[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Sun May 29 17:37:14 UTC 2016


The branch master has been updated
       via  6378809b226a765a0c6d7e3cb375bac12ebb54cd (commit)
       via  d407fd2c87aab12d6e2139f3aa79880a75efdd56 (commit)
       via  1931a04c66f839bbf991297de6a24a0bff74bead (commit)
       via  2ff3b693e7aac5de51d64beae2595e5fcfbbfa04 (commit)
       via  73241290bc15d708bb9ec8bb48891df1e5485e3e (commit)
       via  ad0f926c9c556b5369ce98aa128e4db4463ac12d (commit)
       via  151a4376bcd0c4743a8da6249484f4cc911ede64 (commit)
       via  6f0cc2a6f8a7da5b68e5665589f307683a9a85f4 (commit)
       via  42af747925f6c40b2b5313d136c02ec8506e6470 (commit)
       via  75dcf70a990d751f4bfe7844bcb7480fc1de3c84 (commit)
       via  888db7f224fec4ead34c32e82fa591dea61d14a2 (commit)
       via  4447d829de82ac2e26e2a8b3c8e2b248b09f5ac2 (commit)
       via  1cd02c699f888ad5a0ed943148db38eef0366445 (commit)
       via  1150999e04ab826a9e8607e87db7fdd72f688ec4 (commit)
       via  eb9b92ec8efd81abf4642b65c34cc542197a545a (commit)
      from  cfe1d9929ee7d58e9e290d20b14b309b327d8a8f (commit)


- Log -----------------------------------------------------------------
commit 6378809b226a765a0c6d7e3cb375bac12ebb54cd
Author: Joey Yandle <xoloki at gmail.com>
Date:   Tue May 17 13:42:52 2016 -0700

    set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit d407fd2c87aab12d6e2139f3aa79880a75efdd56
Author: Joey Yandle <xoloki at gmail.com>
Date:   Mon May 16 12:51:40 2016 -0700

    fix deprecation version number in docs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 1931a04c66f839bbf991297de6a24a0bff74bead
Author: Joey Yandle <xoloki at gmail.com>
Date:   Mon May 16 12:46:48 2016 -0700

    update docs with descriptions and deprecation
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 2ff3b693e7aac5de51d64beae2595e5fcfbbfa04
Author: Joey Yandle <xoloki at gmail.com>
Date:   Mon May 16 12:41:02 2016 -0700

    fix return value in docs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 73241290bc15d708bb9ec8bb48891df1e5485e3e
Author: Joey Yandle <xoloki at gmail.com>
Date:   Mon May 16 12:30:41 2016 -0700

    add removed functions back as deprecated
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit ad0f926c9c556b5369ce98aa128e4db4463ac12d
Author: Joey Yandle <xoloki at gmail.com>
Date:   Wed Jan 13 11:15:51 2016 -0800

    get rid of now empty #if
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 151a4376bcd0c4743a8da6249484f4cc911ede64
Author: Joey Yandle <xoloki at gmail.com>
Date:   Wed Jan 13 10:11:06 2016 -0800

    remove winrand.c entirely, nothing seems to reference it
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 6f0cc2a6f8a7da5b68e5665589f307683a9a85f4
Author: Joey Yandle <xoloki at gmail.com>
Date:   Tue Jan 12 21:27:27 2016 -0800

    cherry pick pr-512 changes
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 42af747925f6c40b2b5313d136c02ec8506e6470
Author: Joey Yandle <xoloki at gmail.com>
Date:   Tue Jan 12 21:16:42 2016 -0800

    get rid of unnecessary include
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 75dcf70a990d751f4bfe7844bcb7480fc1de3c84
Author: Joey Yandle <dragon at dancingdragon.be>
Date:   Tue Jan 12 20:18:59 2016 -0800

    remove RAND_screen and friends
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 888db7f224fec4ead34c32e82fa591dea61d14a2
Author: Joey Yandle <dragon at dancingdragon.be>
Date:   Tue Jan 12 11:53:16 2016 -0800

    cherry pick pr-512 changes
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 4447d829de82ac2e26e2a8b3c8e2b248b09f5ac2
Author: Joey Yandle <dragon at dancingdragon.be>
Date:   Wed Dec 23 10:39:09 2015 -0800

