From f2ccfdb0acdaf944f8e84eb753281449f7637fdc Mon Sep 17 00:00:00 2001
From: Jim Wigginton <terrafrost@php.net>
Date: Fri, 19 Feb 2010 22:39:44 +0000
Subject: [PATCH] - improved random number generator

git-svn-id: http://phpseclib.svn.sourceforge.net/svnroot/phpseclib/trunk@89 21d32557-59b3-4da0-833f-c5933fad653e
---
 phpseclib/Crypt/Random.php | 100 +++++++++++++++++++++++++++++++------
 1 file changed, 84 insertions(+), 16 deletions(-)

diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php
index 7fcf97bd..c503def9 100644
--- a/phpseclib/Crypt/Random.php
+++ b/phpseclib/Crypt/Random.php
@@ -35,36 +35,104 @@
  * @author     Jim Wigginton <terrafrost@php.net>
  * @copyright  MMVII Jim Wigginton
  * @license    http://www.gnu.org/licenses/lgpl.txt
- * @version    $Id: Random.php,v 1.4 2008-05-21 05:15:32 terrafrost Exp $
+ * @version    $Id: Random.php,v 1.5 2010-02-19 22:39:44 terrafrost Exp $
  * @link       http://phpseclib.sourceforge.net
  */
 
 /**
- * Generate a random value.  Feel free to replace this function with a cryptographically secure PRNG.
+ * Generate a random value.
+ *
+ * On 32-bit machines, the largest distance that can exist between $min and $max is 2**31.
+ * If $min and $max are farther apart than that then the last ($max - range) numbers.
+ *
+ * Depending on how this is being used, it may be worth while to write a replacement.  For example,
+ * a PHP-based web app that stores its data in an SQL database can collect more entropy than this function
+ * can.
  *
  * @param optional Integer $min
  * @param optional Integer $max
- * @param optional String $randomness_path
  * @return Integer
  * @access public
  */
-function crypt_random($min = 0, $max = 0x7FFFFFFF, $randomness_path = '/dev/urandom')
+function crypt_random($min = 0, $max = 0x7FFFFFFF)
 {
-    static $seeded = false;
+    // see http://en.wikipedia.org/wiki//dev/random
+    if (file_exists('/dev/urandom')) {
+        $fp = fopen('/dev/urandom', 'rb');
+        extract(unpack('Nrandom', fread($fp, 4)));
+        fclose($fp);
 
-    if (!$seeded) {
-        $seeded = true;
-        if (file_exists($randomness_path)) {
-            $fp = fopen($randomness_path, 'r');
-            $temp = unpack('Nint', fread($fp, 4));
-            mt_srand($temp['int']);
-            fclose($fp);
-        } else {
-            list($sec, $usec) = explode(' ', microtime());
-            mt_srand((float) $sec + ((float) $usec * 100000));
+        // say $min = 0 and $max = 3.  if we didn't do abs() then we could have stuff like this:
+        // -4 % 3 + 0 = -1, even though -1 < $min
+        return abs($random) % ($max - $min) + $min;
+    }
+
+    /* Prior to PHP 4.2.0, mt_srand() had to be called before mt_rand() could be called.
+       Prior to PHP 5.2.6, mt_rand()'s automatic seeding was subpar, as elaborated here:
+
+       http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
+
+       The seeding routine is pretty much ripped from PHP's own internal GENERATE_SEED() macro:
+
+       http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_2/ext/standard/php_rand.h?view=markup */
+    if (version_compare(PHP_VERSION, '5.2.5', '<=')) { 
+        static $seeded;
+        if (!isset($seeded)) {
+            $seeded = true;
+            mt_srand(fmod(time() * getmypid(), 0x7FFFFFFF) ^ fmod(1000000 * lcg_value(), 0x7FFFFFFF));
         }
     }
 
-    return mt_rand($min, $max);
+    static $crypto;
+
+    // The CSPRNG's Yarrow and Fortuna periodically reseed.  This function can be reseeded by hitting F5
+    // in the browser and reloading the page.
+
+    if (!isset($crypto)) {
+        switch (true) {
+            case class_exists('Crypt_AES'):
+                $key = $iv = '';
+                for ($i = 0; $i < 8; $i++) {
+                    $key.= pack('n', mt_rand(0, 0xFFFF));
+                    $iv .= pack('n', mt_rand(0, 0xFFFF));
+                }
+                $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR);
+                $crypto->setKey($key);
+                $crypto->setIV($iv);
+                break;
+            case class_exists('Crypt_TripleDES'):
+            case class_exists('Crypt_DES'):
+                $key = $iv = '';
+                for ($i = 0; $i < 4; $i++) {
+                    $key.= pack('n', mt_rand(0, 0xFFFF));
+                    $iv .= pack('n', mt_rand(0, 0xFFFF));
+                }
+                if (class_exists('Crypt_TripleDES')) {
+                    for ($i = 0; $i < 4; $i++) {
+                        $key.= pack('n', mt_rand(0, 0xFFFF));
+                    }
+                    $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
+                } else {
+                    $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR);
+                }
+                $crypto->setKey($key);
+                $crypto->setIV($iv);
+                break;
+            case class_exists('Crypt_RC4'):
+                $key = '';
+                for ($i = 0; $i < 8; $i++) {
+                    $key.= pack('n', mt_rand(0, 0xFFFF));
+                }
+                $crypto = new Crypt_RC4();
+                $crypto->setKey($key);
+                break;
+            default:
+                extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF)))));
+                return abs($random) % ($max - $min) + $min;
+        }
+    }
+
+    extract(unpack('Nrandom', $crypto->encrypt("\0\0\0\0")));
+    return abs($random) % ($max - $min) + $min;
 }
 ?>
\ No newline at end of file