Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Windows 7 support? Missing ProcessPrng #1997

Open
0blu opened this issue Nov 17, 2024 · 7 comments
Open

Windows 7 support? Missing ProcessPrng #1997

0blu opened this issue Nov 17, 2024 · 7 comments
Assignees
@torben-hansen @justsmth

Comments

@0blu
Copy link

0blu commented Nov 17, 2024

Problem:

I actually came here from aws-lc-rust. I tried to use the following minimal example with x86_64-win7-windows-msvc but as soon as the library tries to access ProcessPrng the program aborts.

use aws_lc_rs::rand::{SecureRandom, SystemRandom};

fn main() {
    let rng = SystemRandom::new();

    let mut buffer = [0u8; 32];
    println!("Going to fill bytes...");
    if rng.fill(&mut buffer).is_err() { // <-- Crash in `init_processprng`
        println!("Error filling random bytes");
    } else {
        println!("Everything is okay");
    }
}

Erroneous line:

aws-lc/crypto/rand_extra/windows.c

Line 68 in 745359e

g_processprng_fn = (ProcessPrngFunction)(void(*)(void))GetProcAddress(hmod, "ProcessPrng");

Solution:

Rust recently switched from BCryptGenRandom to ProcessPrng but allowed a path for Windows 7.
rust-lang/rust#121337

Is a similar solution also possible in this project?
@justsmth justsmth self-assigned this Nov 19, 2024
@justsmth
Copy link
Contributor

Hello!

Thanks for letting us know about this problem, and for the reference to how Rust solved it.

I was trying to reproduce this with aws-lc-rs, but I'm having trouble with the build. I suspect my issue relates to not having the toolchain setup. (Since this is a tier 3 platform, are there any pre-built toolchains available?)

Here's what I tried (on a Windows host using the bash shell provided by Git), and the resulting error:

> rustup +nightly component add rust-src
...
> cargo +nightly build -Z build-std --target x86_64-win7-windows-msvc
...
...
  = note: LINK : fatal error LNK1181: cannot open input file 'windows.0.52.0.lib'␍


error: could not compile `aws-lc-rs` (example "digest") due to 1 previous error

If you can provide some guidance on how to setup a development environment for this, it would be appreciated. Thanks!

@0blu
Copy link
Author

0blu commented Nov 20, 2024
edited
Loading

Hey, I appreciate you being open to supporting a legacy system like Windows 7.
I am using a Windows 11 / Linux host for developing and a Windows 7 VM to test compatibility.

For my initial test project (shown above) I also used cargo +nightly build --release --target x86_64-win7-windows-msvc -Zbuild-std just like you, but with

[dependencies]
aws-lc-rs = { version = "1.11.0", default-features = false, features = ["aws-lc-sys", "prebuilt-nasm"] }

If I reference aws-lc-rs directly I cant even get the project to build, even if I target x86_64-pc-windows-msvc.
My Cargo.toml looks like this in this case:

[dependencies]
aws-lc-rs = { path = "../aws-lc-rs/aws-lc-rs", default-features = false, features = ["aws-lc-sys", "prebuilt-nasm"] }

Do you have an idea what might cause this error?

