Re: [PATCH] avail of Pentium hardware RNG (at least minimally) on Windoze

agray Fri, 04 Aug 2000 10:00:36 -0700
This may not be a good idea in the long run - not due to its intended
purpose, but due to conflicting function calls between crypt32 on
windows2000 and within libeay on the win2k platform.  I've noticed them
within the win2k sdk and if NOCRYPT is not defined the build will fail
on 2k using the crypt32.lib or (dll) for win2k.  Do a dev archive search
for "NOCRYPT" to find the conflicting functions.  I suppose one could
load explicitly crypt32.dll at runtime make the calls then unload.  
In addition this would break builds on alphas running NT.

Andrew

"Penney, Jason" wrote:
> 
> Baseline: 0.9.5a
> 
> The new generation of Pentiums coming out on the market have a genuine
> (hardware) RNG
> built into them.
> 
> On Windows, at least, let the CryptoAPI initialize the random number
> generator.  TODO:
> when the new Pentiums are widespread, they should be used in place of
> md_rand for RNG in
> all cases...
> 
> *** md_rand.c.orig      Sat Jul  1 19:48:43 2000
> --- md_rand.c   Sat Jul  1 19:36:50 2000
> ***************
> *** 181,186 ****
> --- 181,193 ----
>   #define       MD(a,b,c)               MD2(a,b,c)
>   #endif
> 
> + #ifdef WIN32
> + /* use the wincrypt API.  On a newer pentium, this gives us a
> hardware RNG */
> + #define _WIN32_WINNT 0x400    /* oddly missing??? */
> + #include <windows.h>
> + #include <wincrypt.h>
> + #endif
> +
>   #include <openssl/rand.h>
> 
>   #ifdef BN_DEBUG
> ***************
> *** 401,406 ****
> --- 408,435 ----
>                 memset(tmpbuf,0,n);
>                 }
>   #endif
> + #ifdef WIN32
> + {
> +               HCRYPTPROV hProv;
> +               unsigned char tmpbuf[ENTROPY_NEEDED];
> +
> +               if (CryptAcquireContext(&hProv, NULL, NULL,
> PROV_RSA_FULL,
> +                       CRYPT_VERIFYCONTEXT|CRYPT_NEWKEYSET) == 0) {
> +                 fprintf(stderr, "CryptAcquireContext failed: %0x\n",
> 
> +                       GetLastError());
> +                 return;
> +                 }
> +               if (CryptGenRandom(hProv, sizeof tmpbuf, tmpbuf) == 0)
> {
> +                 fprintf(stderr, "CryptGenRandom failed: %0x\n",
> +                       GetLastError());
> +                 return;
> +                 }
> +               /* TODO: if it really is a hardware RNG, use it all
> the time */
> +               RAND_add(tmpbuf,sizeof tmpbuf, sizeof tmpbuf);
> +               memset(tmpbuf,0, sizeof tmpbuf);
> +               CryptReleaseContext(hProv, 0);
> + }
> + #endif /* WIN32 */
>   #ifdef PURIFY
>         memset(state,0,STATE_SIZE);
>         memset(md,0,MD_DIGEST_LENGTH);
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: [PATCH] avail of Pentium hardware RNG (at least minimally) on Windoze

Reply via email to
