netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c \
curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c \
memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c \
- content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c \
+ content_encoding.c share.c http_digest.c md4.c md5.c \
http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c \
hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c \
select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c \
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h \
- getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h \
+ getinfo.h strequal.h krb4.h memdebug.h http_chunks.h \
curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h \
connect.h llist.h hash.h content_encoding.h share.h curl_md4.h \
curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h \
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
unsigned char *md5sum, /* output */
size_t md5len);
+/* this backend provides these functions: */
+#define have_curlssl_random 1
+#define have_curlssl_md5sum 1
+
/* API setup for SecureTransport */
#define curlssl_init() (1)
#define curlssl_cleanup() Curl_nop_stmt
+++ /dev/null
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#include <curl/curl.h>
-
-#include "curl_rand.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* Private pseudo-random number seed. Unsigned integer >= 32bit. Threads
- mutual exclusion is not implemented to acess it since we do not require
- high quality random numbers (only used in form boudary generation). */
-
-static unsigned int randseed;
-
-/* Pseudo-random number support. */
-
-unsigned int Curl_rand(void)
-{
- unsigned int r;
- /* Return an unsigned 32-bit pseudo-random number. */
- r = randseed = randseed * 1103515245 + 12345;
- return (r << 16) | ((r >> 16) & 0xFFFF);
-}
-
-void Curl_srand(void)
-{
- /* Randomize pseudo-random number sequence. */
-
- randseed = (unsigned int) time(NULL);
- Curl_rand();
- Curl_rand();
- Curl_rand();
-}
-
+++ /dev/null
-#ifndef HEADER_CURL_RAND_H
-#define HEADER_CURL_RAND_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-void Curl_srand(void);
-
-unsigned int Curl_rand(void);
-
-#endif /* HEADER_CURL_RAND_H */
#include "curl_base64.h"
#include "curl_md5.h"
-#include "curl_rand.h"
+#include "sslgen.h"
#include "curl_hmac.h"
#include "curl_ntlm_msgs.h"
#include "curl_sasl.h"
/* Generate 64 bits of random data */
for(i = 0; i < 8; i++)
- cnonce[i] = table16[Curl_rand()%16];
+ cnonce[i] = table16[Curl_rand(data)%16];
/* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
#include "connect.h" /* for Curl_getconnectinfo */
#include "slist.h"
#include "amigaos.h"
-#include "curl_rand.h"
#include "non-ascii.h"
#include "warnless.h"
#include "conncache.h"
init_flags = flags;
- /* Preset pseudo-random number sequence. */
-
- Curl_srand();
-
return CURLE_OK;
}
#include <curl/curl.h>
-/* Length of the random boundary string. */
-#define BOUNDARY_LENGTH 40
-
#if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
#include "urldata.h" /* for struct SessionHandle */
#include "formdata.h"
-#include "curl_rand.h"
+#include "sslgen.h"
#include "strequal.h"
#include "curl_memory.h"
#include "sendf.h"
#endif
static size_t readfromfile(struct Form *form, char *buffer, size_t size);
-static char *formboundary(void);
+static char *formboundary(struct SessionHandle *data);
/* What kind of Content-Type to use on un-specified files with unrecognized
extensions. */
if(!post)
return result; /* no input => no output! */
- boundary = formboundary();
+ boundary = formboundary(data);
if(!boundary)
return CURLE_OUT_OF_MEMORY;
the magic to include several files with the same field name */
Curl_safefree(fileboundary);
- fileboundary = formboundary();
+ fileboundary = formboundary(data);
if(!fileboundary) {
result = CURLE_OUT_OF_MEMORY;
break;
* formboundary() creates a suitable boundary string and returns an allocated
* one.
*/
-static char *formboundary(void)
+static char *formboundary(struct SessionHandle *data)
{
- char *retstring;
- size_t i;
-
- static const char table16[]="0123456789abcdef";
-
- retstring = malloc(BOUNDARY_LENGTH+1);
-
- if(!retstring)
- return NULL; /* failed */
-
- strcpy(retstring, "----------------------------");
-
- for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
- retstring[i] = table16[Curl_rand()%16];
-
- /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
+ /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
combinations */
- retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
-
- return retstring;
+ return aprintf("------------------------%08x%08x",
+ Curl_rand(data), Curl_rand(data));
}
#else /* CURL_DISABLE_HTTP */
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
unsigned char *md5sum, /* output */
size_t md5len);
+/* this backend provides these functions: */
+#define have_curlssl_random 1
+#define have_curlssl_md5sum 1
+
/* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
unsigned char *md5sum, /* output */
size_t md5len);
+/* this backend provides these functions: */
+#define have_curlssl_random 1
+#define have_curlssl_md5sum 1
+
/* API setup for NSS */
#define curlssl_init Curl_nss_init
#define curlssl_cleanup Curl_nss_cleanup
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#include "curl_setup.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
#include "urldata.h"
#define SSLGEN_C
#include "sslgen.h" /* generic SSL protos etc */
#include "curl_memory.h"
#include "progress.h"
#include "share.h"
+#include "timeval.h"
/* The last #include file should be: */
#include "memdebug.h"
Curl_safefree(sslc->random_file);
}
+
+/*
+ * Curl_rand() returns a random unsigned integer, 32bit.
