libtom
CryptAcquireContextW and CryptGenRandom are deprecated
On Windows libtommath uses CryptAcquireContextW and CryptGenRandom to generate random numbers.
According to the documentation here and here both functions are deprecated.
Important This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
In fact, I'm opening this issue, because I failed to compile libtommath for UWP where those functions were already removed.
libtomcrypt should probably replace the deprecated functions with the mentioned Cryptography Next Generation API.
I found this code
#include <Windows.h>
#include <bcrypt.h>
#include <stdio.h>
#pragma comment(lib, "Bcrypt")
void func(void) {
BCRYPT_ALG_HANDLE Prov;
int Buffer;
if (!BCRYPT_SUCCESS(
BCryptOpenAlgorithmProvider(&Prov, BCRYPT_RNG_ALGORITHM,
NULL, 0))) {
/* handle error */
}
if (!BCRYPT_SUCCESS(BCryptGenRandom(Prov, (PUCHAR) (&Buffer),
sizeof(Buffer), 0))) {
/* handle error */
}
printf("Random number: %d\n", Buffer);
BCryptCloseAlgorithmProvider(Prov, 0);
}
which uses BCryptOpenAlgorithmProvider and BCryptGenRandom, which are supposedly not deprecated.
The only problem could be, that this functions need at least Windows Vista.
The documentation for BCryptOpenAlgorithmProvider states
Because of the number and type of operations that are required to find, load, and initialize an algorithm provider, the BCryptOpenAlgorithmProvider function is a relatively time intensive function. Because of this, we recommend that you cache any algorithm provider handles that you will use more than once, rather than opening and closing the algorithm providers over and over.
That's probably why the existing implementation stores the CryptAcquireContextW handle in a static variable. Unfortunately, libtommath doesn't provide a way to release this handle and it will just leak.
btw. feel free to open a PR with the appropriate changes. CI will take care if it builds but I won't have the possibility to test it.
