7 files changed, 32 insertions, 92 deletions

diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index b2bc0ea4b..d42e85ac4 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -153,6 +153,7 @@
 */
 #define BOTAN_RNG_DEFAULT_RESEED_INTERVAL 1024
 #define BOTAN_RNG_RESEED_POLL_BITS 256
+
 #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10)
 #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50)
 
@@ -174,14 +175,6 @@
 * These control the RNG used by the system RNG interface
 */
 #define BOTAN_SYSTEM_RNG_DEVICE "/dev/urandom"
-#define BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE PROV_RSA_FULL
-
-/*
-* These paramaters control how many bytes to read from the system
-* PRNG, and how long to block if applicable.
-*
-* Timeout is ignored on Windows as CryptGenRandom doesn't block
-*/
 #define BOTAN_SYSTEM_RNG_POLL_DEVICES { "/dev/urandom", "/dev/random", "/dev/srandom" }
 
 /*
@@ -192,10 +185,14 @@
 */
 #define BOTAN_ENTROPY_PROC_FS_PATH "/proc"
 
+/*
+* These paramaters control how many bytes to read from the system
+* PRNG, and how long to block if applicable. The timeout only applies
+* to reading /dev/urandom and company.
+*/
 #define BOTAN_SYSTEM_RNG_POLL_REQUEST 64
 #define BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS 20
 
-
 /*
 How many times to read from the RDRAND/RDSEED RNGs.
 Each read generates 32 bits of output
diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt
index b74aa2d49..bbe17e084 100644
--- a/src/build-data/os/mingw.txt
+++ b/src/build-data/os/mingw.txt
@@ -16,7 +16,7 @@ mingw32.*
 
 <target_features>
 win32
-cryptgenrandom
+rtlgenrandom
 virtual_lock
 
 threads
diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt
index 500013897..db6245a83 100644
--- a/src/build-data/os/windows.txt
+++ b/src/build-data/os/windows.txt
@@ -19,7 +19,7 @@ doc_dir docs
 win32
 winsock2
 
-cryptgenrandom
+rtlgenrandom
 rtlsecurezeromemory
 
 virtual_lock
diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt
index bc0179c12..fdeae6783 100644
--- a/src/build-data/os/winphone.txt
+++ b/src/build-data/os/winphone.txt
@@ -11,7 +11,6 @@ doc_dir docs
 win32
 winsock2
 
-crypto_ng
 rtlsecurezeromemory
 
 threads
diff --git a/src/lib/rng/system_rng/info.txt b/src/lib/rng/system_rng/info.txt
index 8f25bf84c..4dc5be758 100644
--- a/src/lib/rng/system_rng/info.txt
+++ b/src/lib/rng/system_rng/info.txt
@@ -5,12 +5,9 @@ SYSTEM_RNG -> 20141202
 <os_features>
 dev_random,posix1
 arc4random
-crypto_ng
-cryptgenrandom
+rtlgenrandom
 </os_features>
 
-<libs>
-windows -> advapi32.lib
-winphone -> bcrypt.lib
-mingw -> advapi32
-</libs>
+<requires>
+rtlgenrandom?dyn_load
+</requires>
diff --git a/src/lib/rng/system_rng/system_rng.cpp b/src/lib/rng/system_rng/system_rng.cpp
index cec3deab1..32dabbe9f 100644
--- a/src/lib/rng/system_rng/system_rng.cpp
+++ b/src/lib/rng/system_rng/system_rng.cpp
@@ -1,25 +1,22 @@
 /*
 * System RNG
-* (C) 2014,2015,2017 Jack Lloyd
+* (C) 2014,2015,2017,2018 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
 
 #include <botan/system_rng.h>
 
-#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM)
-   #define NOMINMAX 1
-   #define _WINSOCKAPI_ // stop windows.h including winsock.h
-   #include <windows.h>
-   #include <wincrypt.h>
-
-#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)
-   #include <bcrypt.h>
+#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)
+  #include <botan/dyn_load.h>
+  #define NOMINMAX 1
+  #define _WINSOCKAPI_ // stop windows.h including winsock.h
+  #include <windows.h>
 
