Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows 7 support? Missing ProcessPrng #1997

Open
0blu opened this issue Nov 17, 2024 · 7 comments
Open

Windows 7 support? Missing ProcessPrng #1997

0blu opened this issue Nov 17, 2024 · 7 comments
Assignees
@torben-hansen @justsmth

Comments

@0blu
Copy link

0blu commented Nov 17, 2024

Problem:

I actually came here from aws-lc-rust. I tried to use the following minimal example with x86_64-win7-windows-msvc but as soon as the library tries to access ProcessPrng the program aborts.

use aws_lc_rs::rand::{SecureRandom, SystemRandom};

fn main() {
    let rng = SystemRandom::new();

    let mut buffer = [0u8; 32];
    println!("Going to fill bytes...");
    if rng.fill(&mut buffer).is_err() { // <-- Crash in `init_processprng`
        println!("Error filling random bytes");
    } else {
        println!("Everything is okay");
    }
}

Erroneous line:

aws-lc/crypto/rand_extra/windows.c

Line 68 in 745359e

g_processprng_fn = (ProcessPrngFunction)(void(*)(void))GetProcAddress(hmod, "ProcessPrng");

Solution:

Rust recently switched from BCryptGenRandom to ProcessPrng but allowed a path for Windows 7.
rust-lang/rust#121337

Is a similar solution also possible in this project?
@justsmth justsmth self-assigned this Nov 19, 2024
@justsmth
Copy link
Contributor

Hello!

Thanks for letting us know about this problem, and for the reference to how Rust solved it.

I was trying to reproduce this with aws-lc-rs, but I'm having trouble with the build. I suspect my issue relates to not having the toolchain setup. (Since this is a tier 3 platform, are there any pre-built toolchains available?)

Here's what I tried (on a Windows host using the bash shell provided by Git), and the resulting error:

> rustup +nightly component add rust-src
...
> cargo +nightly build -Z build-std --target x86_64-win7-windows-msvc
...
...
  = note: LINK : fatal error LNK1181: cannot open input file 'windows.0.52.0.lib'␍


error: could not compile `aws-lc-rs` (example "digest") due to 1 previous error

If you can provide some guidance on how to setup a development environment for this, it would be appreciated. Thanks!

@0blu
Copy link
Author

0blu commented Nov 20, 2024
edited
Loading

Hey, I appreciate you being open to supporting a legacy system like Windows 7.
I am using a Windows 11 / Linux host for developing and a Windows 7 VM to test compatibility.

For my initial test project (shown above) I also used cargo +nightly build --release --target x86_64-win7-windows-msvc -Zbuild-std just like you, but with

[dependencies]
aws-lc-rs = { version = "1.11.0", default-features = false, features = ["aws-lc-sys", "prebuilt-nasm"] }

If I reference aws-lc-rs directly I cant even get the project to build, even if I target x86_64-pc-windows-msvc.
My Cargo.toml looks like this in this case:

[dependencies]
aws-lc-rs = { path = "../aws-lc-rs/aws-lc-rs", default-features = false, features = ["aws-lc-sys", "prebuilt-nasm"] }

Do you have an idea what might cause this error?

