Online PHP editor | refs for i0k74

<?php if (!function_exists('random_bytes')) { /** * PHP 5.2.0 - 5.6.x way to implement random_bytes() * * In order of preference: * 1. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV) * 2. fread() /dev/arandom if available * 3. fread() /dev/urandom if available * 4. COM('CAPICOM.Utilities.1')->GetRandom() * 5. openssl_random_pseudo_bytes() */ if (function_exists('mcrypt_create_iv') && version_compare(PHP_VERSION, '5.3.7') >= 0) { /** * Powered by ext/mcrypt * * @param int $bytes * @return string */ function random_bytes($bytes) { if (!is_int($bytes)) { throw new Exception( 'Length must be an integer' ); } if ($bytes < 1) { throw new Exception( 'Length must be greater than 0' ); } // See PHP bug #55169 for why 5.3.7 is required $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); if ($buf !== false) { if (RandomCompat_strlen($buf) === $bytes) { return $buf; } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (!ini_get('open_basedir') && (is_readable('/dev/arandom') || is_readable('/dev/urandom'))) { /** * Use /dev/arandom or /dev/urandom for random numbers * * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers * * @param int $bytes * @return string */ function random_bytes($bytes) { static $fp = null; if ($fp === null) { if (is_readable('/dev/arandom')) { $fp = fopen('/dev/arandom', 'rb'); } else { $fp = fopen('/dev/urandom', 'rb'); } } if ($fp !== false) { $streamset = stream_set_read_buffer($fp, 0); if ($streamset === 0) { $remaining = $bytes; $buf = ''; do { $read = fread($fp, $remaining); if ($read === false) { // We cannot safely read from urandom. $buf = false; break; } // Decrease the number of bytes returned from remaining $remaining -= RandomCompat_strlen($read); $buf .= $read; } while ($remaining > 0); if ($buf !== false) { if (RandomCompat_strlen($buf) === $bytes) { /** * Return our random entropy buffer here: */ return $buf; } } } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (extension_loaded('com_dotnet')) { /** * Windows with PHP < 5.3.0 will not have the function * openssl_random_pseudo_bytes() available, so let's use * CAPICOM to work around this deficiency. * * @param int $bytes * @return string */ function random_bytes($bytes) { $buf = ''; $util = new COM('CAPICOM.Utilities.1'); $execCount = 0; /** * Let's not let it loop forever. If we run N times and fail to * get N bytes of random data, then CAPICOM has failed us. */ do { $buf .= base64_decode($util->GetRandom($bytes, 0)); if (RandomCompat_strlen($buf) >= $bytes) { return RandomCompat_substr($buf, 0, $bytes); } ++$execCount; } while ($execCount < $bytes); /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (function_exists('openssl_random_pseudo_bytes')) { /** * Since openssl_random_pseudo_bytes() uses openssl's * RAND_pseudo_bytes() API, which has been marked as deprecated by the * OpenSSL team, this is our last resort before failure. * * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html * * @param int $bytes * @return string */ function random_bytes($bytes) { $secure = true; $buf = openssl_random_pseudo_bytes($bytes, $secure); if ($buf !== false && $secure) { if (RandomCompat_strlen($buf) === $bytes) { return $buf; } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } else { /** * We don't have any more options, so let's throw an exception right now */ throw new Exception( 'There is no suitable CSPRNG installed on your system' ); } } var_dump( implode('-', [ bin2hex(random_bytes(4)), bin2hex(random_bytes(2)), bin2hex((random_bytes(1) & 0x0F) | 0x40) . bin2hex(random_bytes(1)), bin2hex((random_bytes(1) & 0x3F) | 0x80) . bin2hex(random_bytes(1)), bin2hex(random_bytes(12)) ]) );