diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index f7718a100..7aaf4c19d 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -54,17 +54,7 @@ if (isset($conf['session_save_handler']) */ function generate_key($size) { - include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php'); - - try - { - $bytes = random_bytes($size+10); - } - catch (Exception $ex) - { - include_once(PHPWG_ROOT_PATH.'include/srand.php'); - $bytes = secure_random_bytes($size+10); - } + $bytes = random_bytes($size+10); return substr( str_replace( diff --git a/include/random_compat/byte_safe_strings.php b/include/random_compat/byte_safe_strings.php deleted file mode 100644 index dec5d3062..000000000 --- a/include/random_compat/byte_safe_strings.php +++ /dev/null @@ -1,181 +0,0 @@ - RandomCompat_strlen($binary_string)) { - return false; - } - - return mb_substr($binary_string, $start, $length, '8bit'); - } - - } else { - - /** - * substr() implementation that isn't brittle to mbstring.func_overload - * - * This version just uses the default substr() - * - * @param string $binary_string - * @param int $start - * @param int $length (optional) - * - * @throws TypeError - * - * @return string - */ - function RandomCompat_substr($binary_string, $start, $length = null) - { - if (!is_string($binary_string)) { - throw new TypeError( - 'RandomCompat_substr(): First argument should be a string' - ); - } - - if (!is_int($start)) { - throw new TypeError( - 'RandomCompat_substr(): Second argument should be an integer' - ); - } - - if ($length !== null) { - if (!is_int($length)) { - throw new TypeError( - 'RandomCompat_substr(): Third argument should be an integer, or omitted' - ); - } - - return substr($binary_string, $start, $length); - } - - return substr($binary_string, $start); - } - } -} diff --git a/include/random_compat/cast_to_int.php b/include/random_compat/cast_to_int.php deleted file mode 100644 index f441c5d98..000000000 --- a/include/random_compat/cast_to_int.php +++ /dev/null @@ -1,71 +0,0 @@ - operators might accidentally let a float - * through. - * - * @param int|float $number The number we want to convert to an int - * @param boolean $fail_open Set to true to not throw an exception - * - * @return int (or float if $fail_open) - * - * @throws TypeError - */ - function RandomCompat_intval($number, $fail_open = false) - { - if (is_numeric($number)) { - $number += 0; - } - - if ( - is_float($number) - && - $number > ~PHP_INT_MAX - && - $number < PHP_INT_MAX - ) { - $number = (int) $number; - } - - if (is_int($number) || $fail_open) { - return $number; - } - - throw new TypeError( - 'Expected an integer.' - ); - } -} diff --git a/include/random_compat/error_polyfill.php b/include/random_compat/error_polyfill.php deleted file mode 100644 index 57cfefdcd..000000000 --- a/include/random_compat/error_polyfill.php +++ /dev/null @@ -1,42 +0,0 @@ -GetRandom() - * 5. openssl_random_pseudo_bytes() (absolute last resort) - * - * See ERRATA.md for our reasoning behind this particular order - */ - if (extension_loaded('libsodium')) { - // See random_bytes_libsodium.php - if (PHP_VERSION_ID >= 50300 && function_exists('\\Sodium\\randombytes_buf')) { - require_once $RandomCompatDIR.'/random_bytes_libsodium.php'; - } elseif (method_exists('Sodium', 'randombytes_buf')) { - require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php'; - } - } - - /** - * Reading directly from /dev/urandom: - */ - if (DIRECTORY_SEPARATOR === '/') { - // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast - // way to exclude Windows. - $RandomCompatUrandom = true; - $RandomCompat_basedir = ini_get('open_basedir'); - - if (!empty($RandomCompat_basedir)) { - $RandomCompat_open_basedir = explode( - PATH_SEPARATOR, - strtolower($RandomCompat_basedir) - ); - $RandomCompatUrandom = (array() !