From 4b8e45d60472ae6a0b5c4ad8728a476ad530519b Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 21 Mar 2012 10:27:34 +0000
Subject: [PATCH] * Removed the $method parameters from MWCryptRand. Apparently
 Dantman didn't know about our awesome debug traceback functions like
 wfGetAllCallers(). The weird optional-middle-parameter calling convention
 thankfully disappears as a consequence. * Reduced the amount of debug log
 noise slightly, removing a few redundant messages.

---
 includes/CryptRand.php                 | 29 +++++++-------------------
 includes/GlobalFunctions.php           |  2 +-
 includes/User.php                      | 12 +++++------
 includes/specials/SpecialUserlogin.php |  4 ++--
 4 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/includes/CryptRand.php b/includes/CryptRand.php
index 9f0f7de1ee..10f379cb2a 100644
--- a/includes/CryptRand.php
+++ b/includes/CryptRand.php
@@ -256,17 +256,10 @@ class MWCryptRand {
 	/**
 	 * @see self::generate()
 	 */
-	public function realGenerate( $bytes, $forceStrong = false, $method = null ) {
+	public function realGenerate( $bytes, $forceStrong = false ) {
 		wfProfileIn( __METHOD__ );
-		if ( is_string( $forceStrong ) && is_null( $method ) ) {
-			// If $forceStrong is a string then it's really $method
-			$method = $forceStrong;
-			$forceStrong = false;
-		}
 
-		if ( !is_null( $method ) ) {
-			wfDebug( __METHOD__ . ": Generating cryptographic random bytes for $method\n" );
-		}
+		wfDebug( __METHOD__ . ": Generating cryptographic random bytes for " . wfGetAllCallers( 5 ) . "\n" );
 
 		$bytes = floor( $bytes );
 		static $buffer = '';
@@ -285,7 +278,6 @@ class MWCryptRand {
 			if ( function_exists( 'mcrypt_create_iv' ) ) {
 				wfProfileIn( __METHOD__ . '-mcrypt' );
 				$rem = $bytes - strlen( $buffer );
-				wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using mcrypt_create_iv.\n" );
 				$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
 				if ( $iv === false ) {
 					wfDebug( __METHOD__ . ": mcrypt_create_iv returned false.\n" );
@@ -306,7 +298,6 @@ class MWCryptRand {
 			) {
 				wfProfileIn( __METHOD__ . '-openssl' );
 				$rem = $bytes - strlen( $buffer );
-				wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using openssl_random_pseudo_bytes.\n" );
 				$openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
 				if ( $openssl_bytes === false ) {
 					wfDebug( __METHOD__ . ": openssl_random_pseudo_bytes returned false.\n" );
@@ -327,7 +318,6 @@ class MWCryptRand {
 		if ( strlen( $buffer ) < $bytes && ( function_exists( 'stream_set_read_buffer' ) || $forceStrong ) ) {
 			wfProfileIn( __METHOD__ . '-fopen-urandom' );
 			$rem = $bytes - strlen( $buffer );
-			wfDebug( __METHOD__ . ": Trying to generate $rem bytes of randomness using /dev/urandom.\n" );
 			if ( !function_exists( 'stream_set_read_buffer' ) && $forceStrong ) {
 				wfDebug( __METHOD__ . ": Was forced to read from /dev/urandom without control over the buffer size.\n" );
 			}
@@ -351,7 +341,6 @@ class MWCryptRand {
 					stream_set_read_buffer( $urandom, $rem );
 					$chunk_size = $rem;
 				}
-				wfDebug( __METHOD__ . ": Reading from /dev/urandom with a buffer size of $chunk_size.\n" );
 				$random_bytes = fread( $urandom, max( $chunk_size, $rem ) );
 				$buffer .= $random_bytes;
 				fclose( $urandom );
@@ -399,13 +388,13 @@ class MWCryptRand {
 	/**
 	 * @see self::generateHex()
 	 */
-	public function realGenerateHex( $chars, $forceStrong = false, $method = null ) {
+	public function realGenerateHex( $chars, $forceStrong = false ) {
 		// hex strings are 2x the length of raw binary so we divide the length in half
 		// odd numbers will result in a .5 that leads the generate() being 1 character
 		// short, so we use ceil() to ensure that we always have enough bytes
 		$bytes = ceil( $chars / 2 );
 		// Generate the data and then convert it to a hex string
-		$hex = bin2hex( $this->generate( $bytes, $forceStrong, $method ) );
+		$hex = bin2hex( $this->generate( $bytes, $forceStrong ) );
 		// A bit of paranoia here, the caller asked for a specific length of string
 		// here, and it's possible (eg when given an odd number) that we may actually
 		// have at least 1 char more than they asked for. Just in case they made this
@@ -449,11 +438,10 @@ class MWCryptRand {
 	 * @param $forceStrong bool Pass true if you want generate to prefer cryptographically
 	 *                          strong sources of entropy even if reading from them may steal
 	 *                          more entropy from the system than optimal.
-	 * @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
 	 * @return String Raw binary random data
 	 */
-	public static function generate( $bytes, $forceStrong = false, $method = null ) {
-		return self::singleton()->realGenerate( $bytes, $forceStrong, $method );
+	public static function generate( $bytes, $forceStrong = false ) {
+		return self::singleton()->realGenerate( $bytes, $forceStrong );
 	}
 
