Chris@0: <?php
Chris@0: /**
Chris@17:  * Random_* Compatibility Library
Chris@0:  * for using the new PHP 7 random_* API in PHP 5 projects
Chris@17:  *
Chris@0:  * The MIT License (MIT)
Chris@0:  *
Chris@16:  * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
Chris@17:  *
Chris@0:  * Permission is hereby granted, free of charge, to any person obtaining a copy
Chris@0:  * of this software and associated documentation files (the "Software"), to deal
Chris@0:  * in the Software without restriction, including without limitation the rights
Chris@0:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Chris@0:  * copies of the Software, and to permit persons to whom the Software is
Chris@0:  * furnished to do so, subject to the following conditions:
Chris@17:  *
Chris@0:  * The above copyright notice and this permission notice shall be included in
Chris@0:  * all copies or substantial portions of the Software.
Chris@17:  *
Chris@0:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
Chris@0:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
Chris@0:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
Chris@0:  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
Chris@0:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
Chris@0:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
Chris@0:  * SOFTWARE.
Chris@0:  */
Chris@0: 
Chris@0: if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
Chris@0:     define('RANDOM_COMPAT_READ_BUFFER', 8);
Chris@0: }
Chris@0: 
Chris@0: if (!is_callable('random_bytes')) {
Chris@0:     /**
Chris@0:      * Unless open_basedir is enabled, use /dev/urandom for
Chris@0:      * random numbers in accordance with best practices
Chris@0:      *
Chris@0:      * Why we use /dev/urandom and not /dev/random
Chris@17:      * @ref https://www.2uo.de/myths-about-urandom
Chris@0:      * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
Chris@0:      *
Chris@0:      * @param int $bytes
Chris@0:      *
Chris@0:      * @throws Exception
Chris@0:      *
Chris@0:      * @return string
Chris@0:      */
Chris@0:     function random_bytes($bytes)
Chris@0:     {
Chris@16:         /** @var resource $fp */
Chris@0:         static $fp = null;
Chris@16: 
Chris@0:         /**
Chris@0:          * This block should only be run once
Chris@0:          */
Chris@0:         if (empty($fp)) {
Chris@0:             /**
Chris@17:              * We don't want to ever read C:\dev\random, only /dev/urandom on
Chris@17:              * Unix-like operating systems. While we guard against this
Chris@17:              * condition in random.php, it doesn't hurt to be defensive in depth
Chris@17:              * here.
Chris@17:              *
Chris@17:              * To that end, we only try to open /dev/urandom if we're on a Unix-
Chris@17:              * like operating system (which means the directory separator is set
Chris@17:              * to "/" not "\".
Chris@0:              */
Chris@17:             if (DIRECTORY_SEPARATOR === '/') {
Chris@17:                 if (!is_readable('/dev/urandom')) {
Chris@17:                     throw new Exception(
Chris@17:                         'Environment misconfiguration: ' .
Chris@17:                         '/dev/urandom cannot be read.'
Chris@17:                     );
Chris@17:                 }
Chris@17:                 /**
Chris@17:                  * We use /dev/urandom if it is a char device.
Chris@17:                  * We never fall back to /dev/random
Chris@17:                  */
Chris@17:                 /** @var resource|bool $fp */
Chris@17:                 $fp = fopen('/dev/urandom', 'rb');
Chris@17:                 if (is_resource($fp)) {
Chris@17:                     /** @var array<string, int> $st */
Chris@17:                     $st = fstat($fp);
Chris@17:                     if (($st['mode'] & 0170000) !== 020000) {
Chris@17:                         fclose($fp);
Chris@17:                         $fp = false;
Chris@17:                     }
Chris@0:                 }
Chris@0:             }
Chris@0: 
Chris@16:             if (is_resource($fp)) {
Chris@0:                 /**
Chris@0:                  * stream_set_read_buffer() does not exist in HHVM
Chris@0:                  *
Chris@0:                  * If we don't set the stream's read buffer to 0, PHP will
Chris@0:                  * internally buffer 8192 bytes, which can waste entropy
Chris@0:                  *
Chris@0:                  * stream_set_read_buffer returns 0 on success
Chris@0:                  */
Chris@0:                 if (is_callable('stream_set_read_buffer')) {
Chris@0:                     stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
Chris@0:                 }
Chris@0:                 if (is_callable('stream_set_chunk_size')) {
Chris@0:                     stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
Chris@0:                 }
Chris@0:             }
Chris@0:         }
Chris@0: 
Chris@0:         try {
Chris@16:             /** @var int $bytes */
Chris@0:             $bytes = RandomCompat_intval($bytes);
Chris@0:         } catch (TypeError $ex) {
Chris@0:             throw new TypeError(
Chris@0:                 'random_bytes(): $bytes must be an integer'
Chris@0:             );
Chris@0:         }
Chris@0: 
Chris@0:         if ($bytes < 1) {
Chris@0:             throw new Error(
Chris@0:                 'Length must be greater than 0'
Chris@0:             );
Chris@0:         }
Chris@0: 
Chris@0:         /**
Chris@0:          * This if() block only runs if we managed to open a file handle
Chris@0:          *
Chris@0:          * It does not belong in an else {} block, because the above
Chris@0:          * if (empty($fp)) line is logic that should only be run once per
Chris@0:          * page load.
Chris@0:          */
Chris@16:         if (is_resource($fp)) {
Chris@0:             /**
Chris@0:              * @var int
Chris@0:              */
Chris@0:             $remaining = $bytes;
Chris@0: 
Chris@0:             /**
Chris@0:              * @var string|bool
Chris@0:              */
Chris@0:             $buf = '';
Chris@0: 
Chris@0:             /**
Chris@0:              * We use fread() in a loop to protect against partial reads
Chris@0:              */
Chris@0:             do {
Chris@0:                 /**
Chris@0:                  * @var string|bool
Chris@0:                  */
Chris@0:                 $read = fread($fp, $remaining);
Chris@0:                 if (!is_string($read)) {
Chris@17:                     /**
Chris@17:                      * We cannot safely read from the file. Exit the
Chris@17:                      * do-while loop and trigger the exception condition
Chris@17:                      *
Chris@17:                      * @var string|bool
Chris@17:                      */
Chris@17:                     $buf = false;
Chris@17:                     break;
Chris@0:                 }
Chris@0:                 /**
Chris@0:                  * Decrease the number of bytes returned from remaining
Chris@0:                  */
Chris@0:                 $remaining -= RandomCompat_strlen($read);
Chris@0:                 /**
Chris@17:                  * @var string $buf
Chris@0:                  */
Chris@17:                 $buf .= $read;
Chris@0:             } while ($remaining > 0);
Chris@0: 
Chris@0:             /**
Chris@0:              * Is our result valid?
Chris@17:              * @var string|bool $buf
Chris@0:              */
Chris@0:             if (is_string($buf)) {
Chris@0:                 if (RandomCompat_strlen($buf) === $bytes) {
Chris@0:                     /**
Chris@0:                      * Return our random entropy buffer here:
Chris@0:                      */
Chris@0:                     return $buf;
Chris@0:                 }
Chris@0:             }
Chris@0:         }
Chris@0: 
Chris@0:         /**
Chris@0:          * If we reach here, PHP has failed us.
Chris@0:          */
Chris@0:         throw new Exception(
Chris@0:             'Error reading from source device'
Chris@0:         );
Chris@0:     }
Chris@0: }