albertlast / SMF2.1

Sources/random_compat/random_bytes_com_dotnet.php

Indentation +57 added lines, -57 removed lines

@@ -27,65 +27,65 @@
  */
 
 if (!is_callable('random_bytes')) {
-    /**
-     * Windows with PHP < 5.3.0 will not have the function
-     * openssl_random_pseudo_bytes() available, so let's use
-     * CAPICOM to work around this deficiency.
-     *
-     * @param int $bytes
-     *
-     * @throws Exception
-     *
-     * @return string
-     */
-    function random_bytes($bytes)
-    {
-        try {
-            /** @var int $bytes */
-            $bytes = RandomCompat_intval($bytes);
-        } catch (TypeError $ex) {
-            throw new TypeError(
-                'random_bytes(): $bytes must be an integer'
-            );
-        }
+	/**
+	 * Windows with PHP < 5.3.0 will not have the function
+	 * openssl_random_pseudo_bytes() available, so let's use
+	 * CAPICOM to work around this deficiency.
+	 *
+	 * @param int $bytes
+	 *
+	 * @throws Exception
+	 *
+	 * @return string
+	 */
+	function random_bytes($bytes)
+	{
+		try {
+			/** @var int $bytes */
+			$bytes = RandomCompat_intval($bytes);
+		} catch (TypeError $ex) {
+			throw new TypeError(
+				'random_bytes(): $bytes must be an integer'
+			);
+		}
 
-        if ($bytes < 1) {
-            throw new Error(
-                'Length must be greater than 0'
-            );
-        }
+		if ($bytes < 1) {
+			throw new Error(
+				'Length must be greater than 0'
+			);
+		}
 
-        /** @var string $buf */
-        $buf = '';
-        if (!class_exists('COM')) {
-            throw new Error(
-                'COM does not exist'
-            );
-        }
-        /** @var COM $util */
-        $util = new COM('CAPICOM.Utilities.1');
-        $execCount = 0;
+		/** @var string $buf */
+		$buf = '';
+		if (!class_exists('COM')) {
+			throw new Error(
+				'COM does not exist'
+			);
+		}
+		/** @var COM $util */
+		$util = new COM('CAPICOM.Utilities.1');
+		$execCount = 0;
 
-        /**
-         * Let's not let it loop forever. If we run N times and fail to
-         * get N bytes of random data, then CAPICOM has failed us.
-         */
-        do {
-            $buf .= base64_decode((string) $util->GetRandom($bytes, 0));
-            if (RandomCompat_strlen($buf) >= $bytes) {
-                /**
-                 * Return our random entropy buffer here:
-                 */
-                return (string) RandomCompat_substr($buf, 0, $bytes);
-            }
-            ++$execCount;
-        } while ($execCount < $bytes);
+		/**
+		 * Let's not let it loop forever. If we run N times and fail to
+		 * get N bytes of random data, then CAPICOM has failed us.
+		 */
+		do {
+			$buf .= base64_decode((string) $util->GetRandom($bytes, 0));
+			if (RandomCompat_strlen($buf) >= $bytes) {
+				/**
+				 * Return our random entropy buffer here:
+				 */
+				return (string) RandomCompat_substr($buf, 0, $bytes);
+			}
+			++$execCount;
+		} while ($execCount < $bytes);
 
-        /**
-         * If we reach here, PHP has failed us.
-         */
-        throw new Exception(
-            'Could not gather sufficient random data'
-        );
-    }
+		/**
+		 * If we reach here, PHP has failed us.
+		 */
+		throw new Exception(
+			'Could not gather sufficient random data'
+		);
+	}
 }

Sources/random_compat/cast_to_int.php

Indentation +44 added lines, -44 removed lines

@@ -28,50 +28,50 @@
 
 if (!is_callable('RandomCompat_intval')) {
 
-    /**
-     * Cast to an integer if we can, safely.
-     *
-     * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
-     * (non-inclusive), it will sanely cast it to an int. If you it's equal to
-     * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats 
-     * lose precision, so the <= and => operators might accidentally let a float
-     * through.
-     *
-     * @param int|float $number    The number we want to convert to an int
-     * @param bool      $fail_open Set to true to not throw an exception
-     *
-     * @return float|int
-     * @psalm-suppress InvalidReturnType
-     *
-     * @throws TypeError
-     */
-    function RandomCompat_intval($number, $fail_open = false)
-    {
-        if (is_int($number) || is_float($number)) {
-            $number += 0;
-        } elseif (is_numeric($number)) {
-            /** @psalm-suppress InvalidOperand */
-            $number += 0;
-        }
-        /** @var int|float $number */
+	/**
+	 * Cast to an integer if we can, safely.
+	 *
+	 * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+	 * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+	 * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats 
+	 * lose precision, so the <= and => operators might accidentally let a float
+	 * through.
+	 *
+	 * @param int|float $number    The number we want to convert to an int
+	 * @param bool      $fail_open Set to true to not throw an exception
+	 *
+	 * @return float|int
+	 * @psalm-suppress InvalidReturnType
+	 *
+	 * @throws TypeError
+	 */
+	function RandomCompat_intval($number, $fail_open = false)
+	{
+		if (is_int($number) || is_float($number)) {
+			$number += 0;
+		} elseif (is_numeric($number)) {
+			/** @psalm-suppress InvalidOperand */
+			$number += 0;
+		}
+		/** @var int|float $number */
 
