Remove static dependency on advapi.dll, impl random generation fallbacks

Down to Win95IE3.02/Win95OSR2/NT4 we get a somewhat reasonable implementation based on CryptGenRandom, before that we fall back to a non-cryptographic PRNG instead.

Author: seritools

library/std/src/sys/pal/windows/c.rs

@@ -111,7 +111,7 @@ if #[cfg(not(target_vendor = "uwp"))] {
 }
 
 // Use raw-dylib to import ProcessPrng as we can't rely on there being an import library.
-#[cfg(not(target_vendor = "win7"))]
+#[cfg(not(any(target_vendor = "win7", target_vendor = "rust9x")))]
 #[cfg_attr(
     target_arch = "x86",
     link(name = "bcryptprimitives", kind = "raw-dylib", import_name_type = "undecorated")
@@ -481,3 +481,36 @@ compat_fn_with_fallback! {
         FALSE
     }
 }
+
+#[cfg(target_vendor = "rust9x")]
+compat_fn_with_fallback! {
+    pub static advapi32: &CStr = c"advapi32" => { load: true, unicows: false };
+    // >= XP / Server 2003
+    // https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
+    pub fn SystemFunction036(
+        randombuffer: *mut core::ffi::c_void,
+        randombufferlength: u32
+    ) -> BOOLEAN {
+        unimplemented!()
+    }
+
+    // >= NT 4.0 / Windows 95 OSR2 / Windows 95 with IE 3.02
+    // https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta
+    pub fn CryptAcquireContextA(
+        phprov: *mut usize,
+        szcontainer: PCSTR,
+        szprovider: PCSTR,
+        dwprovtype: u32,
+        dwflags: u32
+    ) -> BOOL {
+        unimplemented!()
+    }
+    pub fn CryptReleaseContext(hprov: usize, dwflags: u32) -> BOOL {
+        unimplemented!()
+    }
+    pub fn CryptGenRandom(hprov: usize, dwlen: u32, pbbuffer: *mut u8) -> BOOL {
+        unimplemented!()
+    }
+}
+#[cfg(target_vendor = "rust9x")]
+pub use self::SystemFunction036 as RtlGenRandom;

library/std/src/sys/pal/windows/c/bindings.txt

@@ -2188,6 +2188,11 @@ Windows.Win32.Networking.WinSock.WSATRY_AGAIN
 Windows.Win32.Networking.WinSock.WSATYPE_NOT_FOUND
 Windows.Win32.Networking.WinSock.WSAVERNOTSUPPORTED
 Windows.Win32.Security.Authentication.Identity.RtlGenRandom
+Windows.Win32.Security.Cryptography.CRYPT_VERIFYCONTEXT
+Windows.Win32.Security.Cryptography.CryptAcquireContextA
+Windows.Win32.Security.Cryptography.CryptGenRandom
+Windows.Win32.Security.Cryptography.CryptReleaseContext
+Windows.Win32.Security.Cryptography.PROV_RSA_FULL
 Windows.Win32.Security.SECURITY_ATTRIBUTES
 Windows.Win32.Security.TOKEN_ACCESS_MASK
 Windows.Win32.Security.TOKEN_ACCESS_PSEUDO_HANDLE
@@ -2497,6 +2502,7 @@ Windows.Win32.System.SystemInformation.GetSystemInfo
 Windows.Win32.System.SystemInformation.GetSystemTime
 Windows.Win32.System.SystemInformation.GetSystemTimeAsFileTime
 Windows.Win32.System.SystemInformation.GetSystemTimePreciseAsFileTime
+Windows.Win32.System.SystemInformation.GetTickCount
 Windows.Win32.System.SystemInformation.GetVersion
 Windows.Win32.System.SystemInformation.GetWindowsDirectoryW
 Windows.Win32.System.SystemInformation.PROCESSOR_ARCHITECTURE

