[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Add support for PHP7 random_bytes in favor of mcrypt_create_iv

Sun, 27 Aug 2017 17:25:13 -0700 

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/374108 )

Change subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
......................................................................

Add support for PHP7 random_bytes in favor of mcrypt_create_iv

Bug: T143788
Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
(cherry picked from commit 453e829ce056f2ae1462bcd7ed6be92d15134d6c)
---
M includes/libs/CryptRand.php
1 file changed, 15 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/08/374108/1

diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 6d18c81..83948cf 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -245,6 +245,21 @@
                }
 
                if ( strlen( $buffer ) < $bytes ) {
+                       // If available make use of PHP 7's random_bytes
+                       // On Linux, getrandom syscall will be used if 
available.
+                       // On Windows CryptGenRandom will always be used
+                       // On other platforms, /dev/urandom will be used.
+                       // All error situations will throw Exceptions and or 
Errors
+                       if ( function_exists( 'random_bytes' ) ) {
+                               $rem = $bytes - strlen( $buffer );
+                               $buffer .= random_bytes( $rem );
+                       }
+                       if ( strlen( $buffer ) >= $bytes ) {
+                               $this->strong = true;
+                       }
+               }
+
+               if ( strlen( $buffer ) < $bytes ) {
                        // If available make use of mcrypt_create_iv URANDOM 
source to generate randomness
                        // On unix-like systems this reads from /dev/urandom 
but does it without any buffering
                        // and bypasses openbasedir restrictions, so it's 
preferable to reading directly

-- 
To view, visit https://gerrit.wikimedia.org/r/374108
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: TheDJ <hartman.w...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to