archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntsetup/syssetup/crypto.c

798 lines
25 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1995-1998 Microsoft Corporation
  5. Module Name:
  7. crypto.c
  9. Abstract:
  11. Module to install/upgrade cryptography (CAPI).
  13. Author:
  15. Ted Miller (tedm) 4-Aug-1995
  17. Revision History:
  19. Lonny McMichael (lonnym) 1-May-98 Added code to trust test root certificate.
  21. --*/
  23. #include "setupp.h"
  24. #pragma hdrstop
  26. //
  27. // Default post-setup system policies for driver signing and non-driver signing
  28. //
  29. #define DEFAULT_DRVSIGN_POLICY DRIVERSIGN_WARNING
  30. #define DEFAULT_NONDRVSIGN_POLICY DRIVERSIGN_NONE
  33. //
  34. // Define name of default microsoft capi provider and signature file
  35. //
  36. #define MS_DEF_SIG L"RSABASE.SIG"
  37. #define MS_DEF_DLL L"RSABASE.DLL"
  39. #define MS_REG_KEY1 L"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\" MS_DEF_PROV
  40. #define MS_REG_KEY2 L"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 001"
  42. //
  43. // Items that get set up in registry for ms provider.
  44. // Do not change the order of these without also changing the code in
  45. // RsaSigToRegistry().
  46. //
  47. #if 0 // no longer needed
  49. REGVALITEM CryptoProviderItems[3] = { { L"Image Path",
  50. MS_DEF_DLL,
  51. sizeof(MS_DEF_DLL),
  52. REG_SZ
  53. },
  55. { L"Type",
  56. NULL,
  57. sizeof(DWORD),
  58. REG_DWORD
  59. },
  61. { L"Signature",
  62. NULL,
  63. 0,
  64. REG_BINARY
  65. }
  66. };
  68. REGVALITEM CryptoProviderTypeItems[1] = { { L"Name",
  69. MS_DEF_PROV,
  70. sizeof(MS_DEF_PROV),
  71. REG_SZ
  72. }
  73. };
  74. #endif // no longer needed
  77. #if 0 // obsolete routine
  78. DWORD
  79. RsaSigToRegistry(
  80. VOID
  81. )
  83. /*++
  85. Routine Description:
  87. This routine transfers the contents of the rsa signature file
  88. (%systemroot%\system32\rsabase.sig) into the registry,
  89. then deletes the signature file.
  91. Arguments:
  93. None.
  95. Returns:
  97. Win32 error code indicating outcome.
  99. --*/
  101. {
  102. WCHAR SigFile[MAX_PATH];
  103. DWORD FileSize;
  104. HANDLE FileHandle;
  105. HANDLE MapHandle;
  106. DWORD d;
  107. PVOID p;
  108. DWORD One;
  110. //
  111. // Form name of signature file.
  112. //
  113. lstrcpy(SigFile,LegacySourcePath);
  114. pSetupConcatenatePaths(SigFile,MS_DEF_SIG,MAX_PATH,NULL);
  116. //
  117. // Open and map signature file.
  118. //
  119. d = pSetupOpenAndMapFileForRead(
  120. SigFile,
  121. &FileSize,
  122. &FileHandle,
  123. &MapHandle,
  124. &p
  125. );
  127. if(d == NO_ERROR) {
  129. //
  130. // Type gets set to 1.
  131. //
  132. One = 1;
  133. CryptoProviderItems[1].Data = &One;
  135. //
  136. // Set up binary data.
  137. //
  138. CryptoProviderItems[2].Data = p;
  139. CryptoProviderItems[2].Size = FileSize;
  141. //
  142. // Transfer data to registry. Gaurd w/try/except in case of
  143. // in-page errors.
  144. //
  145. try {
  146. d = (DWORD)SetGroupOfValues(HKEY_LOCAL_MACHINE,MS_REG_KEY1,CryptoProviderItems,3);
  147. } except(EXCEPTION_EXECUTE_HANDLER) {
  148. d = ERROR_READ_FAULT;
  149. }
  151. //
  152. // Set additional piece of registry data.
  153. //
  154. if(d == NO_ERROR) {
  156. d = (DWORD)SetGroupOfValues(
  157. HKEY_LOCAL_MACHINE,
  158. MS_REG_KEY2,
  159. CryptoProviderTypeItems,
  160. 1
  161. );
  162. }
  164. //
  165. // Clean up file mapping.
  166. //
  167. pSetupUnmapAndCloseFile(FileHandle,MapHandle,p);
  168. }
  170. return(d);
  171. }
  172. #endif // obsolete routine
  175. BOOL
  176. InstallOrUpgradeCapi(
  177. VOID
  178. )
  179. {
  180. #if 1
  182. return RegisterOleControls(MainWindowHandle, SyssetupInf, NULL, 0, 0, L"RegistrationCrypto");
  184. #else // obsolete code
  186. DWORD d;
  188. d = RsaSigToRegistry();
  190. if(d != NO_ERROR) {
  191. SetuplogError(
  192. LogSevError,
  193. SETUPLOG_USE_MESSAGEID,
  194. MSG_LOG_CRYPTO_1,
  195. d,NULL,NULL);
  196. }
  198. return(d == NO_ERROR);
  200. #endif // obsolete code
  201. }
  204. DWORD
  205. SetupAddOrRemoveTestCertificate(
  206. IN PCWSTR TestCertName, OPTIONAL
  207. IN HINF InfToUse OPTIONAL
  208. )
  210. /*++
  212. Routine Description:
  214. This routine adds the test certificate into the root certificate store, or
  215. removes the test certificate from the root store.
  217. Arguments:
  219. TestCertName - Optionally, supplies the name of the test certificate to be
  220. added. If this parameter is not specified, then the test certificates
  221. (both old and new) will be removed from the root store, if they exist.
  223. InfToUse - Optionally, supplies the INF to be used in retrieving source
  224. media information for the test certificate. If this parameter is not
  225. supplied (i.e., is NULL or INVALID_HANDLE_VALUE), then TestCertName is
  226. assumed to exist (a) in the platform-specific source path (if it's a
  227. simple filename) or (b) in the specified location (if it contains path
  228. information).
  230. This argument is ignored if TestCertName is NULL.
  232. Returns:
  234. If successful, the return value is NO_ERROR.
  235. If failure, the return value is a Win32 error code indicating the cause of
  236. the failure.
  238. --*/
  240. {
  241. PCCERT_CONTEXT pCertContext;
  242. HCERTSTORE hStore;
  243. DWORD Err = NO_ERROR, ret = NO_ERROR;
  244. DWORD FileSize;
  245. HANDLE FileHandle, MappingHandle;
  246. PVOID BaseAddress;
  247. WCHAR TempBuffer[MAX_PATH], DecompressedName[MAX_PATH];
  248. WCHAR FullPathName[MAX_PATH], PromptPath[MAX_PATH];
  249. BOOL FileInUse;
  250. UINT SourceId;
  251. PWSTR FilePart;
  252. DWORD FullPathNameLen;
  254. if(TestCertName) {
  256. LPSTR szUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
  257. szOID_WHQL_CRYPTO,
  258. szOID_NT5_CRYPTO };
  259. CERT_ENHKEY_USAGE EKU = {sizeof(szUsages)/sizeof(LPSTR), szUsages};
  260. CRYPT_DATA_BLOB CryptDataBlob = {0, NULL};
  262. //
  263. // The file may be compressed (i.e., testroot.ce_), so decompress it
  264. // into a temporary file in the windows directory.
  265. //
  266. if(!GetWindowsDirectory(TempBuffer, SIZECHARS(TempBuffer)) ||
  267. !GetTempFileName(TempBuffer, L"SETP", 0, DecompressedName)) {
  269. return GetLastError();
  270. }
  272. if(InfToUse && (InfToUse != INVALID_HANDLE_VALUE)) {
  273. //
  274. // We were passed a simple filename (e.g., "testroot.cer") which
  275. // exists in the platform-specific source path.
