summaryrefslogtreecommitdiff
path: root/vendor/paragonie/random_compat
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/paragonie/random_compat')
-rw-r--r--vendor/paragonie/random_compat/CHANGELOG.md260
-rw-r--r--vendor/paragonie/random_compat/ERRATA.md34
-rw-r--r--vendor/paragonie/random_compat/README.md176
-rw-r--r--vendor/paragonie/random_compat/SECURITY.md108
-rw-r--r--vendor/paragonie/random_compat/composer.json66
-rw-r--r--vendor/paragonie/random_compat/lib/byte_safe_strings.php20
-rw-r--r--vendor/paragonie/random_compat/lib/cast_to_int.php26
-rw-r--r--vendor/paragonie/random_compat/lib/error_polyfill.php17
-rw-r--r--vendor/paragonie/random_compat/lib/random.php298
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php107
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php211
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_libsodium.php108
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php110
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php87
-rw-r--r--vendor/paragonie/random_compat/lib/random_int.php319
-rw-r--r--vendor/paragonie/random_compat/psalm-autoload.php9
-rw-r--r--vendor/paragonie/random_compat/psalm.xml16
17 files changed, 746 insertions, 1226 deletions
diff --git a/vendor/paragonie/random_compat/CHANGELOG.md b/vendor/paragonie/random_compat/CHANGELOG.md
deleted file mode 100644
index 247deace..00000000
--- a/vendor/paragonie/random_compat/CHANGELOG.md
+++ /dev/null
@@ -1,260 +0,0 @@
-### Version 2.0.2 - 2016-04-03
-
-Added a consistency check (discovered by Taylor Hornby in his
-[PHP encryption library](https://github.com/defuse/php-encryption)). It
-wasn't likely causing any trouble for us.
-
-### Version 2.0.1 - 2016-03-18
-
-Update comment in random.php
-
-### Version 2.0.0 - 2016-03-18
-
-Due to downstream errors, the OpenSSL removal now belongs in version
-2.0.0.
-
-### Version 1.3.1 - 2016-03-18
-
-* Add more possible values to `open_baseir` check.
-
-### Version 1.3.0 - 2016-03-17
-
-* Removed `openssl_random_pseudo_bytes()` entirely. If you are using
- random_compat in PHP on a Unix-like OS but cannot access
- `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to
- trust OpenSSL, feel free to write your own fallback code. e.g.
-
- ```php
- try {
- $bytes = random_bytes(32);
- } catch (Exception $ex) {
- $strong = false;
- $bytes = openssl_random_pseudo_bytes(32, $strong);
- if (!$strong) {
- throw $ex;
- }
- }
- ```
-
-### Version 1.2.2 - 2016-03-11
-
-* To prevent applications from hanging, if `/dev/urandom` is not
- accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
- a chance and was morally equivalent to not offering OpenSSL at all).
-
-### Version 1.2.1 - 2016-02-29
-
-* PHP 5.6.10 - 5.6.12 will hang when mcrypt is used on Unix-based operating
- systems ([PHP bug 69833](https://bugs.php.net/bug.php?id=69833)). If you are
- running one of these versions, please upgrade (or make sure `/dev/urandom` is
- readable) otherwise you're relying on OpenSSL.
-
-### Version 1.2.0 - 2016-02-05
-
-* Whitespace and other cosmetic changes
-* Added a changelog.
-* We now ship with a command line utility to build a PHP Archive from the
- command line.
-
- Every time we publish a new release, we will also upload a .phar
- to Github. Our public key is signed by our GPG key.
-
-### Version 1.1.6 - 2016-01-29
-
-* Eliminate `open_basedir` warnings by detecting this configuration setting.
- (Thanks [@oucil](https://github.com/oucil) for reporting this.)
-* Added install instructions to the README.
-* Documentation cleanup (there is, in fact, no `MCRYPT_CREATE_IV` constant, I
- meant to write `MCRYPT_DEV_URANDOM`)
-
-### Version 1.1.5 - 2016-01-06
-
-Prevent fatal errors on platforms with older versions of libsodium.
-
-### Version 1.1.4 - 2015-12-10
-
-Thanks [@narfbg](https://github.com/narfbg) for [critiquing the previous patch](https://github.com/paragonie/random_compat/issues/79#issuecomment-163590589)
-and suggesting a fix.
-
-### Version 1.1.3 - 2015-12-09
-
-The test for COM in disabled_classes is now case-insensitive.
-
-### Version 1.1.2 - 2015-12-09
-
-Don't instantiate COM if it's a disabled class. Removes the E_WARNING on Windows.
-
-### Version 1.1.1 - 2015-11-30
-
-Fix a performance issue with `/dev/urandom` buffering.
-
-### Version 1.1.0 - 2015-11-09
-
-Fix performance issues with ancient versions of PHP on Windows, but dropped
-support for PHP < 5.4.1 without mcrypt on Windows 7+ in the process. Since this
- is a BC break, semver dictates a minor version bump.
-
-### Version 1.0.10 - 2015-10-23
-
-* Avoid a performance killer with OpenSSL on Windows PHP 5.3.0 - 5.3.3 that was
- affecting [WordPress users](https://core.trac.wordpress.org/ticket/34409).
-* Use `$var = null` instead of `unset($var)` to avoid triggering the garbage
- collector and slowing things down.
-
-### Version 1.0.9 - 2015-10-20
-
-There is an outstanding issue `mcrypt_create_iv()` and PHP 7's `random_bytes()`
-on Windows reported by [@nicolas-grekas](https://github.com/nicolas-grekas) caused by `proc_open()` and environment
-variable handling (discovered by Appveyor when developing Symfony).
-
-Since the break is consistent, it's not our responsibility to fix it, but we
-should fail the same way PHP 7 will (i.e. throw an `Exception` rather than raise
-an error and then throw an `Exception`).
-
-### Version 1.0.8 - 2015-10-18
-
-* Fix usability issues with Windows (`new COM('CAPICOM.Utilities.1')` is not
- always available).
-* You can now test all the possible drivers by running `phpunit.sh each` in the
- `tests` directory.
-
-### Version 1.0.7 - 2015-10-16
-
-Several large integer handling bugfixes were contributed by [@oittaa](https://github.com/oittaa).
-
-### Version 1.0.6 - 2015-10-15
-
-Don't let the version number fool you, this was a pretty significant change.
-
-1. Added support for ext-libsodium, if it exists on the system. This is morally
- equivalent to adding `getrandom(2)` support without having to expose the
- syscall interface in PHP-land.
-2. Relaxed open_basedir restrictions. In previous versions, if open_basedir was
- set, PHP wouldn't even try to read from `/dev/urandom`. Now it will still do
- so if you can.
