rework seed generation: this is something that really belongs in init.php

so do it there. Input enough random components from diferent dimensions,
so hard to predict.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13268 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index 0c87ca9d380d4945e8124745f0f6b47fcb402598..dae32fc81ea7d10d9d1c1524fb220694ee7a0801 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -261,6 +261,7 @@ Version 1.5.2 - SVN
     (third party) plugin.
   - Allow a different server address for the POP server to be configured when
     using POP before SMTP.
+  - Seed random number generator in one place during script init.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

diff --git a/functions/global.php b/functions/global.php
index a5c24d021c82bbd04c9ef189a74d37a314e20ce0..a54bcfe1950fb000954e8d90c72fa0f56ebaa8b4 100644 (file)
--- a/functions/global.php
+++ b/functions/global.php
@@ -546,7 +546,6 @@ function sqsetcookie($sName,$sValue='deleted',$iExpire=0,$sPath="",$sDomain="",$
 if (!function_exists('session_regenerate_id')) {
 
     function php_combined_lcg() {
-        sq_mt_randomize();
         $tv = gettimeofday();
         $lcg['s1'] = $tv['sec'] ^ (~$tv['usec']);
         $lcg['s2'] = mt_rand();

diff --git a/functions/strings.php b/functions/strings.php
index 9383d83d09120c06c0b0f8bb67d59eb2171ea6f8..61f88dfa36895e29be1b520f79fe234f613433af 100644 (file)
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -635,83 +635,6 @@ function OneTimePadDecrypt ($string, $epad) {
     return $decrypted;
 }
 
-
-/**
- * Randomizes the mt_rand() function.
- *
- * Toss this in strings or integers and it will seed the generator
- * appropriately. With strings, it is better to get them long.
- * Use md5() to lengthen smaller strings.
- *
- * @param mixed $val a value to seed the random number generator. mixed = integer or string.
- * @return void
- * @since 1.0
- */
-function sq_mt_seed($Val) {
-    /* if mt_getrandmax() does not return a 2^n - 1 number,
-       this might not work well.  This uses $Max as a bitmask. */
-    $Max = mt_getrandmax();
-
-    if (! is_int($Val)) {
-            $Val = crc32($Val);
-    }
-
-    if ($Val < 0) {
-        $Val *= -1;
-    }
-
-    if ($Val == 0) {
-        return;
-    }
-
-    mt_srand(($Val ^ mt_rand(0, $Max)) & $Max);
-}
-
-
-/**
- * Init random number generator
- *
- * This function initializes the random number generator fairly well.
- * It also only initializes it once, so you don't accidentally get
- * the same 'random' numbers twice in one session.
- *
- * @return void
- * @since 1.0
- */
-function sq_mt_randomize() {
-    static $randomized;
-
-    if ($randomized) {
-        return;
-    }
-
-    /* Global. */
-    sqgetGlobalVar('REMOTE_PORT', $remote_port, SQ_SERVER);
-    sqgetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER);
-    sq_mt_seed((int)((double) microtime() * 1000000));
-    sq_mt_seed(md5($remote_port . $remote_addr . getmypid()));
-
-    /* getrusage */
-    if (function_exists('getrusage')) {
-        /* Avoid warnings with Win32 */
-        $dat = @getrusage();
-        if (isset($dat) && is_array($dat)) {
-            $Str = '';
-            foreach ($dat as $k => $v)
-                {
-                    $Str .= $k . $v;
-                }
-            sq_mt_seed(md5($Str));
-        }
-    }
-
-    if(sqgetGlobalVar('UNIQUE_ID', $unique_id, SQ_SERVER)) {
-        sq_mt_seed(md5($unique_id));
-    }
-
-    $randomized = 1;
-}
-
 /**
  * Creates encryption key
  *
@@ -724,8 +647,6 @@ function sq_mt_randomize() {
  * @since 1.0
  */
 function OneTimePadCreate ($length=100) {
-    sq_mt_randomize();
-
     $pad = '';
     for ($i = 0; $i < $length; $i++) {
         $pad .= chr(mt_rand(0,255));
@@ -789,8 +710,6 @@ function GenerateRandomString($size, $chars, $flags = 0) {
         return '';
     }
 
-    sq_mt_randomize(); /* Initialize the random number generator */
-
     $String = '';
     $j = strlen( $chars ) - 1;
     while (strlen($String) < $size) {

diff --git a/include/init.php b/include/init.php
index 3899239379d40225f8e28dc8e94b525d515f393f..166967aa9fe3ae1ce1a9ce4479ca67eb74b86741 100644 (file)
--- a/include/init.php
+++ b/include/init.php
@@ -87,6 +87,35 @@ if (!(bool)ini_get('session.use_cookies') ||
     ini_set('session.use_cookies','1');
 }
 
