crypto/rand/rand_win.c

   1 /*
   2  * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "internal/cryptlib.h"
  11 #include <openssl/rand.h>
  12 #include "rand_lcl.h"
  13 #include "internal/rand_int.h"
  14 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
  15
  16 # ifndef OPENSSL_RAND_SEED_OS
  17 #  error "Unsupported seeding method configured; must be os"
  18 # endif
  19
  20 # include <windows.h>
  21 /* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */
  22 # if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601
  23 #  define USE_BCRYPTGENRANDOM
  24 # endif
  25
  26 # ifdef USE_BCRYPTGENRANDOM
  27 #  include <bcrypt.h>
  28 #  pragma comment(lib, "bcrypt.lib")
  29 #  ifndef STATUS_SUCCESS
  30 #   define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
  31 #  endif
  32 # else
  33 #  include <wincrypt.h>
  34 /*
  35  * Intel hardware RNG CSP -- available from
  36  * http://developer.intel.com/design/security/rng/redist_license.htm
  37  */
  38 #  define PROV_INTEL_SEC 22
  39 #  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
  40 # endif
  41
  42 size_t rand_pool_acquire_entropy(RAND_POOL *pool)
  43 {
  44 # ifndef USE_BCRYPTGENRANDOM
  45     HCRYPTPROV hProvider;
  46 # endif
  47     unsigned char *buffer;
  48     size_t bytes_needed;
  49     size_t entropy_available = 0;
  50
  51
  52 # ifdef OPENSSL_RAND_SEED_RDTSC
  53     entropy_available = rand_acquire_entropy_from_tsc(pool);
  54     if (entropy_available > 0)
  55         return entropy_available;
  56 # endif
  57
  58 # ifdef OPENSSL_RAND_SEED_RDCPU
  59     entropy_available = rand_acquire_entropy_from_cpu(pool);
  60     if (entropy_available > 0)
  61         return entropy_available;
  62 # endif
  63
  64 # ifdef USE_BCRYPTGENRANDOM
  65     bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
  66     buffer = rand_pool_add_begin(pool, bytes_needed);
  67     if (buffer != NULL) {
  68         size_t bytes = 0;
  69         if (BCryptGenRandom(NULL, buffer, bytes_needed,
  70             BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
  71             bytes = bytes_needed;
  72
  73         rand_pool_add_end(pool, bytes, 8 * bytes);
  74         entropy_available = rand_pool_entropy_available(pool);
  75     }
  76     if (entropy_available > 0)
  77         return entropy_available;
  78 # else
  79     bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
  80     buffer = rand_pool_add_begin(pool, bytes_needed);
  81     if (buffer != NULL) {
  82         size_t bytes = 0;
  83         /* poll the CryptoAPI PRNG */
  84         if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
  85             CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
  86             if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
  87                 bytes = bytes_needed;
  88
  89             CryptReleaseContext(hProvider, 0);
  90         }
  91
  92         rand_pool_add_end(pool, bytes, 8 * bytes);
  93         entropy_available = rand_pool_entropy_available(pool);
  94     }
  95     if (entropy_available > 0)
  96         return entropy_available;
  97
  98     bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
  99     buffer = rand_pool_add_begin(pool, bytes_needed);
 100     if (buffer != NULL) {
 101         size_t bytes = 0;
 102         /* poll the Pentium PRG with CryptoAPI */
 103         if (CryptAcquireContextW(&hProvider, NULL,
 104                                  INTEL_DEF_PROV, PROV_INTEL_SEC,
 105                                  CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
 106             if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
 107                 bytes = bytes_needed;
 108
 109             CryptReleaseContext(hProvider, 0);
 110         }
 111         rand_pool_add_end(pool, bytes, 8 * bytes);
 112         entropy_available = rand_pool_entropy_available(pool);
 113     }
 114     if (entropy_available > 0)
 115         return entropy_available;
 116 # endif
 117
 118     return rand_pool_entropy_available(pool);
 119 }
 120
 121
 122 int rand_pool_add_nonce_data(RAND_POOL *pool)
 123 {
 124     struct {
 125         DWORD pid;
 126         DWORD tid;
 127         FILETIME time;
 128     } data = { 0 };
 129
 130     /*
 131      * Add process id, thread id, and a high resolution timestamp to
 132      * ensure that the nonce is unique whith high probability for
 133      * different process instances.
 134      */
 135     data.pid = GetCurrentProcessId();
 136     data.tid = GetCurrentThreadId();
 137     GetSystemTimeAsFileTime(&data.time);
 138
 139     return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 140 }
 141
 142 int rand_pool_add_additional_data(RAND_POOL *pool)
 143 {
 144     struct {
 145         DWORD tid;
 146         LARGE_INTEGER time;
 147     } data = { 0 };
 148
 149     /*
 150      * Add some noise from the thread id and a high resolution timer.
 151      * The thread id adds a little randomness if the drbg is accessed
 152      * concurrently (which is the case for the <master> drbg).
 153      */
 154     data.tid = GetCurrentThreadId();
 155     QueryPerformanceCounter(&data.time);
 156     return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 157 }
 158
 159 # if OPENSSL_API_COMPAT < 0x10100000L
 160 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 161 {
 162     RAND_poll();
 163     return RAND_status();
 164 }
 165
 166 void RAND_screen(void)
 167 {
 168     RAND_poll();
 169 }
 170 # endif
 171
 172 #endif