1 //! Implementation for Windows
2 use crate::Error;
3 use core::{ffi::c_void, mem::MaybeUninit, num::NonZeroU32, ptr};
4
5 const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;
6
7 #[link(name = "bcrypt")]
8 extern "system" {
BCryptGenRandom( hAlgorithm: *mut c_void, pBuffer: *mut u8, cbBuffer: u32, dwFlags: u32, ) -> u329 fn BCryptGenRandom(
10 hAlgorithm: *mut c_void,
11 pBuffer: *mut u8,
12 cbBuffer: u32,
13 dwFlags: u32,
14 ) -> u32;
15 }
16
17 // Forbidden when targetting UWP
18 #[cfg(not(target_vendor = "uwp"))]
19 #[link(name = "advapi32")]
20 extern "system" {
21 #[link_name = "SystemFunction036"]
RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u822 fn RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u8;
23 }
24
getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error>25 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
26 // Prevent overflow of u32
27 for chunk in dest.chunks_mut(u32::max_value() as usize) {
28 // BCryptGenRandom was introduced in Windows Vista
29 let ret = unsafe {
30 BCryptGenRandom(
31 ptr::null_mut(),
32 chunk.as_mut_ptr() as *mut u8,
33 chunk.len() as u32,
34 BCRYPT_USE_SYSTEM_PREFERRED_RNG,
35 )
36 };
37 // NTSTATUS codes use the two highest bits for severity status.
38 if ret >> 30 == 0b11 {
39 // Failed. Try RtlGenRandom as a fallback.
40 #[cfg(not(target_vendor = "uwp"))]
41 {
42 let ret =
43 unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };
44 if ret != 0 {
45 continue;
46 }
47 }
48 // We zeroize the highest bit, so the error code will reside
49 // inside the range designated for OS codes.
50 let code = ret ^ (1 << 31);
51 // SAFETY: the second highest bit is always equal to one,
52 // so it's impossible to get zero. Unfortunately the type
53 // system does not have a way to express this yet.
54 let code = unsafe { NonZeroU32::new_unchecked(code) };
55 return Err(Error::from(code));
56 }
57 }
58 Ok(())
59 }
60