From dcaf2a499ddebe7cd23ed822ba543a1d85cd0ca8 Mon Sep 17 00:00:00 2001 From: fidian Date: Mon, 2 Oct 2000 12:17:26 +0000 Subject: [PATCH] Improved random number generation git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@771 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/smtp.php | 13 +++--- functions/strings.php | 97 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 86 insertions(+), 24 deletions(-) diff --git a/functions/smtp.php b/functions/smtp.php index ef8684da..c6e1825c 100644 --- a/functions/smtp.php +++ b/functions/smtp.php @@ -74,14 +74,17 @@ // Return a nice MIME-boundary function mimeBoundary () { - global $version, $REMOTE_ADDR, $SERVER_NAME, $REMOTE_PORT; - static $mimeBoundaryString; if ($mimeBoundaryString == "") { - $temp = "SquirrelMail".$version.$REMOTE_ADDR.$SERVER_NAME. - $REMOTE_PORT; - $mimeBoundaryString = "=-_+".substr(md5($temp),1,20); + sq_mt_randomize(); // Initialize the random number generator + // Use all allowed chars besides space. + $Chrs = '\'()+,-./0123456789:=?ABCDEFGHIJKLMNOP' . + 'QRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz'; + // Create a LONG boundary to ensure no duplicates + while (strlen($mimeBoundaryString) < 70) { + $mimeBoundaryString .= $Chrs[mt_rand(0, strlen($Chrs))]; + } } return $mimeBoundaryString; diff --git a/functions/strings.php b/functions/strings.php index 288f1e13..38566963 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -255,29 +255,88 @@ return $decrypted; } - function OneTimePadCreate ($length=100) { - global $REMOTE_PORT, $REMOTE_ADDR, $UNIQUE_ID; - // Entropy gathering - if (function_exists("crc32")) { - $seed1 = (double) microtime() * 1000000; - $seed2 = md5($REMOTE_PORT . $REMOTE_ADDR . $UNIQUE_ID); - if (function_exists("getrusage")) { - $dat = getrusage(); - $seed3 = md5($dat["ru_nswap"].$dat["ru_majflt"].$dat["ru_utime.tv_sec"].$dat["ru_utime.tv_usec"].getmypid()); - } else { - $seed3 = getmypid(); - } - - $seed = crc32($seed1)*1000000 + crc32($seed2)*10000 + crc32($seed3); - } else { - $seed = (double) microtime() * 1000000; - } + // Randomize the mt_rand() function. Toss this in strings or + // integers and it will seed the generator appropriately. + // With strings, it is better to get them long. Use md5() to + // lengthen smaller strings. + function sq_mt_seed($Val) + { + // if mt_getrandmax() does not return a 2^n - 1 number, + // this might not work well. This uses $Max as a bitmask. + $Max = mt_getrandmax(); + + if (! is_int($Val)) + { + if (function_exists("crc32")) + { + $Val = crc32($Val); + } + else + { + $Str = $Val; + $Pos = 0; + $Val = 0; + $Mask = $Max / 2; + $HighBit = $Max ^ $Mask; + while ($Pos < strlen($Str)) + { + if ($Val & $HighBit) + { + $Val = (($Val & $Mask) << 1) + 1; + } + else + { + $Val = ($Val & $Mask) << 1; + } + $Val ^= $Str[$Pos]; + $Pos ++; + } + } + } - srand ($seed); + if ($Val < 0) + $Val *= -1; + if ($Val = 0) + return; + + mt_srand(($Val ^ mt_rand(0, $Max)) & $Max); + } + + + // This function initializes the random number generator fairly well. + // It also only initializes it once, so you don't accidentally get + // the same 'random' numbers twice in one session. + function sq_mt_randomize() + { + global $REMOTE_PORT, $REMOTE_ADDR, $UNIQUE_ID; + static $randomized; + + if ($randomized) + return; + + // Global + sq_mt_seed((int)((double) microtime() * 1000000)); + sq_mt_seed(md5($REMOTE_PORT . $REMOTE_ADDR . getmypid())); + + // getrusage + if (function_exists("getrusage")) { + $dat = getrusage(); + sq_mt_seed(md5($dat["ru_nswap"] . $dat["ru_majflt"] . + $dat["ru_utime.tv_sec"] . $dat["ru_utime.tv_usec"])); + } + + // Apache-specific + sq_mt_seed(md5($UNIQUE_ID)); + + $randomized = 1; + } + + function OneTimePadCreate ($length=100) { + sq_mt_randomize(); for ($i = 0; $i < $length; $i++) { - $pad .= chr(rand(0,255)); + $pad .= chr(mt_rand(0,255)); } return $pad; -- 2.25.1