-        if (
-            is_float($number)
-                &&
-            $number > ~PHP_INT_MAX
-                &&
-            $number < PHP_INT_MAX
-        ) {
-            $number = (int) $number;
-        }
+		if (
+			is_float($number)
+				&&
+			$number > ~PHP_INT_MAX
+				&&
+			$number < PHP_INT_MAX
+		) {
+			$number = (int) $number;
+		}
 
-        if (is_int($number)) {
-            return (int) $number;
-        } elseif (!$fail_open) {
-            throw new TypeError(
-                'Expected an integer.'
-            );
-        }
-        return $number;
-    }
+		if (is_int($number)) {
+			return (int) $number;
+		} elseif (!$fail_open) {
+			throw new TypeError(
+				'Expected an integer.'
+			);
+		}
+		return $number;
+	}
 }

Sources/random_compat/random_bytes_dev_urandom.php

Indentation +148 added lines, -148 removed lines

@@ -27,164 +27,164 @@
  */
 
 if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
-    define('RANDOM_COMPAT_READ_BUFFER', 8);
+	define('RANDOM_COMPAT_READ_BUFFER', 8);
 }
 
 if (!is_callable('random_bytes')) {
-    /**
-     * Unless open_basedir is enabled, use /dev/urandom for
-     * random numbers in accordance with best practices
-     *
-     * Why we use /dev/urandom and not /dev/random
-     * @ref https://www.2uo.de/myths-about-urandom
-     * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
-     *
-     * @param int $bytes
-     *
-     * @throws Exception
-     *
-     * @return string
-     */
-    function random_bytes($bytes)
-    {
-        /** @var resource $fp */
-        static $fp = null;
+	/**
+	 * Unless open_basedir is enabled, use /dev/urandom for
+	 * random numbers in accordance with best practices
+	 *
+	 * Why we use /dev/urandom and not /dev/random
+	 * @ref https://www.2uo.de/myths-about-urandom
+	 * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+	 *
+	 * @param int $bytes
+	 *
+	 * @throws Exception
+	 *
+	 * @return string
+	 */
+	function random_bytes($bytes)
+	{
+		/** @var resource $fp */
+		static $fp = null;
 
-        /**
-         * This block should only be run once
-         */
-        if (empty($fp)) {
-            /**
-             * We don't want to ever read C:\dev\random, only /dev/urandom on
-             * Unix-like operating systems. While we guard against this
-             * condition in random.php, it doesn't hurt to be defensive in depth
-             * here.
-             *
-             * To that end, we only try to open /dev/urandom if we're on a Unix-
-             * like operating system (which means the directory separator is set
-             * to "/" not "\".
-             */
-            if (DIRECTORY_SEPARATOR === '/') {
-                if (!is_readable('/dev/urandom')) {
-                    throw new Exception(
-                        'Environment misconfiguration: ' .
-                        '/dev/urandom cannot be read.'
-                    );
-                }
-                /**
-                 * We use /dev/urandom if it is a char device.
-                 * We never fall back to /dev/random
-                 */
-                /** @var resource|bool $fp */
-                $fp = fopen('/dev/urandom', 'rb');
-                if (is_resource($fp)) {
-                    /** @var array<string, int> $st */
-                    $st = fstat($fp);
-                    if (($st['mode'] & 0170000) !== 020000) {
-                        fclose($fp);
-                        $fp = false;
-                    }
-                }
-            }
+		/**
+		 * This block should only be run once
+		 */
+		if (empty($fp)) {
+			/**
+			 * We don't want to ever read C:\dev\random, only /dev/urandom on
+			 * Unix-like operating systems. While we guard against this
+			 * condition in random.php, it doesn't hurt to be defensive in depth
+			 * here.
+			 *
+			 * To that end, we only try to open /dev/urandom if we're on a Unix-
+			 * like operating system (which means the directory separator is set
+			 * to "/" not "\".
+			 */
+			if (DIRECTORY_SEPARATOR === '/') {
+				if (!is_readable('/dev/urandom')) {
+					throw new Exception(
+						'Environment misconfiguration: ' .
+						'/dev/urandom cannot be read.'
+					);
+				}
+				/**
+				 * We use /dev/urandom if it is a char device.
+				 * We never fall back to /dev/random
+				 */
+				/** @var resource|bool $fp */
+				$fp = fopen('/dev/urandom', 'rb');
+				if (is_resource($fp)) {
+					/** @var array<string, int> $st */
+					$st = fstat($fp);
+					if (($st['mode'] & 0170000) !== 020000) {
+						fclose($fp);
+						$fp = false;
+					}
+				}
+			}
 