-3. Fixed integer casting inconsistencies between random_compat and PHP 7.
-4. Handle edge cases where an integer overflow turns one of the parameters into
- a float.
-
-One change that we discussed was making `random_bytes()` and `random_int()`
-strict typed; meaning you could *only* pass integers to either function. While
-most veteran programmers are probably only doing this already (we strongly
-encourage it), it wouldn't be consistent with how these functions behave in PHP
-7. Please use these functions responsibly.
-
-We've had even more of the PHP community involved in this release; the
-contributors list has been updated. If I forgot anybody, I promise you it's not
-because your contributions (either code or ideas) aren't valued, it's because
-I'm a bit overloaded with information at the moment. Please let me know
-immediately and I will correct my oversight.
-
-Thanks everyone for helping make random_compat better.
-
-### Version 1.0.5 - 2015-10-08
-
-Got rid of the methods in the `Throwable` interface, which was causing problems
-on PHP 5.2. While we would normally not care about 5.2 (since [5.4 and earlier are EOL'd](https://secure.php.net/supported-versions.php)),
-we do want to encourage widespread adoption (e.g. [Wordpress](https://core.trac.wordpress.org/ticket/28633)).
-
-### Version 1.0.4 - 2015-10-02
-
-Removed redundant `if()` checks, since `lib/random.php` is the entrypoint people
-should use.
-
-### Version 1.0.3 - 2015-10-02
-
-This release contains bug fixes contributed by the community.
-
-* Avoid a PHP Notice when PHP is running without the mbstring extension
-* Use a compatible version of PHPUnit for testing on older versions of PHP
-
-Although none of these bugs were outright security-affecting, updating ASAP is
-still strongly encouraged.
-
-### Version 1.0.2 - 2015-09-23
-
-Less strict input validation on `random_int()` parameters. PHP 7's `random_int()`
-accepts strings and floats that look like numbers, so we should too.
-
-Thanks [@dd32](https://github.com/@dd32) for correcting this oversight.
-
-### Version 1.0.1 - 2015-09-10
-
-Instead of throwing an Exception immediately on insecure platforms, only do so
-when `random_bytes()` is invoked.
-
-### Version 1.0.0 - 2015-09-07
-
-Our API is now stable and forward-compatible with the CSPRNG features in PHP 7
-(as of 7.0.0 RC3).
-
-A lot of great people have contributed their time and expertise to make this
-compatibility library possible. That this library has reached a stable release
-is more a reflection on the community than it is on PIE.
-
-We are confident that random_compat will serve as the simplest and most secure
-CSPRNG interface available for PHP5 projects.
-
-### Version 0.9.7 (pre-release) - 2015-09-01
-
-An attempt to achieve compatibility with Error/TypeError in the RFC.
-
-This should be identical to 1.0.0 sans any last-minute changes or performance enhancements.
-
-### Version 0.9.6 (pre-release) - 2015-08-06
-
-* Split the implementations into their own file (for ease of auditing)
-* Corrected the file type check after `/dev/urandom` has been opened (thanks
- [@narfbg](https://github.com/narfbg) and [@jedisct1](https://github.com/jedisct1))
-
-### Version 0.9.5 (pre-release) - 2015-07-31
-
-* Validate that `/dev/urandom` is a character device
- * Reported by [@lokdnet](https://twitter.com/lokdnet)
- * Investigated by [@narfbg](https://github.com/narfbg) and [frymaster](http://stackoverflow.com/users/1226810/frymaster) on [StackOverflow](http://stackoverflow.com/q/31631066/2224584)
-* Remove support for `/dev/arandom` which is an old OpenBSD feature, thanks [@jedisct1](https://github.com/jedisct1)
-* Prevent race conditions on the `filetype()` check, thanks [@jedisct1](https://github.com/jedisct1)
-* Buffer file reads to 8 bytes (performance optimization; PHP defaults to 8192 bytes)
-
-### Version 0.9.4 (pre-release) - 2015-07-27
-
-* Add logic to verify that `/dev/arandom` and `/dev/urandom` are actually devices.
-* Some clean-up in the comments
-
-### Version 0.9.3 (pre-release) - 2015-07-22
-
-Unless the Exceptions change to PHP 7 fails, this should be the last pre-release
-version. If need be, we'll make one more pre-release version with compatible
-behavior.
-
-Changes since 0.9.2:
-
-* Prioritize `/dev/arandom` and `/dev/urandom` over mcrypt.
-[@oittaa](https://github.com/oittaa) removed the -1 and +1 juggling on `$range` calculations for `random_int()`
-* Whitespace and comment clean-up, plus better variable names
-* Actually put a description in the composer.json file...
-
-### Version 0.9.2 (pre-release) - 2015-07-16
-
-* Consolidated `$range > PHP_INT_MAX` logic with `$range <= PHP_INT_MAX` (thanks
- [@oittaa](https://github.com/oittaa) and [@CodesInChaos](https://github.com/CodesInChaos))
-* `tests/phpunit.sh` now also runs the tests with `mbstring.func_overload` and
- `open_basedir`
-* Style consistency, whitespace cleanup, more meaningful variable names
-
-### Version 0.9.1 (pre-release) - 2015-07-09
-
-* Return random values on integer ranges > `PHP_INT_MAX` (thanks [@CodesInChaos](https://github.com/CodesInChaos))
-* Determined CSPRNG preference:
- 1. `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM`
- 2. `/dev/arandom`
- 3. `/dev/urandom`
- 4. `openssl_random_pseudo_bytes()`
-* Optimized backend selection (thanks [@lt](https://github.com/lt))
-* Fix #3 (thanks [@scottchiefbaker](https://github.com/scottchiefbaker))
-
-### Version 0.9.0 (pre-release) - 2015-07-07
-
-This should be a sane polyfill for PHP 7's `random_bytes()` and `random_int()`.
-We hesitate to call it production ready until it has received sufficient third
-party review. \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/ERRATA.md b/vendor/paragonie/random_compat/ERRATA.md
deleted file mode 100644
index 0561630d..00000000
--- a/vendor/paragonie/random_compat/ERRATA.md
+++ /dev/null
@@ -1,34 +0,0 @@
-## Errata (Design Decisions)
-
-### Reasoning Behind the Order of Preferred Random Data Sources
-
-The order is:
-
- 1. `libsodium if available`
- 2. `fread() /dev/urandom if available`
- 3. `mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)`
- 4. `COM('CAPICOM.Utilities.1')->GetRandom()`
-
-If libsodium is available, we get random data from it. This is the preferred
-method on all OSes, but libsodium is not very widely installed, so other
-fallbacks are available.
-
-Next, we read `/dev/urandom` (if it exists). This is the preferred file to read
-for random data for cryptographic purposes for BSD and Linux.
