Use php_random_bytes() in mt_srand() and uniqid()

Use php_random_bytes() to generate the MT19937 seed if none is
explicitly given. Also use it to generate more_entry for uniqid().

These changes should not impact user-observable behavior apart
from result statistics.

Closes GH-6520.

Author: zeriyoshi

ext/standard/mt_rand.c

@@ -24,6 +24,7 @@
 
 #include "php.h"
 #include "php_rand.h"
+#include "php_random.h"
 #include "php_mt_rand.h"
 
 /* MT RAND FUNCTIONS */
@@ -161,7 +162,11 @@ PHPAPI uint32_t php_mt_rand(void)
 	register uint32_t s1;
 
 	if (UNEXPECTED(!BG(mt_rand_is_seeded))) {
-		php_mt_srand(GENERATE_SEED());
+		zend_long bytes;
+		if (php_random_bytes_silent(&bytes, sizeof(zend_long)) == FAILURE) {
+			bytes = GENERATE_SEED();
+		}
+		php_mt_srand(bytes);
 	}
 
 	if (BG(left) == 0) {
@@ -189,8 +194,11 @@ PHP_FUNCTION(mt_srand)
 		Z_PARAM_LONG(mode)
 	ZEND_PARSE_PARAMETERS_END();
 
-	if (ZEND_NUM_ARGS() == 0)
-		seed = GENERATE_SEED();
+	if (ZEND_NUM_ARGS() == 0) {
+		if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) {
+			seed = GENERATE_SEED();
+		}
+	}
 
 	switch (mode) {
 		case MT_RAND_PHP:

ext/standard/uniqid.c

@@ -32,6 +32,7 @@
 #endif
 
 #include "php_lcg.h"
+#include "php_random.h"
 
 #ifdef HAVE_GETTIMEOFDAY
 ZEND_TLS struct timeval prev_tv = { 0, 0 };
@@ -71,7 +72,14 @@ PHP_FUNCTION(uniqid)
 	 * digits for usecs.
 	 */
 	if (more_entropy) {
-		uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10);
+		uint32_t bytes;
+		double seed;
+		if (php_random_bytes_silent(&bytes, sizeof(uint32_t)) == FAILURE) {
+			seed = php_combined_lcg() * 10;
+		} else {
+			seed = ((double) bytes / UINT32_MAX) * 10.0;
+		}
+		uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, seed);
 	} else {
 		uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec);
 	}