Issue #3054311 by alexpott: Deprecate \Drupal\Component\Utility\Crypt::randomBytes() in favour of PHP's builtin random_bytes()

core/lib/Drupal/Component/Utility/Crypt.php

@@ -28,10 +28,13 @@ class Crypt {
    * @return string
    *   A randomly generated string.
    *
-   * @todo Deprecate in favor of random_bytes().
-   *   https://www.drupal.org/node/3054311
+   * @deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0.
+   *   Use PHP's built-in random_bytes() function instead.
+   *
+   * @see https://www.drupal.org/node/3054488
    */
   public static function randomBytes($count) {
+    @trigger_error(__CLASS__ . '::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP\'s built-in random_bytes() function instead. See https://www.drupal.org/node/3054488', E_USER_DEPRECATED);
     return random_bytes($count);
   }
 
@@ -107,7 +110,7 @@ class Crypt {
    * @see \Drupal\Component\Utility\Crypt::randomBytes()
    */
   public static function randomBytesBase64($count = 32) {
-    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(static::randomBytes($count)));
+    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(random_bytes($count)));
   }
 
 }

core/lib/Drupal/Component/Uuid/Php.php

@@ -2,8 +2,6 @@
 
 namespace Drupal\Component\Uuid;
 
-use Drupal\Component\Utility\Crypt;
-
 /**
  * Generates a UUID v4 (RFC 4122 section 4.4) using PHP code.
  *
@@ -17,7 +15,7 @@ class Php implements UuidInterface {
    */
   public function generate() {
     // Obtain a random string of 32 hex characters.
-    $hex = bin2hex(Crypt::randomBytes(16));
+    $hex = bin2hex(random_bytes(16));
 
     // The variable names $time_low, $time_mid, $time_hi_and_version,
     // $clock_seq_hi_and_reserved, $clock_seq_low, and $node correlate to

core/lib/Drupal/Component/Uuid/composer.json

@@ -9,8 +9,7 @@
     "source": "https://www.drupal.org/project/drupal/git-instructions"
   },
   "require": {
-    "php": ">=7.0.8",
-    "drupal/core-utility": "^8.2"
+    "php": ">=7.0.8"
   },
   "autoload": {
     "psr-4": {

core/lib/Drupal/Core/Password/PhpassHashedPassword.php

@@ -108,7 +108,7 @@ class PhpassHashedPassword implements PasswordInterface {
     // We encode the final log2 iteration count in base 64.
     $output .= static::$ITOA64[$this->countLog2];
     // 6 bytes is the standard salt for a portable phpass hash.
-    $output .= $this->base64Encode(Crypt::randomBytes(6), 6);
+    $output .= $this->base64Encode(random_bytes(6), 6);
     return $output;
   }
 

core/modules/user/user.module

@@ -314,7 +314,7 @@ function user_password($length = 10) {
   for ($i = 0; $i < $length; $i++) {
     do {
       // Find a secure random number within the range needed.
-      $index = ord(Crypt::randomBytes(1));
+      $index = ord(random_bytes(1));
     } while ($index > $len);
 
     // Each iteration, pick a random character from the

core/tests/Drupal/Tests/Component/Utility/CryptTest.php

@@ -18,17 +18,11 @@ class CryptTest extends TestCase {
    * Tests random byte generation.
    *
    * @covers ::randomBytes
-   *
-   * @see \Drupal\Tests\Component\Utility\CryptRandomFallbackTest::testRandomBytesFallback
+   * @expectedDeprecation Drupal\Component\Utility\Crypt::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP's built-in random_bytes() function instead. See https://www.drupal.org/node/3054488
+   * @group legacy
    */
   public function testRandomBytes() {
-    for ($i = 1; $i < 10; $i++) {
-      $count = rand(10, 10000);
-      // Check that different values are being generated.
-      $this->assertNotEquals(Crypt::randomBytes($count), Crypt::randomBytes($count));
-      // Check the length.
-      $this->assertEquals(strlen(Crypt::randomBytes($count)), $count);
-    }
+    $this->assertSame(16, strlen(Crypt::randomBytes(16)));
   }
 
   /**