-            if (is_resource($fp)) {
-                /**
-                 * stream_set_read_buffer() does not exist in HHVM
-                 *
-                 * If we don't set the stream's read buffer to 0, PHP will
-                 * internally buffer 8192 bytes, which can waste entropy
-                 *
-                 * stream_set_read_buffer returns 0 on success
-                 */
-                if (is_callable('stream_set_read_buffer')) {
-                    stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
-                }
-                if (is_callable('stream_set_chunk_size')) {
-                    stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
-                }
-            }
-        }
+			if (is_resource($fp)) {
+				/**
+				 * stream_set_read_buffer() does not exist in HHVM
+				 *
+				 * If we don't set the stream's read buffer to 0, PHP will
+				 * internally buffer 8192 bytes, which can waste entropy
+				 *
+				 * stream_set_read_buffer returns 0 on success
+				 */
+				if (is_callable('stream_set_read_buffer')) {
+					stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+				}
+				if (is_callable('stream_set_chunk_size')) {
+					stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+				}
+			}
+		}
 
-        try {
-            /** @var int $bytes */
-            $bytes = RandomCompat_intval($bytes);
-        } catch (TypeError $ex) {
-            throw new TypeError(
-                'random_bytes(): $bytes must be an integer'
-            );
-        }
+		try {
+			/** @var int $bytes */
+			$bytes = RandomCompat_intval($bytes);
+		} catch (TypeError $ex) {
+			throw new TypeError(
+				'random_bytes(): $bytes must be an integer'
+			);
+		}
 
-        if ($bytes < 1) {
-            throw new Error(
-                'Length must be greater than 0'
-            );
-        }
+		if ($bytes < 1) {
+			throw new Error(
+				'Length must be greater than 0'
+			);
+		}
 
-        /**
-         * This if() block only runs if we managed to open a file handle
-         *
-         * It does not belong in an else {} block, because the above
-         * if (empty($fp)) line is logic that should only be run once per
-         * page load.
-         */
-        if (is_resource($fp)) {
-            /**
-             * @var int
-             */
-            $remaining = $bytes;
+		/**
+		 * This if() block only runs if we managed to open a file handle
+		 *
+		 * It does not belong in an else {} block, because the above
+		 * if (empty($fp)) line is logic that should only be run once per
+		 * page load.
+		 */
+		if (is_resource($fp)) {
+			/**
+			 * @var int
+			 */
+			$remaining = $bytes;
 
-            /**
-             * @var string|bool
-             */
-            $buf = '';
+			/**
+			 * @var string|bool
+			 */
+			$buf = '';
 
-            /**
-             * We use fread() in a loop to protect against partial reads
-             */
-            do {
-                /**
-                 * @var string|bool
-                 */
-                $read = fread($fp, $remaining);
-                if (!is_string($read)) {
-                    /**
-                     * We cannot safely read from the file. Exit the
-                     * do-while loop and trigger the exception condition
-                     *
-                     * @var string|bool
-                     */
-                    $buf = false;
-                    break;
-                }
-                /**
-                 * Decrease the number of bytes returned from remaining
-                 */
-                $remaining -= RandomCompat_strlen($read);
-                /**
-                 * @var string $buf
-                 */
-                $buf .= $read;
-            } while ($remaining > 0);
+			/**
+			 * We use fread() in a loop to protect against partial reads
+			 */
+			do {
+				/**
+				 * @var string|bool
+				 */
+				$read = fread($fp, $remaining);
+				if (!is_string($read)) {
+					/**
+					 * We cannot safely read from the file. Exit the
+					 * do-while loop and trigger the exception condition
+					 *
+					 * @var string|bool
+					 */
+					$buf = false;
+					break;
+				}
+				/**
+				 * Decrease the number of bytes returned from remaining
+				 */
+				$remaining -= RandomCompat_strlen($read);
+				/**
+				 * @var string $buf
+				 */
+				$buf .= $read;
+			} while ($remaining > 0);
 
-            /**
-             * Is our result valid?
-             * @var string|bool $buf
-             */
-            if (is_string($buf)) {
-                if (RandomCompat_strlen($buf) === $bytes) {
-                    /**
-                     * Return our random entropy buffer here:
-                     */
-                    return $buf;
-                }
-            }
-        }
+			/**
+			 * Is our result valid?
+			 * @var string|bool $buf
+			 */
+			if (is_string($buf)) {
+				if (RandomCompat_strlen($buf) === $bytes) {
+					/**
+					 * Return our random entropy buffer here:
+					 */
+					return $buf;
+				}
+			}
+		}
 
-        /**
-         * If we reach here, PHP has failed us.
-         */
-        throw new Exception(
-            'Error reading from source device'
-        );
-    }
+		/**
+		 * If we reach here, PHP has failed us.
+		 */
+		throw new Exception(
+			'Error reading from source device'
+		);
+	}
 }