random: use Curl_rand() for proper random data

The SASL/Digest previously used the current time's seconds + microseconds to add randomness but it is much better to instead get more data from Curl_rand(). It will also allow us to easier "fake" that for debug builds on demand in a future.
author: Daniel Stenberg <daniel@haxx.se> 2014-06-03 18:25:48 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-06-03 18:25:48 +0200
commit: bbd3dc611ed501edeca72026885bbf85868dd1cf (patch)
tree: 04b29bde0b91b200a392b2ebaac9e6a106a1971f /lib/curl_sasl.c
parent: 62a26ec6962944383704c2b2a77fdb062200e814 (diff)
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 164c329f8..b0ac9b6d5 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -423,9 +423,6 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
   unsigned int cnonce2 = 0;
   unsigned int cnonce3 = 0;
   unsigned int cnonce4 = 0;
-#ifndef DEBUGBUILD
-  struct timeval now;
-#endif
 
   char nonceCount[] = "00000001";
   char method[]     = "AUTHENTICATE";
@@ -457,9 +454,8 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
   /* Generate 16 bytes of random data */
   cnonce1 = Curl_rand(data);
   cnonce2 = Curl_rand(data);
-  now = Curl_tvnow();
-  cnonce3 = now.tv_sec;
-  cnonce4 = now.tv_usec;
+  cnonce3 = Curl_rand(data);
+  cnonce4 = Curl_rand(data);
 #endif
 
   /* Convert the random data into a 32 byte hex string */
author	Daniel Stenberg <daniel@haxx.se>	2014-06-03 18:25:48 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-06-03 18:25:48 +0200
commit	bbd3dc611ed501edeca72026885bbf85868dd1cf (patch)
tree	04b29bde0b91b200a392b2ebaac9e6a106a1971f /lib/curl_sasl.c
parent	62a26ec6962944383704c2b2a77fdb062200e814 (diff)