From 881029a89e9e1f5a828fc2d2df705a6d62a93189 Mon Sep 17 00:00:00 2001
From: Kevin Kane <kkane@microsoft.com>
Date: Fri, 30 Sep 2016 17:13:41 -0700
Subject: [PATCH] [IOT-1380] Use BCryptGenRandom on Windows

Patch mbedTLS to use BCryptGenRandom on Windows.
Add the mbedtls subtree to .gitignore.

Change-Id: I23367aac194de2531299badc466a0d39e46eda4d
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/12725
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Dave Thaler <dthaler@microsoft.com>
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-by: Dan Mihai <Daniel.Mihai@microsoft.com>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
---
 .gitignore                |  1 +
 extlibs/mbedtls/ocf.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/.gitignore b/.gitignore
index 529f5f1..7477d75 100644
--- a/.gitignore
+++ b/.gitignore
@@ -117,6 +117,7 @@ build_common/arduino/extlibs/arduino/arduino-1.5.8
 extlibs/tinydtls/dtls-client
 extlibs/tinydtls/dtls-server
 extlibs/bluez/bluez
+extlibs/mbedtls/mbedtls
 
 # Ignore editor (e.g. Emacs) backup and autosave files
 *~
diff --git a/extlibs/mbedtls/ocf.patch b/extlibs/mbedtls/ocf.patch
index 1976f89..f2801a3 100644
--- a/extlibs/mbedtls/ocf.patch
+++ b/extlibs/mbedtls/ocf.patch
@@ -132,6 +132,47 @@ index deaaa37..4f10540 100644
  #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
  #endif
  
+diff --git a/library/entropy_poll.c b/library/entropy_poll.c
+index a116e60..c022caf 100644
+--- a/library/entropy_poll.c
++++ b/library/entropy_poll.c
+@@ -54,28 +54,29 @@
+ #define _WIN32_WINNT 0x0400
+ #endif
+ #include <windows.h>
+-#include <wincrypt.h>
++#include <bcrypt.h>
+ 
+ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
+                            size_t *olen )
+ {
+-    HCRYPTPROV provider;
+     ((void) data);
+     *olen = 0;
+ 
+-    if( CryptAcquireContext( &provider, NULL, NULL,
+-                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
++    /*
++     * size_t may be 64 bits, but ULONG is always 32.
++     * If len is larger than the maximum for ULONG, just fail.
++     * It's unlikely anything ever will want to ask for this much randomness.
++     */
++    if ( len > 0xFFFFFFFFULL )
+     {
+         return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+     }
+ 
+-    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
++    if ( !BCRYPT_SUCCESS(BCryptGenRandom(NULL, output, (ULONG) len, BCRYPT_USE_SYSTEM_PREFERRED_RNG)) )
+     {
+-        CryptReleaseContext( provider, 0 );
+         return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+     }
+ 
+-    CryptReleaseContext( provider, 0 );
+     *olen = len;
+ 
+     return( 0 );
 diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
 index 3546331..74cef29 100644
 --- a/library/ssl_ciphersuites.c
-- 
2.7.4