Merge branch 'david-loffredo-rand_s-test' (#302, fixes #299)

2019-08-08 00:14:21 +02:00 · 2019-08-08 00:14:21 +02:00 · e9db1a75c4
commit e9db1a75c4
parent 82ea946c17 8c1d9c144a
13 changed files with 30 additions and 182 deletions
--- a/expat/CMakeLists.txt
+++ b/expat/CMakeLists.txt
@ -175,7 +175,6 @@ if(WIN32)
 endif(WIN32)
 set(expat_SRCS
    lib/loadlibrary.c
    lib/xmlparse.c
    lib/xmlrole.c
    lib/xmltok.c
--- a/expat/Changes
+++ b/expat/Changes
@ -16,6 +16,9 @@ Release x.x.x xxx xxx xx xxxx
            #265  CMake: Fix linking with MinGW
       #239 #277  CMake: Add argument -DUSE_GETRANDOM=(ON|OFF|AUTO)
       #239 #277  CMake: Add argument -DUSE_SYS_GETRANDOM=(ON|OFF|AUTO)
       #299 #302  Windows: Replace LoadLibrary hack to access
                    unofficial API function SystemFunction036 (RtlGenRandom)
                    by using official API function rand_s (needs WinXP+)
             #14  Drop an OpenVMS support leftover
  #235 #268 #270  Address compiler warnings
    #282 #283 ..
@ -24,6 +27,7 @@ Release x.x.x xxx xxx xx xxxx
        #24 #293  Mass-apply clang-format 9 (and ensure conformance during CI)
        Special thanks to:
            David Loffredo
            Khajapasha Mohammed
            Kishore Kunche
            Marco Maggi
--- a/expat/lib/Makefile.am
+++ b/expat/lib/Makefile.am
@ -40,7 +40,6 @@ libexpat_la_LDFLAGS = \
    -version-info @LIBCURRENT@:@LIBREVISION@:@LIBAGE@
 libexpat_la_SOURCES = \
    loadlibrary.c \
    xmlparse.c \
    xmltok.c \
    xmlrole.c
--- a/expat/lib/expat.vcxproj
+++ b/expat/lib/expat.vcxproj
@ -148,7 +148,6 @@
    <CustomBuild Include="libexpat.def" />
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c" />
    <ClCompile Include="xmlparse.c">
      <ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
      </ExceptionHandling>
--- a/expat/lib/expat.vcxproj.filters
+++ b/expat/lib/expat.vcxproj.filters
@ -15,9 +15,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="xmlparse.c">
      <Filter>Source Files</Filter>
    </ClCompile>
--- a/expat/lib/expat_static.vcxproj
+++ b/expat/lib/expat_static.vcxproj
@ -121,7 +121,6 @@
    </Lib>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c" />
    <ClCompile Include="xmlparse.c" />
    <ClCompile Include="xmlrole.c" />
    <ClCompile Include="xmltok.c" />
--- a/expat/lib/expat_static.vcxproj.filters
+++ b/expat/lib/expat_static.vcxproj.filters
@ -11,9 +11,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="xmlparse.c">
      <Filter>Source Files</Filter>
    </ClCompile>
--- a/expat/lib/expatw.vcxproj
+++ b/expat/lib/expatw.vcxproj
@ -148,7 +148,6 @@
    <CustomBuild Include="libexpatw.def" />
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c" />
    <ClCompile Include="xmlparse.c">
      <ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
      </ExceptionHandling>
--- a/expat/lib/expatw.vcxproj.filters
+++ b/expat/lib/expatw.vcxproj.filters
@ -15,9 +15,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="xmlparse.c">
      <Filter>Source Files</Filter>
    </ClCompile>
--- a/expat/lib/expatw_static.vcxproj
+++ b/expat/lib/expatw_static.vcxproj
@ -121,7 +121,6 @@
    </Lib>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c" />
    <ClCompile Include="xmlparse.c" />
    <ClCompile Include="xmlrole.c" />
    <ClCompile Include="xmltok.c" />
--- a/expat/lib/expatw_static.vcxproj.filters
+++ b/expat/lib/expatw_static.vcxproj.filters
@ -11,9 +11,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="loadlibrary.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="xmlparse.c">
      <Filter>Source Files</Filter>
    </ClCompile>
--- a/expat/lib/loadlibrary.c
+++ b/expat/lib/loadlibrary.c
@ -1,138 +0,0 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2016 - 2017, Steve Holme, <steve_holme@hotmail.com>.