Errors building test project with direct aws-lc-rs reference 
error: failed to run custom build command for `aws-lc-sys v0.23.0 (D:\Programming\RustroverProjects\aws-lc-rs\aws-lc-sys)`
note: To improve backtraces for build dependencies, set the CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true environment variable to enable debug information generation.
Caused by:
  process didn't exit successfully: `D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\build\aws-lc-sys-fb9840f122951cd6\build-script-main` (exit code: 101)
  --- stdout
  cargo:rerun-if-env-changed=AWS_LC_SYS_NO_PREFIX
  cargo:rerun-if-env-changed=AWS_LC_SYS_PREGENERATING_BINDINGS
  cargo:rerun-if-env-changed=AWS_LC_SYS_EXTERNAL_BINDGEN
  cargo:rerun-if-env-changed=AWS_LC_SYS_NO_ASM
  cargo:rerun-if-env-changed=AWS_LC_SYS_CFLAGS
  cargo:rerun-if-env-changed=AWS_LC_SYS_PREBUILT_NASM
  cargo:rerun-if-env-changed=AWS_LC_SYS_C_STD
  cargo:rustc-cfg=x86_64_pc_windows_msvc
  cargo:rerun-if-env-changed=AWS_LC_SYS_CMAKE_BUILDER
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  default_for Target: 'x86_64-pc-windows-msvc'
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  cargo:rerun-if-env-changed=CMAKE
  cargo:warning=Building with: CMake
  cargo:warning=Symbol Prefix: Some("aws_lc_0_23_0")
  cargo:rerun-if-env-changed=CMAKE
  cargo:warning=CMAKE environment variable set: cmake
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  OPT_LEVEL = Some(0)
  TARGET = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=VCINSTALLDIR
  VCINSTALLDIR = None
  cargo:rerun-if-env-changed=VSTEL_MSBuildProjectFullPath
  VSTEL_MSBuildProjectFullPath = None
  cargo:rerun-if-env-changed=VSCMD_ARG_VCVARS_SPECTRE
  VSCMD_ARG_VCVARS_SPECTRE = None
  cargo:rerun-if-env-changed=WindowsSdkDir
  WindowsSdkDir = None
  cargo:rerun-if-env-changed=WindowsSDKVersion
  WindowsSDKVersion = None
  cargo:rerun-if-env-changed=LIB
  LIB = None
  PATH = Some(D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\deps;D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug;C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib\rustlib\x86_64-pc-windows-msvc\lib;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Users\User\.cargo\bin;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files\CMake\bin)
  cargo:rerun-if-env-changed=INCLUDE
  INCLUDE = None
  HOST = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some(cmpxchg16b,fxsr,sse,sse2,sse3)
  DEBUG = Some(true)
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  OPT_LEVEL = Some(0)
  TARGET = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=VCINSTALLDIR
  VCINSTALLDIR = None
  cargo:rerun-if-env-changed=VSTEL_MSBuildProjectFullPath
  VSTEL_MSBuildProjectFullPath = None
  cargo:rerun-if-env-changed=VSCMD_ARG_VCVARS_SPECTRE
  VSCMD_ARG_VCVARS_SPECTRE = None
  cargo:rerun-if-env-changed=WindowsSdkDir
  WindowsSdkDir = None
  cargo:rerun-if-env-changed=WindowsSDKVersion
  WindowsSDKVersion = None
  cargo:rerun-if-env-changed=LIB
  LIB = None
  PATH = Some(D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\deps;D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug;C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib\rustlib\x86_64-pc-windows-msvc\lib;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Users\User\.cargo\bin;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files\CMake\bin)
  cargo:rerun-if-env-changed=INCLUDE
  INCLUDE = None
  HOST = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some(cmpxchg16b,fxsr,sse,sse2,sse3)
  DEBUG = Some(true)
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
  c11.c
  c1: fatal error C1083: Cannot open source file: 'D:\Programming\RustroverProjects\aws-lc-rs\aws-lc-sys\aws-lc\tests\compiler_features_tests\c11.c': No such file or directory
  cargo:warning=Compilation of 'c11.c' failed - Err(Error { kind: ToolExecError, message: "Command \"C:\\\\Program Files\\\\Microsoft Visual Studio\\\\2022\\\\Community\\\\VC\\\\Tools\\\\MSVC\\\\14.38.33130\\\\bin\\\\HostX64\\\\x64\\\\cl.exe\" \"-nologo\" \"-MD\" \"-Z7\" \"-Brepro\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\generated-include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\third_party\\\\s2n-bignum\\\\include\" \"-W4\" \"-DBORINGSSL_IMPLEMENTATION=1\" \"-DBORINGSSL_PREFIX=aws_lc_0_23_0\" \"-WX\" \"-FoD:\\\\Programming\\\\RustroverProjects\\\\testing-aws-lc-rs\\\\target\\\\debug\\\\build\\\\aws-lc-sys-133c3d3173e1a4dc\\\\out\\\\out-c11\\\\56208fb35cfa499a-c11.o\" \"-c\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\tests\\\\compiler_features_tests\\\\c11.c\" with args cl.exe did not execute successfully (status code exit code: 2)." }).