Errors building test project with direct aws-lc-rs reference 
error: failed to run custom build command for `aws-lc-sys v0.23.0 (D:\Programming\RustroverProjects\aws-lc-rs\aws-lc-sys)`
note: To improve backtraces for build dependencies, set the CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true environment variable to enable debug information generation.
Caused by:
  process didn't exit successfully: `D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\build\aws-lc-sys-fb9840f122951cd6\build-script-main` (exit code: 101)
  --- stdout
  cargo:rerun-if-env-changed=AWS_LC_SYS_NO_PREFIX
  cargo:rerun-if-env-changed=AWS_LC_SYS_PREGENERATING_BINDINGS
  cargo:rerun-if-env-changed=AWS_LC_SYS_EXTERNAL_BINDGEN
  cargo:rerun-if-env-changed=AWS_LC_SYS_NO_ASM
  cargo:rerun-if-env-changed=AWS_LC_SYS_CFLAGS
  cargo:rerun-if-env-changed=AWS_LC_SYS_PREBUILT_NASM
  cargo:rerun-if-env-changed=AWS_LC_SYS_C_STD
  cargo:rustc-cfg=x86_64_pc_windows_msvc
  cargo:rerun-if-env-changed=AWS_LC_SYS_CMAKE_BUILDER
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  default_for Target: 'x86_64-pc-windows-msvc'
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  cargo:rerun-if-env-changed=CMAKE
  cargo:warning=Building with: CMake
  cargo:warning=Symbol Prefix: Some("aws_lc_0_23_0")
  cargo:rerun-if-env-changed=CMAKE
  cargo:warning=CMAKE environment variable set: cmake
  cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC
  OPT_LEVEL = Some(0)
  TARGET = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=VCINSTALLDIR
  VCINSTALLDIR = None
  cargo:rerun-if-env-changed=VSTEL_MSBuildProjectFullPath
  VSTEL_MSBuildProjectFullPath = None
  cargo:rerun-if-env-changed=VSCMD_ARG_VCVARS_SPECTRE
  VSCMD_ARG_VCVARS_SPECTRE = None
  cargo:rerun-if-env-changed=WindowsSdkDir
  WindowsSdkDir = None
  cargo:rerun-if-env-changed=WindowsSDKVersion
  WindowsSDKVersion = None
  cargo:rerun-if-env-changed=LIB
  LIB = None
  PATH = Some(D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\deps;D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug;C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib\rustlib\x86_64-pc-windows-msvc\lib;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Users\User\.cargo\bin;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files\CMake\bin)
  cargo:rerun-if-env-changed=INCLUDE
  INCLUDE = None
  HOST = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some(cmpxchg16b,fxsr,sse,sse2,sse3)
  DEBUG = Some(true)
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  OPT_LEVEL = Some(0)
  TARGET = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=VCINSTALLDIR
  VCINSTALLDIR = None
  cargo:rerun-if-env-changed=VSTEL_MSBuildProjectFullPath
  VSTEL_MSBuildProjectFullPath = None
  cargo:rerun-if-env-changed=VSCMD_ARG_VCVARS_SPECTRE
  VSCMD_ARG_VCVARS_SPECTRE = None
  cargo:rerun-if-env-changed=WindowsSdkDir
  WindowsSdkDir = None
  cargo:rerun-if-env-changed=WindowsSDKVersion
  WindowsSDKVersion = None
  cargo:rerun-if-env-changed=LIB
  LIB = None
  PATH = Some(D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug\deps;D:\Programming\RustroverProjects\testing-aws-lc-rs\target\debug;C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib\rustlib\x86_64-pc-windows-msvc\lib;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Users\User\.cargo\bin;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files\CMake\bin)
  cargo:rerun-if-env-changed=INCLUDE
  INCLUDE = None
  HOST = Some(x86_64-pc-windows-msvc)
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some(cmpxchg16b,fxsr,sse,sse2,sse3)
  DEBUG = Some(true)
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
  c11.c
  c1: fatal error C1083: Cannot open source file: 'D:\Programming\RustroverProjects\aws-lc-rs\aws-lc-sys\aws-lc\tests\compiler_features_tests\c11.c': No such file or directory
  cargo:warning=Compilation of 'c11.c' failed - Err(Error { kind: ToolExecError, message: "Command \"C:\\\\Program Files\\\\Microsoft Visual Studio\\\\2022\\\\Community\\\\VC\\\\Tools\\\\MSVC\\\\14.38.33130\\\\bin\\\\HostX64\\\\x64\\\\cl.exe\" \"-nologo\" \"-MD\" \"-Z7\" \"-Brepro\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\generated-include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\include\" \"-I\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\third_party\\\\s2n-bignum\\\\include\" \"-W4\" \"-DBORINGSSL_IMPLEMENTATION=1\" \"-DBORINGSSL_PREFIX=aws_lc_0_23_0\" \"-WX\" \"-FoD:\\\\Programming\\\\RustroverProjects\\\\testing-aws-lc-rs\\\\target\\\\debug\\\\build\\\\aws-lc-sys-133c3d3173e1a4dc\\\\out\\\\out-c11\\\\56208fb35cfa499a-c11.o\" \"-c\" \"D:\\\\Programming\\\\RustroverProjects\\\\aws-lc-rs\\\\aws-lc-sys\\\\aws-lc\\\\tests\\\\compiler_features_tests\\\\c11.c\" with args cl.exe did not execute successfully (status code exit code: 2)." }).
