Skip to content

Added OpensslRandPseudo random source. #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added OpensslRandPseudo random source. #25

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b7acc91
Added OpensslRandPseudo random source.
derekmarcotte Oct 19, 2017
a0c2ebd
Fix file naming, added check for openssl_ existing.
derekmarcotte Oct 19, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions lib/PasswordLib/Random/Source/OpensslRandomPseudo.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
<?php
/**
* The OpensslRandomPseudo Random Number Source
*
* This uses openssl_random_pseudo_bytes. This is suggested for use only with
* with php5-openssl compiled against LibreSSL:
*
* OpenSSL copying RNG state on fork:
* https://github.com/ramsey/uuid/issues/80#issuecomment-188286637
* Fixed in LibreSSL:
* http://opensslrampage.org/post/91910269738/fix-for-the-libressl-prng-issue-under-linux
*
* Additionally, CVE-2015-8867 was fixed only in versions 5.6.12, 5.5.28,
* 5.4.44 and above:
*
* https://bugs.php.net/bug.php?id=70014
* http://www.php.net/ChangeLog-5.php
*
* CVE-2015-8867 does not affect versions compiled against LibreSSL.
*
* PHP version 5.3
*
* @category PHPPasswordLib
* @package Random
* @subpackage Source
* @author Derek Marcotte <554b8425@razorfever.net>
* @copyright 2011 The Authors
* @license http://www.opensource.org/licenses/mit-license.html MIT License
* @version Build @@version@@
*/

namespace PasswordLib\Random\Source;

use PasswordLib\Core\Strength;

/**
* The OpensslRandomPseudo Random Number Source
*
* This uses openssl_random_pseudo_bytes. This is suggested for use only with
* with php5-openssl compiled against LibreSSL:
*
* OpenSSL copying RNG state on fork:
* https://github.com/ramsey/uuid/issues/80#issuecomment-188286637
* Fixed in LibreSSL:
* http://opensslrampage.org/post/91910269738/fix-for-the-libressl-prng-issue-under-linux
*
* Additionally, CVE-2015-8867 was fixed only in versions 5.6.12, 5.5.28,
* 5.4.44 and above:
*
* https://bugs.php.net/bug.php?id=70014
* http://www.php.net/ChangeLog-5.php
*
* CVE-2015-8867 does not affect versions compiled against LibreSSL.
*
* @category PHPPasswordLib
* @package Random
* @subpackage Source
* @author Derek Marcotte <554b8425@razorfever.net>
* @codeCoverageIgnore
*/
class OpensslRandomPseudo implements \PasswordLib\Random\Source {

/**
* Return an instance of Strength indicating the strength of the source
*
* @return Strength An instance of one of the strength classes
*/
public static function getStrength() {
if (!defined('OPENSSL_VERSION_TEXT')) {
return new Strength(Strength::VERYLOW);
}
if (!preg_match('/^LibreSSL/i', OPENSSL_VERSION_TEXT)) {
return new Strength(Strength::LOW);
}
return new Strength(Strength::MEDIUM);
}

/**
* Generate a random string of the specified size
*
* @param int $size The size of the requested random string
*
* @return string A string of the requested size
*/
public function generate($size) {
if (!defined('OPENSSL_VERSION_TEXT')) {
return str_repeat(chr(0), $size);
}
return openssl_random_pseudo_bytes($size);
}

}