From f073721856bbac1d427f87520a9cfb6c3fa08c5d Mon Sep 17 00:00:00 2001
From: Stefan Esser
Date: Mon, 9 Jun 2014 10:54:54 +0200
Subject: Document new rand/mt_rand features Add reseeding on srand/mt_srand if
 ignore is activated

---
 Changelog   |  1 +
 execute.c   |  6 ++++++
 suhosin.ini | 19 +++++++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/Changelog b/Changelog
index 50759a8..c212737 100644
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,7 @@
     - Added php_win32_get_random_bytes for windows compatibility in random seeding
     - Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)
     - Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)
+    - Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT)
     - Added LICENSE file to make distributions happy
 
 2014-02-24 - 0.9.35
diff --git a/execute.c b/execute.c
index 103a8bf..1f7cf15 100644
--- a/execute.c
+++ b/execute.c
@@ -1452,6 +1452,9 @@ static int ih_srand(IH_HANDLER_PARAMS)
 	long seed;
 
 	if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(srand_ignore)) {
+    	if (SUHOSIN_G(srand_ignore)) {
+    		SUHOSIN_G(r_is_seeded) = 0;
+    	}
     	return (1);
     }
 
@@ -1469,6 +1472,9 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
 	long seed;
 
 	if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(mt_srand_ignore)) {
+    	if (SUHOSIN_G(mt_srand_ignore)) {
+    		SUHOSIN_G(mt_is_seeded) = 0;
+    	}
     	return (1);
     }
     
diff --git a/suhosin.ini b/suhosin.ini
index 3d3e89b..ce8e8e9 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -190,6 +190,25 @@ suhosin.mail.protect = 1
 ; it to 20M.
 ;suhosin.memory_limit = 0
 
+; -----------------------------------------------------------------------------
+; Randomness Options
+
+; Flag that controls if calls to srand() are ignored in favour of suhosin's 
+; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
+;suhosin.srand.ignore = On
+
+; Flag that controls if calls to mt_srand() are ignored in favour of suhosin's 
+; own enhanced seeding - since 0.9.36 calls will trigger auto-reseeding
+;suhosin.mt_srand.ignore = On
+
+; Server configuration can add a string into the entropy generation to further
+; improve the entropy used for reseeding rand()/mt_rand()
+;suhosin.rand.seedingkey = 
+
+; Controls if automatic reseeding of rand() / mt_rand() is done for every
+; new request. Will improve security but decrease performance.
+; suhosin.rand.reseed_every_request = Off
+
 ; -----------------------------------------------------------------------------
 ; Transparent Encryption Options
 
-- 
cgit v1.3