static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
if (capi_idx < 0)
goto memerr;
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
/* Setup RSA_METHOD */
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_rsa_meth = RSA_PKCS1_SSLeay();
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
}
ctx = capi_ctx_new();
if (!ctx)
goto memerr;
ENGINE_set_ex_data(e, capi_idx, ctx);
# ifdef OPENSSL_CAPIENG_DIALOG
{
HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
if (cryptui)
ctx->certselectdlg =
(CERTDLG) GetProcAddress(cryptui,
"CryptUIDlgSelectCertificateFromStore");
if (kernel)
ctx->getconswindow =
(GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
if (cryptui && !OPENSSL_isservice())
ctx->client_cert_select = cert_select_dialog;
}
# endif
return 1;
memerr:
CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
return 0;
return 1;
}
void OPENSSL_showfatal (const char *fmta,...)
{ va_list ap;
TCHAR buf[256];
const TCHAR *fmt;
#ifdef STD_ERROR_HANDLE /* what a dirty trick! */
HANDLE h;
if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
GetFileType(h)!=FILE_TYPE_UNKNOWN)
{ /* must be console application */
va_start (ap,fmta);
#ifndef OPENSSL_SYS_WINDOWS
TINYCLR_SSL_PRINTF(fmta,ap);
#else
vfprintf (OPENSSL_TYPE__FILE_STDERR,fmta,ap);
#endif
va_end (ap);
return;
}
#endif
if (sizeof(TCHAR)==sizeof(char))
fmt=(const TCHAR *)fmta;
else do
{ int keepgoing;
size_t len_0=TINYCLR_SSL_STRLEN(fmta)+1,i;
WCHAR *fmtw;
#ifdef _MSC_VER
fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
#else
fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
#endif
if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
#ifndef OPENSSL_NO_MULTIBYTE
if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
#endif
for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
for (i=0;i<len_0;i++)
{ if (fmtw[i]==L'%') do
{ keepgoing=0;
switch (fmtw[i+1])
{ case L'0': case L'1': case L'2': case L'3': case L'4':
case L'5': case L'6': case L'7': case L'8': case L'9':
case L'.': case L'*':
case L'-': i++; keepgoing=1; break;
case L's': fmtw[i+1]=L'S'; break;
case L'S': fmtw[i+1]=L's'; break;
case L'c': fmtw[i+1]=L'C'; break;
case L'C': fmtw[i+1]=L'c'; break;
}
} while (keepgoing);
}
fmt = (const TCHAR *)fmtw;
} while (0);
va_start (ap,fmta);
_vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
va_end (ap);
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
DeregisterEventSource(h);
}
else
#endif
MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
}
int RAND_poll(void)
{
MEMORYSTATUS m;
HCRYPTPROV hProvider = 0;
DWORD w;
int good = 0;
/* Determine the OS version we are on so we can turn off things
* that do not work properly.
*/
OSVERSIONINFO osverinfo ;
osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
GetVersionEx( &osverinfo ) ;
#if defined(OPENSSL_SYS_WINCE)
# if defined(_WIN32_WCE) && _WIN32_WCE>=300
/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
* in commonly available implementations prior 300... */
{
BYTE buf[64];
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (CryptGenRandom(hProvider, sizeof(buf), buf))
RAND_add(buf, sizeof(buf), sizeof(buf));
CryptReleaseContext(hProvider, 0);
}
}
# endif
#else /* OPENSSL_SYS_WINCE */
/*
* None of below libraries are present on Windows CE, which is
* why we #ifndef the whole section. This also excuses us from
* handling the GetProcAddress issue. The trouble is that in
* real Win32 API GetProcAddress is available in ANSI flavor
* only. In WinCE on the other hand GetProcAddress is a macro
* most commonly defined as GetProcAddressW, which accepts
* Unicode argument. If we were to call GetProcAddress under
* WinCE, I'd recommend to either redefine GetProcAddress as
* GetProcAddressA (there seem to be one in common CE spec) or
* implement own shim routine, which would accept ANSI argument
* and expand it to Unicode.
*/
{
/* load functions dynamically - not available on all systems */
HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
HMODULE user = NULL;
HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
CRYPTACQUIRECONTEXTW acquire = NULL;
CRYPTGENRANDOM gen = NULL;
CRYPTRELEASECONTEXT release = NULL;
NETSTATGET netstatget = NULL;
NETFREE netfree = NULL;
BYTE buf[64];
if (netapi)
{
netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
}
if (netstatget && netfree)
{
LPBYTE outbuf;
/* NetStatisticsGet() is a Unicode only function
* STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
* contains 17 fields. We treat each field as a source of
* one byte of entropy.
