diff options
| author | bcook <> | 2020-11-11 10:41:24 +0000 |
|---|---|---|
| committer | bcook <> | 2020-11-11 10:41:24 +0000 |
| commit | 67b0b0fea7b4c43054272382d50a6ec671cac01d (patch) | |
| tree | 6e39821fe91175a74e8235d5b7151fb7bd3185a2 /src/lib | |
| parent | 56b49e899e4fa59a89ce717d1b8aababf4a8604c (diff) | |
| download | openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.tar.gz openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.tar.bz2 openbsd-67b0b0fea7b4c43054272382d50a6ec671cac01d.zip | |
Update getentropy on Windows to use Cryptography Next Generation (CNG).
wincrypt is deprecated and no longer works with newer Windows environments,
such as in Windows Store apps.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/arc4random/getentropy_win.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/src/lib/libcrypto/arc4random/getentropy_win.c b/src/lib/libcrypto/arc4random/getentropy_win.c index 2abeb27bc6..64514b3a37 100644 --- a/src/lib/libcrypto/arc4random/getentropy_win.c +++ b/src/lib/libcrypto/arc4random/getentropy_win.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ | 1 | /* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> | 4 | * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> |
| @@ -21,39 +21,30 @@ | |||
| 21 | */ | 21 | */ |
| 22 | 22 | ||
| 23 | #include <windows.h> | 23 | #include <windows.h> |
| 24 | #include <bcrypt.h> | ||
| 24 | #include <errno.h> | 25 | #include <errno.h> |
| 25 | #include <stdint.h> | 26 | #include <stdint.h> |
| 26 | #include <sys/types.h> | 27 | #include <sys/types.h> |
| 27 | #include <wincrypt.h> | ||
| 28 | #include <process.h> | ||
| 29 | 28 | ||
| 30 | int getentropy(void *buf, size_t len); | 29 | int getentropy(void *buf, size_t len); |
| 31 | 30 | ||
| 32 | /* | 31 | /* |
| 33 | * On Windows, CryptGenRandom is supposed to be a well-seeded | 32 | * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed |
| 34 | * cryptographically strong random number generator. | 33 | * to be a well-seeded, cryptographically strong random number generator. |
| 34 | * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom | ||
| 35 | */ | 35 | */ |
| 36 | int | 36 | int |
| 37 | getentropy(void *buf, size_t len) | 37 | getentropy(void *buf, size_t len) |
| 38 | { | 38 | { |
| 39 | HCRYPTPROV provider; | ||
| 40 | |||
| 41 | if (len > 256) { | 39 | if (len > 256) { |
| 42 | errno = EIO; | 40 | errno = EIO; |
| 43 | return (-1); | 41 | return (-1); |
| 44 | } | 42 | } |
| 45 | 43 | ||
| 46 | if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, | 44 | if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { |
| 47 | CRYPT_VERIFYCONTEXT) == 0) | 45 | errno = EIO; |
| 48 | goto fail; | 46 | return (-1); |
| 49 | if (CryptGenRandom(provider, len, buf) == 0) { | ||
| 50 | CryptReleaseContext(provider, 0); | ||
| 51 | goto fail; | ||
| 52 | } | 47 | } |
| 53 | CryptReleaseContext(provider, 0); | ||
| 54 | return (0); | ||
| 55 | 48 | ||
| 56 | fail: | 49 | return (0); |
| 57 | errno = EIO; | ||
| 58 | return (-1); | ||
| 59 | } | 50 | } |