diff options
Diffstat (limited to 'Core')
| -rw-r--r-- | Core/Tests/Util/SecureRandomTest.php | 66 | ||||
| -rw-r--r-- | Core/Util/SecureRandom.php | 91 | ||||
| -rw-r--r-- | Core/Util/SecureRandomInterface.php | 2 | ||||
| -rw-r--r-- | Core/composer.json | 3 |
4 files changed, 21 insertions, 141 deletions
diff --git a/Core/Tests/Util/SecureRandomTest.php b/Core/Tests/Util/SecureRandomTest.php index 2e94cc1..a78d5a2 100644 --- a/Core/Tests/Util/SecureRandomTest.php +++ b/Core/Tests/Util/SecureRandomTest.php @@ -13,26 +13,27 @@ namespace Symfony\Component\Security\Core\Tests\Util; use Symfony\Component\Security\Core\Util\SecureRandom; +/** + * @group legacy + */ class SecureRandomTest extends \PHPUnit_Framework_TestCase { /** * T1: Monobit test. - * - * @dataProvider getSecureRandoms */ - public function testMonobit($secureRandom) + public function testMonobit() { + $secureRandom = new SecureRandom(); $nbOnBits = substr_count($this->getBitSequence($secureRandom, 20000), '1'); $this->assertTrue($nbOnBits > 9654 && $nbOnBits < 10346, 'Monobit test failed, number of turned on bits: '.$nbOnBits); } /** * T2: Chi-square test with 15 degrees of freedom (chi-Quadrat-Anpassungstest). - * - * @dataProvider getSecureRandoms */ - public function testPoker($secureRandom) + public function testPoker() { + $secureRandom = new SecureRandom(); $b = $this->getBitSequence($secureRandom, 20000); $c = array(); for ($i = 0; $i <= 15; ++$i) { @@ -56,11 +57,10 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase /** * Run test. - * - * @dataProvider getSecureRandoms */ - public function testRun($secureRandom) + public function testRun() { + $secureRandom = new SecureRandom(); $b = $this->getBitSequence($secureRandom, 20000); $runs = array(); @@ -104,11 +104,10 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase /** * Long-run test. - * - * @dataProvider getSecureRandoms */ - public function testLongRun($secureRandom) + public function testLongRun() { + $secureRandom = new SecureRandom(); $b = $this->getBitSequence($secureRandom, 20000); $longestRun = $currentRun = 0; @@ -133,11 +132,10 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase /** * Serial Correlation (Autokorrelationstest). - * - * @dataProvider getSecureRandoms */ - public function testSerialCorrelation($secureRandom) + public function testSerialCorrelation() { + $secureRandom = new SecureRandom(); $shift = mt_rand(1, 5000); $b = $this->getBitSequence($secureRandom, 20000); @@ -149,44 +147,6 @@ class SecureRandomTest extends \PHPUnit_Framework_TestCase $this->assertTrue($Z > 2326 && $Z < 2674, 'Failed serial correlation test: '.$Z); } - public function getSecureRandoms() - { - $secureRandoms = array(); - - // only add if openssl is indeed present - $secureRandom = new SecureRandom(); - if ($this->hasOpenSsl($secureRandom)) { - $secureRandoms[] = array($secureRandom); - } - - // no-openssl with custom seed provider - $secureRandom = new SecureRandom(sys_get_temp_dir().'/_sf2.seed'); - $this->disableOpenSsl($secureRandom); - $secureRandoms[] = array($secureRandom); - - return $secureRandoms; - } - - protected function disableOpenSsl($secureRandom) - { - $ref = new \ReflectionProperty($secureRandom, 'useOpenSsl'); - $ref->setAccessible(true); - $ref->setValue($secureRandom, false); - $ref->setAccessible(false); - } - - protected function hasOpenSsl($secureRandom) - { - $ref = new \ReflectionProperty($secureRandom, 'useOpenSsl'); - $ref->setAccessible(true); - - $ret = $ref->getValue($secureRandom); - - $ref->setAccessible(false); - - return $ret; - } - private function getBitSequence($secureRandom, $length) { $bitSequence = ''; diff --git a/Core/Util/SecureRandom.php b/Core/Util/SecureRandom.php index 65722ce..06ed893 100644 --- a/Core/Util/SecureRandom.php +++ b/Core/Util/SecureRandom.php @@ -11,106 +11,23 @@ namespace Symfony\Component\Security\Core\Util; -use Psr\Log\LoggerInterface; +@trigger_error('The '.