== array_intersect( - array('/dev', '/dev/', '/dev/urandom'), - $RandomCompat_open_basedir - )); - $RandomCompat_open_basedir = null; - } - - if ( - !function_exists('random_bytes') - && - $RandomCompatUrandom - && - @is_readable('/dev/urandom') - ) { - // Error suppression on is_readable() in case of an open_basedir - // or safe_mode failure. All we care about is whether or not we - // can read it at this point. If the PHP environment is going to - // panic over trying to see if the file can be read in the first - // place, that is not helpful to us here. - - // See random_bytes_dev_urandom.php - require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php'; - } - // Unset variables after use - $RandomCompat_basedir = null; - } else { - $RandomCompatUrandom = false; - } - - /** - * mcrypt_create_iv() - */ - if ( - !function_exists('random_bytes') - && - PHP_VERSION_ID >= 50307 - && - extension_loaded('mcrypt') - && - (DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom) - ) { - // Prevent this code from hanging indefinitely on non-Windows; - // see https://bugs.php.net/bug.php?id=69833 - if ( - DIRECTORY_SEPARATOR !== '/' || - (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613) - ) { - // See random_bytes_mcrypt.php - require_once $RandomCompatDIR.'/random_bytes_mcrypt.php'; - } - } - $RandomCompatUrandom = null; - - if ( - !function_exists('random_bytes') - && - extension_loaded('com_dotnet') - && - class_exists('COM') - ) { - $RandomCompat_disabled_classes = preg_split( - '#\s*,\s*#', - strtolower(ini_get('disable_classes')) - ); - - if (!in_array('com', $RandomCompat_disabled_classes)) { - try { - $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); - if (method_exists($RandomCompatCOMtest, 'GetRandom')) { - // See random_bytes_com_dotnet.php - require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php'; - } - } catch (com_exception $e) { - // Don't try to use it. - } - } - $RandomCompat_disabled_classes = null; - $RandomCompatCOMtest = null; - } - - /** - * throw new Exception - */ - if (!function_exists('random_bytes')) { - /** - * We don't have any more options, so let's throw an exception right now - * and hope the developer won't let it fail silently. - */ - function random_bytes($length) - { - throw new Exception( - 'There is no suitable CSPRNG installed on your system' - ); - } - } - } - - if (!function_exists('random_int')) { - require_once $RandomCompatDIR.'/random_int.php'; - } - - $RandomCompatDIR = null; -} diff --git a/include/random_compat/random_bytes_com_dotnet.php b/include/random_compat/random_bytes_com_dotnet.php deleted file mode 100644 index 342282549..000000000 --- a/include/random_compat/random_bytes_com_dotnet.php +++ /dev/null @@ -1,81 +0,0 @@ -GetRandom($bytes, 0)); - if (RandomCompat_strlen($buf) >= $bytes) { - /** - * Return our random entropy buffer here: - */ - return RandomCompat_substr($buf, 0, $bytes); - } - ++$execCount; - } while ($execCount < $bytes); - - /** - * If we reach here, PHP has failed us. - */ - throw new Exception( - 'Could not gather sufficient random data' - ); -} diff --git a/include/random_compat/random_bytes_dev_urandom.php b/include/random_compat/random_bytes_dev_urandom.php deleted file mode 100644 index db93b0757..000000000 --- a/include/random_compat/random_bytes_dev_urandom.php +++ /dev/null @@ -1,148 +0,0 @@ - 0); - - /** - * Is our result valid? - */ - if ($buf !== false) { - if (RandomCompat_strlen($buf) === $bytes) { - /** - * Return our random entropy buffer here: - */ - return $buf; - } - } - } - - /** - * If we reach here, PHP has failed us. - */ - throw new Exception( - 'Error reading from source device' - ); -} diff --git a/include/random_compat/random_bytes_libsodium.php b/include/random_compat/random_bytes_libsodium.php deleted file mode 100644 index f802d4e12..000000000 --- a/include/random_compat/random_bytes_libsodium.php +++ /dev/null @@ -1,86 +0,0 @@ - 2147483647) { - $buf = ''; - for ($i = 0; $i < $bytes; $i += 1073741824) { - $n = ($bytes - $i) > 1073741824 - ? 1073741824 - : $bytes - $i; - $buf .= \Sodium\randombytes_buf($n); - } - } else { - $buf = \Sodium\randombytes_buf($bytes); - } - - if ($buf !