2016-11-11 21:53:36 +08:00
|
|
|
/***************************************************************************
|
|
|
|
* _ _ ____ _
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
* | (__| |_| | _ <| |___
|
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
*
|
2023-01-02 20:51:48 +08:00
|
|
|
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
2016-11-11 21:53:36 +08:00
|
|
|
*
|
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
* you should have received as part of this distribution. The terms
|
2020-11-04 21:02:01 +08:00
|
|
|
* are also available at https://curl.se/docs/copyright.html.
|
2016-11-11 21:53:36 +08:00
|
|
|
*
|
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
|
|
*
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
|
|
|
*
|
2022-05-17 17:16:50 +08:00
|
|
|
* SPDX-License-Identifier: curl
|
|
|
|
*
|
2016-11-11 21:53:36 +08:00
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
#include "curl_setup.h"
|
|
|
|
|
2023-09-12 18:51:21 +08:00
|
|
|
#include <limits.h>
|
|
|
|
|
2017-02-24 04:07:04 +08:00
|
|
|
#ifdef HAVE_FCNTL_H
|
2016-11-11 21:53:36 +08:00
|
|
|
#include <fcntl.h>
|
2017-02-24 04:07:04 +08:00
|
|
|
#endif
|
2022-11-11 18:45:34 +08:00
|
|
|
#ifdef HAVE_ARPA_INET_H
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#endif
|
2016-11-11 21:53:36 +08:00
|
|
|
|
|
|
|
#include <curl/curl.h>
|
2023-08-03 23:32:25 +08:00
|
|
|
#include "urldata.h"
|
2016-11-11 21:53:36 +08:00
|
|
|
#include "vtls/vtls.h"
|
|
|
|
#include "sendf.h"
|
2022-11-11 18:45:34 +08:00
|
|
|
#include "timeval.h"
|
2016-11-11 21:53:36 +08:00
|
|
|
#include "rand.h"
|
2023-09-30 00:06:49 +08:00
|
|
|
#include "escape.h"
|
2016-11-11 21:53:36 +08:00
|
|
|
|
|
|
|
/* The last 3 #include files should be in this order */
|
|
|
|
#include "curl_printf.h"
|
|
|
|
#include "curl_memory.h"
|
|
|
|
#include "memdebug.h"
|
|
|
|
|
2023-11-22 00:54:49 +08:00
|
|
|
#ifdef _WIN32
|
2022-07-04 17:38:24 +08:00
|
|
|
|
2023-08-08 19:00:36 +08:00
|
|
|
#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600
|
2022-07-04 17:38:24 +08:00
|
|
|
# define HAVE_WIN_BCRYPTGENRANDOM
|
|
|
|
# include <bcrypt.h>
|
|
|
|
# ifdef _MSC_VER
|
|
|
|
# pragma comment(lib, "bcrypt.lib")
|
|
|
|
# endif
|
|
|
|
# ifndef BCRYPT_USE_SYSTEM_PREFERRED_RNG
|
|
|
|
# define BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002
|
|
|
|
# endif
|
|
|
|
# ifndef STATUS_SUCCESS
|
|
|
|
# define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
|
|
|
|
# endif
|
|
|
|
#elif defined(USE_WIN32_CRYPTO)
|
|
|
|
# include <wincrypt.h>
|
|
|
|
# ifdef _MSC_VER
|
|
|
|
# pragma comment(lib, "advapi32.lib")
|
|
|
|
# endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
|
|
|
|
{
|
|
|
|
memset(entropy, 0, length);
|
|
|
|
|
|
|
|
#if defined(HAVE_WIN_BCRYPTGENRANDOM)
|
|
|
|
if(BCryptGenRandom(NULL, entropy, (ULONG)length,
|
|
|
|
BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS)
|
|
|
|
return CURLE_FAILED_INIT;
|
|
|
|
|
|
|
|
return CURLE_OK;
|
|
|
|
#elif defined(USE_WIN32_CRYPTO)
|
|
|
|
{
|
|
|
|
HCRYPTPROV hCryptProv = 0;
|
|
|
|
|
|
|
|
if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
|
|
|
|
CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
|
|
|
|
return CURLE_FAILED_INIT;
|
|
|
|
|
|
|
|
if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) {
|
|
|
|
CryptReleaseContext(hCryptProv, 0UL);
|
|
|
|
return CURLE_FAILED_INIT;
|
|
|
|
}
|
|
|
|
|
|
|
|
CryptReleaseContext(hCryptProv, 0UL);
|
|
|
|
}
|
|
|
|
return CURLE_OK;
|
|
|
|
#else
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2016-11-11 21:53:36 +08:00
|
|
|
static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
|
|
|
|
{
|
|
|
|
CURLcode result = CURLE_OK;
|
|
|
|
static unsigned int randseed;
|
|
|
|
static bool seeded = FALSE;
|
|
|
|
|
|
|
|
#ifdef CURLDEBUG
|
|
|
|
char *force_entropy = getenv("CURL_ENTROPY");
|
|
|
|
if(force_entropy) {
|
|
|
|
if(!seeded) {
|
2017-05-09 05:23:28 +08:00
|
|
|
unsigned int seed = 0;
|
2016-11-11 21:53:36 +08:00
|
|
|
