Forráskód Böngészése

Improved random number generation

Tyler Akins 25 éve
szülő
commit
60ec412850
2 módosított fájl, 86 hozzáadás és 24 törlés
  1. 8 5
      functions/smtp.php
  2. 78 19
      functions/strings.php

+ 8 - 5
functions/smtp.php

@@ -74,14 +74,17 @@
 
    // Return a nice MIME-boundary
    function mimeBoundary () {
-      global $version, $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT;
-
       static $mimeBoundaryString;
 
       if ($mimeBoundaryString == "") {
-         $temp = "SquirrelMail".$version.$REMOTE_ADDR.$SERVER_NAME.
-            $REMOTE_PORT;
-         $mimeBoundaryString = "=-_+".substr(md5($temp),1,20);
+         sq_mt_randomize(); // Initialize the random number generator
+         // Use all allowed chars besides space.
+         $Chrs = '\'()+,-./0123456789:=?ABCDEFGHIJKLMNOP' .
+             'QRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz';
+         // Create a LONG boundary to ensure no duplicates
+         while (strlen($mimeBoundaryString) < 70) {
+            $mimeBoundaryString .= $Chrs[mt_rand(0, strlen($Chrs))];
+         }
       }
 
       return $mimeBoundaryString;

+ 78 - 19
functions/strings.php

@@ -255,29 +255,88 @@
       return $decrypted;
    }
 
-   function OneTimePadCreate ($length=100) {
-      global $REMOTE_PORT, $REMOTE_ADDR, $UNIQUE_ID;
 
-      // Entropy gathering
-      if (function_exists("crc32")) {
-	 $seed1 = (double) microtime() * 1000000;
-	 $seed2 = md5($REMOTE_PORT . $REMOTE_ADDR . $UNIQUE_ID);
-	 if (function_exists("getrusage")) {
-	    $dat = getrusage();
-	    $seed3 = md5($dat["ru_nswap"].$dat["ru_majflt"].$dat["ru_utime.tv_sec"].$dat["ru_utime.tv_usec"].getmypid());
-	 } else {
-	    $seed3 = getmypid();
-	 }
-
-	 $seed = crc32($seed1)*1000000 + crc32($seed2)*10000 + crc32($seed3);
-      } else {
-	 $seed = (double) microtime() * 1000000;
-      }
+   // Randomize the mt_rand() function.  Toss this in strings or
+   // integers and it will seed the generator appropriately.
+   // With strings, it is better to get them long. Use md5() to
+   // lengthen smaller strings.
+   function sq_mt_seed($Val)
+   {
+       // if mt_getrandmax() does not return a 2^n - 1 number,
+       // this might not work well.  This uses $Max as a bitmask.
+       $Max = mt_getrandmax();
+       
+       if (! is_int($Val))
+       {
+           if (function_exists("crc32"))
+           {
+               $Val = crc32($Val);
+           }
+           else
+           {
+               $Str = $Val;
+               $Pos = 0;
+               $Val = 0;
+               $Mask = $Max / 2;
+               $HighBit = $Max ^ $Mask;
+               while ($Pos < strlen($Str))
+               {
+                   if ($Val & $HighBit)
+                   {
+                       $Val = (($Val & $Mask) << 1) + 1;
+                   }
+                   else
+                   {
+                       $Val = ($Val & $Mask) << 1;
+                   }
+                   $Val ^= $Str[$Pos];
+                   $Pos ++;
+               }
+           }
+       }
 
-      srand ($seed);
+       if ($Val < 0)
+         $Val *= -1;
+       if ($Val = 0)
+         return;
+
+       mt_srand(($Val ^ mt_rand(0, $Max)) & $Max);
+   }
+   
+   
+   // This function initializes the random number generator fairly well.
+   // It also only initializes it once, so you don't accidentally get
+   // the same 'random' numbers twice in one session.
+   function sq_mt_randomize()
+   {
+      global $REMOTE_PORT, $REMOTE_ADDR, $UNIQUE_ID;
+      static $randomized;
+      
+      if ($randomized)
+         return;
+      
+      // Global   
+      sq_mt_seed((int)((double) microtime() * 1000000));
+      sq_mt_seed(md5($REMOTE_PORT . $REMOTE_ADDR . getmypid()));
+      
+      // getrusage
+      if (function_exists("getrusage")) {
+         $dat = getrusage();
+	 sq_mt_seed(md5($dat["ru_nswap"] . $dat["ru_majflt"] . 
+	    $dat["ru_utime.tv_sec"] . $dat["ru_utime.tv_usec"]));
+      }
+      
+      // Apache-specific
+      sq_mt_seed(md5($UNIQUE_ID));
+      
+      $randomized = 1;
+   }
+   
+   function OneTimePadCreate ($length=100) {
+      sq_mt_randomize();
       
       for ($i = 0; $i < $length; $i++) {
-	 $pad .= chr(rand(0,255));
+	 $pad .= chr(mt_rand(0,255));
       }
 
       return $pad;