1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _
3*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| |
4*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___
6*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker *
8*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker *
10*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker *
14*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker *
18*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker *
21*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker *
23*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker
25*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h"
26*6236dae4SAndroid Build Coastguard Worker
27*6236dae4SAndroid Build Coastguard Worker #include <limits.h>
28*6236dae4SAndroid Build Coastguard Worker
29*6236dae4SAndroid Build Coastguard Worker #ifdef HAVE_FCNTL_H
30*6236dae4SAndroid Build Coastguard Worker #include <fcntl.h>
31*6236dae4SAndroid Build Coastguard Worker #endif
32*6236dae4SAndroid Build Coastguard Worker #ifdef HAVE_ARPA_INET_H
33*6236dae4SAndroid Build Coastguard Worker #include <arpa/inet.h>
34*6236dae4SAndroid Build Coastguard Worker #endif
35*6236dae4SAndroid Build Coastguard Worker
36*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
37*6236dae4SAndroid Build Coastguard Worker #include "urldata.h"
38*6236dae4SAndroid Build Coastguard Worker #include "vtls/vtls.h"
39*6236dae4SAndroid Build Coastguard Worker #include "sendf.h"
40*6236dae4SAndroid Build Coastguard Worker #include "timeval.h"
41*6236dae4SAndroid Build Coastguard Worker #include "rand.h"
42*6236dae4SAndroid Build Coastguard Worker #include "escape.h"
43*6236dae4SAndroid Build Coastguard Worker
44*6236dae4SAndroid Build Coastguard Worker /* The last 3 #include files should be in this order */
45*6236dae4SAndroid Build Coastguard Worker #include "curl_printf.h"
46*6236dae4SAndroid Build Coastguard Worker #include "curl_memory.h"
47*6236dae4SAndroid Build Coastguard Worker #include "memdebug.h"
48*6236dae4SAndroid Build Coastguard Worker
49*6236dae4SAndroid Build Coastguard Worker #ifdef _WIN32
50*6236dae4SAndroid Build Coastguard Worker
51*6236dae4SAndroid Build Coastguard Worker #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \
52*6236dae4SAndroid Build Coastguard Worker !defined(CURL_WINDOWS_UWP)
53*6236dae4SAndroid Build Coastguard Worker # define HAVE_WIN_BCRYPTGENRANDOM
54*6236dae4SAndroid Build Coastguard Worker # include <bcrypt.h>
55*6236dae4SAndroid Build Coastguard Worker # ifdef _MSC_VER
56*6236dae4SAndroid Build Coastguard Worker # pragma comment(lib, "bcrypt.lib")
57*6236dae4SAndroid Build Coastguard Worker # endif
58*6236dae4SAndroid Build Coastguard Worker # ifndef BCRYPT_USE_SYSTEM_PREFERRED_RNG
59*6236dae4SAndroid Build Coastguard Worker # define BCRYPT_USE_SYSTEM_PREFERRED_RNG 0x00000002
60*6236dae4SAndroid Build Coastguard Worker # endif
61*6236dae4SAndroid Build Coastguard Worker # ifndef STATUS_SUCCESS
62*6236dae4SAndroid Build Coastguard Worker # define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
63*6236dae4SAndroid Build Coastguard Worker # endif
64*6236dae4SAndroid Build Coastguard Worker #elif defined(USE_WIN32_CRYPTO)
65*6236dae4SAndroid Build Coastguard Worker # include <wincrypt.h>
66*6236dae4SAndroid Build Coastguard Worker # ifdef _MSC_VER
67*6236dae4SAndroid Build Coastguard Worker # pragma comment(lib, "advapi32.lib")
68*6236dae4SAndroid Build Coastguard Worker # endif
69*6236dae4SAndroid Build Coastguard Worker #endif
70*6236dae4SAndroid Build Coastguard Worker
Curl_win32_random(unsigned char * entropy,size_t length)71*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
72*6236dae4SAndroid Build Coastguard Worker {
73*6236dae4SAndroid Build Coastguard Worker memset(entropy, 0, length);
74*6236dae4SAndroid Build Coastguard Worker
75*6236dae4SAndroid Build Coastguard Worker #if defined(HAVE_WIN_BCRYPTGENRANDOM)
