From: Viktor Szakats <commit@vsz.me>
Date: Wed, 22 Jun 2022 09:35:46 +0000 (+0000)
Subject: rand: stop detecting /dev/urandom in cross-builds
X-Git-Tag: curl-7_84_0~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70adb81c6f131c1c0c06e674757bebb20a0639a7;p=thirdparty%2Fcurl.git

rand: stop detecting /dev/urandom in cross-builds

- Prevent CMake to auto-detect /dev/urandom when cross-building.
  Before this patch, it would detect it in a cross-build scenario on *nix
  hosts with this device present. This was a problem for example with
  Windows builds, but it could affect any target system with this device
  missing. This also syncs detection behaviour with autotools, which also
  skips it for cross-builds.
- Also, make sure to never use the file RANDOM_FILE as entropy for libcurl's
  fallback random number generator on Windows. Windows does not have the
  concept of reading a random stream from a filename, nor any guaranteed
  non-world-writable path on disk. With this, a manual misconfiguration or
  an overeager auto-detection can no longer result in a user-controllable
  seed source.

Reviewed-by: Daniel Stenberg
Closes #9038
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 768ce2dc3a..45d763d5a9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1055,8 +1055,10 @@ if(HAVE_SIZEOF_LONG_LONG)
   set(HAVE_LL 1)
 endif()
 
-find_file(RANDOM_FILE urandom /dev)
-mark_as_advanced(RANDOM_FILE)
+if(NOT CMAKE_CROSSCOMPILING)
+  find_file(RANDOM_FILE urandom /dev)
+  mark_as_advanced(RANDOM_FILE)
+endif()
 
 # Check for some functions that are used
 if(HAVE_LIBWS2_32)
diff --git a/lib/rand.c b/lib/rand.c
index 6ccbe4f954..dd02f52680 100644
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -73,7 +73,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
 
   /* ---- non-cryptographic version following ---- */
 
-#ifdef RANDOM_FILE
+#if defined(RANDOM_FILE) && !defined(WIN32)
   if(!seeded) {
     /* if there's a random file to read a seed from, use it */
     int fd = open(RANDOM_FILE, O_RDONLY);
@@ -108,7 +108,8 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
  * 'rndptr' points to.
  *
  * If libcurl is built without TLS support or with a TLS backend that lacks a
- * proper random API (Gskit or mbedTLS), this function will use "weak" random.
+ * proper random API (rustls, Gskit or mbedTLS), this function will use "weak"
+ * random.
  *
  * When built *with* TLS support and a backend that offers strong random, it
  * will return error if it cannot provide strong random values.