| Line | Count | Source (jump to first uncovered line) | 
| 1 |  | /*************************************************************************** | 
| 2 |  |  *                                  _   _ ____  _ | 
| 3 |  |  *  Project                     ___| | | |  _ \| | | 
| 4 |  |  *                             / __| | | | |_) | | | 
| 5 |  |  *                            | (__| |_| |  _ <| |___ | 
| 6 |  |  *                             \___|\___/|_| \_\_____| | 
| 7 |  |  * | 
| 8 |  |  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | 
| 9 |  |  * | 
| 10 |  |  * This software is licensed as described in the file COPYING, which | 
| 11 |  |  * you should have received as part of this distribution. The terms | 
| 12 |  |  * are also available at https://curl.se/docs/copyright.html. | 
| 13 |  |  * | 
| 14 |  |  * You may opt to use, copy, modify, merge, publish, distribute and/or sell | 
| 15 |  |  * copies of the Software, and permit persons to whom the Software is | 
| 16 |  |  * furnished to do so, under the terms of the COPYING file. | 
| 17 |  |  * | 
| 18 |  |  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | 
| 19 |  |  * KIND, either express or implied. | 
| 20 |  |  * | 
| 21 |  |  * SPDX-License-Identifier: curl | 
| 22 |  |  * | 
| 23 |  |  ***************************************************************************/ | 
| 24 |  |  | 
| 25 |  | #include "curl_setup.h" | 
| 26 |  |  | 
| 27 |  | #ifdef HAVE_FCNTL_H | 
| 28 |  | #include <fcntl.h> | 
| 29 |  | #endif | 
| 30 |  | #ifdef HAVE_ARPA_INET_H | 
| 31 |  | #include <arpa/inet.h> | 
| 32 |  | #endif | 
| 33 |  | #ifdef HAVE_ARC4RANDOM | 
| 34 |  | /* Some platforms might have the prototype missing (ubuntu + libressl) */ | 
| 35 |  | uint32_t arc4random(void); | 
| 36 |  | #endif | 
| 37 |  |  | 
| 38 |  | #include <curl/curl.h> | 
| 39 |  | #include "vtls/vtls.h" | 
| 40 |  | #include "sendf.h" | 
| 41 |  | #include "timeval.h" | 
| 42 |  | #include "rand.h" | 
| 43 |  |  | 
| 44 |  | /* The last 3 #include files should be in this order */ | 
| 45 |  | #include "curl_printf.h" | 
| 46 |  | #include "curl_memory.h" | 
| 47 |  | #include "memdebug.h" | 
| 48 |  |  | 
| 49 |  | #ifdef WIN32 | 
| 50 |  |  | 
| 51 |  | #if defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) | 
| 52 |  | #  define HAVE_MINGW_ORIGINAL | 
| 53 |  | #endif | 
| 54 |  |  | 
| 55 |  | #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \ | 
| 56 |  |   !defined(HAVE_MINGW_ORIGINAL) | 
| 57 |  | #  define HAVE_WIN_BCRYPTGENRANDOM | 
| 58 |  | #  include <bcrypt.h> | 
| 59 |  | #  ifdef _MSC_VER | 
| 60 |  | #    pragma comment(lib, "bcrypt.lib") | 
| 61 |  | #  endif | 
| 62 |  | #  ifndef BCRYPT_USE_SYSTEM_PREFERRED_RNG | 
| 63 |  | #  define BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002 | 
| 64 |  | #  endif | 
| 65 |  | #  ifndef STATUS_SUCCESS | 
| 66 |  | #  define STATUS_SUCCESS ((NTSTATUS)0x00000000L) | 
| 67 |  | #  endif | 
| 68 |  | #elif defined(USE_WIN32_CRYPTO) | 
| 69 |  | #  include <wincrypt.h> | 
| 70 |  | #  ifdef _MSC_VER | 
| 71 |  | #    pragma comment(lib, "advapi32.lib") | 
| 72 |  | #  endif | 
| 73 |  | #endif | 
| 74 |  |  | 
| 75 |  | CURLcode Curl_win32_random(unsigned char *entropy, size_t length) | 
| 76 |  | { | 
| 77 |  |   memset(entropy, 0, length); | 
| 78 |  |  | 
| 79 |  | #if defined(HAVE_WIN_BCRYPTGENRANDOM) | 
| 80 |  |   if(BCryptGenRandom(NULL, entropy, (ULONG)length, | 
| 81 |  |                      BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS) | 
| 82 |  |     return CURLE_FAILED_INIT; | 
| 83 |  |  | 
| 84 |  |   return CURLE_OK; | 
| 85 |  | #elif defined(USE_WIN32_CRYPTO) | 
| 86 |  |   { | 
| 87 |  |     HCRYPTPROV hCryptProv = 0; | 
