Ticket #28633: 28633.9.diff

src/wp-includes/pluggable.php

@@ -2005 +2005 @@
         for ( $i = 0; $i < $length; $i++ ) {
                 $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
         }
 
         /**
          * Filter the randomly-generated password.
          *
          * @since 3.0.0
          *
          * @param string $password The generated password.
          */
         return apply_filters( 'random_password', $password );
 }
 endif;
 
+/**
+ * Generate a cryptographically secure random string
+ * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
+ *
+ * @since x.x.x
+ * @internal
+ *
+ * @param int $bytes Number of random bytes.
+ * @return string|WP_Error A string of random charcters of $bytes length, WP_Error if external random sources unavailable
+ */
+function wp_external_random_bytes( $bytes = 32 ) {
+
+        // Uses system native Crypto API in most OS's
+        // Uses native Windows Crypto API in PHP 5.3+ (MCRYPT_DEV_URANDOM)
+        // Prior to 5.3.7 this may also fatal on Windows - https://bugs.php.net/bug.php?id=55169
+        $use_mcrypt = function_exists('mcrypt_create_iv');
+        $use_mcrypt = $use_mcrypt && ! ( 'WIN' == substr( PHP_OS, 0, 3 ) && version_compare( phpversion(), '5.3.7', '<') );
+        if ( $use_mcrypt ) {
+                $buf = mcrypt_create_iv( $bytes, MCRYPT_DEV_URANDOM );
+                if ( $buf !== false ) {
+                        return $buf;
+                }
+        }
+
+        // Use /dev/urandom if available
+        // Will cause issues with open_basedir denying access
+        if ( @is_readable( '/dev/urandom' ) ) {
+                $fp = @fopen( '/dev/urandom', 'rb' );
+
+                // Use unbuffered reads if available in PHP 5.3.3+ to avoid read-ahead buffering eating entropy
+                if ( $fp && function_exists( 'stream_set_read_buffer' ) ) {
+                        if ( false === stream_set_read_buffer( $fp, 0 ) ) {
+                                // We'll skip using /dev/urandom if we can't use an unbuffered file
+                                fclose( $fp );
+                                unset( $fp );
+                        }
+                }
+
+                if ( $fp ) {
+                        $buf = '';
+
+                        mbstring_binary_safe_encoding();
+
+                        // How many bytes do we need?
+                        $bytes_remaining = $bytes;
+                        do {
+                                $buf .= $read = fread( $fp, $bytes_remaining );
+                                if ( $read === false ) {
+                                        // We cannot safely read from /dev/urandom.
+                                        $buf = false;
+                                        break;
+                                }
+                                $bytes_remaining -= strlen( $read );
+                        } while( $bytes_remaining > 0 );
+
+                        reset_mbstring_encoding();
+
+                        fclose( $fp );
+
+                        if ( $buf ) {
+                                return $buf;
+                        }
+                }
+        }
+
+        // Available since PHP 5.3.0
+        // Uses native Windows Cyrpto API's in PHP 5.4+
+        // can be exceedingly slow before PHP 5.3.4 on windows - https://bugs.php.net/bug.php?id=51636
+        $use_openssl = function_exists('openssl_random_pseudo_bytes');
+        $use_openssl = $use_openssl && ! ( 'WIN' == substr( PHP_OS, 0, 3 ) && version_compare( phpversion(), '5.3.4', '<') );
+        if ( $use_openssl ) {
+                $buf = openssl_random_pseudo_bytes( $bytes );
+                if ( $buf !== false ) {
+                        return $buf;
+                }
+        }
+
+        return new WP_Error( 'external_rand_source_unavailable', 'External Random Sources unavailable' );
+}
+
+/**
+ * Generate a random positive integer between 0 and PHP_INT_MAX.
+ *
+ * @since x.x.x
+ * @internal
+ *
+ * @return int|WP_Error A random positive integer, WP_Error upon no external random sources being available
+ */
+function wp_external_random_positive_int() {
+        $buf = wp_external_random_bytes( PHP_INT_SIZE );
+        if ( is_wp_error( $buf ) ) {
+                return $buf;
+        }
+
+        $val = 0;
+        $i = strlen( $buf );
+
+        // TODO: Test on a 32bit machine with PHP_INT_SIZE = 4
+        do {
+                $i--;
+                $val <<= 8;
+                $val |= ord( $buf[ $i ] );
+        } while( $i != 0 );
+
+        // effectively absint()
+        return $val & PHP_INT_MAX;
+}
+
+/**
+ * Generates an unbiased, unpredictably random number.
+ *
+ * @since x.x.x
+ * @internal
+ *
+ * @param int $min Lower limit for the generated number.
+ * @param int $max Upper limit for the generated number.
+ * @return int|WP_Error A random number between min and max inclusively, WP_Error on external rand-source failure
+ */
+function wp_external_rand( $min = 0, $max = PHP_INT_MAX ) {
+        // Compat for `wp_rand()`
+        if ( 0 === $max ) {
+                $max = PHP_INT_MAX;
+        }
+        if ( $min == $max ) {
+                return $min;
+        }
+
+        // Calculate from 0..($max-$min), resulting in $min+$rand..$max
+        $max -= $min;
+
+        // 7776 -> 13
+        $bits = ceil( log( $max + 1 ) / log( 2 ) );
+
+        // 2^13 - 1 == 8191 or 0x00001111 11111111
+        // Calculate a mask of how much of the PHP int we're interested in
+        $mask = ceil( pow( 2, $bits ) ) - 1;
+
+        do {
+                $val = wp_external_random_positive_int();
+                if ( is_wp_error( $val ) ) {
+                        return $val;
+                }
+
+                // Apply the mask to our val
+                $val &= $mask;
+        } while ( $val > $max );
+
+        // $min..($min+$max)
+        return (int) ( $min + $val );
+}
+
+
 if ( !function_exists('wp_rand') ) :
 /**
  * Generates a random number
  *
  * @since 2.6.2
  *
  * @param int $min Lower limit for the generated number
  * @param int $max Upper limit for the generated number
  * @return int A random number between min and max
  */
 function wp_rand( $min = 0, $max = 0 ) {
         global $rnd_value;
 
+        // Use an external-
+        static $external_rand_source_available = true;
+        if ( $external_rand_source_available ) {
+                $val = wp_external_rand( $min, $max );
+                if ( ! is_wp_error( $val ) ) {
+                        return $val;
+                }
+                $external_rand_source_available = false;
+        }
+
         // Reset $rnd_value after 14 uses
         // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
         if ( strlen($rnd_value) < 8 ) {
                 if ( defined( 'WP_SETUP_CONFIG' ) )
                         static $seed = '';
                 else
                         $seed = get_transient('random_seed');
                 $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
                 $rnd_value .= sha1($rnd_value);
                 $rnd_value .= sha1($rnd_value . $seed);
                 $seed = md5($seed . $rnd_value);
                 if ( ! defined( 'WP_SETUP_CONFIG' ) )
                         set_transient('random_seed', $seed);
         }