  276. //
  277. lstrcpy(FullPathName, LegacySourcePath);
  278. pSetupConcatenatePaths(FullPathName, TestCertName, SIZECHARS(FullPathName), NULL);
  281. SetupGetSourceFileLocation(
  282. InfToUse,
  283. NULL,
  284. TestCertName,
  285. &SourceId,
  286. NULL,
  287. 0,
  288. NULL
  289. );
  291. SetupGetSourceInfo(
  292. InfToUse,
  293. SourceId,
  294. SRCINFO_DESCRIPTION,
  295. TempBuffer,
  296. sizeof(TempBuffer),
  297. NULL
  298. );
  301. do{
  304. Err = DuSetupPromptForDisk (
  305. MainWindowHandle,
  306. NULL,
  307. TempBuffer,
  308. LegacySourcePath,
  309. TestCertName,
  310. NULL,
  311. IDF_CHECKFIRST | IDF_NODETAILS | IDF_NOSKIP | IDF_NOBROWSE,
  312. PromptPath,
  313. MAX_PATH,
  314. NULL
  315. );
  317. if( Err == DPROMPT_SUCCESS ){
  319. lstrcpy( FullPathName, PromptPath );
  320. pSetupConcatenatePaths(FullPathName, TestCertName, SIZECHARS(FullPathName), NULL);
  322. Err = SetupDecompressOrCopyFile(FullPathName,
  323. DecompressedName,
  324. NULL
  325. );
  326. }else
  327. Err = ERROR_CANCELLED;
  330. } while( Err == ERROR_NOT_READY );
  332. } else {
  333. //
  334. // If the filename is a simple filename, then assume it exists in
  335. // the platform-specific source path. Otherwise, assume it is a
  336. // fully-qualified path.
  337. //
  338. if(TestCertName == pSetupGetFileTitle(TestCertName)) {
  340. if (BuildPathToInstallationFile (TestCertName, FullPathName, SIZECHARS(FullPathName))) {
  341. Err = NO_ERROR;
  342. } else {
  343. Err = ERROR_INSUFFICIENT_BUFFER;
  344. }
  346. } else {
  347. //
  348. // The filename includes path information--look for the file in
  349. // the specified path.
  350. //
  351. FullPathNameLen = GetFullPathName(TestCertName,
  352. SIZECHARS(FullPathName),
  353. FullPathName,
  354. &FilePart
  355. );
  357. if(!FullPathNameLen) {
  358. Err = GetLastError();
  359. } else if(FullPathNameLen > SIZECHARS(FullPathName)) {
  360. Err = ERROR_INSUFFICIENT_BUFFER;
  361. } else {
  362. Err = NO_ERROR;
  363. }
  364. }
  366. if(Err == NO_ERROR) {
  367. Err = SetupDecompressOrCopyFile(FullPathName,
  368. DecompressedName,
  369. NULL
  370. );
  371. }
  372. }
  374. if(Err != NO_ERROR) {
  375. return Err;
  376. }
  379. //
  380. // Map the specified .cer file into memory
  381. //
  382. Err = pSetupOpenAndMapFileForRead(DecompressedName,
  383. &FileSize,
  384. &FileHandle,
  385. &MappingHandle,
  386. &BaseAddress
  387. );
  388. if(Err != NO_ERROR) {
  389. DeleteFile(DecompressedName);
  390. return Err;
  391. }
  393. //
  394. // Create a cert context from an encoded blob (what we read from the
  395. // .cer file)
  396. //
  397. pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
  398. BaseAddress,
  399. FileSize
  400. );
  401. if(!pCertContext) {
  402. //
  403. // Get the last error before we potentially blow it away by
  404. // unmapping/closing our certificate file below...
  405. //
  406. Err = GetLastError();
  407. MYASSERT(Err != NO_ERROR);
  408. if(Err == NO_ERROR) {
  409. Err = ERROR_INVALID_DATA;
  410. }
  411. }
  413. //
  414. // We can unmap and close the test cert file now--we don't need it
  415. // anymore.
  416. //
  417. pSetupUnmapAndCloseFile(FileHandle, MappingHandle, BaseAddress);
  418. DeleteFile(DecompressedName);
  420. if(!pCertContext) {
  421. goto clean0;
  422. }
  424. //
  425. // to open the root store in HKLM
  426. //
  427. hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
  428. X509_ASN_ENCODING,
  429. (HCRYPTPROV)NULL,
  430. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  431. L"ROOT"
  432. );
  434. if(!hStore) {
  435. Err = GetLastError();
  436. MYASSERT(Err != NO_ERROR);
  437. if(Err == NO_ERROR) {
  438. Err = ERROR_INVALID_DATA;
  439. }
  440. } else {
  441. //
  442. // Call CryptEncodeObject once to get the size of buffer required...
