* This is based in part on Drupal code as well as what we used in our own code
* prior to introduction of this class.
*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @author Daniel Friesen
* @file
*/
// It'll also vary slightly across different machines
$state = serialize( $_SERVER );
- // To try and vary the system information of the state a bit more
+ // To try vary the system information of the state a bit more
// by including the system's hostname into the state
$state .= wfHostname();
// Include some information about the filesystem's current state in the random state
$files = array();
+
// We know this file is here so grab some info about ourself
$files[] = __FILE__;
+
+ // We must also have a parent folder, and with the usual file structure, a grandparent
+ $files[] = dirname( __FILE__ );
+ $files[] = dirname( dirname( __FILE__ ) );
+
// The config file is likely the most often edited file we know should be around
- // so if the constant with it's location is defined include it's stat info into the state
+ // so include its stat info into the state.
+ // The constant with its location will almost always be defined, as WebStart.php defines
+ // MW_CONFIG_FILE to $IP/LocalSettings.php unless being configured with MW_CONFIG_CALLBACK (eg. the installer)
if ( defined( 'MW_CONFIG_FILE' ) ) {
$files[] = MW_CONFIG_FILE;
}
+
foreach ( $files as $file ) {
wfSuppressWarnings();
$stat = stat( $file );
/**
* Randomly hash data while mixing in clock drift data for randomness
*
- * @param $data The data to randomly hash.
+ * @param $data string The data to randomly hash.
* @return String The hashed bytes
* @author Tim Starling
*/
/**
* Return a rolling random state initially build using data from unstable sources
- * @return A new weak random state
+ * @return string A new weak random state
*/
protected function randomState() {
static $state = null;
/**
* Decide on the best acceptable hash algorithm we have available for hash()
+ * @throws MWException
* @return String A hash algorithm
*/
protected function hashAlgo() {
- static $algo;
- if ( !is_null( $algo ) ) {
- return $algo;
+ if ( !is_null( $this->algo ) ) {
+ return $this->algo;
}
$algos = hash_algos();
foreach ( $preference as $algorithm ) {
if ( in_array( $algorithm, $algos ) ) {
- $algo = $algorithm; # assign to static
- wfDebug( __METHOD__ . ": Using the $algo hash algorithm.\n" );
- return $algo;
+ $this->algo = $algorithm;
+ wfDebug( __METHOD__ . ": Using the {$this->algo} hash algorithm.\n" );
+ return $this->algo;
}
}
* @return int Number of bytes the hash outputs
*/
protected function hashLength() {
- static $hashLength;
- if ( is_null( $hashLength ) ) {
- $hashLength = strlen( $this->hash( '' ) );
+ if ( is_null( $this->hashLength ) ) {
+ $this->hashLength = strlen( $this->hash( '' ) );
}
- return $hashLength;
+ return $this->hashLength;
}
/**
* Generate an acceptably unstable one-way-hash of some text
* making use of the best hash algorithm that we have available.
*
+ * @param $data string
* @return String A raw hash of the data
*/
protected function hash( $data ) {
* Generate an acceptably unstable one-way-hmac of some text
* making use of the best hash algorithm that we have available.
*
+ * @param $data string
+ * @param $key string
* @return String A raw hash of the data
*/
protected function hmac( $data, $key ) {
/**
* @see self::generate()
*/
- public function realGenerate( $bytes, $forceStrong = false, $method = null ) {
+ public function realGenerate( $bytes, $forceStrong = false ) {
wfProfileIn( __METHOD__ );
- if ( is_string( $forceStrong ) && is_null( $method ) ) {
- // If $forceStrong is a string then it's really $method
- $method = $forceStrong;
- $forceStrong = false;
- }
- if ( !is_null( $method ) ) {
- wfDebug( __METHOD__ . ": Generating cryptographic random bytes for $method\n" );
- }
+ wfDebug( __METHOD__ . ": Generating cryptographic random bytes for " . wfGetAllCallers( 5 ) . "\n" );
$bytes = floor( $bytes );
static $buffer = '';
if ( strlen( $buffer ) < $bytes ) {
// If available make use of mcrypt_create_iv URANDOM source to generate randomness
// On unix-like systems this reads from /dev/urandom but does it without any buffering
- // and bypasses openbasdir restrictions so it's preferable to reading directly
+ // and bypasses openbasedir restrictions, so it's preferable to reading directly
// On Windows starting in PHP 5.3.0 Windows' native CryptGenRandom is used to generate
// entropy so this is also preferable to just trying to read urandom because it may work
// on Windows systems as well.
