|
|
|
|
@ -3,8 +3,8 @@
|
|
|
|
|
* Random_* Compatibility Library
|
|
|
|
|
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
|
|
|
*
|
|
|
|
|
* @version 2.0.2
|
|
|
|
|
* @released 2016-04-03
|
|
|
|
|
* @version 2.0.4
|
|
|
|
|
* @released 2016-11-07
|
|
|
|
|
*
|
|
|
|
|
* The MIT License (MIT)
|
|
|
|
|
*
|
|
|
|
|
@ -41,8 +41,10 @@ if (!defined('PHP_VERSION_ID')) {
|
|
|
|
|
$RandomCompatversion = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* PHP 7.0.0 and newer have these functions natively.
|
|
|
|
|
*/
|
|
|
|
|
if (PHP_VERSION_ID < 70000) {
|
|
|
|
|
|
|
|
|
|
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
|
|
|
|
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
|
|
|
|
}
|
|
|
|
|
@ -67,7 +69,7 @@ if (PHP_VERSION_ID < 70000) {
|
|
|
|
|
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
|
|
|
|
|
* 5. openssl_random_pseudo_bytes() (absolute last resort)
|
|
|
|
|
*
|
|
|
|
|
* See ERRATA.md for our reasoning behind this particular order
|
|
|
|
|
* See RATIONALE.md for our reasoning behind this particular order
|
|
|
|
|
*/
|
|
|
|
|
if (extension_loaded('libsodium')) {
|
|
|
|
|
// See random_bytes_libsodium.php
|
|
|
|
|
@ -123,6 +125,20 @@ if (PHP_VERSION_ID < 70000) {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* mcrypt_create_iv()
|
|
|
|
|
*
|
|
|
|
|
* We only want to use mcypt_create_iv() if:
|
|
|
|
|
*
|
|
|
|
|
* - random_bytes() hasn't already been defined
|
|
|
|
|
* - PHP >= 5.3.7
|
|
|
|
|
* - the mcrypt extensions is loaded
|
|
|
|
|
* - One of these two conditions is true:
|
|
|
|
|
* - We're on Windows (DIRECTORY_SEPARATOR !== '/')
|
|
|
|
|
* - We're not on Windows and /dev/urandom is readabale
|
|
|
|
|
* (i.e. we're not in a chroot jail)
|
|
|
|
|
* - Special case:
|
|
|
|
|
* - If we're not on Windows, but the PHP version is between
|
|
|
|
|
* 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
|
|
|
|
|
* hang indefinitely. This is bad.
|
|
|
|
|
*/
|
|
|
|
|
if (
|
|
|
|
|
!is_callable('random_bytes')
|
|
|
|
|
@ -130,8 +146,6 @@ if (PHP_VERSION_ID < 70000) {
|
|
|
|
|
PHP_VERSION_ID >= 50307
|
|
|
|
|
&&
|
|
|
|
|
extension_loaded('mcrypt')
|
|
|
|
|
&&
|
|
|
|
|
(DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
|
|
|
|
|
) {
|
|
|
|
|
// Prevent this code from hanging indefinitely on non-Windows;
|
|
|
|
|
// see https://bugs.php.net/bug.php?id=69833
|
|
|
|
|
@ -145,6 +159,10 @@ if (PHP_VERSION_ID < 70000) {
|
|
|
|
|
}
|
|
|
|
|
$RandomCompatUrandom = null;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This is a Windows-specific fallback, for when the mcrypt extension
|
|
|
|
|
* isn't loaded.
|
|
|
|
|
*/
|
|
|
|
|
if (
|
|
|
|
|
!is_callable('random_bytes')
|
|
|
|
|
&&
|
|
|
|
|
|
rugk
8 years ago