diff options
| -rw-r--r-- | lib/Makefile.inc | 4 | ||||
| -rw-r--r-- | lib/curl_darwinssl.h | 6 | ||||
| -rw-r--r-- | lib/curl_rand.c | 61 | ||||
| -rw-r--r-- | lib/curl_rand.h | 29 | ||||
| -rw-r--r-- | lib/curl_sasl.c | 4 | ||||
| -rw-r--r-- | lib/easy.c | 5 | ||||
| -rw-r--r-- | lib/formdata.c | 35 | ||||
| -rw-r--r-- | lib/gtls.h | 6 | ||||
| -rw-r--r-- | lib/nssg.h | 6 | ||||
| -rw-r--r-- | lib/sslgen.c | 79 | ||||
| -rw-r--r-- | lib/sslgen.h | 9 | ||||
| -rw-r--r-- | lib/ssluse.h | 6 | ||||
| -rw-r--r-- | tests/data/test158 | 2 | ||||
| -rw-r--r-- | tests/data/test277 | 10 | ||||
| -rw-r--r-- | tests/data/test554 | 4 | ||||
| -rw-r--r-- | tests/data/test587 | 4 |
16 files changed, 125 insertions, 145 deletions
diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 4228bf6b8..f3845a0fb 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -13,7 +13,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c \ curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c \ memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c \ - content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c \ + content_encoding.c share.c http_digest.c md4.c md5.c \ http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c \ hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c \ select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c \ @@ -30,7 +30,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h \ - getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h \ + getinfo.h strequal.h krb4.h memdebug.h http_chunks.h \ curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h \ connect.h llist.h hash.h content_encoding.h share.h curl_md4.h \ curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h \ diff --git a/lib/curl_darwinssl.h b/lib/curl_darwinssl.h index 4c0e53ff1..432d3d7ce 100644 --- a/lib/curl_darwinssl.h +++ b/lib/curl_darwinssl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>. + * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -52,6 +52,10 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ unsigned char *md5sum, /* output */ size_t md5len); +/* this backend provides these functions: */ +#define have_curlssl_random 1 +#define have_curlssl_md5sum 1 + /* API setup for SecureTransport */ #define curlssl_init() (1) #define curlssl_cleanup() Curl_nop_stmt diff --git a/lib/curl_rand.c b/lib/curl_rand.c deleted file mode 100644 index dc49289a1..000000000 --- a/lib/curl_rand.c +++ /dev/null @@ -1,61 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#include <curl/curl.h> - -#include "curl_rand.h" - -#define _MPRINTF_REPLACE /* use our functions only */ -#include <curl/mprintf.h> - -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - -/* Private pseudo-random number seed. Unsigned integer >= 32bit. Threads - mutual exclusion is not implemented to acess it since we do not require - high quality random numbers (only used in form boudary generation). */ - -static unsigned int randseed; - -/* Pseudo-random number support. */ - -unsigned int Curl_rand(void) -{ - unsigned int r; - /* Return an unsigned 32-bit pseudo-random number. */ - r = randseed = randseed * 1103515245 + 12345; - return (r << 16) | ((r >> 16) & 0xFFFF); -} - -void Curl_srand(void) -{ - /* Randomize pseudo-random number sequence. */ - - randseed = (unsigned int) time(NULL); - Curl_rand(); - Curl_rand(); - Curl_rand(); -} - diff --git a/lib/curl_rand.h b/lib/curl_rand.h deleted file mode 100644 index 26cfb7f03..000000000 --- a/lib/curl_rand.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef HEADER_CURL_RAND_H -#define HEADER_CURL_RAND_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at http://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -void Curl_srand(void); - -unsigned int Curl_rand(void); - -#endif /* HEADER_CURL_RAND_H */ diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 39d451a37..fcb001948 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -32,7 +32,7 @@ #include "curl_base64.h" #include "curl_md5.h" -#include "curl_rand.h" +#include "sslgen.h" #include "curl_hmac.h" #include "curl_ntlm_msgs.h" #include "curl_sasl.h" @@ -314,7 +314,7 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, /* Generate 64 bits of random data */ for(i = 0; i < 8; i++) - cnonce[i] = table16[Curl_rand()%16]; + cnonce[i] = table16[Curl_rand(data)%16]; /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); diff --git a/lib/easy.c b/lib/easy.c index 51da1c254..9d4e01176 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -74,7 +74,6 @@ #include "connect.h" /* for Curl_getconnectinfo */ #include "slist.h" #include "amigaos.h" -#include "curl_rand.h" #include "non-ascii.h" #include "warnless.h" #include "conncache.h" @@ -330,10 +329,6 @@ CURLcode curl_global_init(long flags) init_flags = flags; - /* Preset pseudo-random number sequence. */ - - Curl_srand(); - return CURLE_OK; } diff --git a/lib/formdata.c b/lib/formdata.c index 49c5d2943..decb84d9f 