    OR flags with CRYPT_SILENT to really make sure no UI pops up
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 1cd02c699f888ad5a0ed943148db38eef0366445
Author: Joey Yandle <xoloki at gmail.com>
Date:   Sun Dec 20 18:44:11 2015 -0800

    fix endif comment
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit 1150999e04ab826a9e8607e87db7fdd72f688ec4
Author: Joey Yandle <xoloki at gmail.com>
Date:   Sun Dec 20 18:37:56 2015 -0800

    remove all WINCE ifdefs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

commit eb9b92ec8efd81abf4642b65c34cc542197a545a
Author: Joey Yandle <dragon at dancingdragon.be>
Date:   Fri Dec 11 17:53:03 2015 -0800

    - remove insane heap walk and kernel loading code; clean up style and calling conventions
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1079)

-----------------------------------------------------------------------

Summary of changes:
 apps/app_rand.c         |   4 -
 apps/winrand.c          | 100 ---------
 crypto/rand/rand_win.c  | 554 ++----------------------------------------------
 doc/crypto/RAND_add.pod |  27 ++-
 doc/crypto/rand.pod     |  12 +-
 include/openssl/rand.h  |  10 +-
 util/libcrypto.num      |   4 +-
 7 files changed, 44 insertions(+), 667 deletions(-)
 delete mode 100644 apps/winrand.c

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 8163d99..0d44af9 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -19,10 +19,6 @@ int app_RAND_load_file(const char *file, int dont_warn)
     int consider_randfile = (file == NULL);
     char buffer[200];
 
-#ifdef OPENSSL_SYS_WINDOWS
-    RAND_screen();
-#endif
-
     if (file == NULL)
         file = RAND_file_name(buffer, sizeof buffer);
 #ifndef OPENSSL_NO_EGD
diff --git a/apps/winrand.c b/apps/winrand.c
deleted file mode 100644
index e65605e..0000000
--- a/apps/winrand.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*-
- * Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-                   PSTR cmdline, int iCmdShow)
-{
-    static char appname[] = "OpenSSL";
-    HWND hwnd;
-    MSG msg;
-    WNDCLASSEX wndclass;
-    char buffer[200];
-
-    if (cmdline[0] == '\0')
-        filename = RAND_file_name(buffer, sizeof buffer);
-    else
-        filename = cmdline;
-
-    RAND_load_file(filename, -1);
-
-    wndclass.cbSize = sizeof(wndclass);
-    wndclass.style = CS_HREDRAW | CS_VREDRAW;
-    wndclass.lpfnWndProc = WndProc;
-    wndclass.cbClsExtra = 0;
-    wndclass.cbWndExtra = 0;
-    wndclass.hInstance = hInstance;
-    wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
-    wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
-    wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
-    wndclass.lpszMenuName = NULL;
-    wndclass.lpszClassName = appname;
-    wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
-    RegisterClassEx(&wndclass);
-
-    hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
-                        WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-                        CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
-                        NULL);
-
-    ShowWindow(hwnd, iCmdShow);
-    UpdateWindow(hwnd);
-
-    while (GetMessage(&msg, NULL, 0, 0)) {
-        TranslateMessage(&msg);
-        DispatchMessage(&msg);
-    }
-
-    return msg.wParam;
-}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-{
-    HDC hdc;
-    PAINTSTRUCT ps;
-    RECT rect;
-    static int seeded = 0;
-
-    switch (iMsg) {
-    case WM_PAINT:
-        hdc = BeginPaint(hwnd, &ps);
-        GetClientRect(hwnd, &rect);
-        DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
-                 &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
-        EndPaint(hwnd, &ps);
-        return 0;
-
-    case WM_DESTROY:
-        PostQuitMessage(0);
-        return 0;
-    }
-
-    if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
-        seeded = 1;
-        if (RAND_write_file(filename) <= 0)
-            MessageBox(hwnd, "Couldn't write random file!",
-                       "OpenSSL", MB_OK | MB_ICONERROR);
-        PostQuitMessage(0);
-    }
-
-    return DefWindowProc(hwnd, iMsg, wParam, lParam);
-}
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index cb0c1ed..46cbe14 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -17,14 +17,6 @@
 #  define _WIN32_WINNT 0x0400
 # endif
 # include <wincrypt.h>
-# include <tlhelp32.h>
-
-/*
- * Limit the time spent walking through the heap, processes, threads and
- * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
- * failed
- */
-# define MAXDELAY 1000
 