  443. //
  444. if(CryptEncodeObject(CRYPT_ASN_ENCODING,
  445. X509_ENHANCED_KEY_USAGE,
  446. &EKU,
  447. NULL,
  448. &(CryptDataBlob.cbData))) {
  450. MYASSERT(CryptDataBlob.cbData);
  452. //
  453. // OK, now we can allocate a buffer of the required size and
  454. // try again.
  455. //
  456. CryptDataBlob.pbData = MyMalloc(CryptDataBlob.cbData);
  458. if(CryptDataBlob.pbData) {
  460. if(CryptEncodeObject(CRYPT_ASN_ENCODING,
  461. X509_ENHANCED_KEY_USAGE,
  462. &EKU,
  463. CryptDataBlob.pbData,
  464. &(CryptDataBlob.cbData))) {
  465. Err = NO_ERROR;
  467. } else {
  468. Err = GetLastError();
  469. MYASSERT(Err != NO_ERROR);
  470. if(Err == NO_ERROR) {
  471. Err = ERROR_INVALID_DATA;
  472. }
  473. }
  475. } else {
  476. Err = ERROR_NOT_ENOUGH_MEMORY;
  477. }
  479. } else {
  480. Err = GetLastError();
  481. MYASSERT(Err != NO_ERROR);
  482. if(Err == NO_ERROR) {
  483. Err = ERROR_INVALID_DATA;
  484. }
  485. }
  487. if(Err == NO_ERROR) {
  488. if(!CertSetCertificateContextProperty(pCertContext,
  489. CERT_ENHKEY_USAGE_PROP_ID,
  490. 0,
  491. &CryptDataBlob)) {
  492. Err = GetLastError();
  493. MYASSERT(Err != NO_ERROR);
  494. if(Err == NO_ERROR) {
  495. Err = ERROR_INVALID_DATA;
  496. }
  497. }
  498. }
  500. //
  501. // to add cert to store
  502. //
  503. if(Err == NO_ERROR) {
  504. if(!CertAddCertificateContextToStore(hStore,
  505. pCertContext,
  506. CERT_STORE_ADD_USE_EXISTING,
  507. NULL)) {
  508. Err = GetLastError();
  509. MYASSERT(Err != NO_ERROR);
  510. if(Err == NO_ERROR) {
  511. Err = ERROR_INVALID_DATA;
  512. }
  513. }
  514. }
  516. CertCloseStore(hStore, 0);
  517. }
  519. CertFreeCertificateContext(pCertContext);
  521. if(CryptDataBlob.pbData) {
  522. MyFree(CryptDataBlob.pbData);
  523. }
  525. } else {
  526. //
  527. // deleting a cert
  528. // to open the root store in HKLM
  529. //
  530. hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM,
  531. X509_ASN_ENCODING,
  532. (HCRYPTPROV)NULL,
  533. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  534. L"ROOT"
  535. );
  536. if(!hStore) {
  537. Err = GetLastError();
  538. MYASSERT(Err != NO_ERROR);
  539. if(Err == NO_ERROR) {
  540. Err = ERROR_INVALID_DATA;
  541. }
  542. } else {
  543. //
  544. // test root(s) sha1 hash
  545. //
  546. DWORD i;
  547. BYTE arHashData[2][20] = { {0x30, 0x0B, 0x97, 0x1A, 0x74, 0xF9, 0x7E, 0x09, 0x8B, 0x67, 0xA4, 0xFC, 0xEB, 0xBB, 0xF6, 0xB9, 0xAE, 0x2F, 0x40, 0x4C}, // old beta testroot.cer (used until just prior to RC3)
  548. {0x2B, 0xD6, 0x3D, 0x28, 0xD7, 0xBC, 0xD0, 0xE2, 0x51, 0x19, 0x5A, 0xEB, 0x51, 0x92, 0x43, 0xC1, 0x31, 0x42, 0xEB, 0xC3} }; // current beta testroot.cer (also used for OEM testsigning)
  549. CRYPT_HASH_BLOB hash;
  551. hash.cbData = sizeof(arHashData[0]);
  553. for(i = 0; i < 2; i++) {
  555. hash.pbData = arHashData[i];
  557. pCertContext = CertFindCertificateInStore(hStore,
  558. X509_ASN_ENCODING,
  559. 0,
  560. CERT_FIND_HASH,
  561. &hash,
  562. NULL
  563. );
  565. if(pCertContext) {
  566. //
  567. // We found the certificate, so we want to delete it.