  cargo:rerun-if-env-changed=CC
  cargo:rerun-if-env-changed=CXX
  cargo:warning=Setting CFLAGS: "-nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0"
  cargo:rerun-if-env-changed=CMAKE_TOOLCHAIN_FILE
  cargo:rerun-if-env-changed=CMAKE_TOOLCHAIN_FILE_x86_64_pc_windows_msvc
  cargo:warning=!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  cargo:warning=!!!   Using pre-built NASM binaries   !!!
  cargo:warning=!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  CMAKE_TOOLCHAIN_FILE_x86_64-pc-windows-msvc = None
  CMAKE_TOOLCHAIN_FILE_x86_64_pc_windows_msvc = None
  HOST_CMAKE_TOOLCHAIN_FILE = None
  CMAKE_TOOLCHAIN_FILE = None
  CMAKE_GENERATOR_x86_64-pc-windows-msvc = None
  CMAKE_GENERATOR_x86_64_pc_windows_msvc = None
  HOST_CMAKE_GENERATOR = None
  CMAKE_GENERATOR = None
  CMAKE_PREFIX_PATH_x86_64-pc-windows-msvc = None
  CMAKE_PREFIX_PATH_x86_64_pc_windows_msvc = None
  HOST_CMAKE_PREFIX_PATH = None
  CMAKE_PREFIX_PATH = None
  CMAKE_x86_64-pc-windows-msvc = None
  CMAKE_x86_64_pc_windows_msvc = None
  HOST_CMAKE = None
  CMAKE = Some("cmake")
  running: "cmake" "D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys" "-G" "Visual Studio 17 2022" "-Thost=x64" "-Ax64" "-DBUILD_SHARED_LIBS=0" "-DCMAKE_BUILD_TYPE=debug" "-DBORINGSSL_PREFIX=aws_lc_0_23_0_" "-DBORINGSSL_PREFIX_HEADERS=D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include" "-DBUILD_TESTING=OFF" "-DBUILD_LIBSSL=OFF" "-DDISABLE_PERL=ON" "-DDISABLE_GO=ON" "-DCMAKE_ASM_NASM_COMPILER=D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/builder/prebuilt-nasm.bat" "-DCMAKE_INSTALL_PREFIX=D:\\Programming\\RustroverProjects\\testing-aws-lc-rs\\target\\debug\\build\\aws-lc-sys-133c3d3173e1a4dc\\out" "-DCMAKE_C_FLAGS= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_C_FLAGS_DEBUG= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_CXX_FLAGS= -nologo -MD -Brepro" "-DCMAKE_CXX_FLAGS_DEBUG= -nologo -MD -Brepro" "-DCMAKE_ASM_FLAGS= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "-DCMAKE_ASM_FLAGS_DEBUG= -nologo -MD -Brepro -nologo -MD -Z7 -Brepro -std:c99 -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\generated-include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\include -I D:\\Programming\\RustroverProjects\\aws-lc-rs\\aws-lc-sys\\aws-lc\\third_party\\s2n-bignum\\include -W4 -DBORINGSSL_IMPLEMENTATION=1 -DBORINGSSL_PREFIX=aws_lc_0_23_0" "--no-warn-unused-cli"
  Not searching for unused variables given on the command line.
  -- Selecting Windows SDK version 10.0.22621.0 to target Windows 10.0.22631.
  -- Configuring incomplete, errors occurred!
  --- stderr
  CMake Deprecation Warning at CMakeLists.txt:4 (cmake_minimum_required):
    Compatibility with CMake < 3.10 will be removed from a future version of
    CMake.
    Update the VERSION argument <min> value or use a ...<max> suffix to tell
    CMake that the project does not need compatibility with older versions.
  CMake Error at CMakeLists.txt:20 (add_subdirectory):
    The source directory
      D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/aws-lc
    does not contain a CMakeLists.txt file.
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:37 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:46 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:55 (set_my_target_properties)
  CMake Error at CMakeLists.txt:10 (set_target_properties):
    set_target_properties Can not find target to add properties to: crypto
  Call Stack (most recent call first):
    CMakeLists.txt:59 (set_my_target_properties)
  thread 'main' panicked at C:\Users\User\.cargo\registry\src\index.crates.io-6f17d22bba15001f\cmake-0.1.51\src/lib.rs:1100:5:
  command did not execute successfully, got: exit code: 1
  build script failed, must exit now
  stack backtrace:
     0: std::panicking::begin_panic_handler
               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library/std\src\panicking.rs:662
     1: core::panicking::panic_fmt
               at /rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library/core\src\panicking.rs:74
     2: cmake::find_exe::{{closure}}
     3: <cmake::Version as core::default::Default>::default
     4: cmake::Config::build
     5: build_script_main::cmake_builder::CmakeBuilder::new
     6: <build_script_main::cmake_builder::CmakeBuilder as build_script_main::Builder>::build
     7: build_script_main::is_crt_static
     8: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

