Randomness polling function for Win9x.

2000-07-19 21:35:35 +00:00 · 2000-07-19 21:35:35 +00:00 · c0722725f9
commit c0722725f9
parent 25063f1d9b
3 changed files with 333 additions and 60 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@
 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
  *) Randomness polling function for Win9x, as described in:
     Peter Gutmann, Software Generation of Practically Strong
     Random Numbers.
     [Ulf Möller]
  *) Fix so PRNG is seeded in req if using an already existing
     DSA key.
     [Steve Henson]
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@ -91,7 +91,8 @@ const char *RAND_file_name(char *file,int num);
 int RAND_status(void);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
-void ERR_load_RAND_strings(void);
+void ERR_load_RAND_strings(void);
 int RAND_poll(void);
 #ifdef  __cplusplus
 }
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@ -1,3 +1,4 @@
 #define DEBUG
 /* crypto/rand/rand_win.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
@ -109,51 +110,246 @@
 *
 */
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 #if defined(WINDOWS) || defined(WIN32)
 #include "cryptlib.h"
 #include <windows.h>
-#include <openssl/rand.h>
+#ifndef _WIN32_WINNT
-/* XXX There are probably other includes missing here ... */
+# define _WIN32_WINNT 0x0400
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #if !defined(NO_SHA) && !defined(NO_SHA1)
 #define USE_SHA1_RAND
 #elif !defined(NO_MD5)
 #define USE_MD5_RAND
 #elif !defined(NO_MDC2) && !defined(NO_DES)
 #define USE_MDC2_RAND
 #elif !defined(NO_MD2)
 #define USE_MD2_RAND
 #else
 #error No message digest algorithm available
 #endif
 #include <wincrypt.h>
 #include <tlhelp32.h>
 /* Intel hardware RNG CSP -- available from
 * http://developer.intel.com/design/security/rng/redist_license.htm
 */
 #define PROV_INTEL_SEC 22
 #define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
 static void readtimer(void);
 static void readscreen(void);
 typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
 				    DWORD, DWORD);
 typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
 typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
 typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
 typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
 typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
 typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
 typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
 typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
 typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
 typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 int RAND_poll(void)
 {
 	MEMORYSTATUS m;
 	HCRYPTPROV hProvider = 0;
 	BYTE buf[64];
 	DWORD w;
 	HWND h;
 	HMODULE advapi, kernel, user;
 	CRYPTACQUIRECONTEXT acquire;
 	CRYPTGENRANDOM gen;
 	CRYPTRELEASECONTEXT release;
 	/* load functions dynamically - not available on all systems */
 	advapi = GetModuleHandle("ADVAPI32.DLL");
 	kernel = GetModuleHandle("KERNEL32.DLL");
 	user = GetModuleHandle("USER32.DLL");
 	if (advapi)
 		{
 		acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
 			"CryptAcquireContextA");
 		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
 			"CryptGenRandom");
 		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
 			"CryptReleaseContext");
 		}
 	if (acquire && gen && release)
 		{
 		/* poll the CryptoAPI PRNG */
 		if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
 			CRYPT_VERIFYCONTEXT))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
 				RAND_add(buf, sizeof(buf), 0);
 #ifdef DEBUG
 				printf("randomness from PROV_RSA_FULL\n");
 #endif
 				}
 			release(hProvider, 0); 
 			}
 		/* poll the Pentium PRG with CryptoAPI */
 		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
 				RAND_add(buf, sizeof(buf), 0);
 #ifdef DEBUG
 				printf("randomness from PROV_INTEL_SEC\n");
 #endif
 				}
 			release(hProvider, 0);
 			}
 		}
 	/* timer data */
 	readtimer();
 	/* memory usage statistics */
 	GlobalMemoryStatus(&m);
 	RAND_add(&m, sizeof(m), 1);
 	/* process ID */
 	w = GetCurrentProcessId();
 	RAND_add(&w, sizeof(w), 0);
 	if (user)
 		{
 		GETCURSORINFO cursor;
 		GETFOREGROUNDWINDOW win;
 		GETQUEUESTATUS queue;
 		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
 		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
 		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
 		if (win)
 		{
 			/* window handle */
 			h = win();
 			RAND_add(&h, sizeof(h), 0);
 		}
 		if (cursor)
 			{
 			/* cursor position */
 			cursor(buf);
 			RAND_add(buf, sizeof(buf), 0);
 			}
 		if (queue)
 			{
 			/* message queue status */
 			w = queue(QS_ALLEVENTS);
 			RAND_add(&w, sizeof(w), 0);
 			}
 		}
 	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
 	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
 	 * (Win 9x only, not available on NT)
 	 *
 	 * This seeding method was proposed in Peter Gutmann, Software
 	 * Generation of Practically Strong Random Numbers,
 	 * http://www.somewhere.nzhttp://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf
 	 * (The assignment of entropy estimates below is arbitrary, but based
 	 * on Peter's analysis the full poll appears to be safe. Additional
 	 * interactive seeding is encouraged.)
