diff options
author | Mat <mberchtold@gmail.com> | 2016-05-29 20:23:22 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-06-03 12:18:59 -0400 |
commit | fa64e63373fbc845a39907407ad990a6bbb84174 (patch) | |
tree | ad712508584beddeab05de5b4f23d98d27f8671e /crypto | |
parent | 49c2a00d1427b84bd851125740f493d1822e6fbc (diff) | |
download | openssl-fa64e63373fbc845a39907407ad990a6bbb84174.tar.gz |
Use BCryptGenRandom on Windows 7 or higher
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.
This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rand/rand_win.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 46cbe1494c..2ddac8a0f8 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -13,27 +13,38 @@ #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # include <windows.h> -# ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 -# endif -# include <wincrypt.h> - +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 +# include <bcrypt.h> +# pragma comment(lib, "bcrypt.lib") +# else +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0400 +# endif +# include <wincrypt.h> /* * Intel hardware RNG CSP -- available from * http://developer.intel.com/design/security/rng/redist_license.htm */ -# define PROV_INTEL_SEC 22 -# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# define PROV_INTEL_SEC 22 +# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +# endif static void readtimer(void); int RAND_poll(void) { MEMORYSTATUS mst; +# if !(defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601) HCRYPTPROV hProvider = 0; +# endif DWORD w; BYTE buf[64]; +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 + if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == 0) { + RAND_add(buf, sizeof(buf), sizeof(buf)); + } +# else /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { @@ -50,6 +61,7 @@ int RAND_poll(void) } CryptReleaseContext(hProvider, 0); } +# endif /* timer data */ readtimer(); |