* Removed the $method parameters from MWCryptRand. Apparently Dantman didn't know about our awesome debug traceback functions like wfGetAllCallers(). The weird optional-middle-parameter calling convention thankfully disappears as a consequence.
* Reduced the amount of debug log noise slightly, removing a few redundant messages.
This commit is contained in:
Tim Starling
parent
64e9ccb8d3
commit
4b8e45d604
4 changed files with 17 additions and 30 deletions
|
|
@ -256,17 +256,10 @@ class MWCryptRand {
|
|||
/**
|
||||
* @see self::generate()
|
||||
*/
|
||||
public function realGenerate( $bytes, $forceStrong = false, $method = null ) {
|
||||
public function realGenerate( $bytes, $forceStrong = false ) {
|
||||
wfProfileIn( __METHOD__ );
|
||||
if ( is_string( $forceStrong ) && is_null( $method ) ) {
|
||||
// If $forceStrong is a string then it's really $method
|
||||
$method = $forceStrong;
|
||||
$forceStrong = false;
|
||||
}
|
||||
|
||||
if ( !is_null( $method ) ) {
|
||||
wfDebug( __METHOD__ . ": Generating cryptographic random bytes for $method\n" );
|
||||
}
|
||||
wfDebug( __METHOD__ . ": Generating cryptographic random bytes for " . wfGetAllCallers( 5 ) . "\n" );
|
||||
|
||||
$bytes = floor( $bytes );
|
||||
static $buffer = '';
|
||||
|
|
@ -285,7 +278,6 @@ class MWCryptRand {
|
|||
if ( function_exists( 'mcrypt_create_iv' ) ) {
|
||||
wfProfileIn( __METHOD__ . '-mcrypt' );
|
||||
$rem = $bytes - strlen( $buffer );
|
||||
wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using mcrypt_create_iv.\n" );
|
||||
$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
|
||||
if ( $iv === false ) {
|
||||
wfDebug( __METHOD__ . ": mcrypt_create_iv returned false.\n" );
|
||||
|
|
@ -306,7 +298,6 @@ class MWCryptRand {
|
|||
) {
|
||||
wfProfileIn( __METHOD__ . '-openssl' );
|
||||
$rem = $bytes - strlen( $buffer );
|
||||
wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using openssl_random_pseudo_bytes.\n" );
|
||||
$openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
|
||||
if ( $openssl_bytes === false ) {
|
||||
wfDebug( __METHOD__ . ": openssl_random_pseudo_bytes returned false.\n" );
|
||||
|
|
@ -327,7 +318,6 @@ class MWCryptRand {
|
|||
if ( strlen( $buffer ) < $bytes && ( function_exists( 'stream_set_read_buffer' ) || $forceStrong ) ) {
|
||||
wfProfileIn( __METHOD__ . '-fopen-urandom' );
|
||||
$rem = $bytes - strlen( $buffer );
|
||||
wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using /dev/urandom.\n" );
|
||||
if ( !function_exists( 'stream_set_read_buffer' ) && $forceStrong ) {
|
||||
wfDebug( __METHOD__ . ": Was forced to read from /dev/urandom without control over the buffer size.\n" );
|
||||
}
|
||||
|
|
@ -351,7 +341,6 @@ class MWCryptRand {
|
|||
stream_set_read_buffer( $urandom, $rem );
|
||||
$chunk_size = $rem;
|
||||
}
|
||||
wfDebug( __METHOD__ . ": Reading from /dev/urandom with a buffer size of $chunk_size.\n" );
|
||||
$random_bytes = fread( $urandom, max( $chunk_size, $rem ) );
|
||||
$buffer .= $random_bytes;
|
||||
fclose( $urandom );
|
||||
|
|
@ -399,13 +388,13 @@ class MWCryptRand {
|
|||
/**
|
||||
* @see self::generateHex()
|
||||
*/
|
||||
public function realGenerateHex( $chars, $forceStrong = false, $method = null ) {
|
||||
public function realGenerateHex( $chars, $forceStrong = false ) {
|
||||
// hex strings are 2x the length of raw binary so we divide the length in half
|
||||
// odd numbers will result in a .5 that leads the generate() being 1 character
|
||||
// short, so we use ceil() to ensure that we always have enough bytes
|
||||
$bytes = ceil( $chars / 2 );
|
||||
// Generate the data and then convert it to a hex string
|
||||
$hex = bin2hex( $this->generate( $bytes, $forceStrong, $method ) );
|
||||
$hex = bin2hex( $this->generate( $bytes, $forceStrong ) );
|
||||
// A bit of paranoia here, the caller asked for a specific length of string
|
||||
// here, and it's possible (eg when given an odd number) that we may actually
|
||||
// have at least 1 char more than they asked for. Just in case they made this
|
||||
|
|
@ -449,11 +438,10 @@ class MWCryptRand {
|
|||
* @param $forceStrong bool Pass true if you want generate to prefer cryptographically
|
||||
* strong sources of entropy even if reading from them may steal
|
||||
* more entropy from the system than optimal.