+/**
+ * Initialize seed of random number generator.
+ * We use a number of things to randomize input: current time in ms,
+ * info about the remote client, info about the current process, the
+ * randomness of uniqid and stat of the current file.
+ *
+ * We seed this here only once per init, not only to save cycles
+ * but also to make the result of mt_rand more random (it now also
+ * depends on the number of times mt_rand was called before in this
+ * execution.
+ */
+$seed = microtime() . $_SERVER['REMOTE_PORT'] . $_SERVER['REMOTE_ADDR'] . getmypid();
+
+if (function_exists('getrusage')) {
+    /* Avoid warnings with Win32 */
+    $dat = @getrusage();
+    if (isset($dat) && is_array($dat)) { $seed .= implode('', $dat); }
+}
+
+if(!empty($_SERVER['UNIQUE_ID'])) {
+    $seed .= $_SERVER['UNIQUE_ID'];
+}
+
+$seed .= uniqid(mt_rand(),TRUE);
+$seed .= implode( '', stat( __FILE__) );
+
+/** PHP 4.2 and up don't require seeding, but their used seed algorithm
+ *  is of questionable quality, so we keep doing it ourselves. */
+mt_srand(hexdec(md5($seed)));
 
 /**
  * calculate SM_PATH and calculate the base_uri

diff --git a/plugins/change_password/backend/ldap.php b/plugins/change_password/backend/ldap.php
index a947ba0dd90d41b9cd167de095d668464fbc09bf..dbf57618bc76e7c37b80533f7596c27eb402f0af 100644 (file)
--- a/plugins/change_password/backend/ldap.php
+++ b/plugins/change_password/backend/ldap.php
@@ -550,11 +550,9 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'smd5':
         // minimal requirement = mhash extension with md5 support and php 4.0.4.
         if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) && defined('MHASH_MD5')) {
-            sq_mt_seed( (double) microtime() * 1000000 );
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
-                sq_mt_randomize();
                 $salt = mhash_keygen_s2k( MHASH_MD5, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SMD5}".base64_encode( mhash( MHASH_MD5, $pass.$salt ).$salt );
@@ -591,11 +589,9 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
     case 'ssha':
         // minimal requirement = mhash extension and php 4.0.4
         if( function_exists( 'mhash' ) && function_exists( 'mhash_keygen_s2k' ) && defined('MHASH_SHA1')) {
-            sq_mt_seed( (double) microtime() * 1000000 );
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
-                sq_mt_randomize();
                 $salt = mhash_keygen_s2k( MHASH_SHA1, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $pass.$salt ).$salt );

diff --git a/themes/darkness.php b/themes/darkness.php
index 8dac3df6ce79dc47861fa8aebbb80ff397ae0bdc..b7ca509e5e8a28f73668a8dcaf1fd0775300cd6a 100755 (executable)
--- a/themes/darkness.php
+++ b/themes/darkness.php
@@ -12,17 +12,13 @@
  * @subpackage themes
  */
 
-/**
- * Load up the usual suspects.. */
-require_once(SM_PATH . 'functions/strings.php');
-
-   // Note:  The text distance is actually pre-squared
-   // Background range is from 24-64, all three colors are the same
-   // Text range is from 196 to 255
-   $BackgroundTargetDistance = 12;
-   $BackgroundAdjust = 1;
-   $TextTargetDistance = 65536;
-   $TextAdjust = 0.95;
+// Note:  The text distance is actually pre-squared
+// Background range is from 24-64, all three colors are the same
+// Text range is from 196 to 255
+$BackgroundTargetDistance = 12;
+$BackgroundAdjust = 1;
+$TextTargetDistance = 65536;
+$TextAdjust = 0.95;
 
 function IsUnique($Distance, $r, $g, $b, $usedArray)
 {
@@ -74,9 +70,6 @@ global $squirrelmail_plugin_hooks;
 $squirrelmail_plugin_hooks['generic_header']['theme_darkness'] =
     'Darkness_HeaderPlugin';
 
