random_bytes

We don't have any more options, so let's throw an exception right now and hope the developer won't let it fail silently.

Description

random_bytes( $length ); 

Parameters (1)

0. $length
The length.

Usage

  1. if ( !function_exists( 'random_bytes' ) ) { 
  2. require_once ABSPATH . WPINC . '/random_compat/random.php'; 
  3.  
  4. // The length. 
  5. $length = null; 
  6.  
  7. // NOTICE! Understand what this does before running. 
  8. $result = random_bytes($length); 
  9.  

Defined (7)

The function is defined in the following location(s).

/wp-includes/random_compat/random.php  
  1. function random_bytes($length) 
  2. throw new Exception( 
  3. 'There is no suitable CSPRNG installed on your system' 
  4. ); 
/wp-includes/random_compat/random_bytes_com_dotnet.php  
  1. function random_bytes($bytes) 
  2. try { 
  3. $bytes = RandomCompat_intval($bytes); 
  4. } catch (TypeError $ex) { 
  5. throw new TypeError
  6. 'random_bytes(): $bytes must be an integer' 
  7. ); 
  8.  
  9. if ($bytes < 1) { 
  10. throw new Error
  11. 'Length must be greater than 0' 
  12. ); 
  13.  
  14. $buf = ''; 
  15. $util = new COM('CAPICOM.Utilities.1'); 
  16. $execCount = 0; 
  17.  
  18. /** 
  19. * Let's not let it loop forever. If we run N times and fail to 
  20. * get N bytes of random data, then CAPICOM has failed us. 
  21. */ 
  22. do { 
  23. $buf .= base64_decode($util->GetRandom($bytes, 0)); 
  24. if (RandomCompat_strlen($buf) >= $bytes) { 
  25. /** 
  26. * Return our random entropy buffer here: 
  27. */ 
  28. return RandomCompat_substr($buf, 0, $bytes); 
  29. ++$execCount;  
  30. } while ($execCount < $bytes); 
  31.  
  32. /** 
  33. * If we reach here, PHP has failed us. 
  34. */ 
  35. throw new Exception( 
  36. 'Could not gather sufficient random data' 
  37. ); 
/wp-includes/random_compat/random_bytes_dev_urandom.php  
  1. function random_bytes($bytes) 
  2. static $fp = null; 
  3. /** 
  4. * This block should only be run once 
  5. */ 
  6. if (empty($fp)) { 
  7. /** 
  8. * We use /dev/urandom if it is a char device. 
  9. * We never fall back to /dev/random 
  10. */ 
  11. $fp = fopen('/dev/urandom', 'rb'); 
  12. if (!empty($fp)) { 
  13. $st = fstat($fp); 
  14. if (($st['mode'] & 0170000) !== 020000) { 
  15. fclose($fp); 
  16. $fp = false; 
  17.  
  18. if (!empty($fp)) { 
  19. /** 
  20. * stream_set_read_buffer() does not exist in HHVM 
  21. *  
  22. * If we don't set the stream's read buffer to 0, PHP will 
  23. * internally buffer 8192 bytes, which can waste entropy 
  24. *  
  25. * stream_set_read_buffer returns 0 on success 
  26. */ 
  27. if (function_exists('stream_set_read_buffer')) { 
  28. stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); 
  29. if (function_exists('stream_set_chunk_size')) { 
  30. stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); 
  31.  
  32. try { 
  33. $bytes = RandomCompat_intval($bytes); 
  34. } catch (TypeError $ex) { 
  35. throw new TypeError
  36. 'random_bytes(): $bytes must be an integer' 
  37. ); 
  38.  
  39. if ($bytes < 1) { 
  40. throw new Error
  41. 'Length must be greater than 0' 
  42. ); 
  43.  
  44. /** 
  45. * This if() block only runs if we managed to open a file handle 
  46. *  
  47. * It does not belong in an else {} block, because the above  
  48. * if (empty($fp)) line is logic that should only be run once per 
  49. * page load. 
  50. */ 
  51. if (!empty($fp)) { 
  52. $remaining = $bytes; 
  53. $buf = ''; 
  54.  
  55. /** 
  56. * We use fread() in a loop to protect against partial reads 
  57. */ 
  58. do { 
  59. $read = fread($fp, $remaining);  
  60. if ($read === false) { 
  61. /** 
  62. * We cannot safely read from the file. Exit the 
  63. * do-while loop and trigger the exception condition 
  64. */ 
  65. $buf = false; 
  66. break; 
  67. /** 
  68. * Decrease the number of bytes returned from remaining 
  69. */ 
  70. $remaining -= RandomCompat_strlen($read); 
  71. $buf .= $read; 
  72. } while ($remaining > 0); 
  73.  
  74. /** 
  75. * Is our result valid? 
  76. */ 
  77. if ($buf !== false) { 
  78. if (RandomCompat_strlen($buf) === $bytes) { 
