Bug #23355
closed
I've attached a PoC patch for TYPO3 4.3 branch.
Introduces a further optional parameter that allows to skip blocking/slow method that return crypto-safe random bytes.
In addition the code is reordered, commenting improved and errors handled in mcrypt code part.
Marcus, I would really appreciate a restructuring..
/dev/urandom can be inaccessible due to open_basedir restriction, so I would not only call mycrypt function on windows.
According to the PHP bug, we should decrease the priority of COM.
You only use the openssl method, when $cryptoSafe is required. Why not always use it first and set the $cryptoStrong parameter to the value of $cryptoSafe. If no strong randomness was used but required, throw the result away.
We do not need crypto safe randomness, thus define the method to return not crypto safe random bytes (which it does in some cases anyways).
Patch set 1 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
Patch set 2 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
Patch set 3 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
Patch set 1 of change I42eea55dcbcd8d8f5b1a6e9493993e9ccd967dfa has been pushed to the review server.
It is available at http://review.typo3.org/4555
- Status changed from New to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Under Review
- Target version deleted (
0)
- TYPO3 Version set to 4.6
Was set to resolved, as it was pushed to a sandbox..
Patch set 4 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
- Priority changed from Should have to Must have
- Target version set to 4.6.0
Patch set 5 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
Patch set 6 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
Patch set 7 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/4537
- Target version changed from 4.6.0 to 4.5.8
- Status changed from Under Review to Resolved
- Status changed from Resolved to Under Review
Keeping it open, as it still needs to go to older branches, but needs code adjustments for that!
Patch set 1 of change I6bad300842f3da40c620b3d79b8116345a2749a0 has been pushed to the review server.
It is available at http://review.typo3.org/6460
- Status changed from Under Review to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF