minor #15875 Use random_bytes function if it is available for random number generation (pierredup)
This PR was merged into the 2.3 branch.
Discussion
----------
Use random_bytes function if it is available for random number generation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15239
| License | MIT
| Doc PR |
This is an attempt to use the random_bytes function when generating secure random numbers. This function is included in PHP 7 or through the "paragonie/random_compat" library.
This PR only adds support to use the function if it is available. Changes that can be added is to add a hard dependency on the paragonie/random_compat library, so all current functionality can be deprecated.
Commits
-------
6a217dc
Use random_bytes function if it is available for random number generation
This commit is contained in:
commit
25dccf1bb5
|
@ -42,12 +42,12 @@ final class SecureRandom implements SecureRandomInterface
|
|||
$this->seedFile = $seedFile;
|
||||
$this->logger = $logger;
|
||||
|
||||
$isUnsupportedPhp = '\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304;
|
||||
|
||||
// determine whether to use OpenSSL
|
||||
if ('\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304) {
|
||||
$this->useOpenSsl = false;
|
||||
} elseif (!function_exists('openssl_random_pseudo_bytes')) {
|
||||
if (!function_exists('random_bytes') && ($isUnsupportedPhp || !function_exists('openssl_random_pseudo_bytes'))) {
|
||||
if (null !== $this->logger) {
|
||||
$this->logger->notice('It is recommended that you enable the "openssl" extension for random number generation.');
|
||||
$this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
|
||||
}
|
||||
$this->useOpenSsl = false;
|
||||
} else {
|
||||
|
@ -60,6 +60,10 @@ final class SecureRandom implements SecureRandomInterface
|
|||
*/
|
||||
public function nextBytes($nbBytes)
|
||||
{
|
||||
if (function_exists('random_bytes')) {
|
||||
return random_bytes($nbBytes);
|
||||
}
|
||||
|
||||
// try OpenSSL
|
||||
if ($this->useOpenSsl) {
|
||||
$bytes = openssl_random_pseudo_bytes($nbBytes, $strong);
|
||||
|
|
|
@ -39,7 +39,8 @@
|
|||
"symfony/validator": "",
|
||||
"symfony/routing": "",
|
||||
"doctrine/dbal": "to use the built-in ACL implementation",
|
||||
"ircmaxell/password-compat": ""
|
||||
"ircmaxell/password-compat": "",
|
||||
"paragonie/random_compat": ""
|
||||
},
|
||||
"autoload": {
|
||||
"psr-0": { "Symfony\\Component\\Security\\": "" }
|
||||
|
|
Reference in New Issue