-
-Despite [strongly urging people not to use mcrypt in their projects](https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong),
-because libmcrypt is abandonware and the API puts too much responsibility on the
-implementor, we prioritize `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM` above
-the remaining implementations.
-
-The reason is simple: `mcrypt_create_iv()` is part of PHP's `ext/mcrypt` code,
-and is not part `libmcrypt`. It actually does the right thing:
-
- * On Unix-based operating systems, it reads from `/dev/urandom`, which unlike `/dev/random`
- is the sane and correct thing to do.
- * On Windows, it reads from `CryptGenRandom`, which is an exclusively Windows
- way to get random bytes.
-
-If we're on Windows and don't have access to `mcrypt`, we use `CAPICOM.Utilities.1`.
-
-As of random_compat 1.3, we no longer fall through to OpenSSL.
diff --git a/vendor/paragonie/random_compat/README.md b/vendor/paragonie/random_compat/README.md
deleted file mode 100644
index 80560862..00000000
--- a/vendor/paragonie/random_compat/README.md
+++ /dev/null
@@ -1,176 +0,0 @@
-# random_compat
-
-[![Build Status](https://travis-ci.org/paragonie/random_compat.svg?branch=master)](https://travis-ci.org/paragonie/random_compat)
-[![Scrutinizer](https://scrutinizer-ci.com/g/paragonie/random_compat/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/paragonie/random_compat)
-
-PHP 5.x polyfill for `random_bytes()` and `random_int()` created and maintained
-by [Paragon Initiative Enterprises](https://paragonie.com).
-
-Although this library *should* function in earlier versions of PHP, we will only
-consider issues relevant to [supported PHP versions](https://secure.php.net/supported-versions.php).
-**If you are using an unsupported version of PHP, please upgrade as soon as possible.**
-
-## Important
-
-Although this library has been examined by some security experts in the PHP
-community, there will always be a chance that we overlooked something. Please
-ask your favorite trusted hackers to hammer it for implementation errors and
-bugs before even thinking about deploying it in production.
-
-**Do not use the master branch, use a [stable release](https://github.com/paragonie/random_compat/releases/latest).**
-
-For the background of this library, please refer to our blog post on
-[Generating Random Integers and Strings in PHP](https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php).
-
-### Usability Notice
-
-If PHP cannot safely generate random data, this library will throw an `Exception`.
-It will never fall back to insecure random data. If this keeps happening, upgrade
-to a newer version of PHP immediately.
-
-## Installing
-
-**With [Composer](https://getcomposer.org):**
-
- composer require paragonie/random_compat
-
-**Signed PHP Archive:**
-
-As of version 1.2.0, we also ship an ECDSA-signed PHP Archive with each stable
-release on Github.
-
-1. Download [the `.phar`, `.phar.pubkey`, and `.phar.pubkey.asc`](https://github.com/paragonie/random_compat/releases/latest) files.
-2. (**Recommended** but not required) Verify the PGP signature of `.phar.pubkey`
- (contained within the `.asc` file) using the [PGP public key for Paragon Initiative Enterprises](https://paragonie.com/static/gpg-public-key.txt).
-3. Extract both `.phar` and `.phar.pubkey` files to the same directory.
-4. `require_once "/path/to/random_compat.phar";`
-5. When a new version is released, you only need to replace the `.phar` file;
- the `.pubkey` will not change (unless our signing key is ever compromised).
-
-**Manual Installation:**
-
-1. Download [a stable release](https://github.com/paragonie/random_compat/releases/latest).
-2. Extract the files into your project.
-3. `require_once "/path/to/random_compat/lib/random.php";`
-
-## Usage
-
-This library exposes the [CSPRNG functions added in PHP 7](https://secure.php.net/manual/en/ref.csprng.php)
-for use in PHP 5 projects. Their behavior should be identical.
-
-### Generate a string of random bytes
-
-```php
-try {
- $string = random_bytes(32);
-} catch (TypeError $e) {
- // Well, it's an integer, so this IS unexpected.
- die("An unexpected error has occurred");
-} catch (Error $e) {
- // This is also unexpected because 32 is a reasonable integer.
- die("An unexpected error has occurred");
-} catch (Exception $e) {
- // If you get this message, the CSPRNG failed hard.
- die("Could not generate a random string. Is our OS secure?");
-}
-
-var_dump(bin2hex($string));
-// string(64) "5787c41ae124b3b9363b7825104f8bc8cf27c4c3036573e5f0d4a91ad2eeac6f"
-```
-
-### Generate a random integer between two given integers (inclusive)
-
-```php
-try {
- $int = random_int(0,255);
-
-} catch (TypeError $e) {
- // Well, it's an integer, so this IS unexpected.
- die("An unexpected error has occurred");
-} catch (Error $e) {
- // This is also unexpected because 0 and 255 are both reasonable integers.
- die("An unexpected error has occurred");
-} catch (Exception $e) {
- // If you get this message, the CSPRNG failed hard.
- die("Could not generate a random string. Is our OS secure?");
-}
-
-var_dump($int);
-// int(47)
-```
-
-### Exception handling
-
-When handling exceptions and errors you must account for differences between
-PHP 5 and PHP7.
-
-The differences:
-
-* Catching `Error` works, so long as it is caught before `Exception`.
-* Catching `Exception` has different behavior, without previously catching `Error`.
-* There is *no* portable way to catch all errors/exceptions.
-
-#### Our recommendation
-
-**Always** catch `Error` before `Exception`.
-
-#### Example
-
-```php
-try {
- return random_int(1, $userInput);
-} catch (TypeError $e) {
- // This is okay, so long as `Error` is caught before `Exception`.
- throw new Exception('Please enter a number!');
-} catch (Error $e) {
- // This is required, if you do not need to do anything just rethrow.
- throw $e;
-} catch (Exception $e) {
- // This is optional and maybe omitted if you do not want to handle errors
- // during generation.
