From 96b5e69889c9be2549a4d33bf98a2729fc067cb8 Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Tue, 12 Jul 2011 11:46:41 +0000
Subject: [PATCH] - Bug #55169, improve fix, allow non interactive user,
 hash-like ops only usage

---
 win32/winutil.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/win32/winutil.c b/win32/winutil.c
index f3043f50aae..a7a6922f64b 100644
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -87,11 +87,14 @@ PHPAPI int php_win32_get_random_bytes(unsigned char *buf, size_t size) {  /* {{{
 #endif
 
 	if (has_crypto_ctx == 0) {
-		if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
+		/* CRYPT_VERIFYCONTEXT > only hashing&co-like use, no need to acces prv keys */
+		if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_VERIFYCONTEXT )) {
 			/* Could mean that the key container does not exist, let try 
-				 again by asking for a new one */
+			   again by asking for a new one. If it fails here, it surely means that the user running 
+               this process does not have the permission(s) to use this container.
+             */
 			if (GetLastError() == NTE_BAD_KEYSET) {
-				if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
+				if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET | CRYPT_VERIFYCONTEXT )) {
 					has_crypto_ctx = 1;
 				} else {
 					has_crypto_ctx = 0;