*/
if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
{
RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
netfree(outbuf);
}
if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
{
RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
netfree(outbuf);
}
}
if (netapi)
FreeLibrary(netapi);
/* It appears like this can cause an exception deep within ADVAPI32.DLL
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
/* Wolfgang Marczy <*****@*****.**> reports that
* the RegQueryValueEx call below can hang on NT4.0 (SP6).
* So we don't use this at all for now. */
#if 0
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
/* Read Performance Statistics from NT/2000 registry
* The size of the performance data can vary from call
* to call so we must guess the size of the buffer to use
* and increase its size if we get an ERROR_MORE_DATA
* return instead of ERROR_SUCCESS.
*/
LONG rc=ERROR_MORE_DATA;
char * buf=NULL;
DWORD bufsz=0;
DWORD length;
while (rc == ERROR_MORE_DATA)
{
buf = realloc(buf,bufsz+8192);
if (!buf)
break;
bufsz += 8192;
length = bufsz;
rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
NULL, NULL, buf, &length);
}
if (rc == ERROR_SUCCESS)
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
*/
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
/* Close the Registry Key to allow Windows to cleanup/close
* the open handle
* Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
* when the RegQueryValueEx above is done. However, if
* it is not explicitly closed, it can cause disk
* partition manipulation problems.
*/
RegCloseKey(HKEY_PERFORMANCE_DATA);
}
if (buf)
free(buf);
}
#endif
if (advapi)
{
/*
* If it's available, then it's available in both ANSI
* and UNICODE flavors even in Win9x, documentation says.
* We favor Unicode...
*/
acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
"CryptAcquireContextW");
gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
"CryptGenRandom");
release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
"CryptReleaseContext");
}
if (acquire && gen && release)
{
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), 0);
good = 1;
#if 0
printf("randomness from PROV_RSA_FULL\n");
#endif
}
release(hProvider, 0);
}
/* poll the Pentium PRG with CryptoAPI */
if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), sizeof(buf));
good = 1;
#if 0
printf("randomness from PROV_INTEL_SEC\n");
#endif
}
release(hProvider, 0);
}
}
if (advapi)
FreeLibrary(advapi);
if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
!OPENSSL_isservice()) &&
(user = LoadLibrary(TEXT("USER32.DLL"))))
{
GETCURSORINFO cursor;
GETFOREGROUNDWINDOW win;
GETQUEUESTATUS queue;
win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
if (win)
{
/* window handle */
HWND h = win();
RAND_add(&h, sizeof(h), 0);
}
if (cursor)
{
/* unfortunately, its not safe to call GetCursorInfo()
* on NT4 even though it exists in SP3 (or SP6) and
* higher.
*/
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
cursor = 0;
}
if (cursor)
{
/* cursor position */
/* assume 2 bytes of entropy */
CURSORINFO ci;
ci.cbSize = sizeof(CURSORINFO);
if (cursor(&ci))
RAND_add(&ci, ci.cbSize, 2);
}
if (queue)
{
/* message queue status */
/* assume 1 byte of entropy */
w = queue(QS_ALLEVENTS);
RAND_add(&w, sizeof(w), 1);
}
FreeLibrary(user);
}
/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
* http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
* (Win 9x and 2000 only, not available on NT)
*
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
*/
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
HEAP32NEXT heap_next;
HEAP32LIST heaplist_first, heaplist_next;
PROCESS32 process_first, process_next;
THREAD32 thread_first, thread_next;
MODULE32 module_first, module_next;
HEAPLIST32 hlist;
HEAPENTRY32 hentry;
PROCESSENTRY32 p;
THREADENTRY32 t;
MODULEENTRY32 m;
DWORD starttime = 0;
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CreateToolhelp32Snapshot");
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CloseToolhelp32Snapshot");
heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
if (snap && heap_first && heap_next && heaplist_first &&
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
!= INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
* each entry. Consider each field a source of 1 byte
* of entropy.
* HEAPENTRY32 contains 5 fields that will change with
* each entry. Consider each field a source of 1 byte
* of entropy.
