diff options
| -rw-r--r-- | lib/SimpleSAML/Utilities.php | 49 | ||||
| -rw-r--r-- | lib/SimpleSAML/Utils/Crypto.php | 2 |
2 files changed, 13 insertions, 38 deletions
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index cc42bfc..1892568 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -1028,7 +1028,12 @@ class SimpleSAML_Utilities { } - public static function generateRandomBytesMTrand($length) { + /** + * @deprecated + * @param int $length The amount of random bytes to generate. + * @return string A string of $length random bytes. + */ + public static function generateRandomBytesMTrand($length) { /* Use mt_rand to generate $length random bytes. */ $data = ''; @@ -1043,47 +1048,17 @@ class SimpleSAML_Utilities { /** * This function generates a binary string containing random bytes. * - * It will use /dev/urandom if available, and fall back to the builtin mt_rand()-function if not. + * It is implemented as a wrapper of the openssl_random_pseudo_bytes function, + * available since PHP 5.3.0. * - * @param $length The number of random bytes to return. - * @return A string of lenght $length with random bytes. + * @param int $length The number of random bytes to return. + * @param boolean $fallback Deprecated. + * @return string A string of $length random bytes. */ public static function generateRandomBytes($length, $fallback = TRUE) { - static $fp = NULL; assert('is_int($length)'); - if (function_exists('openssl_random_pseudo_bytes')) { - return openssl_random_pseudo_bytes($length); - } - - if($fp === NULL) { - if (@file_exists('/dev/urandom')) { - $fp = @fopen('/dev/urandom', 'rb'); - } else { - $fp = FALSE; - } - } - - if($fp !== FALSE) { - /* Read random bytes from /dev/urandom. */ - $data = fread($fp, $length); - if($data === FALSE) { - throw new Exception('Error reading random data.'); - } - if(strlen($data) != $length) { - SimpleSAML_Logger::warning('Did not get requested number of bytes from random source. Requested (' . $length . ') got (' . strlen($data) . ')'); - if ($fallback) { - $data = self::generateRandomBytesMTrand($length); - } else { - throw new Exception('Did not get requested number of bytes from random source. Requested (' . $length . ') got (' . strlen($data) . ')'); - } - } - } else { - /* Use mt_rand to generate $length random bytes. */ - $data = self::generateRandomBytesMTrand($length); - } - - return $data; + return openssl_random_pseudo_bytes($length); } diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php index 76c1b18..f8eb5be 100644 --- a/lib/SimpleSAML/Utils/Crypto.php +++ b/lib/SimpleSAML/Utils/Crypto.php @@ -30,7 +30,7 @@ class SimpleSAML_Utils_Crypto { if(!$salt) { // Default 8 byte salt, but 4 byte for LDAP SHA1 hashes $bytes = ($algo == 'SSHA1') ? 4 : 8; - $salt = SimpleSAML_Utilities::generateRandomBytes($bytes, TRUE); + $salt = SimpleSAML_Utilities::generateRandomBytes($bytes); } if($algo[0] == 'S' && in_array(substr(strtolower($algo),1), hash_algos())) { |