I somehow even get an error when trying to compile Test rustls or rusttls-cli-bench directly (git at v1.11.0)
(bogo and ech-client compiled successfully though):

Errors building Test rustls 
C:/Users/User/.cargo/bin/cargo.exe --version
cargo 1.82.0 (8f40fc59f 2024-08-21)

C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\bin\rustc.exe --version
rustc 1.82.0 (f6e511eec 2024-10-15)

C:/Users/User/.cargo/bin/cargo.exe test --color=always --message-format=json-diagnostic-rendered-ansi --no-run --workspace --profile test
   Compiling rustls-ci-bench v0.0.1 (D:\Programming\RustroverProjects\rustls\ci-bench)
error[E0432]: unresolved import `std::os::fd`
   --> ci-bench\src/main.rs:6:14
    |
6   | use std::os::fd::{AsRawFd, FromRawFd};
    |              ^^ could not find `fd` in `os`
    |
note: found an item that was configured out
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\os\mod.rs:160:9
    |
160 | pub mod fd;
    |         ^^
note: the item is gated here
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\os\mod.rs:159:1
    |
159 | #[cfg(any(unix, target_os = "hermit", target_os = "wasi", doc))]
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error[E0599]: no function or associated item named `from_raw_fd` found for struct `File` in the current scope
   --> ci-bench\src/main.rs:151:44
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) };
    |                                            ^^^^^^^^^^^ function or associated item not found in `File`
    |
note: if you're trying to build a new `File` consider using one of the following associated functions:
      File::open
      File::create
      File::create_new
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\fs.rs:374:5
    |
374 |     pub fn open<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
403 |     pub fn create<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
437 |     pub fn create_new<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: there is an associated function `from_raw_handle` with a similar name
    |
151 |             let mut stdin = unsafe { File::from_raw_handle(stdin_lock.as_raw_fd()) };
    |                                            ~~~~~~~~~~~~~~~

error[E0599]: no method named `as_raw_fd` found for struct `StdinLock` in the current scope
   --> ci-bench\src/main.rs:151:67
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) };
    |                                                                   ^^^^^^^^^
    |
help: there is a method `as_raw_handle` with a similar name
    |
151 |             let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_handle()) };
    |                                                                   ~~~~~~~~~~~~~

