diff options
author | Cloudmersive <35204726+Cloudmersive@users.noreply.github.com> | 2019-11-29 21:20:28 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2020-01-15 00:45:54 +0100 |
commit | a8b6ff5763ea85f124e6d2be962d0ed34586b7f8 (patch) | |
tree | 43de606204734d50996677475974bb3e1e0f8743 /libqpdf/SecureRandomDataProvider.cc | |
parent | 73a0e3a9323123feb4f6edaead565def0dc3d818 (diff) | |
download | qpdf-a8b6ff5763ea85f124e6d2be962d0ed34586b7f8.tar.zst |
Fix for Windows unable to acquire crypt context with new keyset (fixes #387)
Fix is based on guidance
https://support.microsoft.com/en-us/help/238187/cryptacquirecontext-use-and-troubleshooting
and is the proper fix for #285/#286
Diffstat (limited to 'libqpdf/SecureRandomDataProvider.cc')
-rw-r--r-- | libqpdf/SecureRandomDataProvider.cc | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/libqpdf/SecureRandomDataProvider.cc b/libqpdf/SecureRandomDataProvider.cc index 86fb3752..fe2c93f9 100644 --- a/libqpdf/SecureRandomDataProvider.cc +++ b/libqpdf/SecureRandomDataProvider.cc @@ -46,7 +46,7 @@ class WindowsCryptProvider "Container", NULL, PROV_RSA_FULL, - 0)) + CRYPT_MACHINE_KEYSET)) { #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \ defined(__clang__)) @@ -56,28 +56,46 @@ class WindowsCryptProvider # pragma GCC diagnostic ignored "-Wsign-conversion" #endif if (GetLastError() == NTE_BAD_KEYSET) -#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \ - defined(__clang__)) -# pragma GCC diagnostic pop -#endif { if (! CryptAcquireContext(&crypt_prov, "Container", NULL, PROV_RSA_FULL, - CRYPT_NEWKEYSET)) + CRYPT_NEWKEYSET|CRYPT_MACHINE_KEYSET)) { throw std::runtime_error( "unable to acquire crypt context with new keyset: " + getErrorMessage()); } } + else if (GetLastError() == NTE_EXISTS) + { + throw std::runtime_error( + "unable to acquire crypt context; the key container" + " already exists, but you are attempting to create it." + " If a previous attempt to open the key failed with" + " NTE_BAD_KEYSET, it implies that access to the key" + " container is denied. Error: " + getErrorMessage()); + } + else if (GetLastError() == NTE_KEYSET_NOT_DEF) + { + throw std::runtime_error( + "unable to acquire crypt context; the Crypto Service" + " Provider (CSP) may not be set up correctly. Use of" + " Regsvr32.exe on CSP DLLs (Rsabase.dll or Rsaenh.dll)" + " may fix the problem, depending on the provider being" + " used. Error: " + getErrorMessage()); + } else { throw std::runtime_error( "unable to acquire crypt context: " + getErrorMessage()); } +#if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || \ + defined(__clang__)) +# pragma GCC diagnostic pop +#endif } } ~WindowsCryptProvider() |