static int capi_init(ENGINE *e) { CAPI_CTX *ctx; const RSA_METHOD *ossl_rsa_meth; const DSA_METHOD *ossl_dsa_meth; if (capi_idx < 0) { capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); if (capi_idx < 0) goto memerr; cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); /* Setup RSA_METHOD */ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_rsa_meth = RSA_PKCS1_SSLeay(); capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; /* Setup DSA Method */ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_dsa_meth = DSA_OpenSSL(); capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; } ctx = capi_ctx_new(); if (!ctx) goto memerr; ENGINE_set_ex_data(e, capi_idx, ctx); # ifdef OPENSSL_CAPIENG_DIALOG { HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL")); if (cryptui) ctx->certselectdlg = (CERTDLG) GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore"); if (kernel) ctx->getconswindow = (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow"); if (cryptui && !OPENSSL_isservice()) ctx->client_cert_select = cert_select_dialog; } # endif return 1; memerr: CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); return 0; return 1; }
void OPENSSL_showfatal (const char *fmta,...) { va_list ap; TCHAR buf[256]; const TCHAR *fmt; #ifdef STD_ERROR_HANDLE /* what a dirty trick! */ HANDLE h; if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && GetFileType(h)!=FILE_TYPE_UNKNOWN) { /* must be console application */ va_start (ap,fmta); #ifndef OPENSSL_SYS_WINDOWS TINYCLR_SSL_PRINTF(fmta,ap); #else vfprintf (OPENSSL_TYPE__FILE_STDERR,fmta,ap); #endif va_end (ap); return; } #endif if (sizeof(TCHAR)==sizeof(char)) fmt=(const TCHAR *)fmta; else do { int keepgoing; size_t len_0=TINYCLR_SSL_STRLEN(fmta)+1,i; WCHAR *fmtw; #ifdef _MSC_VER fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); #else fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); #endif if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } #ifndef OPENSSL_NO_MULTIBYTE if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) #endif for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i]; for (i=0;i<len_0;i++) { if (fmtw[i]==L'%') do { keepgoing=0; switch (fmtw[i+1]) { case L'0': case L'1': case L'2': case L'3': case L'4': case L'5': case L'6': case L'7': case L'8': case L'9': case L'.': case L'*': case L'-': i++; keepgoing=1; break; case L's': fmtw[i+1]=L'S'; break; case L'S': fmtw[i+1]=L's'; break; case L'c': fmtw[i+1]=L'C'; break; case L'C': fmtw[i+1]=L'c'; break; } } while (keepgoing); } fmt = (const TCHAR *)fmtw; } while (0); va_start (ap,fmta); _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap); buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0'); va_end (ap); #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); DeregisterEventSource(h); } else #endif MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); }
int RAND_poll(void) { MEMORYSTATUS m; HCRYPTPROV hProvider = 0; DWORD w; int good = 0; /* Determine the OS version we are on so we can turn off things * that do not work properly. */ OSVERSIONINFO osverinfo ; osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 /* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available * in commonly available implementations prior 300... */ { BYTE buf[64]; /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (CryptGenRandom(hProvider, sizeof(buf), buf)) RAND_add(buf, sizeof(buf), sizeof(buf)); CryptReleaseContext(hProvider, 0); } } # endif #else /* OPENSSL_SYS_WINCE */ /* * None of below libraries are present on Windows CE, which is * why we #ifndef the whole section. This also excuses us from * handling the GetProcAddress issue. The trouble is that in * real Win32 API GetProcAddress is available in ANSI flavor * only. In WinCE on the other hand GetProcAddress is a macro * most commonly defined as GetProcAddressW, which accepts * Unicode argument. If we were to call GetProcAddress under * WinCE, I'd recommend to either redefine GetProcAddress as * GetProcAddressA (there seem to be one in common CE spec) or * implement own shim routine, which would accept ANSI argument * and expand it to Unicode. */ { /* load functions dynamically - not available on all systems */ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); HMODULE user = NULL; HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); CRYPTACQUIRECONTEXTW acquire = NULL; CRYPTGENRANDOM gen = NULL; CRYPTRELEASECONTEXT release = NULL; NETSTATGET netstatget = NULL; NETFREE netfree = NULL; BYTE buf[64]; if (netapi) { netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); } if (netstatget && netfree) { LPBYTE outbuf; /* NetStatisticsGet() is a Unicode only function * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 * contains 17 fields. We treat each field as a source of * one byte of entropy. */ if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); netfree(outbuf); } if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); netfree(outbuf); } } if (netapi) FreeLibrary(netapi); /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ /* Wolfgang Marczy <*****@*****.