}
#endif
+#if !defined(USE_SSL) || defined(USE_RUSTLS)
+/* ---- possibly non-cryptographic version following ---- */
+CURLcode Curl_weak_random(struct Curl_easy *data,
+ unsigned char *entropy,
+ size_t length) /* always 4, size of int */
+{
+ unsigned int r;
+ DEBUGASSERT(length == sizeof(int));
+
+ /* Trying cryptographically secure functions first */
+#ifdef _WIN32
+ (void)data;
+ {
+ CURLcode result = Curl_win32_random(entropy, length);
+ if(result != CURLE_NOT_BUILT_IN)
+ return result;
+ }
+#endif
+
+#if defined(HAVE_ARC4RANDOM)
+ (void)data;
+ r = (unsigned int)arc4random();
+ memcpy(entropy, &r, length);
+#else
+ infof(data, "WARNING: using weak random seed");
+ {
+ static unsigned int randseed;
+ static bool seeded = FALSE;
+ unsigned int rnd;
+ if(!seeded) {
+ struct curltime now = Curl_now();
+ randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
+ randseed = randseed * 1103515245 + 12345;
+ randseed = randseed * 1103515245 + 12345;
+ randseed = randseed * 1103515245 + 12345;
+ seeded = TRUE;
+ }
+
+ /* Return an unsigned 32-bit pseudo-random number. */
+ r = randseed = randseed * 1103515245 + 12345;
+ rnd = (r << 16) | ((r >> 16) & 0xFFFF);
+ memcpy(entropy, &rnd, length);
+ }
+#endif
+ return CURLE_OK;
+}
+#endif
+
+#ifdef USE_SSL
+#define _random(x,y,z) Curl_ssl_random(x,y,z)
+#else
+#define _random(x,y,z) Curl_weak_random(x,y,z)
+#endif
+
static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
bool env_override)
{
- CURLcode result = CURLE_OK;
- static unsigned int randseed;
- static bool seeded = FALSE;
-
#ifdef DEBUGBUILD
if(env_override) {
char *force_entropy = getenv("CURL_ENTROPY");
if(force_entropy) {
+ static unsigned int randseed;
+ static bool seeded = FALSE;
+
if(!seeded) {
unsigned int seed = 0;
size_t elen = strlen(force_entropy);
#endif
/* data may be NULL! */
- result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd));
- if(result != CURLE_NOT_BUILT_IN)
- /* only if there is no random function in the TLS backend do the non crypto
- version, otherwise return result */
- return result;
-
- /* ---- non-cryptographic version following ---- */
-
-#ifdef _WIN32
- if(!seeded) {
- result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd));
- if(result != CURLE_NOT_BUILT_IN)
- return result;
- }
-#endif
-
-#if defined(HAVE_ARC4RANDOM) && !defined(USE_OPENSSL)
- if(!seeded) {
- *rnd = (unsigned int)arc4random();
- return CURLE_OK;
- }
-#endif
-
- if(!seeded) {
- struct curltime now = Curl_now();
- infof(data, "WARNING: using weak random seed");
- randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
- randseed = randseed * 1103515245 + 12345;
- randseed = randseed * 1103515245 + 12345;
- randseed = randseed * 1103515245 + 12345;
- seeded = TRUE;
- }
-
- {
- unsigned int r;
- /* Return an unsigned 32-bit pseudo-random number. */
- r = randseed = randseed * 1103515245 + 12345;
- *rnd = (r << 16) | ((r >> 16) & 0xFFFF);
- }
- return CURLE_OK;
+ return _random(data, (unsigned char *)rnd, sizeof(*rnd));
}
/*
#include "multiif.h"
#include "connect.h" /* for the connect timeout */
#include "cipher_suite.h"
+#include "rand.h"
struct rustls_ssl_backend_data
{
Curl_none_check_cxn, /* check_cxn */
cr_shutdown, /* shutdown */
cr_data_pending, /* data_pending */
- Curl_none_random, /* random */
+ Curl_weak_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
cr_connect_blocking, /* connect */
cr_connect_nonblocking, /* connect_nonblocking */
#include "connect.h"
#include "select.h"
#include "strdup.h"
+#include "rand.h"
/* The last #include files should be: */
#include "curl_memory.h"
return result;
}
+/* get 32 bits of random */
CURLcode Curl_ssl_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
{
- return Curl_ssl->random(data, entropy, length);
+ DEBUGASSERT(length == sizeof(int));
+ if(Curl_ssl->random)
+ return Curl_ssl->random(data, entropy, length);
+ else
+ return CURLE_NOT_BUILT_IN;
}
/*
return -1;
}
-CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM,
- unsigned char *entropy UNUSED_PARAM,
- size_t length UNUSED_PARAM)
-{
- (void)data;
- (void)entropy;
- (void)length;
- return CURLE_NOT_BUILT_IN;
-}
-
void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM)
{
(void)data;
Curl_none_check_cxn, /* check_cxn */
Curl_none_shutdown, /* shutdown */
Curl_none_data_pending, /* data_pending */
- Curl_none_random, /* random */
+ NULL, /* random */
Curl_none_cert_status_request, /* cert_status_request */
multissl_connect, /* connect */
multissl_connect_nonblocking, /* connect_nonblocking */
projects / thirdparty / curl.git / commitdiff