+ *
+ * This non-SSL function is put here only because this file is the only one
+ * with knowledge of what the underlying SSL libraries provide in terms of
+ * randomizers.
+ *
+ * NOTE: 'data' may be passed in as NULL when coming from external API without
+ * easy handle!
+ *
+ */
+
+unsigned int Curl_rand(struct SessionHandle *data)
+{
+ unsigned int r;
+ static unsigned int randseed;
+ static bool seeded;
+
+#ifdef have_curlssl_random
+ if(!data) {
+#endif
+
+ if(!seeded) {
+
+#ifdef RANDOM_FILE
+ /* if there's a random file to read a seed from, use it */
+ int fd = open(RANDOM_FILE, O_RDONLY);
+ seeded = TRUE;
+ if(fd > -1) {
+ /* read random data into the randseed variable */
+ read(fd, &randseed, sizeof(randseed));
+ close(fd);
+ }
+ else
+#endif /* RANDOM_FILE */
+ {
+ struct timeval now = curlx_tvnow();
+ randseed += (unsigned int) now.tv_usec + (unsigned int)now.tv_sec;
+ Curl_rand(data);
+ Curl_rand(data);
+ Curl_rand(data);
+ }
+ }
+ /* Return an unsigned 32-bit pseudo-random number. */
+ r = randseed = randseed * 1103515245 + 12345;
+ return (r << 16) | ((r >> 16) & 0xFFFF);
+
+#ifdef have_curlssl_random
+ }
+ else {
+ Curl_ssl_random(data, (unsigned char *)&r, sizeof(r));
+ return r;
+ }
+#endif
+}
+
#ifdef USE_SSL
/* "global" init done? */
}
}
-#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_NSS) || \
- defined(USE_DARWINSSL)
-/* these functions are only used by some SSL backends */
+/* these functions are only provided by some SSL backends */
+#ifdef have_curlssl_random
void Curl_ssl_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
curlssl_random(data, entropy, length);
}
+#endif
+#ifdef have_curlssl_md5sum
void Curl_ssl_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
{
curlssl_md5sum(tmp, tmplen, md5sum, md5len);
}
-#endif /* USE_SSLEAY || USE_GNUTLS || USE_NSS || USE_DARWINSSL */
+#endif
#endif /* USE_SSL */
struct ssl_config_data* dest);
void Curl_free_ssl_config(struct ssl_config_data* sslc);
+unsigned int Curl_rand(struct SessionHandle *);
+
#ifdef USE_SSL
int Curl_ssl_init(void);
void Curl_ssl_cleanup(void);
#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
+#ifdef have_curlssl_random
+#define HAVE_CURL_SSL_RANDOM
+#endif
+#ifdef have_curlssl_md5sum
+#define HAVE_CURL_SSL_MD5SUM
+#endif
+
#else
/* When SSL support is not present, just define away these function calls */
#define Curl_ssl_init() 1
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
unsigned char *md5sum /* output */,
size_t unused);
+/* this backend provides these functions: */
+#define have_curlssl_random 1
+#define have_curlssl_md5sum 1
+
/* API setup for OpenSSL */
#define curlssl_init Curl_ossl_init
#define curlssl_cleanup Curl_ossl_cleanup
<strip>
^User-Agent:.*
^Content-Type: multipart/form-data.*
-^---------------------------.*
+^-----------------------.*
</strip>
<protocol>
POST /158 HTTP/1.1\r
^User-Agent:.*
</strip>
<strippart>
-s/^------------------------------[a-z0-9]*/------------------------------/
-s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/
+s/^--------------------------[a-z0-9]*/--------------------------/
+s/boundary=------------------------[a-z0-9]*/boundary=------------------------/
</strippart>
<protocol>
POST /want/277 HTTP/1.1\r
Accept: */*\r
Content-Length: 145\r
Expect: 100-continue\r
-Content-Type: text/info; boundary=----------------------------\r
+Content-Type: text/info; boundary=------------------------\r
\r
-------------------------------\r
+--------------------------\r
Content-Disposition: form-data; name="name"\r
\r
daniel\r
---------------------------------\r
+----------------------------\r
</protocol>
</verify>
</testcase>
# Verify data after the test has been "shot"
<verify>
<strippart>
-s/^------------------------------[a-z0-9]*/------------------------------/
-s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/
+s/^--------------------------[a-z0-9]*/------------------------------/
+s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/
</strippart>
# Note that the stripping above removes 12 bytes from every occurance of the
# boundary string and since 5 of them are in the body contents, we see
# Verify data after the test has been "shot"
<verify>
<strippart>
-s/^------------------------------[a-z0-9]*/------------------------------/
-s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/
+s/^--------------------------[a-z0-9]*/------------------------------/
+s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/
</strippart>
<protocol>
POST /587 HTTP/1.1\r