Skip to content

Windows: Check return value of ProcessPrng. #811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
newpavlov merged 1 commit into from
Feb 18, 2026
+30 −5
Merged

Windows: Check return value of ProcessPrng. #811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

[Unreleased]: https://github.com/rust-random/getrandom/compare/v0.4.1...master

### Fixed
- Check the return value of `ProcessPrng` on Windows [#811]

[#811]: https://github.com/rust-random/getrandom/pull/811

## [0.4.1] - 2026-02-03

### Fixed
Expand Down
26 changes: 21 additions & 5 deletions src/backends/windows.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,25 @@ const TRUE: BOOL = 1;
#[inline]
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
let result = unsafe { ProcessPrng(dest.as_mut_ptr().cast::<u8>(), dest.len()) };
// `ProcessPrng` is documented to always return TRUE. All potential errors are handled
// during loading of `BCryptPrimitive.dll`. See the "Process base PRNG" section
// in the aforementioned Windows RNG whitepaper for more information.
debug_assert!(result == TRUE);
Ok(())
// On Windows 10 and later, `ProcessPrng` is documented to always return
// TRUE. All potential errors are handled during loading of
// `BCryptPrimitive.dll`. See the "Process base PRNG" section in the
// aforementioned Windows RNG whitepaper for more information.
//
// The Zig project found that Windows 8 implements `ProcessPrng` in a way
// that may fail and return a value other than `TRUE`. Although recent
// versions of the Rust toolchain do not support Windows 8, we cannot rule
// out this backend being used in an executable that will run on Windows 8
// (e.g. a fork of this crate backported to have an MSRV lower than 1.76,
// or a fork of the Rust toolchain to support older Windows versions, or
// other build hacks).
//
// Further, Wine's implementation of `ProcessPrng` CAN fail, in every
// version through Wine 11.2, and this may be the case for any other Windows
// emulation layers.
if result == TRUE {
Ok(())
} else {
Err(Error::UNEXPECTED)
}
}