Curl_rand_bytes to control env override

- in DEBUGBUILD, all specifying if true random numbers
  are desired or simulated ones via CURL_ENTROPY
- allows to use randoms in other DEBUG checks to not
  interfere with the CURL_ENTROPY
- without this change, any Curl_rand() use will alter
  results of some AUTHENTICATION methods like DIGEST

Closes #14264

lib/cf-socket.c

@@ -1464,7 +1464,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data,
   /* simulate network blocking/partial writes */
   if(ctx->wblock_percent > 0) {
     unsigned char c = 0;
-    Curl_rand(data, &c, 1);
+    Curl_rand_bytes(data, FALSE, &c, 1);
     if(c >= ((100-ctx->wblock_percent)*256/100)) {
       CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE EWOULDBLOCK", orig_len);
       *err = CURLE_AGAIN;

lib/rand.c

@@ -100,29 +100,34 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length)
 }
 #endif
 
-static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
+static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
+                       bool env_override)
 {
   CURLcode result = CURLE_OK;
   static unsigned int randseed;
   static bool seeded = FALSE;
 
 #ifdef DEBUGBUILD
-  char *force_entropy = getenv("CURL_ENTROPY");
+  if(env_override) {
-  if(force_entropy) {
+    char *force_entropy = getenv("CURL_ENTROPY");
-    if(!seeded) {
+    if(force_entropy) {
-      unsigned int seed = 0;
+      if(!seeded) {
-      size_t elen = strlen(force_entropy);
+        unsigned int seed = 0;
-      size_t clen = sizeof(seed);
+        size_t elen = strlen(force_entropy);
-      size_t min = elen < clen ? elen : clen;
+        size_t clen = sizeof(seed);
-      memcpy((char *)&seed, force_entropy, min);
+        size_t min = elen < clen ? elen : clen;
-      randseed = ntohl(seed);
+        memcpy((char *)&seed, force_entropy, min);
-      seeded = TRUE;
+        randseed = ntohl(seed);
+        seeded = TRUE;
+      }
+      else
+        randseed++;
+      *rnd = randseed;
+      return CURLE_OK;
     }
-    else
-      randseed++;
-    *rnd = randseed;
-    return CURLE_OK;
   }
+#else
+  (void)env_override;
 #endif
 
   /* data may be NULL! */
@@ -198,9 +203,16 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
  *
  */
 
-CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
+CURLcode Curl_rand_bytes(struct Curl_easy *data,
+#ifdef DEBUGBUILD
+                         bool env_override,
+#endif
+                         unsigned char *rnd, size_t num)
 {
   CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
+#ifndef DEBUGBUILD
+  const bool env_override = FALSE;
+#endif
 
   DEBUGASSERT(num);
 
@@ -208,7 +220,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
     unsigned int r;
     size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int);
 
-    result = randit(data, &r);
+    result = randit(data, &r, env_override);
     if(result)
       return result;
 
@@ -278,7 +290,7 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd,
 
   while(num) {
     do {
-      result = randit(data, &r);
+      result = randit(data, &r, TRUE);
       if(result)
         return result;
     } while(r >= (UINT_MAX - UINT_MAX % alnumspace));

lib/rand.h

@@ -24,7 +24,17 @@
  *
  ***************************************************************************/
 
-CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num);
+CURLcode Curl_rand_bytes(struct Curl_easy *data,
+#ifdef DEBUGBUILD
+                         bool allow_env_override,
+#endif
+                         unsigned char *rnd, size_t num);
+
+#ifdef DEBUGBUILD
+#define Curl_rand(a,b,c)   Curl_rand_bytes((a), TRUE, (b), (c))
+#else
+#define Curl_rand(a,b,c)   Curl_rand_bytes((a), (b), (c))
+#endif
 
 /*
  * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random