[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Fri Jun 3 16:19:02 UTC 2016 

The branch master has been updated
       via  6191fc8634eb0eee1a358bea7dbfbf33ad1f8981 (commit)
       via  e56f956ef1347b8eb9024471f4fa16691cf8e3ea (commit)
       via  0814afcfa46039c8f27739dbe6a355b731f34608 (commit)
       via  fa64e63373fbc845a39907407ad990a6bbb84174 (commit)
      from  49c2a00d1427b84bd851125740f493d1822e6fbc (commit)


- Log -----------------------------------------------------------------
commit 6191fc8634eb0eee1a358bea7dbfbf33ad1f8981
Author: Mat <mberchtold at gmail.com>
Date:   Thu Jun 2 23:38:56 2016 +0200

    Added define for STATUS_SUCCESS
    
    Use STATUS_SUCCESS instead of 0.
    Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1142)

commit e56f956ef1347b8eb9024471f4fa16691cf8e3ea
Author: Mat <mberchtold at gmail.com>
Date:   Sun May 29 20:44:27 2016 +0200

    Adds casts for 64-bit
    
    Adds missing casts for 64-bit.
    Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1142)

commit 0814afcfa46039c8f27739dbe6a355b731f34608
Author: Mat <mberchtold at gmail.com>
Date:   Sun May 29 20:38:37 2016 +0200

    Define USE_BCRYPT
    
    Define USE_BCRYPT
    Removed _WIN32_WINNT define
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1142)

commit fa64e63373fbc845a39907407ad990a6bbb84174
Author: Mat <mberchtold at gmail.com>
Date:   Sun May 29 20:23:22 2016 +0200

    Use BCryptGenRandom on Windows 7 or higher
    
    When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.
    
    This change brings the following benefits:
    - Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
    - CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
    - Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1142)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_win.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 46cbe14..c5d0aa1 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -13,31 +13,47 @@
 
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
-# ifndef _WIN32_WINNT
-#  define _WIN32_WINNT 0x0400
+/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+#  define RAND_WINDOWS_USE_BCRYPT
 # endif
-# include <wincrypt.h>
 
+# ifdef RAND_WINDOWS_USE_BCRYPT
+#  include <bcrypt.h>
+#  pragma comment(lib, "bcrypt.lib")
+#  ifndef STATUS_SUCCESS
+#   define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#  endif
+# else
+#  include <wincrypt.h>
 /*
  * Intel hardware RNG CSP -- available from
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
-# define PROV_INTEL_SEC 22
-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
 
 static void readtimer(void);
 
 int RAND_poll(void)
 {
     MEMORYSTATUS mst;
-    HCRYPTPROV hProvider = 0;
+# ifndef RAND_WINDOWS_USE_BCRYPT
+    HCRYPTPROV hProvider;
+# endif
     DWORD w;
     BYTE buf[64];
 
+# ifdef RAND_WINDOWS_USE_BCRYPT
+    if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
+        RAND_add(buf, sizeof(buf), sizeof(buf));
+    }
+# else
     /* poll the CryptoAPI PRNG */
     /* The CryptoAPI returns sizeof(buf) bytes of randomness */
     if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-        if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
             RAND_add(buf, sizeof(buf), sizeof(buf));
         }
         CryptReleaseContext(hProvider, 0);
@@ -45,11 +61,12 @@ int RAND_poll(void)
 
     /* poll the Pentium PRG with CryptoAPI */
     if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
-        if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+        if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
             RAND_add(buf, sizeof(buf), sizeof(buf));
         }
         CryptReleaseContext(hProvider, 0);
     }
+# endif
 
     /* timer data */
     readtimer();

More information about the openssl-commits mailing list