From: Derk-Jan Hartman <hartman.wiki@gmail.com>
Date: Fri, 2 Dec 2016 12:48:19 +0000 (+0100)
Subject: Add support for PHP7 random_bytes in favor of mcrypt_create_iv
X-Git-Tag: 1.31.0-rc.0~3780^2
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=453e829ce056f2ae1462bcd7ed6be92d15134d6c

Add support for PHP7 random_bytes in favor of mcrypt_create_iv

Bug: T143788
Change-Id: Ib49eab7983a82966d167f03761e32461f9b9f602
---

diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 10088f2363..0d3613ae23 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -242,6 +242,21 @@ class CryptRand {
 			$this->strong = true;
 		}
 
+		if ( strlen( $buffer ) < $bytes ) {
+			// If available make use of PHP 7's random_bytes
+			// On Linux, getrandom syscall will be used if available.
+			// On Windows CryptGenRandom will always be used
+			// On other platforms, /dev/urandom will be used.
+			// All error situations will throw Exceptions and or Errors
+			if ( function_exists( 'random_bytes' ) ) {
+				$rem = $bytes - strlen( $buffer );
+				$buffer .= random_bytes( $rem );
+			}
+			if ( strlen( $buffer ) >= $bytes ) {
+				$this->strong = true;
+			}
+		}
+
 		if ( strlen( $buffer ) < $bytes ) {
 			// If available make use of mcrypt_create_iv URANDOM source to generate randomness
 			// On unix-like systems this reads from /dev/urandom but does it without any buffering