76*6236dae4SAndroid Build Coastguard Worker if(BCryptGenRandom(NULL, entropy, (ULONG)length,
77*6236dae4SAndroid Build Coastguard Worker BCRYPT_USE_SYSTEM_PREFERRED_RNG) != STATUS_SUCCESS)
78*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
79*6236dae4SAndroid Build Coastguard Worker
80*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
81*6236dae4SAndroid Build Coastguard Worker #elif defined(USE_WIN32_CRYPTO)
82*6236dae4SAndroid Build Coastguard Worker {
83*6236dae4SAndroid Build Coastguard Worker HCRYPTPROV hCryptProv = 0;
84*6236dae4SAndroid Build Coastguard Worker
85*6236dae4SAndroid Build Coastguard Worker if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
86*6236dae4SAndroid Build Coastguard Worker CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
87*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
88*6236dae4SAndroid Build Coastguard Worker
89*6236dae4SAndroid Build Coastguard Worker if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) {
90*6236dae4SAndroid Build Coastguard Worker CryptReleaseContext(hCryptProv, 0UL);
91*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
92*6236dae4SAndroid Build Coastguard Worker }
93*6236dae4SAndroid Build Coastguard Worker
94*6236dae4SAndroid Build Coastguard Worker CryptReleaseContext(hCryptProv, 0UL);
95*6236dae4SAndroid Build Coastguard Worker }
96*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
97*6236dae4SAndroid Build Coastguard Worker #else
98*6236dae4SAndroid Build Coastguard Worker return CURLE_NOT_BUILT_IN;
99*6236dae4SAndroid Build Coastguard Worker #endif
100*6236dae4SAndroid Build Coastguard Worker }
101*6236dae4SAndroid Build Coastguard Worker #endif
102*6236dae4SAndroid Build Coastguard Worker
103*6236dae4SAndroid Build Coastguard Worker #if !defined(USE_SSL)
104*6236dae4SAndroid Build Coastguard Worker /* ---- possibly non-cryptographic version following ---- */
weak_random(struct Curl_easy * data,unsigned char * entropy,size_t length)105*6236dae4SAndroid Build Coastguard Worker static CURLcode weak_random(struct Curl_easy *data,
106*6236dae4SAndroid Build Coastguard Worker unsigned char *entropy,
107*6236dae4SAndroid Build Coastguard Worker size_t length) /* always 4, size of int */
108*6236dae4SAndroid Build Coastguard Worker {
109*6236dae4SAndroid Build Coastguard Worker unsigned int r;
110*6236dae4SAndroid Build Coastguard Worker DEBUGASSERT(length == sizeof(int));
111*6236dae4SAndroid Build Coastguard Worker
112*6236dae4SAndroid Build Coastguard Worker /* Trying cryptographically secure functions first */
113*6236dae4SAndroid Build Coastguard Worker #ifdef _WIN32
114*6236dae4SAndroid Build Coastguard Worker (void)data;
115*6236dae4SAndroid Build Coastguard Worker {
116*6236dae4SAndroid Build Coastguard Worker CURLcode result = Curl_win32_random(entropy, length);
117*6236dae4SAndroid Build Coastguard Worker if(result != CURLE_NOT_BUILT_IN)
118*6236dae4SAndroid Build Coastguard Worker return result;
119*6236dae4SAndroid Build Coastguard Worker }
120*6236dae4SAndroid Build Coastguard Worker #endif
121*6236dae4SAndroid Build Coastguard Worker
122*6236dae4SAndroid Build Coastguard Worker #if defined(HAVE_ARC4RANDOM)
123*6236dae4SAndroid Build Coastguard Worker (void)data;
124*6236dae4SAndroid Build Coastguard Worker r = (unsigned int)arc4random();
125*6236dae4SAndroid Build Coastguard Worker memcpy(entropy, &r, length);
126*6236dae4SAndroid Build Coastguard Worker #else
127*6236dae4SAndroid Build Coastguard Worker infof(data, "WARNING: using weak random seed");
128*6236dae4SAndroid Build Coastguard Worker {
129*6236dae4SAndroid Build Coastguard Worker static unsigned int randseed;
130*6236dae4SAndroid Build Coastguard Worker static bool seeded = FALSE;
131*6236dae4SAndroid Build Coastguard Worker unsigned int rnd;
132*6236dae4SAndroid Build Coastguard Worker if(!seeded) {
133*6236dae4SAndroid Build Coastguard Worker struct curltime now = Curl_now();
