diff options
| author | Reedy <reedy@wikimedia.org> | 2018-04-18 11:59:13 +0000 |
|---|---|---|
| committer | Krinkle <krinklemail@gmail.com> | 2018-04-18 19:35:01 +0000 |
| commit | 514522b6c0594571bb810a07611c8ca08736734a (patch) | |
| tree | 066de33914d690bcb5f1beac25e1775573537256 | |
| parent | 40826fca35eef4c40506f4a076cb8c92712070a5 (diff) | |
| download | mediawikicore-514522b6c0594571bb810a07611c8ca08736734a.tar.gz mediawikicore-514522b6c0594571bb810a07611c8ca08736734a.zip | |
Reduce some nesting in CryptRand.php
Change-Id: Ic0b7307d66f877a5b1df974f34846857084dc23a
(cherry picked from commit 21551d2d15f2262695ad9d56d38ae0af7d942ad9)
| -rw-r--r-- | includes/libs/CryptRand.php | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/includes/libs/CryptRand.php b/includes/libs/CryptRand.php index 474c564aeb24..f7702dd3ac54 100644 --- a/includes/libs/CryptRand.php +++ b/includes/libs/CryptRand.php @@ -259,43 +259,40 @@ class CryptRand { } } - if ( strlen( $buffer ) < $bytes ) { + if ( strlen( $buffer ) < $bytes && function_exists( 'mcrypt_create_iv' ) ) { // If available make use of mcrypt_create_iv URANDOM source to generate randomness // On unix-like systems this reads from /dev/urandom but does it without any buffering // and bypasses openbasedir restrictions, so it's preferable to reading directly // On Windows starting in PHP 5.3.0 Windows' native CryptGenRandom is used to generate // entropy so this is also preferable to just trying to read urandom because it may work // on Windows systems as well. - if ( function_exists( 'mcrypt_create_iv' ) ) { - $rem = $bytes - strlen( $buffer ); - $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); - if ( $iv === false ) { - $this->logger->debug( "mcrypt_create_iv returned false." ); - } else { - $buffer .= $iv; - $this->logger->debug( "mcrypt_create_iv generated " . strlen( $iv ) . - " bytes of randomness." ); - } + $rem = $bytes - strlen( $buffer ); + $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); + if ( $iv === false ) { + $this->logger->debug( "mcrypt_create_iv returned false." ); + } else { + $buffer .= $iv; + $this->logger->debug( "mcrypt_create_iv generated " . strlen( $iv ) . + " bytes of randomness." ); } } - if ( strlen( $buffer ) < $bytes ) { - if ( function_exists( 'openssl_random_pseudo_bytes' ) ) { - $rem = $bytes - strlen( $buffer ); - $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong ); - if ( $openssl_bytes === false ) { - $this->logger->debug( "openssl_random_pseudo_bytes returned false." ); - } else { - $buffer .= $openssl_bytes; - $this->logger->debug( "openssl_random_pseudo_bytes generated " . - strlen( $openssl_bytes ) . " bytes of " . - ( $openssl_strong ? "strong" : "weak" ) . " randomness." ); - } - if ( strlen( $buffer ) >= $bytes ) { - // openssl tells us if the random source was strong, if some of our data was generated - // using it use it's say on whether the randomness is strong - $this->strong = !!$openssl_strong; - } + if ( strlen( $buffer ) < $bytes && function_exists( 'openssl_random_pseudo_bytes' ) ) { + $rem = $bytes - strlen( $buffer ); + $openssl_strong = false; + $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong ); + if ( $openssl_bytes === false ) { + $this->logger->debug( "openssl_random_pseudo_bytes returned false." ); + } else { + $buffer .= $openssl_bytes; + $this->logger->debug( "openssl_random_pseudo_bytes generated " . + strlen( $openssl_bytes ) . " bytes of " . + ( $openssl_strong ? "strong" : "weak" ) . " randomness." ); + } + if ( strlen( $buffer ) >= $bytes ) { + // openssl tells us if the random source was strong, if some of our data was generated + // using it use it's say on whether the randomness is strong + $this->strong = !!$openssl_strong; } } |