From e0ef4899f3ef2561ae32275c2c3d11914e7343c7 Mon Sep 17 00:00:00 2001 From: Nobuyoshi Nakada Date: Fri, 24 Sep 2021 17:06:10 +0900 Subject: [Win32] Prefer Cryptography Next Generation API [BCryptGenRandom] is available since Windows Vista / Windows Server 2008. Regarding [CryptGenRandom]: > This API is deprecated. New and existing software should start > using Cryptography Next Generation APIs. Microsoft may remove > this API in future releases. [BCryptGenRandom]: https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom [CryptGenRandom]: https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom --- configure.ac | 2 +- random.c | 22 +++++++++++++++++++++- win32/Makefile.sub | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index b65ccf4b31..fc9a9967f3 100644 --- a/configure.ac +++ b/configure.ac @@ -1115,7 +1115,7 @@ main() AC_CHECK_FUNCS(cygwin_conv_path) AC_LIBOBJ([langinfo]) ], -[mingw*], [ LIBS="-lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi $LIBS" +[mingw*], [ LIBS="-lshell32 -lws2_32 -liphlpapi -limagehlp -lshlwapi -lbcrypt $LIBS" ac_cv_header_pwd_h=no ac_cv_header_utime_h=no ac_cv_header_sys_ioctl_h=no diff --git a/random.c b/random.c index fd9db0cf75..0503436c47 100644 --- a/random.c +++ b/random.c @@ -42,6 +42,7 @@ # include # include # include +# include #endif #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__) @@ -544,6 +545,7 @@ fill_random_bytes_syscall(void *buf, size_t size, int unused) #endif } #elif defined(_WIN32) +# if defined(CRYPT_VERIFYCONTEXT) STATIC_ASSERT(sizeof_HCRYPTPROV, sizeof(HCRYPTPROV) == sizeof(size_t)); /* Although HCRYPTPROV is not a HANDLE, it looks like @@ -561,7 +563,7 @@ release_crypt(void *p) } static int -fill_random_bytes_syscall(void *seed, size_t size, int unused) +fill_random_bytes_crypt(void *seed, size_t size) { static HCRYPTPROV perm_prov; HCRYPTPROV prov = perm_prov, old_prov; @@ -588,6 +590,24 @@ fill_random_bytes_syscall(void *seed, size_t size, int unused) CryptGenRandom(prov, size, seed); return 0; } +# else +# define fill_random_bytes_crypt(seed, size) -1 +# endif + +static int +fill_random_bytes_bcrypt(void *seed, size_t size) +{ + if (!BCryptGenRandom(NULL, seed, size, BCRYPT_USE_SYSTEM_PREFERRED_RNG)) + return 0; + return -1; +} + +static int +fill_random_bytes_syscall(void *seed, size_t size, int unused) +{ + if (fill_random_bytes_bcrypt(seed, size) == 0) return 0; + return fill_random_bytes_crypt(seed, size); +} #elif defined HAVE_GETRANDOM static int fill_random_bytes_syscall(void *seed, size_t size, int need_secure) diff --git a/win32/Makefile.sub b/win32/Makefile.sub index a610577603..2aef63985b 100644 --- a/win32/Makefile.sub +++ b/win32/Makefile.sub @@ -277,7 +277,7 @@ LIBS = user32.lib advapi32.lib shell32.lib ws2_32.lib !if $(MSC_VER) >= 1400 LIBS = $(LIBS) iphlpapi.lib !endif -LIBS = $(LIBS) imagehlp.lib shlwapi.lib $(EXTLIBS) +LIBS = $(LIBS) imagehlp.lib shlwapi.lib bcrypt.lib $(EXTLIBS) !endif !if !defined(MISSING) MISSING = crypt.obj ffs.obj langinfo.obj lgamma_r.obj strlcat.obj strlcpy.obj win32/win32.obj win32/file.obj setproctitle.obj -- cgit v1.2.3