Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/rand: Legacy RtlGenRandom use on Windows [1.21 backport] #64413

Closed
gopherbot opened this issue Nov 27, 2023 · 2 comments
Closed

crypto/rand: Legacy RtlGenRandom use on Windows [1.21 backport] #64413

gopherbot opened this issue Nov 27, 2023 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Milestone
Go1.21.5

Comments

@gopherbot
Copy link
Contributor

@rolandshoemaker requested issue #53192 to be considered for backport to the next 1.21 minor release.

@gopherbot please open backport issues, this reduces the impact of a security issue.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Nov 27, 2023
@gopherbot gopherbot mentioned this issue Nov 27, 2023
Closed
@gopherbot gopherbot added this to the Go1.21.5 milestone Nov 27, 2023
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/545355 mentions this issue: [release-branch.go1.21 crypto/rand,runtime: switch RtlGenRandom for ProcessPrng

@rolandshoemaker rolandshoemaker added Security CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Nov 28, 2023
@gopherbot
Copy link
Contributor Author

Closed by merging 9e43850 to release-branch.go1.21.

gopherbot pushed a commit that referenced this issue Nov 28, 2023
@rolandshoemaker @gopherbot
[release-branch.go1.21] crypto/rand,runtime: switch RtlGenRandom for …
9e43850 
…ProcessPrng

RtlGenRandom is a semi-undocumented API, also known as
SystemFunction036, which we use to generate random data on Windows.
It's definition, in cryptbase.dll, is an opaque wrapper for the
documented API ProcessPrng. Instead of using RtlGenRandom, switch to
using ProcessPrng, since the former is simply a wrapper for the latter,
there should be no practical change on the user side, other than a minor
change in the DLLs we load.

Updates #53192
Fixes #64413

Change-Id: Ie6891bf97b1d47f5368cccbe92f374dba2c2672a
Reviewed-on: https://go-review.googlesource.com/c/go/+/536235
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Quim Muntal <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
(cherry picked from commit 693def1)
Reviewed-on: https://go-review.googlesource.com/c/go/+/545355
Auto-Submit: Dmitri Shuralyov <[email protected]>
@dmitshur dmitshur mentioned this issue Dec 8, 2023
Closed
@jiangslee jiangslee mentioned this issue Mar 21, 2024
Open
@golang golang locked and limited conversation to collaborators Nov 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Projects
None yet
Milestone
Go1.21.5
Development

No branches or pull requests
2 participants
@rolandshoemaker @gopherbot