/wp-includes/random_compat/random_bytes_dev_urandom.php

  1. <?php 
  2. /** 
  3. * Random_* Compatibility Library  
  4. * for using the new PHP 7 random_* API in PHP 5 projects 
  5. *  
  6. * The MIT License (MIT) 
  7. *  
  8. * Copyright (c) 2015 Paragon Initiative Enterprises 
  9. *  
  10. * Permission is hereby granted, free of charge, to any person obtaining a copy 
  11. * of this software and associated documentation files (the "Software"), to deal 
  12. * in the Software without restriction, including without limitation the rights 
  13. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
  14. * copies of the Software, and to permit persons to whom the Software is 
  15. * furnished to do so, subject to the following conditions: 
  16. *  
  17. * The above copyright notice and this permission notice shall be included in 
  18. * all copies or substantial portions of the Software. 
  19. *  
  20. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
  21. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  
  22. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
  23. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
  24. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,  
  25. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
  26. * SOFTWARE. 
  27. */ 
  28.  
  29. if (!defined('RANDOM_COMPAT_READ_BUFFER')) { 
  30. define('RANDOM_COMPAT_READ_BUFFER', 8); 
  31.  
  32. /** 
  33. * Unless open_basedir is enabled, use /dev/urandom for 
  34. * random numbers in accordance with best practices 
  35. *  
  36. * Why we use /dev/urandom and not /dev/random 
  37. * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers 
  38. *  
  39. * @param int $bytes 
  40. *  
  41. * @throws Exception 
  42. *  
  43. * @return string 
  44. */ 
  45. function random_bytes($bytes) 
  46. static $fp = null; 
  47. /** 
  48. * This block should only be run once 
  49. */ 
  50. if (empty($fp)) { 
  51. /** 
  52. * We use /dev/urandom if it is a char device. 
  53. * We never fall back to /dev/random 
  54. */ 
  55. $fp = fopen('/dev/urandom', 'rb'); 
  56. if (!empty($fp)) { 
  57. $st = fstat($fp); 
  58. if (($st['mode'] & 0170000) !== 020000) { 
  59. fclose($fp); 
  60. $fp = false; 
  61.  
  62. if (!empty($fp)) { 
  63. /** 
  64. * stream_set_read_buffer() does not exist in HHVM 
  65. *  
  66. * If we don't set the stream's read buffer to 0, PHP will 
  67. * internally buffer 8192 bytes, which can waste entropy 
  68. *  
  69. * stream_set_read_buffer returns 0 on success 
  70. */ 
  71. if (function_exists('stream_set_read_buffer')) { 
  72. stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); 
  73. if (function_exists('stream_set_chunk_size')) { 
  74. stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); 
  75.  
  76. try { 
  77. $bytes = RandomCompat_intval($bytes); 
  78. } catch (TypeError $ex) { 
  79. throw new TypeError( 
  80. 'random_bytes(): $bytes must be an integer' 
  81. ); 
  82.  
  83. if ($bytes < 1) { 
  84. throw new Error( 
  85. 'Length must be greater than 0' 
  86. ); 
  87.  
  88. /** 
  89. * This if() block only runs if we managed to open a file handle 
  90. *  
  91. * It does not belong in an else {} block, because the above  
  92. * if (empty($fp)) line is logic that should only be run once per 
  93. * page load. 
  94. */ 
  95. if (!empty($fp)) { 
  96. $remaining = $bytes; 
  97. $buf = ''; 
  98.  
  99. /** 
  100. * We use fread() in a loop to protect against partial reads 
  101. */ 
  102. do { 
  103. $read = fread($fp, $remaining);  
  104. if ($read === false) { 
  105. /** 
  106. * We cannot safely read from the file. Exit the 
  107. * do-while loop and trigger the exception condition 
  108. */ 
  109. $buf = false; 
  110. break; 
  111. /** 
  112. * Decrease the number of bytes returned from remaining 
  113. */ 
  114. $remaining -= RandomCompat_strlen($read); 
  115. $buf .= $read; 
  116. } while ($remaining > 0); 
  117.  
  118. /** 
  119. * Is our result valid? 
  120. */ 
  121. if ($buf !== false) { 
  122. if (RandomCompat_strlen($buf) === $bytes) { 
  123. /** 
  124. * Return our random entropy buffer here: 
  125. */ 
  126. return $buf; 
  127.  
  128. /** 
  129. * If we reach here, PHP has failed us. 
  130. */ 
  131. throw new Exception( 
  132. 'Error reading from source device' 
  133. ); 
.