size_t elen = strlen(force_entropy);
|
2017-05-09 05:23:28 +08:00
|
|
|
size_t clen = sizeof(seed);
|
2016-11-11 21:53:36 +08:00
|
|
|
size_t min = elen < clen ? elen : clen;
|
2017-05-09 05:23:28 +08:00
|
|
|
memcpy((char *)&seed, force_entropy, min);
|
|
|
|
randseed = ntohl(seed);
|
2016-11-11 21:53:36 +08:00
|
|
|
seeded = TRUE;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
randseed++;
|
|
|
|
*rnd = randseed;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* data may be NULL! */
|
2016-12-21 22:09:31 +08:00
|
|
|
result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd));
|
2016-11-11 21:53:36 +08:00
|
|
|
if(result != CURLE_NOT_BUILT_IN)
|
2017-03-26 23:02:22 +08:00
|
|
|
/* only if there is no random function in the TLS backend do the non crypto
|
2016-11-11 21:53:36 +08:00
|
|
|
version, otherwise return result */
|
|
|
|
return result;
|
|
|
|
|
|
|
|
/* ---- non-cryptographic version following ---- */
|
|
|
|
|
2023-11-22 00:54:49 +08:00
|
|
|
#ifdef _WIN32
|
2022-07-04 17:38:24 +08:00
|
|
|
if(!seeded) {
|
|
|
|
result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd));
|
|
|
|
if(result != CURLE_NOT_BUILT_IN)
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2023-11-06 07:27:55 +08:00
|
|
|
#if defined(HAVE_ARC4RANDOM) && !defined(USE_OPENSSL)
|
build: add more picky warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it [1].
`-Wunused-macros` was too noisy to keep around, but fixed a few issues
it revealed while testing.
- autotools: reflect the more precisely-versioned clang warnings.
Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
- autotools: sync between clang and gcc the way we set `no-multichar`.
- autotools: avoid setting `-Wstrict-aliasing=3` twice.
- autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
It triggers in libtool-generated stub code.
- lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.
- lib/curl_setup.h: delete duplicate declaration for `fileno`.
Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d
(1999-12-29). This suggests this may not be needed anymore, but if
it does, we may restore this for those specific (non-Windows) systems.
- lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394.
- lib: delete unused macro `isxdigit_ascii` since
f65f750742068f579f4ee6d8539ed9d5f0afcb85.
- lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
macro.
- lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- lib/setopt: fix `-Wunreachable-code-break`.
- lib/system_win32 and lib/timeval: fix double declarations for
`Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- lib/warnless: fix double declarations in CMake UNITY mode [5].
This was due to force-disabling the header guard of `warnless.h` to
to reapply it to source code coming after `warnless.c` in UNITY
builds. This reapplied declarations too, causing the warnings.
Solved by adding a header guard for the lines that actually need
to be reapplied.
- lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
block.
- lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- lib/vtls/sectransp: suppress `-Wunreachable-code`.
Detected in `else` branches of dynamic feature checks, with results
known at compile-time, e.g.
```c
if(SecCertificateCopySubjectSummary) /* -> true */
```
Likely fixable as a separate micro-project, but given SecureTransport
is deprecated anyway, let's just silence these locally.
- src/tool_help: delete duplicate declaration for `helptext`.
- src/tool_xattr: fix `-Wunreachable-code`.
- tests: delete duplicate declaration for `unitfail` [8].
- tests: delete duplicate declaration for `strncasecompare`.
- tests/libtest: delete duplicate declaration for `gethostname`.
Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7
(2010-08-02).
Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc
If there are still systems around with warnings, we may restore the
prototype, but limited for those systems.
- tests/lib2305: delete duplicate declaration for
`libtest_debug_config`.
- tests/h2-download: fix `-Wunreachable-code-break`.