  cargo:rerun-if-env-changed=CC
  cargo:rerun-if-env-changed=CXX
  cargo:warning=Setting CFLAGS: "-nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0"
  cargo:rerun-if-env-changed=CMAKE_TOOLCHAIN_FILE
  cargo:rerun-if-env-changed=CMAKE_TOOLCHAIN_FILE_x86_64_pc_windows_msvc
  cargo:warning=!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  cargo:warning=!!!   Using pre-built NASM binaries   !!!
  cargo:warning=!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  CMAKE_TOOLCHAIN_FILE_x86_64-pc-windows-msvc = None
  CMAKE_TOOLCHAIN_FILE_x86_64_pc_windows_msvc = None
  HOST_CMAKE_TOOLCHAIN_FILE = None
  CMAKE_TOOLCHAIN_FILE = None
  CMAKE_GENERATOR_x86_64-pc-windows-msvc = None
  CMAKE_GENERATOR_x86_64_pc_windows_msvc = None
  HOST_CMAKE_GENERATOR = None
  CMAKE_GENERATOR = None
  CMAKE_PREFIX_PATH_x86_64-pc-windows-msvc = None
  CMAKE_PREFIX_PATH_x86_64_pc_windows_msvc = None
  HOST_CMAKE_PREFIX_PATH = None
  CMAKE_PREFIX_PATH = None
  CMAKE_x86_64-pc-windows-msvc = None
  CMAKE_x86_64_pc_windows_msvc = None
  HOST_CMAKE = None
  CMAKE = Some("cmake")
  running: "cmake" "D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys" "-G" "Visual Studio 17 2022" "-Thost=x64" "-Ax64" "-DBUILD_SHARED_LIBS=0" "-DCMAKE_BUILD_TYPE=debug" "-DBORINGSSL_PREFIX=aws_lc_0_23_0_" "-DBORINGSSL_PREFIX_HEADERS=D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include" "-DBUILD_TESTING=OFF" "-DBUILD_LIBSSL=OFF" "-DDISABLE_PERL=ON" "-DDISABLE_GO=ON" "-DCMAKE_ASM_NASM_COMPILER=D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/builder/prebuilt-nasm.bat" "-DCMAKE_INSTALL_PREFIX=D:\\Programming\\RustroverProjects\\testing-aws-lc-rs\\target\\debug\\build\\aws-lc-sys-133c3d3173e1a4dc\\out" "-DCMAKE_C_FLAGS= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_C_FLAGS_DEBUG= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_CXX_FLAGS= -nologo -MD -Brepro" "-DCMAKE_CXX_FLAGS_DEBUG= -nologo -MD -Brepro" "-DCMAKE_ASM_FLAGS= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_ASM_FLAGS_DEBUG= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "--no-warn-unused-cli"
  Not searching for unused variables given on the command line.
  -- Selecting Windows SDK version 10.0.22621.0 to target Windows 10.0.22631.
  -- Configuring incomplete, errors occurred!
  --- stderr
  CMake Deprecation Warning at CMakeLists.txt:4 (cmake_minimum_required):
    Compatibility with CMake < 3.10 will be removed from a future version of
    CMake.
    Update the VERSION argument <min> value or use a ...<max> suffix to tell
    CMake that the project does not need compatibility with older versions.
  CMake Error at CMakeLists.txt:20 (add_subdirectory):
    The source directory
      D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/aws-lc
    does not contain a CMakeLists.txt file.
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:37 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:55 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:59 (set_my_target_properties)
  thread 'main' panicked at C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\cmake-0.1.51\src/lib.rs:1100:5:
  command did not execute successfully, got: exit code: 1
  build script failed, must exit now
  stack backtrace:
     0: std::panicking::begin_panic_handler
               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library/std\src\panicking.rs:662
     1: core::panicking::panic_fmt
               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library/core\src\panicking.rs:74
     2: cmake::find_exe::{{closure}}
     3: <cmake::Version as core::default::Default>::default
     4: cmake::Config::build
     5: build_script_main::cmake_builder::CmakeBuilder::new
     6: <build_script_main::cmake_builder::CmakeBuilder as build_script_main::Builder>::build
     7: build_script_main::is_crt_static
     8: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

