diff options
author | plegall <plg@piwigo.org> | 2016-04-26 11:07:44 +0200 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2016-04-26 11:07:44 +0200 |
commit | f51ee90c66527fd7ff634f3e8d414cb670da068d (patch) | |
tree | 2550f0753f14ed594dbf99cb65675fa02b49fe21 /include/random_compat/random_bytes_mcrypt.php | |
parent | a3c46de7511cb5b66f59375d225b1f0fb66ae988 (diff) |
bug #470, use a dedicated lib to generate random bytes
Diffstat (limited to 'include/random_compat/random_bytes_mcrypt.php')
-rw-r--r-- | include/random_compat/random_bytes_mcrypt.php | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/include/random_compat/random_bytes_mcrypt.php b/include/random_compat/random_bytes_mcrypt.php new file mode 100644 index 000000000..7ac9d9105 --- /dev/null +++ b/include/random_compat/random_bytes_mcrypt.php @@ -0,0 +1,76 @@ +<?php +/** + * Random_* Compatibility Library + * for using the new PHP 7 random_* API in PHP 5 projects + * + * The MIT License (MIT) + * + * Copyright (c) 2015 Paragon Initiative Enterprises + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +/** + * Powered by ext/mcrypt (and thankfully NOT libmcrypt) + * + * @ref https://bugs.php.net/bug.php?id=55169 + * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386 + * + * @param int $bytes + * + * @throws Exception + * + * @return string + */ +function random_bytes($bytes) +{ + try { + $bytes = RandomCompat_intval($bytes); + } catch (TypeError $ex) { + throw new TypeError( + 'random_bytes(): $bytes must be an integer' + ); + } + + if ($bytes < 1) { + throw new Error( + 'Length must be greater than 0' + ); + } + + $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); + if ( + $buf !== false + && + RandomCompat_strlen($buf) === $bytes + ) { + /** + * Return our random entropy buffer here: + */ + return $buf; + } + + /** + * If we reach here, PHP has failed us. + */ + throw new Exception( + 'Could not gather sufficient random data' + ); +} |