| 88 |  |  | 
| 89 |  |     if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, | 
| 90 |  |                             CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) | 
| 91 |  |       return CURLE_FAILED_INIT; | 
| 92 |  |  | 
| 93 |  |     if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) { | 
| 94 |  |       CryptReleaseContext(hCryptProv, 0UL); | 
| 95 |  |       return CURLE_FAILED_INIT; | 
| 96 |  |     } | 
| 97 |  |  | 
| 98 |  |     CryptReleaseContext(hCryptProv, 0UL); | 
| 99 |  |   } | 
| 100 |  |   return CURLE_OK; | 
| 101 |  | #else | 
| 102 |  |   return CURLE_NOT_BUILT_IN; | 
| 103 |  | #endif | 
| 104 |  | } | 
| 105 |  | #endif | 
| 106 |  |  | 
| 107 |  | static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) | 
| 108 | 352 | { | 
| 109 | 352 |   unsigned int r; | 
| 110 | 352 |   CURLcode result = CURLE_OK; | 
| 111 | 352 |   static unsigned int randseed; | 
| 112 | 352 |   static bool seeded = FALSE; | 
| 113 |  |  | 
| 114 | 352 | #ifdef CURLDEBUG | 
| 115 | 352 |   char *force_entropy = getenv("CURL_ENTROPY"); | 
| 116 | 352 |   if(force_entropy) { | 
| 117 | 0 |     if(!seeded) { | 
| 118 | 0 |       unsigned int seed = 0; | 
| 119 | 0 |       size_t elen = strlen(force_entropy); | 
| 120 | 0 |       size_t clen = sizeof(seed); | 
| 121 | 0 |       size_t min = elen < clen ? elen : clen; | 
| 122 | 0 |       memcpy((char *)&seed, force_entropy, min); | 
| 123 | 0 |       randseed = ntohl(seed); | 
| 124 | 0 |       seeded = TRUE; | 
| 125 | 0 |     } | 
| 126 | 0 |     else | 
| 127 | 0 |       randseed++; | 
| 128 | 0 |     *rnd = randseed; | 
| 129 | 0 |     return CURLE_OK; | 
| 130 | 0 |   } | 
| 131 | 352 | #endif | 
| 132 |  |  | 
| 133 |  |   /* data may be NULL! */ | 
| 134 | 352 |   result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd)); | 
| 135 | 352 |   if(result != CURLE_NOT_BUILT_IN) | 
| 136 |  |     /* only if there is no random function in the TLS backend do the non crypto | 
| 137 |  |        version, otherwise return result */ | 
| 138 | 0 |     return result; | 
| 139 |  |  | 
| 140 |  |   /* ---- non-cryptographic version following ---- */ | 
| 141 |  |  | 
| 142 |  | #ifdef WIN32 | 
| 143 |  |   if(!seeded) { | 
| 144 |  |     result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); | 
| 145 |  |     if(result != CURLE_NOT_BUILT_IN) | 
| 146 |  |       return result; | 
| 147 |  |   } | 
| 148 |  | #endif | 
| 149 |  |  | 
| 150 |  | #ifdef HAVE_ARC4RANDOM | 
| 151 |  |   *rnd = (unsigned int)arc4random(); | 
| 152 |  |   return CURLE_OK; | 
| 153 |  | #endif | 
| 154 |  |  | 
| 155 |  | #if defined(RANDOM_FILE) && !defined(WIN32) | 
| 156 |  |   if(!seeded) { | 
| 157 |  |     /* if there's a random file to read a seed from, use it */ | 
| 158 |  |     int fd = open(RANDOM_FILE, O_RDONLY); | 
| 159 |  |     if(fd > -1) { | 
| 160 |  |       /* read random data into the randseed variable */ | 
| 161 |  |       ssize_t nread = read(fd, &randseed, sizeof(randseed)); | 
| 162 |  |       if(nread == sizeof(randseed)) | 
| 163 |  |         seeded = TRUE; | 
| 164 |  |       close(fd); | 
| 165 |  |     } | 
| 166 |  |   } | 
| 167 |  | #endif | 
| 168 |  |  | 
| 169 | 352 |   if(!seeded) { | 
| 170 | 1 |     struct curltime now = Curl_now(); | 
| 171 | 1 |     infof(data, "WARNING: using weak random seed"); | 
| 172 | 1 |     randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; | 
| 173 | 1 |     randseed = randseed * 1103515245 + 12345; | 
| 174 | 1 |     randseed = randseed * 1103515245 + 12345; | 
| 175 | 1 |     randseed = randseed * 1103515245 + 12345; | 
| 176 | 1 |     seeded = TRUE; | 
| 177 | 1 |   } | 
| 178 |  |  | 