error[E0599]: no function or associated item named `from_raw_fd` found for struct `File` in the current scope
   --> ci-bench\src/main.rs:152:45
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) };
    |                                             ^^^^^^^^^^^ function or associated item not found in `File`
    |
note: if you're trying to build a new `File` consider using one of the following associated functions:
      File::open
      File::create
      File::create_new
   --> C:\Users\User\.rustup\toolchains\stable-x86_64-pc-windows-msvc\lib/rustlib/src/rust\library\std\src\fs.rs:374:5
    |
374 |     pub fn open<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
403 |     pub fn create<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
437 |     pub fn create_new<P: AsRef<Path>>(path: P) -> io::Result<File> {
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: there is an associated function `from_raw_handle` with a similar name
    |
152 |             let mut stdout = unsafe { File::from_raw_handle(stdout_lock.as_raw_fd()) };
    |                                             ~~~~~~~~~~~~~~~

error[E0599]: no method named `as_raw_fd` found for struct `StdoutLock` in the current scope
   --> ci-bench\src/main.rs:152:69
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) };
    |                                                                     ^^^^^^^^^
    |
help: there is a method `as_raw_handle` with a similar name
    |
152 |             let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_handle()) };
    |                                                                     ~~~~~~~~~~~~~

error: aborting due to 5 previous errors

Some errors have detailed explanations: E0432, E0599.
For more information about an error, try `rustc --explain E0432`.
error: could not compile `rustls-ci-bench` (bin "rustls-ci-bench" test) due to 6 previous errors
Process finished with exit code 101

@justsmth
Copy link
Contributor

justsmth commented Nov 20, 2024
edited
Loading 

...
The source directory
      D:/Programming/RustroverProjects/aws-lc-rs/aws-lc-sys/aws-lc
    does not contain a CMakeLists.txt file.
...

This looks like the error I get when I forget to initialize the git submodules. (The Makefile in our project has some convenient targets for doing this.)

Thanks for the response. I'll take a closer look at this tomorrow.

@ctz
Copy link

ctz commented Nov 20, 2024

Compiling rustls-ci-bench v0.0.1 (D:\Programming\RustroverProjects\rustls\ci-bench)

This is part of rustls's performance CI infrastructure, and is not intended to be portable to platforms other than linux.

@0blu
Copy link
Author

0blu commented Nov 21, 2024

initialize the git submodules

Thanks, I somehow missed that.
I ran a quick sanity check and it seems to work

Using my test project with aws-lc-rs as a folder reference (like above), I was able to successfully run it under Windows 7.

The previous code in this repo used RtlGenRandom aka advapi32!SystemFunction036, which according to Microsoft should never be used.
So I hacked an proof of concept with bcrypt!BCryptGenRandom together.

The patch that I've used 
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
--- a/crypto/rand_extra/windows.c	(revision 745359e8569fdafa8897ac2fffdfd0fdcf620563)
+++ b/crypto/rand_extra/windows.c	(date 1732146659715)
@@ -24,6 +24,11 @@
 OPENSSL_MSVC_PRAGMA(warning(push, 3))
 
 #include <windows.h>
+#include <bcrypt.h>
+
+#ifndef NT_SUCCESS
+#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
+#endif
 
 #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
     !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
@@ -56,17 +61,44 @@
 
 #else
 
-// See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng
-typedef BOOL (WINAPI *ProcessPrngFunction)(PBYTE pbData, SIZE_T cbData);
-static ProcessPrngFunction g_processprng_fn = NULL;
+typedef NTSTATUS (WINAPI *BCryptGenRandomFunction)(
+_In_opt_                        BCRYPT_ALG_HANDLE   hAlgorithm,
+_Out_writes_bytes_(cbBuffer)    PUCHAR  pbBuffer,
+_In_                            ULONG   cbBuffer,
+_In_                            ULONG   dwFlags
+);
+static BCryptGenRandomFunction g_BCryptGenRandom_fn = NULL;
+static BCRYPT_ALG_HANDLE g_bcrypt_algorithm = NULL;
 