== false) { - if (RandomCompat_strlen($buf) === $bytes) { - return $buf; - } - } - - /** - * If we reach here, PHP has failed us. - */ - throw new Exception( - 'Could not gather sufficient random data' - ); -} diff --git a/include/random_compat/random_bytes_libsodium_legacy.php b/include/random_compat/random_bytes_libsodium_legacy.php deleted file mode 100644 index 44fddbf6f..000000000 --- a/include/random_compat/random_bytes_libsodium_legacy.php +++ /dev/null @@ -1,86 +0,0 @@ - 2147483647) { - $buf = ''; - for ($i = 0; $i < $bytes; $i += 1073741824) { - $n = ($bytes - $i) > 1073741824 - ? 1073741824 - : $bytes - $i; - $buf .= Sodium::randombytes_buf($n); - } - } else { - $buf = Sodium::randombytes_buf($bytes); - } - - if ($buf !== false) { - if (RandomCompat_strlen($buf) === $bytes) { - return $buf; - } - } - - /** - * If we reach here, PHP has failed us. - */ - throw new Exception( - 'Could not gather sufficient random data' - ); -} diff --git a/include/random_compat/random_bytes_mcrypt.php b/include/random_compat/random_bytes_mcrypt.php deleted file mode 100644 index 7ac9d9105..000000000 --- a/include/random_compat/random_bytes_mcrypt.php +++ /dev/null @@ -1,76 +0,0 @@ - operators might accidentally let a float - * through. - */ - - try { - $min = RandomCompat_intval($min); - } catch (TypeError $ex) { - throw new TypeError( - 'random_int(): $min must be an integer' - ); - } - - try { - $max = RandomCompat_intval($max); - } catch (TypeError $ex) { - throw new TypeError( - 'random_int(): $max must be an integer' - ); - } - - /** - * Now that we've verified our weak typing system has given us an integer, - * let's validate the logic then we can move forward with generating random - * integers along a given range. - */ - if ($min > $max) { - throw new Error( - 'Minimum value must be less than or equal to the maximum value' - ); - } - - if ($max === $min) { - return $min; - } - - /** - * Initialize variables to 0 - * - * We want to store: - * $bytes => the number of random bytes we need - * $mask => an integer bitmask (for use with the &) operator - * so we can minimize the number of discards - */ - $attempts = $bits = $bytes = $mask = $valueShift = 0; - - /** - * At this point, $range is a positive number greater than 0. It might - * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to - * a float and we will lose some precision. - */ - $range = $max - $min; - - /** - * Test for integer overflow: - */ - if (!is_int($range)) { - - /** - * Still safely calculate wider ranges. - * Provided by @CodesInChaos, @oittaa - * - * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435 - * - * We use ~0 as a mask in this case because it generates all 1s - * - * @ref https://eval.in/400356 (32-bit) - * @ref http://3v4l.org/XX9r5 (64-bit) - */ - $bytes = PHP_INT_SIZE; - $mask = ~0; - - } else { - - /** - * $bits is effectively ceil(log($range, 2)) without dealing with - * type juggling - */ - while ($range > 0) { - if ($bits % 8 === 0) { - ++$bytes; - } - ++$bits; - $range >>= 1; - $mask = $mask << 1 | 1; - } - $valueShift = $min; - } - - /** - * Now that we have our parameters set up, let's begin generating - * random integers until one falls between $min and $max - */ - do { - /** - * The rejection probability is at most 0.5, so this corresponds - * to a failure probability of 2^-128 for a working RNG - */ - if ($attempts > 128) { - throw new Exception( - 'random_int: RNG is broken - too many rejections' - ); - } - - /** - * Let's grab the necessary number of random bytes - */ - $randomByteString = random_bytes($bytes); - if ($randomByteString === false) { - throw new Exception( - 'Random number generator failure' - ); - } - - /** - * Let's turn $randomByteString into an integer - * - * This uses bitwise operators (<< and |) to build an integer - * out of the values extracted from ord() - * - * Example: [9F] | [6D] | [32] | [0C] => - * 159 + 27904 + 3276800 + 201326592 => - * 204631455 - */ - $val = 0; - for ($i = 0; $i < $bytes; ++$i) { - $val |= ord($randomByteString[$i]) << ($i * 8); - } - - /** - * Apply mask - */ - $val &= $mask; - $val += $valueShift; - - ++$attempts; - /** - * If $val overflows to a floating point number, - * ... or is larger than $max, - * ... or smaller than $min, - * then try again. - */ - } while (!is_int($val) || $val > $max || $val < $min); - - return (int) $val; -} diff --git a/include/srand.php b/include/srand.php deleted file mode 100644 index b0d34ba6f..000000000 --- a/include/srand.php +++ /dev/null @@ -1,149 +0,0 @@ - - * - * Copyright (c) 2012, George Argyros - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * * Neither the name of the nor the - * names of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * - * - * The function is providing, at least at the systems tested :), - * $len bytes of entropy under any PHP installation or operating system. - * The execution time should be at most 10-20 ms in any system. - */ -function secure_random_bytes($len = 10) -{ - - /* - * Our primary choice for a cryptographic strong randomness function is - * openssl_random_pseudo_bytes. - */ - $SSLstr = '4'; // http://xkcd.com/221/ - if (function_exists('openssl_random_pseudo_bytes') && - (version_compare(PHP_VERSION, '5.3.4') >= 0 || - substr(PHP_OS, 0, 3) !== 'WIN')) - { - $SSLstr = openssl_random_pseudo_bytes($len, $strong); - if ($strong) { - return $SSLstr; - } - } - - /* - * If mcrypt extension is available then we use it to gather entropy from - * the operating system's PRNG. This is better than reading /dev/urandom - * directly since it avoids reading larger blocks of data than needed. - * Older versions of mcrypt_create_iv may be broken or take too much time - * to finish so we only use this function with PHP 5.3.7 and above. - * @see https://bugs.php.net/bug.php?id=55169 - */ - if (function_exists('mcrypt_create_iv') && - (version_compare(PHP_VERSION, '5.3.7') >= 0 || - substr(PHP_OS, 0, 3) !== 'WIN')) { - $str = mcrypt_create_iv($len, MCRYPT_DEV_URANDOM); - if ($str !== false) { - return $str; - } - } - - - /* - * No build-in crypto randomness function found. We collect any entropy - * available in the PHP core PRNGs along with some filesystem info and memory - * stats. To make this data cryptographically strong we add data either from - * /dev/urandom or if its unavailable, we gather entropy by measuring the - * time needed to compute a number of SHA-1 hashes. - */ - $str = ''; - $bits_per_round = 2; // bits of entropy collected in each clock drift round - $msec_per_round = 400; // expected running time of each round in microseconds - $hash_len = 20; // SHA-1 Hash length - $total = $len; // total bytes of entropy to collect - - $handle = @fopen('/dev/urandom', 'rb'); - if ($handle && function_exists('stream_set_read_buffer')) { - @stream_set_read_buffer($handle, 0); - } - - do - { - $bytes = ($total > $hash_len)? $hash_len : $total; - $total -= $bytes; - - //collect any entropy available from the PHP system and filesystem - $entropy = rand() . uniqid(mt_rand(), true) . $SSLstr; - $entropy .= implode('', @fstat(@fopen( __FILE__, 'r'))); - $entropy .= memory_get_usage() . getmypid(); - $entropy .= serialize($_ENV) . serialize($_SERVER); - if (function_exists('posix_times')) { - $entropy .= serialize(posix_times()); - } - if (function_exists('zend_thread_id')) { - $entropy .= zend_thread_id(); - } - if ($handle) { - $entropy .= @fread($handle, $bytes); - } else { - // Measure the time that the operations will take on average - for ($i = 0; $i < 3; $i++) - { - $c1 = microtime(true); - $var = sha1(mt_rand()); - for ($j = 0; $j < 50; $j++) { - $var = sha1($var); - } - $c2 = microtime(true); - $entropy .= $c1 . $c2; - } - - // Based on the above measurement determine the total rounds - // in order to bound the total running time. - $rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000)); - - // Take the additional measurements. On average we can expect - // at least $bits_per_round bits of entropy from each measurement. - $iter = $bytes * (int) (ceil(8 / $bits_per_round)); - for ($i = 0; $i < $iter; $i++) { - $c1 = microtime(); - $var = sha1(mt_rand()); - for ($j = 0; $j < $rounds; $j++) { - $var = sha1($var); - } - $c2 = microtime(); - $entropy .= $c1 . $c2; - } - - } - // We assume sha1 is a deterministic extractor for the $entropy variable. - $str .= sha1($entropy, true); - } while ($len > strlen($str)); - - if ($handle) { - @fclose($handle); - } - return substr($str, 0, $len); -}