From: Gerry Garvey <ggarvey@gmx.com>
Date: Sat, 1 Aug 2020 15:10:48 +0000 (+0100)
Subject: Convert from WinCrypt to Windows BCrypt
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=eb7bed03c4ba38838b48064fa870334d1bfd517c;p=libevent

Convert from WinCrypt to Windows BCrypt

Fixes: #1069
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 89f0ca32..5a296216 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -340,7 +340,7 @@ endif()
 
 # Winsock.
 if(WIN32)
-    set(CMAKE_REQUIRED_LIBRARIES  ws2_32 shell32 advapi32)
+    set(CMAKE_REQUIRED_LIBRARIES  ws2_32 shell32 advapi32 bcrypt)
     set(CMAKE_REQUIRED_DEFINITIONS -FIwinsock2.h -FIws2tcpip.h -D_WIN32_WINNT=0x0600)
 endif()
 if (SOLARIS)
@@ -935,7 +935,7 @@ if(WIN32)
     list(APPEND HDR_PRIVATE WIN32-Code/getopt.h)
 
     set(EVENT__DNS_USE_FTIME_FOR_ID 1)
-    set(LIB_PLATFORM ws2_32 shell32 advapi32)
+    set(LIB_PLATFORM ws2_32 shell32 advapi32 bcrypt)
     add_definitions(
             -D_CRT_SECURE_NO_WARNINGS
             -D_CRT_NONSTDC_NO_DEPRECATE)
diff --git a/Makefile.am b/Makefile.am
index 14a1ea68..5c97c375 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -183,7 +183,7 @@ include test/include.am
 if BUILD_WIN32
 
 SYS_CORE_LIBS = -liphlpapi
-SYS_LIBS = -lws2_32 -lshell32 -ladvapi32
+SYS_LIBS = -lws2_32 -lshell32 -ladvapi32 -lbcrypt
 SYS_SRC = win32select.c buffer_iocp.c event_iocp.c \
 	bufferevent_async.c
 SYS_INCLUDES = -IWIN32-Code
diff --git a/arc4random.c b/arc4random.c
index 9a00ea2c..cde22d0a 100644
--- a/arc4random.c
+++ b/arc4random.c
@@ -52,7 +52,7 @@
 #ifndef ARC4RANDOM_NO_INCLUDES
 #include "evconfig-private.h"
 #ifdef _WIN32
-#include <wincrypt.h>
+#include <bcrypt.h>
 #include <process.h>
 #include <winerror.h>
 #else
@@ -149,20 +149,10 @@ read_all(int fd, unsigned char *buf, size_t count)
 static int
 arc4_seed_win32(void)
 {
-	/* This is adapted from Tor's crypto_seed_rng() */
-	static int provider_set = 0;
-	static HCRYPTPROV provider;
 	unsigned char buf[ADD_ENTROPY];
 
-	if (!provider_set) {
-		if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
-		    CRYPT_VERIFYCONTEXT)) {
-			if (GetLastError() != (DWORD)NTE_BAD_KEYSET)
-				return -1;
-		}
-		provider_set = 1;
-	}
-	if (!CryptGenRandom(provider, sizeof(buf), buf))
+	if (BCryptGenRandom(NULL, buf, sizeof(buf),
+		BCRYPT_USE_SYSTEM_PREFERRED_RNG))
 		return -1;
 	arc4_addrandom(buf, sizeof(buf));
 	evutil_memclear_(buf, sizeof(buf));
diff --git a/include/event2/util.h b/include/event2/util.h
index 4cedfc3f..43955bf6 100644
--- a/include/event2/util.h
+++ b/include/event2/util.h
@@ -819,7 +819,7 @@ const char *evutil_gai_strerror(int err);
  *
  * Current versions of Libevent use an ARC4-based random number generator,
  * seeded using the platform's entropy source (/dev/urandom on Unix-like
- * systems; CryptGenRandom on Windows).  This is not actually as secure as it
+ * systems; BCryptGenRandom on Windows). This is not actually as secure as it
  * should be: ARC4 is a pretty lousy cipher, and the current implementation
  * provides only rudimentary prediction- and backtracking-resistance.  Don't
  * use this for serious cryptographic applications.