Created
October 2, 2016 18:49
-
-
Save anonymous/fb615df325d559fa806a265031a06ede to your computer and use it in GitHub Desktop.
Use better entropy for uniqid()
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c | |
index f429e6d..207cf01 100644 | |
--- a/ext/standard/uniqid.c | |
+++ b/ext/standard/uniqid.c | |
@@ -35,9 +35,11 @@ | |
#include <sys/time.h> | |
#endif | |
-#include "php_lcg.h" | |
+#include "php_random.h" | |
#include "uniqid.h" | |
+#define PHP_UNIQID_ENTROPY_LEN 10 | |
+ | |
/* {{{ proto string uniqid([string prefix [, bool more_entropy]]) | |
Generates a unique ID */ | |
#ifdef HAVE_GETTIMEOFDAY | |
@@ -77,7 +79,22 @@ PHP_FUNCTION(uniqid) | |
* digits for usecs. | |
*/ | |
if (more_entropy) { | |
- uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10); | |
+ int i; | |
+ unsigned char c, entropy[PHP_UNIQID_ENTROPY_LEN+1]; | |
+ | |
+ for(i = 0; i < PHP_UNIQID_ENTROPY_LEN;) { | |
+ php_random_bytes_throw(&c, sizeof(c)); | |
+ /* Avoid modulo bias */ | |
+ if (c > 249) { | |
+ continue; | |
+ } | |
+ entropy[i] = c % 10 + '0'; | |
+ i++; | |
+ } | |
+ /* Set . for compatibility */ | |
+ entropy[1] = '.'; | |
+ entropy[PHP_UNIQID_ENTROPY_LEN] = '\0'; | |
+ uniqid = strpprintf(0, "%s%08x%05x%s", prefix, sec, usec, entropy); | |
} else { | |
uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment