New build option to allow reuse of the windows crypt provider handle (WIN_REUSE_CRYPT_HANDLE). ZD 19754.

dgarske · dgarske · commit 785c17432db0 · 2025-04-23T14:12:27.000-07:00
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -567,6 +567,7 @@ WC_STRICT_SIG
 WC_WANT_FLAG_DONT_USE_AESNI
 WC_XMSS_FULL_HASH
 WIFI_AVAILABLE
+WIN_REUSE_CRYPT_HANDLE
 WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
 WOLFSENTRY_H
 WOLFSENTRY_NO_JSON
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
@@ -2711,6 +2711,10 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 #elif defined(USE_WINDOWS_API)
 
+#ifdef WIN_REUSE_CRYPT_HANDLE
+static ProviderHandle gHandle;
+#endif
+
 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 {
 #ifdef WOLF_CRYPTO_CB
@@ -2741,14 +2745,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
     #endif /* HAVE_INTEL_RDSEED */
 
+#ifdef WIN_REUSE_CRYPT_HANDLE
+    if (gHandle == 0) {
+        if(!CryptAcquireContext(&gHandle, 0, 0, PROV_RSA_FULL,
+                                CRYPT_VERIFYCONTEXT))
+            return WINCRYPT_E;
+    }
+    os->handle = gHandle;
+#else
     if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
                             CRYPT_VERIFYCONTEXT))
         return WINCRYPT_E;
+#endif
 
     if (!CryptGenRandom(os->handle, sz, output))
         return CRYPTGEN_E;
 
+#ifndef WIN_REUSE_CRYPT_HANDLE
     CryptReleaseContext(os->handle, 0);
+    os->handle = 0;
+#endif
 
     return 0;
 }