-/** seed the random number generator **/
-sq_mt_randomize();
-
 $color[3] = '#000000';
 $color[4] = '#000000';
 $used = array(0);

diff --git a/themes/greenhouse_effect.php b/themes/greenhouse_effect.php
index e524d36bf0526999fbd8432d090ff41705c1b33f..c6a751cacaf27c2ea1b96d49bd9c01e88220d68b 100755 (executable)
--- a/themes/greenhouse_effect.php
+++ b/themes/greenhouse_effect.php
@@ -19,12 +19,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator **/
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /* background/foreground toggle **/
     if ($i == 0 || $i == 3 || $i == 4 || $i == 5

diff --git a/themes/in_the_pink.php b/themes/in_the_pink.php
index d2db4fadc50fd06e1c6564cd0ba006128955ed2f..8ac1020d7026d016eef2ded8a24a2c046e64403e 100755 (executable)
--- a/themes/in_the_pink.php
+++ b/themes/in_the_pink.php
@@ -20,12 +20,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/* seed the random number generator */
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /* background/foreground toggle */
     if ($i == 0 or $i == 3 or $i == 4 or $i == 5 or $i == 9 or $i == 10 or $i == 12 or $i == 16) {

diff --git a/themes/kind_of_blue.php b/themes/kind_of_blue.php
index 630b255a6362cb0cb95242a382f8b165cd115b20..022d093ca7a27af65afbdee3629480deb63e06c3 100755 (executable)
--- a/themes/kind_of_blue.php
+++ b/themes/kind_of_blue.php
@@ -20,12 +20,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator */
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /* background/foreground toggle */
     if ($i == 0 or $i == 3 or $i == 4 or $i == 5 or $i == 9 or $i == 10 or $i == 12 or $i == 16) {

diff --git a/themes/monostochastic.php b/themes/monostochastic.php
index 2cc37c0f9fba5dd3129a73ae68c28f6bb9f57336..fd7f18202ec36b862101585580b3d0c3386be58a 100755 (executable)
--- a/themes/monostochastic.php
+++ b/themes/monostochastic.php
@@ -20,12 +20,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator */
-sq_mt_randomize();
-
 /** light(1) or dark(0) background toggle **/
 $bg = mt_rand(0,1);
 

diff --git a/themes/random.php b/themes/random.php
index 2064b78d0701d4d3363645a2f5327ac22a559f3b..af6793a2da3a50aea1d55b2ed2ecca3083950cae 100755 (executable)
--- a/themes/random.php
+++ b/themes/random.php
@@ -20,10 +20,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
 
 /** load required functions */
 include_once(SM_PATH . 'functions/global.php');
-include_once(SM_PATH . 'functions/strings.php');
-
-/** Initialize the random number generator */
-sq_mt_randomize();
 
 global $theme;
 

diff --git a/themes/shades_of_grey.php b/themes/shades_of_grey.php
index 83e5a62a865169a986fd4cdb19f99eed5b8e1966..b5e20541a3026a18989c82cabd2d59e8ba9a9a64 100755 (executable)
--- a/themes/shades_of_grey.php
+++ b/themes/shades_of_grey.php
@@ -19,12 +19,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator */
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /* background/foreground toggle */
     if ($i == 0 or $i == 3 or $i == 4 or $i == 5 or $i == 9 or $i == 10 or $i == 12 or $i == 16) {

diff --git a/themes/spice_of_life.php b/themes/spice_of_life.php
index 217e5e5703115e8f7d86c989c720ade68648b576..235be941a92dbb1584beb465dc7a39c28cf302a7 100755 (executable)
--- a/themes/spice_of_life.php
+++ b/themes/spice_of_life.php
@@ -19,12 +19,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator **/
-sq_mt_randomize();
-
 /** light(1) or dark(0) background? **/
 $bg = mt_rand(0,1);
 

diff --git a/themes/spice_of_life_dark.php b/themes/spice_of_life_dark.php
index 1e85247085795d3380211cee03c498211d8de1e0..d061f4f1b05f87621c65a47e07254d0553901db2 100755 (executable)
--- a/themes/spice_of_life_dark.php
+++ b/themes/spice_of_life_dark.php
@@ -19,12 +19,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator **/
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /** background/foreground toggle **/
     if ($i == 0 or $i == 3 or $i == 4 or $i == 5 or $i == 9 or $i == 10 or $i == 12 or $i == 16) {

diff --git a/themes/spice_of_life_lite.php b/themes/spice_of_life_lite.php
index 0ca4e5f2ca813be710f9169d51b899d1149f90b3..1ba89ffdb37b73cf6e427b7d6c11b48b44a4a2e2 100755 (executable)
--- a/themes/spice_of_life_lite.php
+++ b/themes/spice_of_life_lite.php
@@ -19,12 +19,6 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
     die();
 }
 
-/** load sq_mt_randomize() */
-include_once(SM_PATH . 'functions/strings.php');
-
-/** seed the random number generator **/
-sq_mt_randomize();
-
 for ($i = 0; $i <= 16; $i++) {
     /** background/foreground toggle **/
     if ($i == 0 or $i == 3 or $i == 4 or $i == 5 or $i == 9 or $i == 10 or $i == 12 or $i == 16) {