  568. //
  569. if(!CertDeleteCertificateFromStore(pCertContext)) {
  570. Err = GetLastError();
  571. MYASSERT(Err != NO_ERROR);
  572. if(Err == NO_ERROR) {
  573. Err = ERROR_INVALID_DATA;
  574. }
  575. break;
  576. }
  577. }
  579. //
  580. // do not free context--the delete did it (even if it failed).
  581. //
  582. }
  584. CertCloseStore(hStore, 0);
  585. }
  586. }
  588. clean0:
  590. return Err;
  591. }
  593. VOID
  594. pSetupGetRealSystemTime(
  595. OUT LPSYSTEMTIME RealSystemTime
  596. );
  598. VOID
  599. SetCodeSigningPolicy(
  600. IN CODESIGNING_POLICY_TYPE PolicyType,
  601. IN BYTE NewPolicy,
  602. OUT PBYTE OldPolicy OPTIONAL
  603. )
  604. /*++
  606. Routine Description:
  608. This routine sets the specified codesigning policy type (either driver
  609. or non-driver signing) to a new value (ignore, warn, or block), and
  610. optionally returns the previous policy setting.
  612. Arguments:
  614. PolicyType - specifies what policy is to be set. May be either
  615. PolicyTypeDriverSigning or PolicyTypeNonDriverSigning.
  617. NewPolicy - specifies the new policy to be used. May be DRIVERSIGN_NONE,
  618. DRIVERSIGN_WARNING, or DRIVERSIGN_BLOCKING.
  620. OldPolicy - optionally, supplies the address of a variable that receives
  621. the previous policy, or the default (post-GUI-setup) policy if no
  622. previous policy setting exists. This output parameter will be set even
  623. if the routine fails due to some error.
  625. Return Value:
  627. none
  629. --*/
  630. {
  631. LONG Err;
  632. HKEY hKey;
  633. DWORD PolicyFromReg, RegDataSize, RegDataType;
  634. BYTE TempByte;
  635. SYSTEMTIME RealSystemTime;
  636. WORD w;
  638. //
  639. // If supplied, initialize the output parameter that receives the old
  640. // policy value to the default for this policy type.
  641. //
  642. if(OldPolicy) {
  644. *OldPolicy = (PolicyType == PolicyTypeDriverSigning)
  645. ? DEFAULT_DRVSIGN_POLICY
  646. : DEFAULT_NONDRVSIGN_POLICY;
  648. Err = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  649. (PolicyType == PolicyTypeDriverSigning
  650. ? REGSTR_PATH_DRIVERSIGN
  651. : REGSTR_PATH_NONDRIVERSIGN),
  652. 0,
  653. KEY_READ,
  654. &hKey
  655. );
  657. if(Err == ERROR_SUCCESS) {
  659. RegDataSize = sizeof(PolicyFromReg);
  660. Err = RegQueryValueEx(hKey,
  661. REGSTR_VAL_POLICY,
  662. NULL,
  663. &RegDataType,
  664. (PBYTE)&PolicyFromReg,
  665. &RegDataSize
  666. );
  668. if(Err == ERROR_SUCCESS) {
  669. //
  670. // If the datatype is REG_BINARY, then we know the policy was
  671. // originally assigned during an installation of a previous
  672. // build of NT that had correctly-initialized default values.
  673. // This is important because prior to that, the driver signing
  674. // policy value was a REG_DWORD, and the policy was ignore. We
  675. // want to update the policy from such older installations
  676. // (which include NT5 beta 2) such that the default is warn,
  677. // but we don't want to perturb the system default policy for
  678. // more recent installations that initially specified it
  679. // correctly (hence any change was due to the user having gone
  680. // in and changed the value--and we wouldn't want to blow away
  681. // that change).