134*6236dae4SAndroid Build Coastguard Worker randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
135*6236dae4SAndroid Build Coastguard Worker randseed = randseed * 1103515245 + 12345;
136*6236dae4SAndroid Build Coastguard Worker randseed = randseed * 1103515245 + 12345;
137*6236dae4SAndroid Build Coastguard Worker randseed = randseed * 1103515245 + 12345;
138*6236dae4SAndroid Build Coastguard Worker seeded = TRUE;
139*6236dae4SAndroid Build Coastguard Worker }
140*6236dae4SAndroid Build Coastguard Worker
141*6236dae4SAndroid Build Coastguard Worker /* Return an unsigned 32-bit pseudo-random number. */
142*6236dae4SAndroid Build Coastguard Worker r = randseed = randseed * 1103515245 + 12345;
143*6236dae4SAndroid Build Coastguard Worker rnd = (r << 16) | ((r >> 16) & 0xFFFF);
144*6236dae4SAndroid Build Coastguard Worker memcpy(entropy, &rnd, length);
145*6236dae4SAndroid Build Coastguard Worker }
146*6236dae4SAndroid Build Coastguard Worker #endif
147*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
148*6236dae4SAndroid Build Coastguard Worker }
149*6236dae4SAndroid Build Coastguard Worker #endif
150*6236dae4SAndroid Build Coastguard Worker
151*6236dae4SAndroid Build Coastguard Worker #ifdef USE_SSL
152*6236dae4SAndroid Build Coastguard Worker #define _random(x,y,z) Curl_ssl_random(x,y,z)
153*6236dae4SAndroid Build Coastguard Worker #else
154*6236dae4SAndroid Build Coastguard Worker #define _random(x,y,z) weak_random(x,y,z)
155*6236dae4SAndroid Build Coastguard Worker #endif
156*6236dae4SAndroid Build Coastguard Worker
randit(struct Curl_easy * data,unsigned int * rnd,bool env_override)157*6236dae4SAndroid Build Coastguard Worker static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
158*6236dae4SAndroid Build Coastguard Worker bool env_override)
159*6236dae4SAndroid Build Coastguard Worker {
160*6236dae4SAndroid Build Coastguard Worker #ifdef DEBUGBUILD
161*6236dae4SAndroid Build Coastguard Worker if(env_override) {
162*6236dae4SAndroid Build Coastguard Worker char *force_entropy = getenv("CURL_ENTROPY");
163*6236dae4SAndroid Build Coastguard Worker if(force_entropy) {
164*6236dae4SAndroid Build Coastguard Worker static unsigned int randseed;
165*6236dae4SAndroid Build Coastguard Worker static bool seeded = FALSE;
166*6236dae4SAndroid Build Coastguard Worker
167*6236dae4SAndroid Build Coastguard Worker if(!seeded) {
168*6236dae4SAndroid Build Coastguard Worker unsigned int seed = 0;
169*6236dae4SAndroid Build Coastguard Worker size_t elen = strlen(force_entropy);
170*6236dae4SAndroid Build Coastguard Worker size_t clen = sizeof(seed);
171*6236dae4SAndroid Build Coastguard Worker size_t min = elen < clen ? elen : clen;
172*6236dae4SAndroid Build Coastguard Worker memcpy((char *)&seed, force_entropy, min);
173*6236dae4SAndroid Build Coastguard Worker randseed = ntohl(seed);
174*6236dae4SAndroid Build Coastguard Worker seeded = TRUE;
175*6236dae4SAndroid Build Coastguard Worker }
176*6236dae4SAndroid Build Coastguard Worker else
177*6236dae4SAndroid Build Coastguard Worker randseed++;
178*6236dae4SAndroid Build Coastguard Worker *rnd = randseed;
179*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
180*6236dae4SAndroid Build Coastguard Worker }
181*6236dae4SAndroid Build Coastguard Worker }
182*6236dae4SAndroid Build Coastguard Worker #else
183*6236dae4SAndroid Build Coastguard Worker (void)env_override;
184*6236dae4SAndroid Build Coastguard Worker #endif
185*6236dae4SAndroid Build Coastguard Worker
186*6236dae4SAndroid Build Coastguard Worker /* data may be NULL! */
187*6236dae4SAndroid Build Coastguard Worker return _random(data, (unsigned char *)rnd, sizeof(*rnd));
188*6236dae4SAndroid Build Coastguard Worker }
189*6236dae4SAndroid Build Coastguard Worker
190*6236dae4SAndroid Build Coastguard Worker /*
191*6236dae4SAndroid Build Coastguard Worker * Curl_rand() stores 'num' number of random unsigned characters in the buffer
192*6236dae4SAndroid Build Coastguard Worker * 'rnd' points to.