[1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
[2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675
[3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72
https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109
[4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204
[5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218
[6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290
[7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193
[8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870
Closes #12331
2023-11-15 22:43:36 +08:00
|
|
|
if(!seeded) {
|
|
|
|
*rnd = (unsigned int)arc4random();
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2023-03-04 15:02:14 +08:00
|
|
|
#endif
|
|
|
|
|
2023-11-22 00:54:49 +08:00
|
|
|
#if defined(RANDOM_FILE) && !defined(_WIN32)
|
2016-11-11 21:53:36 +08:00
|
|
|
if(!seeded) {
|
|
|
|
/* if there's a random file to read a seed from, use it */
|
|
|
|
int fd = open(RANDOM_FILE, O_RDONLY);
|
|
|
|
if(fd > -1) {
|
|
|
|
/* read random data into the randseed variable */
|
|
|
|
ssize_t nread = read(fd, &randseed, sizeof(randseed));
|
|
|
|
if(nread == sizeof(randseed))
|
|
|
|
seeded = TRUE;
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if(!seeded) {
|
2017-10-25 17:59:43 +08:00
|
|
|
struct curltime now = Curl_now();
|
2022-04-15 03:13:29 +08:00
|
|
|
infof(data, "WARNING: using weak random seed");
|
2016-11-11 21:53:36 +08:00
|
|
|
randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
|
|
|
|
randseed = randseed * 1103515245 + 12345;
|
|
|
|
randseed = randseed * 1103515245 + 12345;
|
|
|
|
randseed = randseed * 1103515245 + 12345;
|
|
|
|
seeded = TRUE;
|
|
|
|
}
|
|
|
|
|
build: add more picky warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it [1].
`-Wunused-macros` was too noisy to keep around, but fixed a few issues
it revealed while testing.
- autotools: reflect the more precisely-versioned clang warnings.
Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324
- autotools: sync between clang and gcc the way we set `no-multichar`.
- autotools: avoid setting `-Wstrict-aliasing=3` twice.
- autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
It triggers in libtool-generated stub code.
- lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.
- lib/curl_setup.h: delete duplicate declaration for `fileno`.
Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d
(1999-12-29). This suggests this may not be needed anymore, but if
it does, we may restore this for those specific (non-Windows) systems.
- lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394.
- lib: delete unused macro `isxdigit_ascii` since
f65f750742068f579f4ee6d8539ed9d5f0afcb85.
- lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
macro.
- lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- lib/setopt: fix `-Wunreachable-code-break`.
- lib/system_win32 and lib/timeval: fix double declarations for
`Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- lib/warnless: fix double declarations in CMake UNITY mode [5].
This was due to force-disabling the header guard of `warnless.h` to
to reapply it to source code coming after `warnless.c` in UNITY
builds. This reapplied declarations too, causing the warnings.
Solved by adding a header guard for the lines that actually need
to be reapplied.
- lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
block.
- lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- lib/vtls/sectransp: suppress `-Wunreachable-code`.
Detected in `else` branches of dynamic feature checks, with results
known at compile-time, e.g.
```c
if(SecCertificateCopySubjectSummary) /* -> true */
```
Likely fixable as a separate micro-project, but given SecureTransport
is deprecated anyway, let's just silence these locally.
- src/tool_help: delete duplicate declaration for `helptext`.
- src/tool_xattr: fix `-Wunreachable-code`.
- tests: delete duplicate declaration for `unitfail` [8].
- tests: delete duplicate declaration for `strncasecompare`.
- tests/libtest: delete duplicate declaration for `gethostname`.
Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7
(2010-08-02).
Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc
If there are still systems around with warnings, we may restore the
prototype, but limited for those systems.
- tests/lib2305: delete duplicate declaration for
`libtest_debug_config`.
- tests/h2-download: fix `-Wunreachable-code-break`.
[1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
[2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675
[3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72
https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109
[4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204
[5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218
[6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290
[7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193
[8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870
Closes #12331
2023-11-15 22:43:36 +08:00
|
|
|
{
|
|
|
|
unsigned int r;
|
|
|
|
/* Return an unsigned 32-bit pseudo-random number. */
|
|
|
|
r = randseed = randseed * 1103515245 + 12345;
|
|
|
|
*rnd = (r << 16) | ((r >> 16) & 0xFFFF);
|
|
|
|
}
|
2016-11-11 21:53:36 +08:00
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2023-04-24 20:14:11 +08:00
|
|
|
* Curl_rand() stores 'num' number of random unsigned characters in the buffer
|
|
|
|
* 'rnd' points to.
|
2016-11-11 21:53:36 +08:00
|
|
|
*
|
|
|
|
* If libcurl is built without TLS support or with a TLS backend that lacks a
|
2023-08-07 19:02:32 +08:00
|
|
|
* proper random API (rustls or mbedTLS), this function will use "weak"
|
2022-06-22 17:35:46 +08:00
|
|
|
* random.
|
2016-11-11 21:53:36 +08:00
|
|
|
*
|
|
|
|
* When built *with* TLS support and a backend that offers strong random, it
|
|
|
|
* will return error if it cannot provide strong random values.
|
|
|
|
*
|
|
|
|
* NOTE: 'data' may be passed in as NULL when coming from external API without
|
|
|
|
* easy handle!