- throw new InternalServerErrorException(
- 'Oops, our server is bust and cannot generate any random data.',
- 500,
- $e
- );
-}
-```
-
-## Contributors
-
-This project would not be anywhere near as excellent as it is today if it
-weren't for the contributions of the following individuals:
-
-* [@AndrewCarterUK (Andrew Carter)](https://github.com/AndrewCarterUK)
-* [@asgrim (James Titcumb)](https://github.com/asgrim)
-* [@bcremer (Benjamin Cremer)](https://github.com/bcremer)
-* [@CodesInChaos (Christian Winnerlein)](https://github.com/CodesInChaos)
-* [@chriscct7 (Chris Christoff)](https://github.com/chriscct7)
-* [@cs278 (Chris Smith)](https://github.com/cs278)
-* [@cweagans (Cameron Eagans)](https://github.com/cweagans)
-* [@dd32 (Dion Hulse)](https://github.com/dd32)
-* [@geggleto (Glenn Eggleton)](https://github.com/geggleto)
-* [@ircmaxell (Anthony Ferrara)](https://github.com/ircmaxell)
-* [@jedisct1 (Frank Denis)](https://github.com/jedisct1)
-* [@juliangut (Julián Gutiérrez)](https://github.com/juliangut)
-* [@kelunik (Niklas Keller)](https://github.com/kelunik)
-* [@lt (Leigh)](https://github.com/lt)
-* [@MasonM (Mason Malone)](https://github.com/MasonM)
-* [@mmeyer2k (Michael M)](https://github.com/mmeyer2k)
-* [@narfbg (Andrey Andreev)](https://github.com/narfbg)
-* [@nicolas-grekas (Nicolas Grekas)](https://github.com/nicolas-grekas)
-* [@oittaa](https://github.com/oittaa)
-* [@oucil (Kevin Farley)](https://github.com/oucil)
-* [@redragonx (Stephen Chavez)](https://github.com/redragonx)
-* [@rchouinard (Ryan Chouinard)](https://github.com/rchouinard)
-* [@SammyK (Sammy Kaye Powers)](https://github.com/SammyK)
-* [@scottchiefbaker (Scott Baker)](https://github.com/scottchiefbaker)
-* [@skyosev (Stoyan Kyosev)](https://github.com/skyosev)
-* [@stof (Christophe Coevoet)](https://github.com/stof)
-* [@teohhanhui (Teoh Han Hui)](https://github.com/teohhanhui)
-* [@tom-- (Tom Worster)](https://github.com/tom--)
-* [@tsyr2ko](https://github.com/tsyr2ko)
-* [@trowski (Aaron Piotrowski)](https://github.com/trowski)
-* [@twistor (Chris Lepannen)](https://github.com/twistor)
-* [@voku (Lars Moelleken)](https://github.com/voku)
-* [@xabbuh (Christian Flothmann)](https://github.com/xabbuh)
diff --git a/vendor/paragonie/random_compat/SECURITY.md b/vendor/paragonie/random_compat/SECURITY.md
deleted file mode 100644
index 8f731b38..00000000
--- a/vendor/paragonie/random_compat/SECURITY.md
+++ /dev/null
@@ -1,108 +0,0 @@
-# An Invitation to Security Researchers
-
-Every company says they take security "very seriously." Rather than bore anyone
-with banal boilerplate, here are some quick answers followed by detailed
-elaboration. If you have any questions about our policies, please email them to
-`scott@paragonie.com`.
-
-## Quick Answers
-
-* There is no compulsion to disclose vulnerabilities privately, but we
- appreciate a head's up.
-* `security@paragonie.com` will get your reports to the right person. Our GPG
- fingerprint, should you decide to encrypt your report, is
- `7F52 D5C6 1D12 55C7 3136 2E82 6B97 A1C2 8264 04DA`.
-
-* **YES**, we will reward security researchers who disclose vulnerabilities in
- our software.
-* In most cases, **No Proof-of-Concept Required.**
-
-## How to Report a Security Bug to Paragon Initiative Enterprises
-
-### There is no compulsion to disclose privately.
-
-We believe vulnerability disclosure style is a personal choice and enjoy working
-with a diverse community. We understand and appreciate the importance of Full
-Disclosure in the history and practice of security research.
-
-We would *like* to know about high-severity bugs before they become public
-knowledge, so we can fix them in a timely manner, but **we do not believe in
-threatening researchers or trying to enforce vulnerability embargoes**.
-
-Ultimately, if you discover a security-affecting vulnerability, what you do with
-it is your choice. We would like to work with people, and to celebrate and
-reward their skill, experience, and dedication. We appreciate being informed of
-our mistakes so we can learn from them and build a better product. Our goal is
-to empower the community.
-
-### Where to Send Security Vulnerabilities
-
-Our security email address is `security@paragonie.com`. Also feel free to open a
-new issue on Github if you want to disclose publicly.
-
-```
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG
-
-mQENBFUgwRUBCADcIpqNwyYc5UmY/tpx1sF/rQ3knR1YNXYZThzFV+Gmqhp1fDH5
-qBs9foh1xwI6O7knWmQngnf/nBumI3x6xj7PuOdEZUh2FwCG/VWnglW8rKmoHzHA
-ivjiu9SLnPIPAgHSHeh2XD7q3Ndm3nenbjAiRFNl2iXcwA2cTQp9Mmfw9vVcw0G0
-z1o0G3s8cC8ZS6flFySIervvfSRWj7A1acI5eE3+AH/qXJRdEJ+9J8OB65p1JMfk
-6+fWgOB1XZxMpz70S0rW6IX38WDSRhEK2fXyZJAJjyt+YGuzjZySNSoQR/V6vNYn
-syrNPCJ2i5CgZQxAkyBBcr7koV9RIhPRzct/ABEBAAG0IVNlY3VyaXR5IDxzZWN1
-cml0eUBwYXJhZ29uaWUuY29tPokBOQQTAQIAIwUCVSDBFQIbAwcLCQgHAwIBBhUI
-AgkKCwQWAgMBAh4BAheAAAoJEGuXocKCZATat2YIAIoejNFEQ2c1iaOEtSuB7Pn/
-WLbsDsHNLDKOV+UnfaCjv/vL7D+5NMChFCi2frde/NQb2TsjqmIH+V+XbnJtlrXD
-Vj7yvMVal+Jqjwj7v4eOEWcKVcFZk+9cfUgh7t92T2BMX58RpgZF0IQZ6Z1R3FfC
-9Ub4X6ykW+te1q0/4CoRycniwmlQi6iGSr99LQ5pfJq2Qlmz/luTZ0UX0h575T7d
-cp2T1sX/zFRk/fHeANWSksipdDBjAXR7NMnYZgw2HghEdFk/xRDY7K1NRWNZBf05
-WrMHmh6AIVJiWZvI175URxEe268hh+wThBhXQHMhFNJM1qPIuzb4WogxM3UUD7m5
-AQ0EVSDBFQEIALNkpzSuJsHAHh79sc0AYWztdUe2MzyofQbbOnOCpWZebYsC3EXU
-335fIg59k0m6f+O7GmEZzzIv5v0i99GS1R8CJm6FvhGqtH8ZqmOGbc71WdJSiNVE
-0kpQoJlVzRbig6ZyyjzrggbM1eh5OXOk5pw4+23FFEdw7JWU0HJS2o71r1hwp05Z
-vy21kcUEobz/WWQQyGS0Neo7PJn+9KS6wOxXul/UE0jct/5f7KLMdWMJ1VgniQmm
-hjvkHLPSICteqCI04RfcmMseW9gueHQXeUu1SNIvsWa2MhxjeBej3pDnrZWszKwy
-gF45GO9/v4tkIXNMy5J1AtOyRgQ3IUMqp8EAEQEAAYkBHwQYAQIACQUCVSDBFQIb
-DAAKCRBrl6HCgmQE2jnIB/4/xFz8InpM7eybnBOAir3uGcYfs3DOmaKn7qWVtGzv
-rKpQPYnVtlU2i6Z5UO4c4jDLT/8Xm1UDz3Lxvqt4xCaDwJvBZexU5BMK8l5DvOzH
-6o6P2L1UDu6BvmPXpVZz7/qUhOnyf8VQg/dAtYF4/ax19giNUpI5j5o5mX5w80Rx
-qSXV9NdSL4fdjeG1g/xXv2luhoV53T1bsycI3wjk/x5tV+M2KVhZBvvuOm/zhJje
-oLWp0saaESkGXIXqurj6gZoujJvSvzl0n9F9VwqMEizDUfrXgtD1siQGhP0sVC6q
-ha+F/SAEJ0jEquM4TfKWWU2S5V5vgPPpIQSYRnhQW4b1
-=xJPW
------END PGP PUBLIC KEY BLOCK-----
-```
-
-### We Will Reward Security Researchers
-
-**This process has not been formalized; nor have dollar amounts been
-discussed.**
-
-However, if you report a valid security-affecting bug, we will compensate you
-for the time spent finding the vulnerability and reward you for being a good
-neighbor.
