[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/374108 )
Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
..
Add support for PHP7 random_bytes in favor of mcrypt_create_iv
Bug: T143788
Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
(cherry picked from commit 453e829ce056f2ae1462bcd7ed6be92d15134d6c)
---
M includes/libs/CryptRand.php
1 file changed, 15 insertions(+), 0 deletions(-)
Approvals:
Reedy: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 6d18c81..83948cf 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -245,6 +245,21 @@
}
if ( strlen( $buffer ) < $bytes ) {
+ // If available make use of PHP 7's random_bytes
+ // On Linux, getrandom syscall will be used if
available.
+ // On Windows CryptGenRandom will always be used
+ // On other platforms, /dev/urandom will be used.
+ // All error situations will throw Exceptions and or
Errors
+ if ( function_exists( 'random_bytes' ) ) {
+ $rem = $bytes - strlen( $buffer );
+ $buffer .= random_bytes( $rem );
+ }
+ if ( strlen( $buffer ) >= $bytes ) {
+ $this->strong = true;
+ }
+ }
+
+ if ( strlen( $buffer ) < $bytes ) {
// If available make use of mcrypt_create_iv URANDOM
source to generate randomness
// On unix-like systems this reads from /dev/urandom
but does it without any buffering
// and bypasses openbasedir restrictions, so it's
preferable to reading directly
--
To view, visit https://gerrit.wikimedia.org/r/374108
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Reedy
Gerrit-Reviewer: Reedy
Gerrit-Reviewer: TheDJ
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
Reedy has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/374108 )
Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
..
Add support for PHP7 random_bytes in favor of mcrypt_create_iv
Bug: T143788
Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
(cherry picked from commit 453e829ce056f2ae1462bcd7ed6be92d15134d6c)
---
M includes/libs/CryptRand.php
1 file changed, 15 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/08/374108/1
diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 6d18c81..83948cf 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -245,6 +245,21 @@
}
if ( strlen( $buffer ) < $bytes ) {
+ // If available make use of PHP 7's random_bytes
+ // On Linux, getrandom syscall will be used if
available.
+ // On Windows CryptGenRandom will always be used
+ // On other platforms, /dev/urandom will be used.
+ // All error situations will throw Exceptions and or
Errors
+ if ( function_exists( 'random_bytes' ) ) {
+ $rem = $bytes - strlen( $buffer );
+ $buffer .= random_bytes( $rem );
+ }
+ if ( strlen( $buffer ) >= $bytes ) {
+ $this->strong = true;
+ }
+ }
+
+ if ( strlen( $buffer ) < $bytes ) {
// If available make use of mcrypt_create_iv URANDOM
source to generate randomness
// On unix-like systems this reads from /dev/urandom
but does it without any buffering
// and bypasses openbasedir restrictions, so it's
preferable to reading directly
--
To view, visit https://gerrit.wikimedia.org/r/374108
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Reedy
Gerrit-Reviewer: TheDJ
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