 /*
  * Intel hardware RNG CSP -- available from
@@ -34,423 +26,30 @@
 # define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 
 static void readtimer(void);
-static void readscreen(void);
-
-/*
- * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
- * when WINVER is 0x0500 and up, which currently only happens on Win2000.
- * Unfortunately, those are typedefs, so they're a little bit difficult to
- * detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
- * within the same conditional, so it can be use to detect the absence of
- * said typedefs.
- */
-
-# ifndef CURSOR_SHOWING
-/*
- * Information about the global cursor.
- */
-typedef struct tagCURSORINFO {
-    DWORD cbSize;
-    DWORD flags;
-    HCURSOR hCursor;
-    POINT ptScreenPos;
-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
-
-#  define CURSOR_SHOWING     0x00000001
-# endif                         /* CURSOR_SHOWING */
-
-# if !defined(OPENSSL_SYS_WINCE)
-typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
-                                            DWORD, DWORD);
-typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
-typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
-
-typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
-typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
-typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
-
-typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
-typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
-typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
-typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
-typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
-typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
-typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
-typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
-
-#  include <lmcons.h>
-#  include <lmstats.h>
-/*
- * The NET API is Unicode only.  It requires the use of the UNICODE macro.
- * When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was was added to the
- * Platform SDK to allow the NET API to be used in non-Unicode applications
- * provided that Unicode strings were still used for input.  LMSTR is defined
- * as LPWSTR.
- */
-typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
-typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
-# endif                         /* !OPENSSL_SYS_WINCE */
 
 int RAND_poll(void)
 {
     MEMORYSTATUS mst;
     HCRYPTPROV hProvider = 0;
     DWORD w;
-    int good = 0;
+    BYTE buf[64];
 
