Curl_rand_bytes to control env override

- in DEBUGBUILD, all specifying if true random numbers
  are desired or simulated ones via CURL_ENTROPY
- allows to use randoms in other DEBUG checks to not
  interfere with the CURL_ENTROPY
- without this change, any Curl_rand() use will alter
  results of some AUTHENTICATION methods like DIGEST

Closes #14264

lib/cf-socket.c

@@ -1464,7 +1464,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data,
   /* simulate network blocking/partial writes */
   if(ctx->wblock_percent > 0) {
     unsigned char c = 0;
-    Curl_rand(data, &c, 1);
+    Curl_rand_bytes(data, FALSE, &c, 1);
     if(c >= ((100-ctx->wblock_percent)*256/100)) {
       CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE EWOULDBLOCK", orig_len);
       *err = CURLE_AGAIN;

lib/rand.c

@@ -100,13 +100,15 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
 }
 #endif
 
-static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
+static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
+                       bool env_override)
 {
   CURLcode result = CURLE_OK;
   static unsigned int randseed;
   static bool seeded = FALSE;
 
 #ifdef DEBUGBUILD
+  if(env_override) {
     char *force_entropy = getenv("CURL_ENTROPY");
     if(force_entropy) {
       if(!seeded) {
@@ -123,6 +125,9 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
       *rnd = randseed;
       return CURLE_OK;
     }
+  }
+#else
+  (void)env_override;
 #endif
 
   /* data may be NULL! */
@@ -198,9 +203,16 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
  *
  */
 
-CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
+CURLcode Curl_rand_bytes(struct Curl_easy *data,
+#ifdef DEBUGBUILD
+                         bool env_override,
+#endif
+                         unsigned char *rnd, size_t num)
 {
   CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
+#ifndef DEBUGBUILD
+  const bool env_override = FALSE;
+#endif
 
   DEBUGASSERT(num);
 
@@ -208,7 +220,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
     unsigned int r;
     size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int);
 
-    result = randit(data, &r);
+    result = randit(data, &r, env_override);
     if(result)
       return result;
 
@@ -278,7 +290,7 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd,
 
   while(num) {
     do {
-      result = randit(data, &r);
+      result = randit(data, &r, TRUE);
       if(result)
         return result;
     } while(r >= (UINT_MAX - UINT_MAX % alnumspace));

lib/rand.h

@@ -24,7 +24,17 @@
  *
  ***************************************************************************/
 
-CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num);
+CURLcode Curl_rand_bytes(struct Curl_easy *data,
+#ifdef DEBUGBUILD
+                         bool allow_env_override,
+#endif
+                         unsigned char *rnd, size_t num);
+
+#ifdef DEBUGBUILD
+#define Curl_rand(a,b,c)   Curl_rand_bytes((a), TRUE, (b), (c))
+#else
+#define Curl_rand(a,b,c)   Curl_rand_bytes((a), (b), (c))
+#endif
 
 /*
  * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random