*/
ZeroMemory(&hlist, sizeof(HEAPLIST32));
hlist.dwSize = sizeof(HEAPLIST32);
if (good) starttime = GetTickCount();
#ifdef _MSC_VER
if (heaplist_first(handle, &hlist))
{
/*
following discussion on dev ML, exception on WinCE (or other Win
platform) is theoretically of unknown origin; prevent infinite
loop here when this theoretical case occurs; otherwise cope with
the expected (MSDN documented) exception-throwing behaviour of
Heap32Next() on WinCE.
based on patch in original message by Tanguy Fautré (2009/03/02)
Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
*/
int ex_cnt_limit = 42;
do
{
RAND_add(&hlist, hlist.dwSize, 3);
__try
{
ZeroMemory(&hentry, sizeof(HEAPENTRY32));
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
{
int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
while (heap_next(&hentry)
&& (!good || (GetTickCount()-starttime)<MAXDELAY)
&& --entrycnt > 0);
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
/* ignore access violations when walking the heap list */
ex_cnt_limit--;
}
} while (heaplist_next(handle, &hlist)
&& (!good || (GetTickCount()-starttime)<MAXDELAY)
&& ex_cnt_limit > 0);
}
#else
if (heaplist_first(handle, &hlist))
{
do
{
RAND_add(&hlist, hlist.dwSize, 3);
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
{
int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
while (heap_next(&hentry)
&& --entrycnt > 0);
}
} while (heaplist_next(handle, &hlist)
&& (!good || (GetTickCount()-starttime)<MAXDELAY));
}
#endif
/* process walking */
/* PROCESSENTRY32 contains 9 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
p.dwSize = sizeof(PROCESSENTRY32);
if (good) starttime = GetTickCount();
if (process_first(handle, &p))
do
RAND_add(&p, p.dwSize, 9);
while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
/* thread walking */
/* THREADENTRY32 contains 6 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
t.dwSize = sizeof(THREADENTRY32);
if (good) starttime = GetTickCount();
if (thread_first(handle, &t))
do
RAND_add(&t, t.dwSize, 6);
while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
/* module walking */
/* MODULEENTRY32 contains 9 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
m.dwSize = sizeof(MODULEENTRY32);
if (good) starttime = GetTickCount();
if (module_first(handle, &m))
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m)
&& (!good || (GetTickCount()-starttime)<MAXDELAY));
if (close_snap)
close_snap(handle);
else
CloseHandle(handle);
}
FreeLibrary(kernel);
}
static void readscreen(void)
{
#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
HDC hScrDC; /* screen DC */
HDC hMemDC; /* memory DC */
HBITMAP hBitmap; /* handle for our bitmap */
HBITMAP hOldBitmap; /* handle for previous bitmap */
BITMAP bm; /* bitmap properties */
unsigned int size; /* size of bitmap */
char *bmbits; /* contents of bitmap */
int w; /* screen width */
int h; /* screen height */
int y; /* y-coordinate of screen lines to grab */
int n = 16; /* number of screen lines to grab at a time */
if (GetVersion() >= 0x80000000 || !OPENSSL_isservice())
return;
/* Create a screen DC and a memory DC compatible to screen DC */
hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
hMemDC = CreateCompatibleDC(hScrDC);
/* Get screen resolution */
w = GetDeviceCaps(hScrDC, HORZRES);
h = GetDeviceCaps(hScrDC, VERTRES);
/* Create a bitmap compatible with the screen DC */
hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
/* Select new bitmap into memory DC */
hOldBitmap = SelectObject(hMemDC, hBitmap);
/* Get bitmap properties */
GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
bmbits = OPENSSL_malloc(size);
if (bmbits) {
/* Now go through the whole screen, repeatedly grabbing n lines */
for (y = 0; y < h-n; y += n)
{
unsigned char md[MD_DIGEST_LENGTH];
/* Bitblt screen DC to memory DC */
BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
/* Copy bitmap bits from memory DC to bmbits */
GetBitmapBits(hBitmap, size, bmbits);
/* Get the hash of the bitmap */
MD(bmbits,size,md);
/* Seed the random generator with the hash value */
RAND_add(md, MD_DIGEST_LENGTH, 0);
}
OPENSSL_free(bmbits);
}
/* Select old bitmap back into memory DC */
hBitmap = SelectObject(hMemDC, hOldBitmap);
/* Clean up */
DeleteObject(hBitmap);
DeleteDC(hMemDC);
DeleteDC(hScrDC);
#endif /* !OPENSSL_SYS_WINCE */
}