-# if defined(OPENSSL_SYS_WINCE)
-#  if defined(_WIN32_WCE) && _WIN32_WCE>=300
-    /*
-     * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
-     * in commonly available implementations prior 300...
-     */
-    {
-        BYTE buf[64];
-        /* poll the CryptoAPI PRNG */
-        /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
-                                 CRYPT_VERIFYCONTEXT)) {
-            if (CryptGenRandom(hProvider, sizeof(buf), buf))
-                RAND_add(buf, sizeof(buf), sizeof(buf));
-            CryptReleaseContext(hProvider, 0);
+    /* poll the CryptoAPI PRNG */
+    /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+    if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+        if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+            RAND_add(buf, sizeof(buf), sizeof(buf));
         }
+        CryptReleaseContext(hProvider, 0);
     }
-#  endif
-# else                          /* OPENSSL_SYS_WINCE */
-    /*
-     * None of below libraries are present on Windows CE, which is
-     * why we #ifndef the whole section. This also excuses us from
-     * handling the GetProcAddress issue. The trouble is that in
-     * real Win32 API GetProcAddress is available in ANSI flavor
-     * only. In WinCE on the other hand GetProcAddress is a macro
-     * most commonly defined as GetProcAddressW, which accepts
-     * Unicode argument. If we were to call GetProcAddress under
-     * WinCE, I'd recommend to either redefine GetProcAddress as
-     * GetProcAddressA (there seem to be one in common CE spec) or
-     * implement own shim routine, which would accept ANSI argument
-     * and expand it to Unicode.
-     */
-    {
-        /* load functions dynamically - not available on all systems */
-        HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
-        HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
-        HMODULE user = NULL;
-        HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
-        CRYPTACQUIRECONTEXTW acquire = NULL;
-        CRYPTGENRANDOM gen = NULL;
-        CRYPTRELEASECONTEXT release = NULL;
-        NETSTATGET netstatget = NULL;
-        NETFREE netfree = NULL;
-        BYTE buf[64];
-
-        if (netapi) {
-            netstatget =
-                (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
-            netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
-        }
-
-        if (netstatget && netfree) {
-            LPBYTE outbuf;
-            /*
-             * NetStatisticsGet() is a Unicode only function
-             * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
-             * contains 17 fields.  We treat each field as a source of one
-             * byte of entropy.
-             */
-
-            if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
-                RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
-                netfree(outbuf);
-            }
-            if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
-                RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
-                netfree(outbuf);
-            }
-        }
-
-        if (netapi)
-            FreeLibrary(netapi);
-
-        /*
-         * It appears like this can cause an exception deep within
-         * ADVAPI32.DLL at random times on Windows 2000.  Reported by Jeffrey
-         * Altman. Only use it on NT.
-         */
-
-        if (advapi) {
-            /*
-             * If it's available, then it's available in both ANSI
-             * and UNICODE flavors even in Win9x, documentation says.
-             * We favor Unicode...
-             */
-            acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
-                                                            "CryptAcquireContextW");
-            gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
-            release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-                                                           "CryptReleaseContext");
-        }
-
-        if (acquire && gen && release) {
-            /* poll the CryptoAPI PRNG */
-            /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-            if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
-                        CRYPT_VERIFYCONTEXT)) {
-                if (gen(hProvider, sizeof(buf), buf) != 0) {
-                    RAND_add(buf, sizeof(buf), 0);
-                    good = 1;
-                }
-                release(hProvider, 0);
-            }
-
-            /* poll the Pentium PRG with CryptoAPI */
-            if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
-                if (gen(hProvider, sizeof(buf), buf) != 0) {
-                    RAND_add(buf, sizeof(buf), sizeof(buf));
-                    good = 1;
-                }
-                release(hProvider, 0);
-            }
-        }
-
-        if (advapi)
-            FreeLibrary(advapi);
-
-        if ((!check_winnt() ||
-             !OPENSSL_isservice()) &&
-            (user = LoadLibrary(TEXT("USER32.DLL")))) {
-            GETCURSORINFO cursor;
-            GETFOREGROUNDWINDOW win;
-            GETQUEUESTATUS queue;
-
-            win =
-                (GETFOREGROUNDWINDOW) GetProcAddress(user,
-                                                     "GetForegroundWindow");
-            cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-            queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
-
-            if (win) {
-                /* window handle */
-                HWND h = win();
-                RAND_add(&h, sizeof(h), 0);
-            }
-            if (cursor) {
-                /*
-                 * unfortunately, its not safe to call GetCursorInfo() on NT4
-                 * even though it exists in SP3 (or SP6) and higher.
-                 */
-                if (check_winnt() && !check_win_minplat(5))
-                    cursor = 0;
-            }
-            if (cursor) {
-                /* cursor position */
-                /* assume 2 bytes of entropy */
-                CURSORINFO ci;
-                ci.cbSize = sizeof(CURSORINFO);
-                if (cursor(&ci))
-                    RAND_add(&ci, ci.cbSize, 2);
-            }
-
-            if (queue) {
-                /* message queue status */
-                /* assume 1 byte of entropy */
-                w = queue(QS_ALLEVENTS);
-                RAND_add(&w, sizeof(w), 1);
-            }
-
-            FreeLibrary(user);
-        }
-
-        /*-
-         * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
-         * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
-         * (Win 9x and 2000 only, not available on NT)
-         *
-         * This seeding method was proposed in Peter Gutmann, Software
-         * Generation of Practically Strong Random Numbers,
-         * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-         * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
-         * (The assignment of entropy estimates below is arbitrary, but based
-         * on Peter's analysis the full poll appears to be safe. Additional
-         * interactive seeding is encouraged.)
-         */
-
-        if (kernel) {
-            CREATETOOLHELP32SNAPSHOT snap;
-            CLOSETOOLHELP32SNAPSHOT close_snap;
-            HANDLE handle;
-
-            HEAP32FIRST heap_first;
-            HEAP32NEXT heap_next;
-            HEAP32LIST heaplist_first, heaplist_next;
-            PROCESS32 process_first, process_next;
-            THREAD32 thread_first, thread_next;
-            MODULE32 module_first, module_next;
-
-            HEAPLIST32 hlist;
-            HEAPENTRY32 hentry;
-            PROCESSENTRY32 p;
-            THREADENTRY32 t;
-            MODULEENTRY32 m;
-            DWORD starttime = 0;
-
-            snap = (CREATETOOLHELP32SNAPSHOT)
-                GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-            close_snap = (CLOSETOOLHELP32SNAPSHOT)
-                GetProcAddress(kernel, "CloseToolhelp32Snapshot");
-            heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-            heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-            heaplist_first =
-                (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-            heaplist_next =
-                (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-            process_first =
-                (PROCESS32) GetProcAddress(kernel, "Process32First");
-            process_next =
-                (PROCESS32) GetProcAddress(kernel, "Process32Next");
-            thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-            thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-            module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-            module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
 