 static void init_processprng(void) {
-  HMODULE hmod = LoadLibraryW(L"bcryptprimitives");
-  if (hmod == NULL) {
+  HMODULE hmod = LoadLibraryW(L"bcrypt.dll");
+  if (hmod == NULL)
+  {
     abort();
   }
-  g_processprng_fn = (ProcessPrngFunction)(void(*)(void))GetProcAddress(hmod, "ProcessPrng");
-  if (g_processprng_fn == NULL) {
+
+  g_BCryptGenRandom_fn = (BCryptGenRandomFunction)GetProcAddress(hmod, "BCryptGenRandom");
+  if (g_BCryptGenRandom_fn == NULL)
+  {
+    abort();
+  }
+
+  typedef NTSTATUS (WINAPI *BCryptOpenAlgorithmProviderFunction)(
+    _Out_       BCRYPT_ALG_HANDLE   *phAlgorithm,
+    _In_z_      LPCWSTR pszAlgId,
+    _In_opt_z_  LPCWSTR pszImplementation,
+    _In_        ULONG   dwFlags
+  );
+
+  BCryptOpenAlgorithmProviderFunction algoFunc = (BCryptOpenAlgorithmProviderFunction)GetProcAddress(hmod, "BCryptOpenAlgorithmProvider");
+  if (algoFunc == NULL)
+  {
+    abort();
+  }
+
+  NTSTATUS status = algoFunc(&g_bcrypt_algorithm, BCRYPT_RNG_ALGORITHM, NULL, 0);
+  if (!NT_SUCCESS(status))
+  {
     abort();
   }
 }
@@ -78,11 +110,11 @@
 
 void CRYPTO_sysrand(uint8_t *out, size_t requested) {
   CRYPTO_init_sysrand();
-  // On non-UWP configurations, use ProcessPrng instead of BCryptGenRandom
-  // to avoid accessing resources that may be unavailable inside the
-  // Chromium sandbox. See https://crbug.com/74242
-  if (!g_processprng_fn(out, requested)) {
-    abort();
+
+  NTSTATUS status = g_BCryptGenRandom_fn(g_bcrypt_algorithm, out, (ULONG)requested, 0);
+  if (!NT_SUCCESS(status))
+  {
+      abort();
   }
 }

Maybe it's possible to clean this up a bit and put it behind a conditional #if directive (when targeting older windows).

@justsmth
Copy link
Contributor

Thanks for the patch!

Since this involves very security sensitive logic (i.e., entropy/randomness), it will take some time for us to consider it. As you indicated, in the end this change will likely be guarded by an #if directive as to only impact older Windows versions. I'll see if we can get this change through. We'll update you here when progress is made.

@torben-hansen
Copy link
Contributor

torben-hansen commented Dec 30, 2024
edited
Loading

Could one decide the code-path at compile-time? That is, if on Windows 7, then specifically compile the BCryptGenRandom() path. Windows 7 is far EOL, so I don't think that will create any sandbox issues.

Maybe this _WIN32_WINNT <= _WIN32_WINNT_WIN7 is sufficient per https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers

diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.c
index d1cacf1b8..1c494145d 100644
--- a/crypto/rand_extra/windows.c
+++ b/crypto/rand_extra/windows.c
@@ -25,16 +25,18 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 
 #include <windows.h>

#if defined(_WIN32_WINNT) && _WIN32_WINNT <= _WIN32_WINNT_WIN7
#define AWSLC_WINDOWS_7_COMPAT
#endif
 
-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
-    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#if (defined(AWSLC_WINDOWS_7_COMPAT) || \
+    (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
 #include <bcrypt.h>
 OPENSSL_MSVC_PRAGMA(comment(lib, "bcrypt.lib"))
 #endif  // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP
 
 OPENSSL_MSVC_PRAGMA(warning(pop))
 
-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
-    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#if (defined(AWSLC_WINDOWS_7_COMPAT) || \
+    (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+    !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
 
 void CRYPTO_init_sysrand(void) {}

I don't have a Win 7 on hand. Can you check if you have a test system set up already?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@torben-hansen torben-hansen

@justsmth justsmth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ctz @0blu @torben-hansen @justsmth