 #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)
    #include <stdlib.h>
 
-#else
+#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)
    #include <sys/types.h>
    #include <sys/stat.h>
    #include <fcntl.h>
@@ -31,82 +28,32 @@ namespace Botan {
 
 namespace {
 
-#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM)
+#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM)
 
 class System_RNG_Impl final : public RandomNumberGenerator
    {
    public:
-      System_RNG_Impl()
-         {
-         if(!CryptAcquireContext(&m_prov, nullptr, nullptr,
-                                 BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE, CRYPT_VERIFYCONTEXT))
-            throw Exception("System_RNG failed to acquire crypto provider");
-         }
-
-      ~System_RNG_Impl()
+      System_RNG_Impl() : m_advapi("advapi32.dll")
          {
-         ::CryptReleaseContext(m_prov, 0);
+         // This throws if the function is not found
+         m_rtlgenrandom = m_advapi.resolve<RtlGenRandom_f>("SystemFunction036");
          }
 
       void randomize(uint8_t buf[], size_t len) override
          {
-         ::CryptGenRandom(m_prov, static_cast<DWORD>(len), buf);
-         }
-
-      void add_entropy(const uint8_t in[], size_t length) override
-         {
-         /*
-         There is no explicit ConsumeRandom, but all values provided in
-         the call are incorporated into the state.
-         */
-         std::vector<uint8_t> buf(in, in + length);
-         ::CryptGenRandom(m_prov, static_cast<DWORD>(buf.size()), buf.data());
+         if(m_rtlgenrandom(buf, len) == false)
+            throw Exception("RtlGenRandom failed");
          }
 
+      void add_entropy(const uint8_t[], size_t) override { /* ignored */ }
       bool is_seeded() const override { return true; }
       void clear() override { /* not possible */ }
-      std::string name() const override { return "cryptoapi"; }
+      std::string name() const override { return "RtlGenRandom"; }
    private:
-      HCRYPTPROV m_prov;
-   };
+      typedef BOOL (*RtlGenRandom_f)(PVOID, ULONG);
 
-#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG)
-
-class System_RNG_Impl final : public RandomNumberGenerator
-   {
-   public:
-      System_RNG_Impl()
-         {
-         NTSTATUS ret = ::BCryptOpenAlgorithmProvider(&m_prov,
-                                                      BCRYPT_RNG_ALGORITHM,
-                                                      MS_PRIMITIVE_PROVIDER, 0);
-         if(ret != STATUS_SUCCESS)
-            throw Exception("System_RNG failed to acquire crypto provider");
-         }
-
-      ~System_RNG_Impl()
-         {
-         ::BCryptCloseAlgorithmProvider(m_prov, 0);
-         }
-
-      void randomize(uint8_t buf[], size_t len) override
-         {
-         ::BCryptGenRandom(m_prov, static_cast<PUCHAR>(buf), static_cast<ULONG>(len), 0);
-         }
-
-      void add_entropy(const uint8_t in[], size_t length) override
-         {
-         /*
-         There is a flag BCRYPT_RNG_USE_ENTROPY_IN_BUFFER to provide
-         entropy inputs, but it is ignored in Windows 8 and later.
-         */
-         }
-
-      bool is_seeded() const override { return true; }
-      void clear() override { /* not possible */ }
-      std::string name() const override { return "crypto_ng"; }
-   private:
-      BCRYPT_ALG_HANDLE m_handle;
+      Dynamically_Loaded_Library m_advapi;
+      RtlGenRandom_f m_rtlgenrandom;
    };
 
 #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM)
@@ -127,7 +74,7 @@ class System_RNG_Impl final : public RandomNumberGenerator
       std::string name() const override { return "arc4random"; }
    };
 
-#else
+#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM)
 
 // Read a random device
 
diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp
index b7f2649ef..1bbcffbdb 100644
--- a/src/lib/utils/dyn_load/dyn_load.cpp
+++ b/src/lib/utils/dyn_load/dyn_load.cpp
@@ -71,7 +71,7 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol)
 
    if(!addr)
       throw Exception("Failed to resolve symbol " + symbol +
-                               " in " + m_lib_name);
+                      " in " + m_lib_name);
 
    return addr;
    }