From: Wouter Wijngaards Date: Sat, 12 Jul 2014 20:19:14 +0000 (+0000) Subject: getentropy from Theo de Raadt X-Git-Tag: release-1.5.0rc1~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10e378f13bfc1ab2e61fdab0a91e64ddf8524265;p=thirdparty%2Funbound.git getentropy from Theo de Raadt git-svn-id: file:///svn/unbound/trunk@3189 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c index cad15d4aa..00cce559a 100644 --- a/compat/getentropy_win.c +++ b/compat/getentropy_win.c @@ -1,65 +1,55 @@ -/* getentropy_win.c - get entropy on Windows. -* - * Copyright (c) 2014, NLnet Labs. All rights reserved. +/* $OpenBSD$ */ + +/* + * Copyright (c) 2014, Theo de Raadt + * Copyright (c) 2014, Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "config.h" +#include +#include +#include +#include + +int getentropy(void *buf, size_t len); + +/* + * On Windows, CryptGenRandom is supposed to be a well-seeded + * cryptographically strong random number generator. + */ int getentropy(void *buf, size_t len) { - HMODULE lib; + HCRYPTPROV provider; - if(len > 256) { + if (len > 256) { errno = EIO; return -1; } - /* Get entropy with windows secure random number generator, - * for windows XP and later, it is in the ADVAPI32 dll */ - lib = LoadLibrary("ADVAPI32.DLL"); - if(lib) { - /* Load the RtlGenRandom function */ - BOOLEAN (APIENTRY* genrandom)(void*,ULONG) = - (BOOLEAN (APIENTRY*)(void*,ULONG)) - GetProcAddress(lib, "SystemFunction036"); - if(genrandom) { - if(genrandom(buf, len)) { - FreeLibrary(lib); - return 0; /* success */ - } - } - FreeLibrary(lib); + if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT) != 0) + goto fail; + if (CryptGenRandom(provider, len, buf) != 0) { + CryptReleaseContext(provider, 0); + goto fail; } + CryptReleaseContext(provider, 0); + return (0); +fail: errno = EIO; - return -1; + return (-1); }