84 $state .= rand() . uniqid( mt_rand(),
true );
94 $files[] = dirname( __DIR__ );
97 MediaWiki\suppressWarnings();
98 $stat = stat( $file );
99 MediaWiki\restoreWarnings();
102 foreach ( $stat
as $k => $v ) {
103 if ( is_numeric( $k ) ) {
108 $path = realpath( $file );
109 if (
$path !==
false ) {
114 $state .= implode(
'', $stat );
124 if ( function_exists(
'getmypid' ) ) {
125 $state .= getmypid();
130 if ( function_exists(
'memory_get_usage' ) ) {
131 $state .= memory_get_usage(
true );
134 foreach ( $this->randomFuncs
as $randomFunc ) {
135 $state .= call_user_func( $randomFunc );
151 $minIterations = self::MIN_ITERATIONS;
155 $bufLength = 10000000;
156 $buffer = str_repeat(
' ', $bufLength );
161 $startTime = microtime(
true );
162 $currentTime = $startTime;
163 while ( $iterations < $minIterations || $currentTime - $startTime < $duration ) {
166 $bufPos = ( $bufPos + 13 ) % $bufLength;
169 $nextTime = microtime(
true );
170 $delta = (int)( ( $nextTime - $currentTime ) * 1000000 );
173 if ( $iterations % 100 === 0 ) {
174 $data = sha1( $data );
176 $currentTime = $nextTime;
179 $timeTaken = $currentTime - $startTime;
182 $this->logger->debug(
"Clock drift calculation " .
183 "(time-taken=" . ( $timeTaken * 1000 ) .
"ms, " .
184 "iterations=$iterations, " .
185 "time-per-iteration=" . ( $timeTaken / $iterations * 1e6 ) .
"us)\n" );
195 static $state = null;
196 if ( is_null( $state ) ) {
217 if ( is_null( $this->strong ) ) {
218 throw new RuntimeException( __METHOD__ .
' called before generation of random data' );
236 public function generate( $bytes, $forceStrong =
false ) {
238 $this->logger->debug(
"Generating cryptographic random bytes for\n" );
240 $bytes = floor( $bytes );
242 if ( is_null( $this->strong ) ) {
244 $this->strong =
true;
247 if ( strlen(
$buffer ) < $bytes ) {
254 if ( function_exists(
'mcrypt_create_iv' ) ) {
255 $rem = $bytes - strlen(
$buffer );
256 $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
257 if ( $iv ===
false ) {
258 $this->logger->debug(
"mcrypt_create_iv returned false.\n" );
261 $this->logger->debug(
"mcrypt_create_iv generated " . strlen( $iv ) .
262 " bytes of randomness.\n" );
267 if ( strlen(
$buffer ) < $bytes ) {
268 if ( function_exists(
'openssl_random_pseudo_bytes' ) ) {
269 $rem = $bytes - strlen(
$buffer );
270 $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
271 if ( $openssl_bytes ===
false ) {
272 $this->logger->debug(
"openssl_random_pseudo_bytes returned false.\n" );
275 $this->logger->debug(
"openssl_random_pseudo_bytes generated " .
276 strlen( $openssl_bytes ) .
" bytes of " .
277 ( $openssl_strong ?
"strong" :
"weak" ) .
" randomness.\n" );
279 if ( strlen(
$buffer ) >= $bytes ) {
282 $this->strong = !!$openssl_strong;
288 if ( strlen(
$buffer ) < $bytes &&
289 ( function_exists(
'stream_set_read_buffer' ) || $forceStrong )
291 $rem = $bytes - strlen(
$buffer );
292 if ( !function_exists(
'stream_set_read_buffer' ) && $forceStrong ) {
293 $this->logger->debug(
"Was forced to read from /dev/urandom " .
294 "without control over the buffer size.\n" );
298 MediaWiki\suppressWarnings();
299 $urandom = fopen(
"/dev/urandom",
"rb" );
300 MediaWiki\restoreWarnings();
310 $chunk_size = 1024 * 8;
311 if ( function_exists(
'stream_set_read_buffer' ) ) {
313 stream_set_read_buffer( $urandom, $rem );
316 $random_bytes = fread( $urandom, max( $chunk_size, $rem ) );
319 $this->logger->debug(
"/dev/urandom generated " . strlen( $random_bytes ) .
320 " bytes of randomness.\n" );
322 if ( strlen(
$buffer ) >= $bytes ) {
324 $this->strong =
true;
327 $this->logger->debug(
"/dev/urandom could not be opened.\n" );
337 if ( strlen(
$buffer ) < $bytes ) {
338 $this->logger->debug( __METHOD__ .
339 ": Falling back to using a pseudo random state to generate randomness.\n" );
341 while ( strlen(
$buffer ) < $bytes ) {
345 $this->strong =
false;
351 $generated = substr(
$buffer, 0, $bytes );
354 $this->logger->debug( strlen(
$buffer ) .
355 " bytes of randomness leftover in the buffer.\n" );
376 $bytes = ceil( $chars / 2 );
378 $hex = bin2hex( $this->
generate( $bytes, $forceStrong ) );
387 return substr( $hex, 0, $chars );
randomState()
Return a rolling random state initially build using data from unstable sources.
the array() calling protocol came about after MediaWiki 1.4rc1.
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
wasStrong()
Return a boolean indicating whether or not the source used for cryptographic random bytes generation ...
const MSEC_PER_BYTE
Number of milliseconds we want to spend generating each separate byte of the final generated bytes...
static hash($data, $raw=true)
Generate an acceptably unstable one-way-hash of some text making use of the best hash algorithm that ...
driftHash($data)
Randomly hash data while mixing in clock drift data for randomness.
generateHex($chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format...
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
generate($bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form...
__construct(array $randomFuncs, array $randomFiles, LoggerInterface $logger)
static hashLength($raw=true)
Return the byte-length output of the hash algorithm we are using in self::hash and self::hmac...
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
static hmac($data, $key, $raw=true)
Generate an acceptably unstable one-way-hmac of some text making use of the best hash algorithm that ...
const MIN_ITERATIONS
Minimum number of iterations we want to make in our drift calculations.
$strong
A boolean indicating whether the previous random generation was done using cryptographically strong r...
string[] $randomFiles
List of files to generate some random state from.
callable[] $randomFuncs
List of functions to call to generate some random state.
initialRandomState()
Initialize an initial random state based off of whatever we can find.