if ( function_exists( 'mcrypt_create_iv' ) ) {
wfProfileIn( __METHOD__ . '-mcrypt' );
$rem = $bytes - strlen( $buffer );
- wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using mcrypt_create_iv.\n" );
$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
if ( $iv === false ) {
wfDebug( __METHOD__ . ": mcrypt_create_iv returned false.\n" );
} else {
- $bytes .= $iv;
+ $buffer .= $iv;
wfDebug( __METHOD__ . ": mcrypt_create_iv generated " . strlen( $iv ) . " bytes of randomness.\n" );
}
wfProfileOut( __METHOD__ . '-mcrypt' );
}
if ( strlen( $buffer ) < $bytes ) {
- // If available make use of openssl's random_pesudo_bytes method to attempt to generate randomness.
+ // If available make use of openssl's random_pseudo_bytes method to attempt to generate randomness.
// However don't do this on Windows with PHP < 5.3.4 due to a bug:
// http://stackoverflow.com/questions/1940168/openssl-random-pseudo-bytes-is-slow-php
+ // http://git.php.net/?p=php-src.git;a=commitdiff;h=cd62a70863c261b07f6dadedad9464f7e213cad5
if ( function_exists( 'openssl_random_pseudo_bytes' )
&& ( !wfIsWindows() || version_compare( PHP_VERSION, '5.3.4', '>=' ) )
) {
wfProfileIn( __METHOD__ . '-openssl' );
$rem = $bytes - strlen( $buffer );
- wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using openssl_random_pseudo_bytes.\n" );
$openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
if ( $openssl_bytes === false ) {
wfDebug( __METHOD__ . ": openssl_random_pseudo_bytes returned false.\n" );
if ( strlen( $buffer ) < $bytes && ( function_exists( 'stream_set_read_buffer' ) || $forceStrong ) ) {
wfProfileIn( __METHOD__ . '-fopen-urandom' );
$rem = $bytes - strlen( $buffer );
- wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using /dev/urandom.\n" );
if ( !function_exists( 'stream_set_read_buffer' ) && $forceStrong ) {
wfDebug( __METHOD__ . ": Was forced to read from /dev/urandom without control over the buffer size.\n" );
}
stream_set_read_buffer( $urandom, $rem );
$chunk_size = $rem;
}
- wfDebug( __METHOD__ . ": Reading from /dev/urandom with a buffer size of $chunk_size.\n" );
$random_bytes = fread( $urandom, max( $chunk_size, $rem ) );
$buffer .= $random_bytes;
fclose( $urandom );
/**
* @see self::generateHex()
*/
- public function realGenerateHex( $chars, $forceStrong = false, $method = null ) {
+ public function realGenerateHex( $chars, $forceStrong = false ) {
// hex strings are 2x the length of raw binary so we divide the length in half
// odd numbers will result in a .5 that leads the generate() being 1 character
// short, so we use ceil() to ensure that we always have enough bytes
$bytes = ceil( $chars / 2 );
// Generate the data and then convert it to a hex string
- $hex = bin2hex( $this->generate( $bytes, $forceStrong, $method ) );
+ $hex = bin2hex( $this->generate( $bytes, $forceStrong ) );
// A bit of paranoia here, the caller asked for a specific length of string
// here, and it's possible (eg when given an odd number) that we may actually
// have at least 1 char more than they asked for. Just in case they made this
/**
* Return a singleton instance of MWCryptRand
+ * @return MWCryptRand
*/
protected static function singleton() {
if ( is_null( self::$singleton ) ) {
* @param $forceStrong bool Pass true if you want generate to prefer cryptographically
* strong sources of entropy even if reading from them may steal
* more entropy from the system than optimal.
- * @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
* @return String Raw binary random data
*/
- public static function generate( $bytes, $forceStrong = false, $method = null ) {
- return self::singleton()->realGenerate( $bytes, $forceStrong, $method );
+ public static function generate( $bytes, $forceStrong = false ) {
+ return self::singleton()->realGenerate( $bytes, $forceStrong );
}
/**
* @param $forceStrong bool Pass true if you want generate to prefer cryptographically
* strong sources of entropy even if reading from them may steal
* more entropy from the system than optimal.
- * @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
* @return String Hexadecimal random data
*/
- public static function generateHex( $chars, $forceStrong = false, $method = null ) {
- return self::singleton()->realGenerateHex( $chars, $forceStrong, $method );
+ public static function generateHex( $chars, $forceStrong = false ) {
+ return self::singleton()->realGenerateHex( $chars, $forceStrong );
}
}