-            if (snap && heap_first && heap_next && heaplist_first &&
-                heaplist_next && process_first && process_next &&
-                thread_first && thread_next && module_first &&
-                module_next && (handle = snap(TH32CS_SNAPALL, 0))
-                != INVALID_HANDLE_VALUE) {
-                /* heap list and heap walking */
-                /*
-                 * HEAPLIST32 contains 3 fields that will change with each
-                 * entry.  Consider each field a source of 1 byte of entropy.
-                 * HEAPENTRY32 contains 5 fields that will change with each
-                 * entry.  Consider each field a source of 1 byte of entropy.
-                 */
-                ZeroMemory(&hlist, sizeof(HEAPLIST32));
-                hlist.dwSize = sizeof(HEAPLIST32);
-                if (good)
-                    starttime = GetTickCount();
-#  ifdef _MSC_VER
-                if (heaplist_first(handle, &hlist)) {
-                    /*
-                     * following discussion on dev ML, exception on WinCE (or
-                     * other Win platform) is theoretically of unknown
-                     * origin; prevent infinite loop here when this
-                     * theoretical case occurs; otherwise cope with the
-                     * expected (MSDN documented) exception-throwing
-                     * behaviour of Heap32Next() on WinCE.
-                     *
-                     * based on patch in original message by Tanguy Fautré
-                     * (2009/03/02) Subject: RAND_poll() and
-                     * CreateToolhelp32Snapshot() stability
-                     */
-                    int ex_cnt_limit = 42;
-                    do {
-                        RAND_add(&hlist, hlist.dwSize, 3);
-                        __try {
-                            ZeroMemory(&hentry, sizeof(HEAPENTRY32));
-                            hentry.dwSize = sizeof(HEAPENTRY32);
-                            if (heap_first(&hentry,
-                                           hlist.th32ProcessID,
-                                           hlist.th32HeapID)) {
-                                int entrycnt = 80;
-                                do
-                                    RAND_add(&hentry, hentry.dwSize, 5);
-                                while (heap_next(&hentry)
-                                       && (!good
-                                           || (GetTickCount() - starttime) <
-                                           MAXDELAY)
-                                       && --entrycnt > 0);
-                            }
-                        }
-                        __except(EXCEPTION_EXECUTE_HANDLER) {
-                            /*
-                             * ignore access violations when walking the heap
-                             * list
-                             */
-                            ex_cnt_limit--;
-                        }
-                    } while (heaplist_next(handle, &hlist)
-                             && (!good
-                                 || (GetTickCount() - starttime) < MAXDELAY)
-                             && ex_cnt_limit > 0);
-                }
-#  else
-                if (heaplist_first(handle, &hlist)) {
-                    do {
-                        RAND_add(&hlist, hlist.dwSize, 3);
-                        hentry.dwSize = sizeof(HEAPENTRY32);
-                        if (heap_first(&hentry,
-                                       hlist.th32ProcessID,
-                                       hlist.th32HeapID)) {
-                            int entrycnt = 80;
-                            do
-                                RAND_add(&hentry, hentry.dwSize, 5);
-                            while (heap_next(&hentry)
-                                   && --entrycnt > 0);
-                        }
-                    } while (heaplist_next(handle, &hlist)
-                             && (!good
-                                 || (GetTickCount() - starttime) < MAXDELAY));
-                }
-#  endif
-
-                /* process walking */
-                /*
-                 * PROCESSENTRY32 contains 9 fields that will change with
-                 * each entry.  Consider each field a source of 1 byte of
-                 * entropy.
-                 */
-                p.dwSize = sizeof(PROCESSENTRY32);
-
-                if (good)
-                    starttime = GetTickCount();
-                if (process_first(handle, &p))
-                    do
-                        RAND_add(&p, p.dwSize, 9);
-                    while (process_next(handle, &p)
-                           && (!good
-                               || (GetTickCount() - starttime) < MAXDELAY));
-
-                /* thread walking */
-                /*
-                 * THREADENTRY32 contains 6 fields that will change with each
-                 * entry.  Consider each field a source of 1 byte of entropy.
-                 */
-                t.dwSize = sizeof(THREADENTRY32);
-                if (good)
-                    starttime = GetTickCount();
-                if (thread_first(handle, &t))
-                    do
-                        RAND_add(&t, t.dwSize, 6);
-                    while (thread_next(handle, &t)
-                           && (!good
-                               || (GetTickCount() - starttime) < MAXDELAY));
-
-                /* module walking */
-                /*
-                 * MODULEENTRY32 contains 9 fields that will change with each
-                 * entry.  Consider each field a source of 1 byte of entropy.
-                 */
-                m.dwSize = sizeof(MODULEENTRY32);
-                if (good)
-                    starttime = GetTickCount();
-                if (module_first(handle, &m))
-                    do
-                        RAND_add(&m, m.dwSize, 9);
-                    while (module_next(handle, &m)
-                           && (!good
-                               || (GetTickCount() - starttime) < MAXDELAY));
-                if (close_snap)
-                    close_snap(handle);
-                else
-                    CloseHandle(handle);
-
-            }
-
-            FreeLibrary(kernel);
+    /* poll the Pentium PRG with CryptoAPI */
+    if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+        if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
+            RAND_add(buf, sizeof(buf), sizeof(buf));
         }
+        CryptReleaseContext(hProvider, 0);
     }
-# endif                         /* !OPENSSL_SYS_WINCE */
 
