random: use Curl_rand() for proper random data (bbd3dc61) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/curl_sasl.c

+2 −6

Original line number	Diff line number	Diff line
		@@ -423,9 +423,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		unsigned int cnonce2 = 0;
		unsigned int cnonce3 = 0;
		unsigned int cnonce4 = 0;
		#ifndef DEBUGBUILD
		struct timeval now;
		#endif

		char nonceCount[] = "00000001";
		char method[] = "AUTHENTICATE";
		@@ -457,9 +454,8 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
		/* Generate 16 bytes of random data */
		cnonce1 = Curl_rand(data);
		cnonce2 = Curl_rand(data);
		now = Curl_tvnow();
		cnonce3 = now.tv_sec;
		cnonce4 = now.tv_usec;
		cnonce3 = Curl_rand(data);
		cnonce4 = Curl_rand(data);
		#endif

		/* Convert the random data into a 32 byte hex string */

+2 −5

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -367,12 +367,9 @@ CURLcode Curl_output_digest(struct connectdata *conn,
		d->nc = 1;

		if(!d->cnonce) {
		struct timeval now = Curl_tvnow();
		snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
		Curl_rand(data), Curl_rand(data),
		(unsigned int)now.tv_sec,
		(unsigned int)now.tv_usec);

		Curl_rand(data), Curl_rand(data));
		rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
		&cnonce, &cnonce_sz);
		if(rc)