- Bug #55169, improve fix, allow non interactive user, hash-like ops only usage

diff --git a/win32/winutil.c b/win32/winutil.c
index c6ec942969a507f4637bf9fb25f0c2a685216dac..9300fae93488e98ae58f3b119f5ef65ad14f1b1c 100644 (file)
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -87,11 +87,14 @@ PHPAPI int php_win32_get_random_bytes(unsigned char *buf, size_t size) {  /* {{{
 #endif
 
        if (has_crypto_ctx == 0) {
-               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+               /* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */
+               if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
                        /* Could mean that the key container does not exist, let try 
-                                again by asking for a new one */
+                          again by asking for a new one. If it fails here, it surely means that the user running 
+               this process does not have the permission(s) to use this container.
+             */
                        if (GetLastError() == NTE_BAD_KEYSET) {
-                               if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+                               if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) {
                                        has_crypto_ctx = 1;
                                } else {
                                        has_crypto_ctx = 0;