8000 Merge pull request #12764 from GrahamForks/5.0-rand · laravel/framework@2193408 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2193408

Browse files
taylorotwelltaylorotwell
committed
Merge pull request #12764 from GrahamForks/5.0-rand
[5.0] Ensure openssl's vulnerable random generation is not used
2 parents 37151cf + b4ad9a2 commit 2193408

File tree

6 files changed

+7
-28
lines changed

6 files changed

+7
-28
lines changed

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
"monolog/monolog": "~1.11",
2929
"mtdowling/cron-expression": "~1.0",
3030
"nesbot/carbon": "~1.0",
31+
"paragonie/random_compat": "~1.3",
3132
"psy/psysh": "0.4.*",
3233
"swiftmailer/swiftmailer": "~5.1",
3334
"symfony/console": "2.6.*",

src/Illuminate/Encryption/Encrypter.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
<?php namespace Illuminate\Encryption;
22

33
use Exception;
4+
use Illuminate\Support\Str;
45
use Illuminate\Contracts\Encryption\DecryptException;
56
use Symfony\Component\Security\Core\Util\StringUtils;
6-
use Symfony\Component\Security\Core\Util\SecureRandom;
77
use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;
88

99
class Encrypter implements EncrypterContract {
@@ -160,7 +160,7 @@ protected function getJsonPayload($payload)
160160
*/
161161
protected function validMac(array $payload)
162162
{
163-
$bytes = (new SecureRandom)->nextBytes(16);
163+
$bytes = Str::randomBytes(16);
164164

165165
$calcMac = hash_hmac('sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true);
166166

src/Illuminate/Encryption/composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
"ext-openssl": "*",
1919
"illuminate/contracts": "5.0.*",
2020
"illuminate/support": "5.0.*",
21+
"paragonie/random_compat": "~1.3",
2122
"symfony/security-core": "2.6.*"
2223
},
2324
"autoload": {

src/Illuminate/Foundation/Console/Optimize/config.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -187,8 +187,6 @@
187187
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/ResponseHeaderBag.php',
188188
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/Cookie.php',
189189
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/StringUtils.php',
190-
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/SecureRandomInterface.php',
191-
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/SecureRandom.php',
192190
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/SplFileInfo.php',
193191
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/Expression/Regex.php',
194192
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/Expression/ValueInterface.php',

src/Illuminate/Support/Str.php

Lines changed: 1 addition & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
<?php namespace Illuminate\Support;
22

3-
use RuntimeException;
43
use Stringy\StaticStringy;
54
use Illuminate\Support\Traits\Macroable;
65

@@ -208,8 +207,6 @@ public static function plural($value, $count = 2)
208207
*
209208
* @param int $length
210209
* @return string
211-
*
212-
* @throws \RuntimeException
213210
*/
214211
public static function random($length = 16)
215212
{
@@ -230,29 +227,10 @@ public static function random($length = 16)
230227
*
231228
* @param int $length
232229
* @return string
233-
*
234-
* @throws \RuntimeException
235230
*/
236231
public static function randomBytes($length = 16)
237232
{
238-
if (function_exists('random_bytes'))
239-
{
240-
$bytes = random_bytes($length);
241-
}
242-
elseif (function_exists('openssl_random_pseudo_bytes'))
243-
{
244-
$bytes = openssl_random_pseudo_bytes($length, $strong);
245-
if ($bytes === false || $strong === false)
246-
{
247-
throw new RuntimeException('Unable to generate random string.');
248-
}
249-
}
250-
else
251-
{
252-
throw new RuntimeException('OpenSSL extension is required for PHP 5 users.');
253-
}
254-
255-
return $bytes;
233+
return random_bytes($length);
256234
}
257235

258236
/**

src/Illuminate/Support/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
"ext-mbstring": "*",
1919
"illuminate/contracts": "5.0.*",
2020
"doctrine/inflector": "~1.0",
21-
"danielstjules/stringy": "~1.8"
21+
"danielstjules/stringy": "~1.8",
22+
"paragonie/random_compat": "~1.3"
2223
},
2324
"autoload": {
2425
"psr-4": {

0 commit comments

Comments
 (0)
0