Curl_rand: fixed and moved to rand.c

  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c        \

  openldap.c curl_gethostname.c gopher.c idn_win32.c                    \

  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c      \

  http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c               \

  http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c        \

  curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c          \

  x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c

  curl_sasl.h curl_multibyte.h hostcheck.h conncache.h                  \

  curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h       \

  x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h           \

  curl_printf.h system_win32.h

  curl_printf.h system_win32.h rand.h

LIB_RCFILES = libcurl.rc

	$(DIROBJ)\pop3.obj \

	$(DIROBJ)\progress.obj \

	$(DIROBJ)\strcase.obj \

	$(DIROBJ)\rand.obj \

	$(DIROBJ)\rtsp.obj \

	$(DIROBJ)\schannel.obj \

	$(DIROBJ)\security.obj \

#include "strcase.h"

#include "sendf.h"

#include "strdup.h"

#include "rand.h"

/* The last 3 #include files should be in this order */

#include "curl_printf.h"

#include "curl_memory.h"

{

  /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)

     combinations */

  return aprintf("------------------------%08x%08x",

                 Curl_rand(data), Curl_rand(data));

  unsigned int rnd[2];

  CURLcode result = Curl_rand(data, &rnd[0], 2);

  if(result)

    return NULL;

  return aprintf("------------------------%08x%08x", rnd[0], rnd[1]);

}

#else  /* CURL_DISABLE_HTTP */

/***************************************************************************

 *                                  _   _ ____  _

 *  Project                     ___| | | |  _ \| |

 *                             / __| | | | |_) | |

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

 * are also available at https://curl.haxx.se/docs/copyright.html.

 *

 * You may opt to use, copy, modify, merge, publish, distribute and/or sell

 * copies of the Software, and permit persons to whom the Software is

 * furnished to do so, under the terms of the COPYING file.

 *

 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

 * KIND, either express or implied.

 *

 ***************************************************************************/

#include "curl_setup.h"

#include <fcntl.h>

#include <curl/curl.h>

#include "vtls/vtls.h"

#include "sendf.h"

#include "rand.h"

/* The last 3 #include files should be in this order */

#include "curl_printf.h"

#include "curl_memory.h"

#include "memdebug.h"

static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)

{

  unsigned int r;

  CURLcode result = CURLE_OK;

  static unsigned int randseed;

  static bool seeded = FALSE;

#ifdef CURLDEBUG

  char *force_entropy = getenv("CURL_ENTROPY");

  if(force_entropy) {

    if(!seeded) {

      size_t elen = strlen(force_entropy);

      size_t clen = sizeof(randseed);

      size_t min = elen < clen ? elen : clen;

      memcpy((char *)&randseed, force_entropy, min);

      seeded = TRUE;

    }

    else

      randseed++;

    *rnd = randseed;

    return CURLE_OK;

  }

#endif

  /* data may be NULL! */

  result = Curl_ssl_random(data, (unsigned char *)&rnd, sizeof(rnd));

  if(result != CURLE_NOT_BUILT_IN)

    /* only if there is no random funtion in the TLS backend do the non crypto

       version, otherwise return result */

    return result;

  /* ---- non-cryptographic version following ---- */

#ifdef RANDOM_FILE

  if(!seeded) {

    /* if there's a random file to read a seed from, use it */

    int fd = open(RANDOM_FILE, O_RDONLY);

    if(fd > -1) {

      /* read random data into the randseed variable */

      ssize_t nread = read(fd, &randseed, sizeof(randseed));

      if(nread == sizeof(randseed))

        seeded = TRUE;

      close(fd);

    }

  }

#endif

  if(!seeded) {

    struct timeval now = curlx_tvnow();

    infof(data, "WARNING: Using weak random seed\n");

    randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;

    randseed = randseed * 1103515245 + 12345;

    randseed = randseed * 1103515245 + 12345;

    randseed = randseed * 1103515245 + 12345;

    seeded = TRUE;

  }

  /* Return an unsigned 32-bit pseudo-random number. */

  r = randseed = randseed * 1103515245 + 12345;

  *rnd = (r << 16) | ((r >> 16) & 0xFFFF);

  return CURLE_OK;

}

/*

 * Curl_rand() stores 'num' number of random unsigned integers in the buffer

 * 'rndptr' points to.

 *

 * If libcurl is built without TLS support or with a TLS backend that lacks a

 * proper random API (Gskit, PolarSSL or mbedTLS), this function will use

 * "weak" random.

 *

 * When built *with* TLS support and a backend that offers strong random, it

 * will return error if it cannot provide strong random values.

 *

 * NOTE: 'data' may be passed in as NULL when coming from external API without

 * easy handle!

 *

 */

CURLcode Curl_rand(struct Curl_easy *data, unsigned int *rndptr, int num)

{

  CURLcode result;

  int i;

  assert(num > 0);

  for(i = 0; i < num; i++) {

    result = randit(data, rndptr++);

    if(result)

      return result;

  }

  return result;

}

#ifndef HEADER_CURL_RAND_H

#define HEADER_CURL_RAND_H

/***************************************************************************

 *                                  _   _ ____  _

 *  Project                     ___| | | |  _ \| |

 *                             / __| | | | |_) | |

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

 * are also available at https://curl.haxx.se/docs/copyright.html.

 *

 * You may opt to use, copy, modify, merge, publish, distribute and/or sell

 * copies of the Software, and permit persons to whom the Software is

 * furnished to do so, under the terms of the COPYING file.

 *

 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

 * KIND, either express or implied.

 *

 ***************************************************************************/

/*

 * Curl_rand() stores 'num' number of random unsigned integers in the buffer

 * 'rnd' points to.

 *

 * If libcurl is built without TLS support or with a TLS backend that lacks a

 * proper random API (Gskit, PolarSSL or mbedTLS), this function will use

 * "weak" random.

 *

 * When built *with* TLS support and a backend that offers strong random, it

 * will return error if it cannot provide strong random values.

 *

 * NOTE: 'data' may be passed in as NULL when coming from external API without

 * easy handle!

 *

 */

CURLcode Curl_rand(struct Curl_easy *data, unsigned int *rnd, int num);

#endif /* HEADER_CURL_RAND_H */