Skip to content

Use random_bytes function if it is available for random number generation #15875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2015
Merged

Use random_bytes function if it is available for random number generation #15875

merged 1 commit into from
Sep 26, 2015

Conversation

pierredup
Copy link
Contributor

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #15239
License MIT
Doc PR

This is an attempt to use the random_bytes function when generating secure random numbers. This function is included in PHP 7 or through the "paragonie/random_compat" library.

This PR only adds support to use the function if it is available. Changes that can be added is to add a hard dependency on the paragonie/random_compat library, so all current functionality can be deprecated.

@pierredup pierredup mentioned this pull request Sep 23, 2015
Closed
@dunglas
Copy link
Member

dunglas commented Sep 23, 2015

Looks good to me. 👍

@sstok
Copy link
Contributor

sstok commented Sep 23, 2015

👍

@fabpot
Copy link
Member

fabpot commented Sep 23, 2015

I would do the same as for ircmaxell/password-compat where we require either the right PHP version or the dep in composer.json (#7853), at least for 3.0.

@pierredup
Copy link
Contributor Author

@fabpot This PR adds support for the random_bytes function in 2.3 if it is available (either by using PHP 7 or by manually including the compat library).

#15879 deprecates the SecureRandom class for 2.8 and #15880 removes the class for 3.0 and only uses the random_bytes function with a hard dependency on the paragonie/random_compat library (which will only define the necessary functions when they are not available, I.E PHP < 7).

I'm not sure if this is what you had in mind

@derrabus
Copy link
Member

👍

Status: Reviewed

@fabpot
Copy link
Member

fabpot commented Sep 25, 2015

👍

@fabpot
Copy link
Member

fabpot commented Sep 26, 2015

Thank you @pierredup.

@fabpot fabpot merged commit 6a217dc into symfony:2.3 Sep 26, 2015
fabpot added a commit that referenced this pull request Sep 26, 2015
@fabpot
minor #15875 Use random_bytes function if it is available for random …
25dccf1 
…number generation (pierredup)

This PR was merged into the 2.3 branch.

Discussion
----------

Use random_bytes function if it is available for random number generation

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #15239
| License       | MIT
| Doc PR        |

This is an attempt to use the random_bytes function when generating secure random numbers. This function is included in PHP 7 or through the "paragonie/random_compat" library.

This PR only adds support to use the function if it is available. Changes that can be added is to add a hard dependency on the paragonie/random_compat library, so all current functionality can be deprecated.

Commits
-------

6a217dc Use random_bytes function if it is available for random number generation
@fabpot fabpot mentioned this pull request Oct 6, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@pierredup @dunglas @sstok @fabpot @derrabus @acasademont @xabbuh @carsonbot