diff options
| author | Christian Flothmann <christian.flothmann@xabbuh.de> | 2015-12-16 22:46:10 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2016-01-14 09:34:47 +0100 |
| commit | 8f20f7c0c0649ffcab6ff152218217f8eb0d8bd5 (patch) | |
| tree | eba48b7b1a33640fa11618c3d4afea23b949a448 | |
| parent | d91b2e562d7f514f1c9066c9d6395ef75aab2354 (diff) | |
| download | symfony-security-8f20f7c0c0649ffcab6ff152218217f8eb0d8bd5.zip symfony-security-8f20f7c0c0649ffcab6ff152218217f8eb0d8bd5.tar.gz symfony-security-8f20f7c0c0649ffcab6ff152218217f8eb0d8bd5.tar.bz2 | |
do not ship with a custom rng implementation
| -rw-r--r-- | Core/Util/SecureRandom.php | 91 | ||||
| -rw-r--r-- | composer.json | 3 |
2 files changed, 3 insertions, 91 deletions
diff --git a/Core/Util/SecureRandom.php b/Core/Util/SecureRandom.php index 3461b4e..478f556 100644 --- a/Core/Util/SecureRandom.php +++ b/Core/Util/SecureRandom.php @@ -11,8 +11,6 @@ namespace Symfony\Component\Security\Core\Util; -use Psr\Log\LoggerInterface; - /** * A secure random number generator implementation. * @@ -21,98 +19,11 @@ use Psr\Log\LoggerInterface; */ final class SecureRandom implements SecureRandomInterface { - private $logger; - private $useOpenSsl; - private $seed; - private $seedUpdated; - private $seedLastUpdatedAt; - private $seedFile; - - /** - * Constructor. - * - * Be aware that a guessable seed will severely compromise the PRNG - * algorithm that is employed. - * - * @param string $seedFile - * @param LoggerInterface $logger - */ - public function __construct($seedFile = null, LoggerInterface $logger = null) - { - $this->seedFile = $seedFile; - $this->logger = $logger; - - $isUnsupportedPhp = '\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304; - - // determine whether to use OpenSSL - if (!function_exists('random_bytes') && ($isUnsupportedPhp || !function_exists('openssl_random_pseudo_bytes'))) { - if (null !== $this->logger) { - $this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.'); - } - $this->useOpenSsl = false; - } else { - $this->useOpenSsl = true; - } - } - /** * {@inheritdoc} */ public function nextBytes($nbBytes) { - if (function_exists('random_bytes')) { - return random_bytes($nbBytes); - } - - // try OpenSSL - if ($this->useOpenSsl) { - $bytes = openssl_random_pseudo_bytes($nbBytes, $strong); - - if (false !== $bytes && true === $strong) { - return $bytes; - } - - if (null !== $this->logger) { - $this->logger->info('OpenSSL did not produce a secure random number.'); - } - } - - // initialize seed - if (null === $this->seed) { - if (null === $this->seedFile) { - throw new \RuntimeException('You need to specify a file path to store the seed.'); - } - - if (is_file($this->seedFile)) { - list($this->seed, $this->seedLastUpdatedAt) = $this->readSeed(); - } else { - $this->seed = uniqid(mt_rand(), true); - $this->updateSeed(); - } - } - - $bytes = ''; - while (strlen($bytes) < $nbBytes) { - static $incr = 1; - $bytes .= hash('sha512', $incr++.$this->seed.uniqid(mt_rand(), true).$nbBytes, true); - $this->seed = base64_encode(hash('sha512', $this->seed.$bytes.$nbBytes, true)); - $this->updateSeed(); - } - - return substr($bytes, 0, $nbBytes); - } - - private function readSeed() - { - return json_decode(file_get_contents($this->seedFile)); - } - - private function updateSeed() - { - if (!$this->seedUpdated && $this->seedLastUpdatedAt < time() - mt_rand(1, 10)) { - file_put_contents($this->seedFile, json_encode(array($this->seed, microtime(true)))); - } - - $this->seedUpdated = true; + return random_bytes($nbBytes); } } diff --git a/composer.json b/composer.json index ddc700a..15d2620 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,8 @@ "php": ">=5.3.3", "symfony/event-dispatcher": "~2.2", "symfony/http-foundation": "~2.1", - "symfony/http-kernel": "~2.1" + "symfony/http-kernel": "~2.1", + "paragonie/random_compat": "~1.0" }, "require-dev": { "symfony/form": "~2.0,>=2.0.5", |