100644 --- a/lib/formdata.c +++ b/lib/formdata.c @@ -24,9 +24,6 @@ #include <curl/curl.h> -/* Length of the random boundary string. */ -#define BOUNDARY_LENGTH 40 - #if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY) #if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME) @@ -35,7 +32,7 @@ #include "urldata.h" /* for struct SessionHandle */ #include "formdata.h" -#include "curl_rand.h" +#include "sslgen.h" #include "strequal.h" #include "curl_memory.h" #include "sendf.h" @@ -56,7 +53,7 @@ static char *Curl_basename(char *path); #endif static size_t readfromfile(struct Form *form, char *buffer, size_t size); -static char *formboundary(void); +static char *formboundary(struct SessionHandle *data); /* What kind of Content-Type to use on un-specified files with unrecognized extensions. */ @@ -1101,7 +1098,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data, if(!post) return result; /* no input => no output! */ - boundary = formboundary(); + boundary = formboundary(data); if(!boundary) return CURLE_OUT_OF_MEMORY; @@ -1157,7 +1154,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data, the magic to include several files with the same field name */ Curl_safefree(fileboundary); - fileboundary = formboundary(); + fileboundary = formboundary(data); if(!fileboundary) { result = CURLE_OUT_OF_MEMORY; break; @@ -1464,28 +1461,12 @@ char *Curl_formpostheader(void *formp, size_t *len) * formboundary() creates a suitable boundary string and returns an allocated * one. */ -static char *formboundary(void) +static char *formboundary(struct SessionHandle *data) { - char *retstring; - size_t i; - - static const char table16[]="0123456789abcdef"; - - retstring = malloc(BOUNDARY_LENGTH+1); - - if(!retstring) - return NULL; /* failed */ - - strcpy(retstring, "----------------------------"); - - for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++) - retstring[i] = table16[Curl_rand()%16]; - - /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416) + /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615) combinations */ - retstring[BOUNDARY_LENGTH]=0; /* zero terminate */ - - return retstring; + return aprintf("------------------------%08x%08x", + Curl_rand(data), Curl_rand(data)); } #else /* CURL_DISABLE_HTTP */ diff --git a/lib/gtls.h b/lib/gtls.h index 84e1396b5..453542e1e 100644 --- a/lib/gtls.h +++ b/lib/gtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,6 +55,10 @@ void Curl_gtls_md5sum(unsigned char *tmp, /* input */ unsigned char *md5sum, /* output */ size_t md5len); +/* this backend provides these functions: */ +#define have_curlssl_random 1 +#define have_curlssl_md5sum 1 + /* API setup for GnuTLS */ #define curlssl_init Curl_gtls_init #define curlssl_cleanup Curl_gtls_cleanup diff --git a/lib/nssg.h b/lib/nssg.h index a881a9ad2..cd32706a7 100644 --- a/lib/nssg.h +++ b/lib/nssg.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,6 +60,10 @@ void Curl_nss_md5sum(unsigned char *tmp, /* input */ unsigned char *md5sum, /* output */ size_t md5len); +/* this backend provides these functions: */ +#define have_curlssl_random 1 +#define have_curlssl_md5sum 1 + /* API setup for NSS */ #define curlssl_init Curl_nss_init #define curlssl_cleanup Curl_nss_cleanup diff --git a/lib/sslgen.c b/lib/sslgen.c index 48758742a..ba995cb5d 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,6 +45,16 @@ #include "curl_setup.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + #include "urldata.h" #define SSLGEN_C #include "sslgen.h" /* generic SSL protos etc */ @@ -63,6 +73,7 @@ #include "curl_memory.h" #include "progress.h" #include "share.h" +#include "timeval.h" /* The last #include file should be: */ #include "memdebug.h" @@ -159,6 +170,63 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc) Curl_safefree(sslc->random_file); } + +/* + * Curl_rand() returns a random unsigned integer, 32bit. + * + * This non-SSL function is put here only because this file is the only one + * with knowledge of what the underlying SSL libraries provide in terms of + * randomizers. + * + * NOTE: 'data' may be passed in as NULL when coming from external API without + * easy handle! + * + */ + +unsigned int Curl_rand(struct SessionHandle *data) +{ + unsigned int r; + static unsigned int randseed; + static bool seeded; + +#ifdef have_curlssl_random + if(!data) { +#endif + + if(!seeded) { + +#ifdef RANDOM_FILE + /* if there's a random file to read a seed from, use it */ + int fd = open(RANDOM_FILE, O_RDONLY); + seeded = TRUE; + if(fd > -1) { + /* read random data into the randseed variable */ + read(fd, &randseed, sizeof(randseed)); + close(fd); + } + else +#endif /* RANDOM_FILE */ + { + struct timeval now = curlx_tvnow(); + randseed += (unsigned int) now.tv_usec + (unsigned int)now.tv_sec; + Curl_rand(data); + Curl_rand(data); + Curl_rand(data); + } + } + /* Return an unsigned 32-bit pseudo-random number. */ + r = randseed = randseed * 