 	 */
 	if (kernel)
 		{
 		CREATETOOLHELP32SNAPSHOT snap;
 		HANDLE handle;
 		HEAP32FIRST heap_first;
 		HEAP32NEXT heap_next;
 		HEAP32LIST heaplist_first, heaplist_next;
 		PROCESS32 process_first, process_next;
 		THREAD32 thread_first, thread_next;
 		MODULE32 module_first, module_next;
 		HEAPLIST32 hlist;
 		HEAPENTRY32 hentry;
 		PROCESSENTRY32 p;
 		THREADENTRY32 t;
 		MODULEENTRY32 m;
 		snap = (CREATETOOLHELP32SNAPSHOT)
 		  GetProcAddress(kernel, "CreateToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
 		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
 		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
 		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
 		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
 		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
 		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
 		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
 		if (snap && heap_first && heap_next && heaplist_first &&
 			heaplist_next && process_first && process_next &&
 			thread_first && thread_next && module_first &&
 			module_next && (handle = snap(TH32CS_SNAPALL,0))
 			!= NULL)
 			{
 			/* heap list and heap walking */
 			hlist.dwSize = sizeof(HEAPLIST32);		
 			if (heaplist_first(handle, &hlist))
 				do
 					{
 					RAND_add(&hlist, hlist.dwSize, 0);
 					hentry.dwSize = sizeof(HEAPENTRY32);
 					if (heap_first(&hentry,
 						hlist.th32ProcessID,
 						hlist.th32HeapID))
 						do
 							RAND_add(&hentry,
 								hentry.dwSize, 0);
 						while (heap_next(&hentry));
 					} while (heaplist_next(handle,
 						&hlist));
 			/* process walking */
 			p.dwSize = sizeof(PROCESSENTRY32);
 			if (process_first(handle, &p))
 				do
 					RAND_add(&p, p.dwSize, 0);
 				while (process_next(handle, &p));
 			/* thread walking */
 			t.dwSize = sizeof(THREADENTRY32);
 			if (thread_first(handle, &t))
 				do
 					RAND_add(&t, t.dwSize, 0);
 				while (thread_next(handle, &t));
 			/* module walking */
 			m.dwSize = sizeof(MODULEENTRY32);
 			if (module_first(handle, &m))
 				do
 					RAND_add(&m, m.dwSize, 1);
 				while (module_next(handle, &m));
 			CloseHandle(handle);
 			}
 		}
 #ifdef DEBUG
 	printf("Exiting RAND_poll\n");
 #endif
-#if defined(USE_MD5_RAND)
+	return(1);
-#include <openssl/md5.h>
+}
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
 #define	MD(a,b,c)		MD5(a,b,c)
 #elif defined(USE_SHA1_RAND)
 #include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
 #define	MD(a,b,c)		SHA1(a,b,c)
 #elif defined(USE_MDC2_RAND)
 #include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
 #define	MD(a,b,c)		MDC2(a,b,c)
 #elif defined(USE_MD2_RAND)
 #include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
 #define	MD(a,b,c)		MD2(a,b,c)
 #endif
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
        {
        double add_entropy=0;
        SYSTEMTIME t;
        switch (iMsg)
                {
@ -182,19 +378,61 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 		break;
 		}
-        GetSystemTime(&t);
+	readtimer();
        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
 	RAND_add(&wParam, sizeof(wParam), 0);
 	RAND_add(&lParam, sizeof(lParam), 0);
-        RAND_add(&t, sizeof(t), 0);
+ 
 	return (RAND_status());
 	}
