TheDJ has uploaded a new change for review.
https://gerrit.wikimedia.org/r/324897
Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
......................................................................
Add support for PHP7 random_bytes in favor of mcrypt_create_iv
Bug: T143788
Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
---
M includes/libs/CryptRand.php
1 file changed, 15 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/97/324897/1
diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 10088f2..0d3613a 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -243,6 +243,21 @@
}
if ( strlen( $buffer ) < $bytes ) {
+ // If available make use of PHP 7's random_bytes
+ // On Linux, getrandom syscall will be used if
available.
+ // On Windows CryptGenRandom will always be used
+ // On other platforms, /dev/urandom will be used.
+ // All error situations will throw Exceptions and or
Errors
+ if ( function_exists( 'random_bytes' ) ) {
+ $rem = $bytes - strlen( $buffer );
+ $buffer .= random_bytes( $rem );
+ }
+ if ( strlen( $buffer ) >= $bytes ) {
+ $this->strong = true;
+ }
+ }
+
+ if ( strlen( $buffer ) < $bytes ) {
// If available make use of mcrypt_create_iv URANDOM
source to generate randomness
// On unix-like systems this reads from /dev/urandom
but does it without any buffering
// and bypasses openbasedir restrictions, so it's
preferable to reading directly
--
To view, visit https://gerrit.wikimedia.org/r/324897
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: TheDJ <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