-
-#### What does a "valid" bug mean?
-
-There are two sides to this:
-
-1. Some have spammed projects with invalid bug reports hoping to collect
- bounties for pressing a button and running an automated analysis tool. This
- is not cool.
-2. There is a potential for the developers of a project to declare all security
- bug reports as invalid to save money.
-
-Our team members have an established history of reporting vulnerabilities to
-large open source projects. **We aren't in the business of ripping people off.**
-When in doubt, our policy is to err on the side of generosity.
-
-### No Proof-of-Concept Required
-
-We might ask for one if we feel we do not understand some of the details
-pertaining to a specific vulnerability. We certainly appreciate them if you
-include them in your report, but we believe **the burden lies with the developer
-to prove their software *is* secure** rather than with the researcher to prove
-that it isn't.
-
-In our experience, most bugs are simpler to fix than they are to exploit.
-
diff --git a/vendor/paragonie/random_compat/composer.json b/vendor/paragonie/random_compat/composer.json
index d363f4c8..1c5978c6 100644
--- a/vendor/paragonie/random_compat/composer.json
+++ b/vendor/paragonie/random_compat/composer.json
@@ -1,35 +1,37 @@
{
- "name": "paragonie/random_compat",
- "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
- "keywords": [
- "csprng",
- "random",
- "pseudorandom"
- ],
- "license": "MIT",
- "type": "library",
- "authors": [
- {
- "name": "Paragon Initiative Enterprises",
- "email": "security@paragonie.com",
- "homepage": "https://paragonie.com"
- }
- ],
- "support": {
- "issues": "https://github.com/paragonie/random_compat/issues",
- "email": "info@paragonie.com",
- "source": "https://github.com/paragonie/random_compat"
- },
- "require": {
- "php": ">=5.2.0"
- },
- "require-dev": {
- "phpunit/phpunit": "4.*|5.*"
- },
- "suggest": {
- "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
- },
- "autoload": {
- "files": ["lib/random.php"]
+ "name": "paragonie/random_compat",
+ "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+ "keywords": [
+ "csprng",
+ "random",
+ "pseudorandom"
+ ],
+ "license": "MIT",
+ "type": "library",
+ "authors": [
+ {
+ "name": "Paragon Initiative Enterprises",
+ "email": "security@paragonie.com",
+ "homepage": "https://paragonie.com"
}
+ ],
+ "support": {
+ "issues": "https://github.com/paragonie/random_compat/issues",
+ "email": "info@paragonie.com",
+ "source": "https://github.com/paragonie/random_compat"
+ },
+ "require": {
+ "php": ">=5.2.0"
+ },
+ "require-dev": {
+ "phpunit/phpunit": "4.*|5.*"
+ },
+ "suggest": {
+ "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+ },
+ "autoload": {
+ "files": [
+ "lib/random.php"
+ ]
+ }
}
diff --git a/vendor/paragonie/random_compat/lib/byte_safe_strings.php b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
index dec5d306..3de86b22 100644
--- a/vendor/paragonie/random_compat/lib/byte_safe_strings.php
+++ b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
@@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,7 +26,7 @@
* SOFTWARE.
*/
-if (!function_exists('RandomCompat_strlen')) {
+if (!is_callable('RandomCompat_strlen')) {
if (
defined('MB_OVERLOAD_STRING') &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
@@ -51,7 +51,7 @@ if (!function_exists('RandomCompat_strlen')) {
);
}
- return mb_strlen($binary_string, '8bit');
+ return (int) mb_strlen($binary_string, '8bit');
}
} else {
@@ -73,12 +73,12 @@ if (!function_exists('RandomCompat_strlen')) {
'RandomCompat_strlen() expects a string'
);
}
- return strlen($binary_string);
+ return (int) strlen($binary_string);
}
}
}
-if (!function_exists('RandomCompat_substr')) {
+if (!is_callable('RandomCompat_substr')) {
if (
defined('MB_OVERLOAD_STRING')
@@ -118,7 +118,7 @@ if (!function_exists('RandomCompat_substr')) {
* mb_substr($str, 0, NULL, '8bit') returns an empty string on
* PHP 5.3, so we have to find the length ourselves.
*/
- $length = RandomCompat_strlen($length) - $start;
+ $length = RandomCompat_strlen($binary_string) - $start;
} elseif (!is_int($length)) {
throw new TypeError(
'RandomCompat_substr(): Third argument should be an integer, or omitted'
@@ -130,10 +130,10 @@ if (!function_exists('RandomCompat_substr')) {
return '';
}
if ($start > RandomCompat_strlen($binary_string)) {
- return false;
+ return '';
}
- return mb_substr($binary_string, $start, $length, '8bit');
+ return (string) mb_substr($binary_string, $start, $length, '8bit');
}
} else {
@@ -172,10 +172,10 @@ if (!function_exists('RandomCompat_substr')) {
);
}
- return substr($binary_string, $start, $length);
+ return (string) substr($binary_string, $start, $length);
}
- return substr($binary_string, $start);
+ return (string) substr($binary_string, $start);
}
}
}
diff --git a/vendor/paragonie/random_compat/lib/cast_to_int.php b/vendor/paragonie/random_compat/lib/cast_to_int.php
index f441c5d9..9a4fab99 100644
--- a/vendor/paragonie/random_compat/lib/cast_to_int.php
+++ b/vendor/paragonie/random_compat/lib/cast_to_int.php
@@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,7 +26,7 @@
* SOFTWARE.
