Fix for Windows unable to acquire crypt context with new keyset (fixes #387)

Fix is based on guidance https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting and is the proper fix for #285/#286
author: Cloudmersive <35204726+Cloudmersive@users.noreply.github.com> 2019-11-29 21:20:28 +0100
committer: Jay Berkenbilt <ejb@ql.org> 2020-01-15 00:45:54 +0100
commit: a8b6ff5763ea85f124e6d2be962d0ed34586b7f8 (patch)
tree: 43de606204734d50996677475974bb3e1e0f8743 /libqpdf/SecureRandomDataProvider.cc
parent: 73a0e3a9323123feb4f6edaead565def0dc3d818 (diff)
download: qpdf-a8b6ff5763ea85f124e6d2be962d0ed34586b7f8.tar.zst
1 files changed, 24 insertions, 6 deletions
diff --git a/libqpdf/SecureRandomDataProvider.cc b/libqpdf/SecureRandomDataProvider.cc
index 86fb3752..fe2c93f9 100644
--- a/libqpdf/SecureRandomDataProvider.cc
+++ b/libqpdf/SecureRandomDataProvider.cc
@@ -46,7 +46,7 @@ class WindowsCryptProvider
                                  "Container",
                                  NULL,
                                  PROV_RSA_FULL,
-                                 0))
+                                 CRYPT_MACHINE_KEYSET))
         {
 #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
      defined(__clang__))
@@ -56,28 +56,46 @@ class WindowsCryptProvider
 #           pragma GCC diagnostic ignored "-Wsign-conversion"
 #endif
             if (GetLastError() == NTE_BAD_KEYSET)
-#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
-     defined(__clang__))
-#           pragma GCC diagnostic pop
-#endif
             {
                 if (! CryptAcquireContext(&crypt_prov,
                                           "Container",
                                           NULL,
                                           PROV_RSA_FULL,
-                                          CRYPT_NEWKEYSET))
+                                          CRYPT_NEWKEYSET|CRYPT_MACHINE_KEYSET))
                 {
                     throw std::runtime_error(
                         "unable to acquire crypt context with new keyset: " +
                         getErrorMessage());
                 }
             }
+            else if (GetLastError() == NTE_EXISTS)
+            {
+                throw std::runtime_error(
+                    "unable to acquire crypt context; the key container"
+                    " already exists, but you are attempting to create it."
+                    " If a previous attempt to open the key failed with"
+                    " NTE_BAD_KEYSET, it implies that access to the key"
+                    " container is denied. Error: " + getErrorMessage());
+            }
+            else if (GetLastError() == NTE_KEYSET_NOT_DEF)
+            {
+                throw std::runtime_error(
+                    "unable to acquire crypt context; the Crypto Service"
+                    " Provider (CSP) may not be set up correctly. Use of"
+                    " Regsvr32.exe on CSP DLLs (Rsabase.dll or Rsaenh.dll)"
+                    " may fix the problem, depending on the provider being"
+                    " used. Error: " + getErrorMessage());
+            }
             else
             {
                 throw std::runtime_error(
                     "unable to acquire crypt context: " +
                     getErrorMessage());
             }
+#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \
+     defined(__clang__))
+#           pragma GCC diagnostic pop
+#endif
         }
     }
     ~WindowsCryptProvider()
author	Cloudmersive <35204726+Cloudmersive@users.noreply.github.com>	2019-11-29 21:20:28 +0100
committer	Jay Berkenbilt <ejb@ql.org>	2020-01-15 00:45:54 +0100
commit	a8b6ff5763ea85f124e6d2be962d0ed34586b7f8 (patch)
tree	43de606204734d50996677475974bb3e1e0f8743 /libqpdf/SecureRandomDataProvider.cc
parent	73a0e3a9323123feb4f6edaead565def0dc3d818 (diff)
download	qpdf-a8b6ff5763ea85f124e6d2be962d0ed34586b7f8.tar.zst