diff options
author | Viktor Szakats <commit@vsz.me> | 2022-07-04 09:38:24 +0000 |
---|---|---|
committer | Viktor Szakats <commit@vsz.me> | 2022-07-04 09:38:24 +0000 |
commit | 76172511e7adcf720f4c77bd91f49278300ec97e (patch) | |
tree | b8bd34cd13d4c0bb9ab36954876e96480fd635e5 /CMakeLists.txt | |
parent | e6f8445edef8e7996d1cfb141d6df184efef972c (diff) | |
download | curl-76172511e7adcf720f4c77bd91f49278300ec97e.tar.gz |
windows: improve random source
- Use the Windows API to seed the fallback random generator.
This ensures to always have a random seed, even when libcurl is built
with a vtls backend lacking a random generator API, such as rustls
(experimental), GSKit and certain mbedTLS builds, or, when libcurl is
built without a TLS backend. We reuse the Windows-specific random
function from the Schannel backend.
- Implement support for `BCryptGenRandom()` [1] on Windows, as a
replacement for the deprecated `CryptGenRandom()` [2] function.
It is used as the secure random generator for Schannel, and also to
provide entropy for libcurl's fallback random generator. The new
function is supported on Vista and newer via its `bcrypt.dll`. It is
used automatically when building for supported versions. It also works
in UWP apps (the old function did not).
- Clear entropy buffer before calling the Windows random generator.
This avoids using arbitrary application memory as entropy (with
`CryptGenRandom()`) and makes sure to return in a predictable state
when an API call fails.
[1] https://docs.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
[2] https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom
Closes #9027
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r-- | CMakeLists.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 5f93bedf6..b2204fe58 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1327,6 +1327,8 @@ if(WIN32) if(USE_WIN32_CRYPTO OR USE_SCHANNEL) list(APPEND CURL_LIBS "advapi32" "crypt32") endif() + + list(APPEND CURL_LIBS "bcrypt") endif() if(MSVC) |