BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-05 04:41:49 +00:00
parent 50f823697c
commit 531fa04d7d

View File

@ -11,12 +11,21 @@
class RandomGenerator {
/**
* Note: Returned values are not guaranteed to be crypto-safe,
* depending on the used retrieval method.
*
* @return string Returns a random series of bytes
*/
function generateEntropy() {
// mcrypt with urandom is only available on PHP 5.3 or newer
if(version_compare(PHP_VERSION, '5.3.0', '>=')) {
return mcrypt_create_iv(64, MCRYPT_DEV_URANDOM);
$isWin = preg_match('/WIN/', PHP_OS);
// TODO Fails with "Could not gather sufficient random data" on IIS, temporarily disabled on windows
if(!$isWin) {
// mcrypt with urandom is only available on PHP 5.3 or newer
if(version_compare(PHP_VERSION, '5.3.0', '>=') && function_exists('mcrypt_create_iv')) {
$e = mcrypt_create_iv(64, MCRYPT_DEV_URANDOM);
if($e !== false) return $e;
}
}
// Fall back to SSL methods - may slow down execution by a few ms
@ -27,7 +36,7 @@ class RandomGenerator {
}
// Read from the unix random number generator
if (is_readable('/dev/urandom') && ($h = fopen('/dev/urandom', 'rb'))) {
if(!$isWin && is_readable('/dev/urandom') && ($h = fopen('/dev/urandom', 'rb'))) {
$e = fread($h, 64);
fclose($h);
return $e;
@ -36,7 +45,7 @@ class RandomGenerator {
// Warning: Both methods below are considered weak
// try to read from the windows RNG
if (class_exists('COM')) {
if($isWin && class_exists('COM')) {
try {
$comObj = new COM('CAPICOM.Utilities.1');
$e = base64_decode($comObj->GetRandom(64, 0));