new keyset: " + "unable to acquire crypt context with new keyset: " +
getErrorMessage()); getErrorMessage());
} }
} }
else if (GetLastError() == NTE_EXISTS)
{
throw std::runtime_error(
"unable to acquire crypt context; the key container"
" already exists, but you are attempting to create it."
" If a previous attempt to open the key failed with"
" NTE_BAD_KEYSET, it implies that access to the key"
" container is denied. Error: " + getErrorMessage());
}
else if (GetLastError() == NTE_KEYSET_NOT_DEF)
{
throw std::runtime_error(
"unable to acquire crypt context; the Crypto Service"
" Provider (CSP) may not be set up correctly. Use of"
" Regsvr32.exe on CSP DLLs (Rsabase.dll or Rsaenh.dll)"
" may fix the problem, depending on the provider being"
" used. Error: " + getErrorMessage());
}
else else
{ {
throw std::runtime_error( throw std::runtime_error(
"unable to acquire crypt context: " + "unable to acquire crypt context: " +
getErrorMessage()); getErrorMessage());
} }
#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
defined(__clang__))
# pragma GCC diagnostic pop
#endif
} }
} }
~WindowsCryptProvider() ~WindowsCryptProvider()