[PATCH] MinGW, random_seed, CryptoAPI

Enzo Michelangeli em at who.net
Fri Apr 28 08:15:04 CEST 2000


I wouldn't use CAPI at all, not even for the RNG (which is one of the most
critical parts as far as security is concerned). I just don't trust code of
which I'm prevented from seeing and recompiling the source.

Also, I wouldn't use the horrible registry, when all the configuration in
gpg is based on a honest-to-God ASCII file...

Enzo

----- Original Message -----
From: Bradley A. Town <townba at pobox.com>
To: <gnupg-devel at gnupg.org>
Sent: Friday, April 28, 2000 5:07 AM
Subject: [PATCH] MinGW, random_seed, CryptoAPI


> (I don't subscribe to the list -- I read it at lists.gnupg.org.  Please CC
> me any replies.)
>
> I have created patches to random.c, rndw32.c, util.h, and w32reg.c, but
> together they are large (about 18k), so I'll send them to anyone that
> wants/needs them.  Don't reply to the list for them, though -- just send
> mail.  :)
>
> These patches apply to MingW builds.  I'm compiling under Windows 2000
> Professional using MinGW32 from Mumit Khan and configuration tools from
> Cygwin.  Configure options:
> configure --host=i386--mingw32 --disable-asm
> (I couldn't get the assembly files to work, but I didn't try very hard.)
>
> The following patches:
> * Correct a bug with reading and writing random_seed (text vs. binary
mode)
> * Add the ability to use the icky Microsoft CryptoAPI *for random number
> generation only* (Intel has a nice hardware RNG accessible through the
> CryptoAPI) (Perhaps the CryptoAPI stuff should go into the entropy DLL?)
> * Add a registry function for retrieving a number (which I then did not
use,
> but it's there)
>
> GnuPG reads RNGToUse (REG_SZ) under HKCU/Software/GNU/GnuPG.  If it is not
> present, or if it says "winseed", it uses the entropy DLL code.  If it
says
> "CryptoAPI", it uses the CryptoAPI.
>
> Since several CSPs can be installed at one time, GnuPG reads ProvType
> (REG_DWORD) under HKCU/Software/GNU/GnuPG/CryptoAPI.  If it is not
present,
> it fails.  Valid numbers are (as of the April 2000 Platform SDK) 1 through
> 22 (decimal).  A value of 1 might be sufficient for testing; 22 is the
Intel
> RNG.  (For info on the Intel RNG, check
> http://developer.intel.com/design/security/rng/rng.htm .)  Values of
> Container (REG_SZ) and Provider (REG_SZ) may also be provided.
>



More information about the Gnupg-devel mailing list