diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2014-06-03 18:25:48 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-06-03 18:25:48 +0200 |
| commit | bbd3dc611ed501edeca72026885bbf85868dd1cf (patch) | |
| tree | 04b29bde0b91b200a392b2ebaac9e6a106a1971f /lib/http_digest.c | |
| parent | 62a26ec6962944383704c2b2a77fdb062200e814 (diff) | |
| download | curl-bbd3dc611ed501edeca72026885bbf85868dd1cf.tar.gz | |
random: use Curl_rand() for proper random data
The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().
It will also allow us to easier "fake" that for debug builds on demand
in a future.
Diffstat (limited to 'lib/http_digest.c')
| -rw-r--r-- | lib/http_digest.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/lib/http_digest.c b/lib/http_digest.c index ee5d63707..55f5108c9 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -367,12 +367,9 @@ CURLcode Curl_output_digest(struct connectdata *conn, d->nc = 1; if(!d->cnonce) { - struct timeval now = Curl_tvnow(); snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x", Curl_rand(data), Curl_rand(data), - (unsigned int)now.tv_sec, - (unsigned int)now.tv_usec); - + Curl_rand(data), Curl_rand(data)); rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(rc) |