From 9118f43c1d5186ef286ccb11ae4279a18fa7551b Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Thu, 16 Apr 2015 15:16:25 +0200
Subject: [PATCH] Schedule SimpleSAML_Utilities::generateRandomBytes() for
 removal. Deprecate and stop using it.

---
 lib/SimpleSAML/Error/Error.php                       |  2 +-
 lib/SimpleSAML/Session.php                           |  2 +-
 lib/SimpleSAML/SessionHandlerCookie.php              |  2 +-
 lib/SimpleSAML/SessionHandlerPHP.php                 |  2 +-
 lib/SimpleSAML/Stats.php                             |  2 +-
 lib/SimpleSAML/Utilities.php                         | 12 +++---------
 lib/SimpleSAML/Utils/Crypto.php                      |  4 ++--
 lib/SimpleSAML/XHTML/EMail.php                       |  2 +-
 .../saml/lib/Auth/Process/SQLPersistentNameID.php    |  2 +-
 9 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/lib/SimpleSAML/Error/Error.php b/lib/SimpleSAML/Error/Error.php
index a08ffddcd..402eeeaef 100644
--- a/lib/SimpleSAML/Error/Error.php
+++ b/lib/SimpleSAML/Error/Error.php
@@ -202,7 +202,7 @@ class SimpleSAML_Error_Error extends SimpleSAML_Error_Exception {
 		$emsg = array_shift($data);
 		$etrace = implode("\n", $data);
 
-		$reportId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(4));
+		$reportId = SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(4));
 		SimpleSAML_Logger::error('Error report with id ' . $reportId . ' generated.');
 
 		$config = SimpleSAML_Configuration::getInstance();
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 3f2af27c8..dbe899f5d 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -137,7 +137,7 @@ class SimpleSAML_Session
         $sh = SimpleSAML_SessionHandler::getSessionHandler();
         $this->sessionId = $sh->newSessionId();
 
-        $this->trackid = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(5));
+        $this->trackid = SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(5));
 
         $this->dirty = true;
 
diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index 60b033ab8..86486fd6e 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -93,7 +93,7 @@ extends SimpleSAML_SessionHandler {
 	 *  A random session id.
 	 */
 	private static function createSessionID() {
-		return SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+		return SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(16));
 	}
 
 
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index afb62a633..2fe63c390 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -77,7 +77,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 		}
 
 		/* Generate new (secure) session id. */
-		$sessionId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+		$sessionId = SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(16));
 		SimpleSAML_Session::createSession($sessionId);
 
 		if (session_id() !== '') {
diff --git a/lib/SimpleSAML/Stats.php b/lib/SimpleSAML/Stats.php
index ec76a3f83..acaf1d80d 100644
--- a/lib/SimpleSAML/Stats.php
+++ b/lib/SimpleSAML/Stats.php
@@ -80,7 +80,7 @@ class SimpleSAML_Stats {
 
 		/* The ID generation is designed to cluster IDs related in time close together. */
 		$int_t = (int)$data['time'];
-		$hd = SimpleSAML_Utilities::generateRandomBytes(16);
+		$hd = openssl_random_pseudo_bytes(16);
 		$data['_id'] = sprintf('%016x%s', $int_t, bin2hex($hd));
 
 		foreach (self::$outputs as $out) {
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index f5d877b57..e22fea3ed 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -382,7 +382,7 @@ class SimpleSAML_Utilities {
 
 
 	public static function generateID() {
-		return '_' . self::stringToHex(self::generateRandomBytes(21));
+		return '_' . self::stringToHex(openssl_random_pseudo_bytes(21));
 	}
 	
 
@@ -957,18 +957,12 @@ class SimpleSAML_Utilities {
 
 
 	/**
-	 * This function generates a binary string containing random bytes.
-	 *
-	 * It is implemented as a wrapper of the openssl_random_pseudo_bytes function,
-	 * available since PHP 5.3.0.
-	 *
-	 * @param int $length The number of random bytes to return.
-	 * @return string A string of $length random bytes.
+     * @deprecated This function will be removed in SSP 2.0. Please use openssl_random_pseudo_bytes() instead.
 	 */
 	public static function generateRandomBytes($length) {
 		assert('is_int($length)');
 
-        return openssl_random_pseudo_bytes($length);
+		return openssl_random_pseudo_bytes($length);
 	}
 
 
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 565c93e0a..c3090e18b 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -82,7 +82,7 @@ class SimpleSAML_Utils_Crypto
         $numpad = $blockSize - ($len % $blockSize);
         $data = str_pad($data, $len + $numpad, chr($numpad));
 
-        $iv = SimpleSAML_Utilities::generateRandomBytes($ivSize);
+        $iv = openssl_random_pseudo_bytes($ivSize);
 
         $data = mcrypt_encrypt($enc, $key, $data, $mode, $iv);
 
@@ -257,7 +257,7 @@ class SimpleSAML_Utils_Crypto
         if (!$salt) { // no salt provided, generate one
             // default 8 byte salt, but 4 byte for LDAP SHA1 hashes
             $bytes = ($algorithm == 'SSHA1') ? 4 : 8;
-            $salt = SimpleSAML_Utilities::generateRandomBytes($bytes);
+            $salt = openssl_random_pseudo_bytes($bytes);
         }
 
         if ($algorithm[0] == 'S' && in_array(substr(strtolower($algorithm), 1), hash_algos())) {
diff --git a/lib/SimpleSAML/XHTML/EMail.php b/lib/SimpleSAML/XHTML/EMail.php
index 67989b121..761f5de77 100644
--- a/lib/SimpleSAML/XHTML/EMail.php
+++ b/lib/SimpleSAML/XHTML/EMail.php
@@ -65,7 +65,7 @@ pre {
 		if ($this->subject == NULL) throw new Exception('EMail field [subject] is required and not set.');
 		if ($this->body == NULL) throw new Exception('EMail field [body] is required and not set.');
 		
-		$random_hash = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+		$random_hash = SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(16));
 		
 		if (isset($this->from))
 			$this->headers[]= 'From: ' . $this->from;
diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index 9a0ad3639..ebfab8eef 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -81,7 +81,7 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
 			throw new sspmod_saml_Error(SAML2_Const::STATUS_RESPONDER, 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy');
 		}
 
-		$value = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20));
+		$value = SimpleSAML_Utilities::stringToHex(openssl_random_pseudo_bytes(20));
 		SimpleSAML_Logger::debug('SQLPersistentNameID: Created persistent NameID ' . var_export($value, TRUE) . ' for user ' . var_export($uid, TRUE) . '.');
 		sspmod_saml_IdP_SQLNameID::add($idpEntityId, $spEntityId, $uid, $value);
 
-- 
GitLab