 	/**
@@ -466,11 +454,10 @@ class MWCryptRand {
 	 * @param $forceStrong bool Pass true if you want generate to prefer cryptographically
 	 *                          strong sources of entropy even if reading from them may steal
 	 *                          more entropy from the system than optimal.
-	 * @param $method The calling method, for debug info. May be the second argument if you are not using forceStrong
 	 * @return String Hexadecimal random data
 	 */
-	public static function generateHex( $chars, $forceStrong = false, $method = null ) {
-		return self::singleton()->realGenerateHex( $chars, $forceStrong, $method );
+	public static function generateHex( $chars, $forceStrong = false ) {
+		return self::singleton()->realGenerateHex( $chars, $forceStrong );
 	}
 
 }
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 806b43e899..e9f22de74c 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3363,7 +3363,7 @@ function wfFixSessionID() {
 	// If built-in entropy is not enabled or not sufficient override php's built in session id generation code
 	if ( !$entropyEnabled ) {
 		wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, overriding session id generation using our cryptrand source.\n" );
-		session_id( MWCryptRand::generateHex( 32, __METHOD__ ) );
+		session_id( MWCryptRand::generateHex( 32 ) );
 	}
 }
 
diff --git a/includes/User.php b/includes/User.php
index e95e5309f3..90bef9141f 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -847,7 +847,7 @@ class User {
 		// Multiply by 1.25 to get the number of hex characters we need
 		$length = $length * 1.25;
 		// Generate random hex chars
-		$hex = MWCryptRand::generateHex( $length, __METHOD__ );
+		$hex = MWCryptRand::generateHex( $length );
 		// Convert from base 16 to base 32 to get a proper password like string
 		return wfBaseConvert( $hex, 16, 32 );
 	}
@@ -2044,7 +2044,7 @@ class User {
 		global $wgSecretKey, $wgProxyKey;
 		$this->load();
 		if ( !$token ) {
-			$this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH, __METHOD__ );
+			$this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
 		} else {
 			$this->mToken = $token;
 		}
@@ -3179,7 +3179,7 @@ class User {
 		} else {
 			$token = $request->getSessionData( 'wsEditToken' );
 			if ( $token === null ) {
-				$token = MWCryptRand::generateHex( 32, __METHOD__ );
+				$token = MWCryptRand::generateHex( 32 );
 				$request->setSessionData( 'wsEditToken', $token );
 			}
 			if( is_array( $salt ) ) {
@@ -3197,7 +3197,7 @@ class User {
 	 * @deprecated since 1.20; Use MWCryptRand for secure purposes or wfRandomString for pesudo-randomness
 	 */
 	public static function generateToken( $salt = '' ) {
-		return MWCryptRand::generateHex( 32, __METHOD__ );
+		return MWCryptRand::generateHex( 32 );
 	}
 
 	/**
@@ -3304,7 +3304,7 @@ class User {
 		$now = time();
 		$expires = $now + $wgUserEmailConfirmationTokenExpiry;
 		$this->load();
-		$token = MWCryptRand::generateHex( 32, __METHOD__ );
+		$token = MWCryptRand::generateHex( 32 );
 		$hash = md5( $token );
 		$this->mEmailToken = $hash;
 		$this->mEmailTokenExpires = wfTimestamp( TS_MW, $expires );
@@ -3856,7 +3856,7 @@ class User {
 
 		if( $wgPasswordSalt ) {
 			if ( $salt === false ) {
-				$salt = MWCryptRand::generateHex( 8, __METHOD__ );
+				$salt = MWCryptRand::generateHex( 8 );
 			}
 			return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
 		} else {
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index f6df4d5474..3837e2724b 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -1152,7 +1152,7 @@ class LoginForm extends SpecialPage {
 		global $wgRequest;
 		// Generate a token directly instead of using $user->editToken()
 		// because the latter reuses $_SESSION['wsEditToken']
-		$wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32, __METHOD__ ) );
+		$wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) );
 	}
 
 	/**
@@ -1177,7 +1177,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function setCreateaccountToken() {
 		global $wgRequest;
-		$wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32, __METHOD__ ) );
+		$wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32 ) );
 	}
 
 	/**
-- 
2.20.1