I somehow even get an error when trying to compile Test rustls or rusttls-cli-bench directly (git at v1.11.0)
(bogo and ech-client compiled successfully though):

Errors building Test rustls 
C:/Users/User/.cargo/bin/cargo.exe --version
cargo 1.82.0 (8f40fc59f 2024-08-21)

C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\bin\rustc.exe --version
rustc 1.82.0 (f6e511eec 2024-10-15)

C:/Users/User/.cargo/bin/cargo.exe test --color=always --message-format=json-diagnostic-rendered-ansi --no-run --workspace --profile test
   Compiling rustls-ci-bench v0.0.1 (D:\Programming\RustroverProjects\rustls\ci-bench)
error[E0432]: unresolved import `std::os::fd`
   --> ci-bench\src/main.rs:6:14
    |
6   | use std::os::fd::{AsRawFd, FromRawFd};
    |              ^^ could not find `fd` in `os`
    |
note: found an item that was configured out
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\os\mod.rs:160:9
    |
160 | pub mod fd;
    |         ^^
note: the item is gated here
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\os\mod.rs:159:1
    |
159 | #[cfg(any(unix, target_os = "hermit", target_os = "wasi", doc))]
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error[E0599]: no function or associated item named `from_raw_fd` found for struct `File` in the current scope
   --> ci-bench\src/main.rs:151:44
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) };
    |                                            ^^^^^^^^^^^ function or associated item not found in `File`
    |
note: if you're trying to build a new `File` consider using one of the following associated functions:
      File::open
      File::create
      File::create_new
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\fs.rs:374:5
    |
374 |     pub fn open<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
403 |     pub fn create<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
437 |     pub fn create_new<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: there is an associated function `from_raw_handle` with a similar name
    |
151 |             let mut stdin = unsafe { File::from_raw_handle(stdin_lock.as_raw_fd()) };
    |                                            ~~~~~~~~~~~~~~~

error[E0599]: no method named `as_raw_fd` found for struct `StdinLock` in the current scope
   --> ci-bench\src/main.rs:151:67
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) };
    |                                                                   ^^^^^^^^^
    |
help: there is a method `as_raw_handle` with a similar name
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_handle()) };
    |                                                                   ~~~~~~~~~~~~~

error[E0599]: no function or associated item named `from_raw_fd` found for struct `File` in the current scope
   --> ci-bench\src/main.rs:152:45
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) };
    |                                             ^^^^^^^^^^^ function or associated item not found in `File`
    |
note: if you're trying to build a new `File` consider using one of the following associated functions:
      File::open
      File::create
      File::create_new
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\fs.rs:374:5
    |
374 |     pub fn open<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
403 |     pub fn create<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
437 |     pub fn create_new<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: there is an associated function `from_raw_handle` with a similar name
    |
152 |             let mut stdout = unsafe { File::from_raw_handle(stdout_lock.as_raw_fd()) };
    |                                             ~~~~~~~~~~~~~~~

error[E0599]: no method named `as_raw_fd` found for struct `StdoutLock` in the current scope
   --> ci-bench\src/main.rs:152:69
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) };
    |                                                                     ^^^^^^^^^
    |
help: there is a method `as_raw_handle` with a similar name
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_handle()) };
    |                                                                     ~~~~~~~~~~~~~

error: aborting due to 5 previous errors

Some errors have detailed explanations: E0432, E0599.
For more information about an error, try `rustc --explain E0432`.
error: could not compile `rustls-ci-bench` (bin "rustls-ci-bench" test) due to 6 previous errors
Process finished with exit code 101

@justsmth
Copy link
Contributor

justsmth commented Nov 20, 2024
edited
Loading 

...
The source directory
      D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/aws-lc
    does not contain a CMakeLists.txt file.
...

This looks like the error I get when I forget to initialize the git submodules. (The Makefile in our project has some convenient targets for doing this.)

Thanks for the response. I'll take a closer look at this tomorrow.

@ctz
Copy link

ctz commented Nov 20, 2024

Compiling rustls-ci-bench v0.0.1 (D:\Programming\RustroverProjects\rustls\ci-bench)

This is part of rustls's performance CI infrastructure, and is not intended to be portable to platforms other than linux.

@0blu
Copy link
Author

0blu commented Nov 21, 2024

initialize the git submodules

Thanks, I somehow missed that.
I ran a quick sanity check and it seems to work

Using my test project with aws-lc-rs as a folder reference (like above), I was able to successfully run it under Windows 7.

The previous code in this repo used RtlGenRandom aka advapi32!SystemFunction036, which according to Microsoft should never be used.
So I hacked an proof of concept with bcrypt!BCryptGenRandom together.

The patch that I've used 
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
--- a/crypto/rand_extra/windows.c	(revision 745359e8569fdafa8897ac2fffdfd0fdcf620563)
+++ b/crypto/rand_extra/windows.c	(date 1732146659715)
@@ -24,6 +24,11 @@
 OPENSSL_MSVC_PRAGMA(warning(push, 3))
 
 #include <windows.h>
+#include <bcrypt.h>
+
+#ifndef NT_SUCCESS
+#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
+#endif
 
 #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
     !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
@@ -56,17 +61,44 @@
 