193*6236dae4SAndroid Build Coastguard Worker *
194*6236dae4SAndroid Build Coastguard Worker * If libcurl is built without TLS support or with a TLS backend that lacks a
195*6236dae4SAndroid Build Coastguard Worker * proper random API (Rustls or mbedTLS), this function will use "weak"
196*6236dae4SAndroid Build Coastguard Worker * random.
197*6236dae4SAndroid Build Coastguard Worker *
198*6236dae4SAndroid Build Coastguard Worker * When built *with* TLS support and a backend that offers strong random, it
199*6236dae4SAndroid Build Coastguard Worker * will return error if it cannot provide strong random values.
200*6236dae4SAndroid Build Coastguard Worker *
201*6236dae4SAndroid Build Coastguard Worker * NOTE: 'data' may be passed in as NULL when coming from external API without
202*6236dae4SAndroid Build Coastguard Worker * easy handle!
203*6236dae4SAndroid Build Coastguard Worker *
204*6236dae4SAndroid Build Coastguard Worker */
205*6236dae4SAndroid Build Coastguard Worker
Curl_rand_bytes(struct Curl_easy * data,bool env_override,unsigned char * rnd,size_t num)206*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_rand_bytes(struct Curl_easy *data,
207*6236dae4SAndroid Build Coastguard Worker #ifdef DEBUGBUILD
208*6236dae4SAndroid Build Coastguard Worker bool env_override,
209*6236dae4SAndroid Build Coastguard Worker #endif
210*6236dae4SAndroid Build Coastguard Worker unsigned char *rnd, size_t num)
211*6236dae4SAndroid Build Coastguard Worker {
212*6236dae4SAndroid Build Coastguard Worker CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
213*6236dae4SAndroid Build Coastguard Worker #ifndef DEBUGBUILD
214*6236dae4SAndroid Build Coastguard Worker const bool env_override = FALSE;
215*6236dae4SAndroid Build Coastguard Worker #endif
216*6236dae4SAndroid Build Coastguard Worker
217*6236dae4SAndroid Build Coastguard Worker DEBUGASSERT(num);
218*6236dae4SAndroid Build Coastguard Worker
219*6236dae4SAndroid Build Coastguard Worker while(num) {
220*6236dae4SAndroid Build Coastguard Worker unsigned int r;
221*6236dae4SAndroid Build Coastguard Worker size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int);
222*6236dae4SAndroid Build Coastguard Worker
223*6236dae4SAndroid Build Coastguard Worker result = randit(data, &r, env_override);
224*6236dae4SAndroid Build Coastguard Worker if(result)
225*6236dae4SAndroid Build Coastguard Worker return result;
226*6236dae4SAndroid Build Coastguard Worker
227*6236dae4SAndroid Build Coastguard Worker while(left) {
228*6236dae4SAndroid Build Coastguard Worker *rnd++ = (unsigned char)(r & 0xFF);
229*6236dae4SAndroid Build Coastguard Worker r >>= 8;
230*6236dae4SAndroid Build Coastguard Worker --num;
231*6236dae4SAndroid Build Coastguard Worker --left;
232*6236dae4SAndroid Build Coastguard Worker }
233*6236dae4SAndroid Build Coastguard Worker }
234*6236dae4SAndroid Build Coastguard Worker
235*6236dae4SAndroid Build Coastguard Worker return result;
236*6236dae4SAndroid Build Coastguard Worker }
237*6236dae4SAndroid Build Coastguard Worker
238*6236dae4SAndroid Build Coastguard Worker /*
239*6236dae4SAndroid Build Coastguard Worker * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random
240*6236dae4SAndroid Build Coastguard Worker * hexadecimal digits PLUS a null-terminating byte. It must be an odd number
241*6236dae4SAndroid Build Coastguard Worker * size.
