From: jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Date: Thu, 16 Mar 2017 22:28:41 +0000 (+0000)
Subject: Merge "Add support for PHP7 random_bytes in favor of mcrypt_create_iv"
X-Git-Tag: 1.31.0-rc.0~3780
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=49748181dd56ec97e7ba7c13e684a16abceb3cc0;hp=09c69c329ff5dc54d6524a9a52bae6ca7b316969

Merge "Add support for PHP7 random_bytes in favor of mcrypt_create_iv"
---

diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php
index 10088f2363..0d3613ae23 100644
--- a/includes/libs/CryptRand.php
+++ b/includes/libs/CryptRand.php
@@ -242,6 +242,21 @@ class CryptRand {
 			$this->strong = true;
 		}
 
+		if ( strlen( $buffer ) < $bytes ) {
+			// If available make use of PHP 7's random_bytes
+			// On Linux, getrandom syscall will be used if available.
+			// On Windows CryptGenRandom will always be used
+			// On other platforms, /dev/urandom will be used.
+			// All error situations will throw Exceptions and or Errors
+			if ( function_exists( 'random_bytes' ) ) {
+				$rem = $bytes - strlen( $buffer );
+				$buffer .= random_bytes( $rem );
+			}
+			if ( strlen( $buffer ) >= $bytes ) {
+				$this->strong = true;
+			}
+		}
+
 		if ( strlen( $buffer ) < $bytes ) {
 			// If available make use of mcrypt_create_iv URANDOM source to generate randomness
 			// On unix-like systems this reads from /dev/urandom but does it without any buffering