 #else
 
-// See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng
-typedef BOOL (WINAPI *ProcessPrngFunction)(PBYTE pbData, SIZE_T cbData);
-static ProcessPrngFunction g_processprng_fn = NULL;
+typedef NTSTATUS (WINAPI *BCryptGenRandomFunction)(
+_In_opt_                        BCRYPT_ALG_HANDLE   hAlgorithm,
+_Out_writes_bytes_(cbBuffer)    PUCHAR  pbBuffer,
+_In_                            ULONG   cbBuffer,
+_In_                            ULONG   dwFlags
+);
+static BCryptGenRandomFunction g_BCryptGenRandom_fn = NULL;
+static BCRYPT_ALG_HANDLE g_bcrypt_algorithm = NULL;
 
 static void init_processprng(void) {
-  HMODULE hmod = LoadLibraryW(L"bcryptprimitives");
-  if (hmod == NULL) {
+  HMODULE hmod = LoadLibraryW(L"bcrypt.dll");
+  if (hmod == NULL)
+  {
     abort();
   }
-  g_processprng_fn = (ProcessPrngFunction)(void(*)(void))GetProcAddress(hmod, "ProcessPrng");
-  if (g_processprng_fn == NULL) {
+
+  g_BCryptGenRandom_fn = (BCryptGenRandomFunction)GetProcAddress(hmod, "BCryptGenRandom");
+  if (g_BCryptGenRandom_fn == NULL)
+  {
+    abort();
+  }
+
+  typedef NTSTATUS (WINAPI *BCryptOpenAlgorithmProviderFunction)(
+    _Out_       BCRYPT_ALG_HANDLE   *phAlgorithm,
+    _In_z_      LPCWSTR pszAlgId,
+    _In_opt_z_  LPCWSTR pszImplementation,
+    _In_        ULONG   dwFlags
+  );
+
+  BCryptOpenAlgorithmProviderFunction algoFunc = (BCryptOpenAlgorithmProviderFunction)GetProcAddress(hmod, "BCryptOpenAlgorithmProvider");
+  if (algoFunc == NULL)
+  {
+    abort();
+  }
+
+  NTSTATUS status = algoFunc(&g_bcrypt_algorithm, BCRYPT_RNG_ALGORITHM, NULL, 0);
+  if (!NT_SUCCESS(status))
+  {
     abort();
   }
 }
@@ -78,11 +110,11 @@
 
 void CRYPTO_sysrand(uint8_t *out, size_t requested) {
   CRYPTO_init_sysrand();
-  // On non-UWP configurations, use ProcessPrng instead of BCryptGenRandom
-  // to avoid accessing resources that may be unavailable inside the
-  // Chromium sandbox. See https://crbug.com/74242
-  if (!g_processprng_fn(out, requested)) {
-    abort();
+
+  NTSTATUS status = g_BCryptGenRandom_fn(g_bcrypt_algorithm, out, (ULONG)requested, 0);
+  if (!NT_SUCCESS(status))
+  {
+      abort();
   }
 }

Maybe it's possible to clean this up a bit and put it behind a conditional #if directive (when targeting older windows).

@justsmth
Copy link
Contributor

Thanks for the patch!

Since this involves very security sensitive logic (i.e., entropy/randomness), it will take some time for us to consider it. As you indicated, in the end this change will likely be guarded by an #if directive as to only impact older Windows versions. I'll see if we can get this change through. We'll update you here when progress is made.

@torben-hansen
Copy link
Contributor

torben-hansen commented Dec 30, 2024
edited
Loading

Could one decide the code-path at compile-time? That is, if on Windows 7, then specifically compile the BCryptGenRandom() path. Windows 7 is far EOL, so I don't think that will create any sandbox issues.

Maybe this _WIN32_WINNT <= _WIN32_WINNT_WIN7 is sufficient per https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers

diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
index d1cacf1b8..1c494145d 100644
--- a/crypto/rand_extra/windows.c
+++ b/crypto/rand_extra/windows.c
@@ -25,16 +25,18 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 
 #include <windows.h>

#if defined(_WIN32_WINNT) && _WIN32_WINNT <= _WIN32_WINNT_WIN7
#define AWSLC_WINDOWS_7_COMPAT
#endif
 
-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
-    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#if (defined(AWSLC_WINDOWS_7_COMPAT) || \
+    (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
 #include <bcrypt.h>
 OPENSSL_MSVC_PRAGMA(comment(lib, "bcrypt.lib"))
 #endif  // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP
 
 OPENSSL_MSVC_PRAGMA(warning(pop))
 
-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
-    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#if (defined(AWSLC_WINDOWS_7_COMPAT) || \
+    (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
 
 void CRYPTO_init_sysrand(void) {}

I don't have a Win 7 on hand. Can you check if you have a test system set up already?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@torben-hansen torben-hansen

@justsmth justsmth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ctz @0blu @torben-hansen @justsmth