[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/374108 ) Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv .. Add support for PHP7 random_bytes in favor of mcrypt_create_iv Bug: T143788 Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602 (cherry picked from commit 453e829ce056f2ae1462bcd7ed6be92d15134d6c) --- M includes/libs/CryptRand.php 1 file changed, 15 insertions(+), 0 deletions(-) Approvals: Reedy: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php index 6d18c81..83948cf 100644 --- a/includes/libs/CryptRand.php +++ b/includes/libs/CryptRand.php @@ -245,6 +245,21 @@ } if ( strlen( $buffer ) < $bytes ) { + // If available make use of PHP 7's random_bytes + // On Linux, getrandom syscall will be used if available. + // On Windows CryptGenRandom will always be used + // On other platforms, /dev/urandom will be used. + // All error situations will throw Exceptions and or Errors + if ( function_exists( 'random_bytes' ) ) { + $rem = $bytes - strlen( $buffer ); + $buffer .= random_bytes( $rem ); + } + if ( strlen( $buffer ) >= $bytes ) { + $this->strong = true; + } + } + + if ( strlen( $buffer ) < $bytes ) { // If available make use of mcrypt_create_iv URANDOM source to generate randomness // On unix-like systems this reads from /dev/urandom but does it without any buffering // and bypasses openbasedir restrictions, so it's preferable to reading directly -- To view, visit https://gerrit.wikimedia.org/r/374108 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_28 Gerrit-Owner: ReedyGerrit-Reviewer: Reedy Gerrit-Reviewer: TheDJ Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
Reedy has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/374108 ) Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv .. Add support for PHP7 random_bytes in favor of mcrypt_create_iv Bug: T143788 Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602 (cherry picked from commit 453e829ce056f2ae1462bcd7ed6be92d15134d6c) --- M includes/libs/CryptRand.php 1 file changed, 15 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/08/374108/1 diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php index 6d18c81..83948cf 100644 --- a/includes/libs/CryptRand.php +++ b/includes/libs/CryptRand.php @@ -245,6 +245,21 @@ } if ( strlen( $buffer ) < $bytes ) { + // If available make use of PHP 7's random_bytes + // On Linux, getrandom syscall will be used if available. + // On Windows CryptGenRandom will always be used + // On other platforms, /dev/urandom will be used. + // All error situations will throw Exceptions and or Errors + if ( function_exists( 'random_bytes' ) ) { + $rem = $bytes - strlen( $buffer ); + $buffer .= random_bytes( $rem ); + } + if ( strlen( $buffer ) >= $bytes ) { + $this->strong = true; + } + } + + if ( strlen( $buffer ) < $bytes ) { // If available make use of mcrypt_create_iv URANDOM source to generate randomness // On unix-like systems this reads from /dev/urandom but does it without any buffering // and bypasses openbasedir restrictions, so it's preferable to reading directly -- To view, visit https://gerrit.wikimedia.org/r/374108 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_28 Gerrit-Owner: ReedyGerrit-Reviewer: TheDJ ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits