generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

random: use Curl_rand() for proper random data

Browse Source 
The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().

It will also allow us to easier "fake" that for debug builds on demand
in a future.
This commit is contained in:
Daniel Stenberg
2014-06-03 18:25:48 +02:00
parent 62a26ec696
commit bbd3dc611e
2 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/curl_sasl.c
View File

@@ -423,9 +423,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
unsigned int cnonce2 = 0;
unsigned int cnonce3 = 0;
unsigned int cnonce4 = 0;
#ifndef DEBUGBUILD
struct timeval now;
#endif
char nonceCount[] = "00000001";
char method[] = "AUTHENTICATE";
@@ -457,9 +454,8 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
/* Generate 16 bytes of random data */
cnonce1 = Curl_rand(data);
cnonce2 = Curl_rand(data);
now = Curl_tvnow();
cnonce3 = now.tv_sec;
cnonce4 = now.tv_usec;
cnonce3 = Curl_rand(data);
cnonce4 = Curl_rand(data);
#endif
/* Convert the random data into a 32 byte hex string */