From: Stefan Eissing Date: Tue, 23 Jul 2024 10:21:51 +0000 (+0200) Subject: Curl_rand_bytes to control env override X-Git-Tag: curl-8_10_0~419 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2372a5915c40aa3dd85aa7f0102401a3a4e91d98;p=thirdparty%2Fcurl.git Curl_rand_bytes to control env override - in DEBUGBUILD, all specifying if true random numbers are desired or simulated ones via CURL_ENTROPY - allows to use randoms in other DEBUG checks to not interfere with the CURL_ENTROPY - without this change, any Curl_rand() use will alter results of some AUTHENTICATION methods like DIGEST Closes #14264 --- diff --git a/lib/cf-socket.c b/lib/cf-socket.c index 2e92db29d3..9ef399a8a1 100644 --- a/lib/cf-socket.c +++ b/lib/cf-socket.c @@ -1464,7 +1464,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* simulate network blocking/partial writes */ if(ctx->wblock_percent > 0) { unsigned char c = 0; - Curl_rand(data, &c, 1); + Curl_rand_bytes(data, FALSE, &c, 1); if(c >= ((100-ctx->wblock_percent)*256/100)) { CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE EWOULDBLOCK", orig_len); *err = CURLE_AGAIN; diff --git a/lib/rand.c b/lib/rand.c index 4ee96fbb65..8dd778d17f 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -100,29 +100,34 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) } #endif -static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) +static CURLcode randit(struct Curl_easy *data, unsigned int *rnd, + bool env_override) { CURLcode result = CURLE_OK; static unsigned int randseed; static bool seeded = FALSE; #ifdef DEBUGBUILD - char *force_entropy = getenv("CURL_ENTROPY"); - if(force_entropy) { - if(!seeded) { - unsigned int seed = 0; - size_t elen = strlen(force_entropy); - size_t clen = sizeof(seed); - size_t min = elen < clen ? elen : clen; - memcpy((char *)&seed, force_entropy, min); - randseed = ntohl(seed); - seeded = TRUE; + if(env_override) { + char *force_entropy = getenv("CURL_ENTROPY"); + if(force_entropy) { + if(!seeded) { + unsigned int seed = 0; + size_t elen = strlen(force_entropy); + size_t clen = sizeof(seed); + size_t min = elen < clen ? elen : clen; + memcpy((char *)&seed, force_entropy, min); + randseed = ntohl(seed); + seeded = TRUE; + } + else + randseed++; + *rnd = randseed; + return CURLE_OK; } - else - randseed++; - *rnd = randseed; - return CURLE_OK; } +#else + (void)env_override; #endif /* data may be NULL! */ @@ -198,9 +203,16 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * */ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool env_override, +#endif + unsigned char *rnd, size_t num) { CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; +#ifndef DEBUGBUILD + const bool env_override = FALSE; +#endif DEBUGASSERT(num); @@ -208,7 +220,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) unsigned int r; size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int); - result = randit(data, &r); + result = randit(data, &r, env_override); if(result) return result; @@ -278,7 +290,7 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, while(num) { do { - result = randit(data, &r); + result = randit(data, &r, TRUE); if(result) return result; } while(r >= (UINT_MAX - UINT_MAX % alnumspace)); diff --git a/lib/rand.h b/lib/rand.h index bc05239e45..2ba60e7297 100644 --- a/lib/rand.h +++ b/lib/rand.h @@ -24,7 +24,17 @@ * ***************************************************************************/ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num); +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool allow_env_override, +#endif + unsigned char *rnd, size_t num); + +#ifdef DEBUGBUILD +#define Curl_rand(a,b,c) Curl_rand_bytes((a), TRUE, (b), (c)) +#else +#define Curl_rand(a,b,c) Curl_rand_bytes((a), (b), (c)) +#endif /* * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random