vtls: make the random function mandatory in the TLS backend

To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.

1 files changed, 13 insertions, 7 deletions

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 6c2295a45..3c7bc9865 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -213,14 +213,12 @@ unsigned int Curl_rand(struct SessionHandle *data)
   }
 #endif
 
-#ifndef have_curlssl_random
-  (void)data;
-#else
-  if(data) {
-    curlssl_random(data, (unsigned char *)&r, sizeof(r));
+  /* data may be NULL! */
+  if(!Curl_ssl_random(data, (unsigned char *)&r, sizeof(r)))
     return r;
-  }
-#endif
+
+  /* If Curl_ssl_random() returns non-zero it couldn't offer randomness and we
+     instead perform a "best effort" */
 
 #ifdef RANDOM_FILE
   if(!seeded) {
@@ -238,6 +236,7 @@ unsigned int Curl_rand(struct SessionHandle *data)
 
   if(!seeded) {
     struct timeval now = curlx_tvnow();
+    infof(data, "WARNING: Using weak random seed\n");
     randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
     randseed = randseed * 1103515245 + 12345;
     randseed = randseed * 1103515245 + 12345;
@@ -681,6 +680,13 @@ CURLcode Curl_ssl_push_certinfo(struct SessionHandle *data,
   return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
 }
 
+int Curl_ssl_random(struct SessionHandle *data,
+                     unsigned char *entropy,
+                     size_t length)
+{
+  return curlssl_random(data, entropy, length);
+}
+
 #ifdef have_curlssl_md5sum
 void Curl_ssl_md5sum(unsigned char *tmp, /* input */
                      size_t tmplen,