*/
-if (!function_exists('RandomCompat_intval')) {
+if (!is_callable('RandomCompat_intval')) {
/**
* Cast to an integer if we can, safely.
@@ -38,15 +38,18 @@ if (!function_exists('RandomCompat_intval')) {
* through.
*
* @param int|float $number The number we want to convert to an int
- * @param boolean $fail_open Set to true to not throw an exception
+ * @param bool $fail_open Set to true to not throw an exception
*
- * @return int (or float if $fail_open)
+ * @return float|int
+ * @psalm-suppress InvalidReturnType
*
* @throws TypeError
*/
function RandomCompat_intval($number, $fail_open = false)
{
- if (is_numeric($number)) {
+ if (is_int($number) || is_float($number)) {
+ $number += 0;
+ } elseif (is_numeric($number)) {
$number += 0;
}
@@ -60,12 +63,13 @@ if (!function_exists('RandomCompat_intval')) {
$number = (int) $number;
}
- if (is_int($number) || $fail_open) {
- return $number;
+ if (is_int($number)) {
+ return (int) $number;
+ } elseif (!$fail_open) {
+ throw new TypeError(
+ 'Expected an integer.'
+ );
}
-
- throw new TypeError(
- 'Expected an integer.'
- );
+ return $number;
}
}
diff --git a/vendor/paragonie/random_compat/lib/error_polyfill.php b/vendor/paragonie/random_compat/lib/error_polyfill.php
index 57cfefdc..6a91990c 100644
--- a/vendor/paragonie/random_compat/lib/error_polyfill.php
+++ b/vendor/paragonie/random_compat/lib/error_polyfill.php
@@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -35,8 +35,15 @@ if (!class_exists('Error', false)) {
}
if (!class_exists('TypeError', false)) {
- class TypeError extends Error
- {
-
+ if (is_subclass_of('Error', 'Exception')) {
+ class TypeError extends Error
+ {
+
+ }
+ } else {
+ class TypeError extends Exception
+ {
+
+ }
}
}
diff --git a/vendor/paragonie/random_compat/lib/random.php b/vendor/paragonie/random_compat/lib/random.php
index a8802597..df74c8a4 100644
--- a/vendor/paragonie/random_compat/lib/random.php
+++ b/vendor/paragonie/random_compat/lib/random.php
@@ -3,12 +3,12 @@
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
- * @version 2.0.2
- * @released 2016-04-03
+ * @version 2.0.10
+ * @released 2017-03-13
*
* The MIT License (MIT)
*
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -31,7 +31,7 @@
if (!defined('PHP_VERSION_ID')) {
// This constant was introduced in PHP 5.2.7
- $RandomCompatversion = explode('.', PHP_VERSION);
+ $RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
define(
'PHP_VERSION_ID',
$RandomCompatversion[0] * 10000
@@ -41,157 +41,183 @@ if (!defined('PHP_VERSION_ID')) {
$RandomCompatversion = null;
}
-if (PHP_VERSION_ID < 70000) {
-
- if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
- define('RANDOM_COMPAT_READ_BUFFER', 8);
- }
-
- $RandomCompatDIR = dirname(__FILE__);
+/**
+ * PHP 7.0.0 and newer have these functions natively.
+ */
+if (PHP_VERSION_ID >= 70000) {
+ return;
+}
- require_once $RandomCompatDIR.'/byte_safe_strings.php';
- require_once $RandomCompatDIR.'/cast_to_int.php';
- require_once $RandomCompatDIR.'/error_polyfill.php';
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
- if (!function_exists('random_bytes')) {
- /**
- * PHP 5.2.0 - 5.6.x way to implement random_bytes()
- *
- * We use conditional statements here to define the function in accordance
- * to the operating environment. It's a micro-optimization.
- *
- * In order of preference:
- * 1. Use libsodium if available.
- * 2. fread() /dev/urandom if available (never on Windows)
- * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
- * 4. COM('CAPICOM.Utilities.1')->GetRandom()
- * 5. openssl_random_pseudo_bytes() (absolute last resort)
- *
- * See ERRATA.md for our reasoning behind this particular order
- */
- if (extension_loaded('libsodium')) {
- // See random_bytes_libsodium.php
- if (PHP_VERSION_ID >= 50300 && function_exists('\\Sodium\\randombytes_buf')) {
- require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
- } elseif (method_exists('Sodium', 'randombytes_buf')) {
- require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php';
- }
+$RandomCompatDIR = dirname(__FILE__);
+
+require_once $RandomCompatDIR . '/byte_safe_strings.php';
+require_once $RandomCompatDIR . '/cast_to_int.php';
+require_once $RandomCompatDIR . '/error_polyfill.php';
+
+if (!is_callable('random_bytes')) {
+ /**
+ * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+ *
+ * We use conditional statements here to define the function in accordance
+ * to the operating environment. It's a micro-optimization.
+ *
+ * In order of preference:
+ * 1. Use libsodium if available.
+ * 2. fread() /dev/urandom if available (never on Windows)
+ * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
+ * 4. COM('CAPICOM.Utilities.1')->GetRandom()
+ *
+ * See RATIONALE.md for our reasoning behind this particular order
+ */
+ if (extension_loaded('libsodium')) {
+ // See random_bytes_libsodium.php
+ if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
+ require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
+ } elseif (method_exists('Sodium', 'randombytes_buf')) {
+ require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
}
+ }
- /**
- * Reading directly from /dev/urandom:
- */
- if (DIRECTORY_SEPARATOR === '/') {
- // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
- // way to exclude Windows.
- $RandomCompatUrandom = true;
- $RandomCompat_basedir = ini_get('open_basedir');
-
- if (!empty($RandomCompat_basedir)) {
- $RandomCompat_open_basedir = explode(
- PATH_SEPARATOR,
- strtolower($RandomCompat_basedir)
- );
- $RandomCompatUrandom = (array() !== array_intersect(
- array('/dev', '/dev/', '/dev/urandom'),
- $RandomCompat_open_basedir
- ));
- $RandomCompat_open_basedir = null;
- }
-
- if (
- !function_exists('random_bytes')
- &&
- $RandomCompatUrandom
- &&
- @is_readable('/dev/urandom')
- ) {
- // Error suppression on is_readable() in case of an open_basedir
- // or safe_mode failure. All we care about is whether or not we
- // can read it at this point. If the PHP environment is going to
- // panic over trying to see if the file can be read in the first
- // place, that is not helpful to us here.
