From 2784652ab880dcea82aa212096b64d39695012fc Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 5 Apr 2015 22:21:59 +0200 Subject: Windows vulnerability fix: CryptAcquireContext vulnerability fix. Add checks to random generator to abort in case of error and display a diagnose message to the user. --- src/Common/BootEncryption.cpp | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'src/Common/BootEncryption.cpp') diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index c01a8b4b..ae57dc37 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1383,7 +1383,12 @@ namespace VeraCrypt request.WipeAlgorithm = wipeAlgorithm; if (Randinit() != ERR_SUCCESS) - throw ParameterIncorrect (SRC_POS); + { + if (CryptoAPILastError == ERROR_SUCCESS) + throw RandInitFailed (SRC_POS, GetLastError ()); + else + throw CryptoApiFailed (SRC_POS, CryptoAPILastError); + } /* force the display of the random enriching dialog */ SetRandomPoolEnrichedByUserStatus (FALSE); @@ -1421,9 +1426,17 @@ namespace VeraCrypt void BootEncryption::WipeHiddenOSCreationConfig () { - if (IsHiddenOSRunning() || Randinit() != ERR_SUCCESS) + if (IsHiddenOSRunning()) throw ParameterIncorrect (SRC_POS); + if (Randinit() != ERR_SUCCESS) + { + if (CryptoAPILastError == ERROR_SUCCESS) + throw RandInitFailed (SRC_POS, GetLastError ()); + else + throw CryptoApiFailed (SRC_POS, CryptoAPILastError); + } + Device device (GetSystemDriveConfiguration().DevicePath); device.CheckOpened(); byte mbr[TC_SECTOR_SIZE_BIOS]; @@ -2280,7 +2293,13 @@ namespace VeraCrypt RandSetHashFunction (pkcs5); } - throw_sys_if (Randinit () != 0); + if (Randinit() != 0) + { + if (CryptoAPILastError == ERROR_SUCCESS) + throw RandInitFailed (SRC_POS, GetLastError ()); + else + throw CryptoApiFailed (SRC_POS, CryptoAPILastError); + } finally_do ({ RandStop (FALSE); }); /* force the display of the random enriching dialog */ -- cgit v1.2.3