     /* timer data */
     readtimer();
@@ -466,50 +65,18 @@ int RAND_poll(void)
     return (1);
 }
 
+#if OPENSSL_API_COMPAT < 0x00101000L
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
-    double add_entropy = 0;
-
-    switch (iMsg) {
-    case WM_KEYDOWN:
-        {
-            static WPARAM key;
-            if (key != wParam)
-                add_entropy = 0.05;
-            key = wParam;
-        }
-        break;
-    case WM_MOUSEMOVE:
-        {
-            static int lastx, lasty, lastdx, lastdy;
-            int x, y, dx, dy;
-
-            x = LOWORD(lParam);
-            y = HIWORD(lParam);
-            dx = lastx - x;
-            dy = lasty - y;
-            if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
-                add_entropy = .2;
-            lastx = x, lasty = y;
-            lastdx = dx, lastdy = dy;
-        }
-        break;
-    }
-
-    readtimer();
-    RAND_add(&iMsg, sizeof(iMsg), add_entropy);
-    RAND_add(&wParam, sizeof(wParam), 0);
-    RAND_add(&lParam, sizeof(lParam), 0);
-
-    return (RAND_status());
+    RAND_poll();
+    return RAND_status();
 }
 
 void RAND_screen(void)
-{                               /* function available for backward
-                                 * compatibility */
+{
     RAND_poll();
-    readscreen();
 }
+#endif
 