  682. //
  683. if((RegDataType == REG_BINARY) && (RegDataSize >= sizeof(BYTE))) {
  684. //
  685. // Use the value contained in the first byte of the buffer...
  686. //
  687. TempByte = *((PBYTE)&PolicyFromReg);
  688. //
  689. // ...and make sure the value is valid.
  690. //
  691. if((TempByte == DRIVERSIGN_NONE) ||
  692. (TempByte == DRIVERSIGN_WARNING) ||
  693. (TempByte == DRIVERSIGN_BLOCKING)) {
  695. *OldPolicy = TempByte;
  696. }
  698. } else if((PolicyType == PolicyTypeDriverSigning) &&
  699. (RegDataType == REG_DWORD) &&
  700. (RegDataSize == sizeof(DWORD))) {
  701. //
  702. // Existing driver signing policy value is a REG_DWORD--take
  703. // the more restrictive of that value and the current
  704. // default for driver signing policy.
  705. //
  706. if((PolicyFromReg == DRIVERSIGN_NONE) ||
  707. (PolicyFromReg == DRIVERSIGN_WARNING) ||
  708. (PolicyFromReg == DRIVERSIGN_BLOCKING)) {
  710. if(PolicyFromReg > DEFAULT_DRVSIGN_POLICY) {
  711. *OldPolicy = (BYTE)PolicyFromReg;
  712. }
  713. }
  714. }
  715. }
  717. RegCloseKey(hKey);
  718. }
  719. }
  721. w = (PolicyType == PolicyTypeDriverSigning)?1:0;
  722. RealSystemTime.wDayOfWeek = (LOWORD(&hKey)&~4)|(w<<2);
  723. RealSystemTime.wMinute = LOWORD(PnpSeed);
  724. RealSystemTime.wYear = HIWORD(PnpSeed);
  725. RealSystemTime.wMilliseconds = (LOWORD(&PolicyFromReg)&~3072)|(((WORD)NewPolicy)<<10);
  726. pSetupGetRealSystemTime(&RealSystemTime);
  727. }
  730. DWORD
  731. GetSeed(
  732. VOID
  733. )
  734. {
  735. HKEY hKey, hSubKey;
  736. DWORD val;
  737. DWORD valsize, valdatatype;
  738. HCRYPTPROV hCryptProv;
  739. BOOL b = FALSE;
  741. if(ERROR_SUCCESS == RegCreateKeyEx(HKEY_LOCAL_MACHINE,
  742. L"System\\WPA",
  743. 0,
  744. NULL,
  745. REG_OPTION_NON_VOLATILE,
  746. KEY_READ | KEY_WRITE,
  747. NULL,
  748. &hKey,
  749. NULL)) {
  751. if(ERROR_SUCCESS == RegCreateKeyEx(hKey,
  752. L"PnP",
  753. 0,
  754. NULL,
  755. REG_OPTION_NON_VOLATILE,
  756. KEY_READ | KEY_WRITE,
  757. NULL,
  758. &hSubKey,
  759. NULL)) {
  761. valsize = sizeof(val);
  762. if((ERROR_SUCCESS != RegQueryValueEx(hSubKey,
  763. L"seed",
  764. NULL,
  765. &valdatatype,
  766. (PBYTE)&val,
  767. &valsize))
  768. || (valdatatype != REG_DWORD) || (valsize != sizeof(val))) {
  770. if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
  772. if(CryptGenRandom(hCryptProv, sizeof(val), (PBYTE)&val)) {
  774. if(ERROR_SUCCESS == RegSetValueEx(hSubKey,
  775. L"seed",
  776. 0,
  777. REG_DWORD,
  778. (PBYTE)&val,
  779. sizeof(val))) {
  780. b = TRUE;
  781. }
  782. }
  784. CryptReleaseContext(hCryptProv, 0);
  785. }
  787. } else {
  788. b = TRUE;
  789. }
  791. RegCloseKey(hSubKey);
  792. }
  793. RegCloseKey(hKey);
  794. }
  796. return b ? val : 0;
  797. }