From 83bee34c26cd753d4115d9aa0c781baf841254c0 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Mon, 3 Jun 2019 20:00:53 +0100
Subject: [PATCH] Issue #3054311 by alexpott: Deprecate
 \Drupal\Component\Utility\Crypt::randomBytes() in favour of PHP's builtin
 random_bytes()

---
 core/lib/Drupal/Component/Utility/Crypt.php          |  9 ++++++---
 core/lib/Drupal/Component/Uuid/Php.php               |  4 +---
 core/lib/Drupal/Component/Uuid/composer.json         |  3 +--
 .../Drupal/Core/Password/PhpassHashedPassword.php    |  2 +-
 core/modules/user/user.module                        |  2 +-
 .../Drupal/Tests/Component/Utility/CryptTest.php     | 12 +++---------
 6 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/core/lib/Drupal/Component/Utility/Crypt.php b/core/lib/Drupal/Component/Utility/Crypt.php
index 7791b05a1a76..45f3a80a24d8 100644
--- a/core/lib/Drupal/Component/Utility/Crypt.php
+++ b/core/lib/Drupal/Component/Utility/Crypt.php
@@ -28,10 +28,13 @@ class Crypt {
    * @return string
    *   A randomly generated string.
    *
-   * @todo Deprecate in favor of random_bytes().
-   *   https://www.drupal.org/node/3054311
+   * @deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0.
+   *   Use PHP's built-in random_bytes() function instead.
+   *
+   * @see https://www.drupal.org/node/3054488
    */
   public static function randomBytes($count) {
+    @trigger_error(__CLASS__ . '::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP\'s built-in random_bytes() function instead. See https://www.drupal.org/node/3054488', E_USER_DEPRECATED);
     return random_bytes($count);
   }
 
@@ -107,7 +110,7 @@ class Crypt {
    * @see \Drupal\Component\Utility\Crypt::randomBytes()
    */
   public static function randomBytesBase64($count = 32) {
-    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(static::randomBytes($count)));
+    return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode(random_bytes($count)));
   }
 
 }
diff --git a/core/lib/Drupal/Component/Uuid/Php.php b/core/lib/Drupal/Component/Uuid/Php.php
index e6d2d6b7b96f..579e3ef3d868 100644
--- a/core/lib/Drupal/Component/Uuid/Php.php
+++ b/core/lib/Drupal/Component/Uuid/Php.php
@@ -2,8 +2,6 @@
 
 namespace Drupal\Component\Uuid;
 
-use Drupal\Component\Utility\Crypt;
-
 /**
  * Generates a UUID v4 (RFC 4122 section 4.4) using PHP code.
  *
@@ -17,7 +15,7 @@ class Php implements UuidInterface {
    */
   public function generate() {
     // Obtain a random string of 32 hex characters.
-    $hex = bin2hex(Crypt::randomBytes(16));
+    $hex = bin2hex(random_bytes(16));
 
     // The variable names $time_low, $time_mid, $time_hi_and_version,
     // $clock_seq_hi_and_reserved, $clock_seq_low, and $node correlate to
diff --git a/core/lib/Drupal/Component/Uuid/composer.json b/core/lib/Drupal/Component/Uuid/composer.json
index b63bf96f8eab..67c13893e5a3 100644
--- a/core/lib/Drupal/Component/Uuid/composer.json
+++ b/core/lib/Drupal/Component/Uuid/composer.json
@@ -9,8 +9,7 @@
     "source": "https://www.drupal.org/project/drupal/git-instructions"
   },
   "require": {
-    "php": ">=7.0.8",
-    "drupal/core-utility": "^8.2"
+    "php": ">=7.0.8"
   },
   "autoload": {
     "psr-4": {
diff --git a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
index 75083e2b5d5b..2868c56f1cfa 100644
--- a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
+++ b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
@@ -108,7 +108,7 @@ class PhpassHashedPassword implements PasswordInterface {
     // We encode the final log2 iteration count in base 64.
     $output .= static::$ITOA64[$this->countLog2];
     // 6 bytes is the standard salt for a portable phpass hash.
-    $output .= $this->base64Encode(Crypt::randomBytes(6), 6);
+    $output .= $this->base64Encode(random_bytes(6), 6);
     return $output;
   }
 
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 47771e2e61de..6f46ca3b0e74 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -314,7 +314,7 @@ function user_password($length = 10) {
   for ($i = 0; $i < $length; $i++) {
     do {
       // Find a secure random number within the range needed.
-      $index = ord(Crypt::randomBytes(1));
+      $index = ord(random_bytes(1));
     } while ($index > $len);
 
     // Each iteration, pick a random character from the
diff --git a/core/tests/Drupal/Tests/Component/Utility/CryptTest.php b/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
index 80208ef294f5..233c1bfad201 100644
--- a/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
@@ -18,17 +18,11 @@ class CryptTest extends TestCase {
    * Tests random byte generation.
    *
    * @covers ::randomBytes
-   *
-   * @see \Drupal\Tests\Component\Utility\CryptRandomFallbackTest::testRandomBytesFallback
+   * @expectedDeprecation Drupal\Component\Utility\Crypt::randomBytes() is deprecated in Drupal 8.8.0 and will be removed before Drupal 9.0.0. Use PHP's built-in random_bytes() function instead. See https://www.drupal.org/node/3054488
+   * @group legacy
    */
   public function testRandomBytes() {
-    for ($i = 1; $i < 10; $i++) {
-      $count = rand(10, 10000);
-      // Check that different values are being generated.
-      $this->assertNotEquals(Crypt::randomBytes($count), Crypt::randomBytes($count));
-      // Check the length.
-      $this->assertEquals(strlen(Crypt::randomBytes($count)), $count);
-    }
+    $this->assertSame(16, strlen(Crypt::randomBytes(16)));
   }
 
   /**