1103515245 + 12345; + return (r << 16) | ((r >> 16) & 0xFFFF); + +#ifdef have_curlssl_random + } + else { + Curl_ssl_random(data, (unsigned char *)&r, sizeof(r)); + return r; + } +#endif +} + #ifdef USE_SSL /* "global" init done? */ @@ -518,17 +586,18 @@ void Curl_ssl_free_certinfo(struct SessionHandle *data) } } -#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_NSS) || \ - defined(USE_DARWINSSL) -/* these functions are only used by some SSL backends */ +/* these functions are only provided by some SSL backends */ +#ifdef have_curlssl_random void Curl_ssl_random(struct SessionHandle *data, unsigned char *entropy, size_t length) { curlssl_random(data, entropy, length); } +#endif +#ifdef have_curlssl_md5sum void Curl_ssl_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ @@ -536,6 +605,6 @@ void Curl_ssl_md5sum(unsigned char *tmp, /* input */ { curlssl_md5sum(tmp, tmplen, md5sum, md5len); } -#endif /* USE_SSLEAY || USE_GNUTLS || USE_NSS || USE_DARWINSSL */ +#endif #endif /* USE_SSL */ diff --git a/lib/sslgen.h b/lib/sslgen.h index 17ad8e343..182dd8f24 100644 --- a/lib/sslgen.h +++ b/lib/sslgen.h @@ -33,6 +33,8 @@ bool Curl_clone_ssl_config(struct ssl_config_data* source, struct ssl_config_data* dest); void Curl_free_ssl_config(struct ssl_config_data* sslc); +unsigned int Curl_rand(struct SessionHandle *); + #ifdef USE_SSL int Curl_ssl_init(void); void Curl_ssl_cleanup(void); @@ -83,6 +85,13 @@ void Curl_ssl_md5sum(unsigned char *tmp, /* input */ #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ +#ifdef have_curlssl_random +#define HAVE_CURL_SSL_RANDOM +#endif +#ifdef have_curlssl_md5sum +#define HAVE_CURL_SSL_MD5SUM +#endif + #else /* When SSL support is not present, just define away these function calls */ #define Curl_ssl_init() 1 diff --git a/lib/ssluse.h b/lib/ssluse.h index bdec2b513..d6efcb271 100644 --- a/lib/ssluse.h +++ b/lib/ssluse.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,6 +73,10 @@ void Curl_ossl_md5sum(unsigned char *tmp, /* input */ unsigned char *md5sum /* output */, size_t unused); +/* this backend provides these functions: */ +#define have_curlssl_random 1 +#define have_curlssl_md5sum 1 + /* API setup for OpenSSL */ #define curlssl_init Curl_ossl_init #define curlssl_cleanup Curl_ossl_cleanup diff --git a/tests/data/test158 b/tests/data/test158 index 5cbc97ab6..9c4b22f70 100644 --- a/tests/data/test158 +++ b/tests/data/test158 @@ -33,7 +33,7 @@ http://%HOSTIP:%HTTPPORT/158 -F name=daniel <strip> ^User-Agent:.* ^Content-Type: multipart/form-data.* -^---------------------------.* +^-----------------------.* </strip> <protocol> POST /158 HTTP/1.1
diff --git a/tests/data/test277 b/tests/data/test277 index 18e419850..a509b40ec 100644 --- a/tests/data/test277 +++ b/tests/data/test277 @@ -37,8 +37,8 @@ http://%HOSTIP:%HTTPPORT/want/277 -F name=daniel -H "Content-Type: text/info" ^User-Agent:.* </strip> <strippart> -s/^------------------------------[a-z0-9]*/------------------------------/ -s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/ +s/^--------------------------[a-z0-9]*/--------------------------/ +s/boundary=------------------------[a-z0-9]*/boundary=------------------------/ </strippart> <protocol> POST /want/277 HTTP/1.1
@@ -47,13 +47,13 @@ Host: %HOSTIP:%HTTPPORT Accept: */*
Content-Length: 145
Expect: 100-continue
-Content-Type: text/info; boundary=----------------------------
+Content-Type: text/info; boundary=------------------------
-------------------------------
+--------------------------
Content-Disposition: form-data; name="name"
daniel
---------------------------------
+----------------------------
</protocol> </verify> </testcase> diff --git a/tests/data/test554 b/tests/data/test554 index 9d9bbcca7..8c6b762ef 100644 --- a/tests/data/test554 +++ b/tests/data/test554 @@ -35,8 +35,8 @@ http://%HOSTIP:%HTTPPORT/554 # Verify data after the test has been "shot" <verify> <strippart> -s/^------------------------------[a-z0-9]*/------------------------------/ -s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/ +s/^--------------------------[a-z0-9]*/------------------------------/ +s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/ </strippart> # Note that the stripping above removes 12 bytes from every occurance of the # boundary string and since 5 of them are in the body contents, we see diff --git a/tests/data/test587 b/tests/data/test587 index 6e1239a6a..d936372c5 100644 --- a/tests/data/test587 +++ b/tests/data/test587 @@ -28,8 +28,8 @@ http://%HOSTIP:%HTTPPORT/587 # Verify data after the test has been "shot" <verify> <strippart> -s/^------------------------------[a-z0-9]*/------------------------------/ -s/boundary=----------------------------[a-z0-9]*/boundary=----------------------------/ +s/^--------------------------[a-z0-9]*/------------------------------/ +s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/ </strippart> <protocol> POST /587 HTTP/1.1
|