library/std/src/sys/pal/windows/c/windows_sys.rs

@@ -1,6 +1,9 @@
 // Bindings generated by `windows-bindgen` 0.58.0
 
 #![allow(non_snake_case, non_upper_case_globals, non_camel_case_types, dead_code, clippy::all)]
+windows_targets::link!("advapi32.dll" "system" fn CryptAcquireContextA(phprov : *mut usize, szcontainer : PCSTR, szprovider : PCSTR, dwprovtype : u32, dwflags : u32) -> BOOL);
+windows_targets::link!("advapi32.dll" "system" fn CryptGenRandom(hprov : usize, dwlen : u32, pbbuffer : *mut u8) -> BOOL);
+windows_targets::link!("advapi32.dll" "system" fn CryptReleaseContext(hprov : usize, dwflags : u32) -> BOOL);
 windows_targets::link!("advapi32.dll" "system" fn OpenProcessToken(processhandle : HANDLE, desiredaccess : TOKEN_ACCESS_MASK, tokenhandle : *mut HANDLE) -> BOOL);
 windows_targets::link!("advapi32.dll" "system" "SystemFunction036" fn RtlGenRandom(randombuffer : *mut core::ffi::c_void, randombufferlength : u32) -> BOOLEAN);
 windows_targets::link!("kernel32.dll" "system" fn AcquireSRWLockExclusive(srwlock : *mut SRWLOCK));
@@ -65,6 +68,7 @@ windows_targets::link!("kernel32.dll" "system" fn GetSystemTime(lpsystemtime : *
 windows_targets::link!("kernel32.dll" "system" fn GetSystemTimeAsFileTime(lpsystemtimeasfiletime : *mut FILETIME));
 windows_targets::link!("kernel32.dll" "system" fn GetSystemTimePreciseAsFileTime(lpsystemtimeasfiletime : *mut FILETIME));
 windows_targets::link!("kernel32.dll" "system" fn GetTempPathW(nbufferlength : u32, lpbuffer : PWSTR) -> u32);
+windows_targets::link!("kernel32.dll" "system" fn GetTickCount() -> u32);
 windows_targets::link!("kernel32.dll" "system" fn GetVersion() -> u32);
 windows_targets::link!("kernel32.dll" "system" fn GetWindowsDirectoryW(lpbuffer : PWSTR, usize : u32) -> u32);
 windows_targets::link!("kernel32.dll" "system" fn InitOnceBeginInitialize(lpinitonce : *mut INIT_ONCE, dwflags : u32, fpending : *mut BOOL, lpcontext : *mut *mut core::ffi::c_void) -> BOOL);
@@ -436,6 +440,7 @@ pub struct CRITICAL_SECTION_DEBUG {
     pub CreatorBackTraceIndexHigh: u16,
     pub Identifier: u16,
 }
+pub const CRYPT_VERIFYCONTEXT: u32 = 4026531840u32;
 pub const CSTR_EQUAL: COMPARESTRING_RESULT = 2i32;
 pub const CSTR_GREATER_THAN: COMPARESTRING_RESULT = 3i32;
 pub const CSTR_LESS_THAN: COMPARESTRING_RESULT = 1i32;
@@ -2918,6 +2923,7 @@ pub const PROFILE_KERNEL: PROCESS_CREATION_FLAGS = 536870912u32;
 pub const PROFILE_SERVER: PROCESS_CREATION_FLAGS = 1073741824u32;
 pub const PROFILE_USER: PROCESS_CREATION_FLAGS = 268435456u32;
 pub const PROGRESS_CONTINUE: u32 = 0u32;
+pub const PROV_RSA_FULL: u32 = 1u32;
 pub type PSTR = *mut u8;
 pub type PTIMERAPCROUTINE = Option<
     unsafe extern "system" fn(

library/std/src/sys/random/windows.rs

@@ -1,6 +1,6 @@
 use crate::sys::c;
 
