mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

rand: stop detecting /dev/urandom in cross-builds

Browse Source 
- Prevent CMake to auto-detect /dev/urandom when cross-building.
  Before this patch, it would detect it in a cross-build scenario on *nix
  hosts with this device present. This was a problem for example with
  Windows builds, but it could affect any target system with this device
  missing. This also syncs detection behaviour with autotools, which also
  skips it for cross-builds.
- Also, make sure to never use the file RANDOM_FILE as entropy for libcurl's
  fallback random number generator on Windows. Windows does not have the
  concept of reading a random stream from a filename, nor any guaranteed
  non-world-writable path on disk. With this, a manual misconfiguration or
  an overeager auto-detection can no longer result in a user-controllable
  seed source.

Reviewed-by: Daniel Stenberg
Closes #9038
This commit is contained in:
Viktor Szakats 2022-06-22 09:35:46 +00:00
parent 79f915e8ec
commit 70adb81c6f
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CMakeLists.txt
View File

@ -1055,8 +1055,10 @@ if(HAVE_SIZEOF_LONG_LONG)
set(HAVE_LL 1)
endif()
find_file(RANDOM_FILE urandom /dev)
mark_as_advanced(RANDOM_FILE)
if(NOT CMAKE_CROSSCOMPILING)
find_file(RANDOM_FILE urandom /dev)
mark_as_advanced(RANDOM_FILE)
endif()
# Check for some functions that are used
if(HAVE_LIBWS2_32)

5
lib/rand.c
View File

@ -73,7 +73,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
/* ---- non-cryptographic version following ---- */
#ifdef RANDOM_FILE
#if defined(RANDOM_FILE) && !defined(WIN32)
if(!seeded) {
/* if there's a random file to read a seed from, use it */
int fd = open(RANDOM_FILE, O_RDONLY);
@ -108,7 +108,8 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
* 'rndptr' points to.
*
* If libcurl is built without TLS support or with a TLS backend that lacks a
* proper random API (Gskit or mbedTLS), this function will use "weak" random.
* proper random API (rustls, Gskit or mbedTLS), this function will use "weak"
* random.
*
* When built *with* TLS support and a backend that offers strong random, it
* will return error if it cannot provide strong random values.