romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 23:01:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

rand: use BCryptGenRandom() in UWP builds

Browse source 
Also:
- fix build configuration to correctly set Win10 target in the mingw-w64
  CI build, to enable the `BCryptGenRandom()` prototype in v6+ SDK
  headers.

Ref: https://learn.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom

Issue raised by Codex Security

Closes #20983
This commit is contained in:
Viktor Szakats 2026-03-18 14:13:07 +01:00
parent 41aaac61e2
commit d986b89c88
No known key found for this signature in database
2 changed files with 8 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/windows.yml vendored
View file

@ -309,7 +309,7 @@ jobs:
TFLAGS: '${{ matrix.tflags }}' TFLAGS: '${{ matrix.tflags }}'
run: | run: |
if [ "${MATRIX_TEST}" = 'uwp' ]; then if [ "${MATRIX_TEST}" = 'uwp' ]; then
CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP' CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP -D_WIN32_WINNT=0x0a00'
if [[ "${MATRIX_ENV}" != 'clang'* ]]; then if [[ "${MATRIX_ENV}" != 'clang'* ]]; then
specs="$(realpath gcc-specs-uwp)" specs="$(realpath gcc-specs-uwp)"
gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}" gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}"
@ -325,7 +325,7 @@ jobs:
options='-DCMAKE_C_COMPILER=gcc' options='-DCMAKE_C_COMPILER=gcc'
fi fi
[ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON' [ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON'
[ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore'
[ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON' [ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON'
[ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF'
cmake -B "bld${_chkprefill}" -G Ninja ${options} \ cmake -B "bld${_chkprefill}" -G Ninja ${options} \

7
lib/rand.c
View file

@ -34,8 +34,6 @@
#include "escape.h" #include "escape.h"
#ifdef _WIN32 #ifdef _WIN32
#ifndef CURL_WINDOWS_UWP
#include <bcrypt.h> #include <bcrypt.h>
#ifdef _MSC_VER #ifdef _MSC_VER
# pragma comment(lib, "bcrypt.lib") # pragma comment(lib, "bcrypt.lib")
@ -43,21 +41,16 @@
#ifndef STATUS_SUCCESS #ifndef STATUS_SUCCESS
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L) #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif #endif
#endif
CURLcode Curl_win32_random(unsigned char *entropy, size_t length) CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
{ {
memset(entropy, 0, length); memset(entropy, 0, length);
#ifndef CURL_WINDOWS_UWP
if(BCryptGenRandom(NULL, entropy, (ULONG)length, if(BCryptGenRandom(NULL, entropy, (ULONG)length,
BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS) BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS)
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
return CURLE_OK; return CURLE_OK;
#else
return CURLE_NOT_BUILT_IN;
#endif
} }
#endif #endif