242*6236dae4SAndroid Build Coastguard Worker */
243*6236dae4SAndroid Build Coastguard Worker
Curl_rand_hex(struct Curl_easy * data,unsigned char * rnd,size_t num)244*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
245*6236dae4SAndroid Build Coastguard Worker size_t num)
246*6236dae4SAndroid Build Coastguard Worker {
247*6236dae4SAndroid Build Coastguard Worker CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
248*6236dae4SAndroid Build Coastguard Worker unsigned char buffer[128];
249*6236dae4SAndroid Build Coastguard Worker DEBUGASSERT(num > 1);
250*6236dae4SAndroid Build Coastguard Worker
251*6236dae4SAndroid Build Coastguard Worker #ifdef __clang_analyzer__
252*6236dae4SAndroid Build Coastguard Worker /* This silences a scan-build warning about accessing this buffer with
253*6236dae4SAndroid Build Coastguard Worker uninitialized memory. */
254*6236dae4SAndroid Build Coastguard Worker memset(buffer, 0, sizeof(buffer));
255*6236dae4SAndroid Build Coastguard Worker #endif
256*6236dae4SAndroid Build Coastguard Worker
257*6236dae4SAndroid Build Coastguard Worker if((num/2 >= sizeof(buffer)) || !(num&1)) {
258*6236dae4SAndroid Build Coastguard Worker /* make sure it fits in the local buffer and that it is an odd number! */
259*6236dae4SAndroid Build Coastguard Worker DEBUGF(infof(data, "invalid buffer size with Curl_rand_hex"));
260*6236dae4SAndroid Build Coastguard Worker return CURLE_BAD_FUNCTION_ARGUMENT;
261*6236dae4SAndroid Build Coastguard Worker }
262*6236dae4SAndroid Build Coastguard Worker
263*6236dae4SAndroid Build Coastguard Worker num--; /* save one for null-termination */
264*6236dae4SAndroid Build Coastguard Worker
265*6236dae4SAndroid Build Coastguard Worker result = Curl_rand(data, buffer, num/2);
266*6236dae4SAndroid Build Coastguard Worker if(result)
267*6236dae4SAndroid Build Coastguard Worker return result;
268*6236dae4SAndroid Build Coastguard Worker
269*6236dae4SAndroid Build Coastguard Worker Curl_hexencode(buffer, num/2, rnd, num + 1);
270*6236dae4SAndroid Build Coastguard Worker return result;
271*6236dae4SAndroid Build Coastguard Worker }
272*6236dae4SAndroid Build Coastguard Worker
273*6236dae4SAndroid Build Coastguard Worker /*
274*6236dae4SAndroid Build Coastguard Worker * Curl_rand_alnum() fills the 'rnd' buffer with a given 'num' size with random
275*6236dae4SAndroid Build Coastguard Worker * alphanumerical chars PLUS a null-terminating byte.
276*6236dae4SAndroid Build Coastguard Worker */
277*6236dae4SAndroid Build Coastguard Worker
278*6236dae4SAndroid Build Coastguard Worker static const char alnum[] =
279*6236dae4SAndroid Build Coastguard Worker "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
280*6236dae4SAndroid Build Coastguard Worker
Curl_rand_alnum(struct Curl_easy * data,unsigned char * rnd,size_t num)281*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd,
282*6236dae4SAndroid Build Coastguard Worker size_t num)
283*6236dae4SAndroid Build Coastguard Worker {
284*6236dae4SAndroid Build Coastguard Worker CURLcode result = CURLE_OK;
285*6236dae4SAndroid Build Coastguard Worker const unsigned int alnumspace = sizeof(alnum) - 1;
286*6236dae4SAndroid Build Coastguard Worker unsigned int r;
287*6236dae4SAndroid Build Coastguard Worker DEBUGASSERT(num > 1);
288*6236dae4SAndroid Build Coastguard Worker
289*6236dae4SAndroid Build Coastguard Worker num--; /* save one for null-termination */
290*6236dae4SAndroid Build Coastguard Worker
291*6236dae4SAndroid Build Coastguard Worker while(num) {
292*6236dae4SAndroid Build Coastguard Worker do {
293*6236dae4SAndroid Build Coastguard Worker result = randit(data, &r, TRUE);
294*6236dae4SAndroid Build Coastguard Worker if(result)
295*6236dae4SAndroid Build Coastguard Worker return result;
296*6236dae4SAndroid Build Coastguard Worker } while(r >= (UINT_MAX - UINT_MAX % alnumspace));
297*6236dae4SAndroid Build Coastguard Worker
298*6236dae4SAndroid Build Coastguard Worker *rnd++ = (unsigned char)alnum[r % alnumspace];
299*6236dae4SAndroid Build Coastguard Worker num--;
300*6236dae4SAndroid Build Coastguard Worker }
301*6236dae4SAndroid Build Coastguard Worker *rnd = 0;
302*6236dae4SAndroid Build Coastguard Worker
303*6236dae4SAndroid Build Coastguard Worker return result;
304*6236dae4SAndroid Build Coastguard Worker }
305