#include "php_soap.h"
#include "ext/standard/base64.h"
#include "ext/standard/md5.h"
-#include "ext/standard/php_rand.h"
+#include "ext/standard/php_random.h"
static char *get_http_header_value(char *headers, char *type);
static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
if (Z_TYPE_P(digest) == IS_ARRAY) {
char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
+ zend_long nonce;
PHP_MD5_CTX md5ctx;
unsigned char hash[16];
+ php_random_bytes_throw(&nonce, sizeof(nonce));
+ nonce &= 0x7fffffff;
+
PHP_MD5Init(&md5ctx);
- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, php_rand());
+ snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
PHP_MD5Final(hash, &md5ctx);
make_digest(cnonce, hash);
#include <process.h>
#endif
-#include "php_lcg.h"
#include "php_crypt.h"
-#include "php_rand.h"
+#include "php_random.h"
/* sha512 crypt has the maximal salt length of 123 characters */
#define PHP_MAX_SALT_LEN 123
-#define PHP_CRYPT_RAND php_rand()
-
/* Used to check DES salts to ensure that they contain only valid characters */
#define IS_VALID_SALT_CHARACTER(c) (((c) >= '.' && (c) <= '9') || ((c) >= 'A' && (c) <= 'Z') || ((c) >= 'a' && (c) <= 'z'))
/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
if (!*salt) {
- strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
- php_to64(&salt[3], PHP_CRYPT_RAND, 4);
- php_to64(&salt[7], PHP_CRYPT_RAND, 4);
+ strncpy(salt, "$1$", 3);
+ php_random_bytes_throw(&salt[3], 8);
strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
salt_in_len = strlen(salt);
} else {
projects / php / commitdiff