 * Copyright (C) 2017, Expat development team
 *
 * All rights reserved.
 * Licensed under the MIT license:
 *
 * Permission to  use, copy,  modify, and distribute  this software  for any
 * purpose with  or without fee is  hereby granted, provided that  the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
 * EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
 * MERCHANTABILITY, FITNESS FOR A  PARTICULAR PURPOSE AND NONINFRINGEMENT OF
 * THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
 * CONTRACT, TORT OR  OTHERWISE, ARISING FROM, OUT OF OR  IN CONNECTION WITH
 * THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 *
 * Except as contained in this notice,  the name of a copyright holder shall
 * not be used in advertising or otherwise to promote the sale, use or other
 * dealings  in this  Software without  prior written  authorization of  the
 * copyright holder.
 *
 ***************************************************************************/
 #if defined(_WIN32)
 #  include <windows.h>
 #  include <tchar.h>
 HMODULE _Expat_LoadLibrary(LPCTSTR filename);
 #  if ! defined(LOAD_WITH_ALTERED_SEARCH_PATH)
 #    define LOAD_WITH_ALTERED_SEARCH_PATH 0x00000008
 #  endif
 #  if ! defined(LOAD_LIBRARY_SEARCH_SYSTEM32)
 #    define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800
 #  endif
 /* We use our own typedef here since some headers might lack these */
 typedef HMODULE(APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD);
 /* See function definitions in winbase.h */
 #  ifdef UNICODE
 #    ifdef _WIN32_WCE
 #      define LOADLIBARYEX L"LoadLibraryExW"
 #    else
 #      define LOADLIBARYEX "LoadLibraryExW"
 #    endif
 #  else
 #    define LOADLIBARYEX "LoadLibraryExA"
 #  endif
 /*
 * _Expat_LoadLibrary()
 *
 * This is used to dynamically load DLLs using the most secure method available
 * for the version of Windows that we are running on.
 *
 * Parameters:
 *
 * filename  [in] - The filename or full path of the DLL to load. If only the
 *                  filename is passed then the DLL will be loaded from the
 *                  Windows system directory.
 *
 * Returns the handle of the module on success; otherwise NULL.
 */
 HMODULE
 _Expat_LoadLibrary(LPCTSTR filename) {
  HMODULE hModule = NULL;
  LOADLIBRARYEX_FN pLoadLibraryEx = NULL;
  /* Get a handle to kernel32 so we can access it's functions at runtime */
  HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32"));
  if (! hKernel32)
    return NULL; /* LCOV_EXCL_LINE */
  /* Attempt to find LoadLibraryEx() which is only available on Windows 2000
     and above */
  pLoadLibraryEx = (LOADLIBRARYEX_FN)GetProcAddress(hKernel32, LOADLIBARYEX);
  /* Detect if there's already a path in the filename and load the library if
     there is. Note: Both back slashes and forward slashes have been supported
     since the earlier days of DOS at an API level although they are not
     supported by command prompt */
  if (_tcspbrk(filename, TEXT("\\/"))) {
    /** !checksrc! disable BANNEDFUNC 1 **/
    hModule = pLoadLibraryEx ? pLoadLibraryEx(filename, NULL,
                                              LOAD_WITH_ALTERED_SEARCH_PATH)
                             : LoadLibrary(filename);
  }
  /* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
     supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
     Server 2008 R2 with this patch or natively on Windows 8 and above */
  else if (pLoadLibraryEx && GetProcAddress(hKernel32, "AddDllDirectory")) {
    /* Load the DLL from the Windows system directory */
    hModule = pLoadLibraryEx(filename, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
  } else {
    /* Attempt to get the Windows system path */
    UINT systemdirlen = GetSystemDirectory(NULL, 0);
    if (systemdirlen) {
      /* Allocate space for the full DLL path (Room for the null terminator
         is included in systemdirlen) */
      size_t filenamelen = _tcslen(filename);
      TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