-#[cfg(not(target_vendor = "win7"))]
+#[cfg(not(any(target_vendor = "win7", target_vendor = "rust9x")))]
 #[inline]
 pub fn fill_bytes(bytes: &mut [u8]) {
     let ret = unsafe { c::ProcessPrng(bytes.as_mut_ptr(), bytes.len()) };
@@ -18,3 +18,96 @@ pub fn fill_bytes(mut bytes: &mut [u8]) {
         bytes = &mut bytes[len as usize..];
     }
 }
+
+#[cfg(target_vendor = "rust9x")]
+mod rust9x {
+    use super::*;
+    use crate::sys::sync::OnceBox;
+
+    pub fn fill_bytes(mut bytes: &mut [u8]) {
+        if let Some(f) = c::RtlGenRandom::available() {
+            while !bytes.is_empty() {
+                let len = bytes.len().try_into().unwrap_or(u32::MAX);
+                let ret = unsafe { f(bytes.as_mut_ptr().cast(), len) };
+                assert_ne!(ret, 0, "failed to generate random data");
+                bytes = &mut bytes[len as usize..];
+            }
+        } else if let Some(f) = c::CryptGenRandom::available() {
+            let ctx = CRYPT_CONTEXT.get_or_init(init_crypt_context);
+            while !bytes.is_empty() {
+                let len = bytes.len().try_into().unwrap_or(u32::MAX);
+                let ret = unsafe { f(ctx.0, len, bytes.as_mut_ptr().cast()) };
+                assert_ne!(ret, 0, "failed to generate random data");
+                bytes = &mut bytes[len as usize..];
+            }
+        } else {
+            // well, we tried, fall back to a non-cryptographically-secure PRNG
+            // for NT <4.0 and 95 without IE3.02 or higher.
+
+            // seed with stack address and tick count
+            let mut state: [u32; 2] = [unsafe { c::GetTickCount() }, 0];
+            state[1] = (&raw const state) as u32;
+
+            let mut chunks = bytes.chunks_exact_mut(4);
+            for chunk in &mut chunks {
+                let [a, b, c, d] = xoroshiro64_star_star(&mut state).to_ne_bytes();
+                chunk[0] = a;
+                chunk[1] = b;
+                chunk[2] = c;
+                chunk[3] = d;
+            }
+
+            let remainder = chunks.into_remainder();
+            if remainder.is_empty() {
+                return;
+            }
+
+            for (rem, val) in
+                remainder.iter_mut().zip(xoroshiro64_star_star(&mut state).to_ne_bytes())
+            {
+                *rem = val;
+            }
+        }
+    }
+
+    static CRYPT_CONTEXT: OnceBox<HCryptProvider> = OnceBox::new();
+
+    struct HCryptProvider(usize);
+    impl Drop for HCryptProvider {
+        fn drop(&mut self) {
+            unsafe {
+                c::CryptReleaseContext(self.0, 0);
+            }
+        }
+    }
+
+    fn init_crypt_context() -> Box<HCryptProvider> {
+        let mut crypt_context = 0;
+        unsafe {
+            let ret = c::CryptAcquireContextA(
+                &mut crypt_context,
+                core::ptr::null(),
+                core::ptr::null(),
+                c::PROV_RSA_FULL,
+                c::CRYPT_VERIFYCONTEXT,
+            );
+            assert_ne!(ret, c::FALSE, "failed to acquire crypt context: {:#X}", c::GetLastError());
+        };
+        Box::new(HCryptProvider(crypt_context))
+    }
+
+    // xoroshiro64**
+    // 2018 by David Blackman and Sebastiano Vigna (vigna@acm.org)
+    // https://prng.di.unimi.it/xoroshiro64starstar.c
+    fn xoroshiro64_star_star(state: &mut [u32; 2]) -> u32 {
+        let result = state[0].wrapping_mul(0x9E3779BB).rotate_left(5).wrapping_mul(5);
+        state[1] ^= state[0];
+        state[0] = state[0].rotate_left(26) ^ state[1] ^ (state[1] << 9);
+        state[1] = state[1].rotate_left(13);
+
+        result
+    }
+}
+
+#[cfg(target_vendor = "rust9x")]
+pub use rust9x::fill_bytes;

library/std/src/sys/sync/mod.rs

@@ -9,6 +9,6 @@ pub use condvar::Condvar;
 pub use mutex::Mutex;
 pub use once::{Once, OnceState};
 #[allow(unused)] // Only used on some platforms.
-use once_box::OnceBox;
+pub(crate) use once_box::OnceBox;
 pub use rwlock::RwLock;
 pub use thread_parking::Parker;