__NAMESPACE__.'\SecureRandom class is deprecated since version 2.8 and will be removed in 3.0. Use the random_bytes() function instead.', E_USER_DEPRECATED); /** * A secure random number generator implementation. * * @author Fabien Potencier <fabien@symfony.com> * @author Johannes M. Schmitt <schmittjoh@gmail.com> + * + * @deprecated since version 2.8, to be removed in 3.0. Use the random_bytes function instead */ final class SecureRandom implements SecureRandomInterface { - private $logger; - private $useOpenSsl; - private $seed; - private $seedUpdated; - private $seedLastUpdatedAt; - private $seedFile; - - /** - * Constructor. - * - * Be aware that a guessable seed will severely compromise the PRNG - * algorithm that is employed. - * - * @param string $seedFile - * @param LoggerInterface $logger - */ - public function __construct($seedFile = null, LoggerInterface $logger = null) - { - $this->seedFile = $seedFile; - $this->logger = $logger; - - // determine whether to use OpenSSL - if (!function_exists('random_bytes') && !function_exists('openssl_random_pseudo_bytes')) { - if (null !== $this->logger) { - $this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.'); - } - $this->useOpenSsl = false; - } else { - $this->useOpenSsl = true; - } - } - /** * {@inheritdoc} */ public function nextBytes($nbBytes) { - if (function_exists('random_bytes')) { - return random_bytes($nbBytes); - } - - // try OpenSSL - if ($this->useOpenSsl) { - $bytes = openssl_random_pseudo_bytes($nbBytes, $strong); - - if (false !== $bytes && true === $strong) { - return $bytes; - } - - if (null !== $this->logger) { - $this->logger->info('OpenSSL did not produce a secure random number.'); - } - } - - // initialize seed - if (null === $this->seed) { - if (null === $this->seedFile) { - throw new \RuntimeException('You need to specify a file path to store the seed.'); - } - - if (is_file($this->seedFile)) { - list($this->seed, $this->seedLastUpdatedAt) = $this->readSeed(); - } else { - $this->seed = uniqid(mt_rand(), true); - $this->updateSeed(); - } - } - - $bytes = ''; - while (strlen($bytes) < $nbBytes) { - static $incr = 1; - $bytes .= hash('sha512', $incr++.$this->seed.uniqid(mt_rand(), true).$nbBytes, true); - $this->seed = base64_encode(hash('sha512', $this->seed.$bytes.$nbBytes, true)); - $this->updateSeed(); - } - - return substr($bytes, 0, $nbBytes); - } - - private function readSeed() - { - return json_decode(file_get_contents($this->seedFile)); - } - - private function updateSeed() - { - if (!$this->seedUpdated && $this->seedLastUpdatedAt < time() - mt_rand(1, 10)) { - file_put_contents($this->seedFile, json_encode(array($this->seed, microtime(true)))); - } - - $this->seedUpdated = true; + return random_bytes($nbBytes); } } diff --git a/Core/Util/SecureRandomInterface.php b/Core/Util/SecureRandomInterface.php index 87d3ace..df5509b 100644 --- a/Core/Util/SecureRandomInterface.php +++ b/Core/Util/SecureRandomInterface.php @@ -15,6 +15,8 @@ namespace Symfony\Component\Security\Core\Util; * Interface that needs to be implemented by all secure random number generators. * * @author Fabien Potencier <fabien@symfony.com> + * + * @deprecated since version 2.8, to be removed in 3.0. Use the random_bytes function instead */ interface SecureRandomInterface { diff --git a/Core/composer.json b/Core/composer.json index 6a1ac99..e4b90be 100644 --- a/Core/composer.json +++ b/Core/composer.json @@ -16,7 +16,8 @@ } ], "require": { - "php": ">=5.3.9" + "php": ">=5.3.9", + "paragonie/random_compat" : "~1.0" }, "require-dev": { "symfony/phpunit-bridge": "~2.7|~3.0.0", |