      if (path && GetSystemDirectory(path, systemdirlen)) {
        /* Calculate the full DLL path */
        _tcscpy(path + _tcslen(path), TEXT("\\"));
        _tcscpy(path + _tcslen(path), filename);
        /* Load the DLL from the Windows system directory */
        /** !checksrc! disable BANNEDFUNC 1 **/
        hModule = pLoadLibraryEx ? pLoadLibraryEx(path, NULL,
                                                  LOAD_WITH_ALTERED_SEARCH_PATH)
                                 : LoadLibrary(path);
      }
      free(path);
    }
  }
  return hModule;
 }
 #else /* defined(_WIN32) */
 /* ISO C requires a translation unit to contain at least one declaration
   [-Wempty-translation-unit] */
 typedef int _TRANSLATION_UNIT_LOAD_LIBRARY_C_NOT_EMTPY;
 #endif /* defined(_WIN32) */
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@ -34,12 +34,17 @@
 #  define _GNU_SOURCE 1 /* syscall prototype */
 #endif
 #ifdef _WIN32
 /* force stdlib to define rand_s() */
 #  define _CRT_RAND_S
 #endif
 #include <stddef.h>
 #include <string.h> /* memset(), memcpy() */
 #include <assert.h>
 #include <limits.h> /* UINT_MAX */
 #include <stdio.h>  /* fprintf */
-#include <stdlib.h> /* getenv */
+#include <stdlib.h> /* getenv, rand_s */
 #ifdef _WIN32
 #  define getpid GetCurrentProcessId
@ -99,7 +104,7 @@
      * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \
      * libbsd (arc4random): HAVE_ARC4RANDOM + HAVE_LIBBSD, \
      * Linux / BSD / macOS (/dev/urandom): XML_DEV_URANDOM \
-      * Windows (RtlGenRandom): _WIN32. \
+      * Windows (rand_s): _WIN32. \
    \
    If insist on not using any of these, bypass this error by defining \
    XML_POOR_ENTROPY; you have been warned. \
@ -729,33 +734,28 @@ writeRandomBytes_arc4random(void *target, size_t count) {
 #ifdef _WIN32
-typedef BOOLEAN(APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
+/* Obtain entropy on Windows using the rand_s() function which
-HMODULE _Expat_LoadLibrary(LPCTSTR filename); /* see loadlibrary.c */
+ * generates cryptographically secure random numbers.  Internally it
-
+ * uses RtlGenRandom API which is present in Windows XP and later.
 /* Obtain entropy on Windows XP / Windows Server 2003 and later.
 * Hint on RtlGenRandom and the following article from libsodium.
 *
 * Michael Howard: Cryptographically Secure Random number on Windows without
 * using CryptoAPI
 * https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/
 */
 static int
-writeRandomBytes_RtlGenRandom(void *target, size_t count) {
+writeRandomBytes_rand_s(void *target, size_t count) {
-  int success = 0; /* full count bytes written? */
+  size_t bytesWrittenTotal = 0;
  const HMODULE advapi32 = _Expat_LoadLibrary(TEXT("ADVAPI32.DLL"));
-  if (advapi32) {
+  while (bytesWrittenTotal < count) {
-    const RTLGENRANDOM_FUNC RtlGenRandom
+    unsigned int random32 = 0;
-        = (RTLGENRANDOM_FUNC)GetProcAddress(advapi32, "SystemFunction036");
+    size_t i = 0;
-    if (RtlGenRandom) {
+
-      if (RtlGenRandom((PVOID)target, (ULONG)count) == TRUE) {
+    if (rand_s(&random32))
-        success = 1;
+      return 0; /* failure */
-      }
+
    for (; (i < sizeof(random32)) && (bytesWrittenTotal < count);
         i++, bytesWrittenTotal++) {
      const uint8_t random8 = (uint8_t)(random32 >> (i * 8));
      ((uint8_t *)target)[bytesWrittenTotal] = random8;
    }
    FreeLibrary(advapi32);
  }
-
+  return 1; /* success */
  return success;
 }
 #endif /* _WIN32 */
@ -812,8 +812,8 @@ generate_hash_secret_salt(XML_Parser parser) {
 #else
  /* Try high quality providers first .. */
 #  ifdef _WIN32
-  if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) {
+  if (writeRandomBytes_rand_s((void *)&entropy, sizeof(entropy))) {
-    return ENTROPY_DEBUG("RtlGenRandom", entropy);
+    return ENTROPY_DEBUG("rand_s", entropy);
  }
 #  elif defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM)
  if (writeRandomBytes_getrandom_nonblock((void *)&entropy, sizeof(entropy))) {