rand_win.c 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/rand.h>
  11. #include "rand_lcl.h"
  12. #include "internal/rand_int.h"
  13. #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
  14. # ifndef OPENSSL_RAND_SEED_OS
  15. # error "Unsupported seeding method configured; must be os"
  16. # endif
  17. # include <windows.h>
  18. /* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
  19. # if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601
  20. # define USE_BCRYPTGENRANDOM
  21. # endif
  22. # ifdef USE_BCRYPTGENRANDOM
  23. # include <bcrypt.h>
  24. # pragma comment(lib, "bcrypt.lib")
  25. # ifndef STATUS_SUCCESS
  26. # define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
  27. # endif
  28. # else
  29. # include <wincrypt.h>
  30. /*
  31. * Intel hardware RNG CSP -- available from
  32. * http://developer.intel.com/design/security/rng/redist_license.htm
  33. */
  34. # define PROV_INTEL_SEC 22
  35. # define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
  36. # endif
  37. size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  38. {
  39. # ifndef USE_BCRYPTGENRANDOM
  40. HCRYPTPROV hProvider;
  41. # endif
  42. unsigned char *buffer;
  43. size_t bytes_needed;
  44. size_t entropy_available = 0;
  45. # ifdef OPENSSL_RAND_SEED_RDTSC
  46. entropy_available = rand_acquire_entropy_from_tsc(pool);
  47. if (entropy_available > 0)
  48. return entropy_available;
  49. # endif
  50. # ifdef OPENSSL_RAND_SEED_RDCPU
  51. entropy_available = rand_acquire_entropy_from_cpu(pool);
  52. if (entropy_available > 0)
  53. return entropy_available;
  54. # endif
  55. # ifdef USE_BCRYPTGENRANDOM
  56. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  57. buffer = rand_pool_add_begin(pool, bytes_needed);
  58. if (buffer != NULL) {
  59. size_t bytes = 0;
  60. if (BCryptGenRandom(NULL, buffer, bytes_needed,
  61. BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
  62. bytes = bytes_needed;
  63. rand_pool_add_end(pool, bytes, 8 * bytes);
  64. entropy_available = rand_pool_entropy_available(pool);
  65. }
  66. if (entropy_available > 0)
  67. return entropy_available;
  68. # else
  69. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  70. buffer = rand_pool_add_begin(pool, bytes_needed);
  71. if (buffer != NULL) {
  72. size_t bytes = 0;
  73. /* poll the CryptoAPI PRNG */
  74. if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
  75. CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
  76. if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
  77. bytes = bytes_needed;
  78. CryptReleaseContext(hProvider, 0);
  79. }
  80. rand_pool_add_end(pool, bytes, 8 * bytes);
  81. entropy_available = rand_pool_entropy_available(pool);
  82. }
  83. if (entropy_available > 0)
  84. return entropy_available;
  85. bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
  86. buffer = rand_pool_add_begin(pool, bytes_needed);
  87. if (buffer != NULL) {
  88. size_t bytes = 0;
  89. /* poll the Pentium PRG with CryptoAPI */
  90. if (CryptAcquireContextW(&hProvider, NULL,
  91. INTEL_DEF_PROV, PROV_INTEL_SEC,
  92. CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
  93. if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
  94. bytes = bytes_needed;
  95. CryptReleaseContext(hProvider, 0);
  96. }
  97. rand_pool_add_end(pool, bytes, 8 * bytes);
  98. entropy_available = rand_pool_entropy_available(pool);
  99. }
  100. if (entropy_available > 0)
  101. return entropy_available;
  102. # endif
  103. return rand_pool_entropy_available(pool);
  104. }
  105. int rand_pool_add_nonce_data(RAND_POOL *pool)
  106. {
  107. struct {
  108. DWORD pid;
  109. DWORD tid;
  110. FILETIME time;
  111. } data = { 0 };
  112. /*
  113. * Add process id, thread id, and a high resolution timestamp to
  114. * ensure that the nonce is unique whith high probability for
  115. * different process instances.
  116. */
  117. data.pid = GetCurrentProcessId();
  118. data.tid = GetCurrentThreadId();
  119. GetSystemTimeAsFileTime(&data.time);
  120. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  121. }
  122. int rand_pool_add_additional_data(RAND_POOL *pool)
  123. {
  124. struct {
  125. DWORD tid;
  126. LARGE_INTEGER time;
  127. } data = { 0 };
  128. /*
  129. * Add some noise from the thread id and a high resolution timer.
  130. * The thread id adds a little randomness if the drbg is accessed
  131. * concurrently (which is the case for the <master> drbg).
  132. */
  133. data.tid = GetCurrentThreadId();
  134. QueryPerformanceCounter(&data.time);
  135. return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
  136. }
  137. # if OPENSSL_API_COMPAT < 0x10100000L
  138. int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
  139. {
  140. RAND_poll();
  141. return RAND_status();
  142. }
  143. void RAND_screen(void)
  144. {
  145. RAND_poll();
  146. }
  147. # endif
  148. int rand_pool_init(void)
  149. {
  150. return 1;
  151. }
  152. void rand_pool_cleanup(void)
  153. {
  154. }
  155. void rand_pool_keep_random_devices_open(int keep)
  156. {
  157. }
  158. #endif