windows: improve random source

- Use the Windows API to seed the fallback random generator.

  This ensures to always have a random seed, even when libcurl is built
  with a vtls backend lacking a random generator API, such as rustls
  (experimental), GSKit and certain mbedTLS builds, or, when libcurl is
  built without a TLS backend. We reuse the Windows-specific random
  function from the Schannel backend.

- Implement support for `BCryptGenRandom()` [1] on Windows, as a
  replacement for the deprecated `CryptGenRandom()` [2] function.

  It is used as the secure random generator for Schannel, and also to
  provide entropy for libcurl's fallback random generator. The new
  function is supported on Vista and newer via its `bcrypt.dll`. It is
  used automatically when building for supported versions. It also works
  in UWP apps (the old function did not).

- Clear entropy buffer before calling the Windows random generator.

  This avoids using arbitrary application memory as entropy (with
  `CryptGenRandom()`) and makes sure to return in a predictable state
  when an API call fails.

[1] https://docs.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
[2] https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom

Closes #9027

1 files changed, 2 insertions, 0 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5f93bedf6..b2204fe58 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1327,6 +1327,8 @@ if(WIN32)
   if(USE_WIN32_CRYPTO OR USE_SCHANNEL)
     list(APPEND CURL_LIBS "advapi32" "crypt32")
   endif()
+
+  list(APPEND CURL_LIBS "bcrypt")
 endif()
 
 if(MSVC)