diff --git a/ChangeLog.d/updated_windows_apis.txt b/ChangeLog.d/updated_windows_apis.txt new file mode 100644 index 0000000000..73b17df9da --- /dev/null +++ b/ChangeLog.d/updated_windows_apis.txt @@ -0,0 +1,9 @@ +Requirement changes + * Minimum required Windows version is now Windows Vista, or + Windows Server 2008. + +Changes + * Update Windows code to use BCryptGenRandom and wcslen, and + ensure that conversions between size_t, ULONG, and int are + always done safely. Original contribution by Kevin Kane #635, #730 + followed by Simon Butcher #1453. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 83204f35e8..62150779c4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -213,7 +213,7 @@ if(CMAKE_COMPILER_IS_MSVC) endif() if(WIN32) - set(libs ${libs} ws2_32) + set(libs ${libs} ws2_32 bcrypt) endif(WIN32) if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") diff --git a/library/Makefile b/library/Makefile index 69ccbfd2ce..c3d8615cb0 100644 --- a/library/Makefile +++ b/library/Makefile @@ -39,6 +39,10 @@ APPLE_BUILD ?= 1 endif endif +ifdef WINDOWS_BUILD +LOCAL_LDFLAGS += -lbcrypt +endif + # To compile as a shared library: ifdef SHARED # all code is position-indep with mingw, avoid warning about useless flag diff --git a/library/entropy_poll.c b/library/entropy_poll.c index bc71307f5b..9d5b1e652b 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -49,34 +49,35 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include -#if _WIN32_WINNT >= 0x0501 /* _WIN32_WINNT_WINXP */ -#include +#include +#include int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, size_t *olen) { - HCRYPTPROV provider; ((void) data); *olen = 0; - if (CryptAcquireContext(&provider, NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } + /* + * BCryptGenRandom takes ULONG for size, which is smaller than size_t on + * 64-bit Windows platforms. Extract entropy in chunks of len (dependent + * on ULONG_MAX) size. + */ + while (len != 0) { + unsigned long ulong_bytes = + (len > ULONG_MAX) ? ULONG_MAX : (unsigned long) len; - if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) { - CryptReleaseContext(provider, 0); - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } + if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, ulong_bytes, + BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } - CryptReleaseContext(provider, 0); - *olen = len; + *olen += ulong_bytes; + len -= ulong_bytes; + } return 0; } -#else /* !_WIN32_WINNT_WINXP */ -#error "Entropy not available before Windows XP, use MBEDTLS_NO_PLATFORM_ENTROPY" -#endif /* !_WIN32_WINNT_WINXP */ #else /* _WIN32 && !EFIX64 && !EFI32 */ /* diff --git a/library/x509_crt.c b/library/x509_crt.c index 8d07694a2c..e9153e7107 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1535,7 +1535,6 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) { int ret = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -#if _WIN32_WINNT >= 0x0501 /* _WIN32_WINNT_XP */ int w_ret; WCHAR szDir[MAX_PATH]; char filename[MAX_PATH]; @@ -1556,6 +1555,11 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) p = filename + len; filename[len++] = '*'; + /* + * Note this function uses the code page CP_ACP which is the system default + * ANSI codepage. The input string is always described in BYTES and the + * output length is described in WCHARs. + */ w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, MAX_PATH - 3); if (w_ret == 0) { @@ -1574,11 +1578,8 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { continue; } - w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, - -1, - p, (int) len, - NULL, NULL); + -1, p, (int) len, NULL, NULL); if (w_ret == 0) { ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; @@ -1598,9 +1599,6 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) cleanup: FindClose(hFind); -#else /* !_WIN32_WINNT_XP */ -#error "mbedtls_x509_crt_parse_path not available before Windows XP" -#endif /* !_WIN32_WINNT_XP */ #else /* _WIN32 */ int t_ret; int snp_ret; diff --git a/programs/Makefile b/programs/Makefile index 5f47e25bcc..80637e9d62 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -45,7 +45,7 @@ endif ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe -LOCAL_LDFLAGS += -lws2_32 +LOCAL_LDFLAGS += -lws2_32 -lbcrypt ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 8477aa8cb9..b4fc76ae11 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -27,6 +27,10 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif +ifdef WINDOWS_BUILD +LOCAL_LDFLAGS += -lbcrypt +endif + # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. diff --git a/scripts/data_files/vs2013-app-template.vcxproj b/scripts/data_files/vs2013-app-template.vcxproj index 039fd09a2f..2fe9cf33b5 100644 --- a/scripts/data_files/vs2013-app-template.vcxproj +++ b/scripts/data_files/vs2013-app-template.vcxproj @@ -99,7 +99,7 @@ INCLUDE_DIRECTORIES Console true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + bcrypt.lib;%(AdditionalDependencies) Debug @@ -118,7 +118,7 @@ INCLUDE_DIRECTORIES Console true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + bcrypt.lib;%(AdditionalDependencies) Debug @@ -142,7 +142,7 @@ INCLUDE_DIRECTORIES true true Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + bcrypt.lib;%(AdditionalDependencies) @@ -162,7 +162,7 @@ INCLUDE_DIRECTORIES true true Release - %(AdditionalDependencies); + bcrypt.lib;%(AdditionalDependencies) diff --git a/scripts/data_files/vs2013-main-template.vcxproj b/scripts/data_files/vs2013-main-template.vcxproj index c0f3a3c1f0..51861e16c5 100644 --- a/scripts/data_files/vs2013-main-template.vcxproj +++ b/scripts/data_files/vs2013-main-template.vcxproj @@ -91,6 +91,7 @@ INCLUDE_DIRECTORIES Windows true + bcrypt.lib;%(AdditionalDependencies) @@ -106,6 +107,7 @@ INCLUDE_DIRECTORIES Windows true + bcrypt.lib;%(AdditionalDependencies) @@ -124,6 +126,7 @@ INCLUDE_DIRECTORIES true true true + bcrypt.lib;%(AdditionalDependencies) diff --git a/scripts/data_files/vs6-app-template.dsp b/scripts/data_files/vs6-app-template.dsp deleted file mode 100644 index 87dbea2472..0000000000 --- a/scripts/data_files/vs6-app-template.dsp +++ /dev/null @@ -1,101 +0,0 @@ -# Microsoft Developer Studio Project File - Name="" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Console Application" 0x0103 - -CFG= - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f ".mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f ".mak" CFG=" - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE " - Win32 Release" (based on "Win32 (x86) Console Application") -!MESSAGE " - Win32 Debug" (based on "Win32 (x86) Console Application") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -RSC=rc.exe - -!IF "$(CFG)" == " - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "" -# PROP BASE Intermediate_Dir "temp" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "" -# PROP Intermediate_Dir "temp" -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD BASE RSC /l 0x40c /d "NDEBUG" -# ADD RSC /l 0x40c /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 -# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 - -!ELSEIF "$(CFG)" == " - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "" -# PROP BASE Intermediate_Dir "temp" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "" -# PROP Intermediate_Dir "temp" -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c -# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c -# ADD BASE RSC /l 0x40c /d "_DEBUG" -# ADD RSC /l 0x40c /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept -# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept - -!ENDIF - -# Begin Target - -# Name " - Win32 Release" -# Name " - Win32 Debug" -# Begin Group "Source Files" - -# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" -# Begin Source File - -SOURCE=..\..\programs\.c -# ADD CPP /I "../../include" -# End Source File -# End Group -# Begin Group "Header Files" - -# PROP Default_Filter "h;hpp;hxx;hm;inl" -# End Group -# Begin Group "Resource Files" - -# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" -# End Group -# End Target -# End Project diff --git a/scripts/data_files/vs6-main-template.dsp b/scripts/data_files/vs6-main-template.dsp deleted file mode 100644 index 89d3fc7311..0000000000 --- a/scripts/data_files/vs6-main-template.dsp +++ /dev/null @@ -1,94 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mbedtls" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Static Library" 0x0104 - -CFG=mbedtls - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mbedtls.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mbedtls.mak" CFG="mbedtls - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mbedtls - Win32 Release" (based on "Win32 (x86) Static Library") -!MESSAGE "mbedtls - Win32 Debug" (based on "Win32 (x86) Static Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mbedtls - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "" -# PROP BASE Intermediate_Dir "temp" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "" -# PROP Intermediate_Dir "temp" -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "_LIB" /YX /FD /c -# ADD CPP /nologo /W3 /GX /O2 /I "../../include" /D "NDEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c -# ADD BASE RSC /l 0x40c /d "NDEBUG" -# ADD RSC /l 0x40c /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LIB32=link.exe -lib -# ADD BASE LIB32 /nologo -# ADD LIB32 /nologo - -!ELSEIF "$(CFG)" == "mbedtls - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "" -# PROP BASE Intermediate_Dir "temp" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "" -# PROP Intermediate_Dir "temp" -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD CPP /nologo /W3 /GX /Z7 /Od /I "../../include" /D "_DEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD BASE RSC /l 0x40c /d "_DEBUG" -# ADD RSC /l 0x40c /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LIB32=link.exe -lib -# ADD BASE LIB32 /nologo -# ADD LIB32 /nologo - -!ENDIF - -# Begin Target - -# Name "mbedtls - Win32 Release" -# Name "mbedtls - Win32 Debug" -# Begin Group "Source Files" - -# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" -SOURCE_ENTRIES -# End Group -# Begin Group "Header Files" - -# PROP Default_Filter "h;hpp;hxx;hm;inl" -HEADER_ENTRIES -# End Group -# End Target -# End Project diff --git a/scripts/data_files/vs6-workspace-template.dsw b/scripts/data_files/vs6-workspace-template.dsw deleted file mode 100644 index ef90098f4e..0000000000 --- a/scripts/data_files/vs6-workspace-template.dsw +++ /dev/null @@ -1,18 +0,0 @@ -Microsoft Developer Studio Workspace File, Format Version 6.00 -# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! - -APP_ENTRIES -############################################################################### - -Global: - -Package=<5> -{{{ -}}} - -Package=<3> -{{{ -}}} - -############################################################################### - diff --git a/tests/Makefile b/tests/Makefile index 60ab27ec7a..2249a55df6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -49,7 +49,7 @@ endif ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe -LOCAL_LDFLAGS += -lws2_32 +LOCAL_LDFLAGS += -lws2_32 -lbcrypt ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif