From fa64e63373fbc845a39907407ad990a6bbb84174 Mon Sep 17 00:00:00 2001
From: Mat <mberchtold@gmail.com>
Date: Sun, 29 May 2016 20:23:22 +0200
Subject: [PATCH] Use BCryptGenRandom on Windows 7 or higher

When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.

This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
---
 crypto/rand/rand_win.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 46cbe1494c..2ddac8a0f8 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -13,27 +13,38 @@
 
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
-# ifndef _WIN32_WINNT
-#  define _WIN32_WINNT 0x0400
-# endif
-# include <wincrypt.h>
-
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+#  include <bcrypt.h>
+#  pragma comment(lib, "bcrypt.lib")
+# else
+#  ifndef _WIN32_WINNT
+#   define _WIN32_WINNT 0x0400
+#  endif
+#  include <wincrypt.h>
 /*
  * Intel hardware RNG CSP -- available from
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
-# define PROV_INTEL_SEC 22
-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
 
 static void readtimer(void);
 
 int RAND_poll(void)
 {
     MEMORYSTATUS mst;
+# if !(defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601)
     HCRYPTPROV hProvider = 0;
+# endif
     DWORD w;
     BYTE buf[64];
 
+# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601
+    if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == 0) {
+        RAND_add(buf, sizeof(buf), sizeof(buf));
+    }
+# else
     /* poll the CryptoAPI PRNG */
     /* The CryptoAPI returns sizeof(buf) bytes of randomness */
     if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
@@ -50,6 +61,7 @@ int RAND_poll(void)
         }
         CryptReleaseContext(hProvider, 0);
     }
+# endif
 
     /* timer data */
     readtimer();
-- 
2.25.1