Skip to content

do not ship with a custom rng implementation #17359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 14, 2016
Merged

do not ship with a custom rng implementation #17359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fcd3160
do not ship with a custom rng implementation
xabbuh Dec 16, 2015
b91441c
removed obsolete tests, fixed composer.json
fabpot Jan 14, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"require": {
"php": ">=5.3.3",
"doctrine/common": "~2.4",
"paragonie/random_compat": "~1.0",
"twig/twig": "~1.23|~2.0",
"psr/log": "~1.0"
},
Expand Down
91 changes: 1 addition & 90 deletions src/Symfony/Component/Security/Core/Util/SecureRandom.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@

namespace Symfony\Component\Security\Core\Util;

use Psr\Log\LoggerInterface;

/**
* A secure random number generator implementation.
*
Expand All @@ -21,98 +19,11 @@
*/
final class SecureRandom implements SecureRandomInterface
{
private $logger;
private $useOpenSsl;
private $seed;
private $seedUpdated;
private $seedLastUpdatedAt;
private $seedFile;

/**
* Constructor.
*
* Be aware that a guessable seed will severely compromise the PRNG
* algorithm that is employed.
*
* @param string $seedFile
* @param LoggerInterface $logger
*/
public function __construct($seedFile = null, LoggerInterface $logger = null)
{
$this->seedFile = $seedFile;
$this->logger = $logger;

$isUnsupportedPhp = '\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304;

// determine whether to use OpenSSL
if (!function_exists('random_bytes') && ($isUnsupportedPhp || !function_exists('openssl_random_pseudo_bytes'))) {
if (null !== $this->logger) {
$this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
}
$this->useOpenSsl = false;
} else {
$this->useOpenSsl = true;
}
}

/**
* {@inheritdoc}
*/
public function nextBytes($nbBytes)
{
if (function_exists('random_bytes')) {
return random_bytes($nbBytes);
}

// try OpenSSL
if ($this->useOpenSsl) {
$bytes = openssl_random_pseudo_bytes($nbBytes, $strong);

if (false !== $bytes && true === $strong) {
return $bytes;
}

if (null !== $this->logger) {
$this->logger->info('OpenSSL did not produce a secure random number.');
}
}

// initialize seed
if (null === $this->seed) {
if (null === $this->seedFile) {
throw new \RuntimeException('You need to specify a file path to store the seed.');
}

if (is_file($this->seedFile)) {
list($this->seed, $this->seedLastUpdatedAt) = $this->readSeed();
} else {
$this->seed = uniqid(mt_rand(), true);
$this->updateSeed();
}
}

$bytes = '';
while (strlen($bytes) < $nbBytes) {
static $incr = 1;
$bytes .= hash('sha512', $incr++.$this->seed.uniqid(mt_rand(), true).$nbBytes, true);
$this->seed = base64_encode(hash('sha512', $this->seed.$bytes.$nbBytes, true));
$this->updateSeed();
}

return substr($bytes, 0, $nbBytes);
}

private function readSeed()
{
return json_decode(file_get_contents($this->seedFile));
}

private function updateSeed()
{
if (!$this->seedUpdated && $this->seedLastUpdatedAt < time() - mt_rand(1, 10)) {
file_put_contents($this->seedFile, json_encode(array($this->seed, microtime(true))));
}

$this->seedUpdated = true;
return random_bytes($nbBytes);
}
}
201 changes: 0 additions & 201 deletions src/Symfony/Component/Security/Tests/Core/Util/SecureRandomTest.php
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions src/Symfony/Component/Security/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
],
"require": {
"php": ">=5.3.3",
"paragonie/random_compat": "~1.0",
"symfony/event-dispatcher": "~2.2",
"symfony/http-foundation": "~2.1",
"symfony/http-kernel": "~2.1"
Expand All @@ -43,8 +44,7 @@
"symfony/validator": "",
"symfony/routing": "",
"doctrine/dbal": "to use the built-in ACL implementation",
"ircmaxell/password-compat": "",
"paragonie/random_compat": ""
"ircmaxell/password-compat": ""
},
"autoload": {
"psr-0": { "Symfony\\Component\\Security\\": "" },
Expand Down