RNG_SystemRNG should fail rather than falling back on rng_systemFromNoise

nss/lib/freebl/win_rand.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "secrng.h"
 #include "secerr.h"
 
 #ifdef XP_WIN
 #include <windows.h>
 #include <shlobj.h>     /* for CSIDL constants */
@@ skipping 349 matching lines @@
 
         fclose(file);
     }
 
     nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
     RNG_RandomUpdate(buffer, nBytes);
 }
 
 
 /*
- * CryptoAPI requires Windows NT 4.0 or Windows 95 OSR2 and later.
- * Until we drop support for Windows 95, we need to emulate some
- * definitions and declarations in <wincrypt.h> and look up the
- * functions in advapi32.dll at run time.
- */
-
-#ifndef WIN64
-typedef unsigned long HCRYPTPROV;
-#endif
-
-#define CRYPT_VERIFYCONTEXT 0xF0000000
-
-#define PROV_RSA_FULL 1
-
-typedef BOOL
-(WINAPI *CryptAcquireContextAFn)(
-    HCRYPTPROV *phProv,
-    LPCSTR pszContainer,
-    LPCSTR pszProvider,
-    DWORD dwProvType,
-    DWORD dwFlags);
-
-typedef BOOL
-(WINAPI *CryptReleaseContextFn)(
-    HCRYPTPROV hProv,
-    DWORD dwFlags);
-
-typedef BOOL
-(WINAPI *CryptGenRandomFn)(
-    HCRYPTPROV hProv,
-    DWORD dwLen,
-    BYTE *pbBuffer);
-
-/*
  * Windows XP and Windows Server 2003 and later have RtlGenRandom,
  * which must be looked up by the name SystemFunction036.
  */
 typedef BOOLEAN
 (APIENTRY *RtlGenRandomFn)(
     PVOID RandomBuffer,
     ULONG RandomBufferLength);
 
 size_t RNG_SystemRNG(void *dest, size_t maxLen)
 {
     HMODULE hModule;
     RtlGenRandomFn pRtlGenRandom;
-    CryptAcquireContextAFn pCryptAcquireContextA;
-    CryptReleaseContextFn pCryptReleaseContext;
-    CryptGenRandomFn pCryptGenRandom;
-    HCRYPTPROV hCryptProv;
     size_t bytes = 0;
 
     usedWindowsPRNG = PR_FALSE;
     hModule = LoadLibrary("advapi32.dll");
     if (hModule == NULL) {
-        return rng_systemFromNoise(dest,maxLen);
+        return bytes;

[wtc, 2013/06/17 23:04:17]

Note that I am not calling abort() in this function.

In my testing with upstream NSS, making RNG_SystemRNG fail
(return 0) is enough to cause subsequent attempts to use NSS
to fail.

     }
     pRtlGenRandom = (RtlGenRandomFn)
         GetProcAddress(hModule, "SystemFunction036");
-    if (pRtlGenRandom) {
-        if (pRtlGenRandom(dest, maxLen)) {
-            bytes = maxLen;
-            usedWindowsPRNG = PR_TRUE;
-        } else {
-            bytes = rng_systemFromNoise(dest,maxLen);
-        }
-        goto done;
+    if (pRtlGenRandom && pRtlGenRandom(dest, maxLen)) {
+        bytes = maxLen;
+        usedWindowsPRNG = PR_TRUE;
     }
-    pCryptAcquireContextA = (CryptAcquireContextAFn)
-        GetProcAddress(hModule, "CryptAcquireContextA");
-    pCryptReleaseContext = (CryptReleaseContextFn)
-        GetProcAddress(hModule, "CryptReleaseContext");
-    pCryptGenRandom = (CryptGenRandomFn)
-        GetProcAddress(hModule, "CryptGenRandom");
-    if (!pCryptAcquireContextA || !pCryptReleaseContext || !pCryptGenRandom) {
-        bytes = rng_systemFromNoise(dest,maxLen);
-        goto done;
-    }
-    if (pCryptAcquireContextA(&hCryptProv, NULL, NULL,
-        PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-        if (pCryptGenRandom(hCryptProv, maxLen, dest)) {
-            bytes = maxLen;
-            usedWindowsPRNG = PR_TRUE;
-        }
-        pCryptReleaseContext(hCryptProv, 0);
-    }
-    if (bytes == 0) {
-        bytes = rng_systemFromNoise(dest,maxLen);
-    }
-done:
     FreeLibrary(hModule);
     return bytes;
 }
 #endif  /* is XP_WIN */