 void RAND_screen(void) /* function available for backward compatibility */
 {
 	RAND_poll();
 	readscreen();
 }
 /* feed timing information to the PRNG */
 static void readtimer(void)
 {
 	DWORD w, cyclecount;
 	LARGE_INTEGER l;
 	static int have_perfc = 1;
 #ifndef __GNUC__
 	static int have_tsc = 1;
 	if (have_tsc) {
 	  __try {
 	    __asm {
 	      rdtsc
 	      mov cyclecount, eax
 	      }
 	    RAND_add(&cyclecount, sizeof(cyclecount), 1);
 	  } __except(EXCEPTION_EXECUTE_HANDLER) {
 	    have_tsc = 0;
 	  }
 	}
 #else
 # define have_tsc 0
 #endif
 	if (have_perfc) {
 	  if (QueryPerformanceCounter(&l) == 0)
 	    have_perfc = 0;
 	  else
 	    RAND_add(&l, sizeof(l), 0);
 	}
 	if (!have_tsc && !have_perfc) {
 	  w = GetTickCount();
 	  RAND_add(&w, sizeof(w), 0);
 	}
 }
 /* feed screen contents to PRNG */
 /*****************************************************************************
 * Initialisation function for the SSL random generator.  Takes the contents
 * of the screen as random seed.
 *
 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
 *
@ -210,18 +448,8 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 *   Microsoft has no warranty obligations or liability for any
 *   Sample Application Files which are modified.
 */
-/*
+
- * I have modified the loading of bytes via RAND_seed() mechanism since
+static void readscreen(void)
 * the original would have been very very CPU intensive since RAND_seed()
 * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
 * as that to digest 56 bytes.  So under the old system, a screen of
 * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
 * digests or digesting 2.7 mbytes.  What I have put in place would
 * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
 * or about 3.5 times as much.
 * - eric 
 */
 void RAND_screen(void)
 {
  HDC		hScrDC;		/* screen DC */
  HDC		hMemDC;		/* memory DC */
@ -266,11 +494,11 @@ void RAND_screen(void)
 	/* Copy bitmap bits from memory DC to bmbits */
 	GetBitmapBits(hBitmap, size, bmbits);
-	/* Get the MD5 of the bitmap */
+	/* Get the hash of the bitmap */
 	MD(bmbits,size,md);
-	/* Seed the random generator with the MD5 digest */
+	/* Seed the random generator with the hash value */
-	RAND_seed(md, MD_DIGEST_LENGTH);
+	RAND_add(md, MD_DIGEST_LENGTH, 0);
 	}
    OPENSSL_free(bmbits);
@ -285,10 +513,49 @@ void RAND_screen(void)
  DeleteDC(hScrDC);
 }
-#else
+#else /* Unix version */
-# if PEDANTIC
+#include <time.h>
-static void *dummy=&dummy;
+
-# endif
+int RAND_poll(void)
 {
 	unsigned long l;
 	pid_t curr_pid = getpid();
 #ifdef DEVRANDOM
 	FILE *fh;
 #endif
 #ifdef DEVRANDOM
 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
 	 * have this. Use /dev/urandom if you can as /dev/random may block
 	 * if it runs out of random entries.  */
 	if ((fh = fopen(DEVRANDOM, "r")) != NULL)
 		{
 		unsigned char tmpbuf[ENTROPY_NEEDED];
 		int n;
 		setvbuf(fh, NULL, _IONBF, 0);
 		n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
 		fclose(fh);
 		RAND_add(tmpbuf,sizeof tmpbuf,n);
 		memset(tmpbuf,0,n);
 		}
 #endif
 	/* put in some default random data, we need more than just this */
 	l=curr_pid;
 	RAND_add(&l,sizeof(l),0);
 	l=getuid();
 	RAND_add(&l,sizeof(l),0);
 	l=time(NULL);
 	RAND_add(&l,sizeof(l),0);
 #ifdef DEVRANDOM
 	return 1;
 #endif
 	return 0;
 }
 #endif