src/windows.rs - platform/external/rust/crates/getrandom - Git at Google

 //! Implementation for Windows
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit, num::NonZeroU32, ptr};

 const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;

 #[link(name = "bcrypt")]
 extern "system" {
     fn BCryptGenRandom(
         hAlgorithm: *mut c_void,
         pBuffer: *mut u8,
         cbBuffer: u32,
         dwFlags: u32,
     ) -> u32;
 }

 // Forbidden when targetting UWP
 #[cfg(not(target_vendor = "uwp"))]
 #[link(name = "advapi32")]
 extern "system" {
     #[link_name = "SystemFunction036"]
     fn RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u8;
 }

 pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // Prevent overflow of u32
     for chunk in dest.chunks_mut(u32::max_value() as usize) {
         // BCryptGenRandom was introduced in Windows Vista
         let ret = unsafe {
             BCryptGenRandom(
                 ptr::null_mut(),
                 chunk.as_mut_ptr() as *mut u8,
                 chunk.len() as u32,
                 BCRYPT_USE_SYSTEM_PREFERRED_RNG,
             )
         };
         // NTSTATUS codes use the two highest bits for severity status.
         if ret >> 30 == 0b11 {
             // Failed. Try RtlGenRandom as a fallback.
             #[cfg(not(target_vendor = "uwp"))]
             {
                 let ret =
                     unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };
                 if ret != 0 {
                     continue;
                 }
             }
             // We zeroize the highest bit, so the error code will reside
             // inside the range designated for OS codes.
             let code = ret ^ (1 << 31);
             // SAFETY: the second highest bit is always equal to one,
             // so it's impossible to get zero. Unfortunately the type
             // system does not have a way to express this yet.
             let code = unsafe { NonZeroU32::new_unchecked(code) };
             return Err(Error::from(code));
         }
     }
     Ok(())
 }
	//! Implementation for Windows
	use crate::Error;
	use core::{ffi::c_void, mem::MaybeUninit, num::NonZeroU32, ptr};

	const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;

	#[link(name = "bcrypt")]
	extern "system" {
	fn BCryptGenRandom(
	hAlgorithm: *mut c_void,
	pBuffer: *mut u8,
	cbBuffer: u32,
	dwFlags: u32,
	) -> u32;
	}

	// Forbidden when targetting UWP
	#[cfg(not(target_vendor = "uwp"))]
	#[link(name = "advapi32")]
	extern "system" {
	#[link_name = "SystemFunction036"]
	fn RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u8;
	}

	pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
	// Prevent overflow of u32
	for chunk in dest.chunks_mut(u32::max_value() as usize) {
	// BCryptGenRandom was introduced in Windows Vista
	let ret = unsafe {
	BCryptGenRandom(
	ptr::null_mut(),
	chunk.as_mut_ptr() as *mut u8,
	chunk.len() as u32,
	BCRYPT_USE_SYSTEM_PREFERRED_RNG,
	)
	};
	// NTSTATUS codes use the two highest bits for severity status.
	if ret >> 30 == 0b11 {
	// Failed. Try RtlGenRandom as a fallback.
	#[cfg(not(target_vendor = "uwp"))]
	{
	let ret =
	unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };
	if ret != 0 {
	continue;
	}
	}
	// We zeroize the highest bit, so the error code will reside
	// inside the range designated for OS codes.
	let code = ret ^ (1 << 31);
	// SAFETY: the second highest bit is always equal to one,
	// so it's impossible to get zero. Unfortunately the type
	// system does not have a way to express this yet.
	let code = unsafe { NonZeroU32::new_unchecked(code) };
	return Err(Error::from(code));
	}
	}
	Ok(())
	}