formpost: better random boundaries

  netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c	\

  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\

  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\

  content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\

  content_encoding.c share.c http_digest.c md4.c md5.c	\

  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\

  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\

  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\

HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\

  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\

  if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h	\

  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\

  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h	\

  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\

  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\

  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.

 * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

                           unsigned char *md5sum, /* output */

                           size_t md5len);

/* this backend provides these functions: */

#define have_curlssl_random 1

#define have_curlssl_md5sum 1

/* API setup for SecureTransport */

#define curlssl_init() (1)

#define curlssl_cleanup() Curl_nop_stmt

/***************************************************************************

 *                                  _   _ ____  _

 *  Project                     ___| | | |  _ \| |

 *                             / __| | | | |_) | |

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

 * are also available at http://curl.haxx.se/docs/copyright.html.

 *

 * You may opt to use, copy, modify, merge, publish, distribute and/or sell

 * copies of the Software, and permit persons to whom the Software is

 * furnished to do so, under the terms of the COPYING file.

 *

 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

 * KIND, either express or implied.

 *

 ***************************************************************************/

#include "curl_setup.h"

#include <curl/curl.h>

#include "curl_rand.h"

#define _MPRINTF_REPLACE /* use our functions only */

#include <curl/mprintf.h>

#include "curl_memory.h"

/* The last #include file should be: */

#include "memdebug.h"

/* Private pseudo-random number seed. Unsigned integer >= 32bit. Threads

   mutual exclusion is not implemented to acess it since we do not require

   high quality random numbers (only used in form boudary generation). */

static unsigned int randseed;

/* Pseudo-random number support. */

unsigned int Curl_rand(void)

{

  unsigned int r;

  /* Return an unsigned 32-bit pseudo-random number. */

  r = randseed = randseed * 1103515245 + 12345;

  return (r << 16) | ((r >> 16) & 0xFFFF);

}

void Curl_srand(void)

{

  /* Randomize pseudo-random number sequence. */

  randseed = (unsigned int) time(NULL);

  Curl_rand();

  Curl_rand();

  Curl_rand();

}

#ifndef HEADER_CURL_RAND_H

#define HEADER_CURL_RAND_H

/***************************************************************************

 *                                  _   _ ____  _

 *  Project                     ___| | | |  _ \| |

 *                             / __| | | | |_) | |

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

 * are also available at http://curl.haxx.se/docs/copyright.html.

 *

 * You may opt to use, copy, modify, merge, publish, distribute and/or sell

 * copies of the Software, and permit persons to whom the Software is

 * furnished to do so, under the terms of the COPYING file.

 *

 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

 * KIND, either express or implied.

 *

 ***************************************************************************/

void Curl_srand(void);

unsigned int Curl_rand(void);

#endif /* HEADER_CURL_RAND_H */

#include "curl_base64.h"

#include "curl_md5.h"

#include "curl_rand.h"

#include "sslgen.h"

#include "curl_hmac.h"

#include "curl_ntlm_msgs.h"

#include "curl_sasl.h"

  /* Generate 64 bits of random data */

  for(i = 0; i < 8; i++)

    cnonce[i] = table16[Curl_rand()%16];

    cnonce[i] = table16[Curl_rand(data)%16];

  /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */

  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);