Merge pull request #12780 from laravel/revert-12764-5.0-rand
Revert "[5.0] Ensure openssl's vulnerable random generation is not used"
This commit is contained in:
commit
262b813fc8
|
@ -28,7 +28,6 @@
|
|||
"monolog/monolog": "~1.11",
|
||||
"mtdowling/cron-expression": "~1.0",
|
||||
"nesbot/carbon": "~1.0",
|
||||
"paragonie/random_compat": "~1.3",
|
||||
"psy/psysh": "0.4.*",
|
||||
"swiftmailer/swiftmailer": "~5.1",
|
||||
"symfony/console": "2.6.*",
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
<?php namespace Illuminate\Encryption;
|
||||
|
||||
use Exception;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Symfony\Component\Security\Core\Util\StringUtils;
|
||||
use Symfony\Component\Security\Core\Util\SecureRandom;
|
||||
use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract;
|
||||
|
||||
class Encrypter implements EncrypterContract {
|
||||
|
@ -160,7 +160,7 @@ class Encrypter implements EncrypterContract {
|
|||
*/
|
||||
protected function validMac(array $payload)
|
||||
{
|
||||
$bytes = Str::randomBytes(16);
|
||||
$bytes = (new SecureRandom)->nextBytes(16);
|
||||
|
||||
$calcMac = hash_hmac('sha256', $this->hash($payload['iv'], $payload['value']), $bytes, true);
|
||||
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
"ext-openssl": "*",
|
||||
"illuminate/contracts": "5.0.*",
|
||||
"illuminate/support": "5.0.*",
|
||||
"paragonie/random_compat": "~1.3",
|
||||
"symfony/security-core": "2.6.*"
|
||||
},
|
||||
"autoload": {
|
||||
|
|
|
@ -187,6 +187,8 @@ return array_map('realpath', array(
|
|||
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/ResponseHeaderBag.php',
|
||||
$basePath.'/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/Cookie.php',
|
||||
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/StringUtils.php',
|
||||
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/SecureRandomInterface.php',
|
||||
$basePath.'/vendor/symfony/security-core/Symfony/Component/Security/Core/Util/SecureRandom.php',
|
||||
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/SplFileInfo.php',
|
||||
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/Expression/Regex.php',
|
||||
$basePath.'/vendor/symfony/finder/Symfony/Component/Finder/Expression/ValueInterface.php',
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<?php namespace Illuminate\Support;
|
||||
|
||||
use RuntimeException;
|
||||
use Stringy\StaticStringy;
|
||||
use Illuminate\Support\Traits\Macroable;
|
||||
|
||||
|
@ -207,6 +208,8 @@ class Str {
|
|||
*
|
||||
* @param int $length
|
||||
* @return string
|
||||
*
|
||||
* @throws \RuntimeException
|
||||
*/
|
||||
public static function random($length = 16)
|
||||
{
|
||||
|
@ -227,10 +230,29 @@ class Str {
|
|||
*
|
||||
* @param int $length
|
||||
* @return string
|
||||
*
|
||||
* @throws \RuntimeException
|
||||
*/
|
||||
public static function randomBytes($length = 16)
|
||||
{
|
||||
return random_bytes($length);
|
||||
if (function_exists('random_bytes'))
|
||||
{
|
||||
$bytes = random_bytes($length);
|
||||
}
|
||||
elseif (function_exists('openssl_random_pseudo_bytes'))
|
||||
{
|
||||
$bytes = openssl_random_pseudo_bytes($length, $strong);
|
||||
if ($bytes === false || $strong === false)
|
||||
{
|
||||
throw new RuntimeException('Unable to generate random string.');
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new RuntimeException('OpenSSL extension is required for PHP 5 users.');
|
||||
}
|
||||
|
||||
return $bytes;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -18,8 +18,7 @@
|
|||
"ext-mbstring": "*",
|
||||
"illuminate/contracts": "5.0.*",
|
||||
"doctrine/inflector": "~1.0",
|
||||
"danielstjules/stringy": "~1.8",
|
||||
"paragonie/random_compat": "~1.3"
|
||||
"danielstjules/stringy": "~1.8"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
|
|
Loading…
Reference in New Issue