**> reports that * the RegQueryValueEx call below can hang on NT4.0 (SP6). * So we don't use this at all for now. */ #if 0 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) { /* Read Performance Statistics from NT/2000 registry * The size of the performance data can vary from call * to call so we must guess the size of the buffer to use * and increase its size if we get an ERROR_MORE_DATA * return instead of ERROR_SUCCESS. */ LONG rc=ERROR_MORE_DATA; char * buf=NULL; DWORD bufsz=0; DWORD length; while (rc == ERROR_MORE_DATA) { buf = realloc(buf,bufsz+8192); if (!buf) break; bufsz += 8192; length = bufsz; rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), NULL, NULL, buf, &length); } if (rc == ERROR_SUCCESS) { /* For entropy count assume only least significant * byte of each DWORD is random. */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); /* Close the Registry Key to allow Windows to cleanup/close * the open handle * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened * when the RegQueryValueEx above is done. However, if * it is not explicitly closed, it can cause disk * partition manipulation problems. */ RegCloseKey(HKEY_PERFORMANCE_DATA); } if (buf) free(buf); } #endif if (advapi) { /* * If it's available, then it's available in both ANSI * and UNICODE flavors even in Win9x, documentation says. * We favor Unicode... */ acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, "CryptAcquireContextW"); gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom"); release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, "CryptReleaseContext"); } if (acquire && gen && release) { /* poll the CryptoAPI PRNG */ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); good = 1; #if 0 printf("randomness from PROV_RSA_FULL\n"); #endif } release(hProvider, 0); } /* poll the Pentium PRG with CryptoAPI */ if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) { if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); good = 1; #if 0 printf("randomness from PROV_INTEL_SEC\n"); #endif } release(hProvider, 0); } } if (advapi) FreeLibrary(advapi); if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { GETCURSORINFO cursor; GETFOREGROUNDWINDOW win; GETQUEUESTATUS queue; win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); if (win) { /* window handle */ HWND h = win(); RAND_add(&h, sizeof(h), 0); } if (cursor) { /* unfortunately, its not safe to call GetCursorInfo() * on NT4 even though it exists in SP3 (or SP6) and * higher. */ if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && osverinfo.dwMajorVersion < 5) cursor = 0; } if (cursor) { /* cursor position */ /* assume 2 bytes of entropy */ CURSORINFO ci; ci.cbSize = sizeof(CURSORINFO); if (cursor(&ci)) RAND_add(&ci, ci.cbSize, 2); } if (queue) { /* message queue status */ /* assume 1 byte of entropy */ w = queue(QS_ALLEVENTS); RAND_add(&w, sizeof(w), 1); } FreeLibrary(user); } /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm * (Win 9x and 2000 only, not available on NT) * * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) */ if (kernel) { CREATETOOLHELP32SNAPSHOT snap; CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; HEAP32FIRST heap_first; HEAP32NEXT heap_next; HEAP32LIST heaplist_first, heaplist_next; PROCESS32 process_first, process_next; THREAD32 thread_first, thread_next; MODULE32 module_first, module_next; HEAPLIST32 hlist; HEAPENTRY32 hentry; PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; DWORD starttime = 0; snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CreateToolhelp32Snapshot"); close_snap = (CLOSETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CloseToolhelp32Snapshot"); heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); if (snap && heap_first && heap_next && heaplist_first && heaplist_next && process_first && process_next && thread_first && thread_next && module_first && module_next && (handle = snap(TH32CS_SNAPALL,0)) != INVALID_HANDLE_VALUE) { /* heap list and heap walking */ /* HEAPLIST32 contains 3 fields that will change with * each entry. Consider each field a source of 1 byte * of entropy. * HEAPENTRY32 contains 5 fields that will change with * each entry. Consider each field a source of 1 byte * of entropy. */ ZeroMemory(&hlist, sizeof(HEAPLIST32)); hlist.dwSize = sizeof(HEAPLIST32); if (good) starttime = GetTickCount(); #ifdef _MSC_VER if (heaplist_first(handle, &hlist)) { /* following discussion on dev ML, exception on WinCE (or other Win platform) is theoretically of unknown origin; prevent infinite loop here when this theoretical case occurs; otherwise cope with the expected (MSDN documented) exception-throwing behaviour of Heap32Next() on WinCE. based on patch in original message by Tanguy Fautré (2009/03/02) Subject: RAND_poll() and CreateToolhelp32Snapshot() stability */ int ex_cnt_limit = 42; do { RAND_add(&hlist, hlist.dwSize, 3); __try { ZeroMemory(&hentry, sizeof(HEAPENTRY32)); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, hlist.th32HeapID)) { int entrycnt = 80; do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) && (!good || (GetTickCount()-starttime)<MAXDELAY) && --entrycnt > 0); } } __except (EXCEPTION_EXECUTE_HANDLER) { /* ignore access violations when walking the heap list */ ex_cnt_limit--; } } while (heaplist_next(handle, &hlist) && (!good || (GetTickCount()-starttime)<MAXDELAY) && ex_cnt_limit > 0); } #else if (heaplist_first(handle, &hlist)) { do { RAND_add(&hlist, hlist.dwSize, 3); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, hlist.th32HeapID)) { int entrycnt = 80; do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist) && (!good || (GetTickCount()-starttime)<MAXDELAY)); } #endif /* process walking */ /* PROCESSENTRY32 contains 9 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ p.dwSize = sizeof(PROCESSENTRY32); if (good) starttime = GetTickCount(); if (process_first(handle, &p)) do RAND_add(&p, p.dwSize, 9); while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY)); /* thread walking */ /* THREADENTRY32 contains 6 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ t.dwSize = sizeof(THREADENTRY32); if (good) starttime = GetTickCount(); if (thread_first(handle, &t)) do RAND_add(&t, t.dwSize, 6); while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY)); /* module walking */ /* MODULEENTRY32 contains 9 fields that will change * with each entry. Consider each field a source of * 1 byte of entropy. */ m.dwSize = sizeof(MODULEENTRY32); if (good) starttime = GetTickCount(); if (module_first(handle, &m)) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m) && (!good || (GetTickCount()-starttime)<MAXDELAY)); if (close_snap) close_snap(handle); else CloseHandle(handle); } FreeLibrary(kernel); }
static void readscreen(void) { #if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) HDC hScrDC; /* screen DC */ HDC hMemDC; /* memory DC */ HBITMAP hBitmap; /* handle for our bitmap */ HBITMAP hOldBitmap; /* handle for previous bitmap */ BITMAP bm; /* bitmap properties */ unsigned int size; /* size of bitmap */ char *bmbits; /* contents of bitmap */ int w; /* screen width */ int h; /* screen height */ int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) return; /* Create a screen DC and a memory DC compatible to screen DC */ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); /* Get screen resolution */ w = GetDeviceCaps(hScrDC, HORZRES); h = GetDeviceCaps(hScrDC, VERTRES); /* Create a bitmap compatible with the screen DC */ hBitmap = CreateCompatibleBitmap(hScrDC, w, n); /* Select new bitmap into memory DC */ hOldBitmap = SelectObject(hMemDC, hBitmap); /* Get bitmap properties */ GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; bmbits = OPENSSL_malloc(size); if (bmbits) { /* Now go through the whole screen, repeatedly grabbing n lines */ for (y = 0; y < h-n; y += n) { unsigned char md[MD_DIGEST_LENGTH]; /* Bitblt screen DC to memory DC */ BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); /* Copy bitmap bits from memory DC to bmbits */ GetBitmapBits(hBitmap, size, bmbits); /* Get the hash of the bitmap */ MD(bmbits,size,md); /* Seed the random generator with the hash value */ RAND_add(md, MD_DIGEST_LENGTH, 0); } OPENSSL_free(bmbits); } /* Select old bitmap back into memory DC */ hBitmap = SelectObject(hMemDC, hOldBitmap); /* Clean up */ DeleteObject(hBitmap); DeleteDC(hMemDC); DeleteDC(hScrDC); #endif /* !OPENSSL_SYS_WINCE */ }