Merge branch 'master' into v1.0

author: Anthony Ferrara <ircmaxell@gmail.com> 2013-04-30 14:14:57 -0400
committer: Anthony Ferrara <ircmaxell@gmail.com> 2013-04-30 14:14:57 -0400
commit: ac173adc70bc7904e2d446d29862197871f35cf4 (patch)
tree: a7cd102aba89d4716f69cb9d7a789e14d6292236
parent: 9995cba36810f8251ec12b712c752d6c782f5438 (diff)
parent: 93d86275d7964f67043ea98d04639c2cc3f03952 (diff)
download: password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.zip
password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.tar.gz
password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.tar.bz2
1 files changed, 10 insertions, 8 deletions
diff --git a/lib/password.php b/lib/password.php
index 359fa5b..afde872 100644
--- a/lib/password.php
+++ b/lib/password.php
@@ -45,6 +45,9 @@ if (!defined('PASSWORD_BCRYPT')) {
                         return null;
                     }
                 }
+                // The length of salt to generate
+                $raw_salt_len = 17;
+                // The length required in the final serialization
                 $required_salt_len = 22;
                 $hash_format = sprintf("$2y$%02d$", $cost);
                 break;
@@ -80,16 +83,15 @@ if (!defined('PASSWORD_BCRYPT')) {
             }
         } else {
             $buffer = '';
-            $raw_length = (int) ($required_salt_len * 3 / 4 + 1);
             $buffer_valid = false;
             if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
-                $buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM);
+                $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
                 if ($buffer) {
                     $buffer_valid = true;
                 }
             }
             if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
-                $buffer = openssl_random_pseudo_bytes($raw_length);
+                $buffer = openssl_random_pseudo_bytes($raw_salt_len);
                 if ($buffer) {
                     $buffer_valid = true;
                 }
@@ -97,18 +99,18 @@ if (!defined('PASSWORD_BCRYPT')) {
             if (!$buffer_valid && is_readable('/dev/urandom')) {
                 $f = fopen('/dev/urandom', 'r');
                 $read = strlen($buffer);
-                while ($read < $raw_length) {
-                    $buffer .= fread($f, $raw_length - $read);
+                while ($read < $raw_salt_len) {
+                    $buffer .= fread($f, $raw_salt_len - $read);
                     $read = strlen($buffer);
                 }
                 fclose($f);
-                if ($read >= $raw_length) {
+                if ($read >= $raw_salt_len) {
                     $buffer_valid = true;
                 }
             }
-            if (!$buffer_valid || strlen($buffer) < $raw_length) {
+            if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
                 $bl = strlen($buffer);
-                for ($i = 0; $i < $raw_length; $i++) {
+                for ($i = 0; $i < $raw_salt_len; $i++) {
                     if ($i < $bl) {
                         $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
                     } else {
author	Anthony Ferrara <ircmaxell@gmail.com>	2013-04-30 14:14:57 -0400
committer	Anthony Ferrara <ircmaxell@gmail.com>	2013-04-30 14:14:57 -0400
commit	ac173adc70bc7904e2d446d29862197871f35cf4 (patch)
tree	a7cd102aba89d4716f69cb9d7a789e14d6292236
parent	9995cba36810f8251ec12b712c752d6c782f5438 (diff)
parent	93d86275d7964f67043ea98d04639c2cc3f03952 (diff)
download	password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.zip password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.tar.gz password_compat-ac173adc70bc7904e2d446d29862197871f35cf4.tar.bz2