[PHP-DEV] Re: Crypt salts not random.. (fwd)

Sun, 29 Apr 2001 01:24:39 -0700 

On Fri, 27 Apr 2001, Andi Gutmans wrote:

>Oh OK now I understand. The problem is that MINIT is called before Apache
>forks and then all children start from the same number. However, calling it
>during each request init is also a bit of an overkill and slows down each
>request. Calling it once should be enough so maybe RINIT should check if
>this is the first time RINIT is called and if it is then initialize the
>random number generator.

With attached patch I (seem to) get random salts now.
Please check it out.

--Jani


Index: basic_functions.c
===================================================================
RCS file: /repository/php4/ext/standard/basic_functions.c,v
retrieving revision 1.325
diff -u -r1.325 basic_functions.c
--- basic_functions.c   2001/04/17 17:08:03     1.325
+++ basic_functions.c   2001/04/28 04:02:57
@@ -839,6 +839,10 @@
        PHP_RINIT(assert)(INIT_FUNC_ARGS_PASSTHRU);
        PHP_RINIT(dir)(INIT_FUNC_ARGS_PASSTHRU);
 
+#if HAVE_CRYPT
+       PHP_RINIT(crypt)(INIT_FUNC_ARGS_PASSTHRU);
+#endif
+
 #ifdef TRANS_SID
        if (BG(use_trans_sid)) {
                PHP_RINIT(url_scanner)(INIT_FUNC_ARGS_PASSTHRU);
Index: crypt.c
===================================================================
RCS file: /repository/php4/ext/standard/crypt.c,v
retrieving revision 1.39
diff -u -r1.39 crypt.c
--- crypt.c     2001/04/05 18:48:03     1.39
+++ crypt.c     2001/04/28 04:02:57
@@ -89,7 +89,10 @@
 
 #define PHP_CRYPT_RAND php_rand()
 
+/* whether random number generator is feeded or not */
+static int php_rand_is_init=0;
 
+
 PHP_MINIT_FUNCTION(crypt)
 {
 #if PHP_STD_DES_CRYPT
@@ -101,11 +104,20 @@
        REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | 
CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | 
CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | 
CONST_PERSISTENT);
+
+       return SUCCESS;
+}
 
-       php_srand(time(0) * getpid() * (php_combined_lcg() * 10000.0));
 
+PHP_RINIT_FUNCTION(crypt)
+{
+       if(!php_rand_is_init) {
+               php_srand(time(0) * getpid() * (php_combined_lcg() * 10000.0));
+               php_rand_is_init=1;
+       }
        return SUCCESS;
 }
+
 
 static unsigned char itoa64[] = 
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
Index: php_crypt.h
===================================================================
RCS file: /repository/php4/ext/standard/php_crypt.h,v
retrieving revision 1.7
diff -u -r1.7 php_crypt.h
--- php_crypt.h 2001/02/26 06:07:23     1.7
+++ php_crypt.h 2001/04/28 04:02:57
@@ -26,6 +26,7 @@
 PHP_FUNCTION(crypt);
 #if HAVE_CRYPT
 extern PHP_MINIT_FUNCTION(crypt);
+extern PHP_RINIT_FUNCTION(crypt);
 #endif
 
 #endif

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to