  79. /** 
  80. * Return our random entropy buffer here: 
  81. */ 
  82. return $buf; 
  83.  
  84. /** 
  85. * If we reach here, PHP has failed us. 
  86. */ 
  87. throw new Exception( 
  88. 'Error reading from source device' 
  89. ); 
/wp-includes/random_compat/random_bytes_libsodium.php  
  1. function random_bytes($bytes) 
  2. try { 
  3. $bytes = RandomCompat_intval($bytes); 
  4. } catch (TypeError $ex) { 
  5. throw new TypeError
  6. 'random_bytes(): $bytes must be an integer' 
  7. ); 
  8.  
  9. if ($bytes < 1) { 
  10. throw new Error
  11. 'Length must be greater than 0' 
  12. ); 
  13.  
  14. /** 
  15. * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be 
  16. * generated in one invocation. 
  17. */ 
  18. if ($bytes > 2147483647) { 
  19. $buf = ''; 
  20. for ($i = 0; $i < $bytes; $i += 1073741824) { 
  21. $n = ($bytes - $i) > 1073741824 
  22. ? 1073741824 
  23. : $bytes - $i; 
  24. $buf .= \Sodium\randombytes_buf($n); 
  25. } else { 
  26. $buf = \Sodium\randombytes_buf($bytes); 
  27.  
  28. if ($buf !== false) { 
  29. if (RandomCompat_strlen($buf) === $bytes) { 
  30. return $buf; 
  31.  
  32. /** 
  33. * If we reach here, PHP has failed us. 
  34. */ 
  35. throw new Exception( 
  36. 'Could not gather sufficient random data' 
  37. ); 
/wp-includes/random_compat/random_bytes_libsodium_legacy.php  
  1. function random_bytes($bytes) 
  2. try { 
  3. $bytes = RandomCompat_intval($bytes); 
  4. } catch (TypeError $ex) { 
  5. throw new TypeError
  6. 'random_bytes(): $bytes must be an integer' 
  7. ); 
  8.  
  9. if ($bytes < 1) { 
  10. throw new Error
  11. 'Length must be greater than 0' 
  12. ); 
  13.  
  14. /** 
  15. * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be 
  16. * generated in one invocation. 
  17. */ 
  18. if ($bytes > 2147483647) { 
  19. $buf = ''; 
  20. for ($i = 0; $i < $bytes; $i += 1073741824) { 
  21. $n = ($bytes - $i) > 1073741824 
  22. ? 1073741824 
  23. : $bytes - $i; 
  24. $buf .= Sodium::randombytes_buf($n); 
  25. } else { 
  26. $buf = Sodium::randombytes_buf($bytes); 
  27.  
  28. if ($buf !== false) { 
  29. if (RandomCompat_strlen($buf) === $bytes) { 
  30. return $buf; 
  31.  
  32. /** 
  33. * If we reach here, PHP has failed us. 
  34. */ 
  35. throw new Exception( 
  36. 'Could not gather sufficient random data' 
  37. ); 
/wp-includes/random_compat/random_bytes_mcrypt.php  
  1. function random_bytes($bytes) 
  2. try { 
  3. $bytes = RandomCompat_intval($bytes); 
  4. } catch (TypeError $ex) { 
  5. throw new TypeError
  6. 'random_bytes(): $bytes must be an integer' 
  7. ); 
  8.  
  9. if ($bytes < 1) { 
  10. throw new Error
  11. 'Length must be greater than 0' 
  12. ); 
  13.  
  14. $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); 
  15. if ( 
  16. $buf !== false 
  17. && 
  18. RandomCompat_strlen($buf) === $bytes 
  19. ) { 
  20. /** 
  21. * Return our random entropy buffer here: 
  22. */ 
  23. return $buf; 
  24.  
  25. /** 
  26. * If we reach here, PHP has failed us. 
  27. */ 
  28. throw new Exception( 
  29. 'Could not gather sufficient random data' 
  30. ); 
/wp-includes/random_compat/random_bytes_openssl.php  
  1. function random_bytes($bytes) 
  2. try { 
  3. $bytes = RandomCompat_intval($bytes); 
  4. } catch (TypeError $ex) { 
  5. throw new TypeError
  6. 'random_bytes(): $bytes must be an integer' 
  7. ); 
  8.  
  9. if ($bytes < 1) { 
  10. throw new Error
  11. 'Length must be greater than 0' 
  12. ); 
  13.  
  14. /** 
  15. * $secure is passed by reference. If it's set to false, fail. Note 
  16. * that this will only return false if this function fails to return 
  17. * any data. 
  18. *  
  19. * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973 
  20. */ 
  21. $secure = true; 
  22. $buf = openssl_random_pseudo_bytes($bytes, $secure); 
  23. if ( 
  24. $buf !== false 
  25. && 
  26. $secure 
  27. && 
  28. RandomCompat_strlen($buf) === $bytes 
  29. ) { 
  30. return $buf; 
  31.  
  32. /** 
  33. * If we reach here, PHP has failed us. 
  34. */ 
  35. throw new Exception( 
  36. 'Could not gather sufficient random data' 
  37. );