WordPress/wp-includes/random_compat/random_bytes_mcrypt.php

<?php
/**
 * Random_* Compatibility Library 
 * for using the new PHP 7 random_* API in PHP 5 projects
 * 
 * The MIT License (MIT)
 * 
 * Copyright (c) 2015 Paragon Initiative Enterprises
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */


/**
 * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
 * 
 * @ref https://bugs.php.net/bug.php?id=55169
 * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
 * 
 * @param int $bytes
 * 
 * @throws Exception
 * 
 * @return string
 */
function random_bytes($bytes)
{
    if (!is_int($bytes)) {
        throw new TypeError(
            'Length must be an integer'
        );
    }
    if ($bytes < 1) {
        throw new Error(
            'Length must be greater than 0'
        );
    }

    $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
    if ($buf !== false) {
        if (RandomCompat_strlen($buf) === $bytes) {
            /**
             * Return our random entropy buffer here:
             */
            return $buf;
        }
    }
    /**
     * If we reach here, PHP has failed us.
     */
    throw new Exception(
        'PHP failed to generate random data.'
    );
}
Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x. `random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available. We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system. Take Two, this was previously committed in [34922] but had an issue on PHP 5.2 which sarciszewski has now resolved. Props sarciszewski See #28633 Built from https://develop.svn.wordpress.org/trunk@34981 git-svn-id: http://core.svn.wordpress.org/trunk@34946 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-09 06:28:24 +02:00			`<?php`
			`/**`
			`* Random_* Compatibility Library`
			`* for using the new PHP 7 random_* API in PHP 5 projects`
			`*`
			`* The MIT License (MIT)`
			`*`
			`* Copyright (c) 2015 Paragon Initiative Enterprises`
			`*`
			`* Permission is hereby granted, free of charge, to any person obtaining a copy`
			`* of this software and associated documentation files (the "Software"), to deal`
			`* in the Software without restriction, including without limitation the rights`
			`* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`
			`* copies of the Software, and to permit persons to whom the Software is`
			`* furnished to do so, subject to the following conditions:`
			`*`
			`* The above copyright notice and this permission notice shall be included in`
			`* all copies or substantial portions of the Software.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,`
			`* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`* SOFTWARE.`
			`*/`


			`/**`
			`* Powered by ext/mcrypt (and thankfully NOT libmcrypt)`
			`*`
			`* @ref https://bugs.php.net/bug.php?id=55169`
			`* @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386`
			`*`
			`* @param int $bytes`
			`*`
			`* @throws Exception`
			`*`
			`* @return string`
			`*/`
			`function random_bytes($bytes)`
			`{`
			`if (!is_int($bytes)) {`
			`throw new TypeError(`
			`'Length must be an integer'`
			`);`
			`}`
			`if ($bytes < 1) {`
			`throw new Error(`
			`'Length must be greater than 0'`
			`);`
			`}`

			`$buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);`
			`if ($buf !== false) {`
			`if (RandomCompat_strlen($buf) === $bytes) {`
			`/**`
			`* Return our random entropy buffer here:`
			`*/`
			`return $buf;`
			`}`
			`}`
			`/**`
			`* If we reach here, PHP has failed us.`
			`*/`
			`throw new Exception(`
			`'PHP failed to generate random data.'`
			`);`
			`}`