diff options
| author | bcook <> | 2020-11-11 10:41:24 +0000 |
|---|---|---|
| committer | bcook <> | 2020-11-11 10:41:24 +0000 |
| commit | 67b0b0fea7b4c43054272382d50a6ec671cac01d (patch) | |
| tree | 6e39821fe91175a74e8235d5b7151fb7bd3185a2 | |
| parent | 56b49e899e4fa59a89ce717d1b8aababf4a8604c (diff) | |
| download | openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.tar.gz openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.tar.bz2 openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.zip | |
Update getentropy on Windows to use Cryptography Next Generation (CNG).
wincrypt is deprecated and no longer works with newer Windows environments,
such as in Windows Store apps.
| -rw-r--r-- | src/lib/libcrypto/arc4random/getentropy_win.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/src/lib/libcrypto/arc4random/getentropy_win.c b/src/lib/libcrypto/arc4random/getentropy_win.c index 2abeb27bc6..64514b3a37 100644 --- a/src/lib/libcrypto/arc4random/getentropy_win.c +++ b/src/lib/libcrypto/arc4random/getentropy_win.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ | 1 | /* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> | 4 | * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> |
| @@ -21,39 +21,30 @@ | |||
| 21 | */ | 21 | */ |
| 22 | 22 | ||
| 23 | #include <windows.h> | 23 | #include <windows.h> |
| 24 | #include <bcrypt.h> | ||
| 24 | #include <errno.h> | 25 | #include <errno.h> |
| 25 | #include <stdint.h> | 26 | #include <stdint.h> |
| 26 | #include <sys/types.h> | 27 | #include <sys/types.h> |
| 27 | #include <wincrypt.h> | ||
| 28 | #include <process.h> | ||
| 29 | 28 | ||
| 30 | int getentropy(void *buf, size_t len); | 29 | int getentropy(void *buf, size_t len); |
| 31 | 30 | ||
| 32 | /* | 31 | /* |
| 33 | * On Windows, CryptGenRandom is supposed to be a well-seeded | 32 | * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed |
| 34 | * cryptographically strong random number generator. | 33 | * to be a well-seeded, cryptographically strong random number generator. |
| 34 | * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom | ||
| 35 | */ | 35 | */ |
| 36 | int | 36 | int |
| 37 | getentropy(void *buf, size_t len) | 37 | getentropy(void *buf, size_t len) |
| 38 | { | 38 | { |
| 39 | HCRYPTPROV provider; | ||
| 40 | |||
| 41 | if (len > 256) { | 39 | if (len > 256) { |
| 42 | errno = EIO; | 40 | errno = EIO; |
| 43 | return (-1); | 41 | return (-1); |
| 44 | } | 42 | } |
| 45 | 43 | ||
| 46 | if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, | 44 | if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { |
| 47 | CRYPT_VERIFYCONTEXT) == 0) | 45 | errno = EIO; |
| 48 | goto fail; | 46 | return (-1); |
| 49 | if (CryptGenRandom(provider, len, buf) == 0) { | ||
| 50 | CryptReleaseContext(provider, 0); | ||
| 51 | goto fail; | ||
| 52 | } | 47 | } |
| 53 | CryptReleaseContext(provider, 0); | ||
| 54 | return (0); | ||
| 55 | 48 | ||
| 56 | fail: | 49 | return (0); |
| 57 | errno = EIO; | ||
| 58 | return (-1); | ||
| 59 | } | 50 | } |