|
||||
* @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
|
||||
* @return String Raw binary random data
|
||||
*/
|
||||
public static function generate( $bytes, $forceStrong = false, $method = null ) {
|
||||
return self::singleton()->realGenerate( $bytes, $forceStrong, $method );
|
||||
public static function generate( $bytes, $forceStrong = false ) {
|
||||
return self::singleton()->realGenerate( $bytes, $forceStrong );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -466,11 +454,10 @@ class MWCryptRand {
|
|||
* @param $forceStrong bool Pass true if you want generate to prefer cryptographically
|
||||
* strong sources of entropy even if reading from them may steal
|
||||
* more entropy from the system than optimal.
|
||||
* @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
|
||||
* @return String Hexadecimal random data
|
||||
*/
|
||||
public static function generateHex( $chars, $forceStrong = false, $method = null ) {
|
||||
return self::singleton()->realGenerateHex( $chars, $forceStrong, $method );
|
||||
public static function generateHex( $chars, $forceStrong = false ) {
|
||||
return self::singleton()->realGenerateHex( $chars, $forceStrong );
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3363,7 +3363,7 @@ function wfFixSessionID() {
|
|||
// If built-in entropy is not enabled or not sufficient override php's built in session id generation code
|
||||
if ( !$entropyEnabled ) {
|
||||
wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, overriding session id generation using our cryptrand source.\n" );
|
||||
session_id( MWCryptRand::generateHex( 32, __METHOD__ ) );
|
||||
session_id( MWCryptRand::generateHex( 32 ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -847,7 +847,7 @@ class User {
|
|||
// Multiply by 1.25 to get the number of hex characters we need
|
||||
$length = $length * 1.25;
|
||||
// Generate random hex chars
|
||||
$hex = MWCryptRand::generateHex( $length, __METHOD__ );
|
||||
$hex = MWCryptRand::generateHex( $length );
|
||||
// Convert from base 16 to base 32 to get a proper password like string
|
||||
return wfBaseConvert( $hex, 16, 32 );
|
||||
}
|
||||
|
|
@ -2044,7 +2044,7 @@ class User {
|
|||
global $wgSecretKey, $wgProxyKey;
|
||||
$this->load();
|
||||
if ( !$token ) {
|
||||
$this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH, __METHOD__ );
|
||||
$this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
|
||||
} else {
|
||||
$this->mToken = $token;
|
||||
}
|
||||
|
|
@ -3179,7 +3179,7 @@ class User {
|
|||
} else {
|
||||
$token = $request->getSessionData( 'wsEditToken' );
|
||||
if ( $token === null ) {
|
||||
$token = MWCryptRand::generateHex( 32, __METHOD__ );
|
||||
$token = MWCryptRand::generateHex( 32 );
|
||||
$request->setSessionData( 'wsEditToken', $token );
|
||||
}
|
||||
if( is_array( $salt ) ) {
|
||||
|
|
@ -3197,7 +3197,7 @@ class User {
|
|||
* @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
|
||||
*/
|
||||
public static function generateToken( $salt = '' ) {
|
||||
return MWCryptRand::generateHex( 32, __METHOD__ );
|
||||
return MWCryptRand::generateHex( 32 );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -3304,7 +3304,7 @@ class User {
|
|||
$now = time();
|
||||
$expires = $now + $wgUserEmailConfirmationTokenExpiry;
|
||||
$this->load();
|
||||
$token = MWCryptRand::generateHex( 32, __METHOD__ );
|
||||
$token = MWCryptRand::generateHex( 32 );
|
||||
$hash = md5( $token );
|
||||
$this->mEmailToken = $hash;
|
||||
$this->mEmailTokenExpires = wfTimestamp( TS_MW, $expires );
|
||||
|
|
@ -3856,7 +3856,7 @@ class User {
|
|||
|
||||
if( $wgPasswordSalt ) {
|
||||
if ( $salt === false ) {
|
||||
$salt = MWCryptRand::generateHex( 8, __METHOD__ );
|
||||
$salt = MWCryptRand::generateHex( 8 );
|
||||
}
|
||||
return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -1152,7 +1152,7 @@ class LoginForm extends SpecialPage {
|
|||
global $wgRequest;
|
||||
// Generate a token directly instead of using $user->editToken()
|
||||
// because the latter reuses $_SESSION['wsEditToken']
|
||||
$wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32, __METHOD__ ) );
|
||||
$wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1177,7 +1177,7 @@ class LoginForm extends SpecialPage {
|
|||
*/
|
||||
public static function setCreateaccountToken() {
|
||||
global $wgRequest;
|
||||
$wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32, __METHOD__ ) );
|
||||
$wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32 ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in a new issue