-
- // See random_bytes_dev_urandom.php
- require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
- }
- // Unset variables after use
- $RandomCompat_basedir = null;
- } else {
- $RandomCompatUrandom = false;
+ /**
+ * Reading directly from /dev/urandom:
+ */
+ if (DIRECTORY_SEPARATOR === '/') {
+ // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+ // way to exclude Windows.
+ $RandomCompatUrandom = true;
+ $RandomCompat_basedir = ini_get('open_basedir');
+
+ if (!empty($RandomCompat_basedir)) {
+ $RandomCompat_open_basedir = explode(
+ PATH_SEPARATOR,
+ strtolower($RandomCompat_basedir)
+ );
+ $RandomCompatUrandom = (array() !== array_intersect(
+ array('/dev', '/dev/', '/dev/urandom'),
+ $RandomCompat_open_basedir
+ ));
+ $RandomCompat_open_basedir = null;
}
- /**
- * mcrypt_create_iv()
- */
if (
- !function_exists('random_bytes')
- &&
- PHP_VERSION_ID >= 50307
+ !is_callable('random_bytes')
&&
- extension_loaded('mcrypt')
+ $RandomCompatUrandom
&&
- (DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
+ @is_readable('/dev/urandom')
) {
- // Prevent this code from hanging indefinitely on non-Windows;
- // see https://bugs.php.net/bug.php?id=69833
- if (
- DIRECTORY_SEPARATOR !== '/' ||
- (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
- ) {
- // See random_bytes_mcrypt.php
- require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
- }
+ // Error suppression on is_readable() in case of an open_basedir
+ // or safe_mode failure. All we care about is whether or not we
+ // can read it at this point. If the PHP environment is going to
+ // panic over trying to see if the file can be read in the first
+ // place, that is not helpful to us here.
+
+ // See random_bytes_dev_urandom.php
+ require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
}
- $RandomCompatUrandom = null;
-
- if (
- !function_exists('random_bytes')
- &&
- extension_loaded('com_dotnet')
- &&
- class_exists('COM')
- ) {
- $RandomCompat_disabled_classes = preg_split(
- '#\s*,\s*#',
- strtolower(ini_get('disable_classes'))
- );
+ // Unset variables after use
+ $RandomCompat_basedir = null;
+ } else {
+ $RandomCompatUrandom = false;
+ }
- if (!in_array('com', $RandomCompat_disabled_classes)) {
- try {
- $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
- if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
- // See random_bytes_com_dotnet.php
- require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
- }
- } catch (com_exception $e) {
- // Don't try to use it.
+ /**
+ * mcrypt_create_iv()
+ *
+ * We only want to use mcypt_create_iv() if:
+ *
+ * - random_bytes() hasn't already been defined
+ * - the mcrypt extensions is loaded
+ * - One of these two conditions is true:
+ * - We're on Windows (DIRECTORY_SEPARATOR !== '/')
+ * - We're not on Windows and /dev/urandom is readabale
+ * (i.e. we're not in a chroot jail)
+ * - Special case:
+ * - If we're not on Windows, but the PHP version is between
+ * 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
+ * hang indefinitely. This is bad.
+ * - If we're on Windows, we want to use PHP >= 5.3.7 or else
+ * we get insufficient entropy errors.
+ */
+ if (
+ !is_callable('random_bytes')
+ &&
+ // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
+ (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
+ &&
+ // Prevent this code from hanging indefinitely on non-Windows;
+ // see https://bugs.php.net/bug.php?id=69833
+ (
+ DIRECTORY_SEPARATOR !== '/' ||
+ (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
+ )
+ &&
+ extension_loaded('mcrypt')
+ ) {
+ // See random_bytes_mcrypt.php
+ require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
+ }
+ $RandomCompatUrandom = null;
+
+ /**
+ * This is a Windows-specific fallback, for when the mcrypt extension
+ * isn't loaded.
+ */
+ if (
+ !is_callable('random_bytes')
+ &&
+ extension_loaded('com_dotnet')
+ &&
+ class_exists('COM')
+ ) {
+ $RandomCompat_disabled_classes = preg_split(
+ '#\s*,\s*#',
+ strtolower(ini_get('disable_classes'))
+ );
+
+ if (!in_array('com', $RandomCompat_disabled_classes)) {
+ try {
+ $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+ if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+ // See random_bytes_com_dotnet.php
+ require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
}
+ } catch (com_exception $e) {
+ // Don't try to use it.
}
- $RandomCompat_disabled_classes = null;
- $RandomCompatCOMtest = null;
}
+ $RandomCompat_disabled_classes = null;
+ $RandomCompatCOMtest = null;
+ }
+ /**
+ * throw new Exception
+ */
+ if (!is_callable('random_bytes')) {
/**
- * throw new Exception
+ * We don't have any more options, so let's throw an exception right now
+ * and hope the developer won't let it fail silently.
+ *
+ * @param mixed $length
+ * @return void
+ * @throws Exception
*/
- if (!function_exists('random_bytes')) {
- /**
- * We don't have any more options, so let's throw an exception right now
- * and hope the developer won't let it fail silently.
- */
- function random_bytes($length)
- {
- throw new Exception(
- 'There is no suitable CSPRNG installed on your system'
- );
- }
+ function random_bytes($length)
+ {
+ unset($length); // Suppress "variable not used" warnings.
+ throw new Exception(
+ 'There is no suitable CSPRNG installed on your system'
+ );
}
}
+}
- if (!function_exists('random_int')) {
- require_once $RandomCompatDIR.'/random_int.php';
- }
-
- $RandomCompatDIR = null;
+if (!is_callable('random_int')) {
+ require_once $RandomCompatDIR . '/random_int.php';
}
+
+$RandomCompatDIR = null;
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
index 34228254..fc1926e5 100644
--- a/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
+++ b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
@@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,56 +26,63 @@
* SOFTWARE.
*/
-/**
- * Windows with PHP < 5.3.0 will not have the function
- * openssl_random_pseudo_bytes() available, so let's use
- * CAPICOM to work around this deficiency.
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
- $buf = '';
- $util = new COM('CAPICOM.Utilities.1');
- $execCount = 0;
-
+if (!is_callable('random_bytes')) {
/**
- * Let's not let it loop forever. If we run N times and fail to
- * get N bytes of random data, then CAPICOM has failed us.
+ * Windows with PHP < 5.3.0 will not have the function
+ * openssl_random_pseudo_bytes() available, so let's use
+ * CAPICOM to work around this deficiency.