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2017-05-09 05:23:28 +08:00
|
|
|
CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
|
2016-11-11 21:53:36 +08:00
|
|
|
{
|
2016-11-21 12:57:47 +08:00
|
|
|
CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
|
2016-11-11 21:53:36 +08:00
|
|
|
|
2024-01-08 17:34:06 +08:00
|
|
|
DEBUGASSERT(num);
|
2016-11-11 21:53:36 +08:00
|
|
|
|
2017-05-09 05:23:28 +08:00
|
|
|
while(num) {
|
|
|
|
unsigned int r;
|
|
|
|
size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int);
|
|
|
|
|
|
|
|
result = randit(data, &r);
|
2016-11-11 21:53:36 +08:00
|
|
|
if(result)
|
|
|
|
return result;
|
2017-05-09 05:23:28 +08:00
|
|
|
|
|
|
|
while(left) {
|
|
|
|
*rnd++ = (unsigned char)(r & 0xFF);
|
|
|
|
r >>= 8;
|
|
|
|
--num;
|
|
|
|
--left;
|
|
|
|
}
|
2016-11-11 21:53:36 +08:00
|
|
|
}
|
2017-05-09 05:23:28 +08:00
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random
|
2022-09-17 23:32:21 +08:00
|
|
|
* hexadecimal digits PLUS a null-terminating byte. It must be an odd number
|
2017-05-09 05:23:28 +08:00
|
|
|
* size.
|
|
|
|
*/
|
|
|
|
|
|
|
|
CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
|
|
|
|
size_t num)
|
|
|
|
{
|
|
|
|
CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
|
|
|
|
unsigned char buffer[128];
|
|
|
|
DEBUGASSERT(num > 1);
|
|
|
|
|
2017-12-13 07:45:42 +08:00
|
|
|
#ifdef __clang_analyzer__
|
2018-05-16 14:18:50 +08:00
|
|
|
/* This silences a scan-build warning about accessing this buffer with
|
2017-12-13 07:45:42 +08:00
|
|
|
uninitialized memory. */
|
|
|
|
memset(buffer, 0, sizeof(buffer));
|
|
|
|
#endif
|
|
|
|
|
2024-01-08 17:34:06 +08:00
|
|
|
if((num/2 >= sizeof(buffer)) || !(num&1)) {
|
2017-05-09 05:23:28 +08:00
|
|
|
/* make sure it fits in the local buffer and that it is an odd number! */
|
2024-01-08 17:34:06 +08:00
|
|
|
DEBUGF(infof(data, "invalid buffer size with Curl_rand_hex"));
|
2017-05-09 05:23:28 +08:00
|
|
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
2024-01-08 17:34:06 +08:00
|
|
|
}
|
2017-05-09 05:23:28 +08:00
|
|
|
|
2022-09-17 23:32:21 +08:00
|
|
|
num--; /* save one for null-termination */
|
2017-05-09 05:23:28 +08:00
|
|
|
|
|
|
|
result = Curl_rand(data, buffer, num/2);
|
|
|
|
if(result)
|
|
|
|
return result;
|
|
|
|
|
2023-09-30 00:06:49 +08:00
|
|
|
Curl_hexencode(buffer, num/2, rnd, num + 1);
|
2016-11-11 21:53:36 +08:00
|
|
|
return result;
|
|
|
|
}
|
2023-09-12 18:51:21 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Curl_rand_alnum() fills the 'rnd' buffer with a given 'num' size with random
|
|
|
|
* alphanumerical chars PLUS a null-terminating byte.
|
|
|
|
*/
|
|
|
|
|
2023-09-17 04:37:28 +08:00
|
|
|
static const char alnum[] =
|
2023-09-12 18:51:21 +08:00
|
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
|
|
|
|
|
|
CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd,
|
|
|
|
size_t num)
|
|
|
|
{
|
|
|
|
CURLcode result = CURLE_OK;
|
2023-09-17 04:37:28 +08:00
|
|
|
const int alnumspace = sizeof(alnum) - 1;
|
2023-09-12 18:51:21 +08:00
|
|
|
unsigned int r;
|
|
|
|
DEBUGASSERT(num > 1);
|
|
|
|
|
|
|
|
num--; /* save one for null-termination */
|
|
|
|
|
|
|
|
while(num) {
|
|
|
|
do {
|
|
|
|
result = randit(data, &r);
|
|
|
|
if(result)
|
|
|
|
return result;
|
|
|
|
} while(r >= (UINT_MAX - UINT_MAX % alnumspace));
|
|
|
|
|
|
|
|
*rnd++ = alnum[r % alnumspace];
|
|
|
|
num--;
|
|
|
|
}
|
|
|
|
*rnd = 0;
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|