diff --git a/src/ChangeLog b/src/ChangeLog
index 9dbe6838..974ba611 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,16 @@
+2001-12-17 Hrvoje Niksic <hniksic@arsdigita.com>
+
+ * gen_sslfunc.c (ssl_init_prng): Use random_number to get a byte
+ of "randomness" at a time.
+ (ssl_init_prng): Don't seed the PRNG; random_number will do that.
+
+ * retr.c (sleep_between_retrievals): Use it. Make sure that the
+ random amount averages in opt.wait.
+ (sleep_between_retrievals): Don't seed the PRNG; random_number
+ will do that.
+
+ * utils.c (random_number): New function.
+
2001-12-14 Hrvoje Niksic <hniksic@arsdigita.com>
* url.c (path_simplify): Move here from utils.c, and make static.
diff --git a/src/gen_sslfunc.c b/src/gen_sslfunc.c
index d28f1ad8..1f97edcc 100644
--- a/src/gen_sslfunc.c
+++ b/src/gen_sslfunc.c
@@ -42,6 +42,7 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
#include <openssl/rand.h>
#include "wget.h"
+#include "utils.h"
#include "connect.h"
#include "url.h"
@@ -96,11 +97,10 @@ ssl_init_prng (void)
security will use /dev/random or their own source of randomness
anyway. */
- srand (time (NULL));
while (RAND_status () == 0 && maxrand-- > 0)
{
- int rnd = rand ();
- RAND_seed ((unsigned char *)&rnd, sizeof (rnd));
+ unsigned char rnd = random_number (256);
+ RAND_seed (&rnd, sizeof (rnd));
}
if (RAND_status () == 0)
diff --git a/src/retr.c b/src/retr.c
index 44229cba..6bd88589 100644
--- a/src/retr.c
+++ b/src/retr.c
@@ -653,10 +653,6 @@ sleep_between_retrievals (int count)
{
static int first_retrieval = 1;
- if (first_retrieval && opt.random_wait)
- /* --random-wait uses the RNG, so seed it. */
- srand (time (NULL));
-
if (!first_retrieval && (opt.wait || opt.waitretry))
{
if (opt.waitretry && count > 1)
@@ -676,10 +672,10 @@ sleep_between_retrievals (int count)
sleep (opt.wait);
else
{
- int waitmax = 2 * opt.wait;
- /* This is equivalent to rand() % waitmax, but uses the
- high-order bits for better randomness. */
- int waitsecs = (double)waitmax * rand () / (RAND_MAX + 1.0);
+ /* Sleep a random amount of time averaging in opt.wait
+ seconds. The sleeping amount ranges from 0 to
+ opt.wait*2, inclusive. */
+ int waitsecs = random_number (opt.wait * 2 + 1);
DEBUGP (("sleep_between_retrievals: norm=%ld,fuzz=%ld,sleep=%d\n",
opt.wait, waitsecs - opt.wait, waitsecs));
diff --git a/src/utils.c b/src/utils.c
index f6f73618..69f0bdc0 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -1654,6 +1654,49 @@ determine_screen_width (void)
#endif /* TIOCGWINSZ */
}
+/* Return a random number between 0 and MAX-1, inclusive.
+
+ If MAX is greater than the value of RAND_MAX+1 on the system, the
+ returned value will be in the range [0, RAND_MAX]. This may be
+ fixed in a future release.
+
+ The random number generator is seeded automatically the first time
+ it is called.
+
+ This uses rand() for portability. It has been suggested that
+ random() offers better randomness, but this is not required for
+ Wget, so I chose to go for simplicity and use rand
+ unconditionally. */
+
+int
+random_number (int max)
+{
+ static int seeded;
+ double bounded;
+ int rnd;
+
+ if (!seeded)
+ {
+ srand (time (NULL));
+ seeded = 1;
+ }
+ rnd = rand ();
+
+ /* On systems that don't define RAND_MAX, assume it to be 2**15 - 1,
+ and enforce that assumption by masking other bits. */
+#ifndef RAND_MAX
+# define RAND_MAX 32767
+ rnd &= RAND_MAX;
+#endif
+
+ /* This is equivalent to rand() % max, but uses the high-order bits
+ for better randomness on architecture where rand() is implemented
+ using a simple congruential generator. */
+
+ bounded = (double)max * rnd / (RAND_MAX + 1.0);
+ return (int)bounded;
+}
+
#if 0
/* A debugging function for checking whether an MD5 library works. */
diff --git a/src/utils.h b/src/utils.h
index e4c63689..0cba3018 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -102,5 +102,6 @@ long wtimer_granularity PARAMS ((void));
char *html_quote_string PARAMS ((const char *));
int determine_screen_width PARAMS ((void));
+int random_number PARAMS ((int));
#endif /* UTILS_H */