| 179 |  |   /* Return an unsigned 32-bit pseudo-random number. */ | 
| 180 | 352 |   r = randseed = randseed * 1103515245 + 12345; | 
| 181 | 352 |   *rnd = (r << 16) | ((r >> 16) & 0xFFFF); | 
| 182 | 352 |   return CURLE_OK; | 
| 183 | 352 | } | 
| 184 |  |  | 
| 185 |  | /* | 
| 186 |  |  * Curl_rand() stores 'num' number of random unsigned characters in the buffer | 
| 187 |  |  * 'rnd' points to. | 
| 188 |  |  * | 
| 189 |  |  * If libcurl is built without TLS support or with a TLS backend that lacks a | 
| 190 |  |  * proper random API (rustls, Gskit or mbedTLS), this function will use "weak" | 
| 191 |  |  * random. | 
| 192 |  |  * | 
| 193 |  |  * When built *with* TLS support and a backend that offers strong random, it | 
| 194 |  |  * will return error if it cannot provide strong random values. | 
| 195 |  |  * | 
| 196 |  |  * NOTE: 'data' may be passed in as NULL when coming from external API without | 
| 197 |  |  * easy handle! | 
| 198 |  |  * | 
| 199 |  |  */ | 
| 200 |  |  | 
| 201 |  | CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) | 
| 202 | 176 | { | 
| 203 | 176 |   CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; | 
| 204 |  |  | 
| 205 | 176 |   DEBUGASSERT(num > 0); | 
| 206 |  |  | 
| 207 | 528 |   while(num) { | 
| 208 | 352 |     unsigned int r; | 
| 209 | 352 |     size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int); | 
| 210 |  |  | 
| 211 | 352 |     result = randit(data, &r); | 
| 212 | 352 |     if(result) | 
| 213 | 0 |       return result; | 
| 214 |  |  | 
| 215 | 1.76k |     while(left) { | 
| 216 | 1.40k |       *rnd++ = (unsigned char)(r & 0xFF); | 
| 217 | 1.40k |       r >>= 8; | 
| 218 | 1.40k |       --num; | 
| 219 | 1.40k |       --left; | 
| 220 | 1.40k |     } | 
| 221 | 352 |   } | 
| 222 |  |  | 
| 223 | 176 |   return result; | 
| 224 | 176 | } | 
| 225 |  |  | 
| 226 |  | /* | 
| 227 |  |  * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random | 
| 228 |  |  * hexadecimal digits PLUS a null-terminating byte. It must be an odd number | 
| 229 |  |  * size. | 
| 230 |  |  */ | 
| 231 |  |  | 
| 232 |  | CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, | 
| 233 |  |                        size_t num) | 
| 234 | 176 | { | 
| 235 | 176 |   CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; | 
| 236 | 176 |   const char *hex = "0123456789abcdef"; | 
| 237 | 176 |   unsigned char buffer[128]; | 
| 238 | 176 |   unsigned char *bufp = buffer; | 
| 239 | 176 |   DEBUGASSERT(num > 1); | 
| 240 |  |  | 
| 241 |  | #ifdef __clang_analyzer__ | 
| 242 |  |   /* This silences a scan-build warning about accessing this buffer with | 
| 243 |  |      uninitialized memory. */ | 
| 244 |  |   memset(buffer, 0, sizeof(buffer)); | 
| 245 |  | #endif | 
| 246 |  |  | 
| 247 | 176 |   if((num/2 >= sizeof(buffer)) || !(num&1)) | 
| 248 |  |     /* make sure it fits in the local buffer and that it is an odd number! */ | 
| 249 | 0 |     return CURLE_BAD_FUNCTION_ARGUMENT; | 
| 250 |  |  | 
| 251 | 176 |   num--; /* save one for null-termination */ | 
| 252 |  |  | 
| 253 | 176 |   result = Curl_rand(data, buffer, num/2); | 
| 254 | 176 |   if(result) | 
| 255 | 0 |     return result; | 
| 256 |  |  | 
| 257 | 1.58k |   while(num) { | 
| 258 |  |     /* clang-tidy warns on this line without this comment: */ | 
| 259 |  |     /* NOLINTNEXTLINE(clang-analyzer-core.UndefinedBinaryOperatorResult) */ | 
| 260 | 1.40k |     *rnd++ = hex[(*bufp & 0xF0)>>4]; | 
| 261 | 1.40k |     *rnd++ = hex[*bufp & 0x0F]; | 
| 262 | 1.40k |     bufp++; | 
| 263 | 1.40k |     num -= 2; | 
| 264 | 1.40k |   } | 
| 265 | 176 |   *rnd = 0; | 
| 266 |  |  | 
| 267 | 176 |   return result; | 
| 268 | 176 | } |