mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
76172511e7
- Use the Windows API to seed the fallback random generator. This ensures to always have a random seed, even when libcurl is built with a vtls backend lacking a random generator API, such as rustls (experimental), GSKit and certain mbedTLS builds, or, when libcurl is built without a TLS backend. We reuse the Windows-specific random function from the Schannel backend. - Implement support for `BCryptGenRandom()` [1] on Windows, as a replacement for the deprecated `CryptGenRandom()` [2] function. It is used as the secure random generator for Schannel, and also to provide entropy for libcurl's fallback random generator. The new function is supported on Vista and newer via its `bcrypt.dll`. It is used automatically when building for supported versions. It also works in UWP apps (the old function did not). - Clear entropy buffer before calling the Windows random generator. This avoids using arbitrary application memory as entropy (with `CryptGenRandom()`) and makes sure to return in a predictable state when an API call fails. [1] https://docs.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom [2] https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom Closes #9027 |
||
|---|---|---|
| .. | ||
| bearssl.c | ||
| bearssl.h | ||
| gskit.c | ||
| gskit.h | ||
| gtls.c | ||
| gtls.h | ||
| hostcheck.c | ||
| hostcheck.h | ||
| keylog.c | ||
| keylog.h | ||
| mbedtls_threadlock.c | ||
| mbedtls_threadlock.h | ||
| mbedtls.c | ||
| mbedtls.h | ||
| nss.c | ||
| nssg.h | ||
| openssl.c | ||
| openssl.h | ||
| rustls.c | ||
| rustls.h | ||
| schannel_verify.c | ||
| schannel.c | ||
| schannel.h | ||
| sectransp.c | ||
| sectransp.h | ||
| vtls.c | ||
| vtls.h | ||
| wolfssl.c | ||
| wolfssl.h | ||
| x509asn1.c | ||
| x509asn1.h | ||