1 files changed, 41 insertions, 0 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index e1115cb85..7452f6056 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -41,6 +41,13 @@
 #define RETURN_SSL_OUTCOME(exp) return !(exp)
 #endif
 
+#ifdef MS_WINDOWS
+#define WIN32_WINNT 0x400
+#define _WIN32_WINNT 0x400
+#include <windows.h>
+#include <wincrypt.h>
+#endif
+
 struct crypto_pk_env_t
 {
   int type;
@@ -1032,6 +1039,39 @@ void crypto_dh_free(crypto_dh_env_t *dh)
 }
 
 /* random numbers */
+#ifdef MS_WINDOWS
+int crypto_seed_rng()
+{
+  static int provider_set = 0;
+  static HCRYPTPROV p;
+  char buf[21];
+
+  if (!provider_set) {
+    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, 0)) {
+      if (GetLastError() != NTE_BAD_KEYSET) {
+	log_fn(LOG_ERR,"Can't get CryptoAPI provider [1]");
+	return -1;
+      }
+      /* Yes, we need to try it twice. */
+      if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+			       CRYPT_NEWKEYSET)) {
+	log_fn(LOG_ERR,"Can't get CryptoAPI provider [2]");
+	return -1;
+      }
+    }
+    provider_set = 1;
+  }
+  if (!CryptGenRandom(provider, 20, buf)) {
+    log_fn(LOG_ERR,"Can't get entropy from CryptoAPI.");
+    return -1;
+  }
+  RAND_seed(buf, 20);
+  /* And add the current screen state to the entopy pool for
+   * good measure. */
+  RAND_screen();
+  return 0;
+}
+#else
 int crypto_seed_rng()
 {
   static char *filenames[] = {
@@ -1058,6 +1098,7 @@ int crypto_seed_rng()
   log_fn(LOG_WARN, "Cannot seed RNG -- no entropy source found.");
   return -1;
 }
+#endif
 
 int crypto_rand(unsigned int n, unsigned char *to)
 {