[evolvis-commits] r18006: replace util_randbytes with its more secure pendant from Evolvis 4.8
mirabilos at evolvis.org
mirabilos at evolvis.org
Fri Jan 13 12:11:45 CET 2012
Author: mirabilos
Date: 2012-01-13 12:11:45 +0100 (Fri, 13 Jan 2012)
New Revision: 18006
Modified:
trunk/gforge_base/evolvisforge-5.1/src/common/include/utils.php
Log:
replace util_randbytes with its more secure pendant from Evolvis 4.8
and try harder to die if we cannot read from /dev/urandom; also add
a comment to check the result for randomness…
Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/utils.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/utils.php 2012-01-13 11:11:39 UTC (rev 18005)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/utils.php 2012-01-13 11:11:45 UTC (rev 18006)
@@ -1491,30 +1491,19 @@
}
function util_randbytes($num=6) {
- $b = '';
+ $f = fopen("/dev/urandom", "rb");
+ $b = fread($f, $num);
+ fclose($f);
- // Let's try /dev/urandom first
- $f = @fopen("/dev/urandom", "rb");
- if ($f !== FALSE) {
- $b .= @fread($f, $num);
- fclose($f);
+ /*XXX check if the result is truly random */
+ if (strlen($b) != $num) {
+ exit_error(_('Internal Error: Could not read from random device'));
+ /* Mebbe… */
+ throw new Exception('Could not read from random device');
+ /* Justin Case… */
+ die;
}
- // Hm. No /dev/urandom? Try /dev/random.
- if (strlen($b) < $num) {
- $f = @fopen("/dev/random", "rb");
- if ($f !== FALSE) {
- $b .= @fread($f, $num);
- fclose($f);
- }
- }
-
- // Still no luck? Fall back to PHP's built-in PRNG
- while (strlen($b) < $num) {
- $b .= uniqid(mt_rand(), true);
- }
-
- $b = substr($b, 0, $num);
return ($b);
}
More information about the evolvis-commits
mailing list