From 98b0d66eb48c88191a8908627f722a464b7c4199 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Jun 2013 11:28:22 +0200
Subject: digest: improve nonce generation

Use the new improved Curl_rand() to generate better random nonce for
Digest auth.
---
 lib/http_digest.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/http_digest.c b/lib/http_digest.c
index 5459924df..50ccc05ad 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -33,6 +33,7 @@
 #include "strtok.h"
 #include "url.h" /* for Curl_safefree() */
 #include "curl_memory.h"
+#include "sslgen.h" /* for Curl_rand() */
 #include "non-ascii.h" /* included for Curl_convert_... prototypes */
 #include "warnless.h"
 
@@ -316,8 +317,6 @@ CURLcode Curl_output_digest(struct connectdata *conn,
   char *cnonce = NULL;
   size_t cnonce_sz = 0;
   char *tmp = NULL;
-  struct timeval now;
-
   char **allocuserpwd;
   size_t userlen;
   const char *userp;
@@ -376,10 +375,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     d->nc = 1;
 
   if(!d->cnonce) {
-    /* Generate a cnonce */
-    now = Curl_tvnow();
-    snprintf(cnoncebuf, sizeof(cnoncebuf), "%32ld",
-             (long)now.tv_sec + now.tv_usec);
+    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x",
+             Curl_rand(data), Curl_rand(data));
 
     rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
                             &cnonce, &cnonce_sz);
-- 
cgit v1.2.3