1 <?php

     2 /**

     3  * Random_* Compatibility Library 

     4  * for using the new PHP 7 random_* API in PHP 5 projects

     5  * 

     6  * The MIT License (MIT)

     7  * 

     8  * Copyright (c) 2015 Paragon Initiative Enterprises

     9  * 

    10  * Permission is hereby granted, free of charge, to any person obtaining a copy

    11  * of this software and associated documentation files (the "Software"), to deal

    12  * in the Software without restriction, including without limitation the rights

    13  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

    14  * copies of the Software, and to permit persons to whom the Software is

    15  * furnished to do so, subject to the following conditions:

    16  * 

    17  * The above copyright notice and this permission notice shall be included in

    18  * all copies or substantial portions of the Software.

    19  * 

    20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

    21  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

    22  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

    23  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

    24  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

    25  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

    26  * SOFTWARE.

    27  */

    28 

    29 if ( ! is_callable( 'random_bytes' ) ):

    30 /**

    31  * Since openssl_random_pseudo_bytes() uses openssl's 

    32  * RAND_pseudo_bytes() API, which has been marked as deprecated by the

    33  * OpenSSL team, this is our last resort before failure.

    34  * 

    35  * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html

    36  * 

    37  * @param int $bytes

    38  * 

    39  * @throws Exception

    40  * 

    41  * @return string

    42  */

    43 function random_bytes($bytes)

    44 {

    45     try {

    46         $bytes = RandomCompat_intval($bytes);

    47     } catch (TypeError $ex) {

    48         throw new TypeError(

    49             'random_bytes(): $bytes must be an integer'

    50         );

    51     }

    52 

    53     if ($bytes < 1) {

    54         throw new Error(

    55             'Length must be greater than 0'

    56         );

    57     }

    58 

    59     /**

    60      * $secure is passed by reference. If it's set to false, fail. Note

    61      * that this will only return false if this function fails to return

    62      * any data.

    63      * 

    64      * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973

    65      */

    66     $secure = true;

    67     $buf = openssl_random_pseudo_bytes($bytes, $secure);

    68     if (

    69         $buf !== false

    70         &&

    71         $secure

    72         &&

    73         RandomCompat_strlen($buf) === $bytes

    74     ) {

    75         return $buf;

    76     }

    77 

    78     /**

    79      * If we reach here, PHP has failed us.

    80      */

    81     throw new Exception(

    82         'Could not gather sufficient random data'

    83     );

    84 }

    85 endif;