 /* feed timing information to the PRNG */
 static void readtimer(void)
@@ -548,91 +115,4 @@ static void readtimer(void)
     }
 }
 
-/* feed screen contents to PRNG */
-/*****************************************************************************
- *
- * Created 960901 by Gertjan van Oosten, gertjan at West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
- * the original copyright message is:
- *
- *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
- *
- *   You have a royalty-free right to use, modify, reproduce and
- *   distribute the Sample Files (and/or any modified version) in
- *   any way you find useful, provided that you agree that
- *   Microsoft has no warranty obligations or liability for any
- *   Sample Application Files which are modified.
- */
-
-static void readscreen(void)
-{
-# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
-    HDC hScrDC;                 /* screen DC */
-    HBITMAP hBitmap;            /* handle for our bitmap */
-    BITMAP bm;                  /* bitmap properties */
-    unsigned int size;          /* size of bitmap */
-    char *bmbits;               /* contents of bitmap */
-    int w;                      /* screen width */
-    int h;                      /* screen height */
-    int y;                      /* y-coordinate of screen lines to grab */
-    int n = 16;                 /* number of screen lines to grab at a time */
-    BITMAPINFOHEADER bi;        /* info about the bitmap */
-
-    if (check_winnt() && OPENSSL_isservice() > 0)
-        return;
-
-    /* Get a reference to the screen DC */
-    hScrDC = GetDC(NULL);
-
-    /* Get screen resolution */
-    w = GetDeviceCaps(hScrDC, HORZRES);
-    h = GetDeviceCaps(hScrDC, VERTRES);
-
-    /* Create a bitmap compatible with the screen DC */
-    hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
-    /* Get bitmap properties */
-    GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
-    size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
-    bi.biSize = sizeof(BITMAPINFOHEADER);
-    bi.biWidth = bm.bmWidth;
-    bi.biHeight = bm.bmHeight;
-    bi.biPlanes = bm.bmPlanes;
-    bi.biBitCount = bm.bmBitsPixel;
-    bi.biCompression = BI_RGB;
-    bi.biSizeImage = 0;
-    bi.biXPelsPerMeter = 0;
-    bi.biYPelsPerMeter = 0;
-    bi.biClrUsed = 0;
-    bi.biClrImportant = 0;
-
-    bmbits = OPENSSL_malloc(size);
-    if (bmbits != NULL) {
-        /* Now go through the whole screen, repeatedly grabbing n lines */
-        for (y = 0; y < h - n; y += n) {
-            unsigned char md[MD_DIGEST_LENGTH];
-
-            /* Copy the bits of the current line range into the buffer */
-            GetDIBits(hScrDC, hBitmap, y, n,
-                      bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS);
-
-            /* Get the hash of the bitmap */
-            MD(bmbits, size, md);
-
-            /* Seed the random generator with the hash value */
-            RAND_add(md, MD_DIGEST_LENGTH, 0);
-        }
-
-        OPENSSL_free(bmbits);
-    }
-
-    /* Clean up */
-    DeleteObject(hBitmap);
-    ReleaseDC(NULL, hScrDC);
-# endif                         /* !OPENSSL_SYS_WINCE */
-}
-
 #endif
diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod
index 9561c2a..46de165 100644
--- a/doc/crypto/RAND_add.pod
+++ b/doc/crypto/RAND_add.pod
@@ -15,8 +15,10 @@ entropy to the PRNG
 
  int  RAND_status(void);
 
+ #if OPENSSL_API_COMPAT < 0x10100000L
  int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
  void RAND_screen(void);
+ #endif
 
 =head1 DESCRIPTION
 
@@ -42,27 +44,24 @@ or L<RAND_load_file(3)>.
 
 RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
 
-RAND_event() collects the entropy from Windows events such as mouse
-movements and other user interaction. It should be called with the
-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
-the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the PRNG. The program can then
-process the messages as usual.
-
-The RAND_screen() function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG by
-calling RAND_event() is a significantly better source of
-randomness. It should be noted that both methods cannot be used on
-servers that run without user interaction.
+RAND_event() and RAND_screen() are deprecated and should not be called.
 
 =head1 RETURN VALUES
 
-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+RAND_status() returns 1 if the PRNG has been seeded
 with enough data, 0 otherwise.
 
+RAND_event() calls RAND_poll() and returns RAND_status().
+
+RAND_screen calls RAND_poll().
+
 The other functions do not return values.
 
+=head1 HISTORY
+
+RAND_event() and RAND_screen() are deprecated since OpenSSL
+1.1.0.  Use the functions described above instead.
+
 =head1 SEE ALSO
 
 L<rand(3)>, L<RAND_egd(3)>,
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index 45a6d6b..76ec0b6 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -27,16 +27,20 @@ rand - pseudo-random number generator
  const RAND_METHOD *RAND_get_rand_method(void);
  RAND_METHOD *RAND_OpenSSL(void);
 
- /* For Win32 only */
- void RAND_screen(void);
- int RAND_event(UINT, WPARAM, LPARAM);
-
 Deprecated:
 
  #if OPENSSL_API_COMPAT < 0x10100000L
  void RAND_cleanup(void)
  #endif
 
+/* For Win32 only */
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+ void RAND_screen(void);
+ int RAND_event(UINT, WPARAM, LPARAM);
+ #endif
+
+
 =head1 DESCRIPTION
 
 Since the introduction of the ENGINE API, the recommended way of controlling
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 679cf09..d0f8eab 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -65,12 +65,10 @@ int RAND_egd_bytes(const char *path, int bytes);
 # endif
 int RAND_poll(void);
 
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-# endif
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+#endif
 
 /* BEGIN ERROR CODES */
 /*
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32c36d9..40d6e0d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1355,7 +1355,7 @@ BN_BLINDING_set_flags                   1314	1_1_0	EXIST::FUNCTION:
 ERR_peek_last_error                     1315	1_1_0	EXIST::FUNCTION:
 ENGINE_set_cmd_defns                    1316	1_1_0	EXIST::FUNCTION:ENGINE
 d2i_ASN1_NULL                           1317	1_1_0	EXIST::FUNCTION:
-RAND_event                              1318	1_1_0	EXIST:WIN32:FUNCTION:
+RAND_event                              1318	1_1_0	EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
 i2d_PKCS12_fp                           1319	1_1_0	EXIST::FUNCTION:
 EVP_PKEY_meth_get_init                  1320	1_1_0	EXIST::FUNCTION:
 X509_check_trust                        1321	1_1_0	EXIST::FUNCTION:
@@ -1853,7 +1853,7 @@ OCSP_SINGLERESP_get_ext_by_NID          1800	1_1_0	EXIST::FUNCTION:OCSP
 a2i_IPADDRESS_NC                        1801	1_1_0	EXIST::FUNCTION:
 CTLOG_STORE_load_default_file           1802	1_1_0	EXIST::FUNCTION:CT
 PKCS12_SAFEBAG_create_pkcs8_encrypt     1803	1_1_0	EXIST::FUNCTION:
-RAND_screen                             1804	1_1_0	EXIST:WIN32:FUNCTION:
+RAND_screen                             1804	1_1_0	EXIST:WIN32:FUNCTION:DEPRECATEDIN_1_1_0
 CONF_get_string                         1805	1_1_0	EXIST::FUNCTION:
 X509_cmp_current_time                   1806	1_1_0	EXIST::FUNCTION:
 i2d_DSAPrivateKey                       1807	1_1_0	EXIST::FUNCTION:DSA


More information about the openssl-commits mailing list