summaryrefslogtreecommitdiff
path: root/win32
diff options
context:
space:
mode:
authorPierre Joye <pajoye@php.net>2011-07-12 11:46:41 (GMT)
committerPierre Joye <pajoye@php.net>2011-07-12 11:46:41 (GMT)
commit96b5e69889c9be2549a4d33bf98a2729fc067cb8 (patch)
treedafc1cb700ebcc658813ade9386d2a47fce89ef0 /win32
parent01607c413761d4525f69cc6dd67c292742107724 (diff)
downloadphp-96b5e69889c9be2549a4d33bf98a2729fc067cb8.tar.gz
- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage
Diffstat (limited to 'win32')
-rw-r--r--win32/winutil.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/win32/winutil.c b/win32/winutil.c
index f3043f5..a7a6922 100644
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -87,11 +87,14 @@ PHPAPI int php_win32_get_random_bytes(unsigned char *buf, size_t size) { /* {{{
#endif
if (has_crypto_ctx == 0) {
- if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+ /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */
+ if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
/* Could mean that the key container does not exist, let try
- again by asking for a new one */
+ again by asking for a new one. If it fails here, it surely means that the user running
+ this process does not have the permission(s) to use this container.
+ */
if (GetLastError() == NTE_BAD_KEYSET) {
- if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+ if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) {
has_crypto_ctx = 1;
} else {
has_crypto_ctx = 0;