#include <openssl/rand.h>
#include "rand_lcl.h"
-#if defined(WINDOWS) || defined(WIN32)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
#include <windows.h>
#ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0400
#include <wincrypt.h>
#include <tlhelp32.h>
+/* Limit the time spent walking through the heap, processes, threads and modules to
+ a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
+#define MAXDELAY 1000
+
/* Intel hardware RNG CSP -- available from
* http://developer.intel.com/design/security/rng/redist_license.htm
*/
#define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
+#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
static void readtimer(void);
static void readscreen(void);
#define CURSOR_SHOWING 0x00000001
#endif /* CURSOR_SHOWING */
-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
+#if !defined(OPENSSL_SYS_WINCE)
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
DWORD, DWORD);
typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
(LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
#endif /* 1 */
+#endif /* !OPENSSL_SYS_WINCE */
int RAND_poll(void)
{
MEMORYSTATUS m;
HCRYPTPROV hProvider = 0;
- BYTE buf[64];
DWORD w;
- HWND h;
-
- HMODULE advapi, kernel, user, netapi;
- CRYPTACQUIRECONTEXT acquire = 0;
- CRYPTGENRANDOM gen = 0;
- CRYPTRELEASECONTEXT release = 0;
-#if 1 /* There was previously a problem with NETSTATGET. Currently, this
- * section is still experimental, but if all goes well, this conditional
- * will be removed
- */
- NETSTATGET netstatget = 0;
- NETFREE netfree = 0;
-#endif /* 1 */
+ int good = 0;
/* Determine the OS version we are on so we can turn off things
* that do not work properly.
osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
GetVersionEx( &osverinfo ) ;
+#if defined(OPENSSL_SYS_WINCE)
+# if defined(_WIN32_WCE) && _WIN32_WCE>=300
+/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
+ * in commonly available implementations prior 300... */
+ {
+ BYTE buf[64];
+ /* poll the CryptoAPI PRNG */
+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT))
+ {
+ if (CryptGenRandom(hProvider, sizeof(buf), buf))
+ RAND_add(buf, sizeof(buf), sizeof(buf));
+ CryptReleaseContext(hProvider, 0);
+ }
+ }
+# endif
+#else /* OPENSSL_SYS_WINCE */
+ /*
+ * None of below libraries are present on Windows CE, which is
+ * why we #ifndef the whole section. This also excuses us from
+ * handling the GetProcAddress issue. The trouble is that in
+ * real Win32 API GetProcAddress is available in ANSI flavor
+ * only. In WinCE on the other hand GetProcAddress is a macro
+ * most commonly defined as GetProcAddressW, which accepts
+ * Unicode argument. If we were to call GetProcAddress under
+ * WinCE, I'd recommend to either redefine GetProcAddress as
+ * GetProcAddressA (there seem to be one in common CE spec) or
+ * implement own shim routine, which would accept ANSI argument
+ * and expand it to Unicode.
+ */
+ {
/* load functions dynamically - not available on all systems */
- advapi = LoadLibrary("ADVAPI32.DLL");
- kernel = LoadLibrary("KERNEL32.DLL");
- user = LoadLibrary("USER32.DLL");
- netapi = LoadLibrary("NETAPI32.DLL");
-
-#if 1 /* There was previously a problem with NETSTATGET. Currently, this
- * section is still experimental, but if all goes well, this conditional
- * will be removed
- */
+ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+ HMODULE user = NULL;
+ HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+ CRYPTACQUIRECONTEXTW acquire = NULL;
+ CRYPTGENRANDOM gen = NULL;
+ CRYPTRELEASECONTEXT release = NULL;
+ NETSTATGET netstatget = NULL;
+ NETFREE netfree = NULL;
+ BYTE buf[64];
+
if (netapi)
{
netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
if (netapi)
FreeLibrary(netapi);
-#endif /* 1 */
-
+
/* It appears like this can cause an exception deep within ADVAPI32.DLL
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
+ /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+ * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+ * So we don't use this at all for now. */
+#if 0
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
bufsz += 8192;
length = bufsz;
- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
+ rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
NULL, NULL, buf, &length);
}
if (rc == ERROR_SUCCESS)
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
- */
+ */
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
+
+ /* Close the Registry Key to allow Windows to cleanup/close
+ * the open handle
+ * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+ * when the RegQueryValueEx above is done. However, if
+ * it is not explicitly closed, it can cause disk
+ * partition manipulation problems.
+ */
+ RegCloseKey(HKEY_PERFORMANCE_DATA);
}
if (buf)
free(buf);
}
+#endif
if (advapi)
{
- acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
- "CryptAcquireContextA");
+ /*
+ * If it's available, then it's available in both ANSI
+ * and UNICODE flavors even in Win9x, documentation says.
+ * We favor Unicode...
+ */
+ acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+ "CryptAcquireContextW");
gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
"CryptGenRandom");
release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
{
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
+ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), 0);
-#ifdef DEBUG
+ good = 1;
+#if 0
printf("randomness from PROV_RSA_FULL\n");
#endif
}
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), sizeof(buf));
-#ifdef DEBUG
+ good = 1;
+#if 0
printf("randomness from PROV_INTEL_SEC\n");
#endif
}
if (advapi)
FreeLibrary(advapi);
- /* timer data */
- readtimer();
-
- /* memory usage statistics */
- GlobalMemoryStatus(&m);
- RAND_add(&m, sizeof(m), 1);
-
- /* process ID */
- w = GetCurrentProcessId();
- RAND_add(&w, sizeof(w), 1);
-
- if (user)
+ if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
+ !OPENSSL_isservice()) &&
+ (user = LoadLibrary(TEXT("USER32.DLL"))))
{
GETCURSORINFO cursor;
GETFOREGROUNDWINDOW win;
if (win)
{
/* window handle */
- h = win();
+ HWND h = win();
RAND_add(&h, sizeof(h), 0);
}
if (cursor)
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+ * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
+ CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
PROCESSENTRY32 p;
THREADENTRY32 t;
MODULEENTRY32 m;
+ DWORD stoptime = 0;
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+ close_snap = (CLOSETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, "CloseToolhelp32Snapshot");
heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
- != NULL)
+ != INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
* of entropy.
*/
hlist.dwSize = sizeof(HEAPLIST32);
+ if (good) stoptime = GetTickCount() + MAXDELAY;
if (heaplist_first(handle, &hlist))
do
{
&& --entrycnt > 0);
}
} while (heaplist_next(handle,
- &hlist));
-
+ &hlist) && GetTickCount() < stoptime);
+
/* process walking */
/* PROCESSENTRY32 contains 9 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
p.dwSize = sizeof(PROCESSENTRY32);
+
+ if (good) stoptime = GetTickCount() + MAXDELAY;
if (process_first(handle, &p))
do
RAND_add(&p, p.dwSize, 9);
- while (process_next(handle, &p));
+ while (process_next(handle, &p) && GetTickCount() < stoptime);
/* thread walking */
/* THREADENTRY32 contains 6 fields that will change
* 1 byte of entropy.
*/
t.dwSize = sizeof(THREADENTRY32);
+ if (good) stoptime = GetTickCount() + MAXDELAY;
if (thread_first(handle, &t))
do
RAND_add(&t, t.dwSize, 6);
- while (thread_next(handle, &t));
+ while (thread_next(handle, &t) && GetTickCount() < stoptime);
/* module walking */
/* MODULEENTRY32 contains 9 fields that will change
* 1 byte of entropy.
*/
m.dwSize = sizeof(MODULEENTRY32);
+ if (good) stoptime = GetTickCount() + MAXDELAY;
if (module_first(handle, &m))
do
RAND_add(&m, m.dwSize, 9);
- while (module_next(handle, &m));
+ while (module_next(handle, &m)
+ && (GetTickCount() < stoptime));
+ if (close_snap)
+ close_snap(handle);
+ else
+ CloseHandle(handle);
- CloseHandle(handle);
}
FreeLibrary(kernel);
}
+ }
+#endif /* !OPENSSL_SYS_WINCE */
-#ifdef DEBUG
+ /* timer data */
+ readtimer();
+
+ /* memory usage statistics */
+ GlobalMemoryStatus(&m);
+ RAND_add(&m, sizeof(m), 1);
+
+ /* process ID */
+ w = GetCurrentProcessId();
+ RAND_add(&w, sizeof(w), 1);
+
+#if 0
printf("Exiting RAND_poll\n");
#endif
DWORD w;
LARGE_INTEGER l;
static int have_perfc = 1;
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && defined(_M_X86)
static int have_tsc = 1;
DWORD cyclecount;
if (have_tsc) {
__try {
__asm {
- rdtsc
+ _emit 0x0f
+ _emit 0x31
mov cyclecount, eax
}
RAND_add(&cyclecount, sizeof(cyclecount), 1);
* Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*
* Code adapted from
- * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
* the original copyright message is:
*
* (C) Copyright Microsoft Corp. 1993. All rights reserved.
static void readscreen(void)
{
+#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
HDC hScrDC; /* screen DC */
HDC hMemDC; /* memory DC */
HBITMAP hBitmap; /* handle for our bitmap */
int y; /* y-coordinate of screen lines to grab */
int n = 16; /* number of screen lines to grab at a time */
+ if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
+ return;
+
/* Create a screen DC and a memory DC compatible to screen DC */
- hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
+ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
hMemDC = CreateCompatibleDC(hScrDC);
/* Get screen resolution */
DeleteObject(hBitmap);
DeleteDC(hMemDC);
DeleteDC(hScrDC);
-}
-
-#else /* Unix version */
-
-#include <time.h>
-
-int RAND_poll(void)
-{
- unsigned long l;
- pid_t curr_pid = getpid();
-#ifndef NO_FP_API
-#ifdef DEVRANDOM
- FILE *fh;
-#endif
-#endif
-
-#ifndef NO_FP_API
-#ifdef DEVRANDOM
- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
- * have this. Use /dev/urandom if you can as /dev/random may block
- * if it runs out of random entries. */
-
- if ((fh = fopen(DEVRANDOM, "r")) != NULL)
- {
- unsigned char tmpbuf[ENTROPY_NEEDED];
- int n;
-
- setvbuf(fh, NULL, _IONBF, 0);
- n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
- fclose(fh);
- RAND_add(tmpbuf,sizeof tmpbuf,n);
- memset(tmpbuf,0,n);
- }
-#endif
-#endif
-
- /* put in some default random data, we need more than just this */
- l=curr_pid;
- RAND_add(&l,sizeof(l),0);
- l=getuid();
- RAND_add(&l,sizeof(l),0);
-
- l=time(NULL);
- RAND_add(&l,sizeof(l),0);
-
-#ifndef NO_FP_API
-#ifdef DEVRANDOM
- return 1;
-#endif
-#endif
- return 0;
+#endif /* !OPENSSL_SYS_WINCE */
}
#endif