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
*/
- do {
- $buf .= base64_decode($util->GetRandom($bytes, 0));
- if (RandomCompat_strlen($buf) >= $bytes) {
- /**
- * Return our random entropy buffer here:
- */
- return RandomCompat_substr($buf, 0, $bytes);
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
}
- ++$execCount;
- } while ($execCount < $bytes);
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
-}
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+
+ $buf = '';
+ if (!class_exists('COM')) {
+ throw new Error(
+ 'COM does not exist'
+ );
+ }
+ $util = new COM('CAPICOM.Utilities.1');
+ $execCount = 0;
+
+ /**
+ * Let's not let it loop forever. If we run N times and fail to
+ * get N bytes of random data, then CAPICOM has failed us.
+ */
+ do {
+ $buf .= base64_decode($util->GetRandom($bytes, 0));
+ if (RandomCompat_strlen($buf) >= $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return RandomCompat_substr($buf, 0, $bytes);
+ }
+ ++$execCount;
+ } while ($execCount < $bytes);
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+ }
+} \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
index db93b075..df5b9152 100644
--- a/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
+++ b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
@@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -30,119 +30,138 @@ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
define('RANDOM_COMPAT_READ_BUFFER', 8);
}
-/**
- * Unless open_basedir is enabled, use /dev/urandom for
- * random numbers in accordance with best practices
- *
- * Why we use /dev/urandom and not /dev/random
- * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- static $fp = null;
+if (!is_callable('random_bytes')) {
/**
- * This block should only be run once
+ * Unless open_basedir is enabled, use /dev/urandom for
+ * random numbers in accordance with best practices
+ *
+ * Why we use /dev/urandom and not /dev/random
+ * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
*/
- if (empty($fp)) {
+ function random_bytes($bytes)
+ {
+ static $fp = null;
/**
- * We use /dev/urandom if it is a char device.
- * We never fall back to /dev/random
+ * This block should only be run once
*/
- $fp = fopen('/dev/urandom', 'rb');
- if (!empty($fp)) {
- $st = fstat($fp);
- if (($st['mode'] & 0170000) !== 020000) {
- fclose($fp);
- $fp = false;
- }
- }
-
- if (!empty($fp)) {
+ if (empty($fp)) {
/**
- * stream_set_read_buffer() does not exist in HHVM
- *
- * If we don't set the stream's read buffer to 0, PHP will
- * internally buffer 8192 bytes, which can waste entropy
- *
- * stream_set_read_buffer returns 0 on success
+ * We use /dev/urandom if it is a char device.
+ * We never fall back to /dev/random
*/
- if (function_exists('stream_set_read_buffer')) {
- stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+ $fp = fopen('/dev/urandom', 'rb');
+ if (!empty($fp)) {
+ $st = fstat($fp);
+ if (($st['mode'] & 0170000) !== 020000) {
+ fclose($fp);
+ $fp = false;
+ }
}
- if (function_exists('stream_set_chunk_size')) {
- stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+
+ if (!empty($fp)) {
+ /**
+ * stream_set_read_buffer() does not exist in HHVM
+ *
+ * If we don't set the stream's read buffer to 0, PHP will
+ * internally buffer 8192 bytes, which can waste entropy
+ *
+ * stream_set_read_buffer returns 0 on success
+ */
+ if (is_callable('stream_set_read_buffer')) {
+ stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
+ if (is_callable('stream_set_chunk_size')) {
+ stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
}
}
- }
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
- /**
- * This if() block only runs if we managed to open a file handle
- *
- * It does not belong in an else {} block, because the above
- * if (empty($fp)) line is logic that should only be run once per
- * page load.
- */
- if (!empty($fp)) {
- $remaining = $bytes;
- $buf = '';
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
/**
- * We use fread() in a loop to protect against partial reads
+ * This if() block only runs if we managed to open a file handle
+ *
+ * It does not belong in an else {} block, because the above
+ * if (empty($fp)) line is logic that should only be run once per
+ * page load.
*/
- do {
- $read = fread($fp, $remaining);
- if ($read === false) {
- /**
- * We cannot safely read from the file. Exit the
- * do-while loop and trigger the exception condition
- */
- $buf = false;
- break;
- }
+ if (!empty($fp)) {
/**
- * Decrease the number of bytes returned from remaining
+ * @var int
*/
- $remaining -= RandomCompat_strlen($read);
- $buf .= $read;
- } while ($remaining > 0);
-
- /**
- * Is our result valid?
- */
- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
+ $remaining = $bytes;
+
+ /**
+ * @var string|bool
+ */
+ $buf = '';
+
+ /**
+ * We use fread() in a loop to protect against partial reads
+ */
+ do {
+ /**
+ * @var string|bool
+ */
+ $read = fread($fp, $remaining);
+ if (!is_string($read)) {
+ if ($read === false) {
+ /**
+ * We cannot safely read from the file. Exit the
+ * do-while loop and trigger the exception condition
+ *
+ * @var string|bool
+ */
+ $buf = false;
+ break;
+ }
+ }
/**
- * Return our random entropy buffer here:
+ * Decrease the number of bytes returned from remaining
*/
- return $buf;
+ $remaining -= RandomCompat_strlen($read);
+ /**
+ * @var string|bool
+ */
+ $buf = $buf . $read;
+ } while ($remaining > 0);
+
+ /**
+ * Is our result valid?
+ */
+ if (is_string($buf)) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
}
}
- }
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Error reading from source device'
- );
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Error reading from source device'
+ );
+ }
}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
index f802d4e1..4af1a242 100644
--- a/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
+++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
@@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,61 +26,63 @@
* SOFTWARE.
*/
-/**
- * If the libsodium PHP extension is loaded, we'll use it above any other
- * solution.
- *
- * libsodium-php project:
- * @ref https://github.com/jedisct1/libsodium-php
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
+if (!is_callable('random_bytes')) {
/**
- * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
- * generated in one invocation.
+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
*/
- if ($bytes > 2147483647) {
- $buf = '';
- for ($i = 0; $i < $bytes; $i += 1073741824) {
- $n = ($bytes - $i) > 1073741824
- ? 1073741824
- : $bytes - $i;
- $buf .= \Sodium\randombytes_buf($n);
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
}
- } else {
- $buf = \Sodium\randombytes_buf($bytes);
- }
- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
- return $buf;
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
}
- }
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ $buf = '';
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= \Sodium\randombytes_buf($n);
+ }
+ } else {
+ $buf = \Sodium\randombytes_buf($bytes);
+ }
+
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+ }
}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
index 44fddbf6..705af526 100644
--- a/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
+++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php
@@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,61 +26,67 @@
* SOFTWARE.
*/
-/**
- * If the libsodium PHP extension is loaded, we'll use it above any other
- * solution.
- *
- * libsodium-php project:
- * @ref https://github.com/jedisct1/libsodium-php
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
+if (!is_callable('random_bytes')) {
/**
- * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
- * generated in one invocation.
+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
*/
- if ($bytes > 2147483647) {
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+
+ /**
+ * @var string
+ */
$buf = '';
- for ($i = 0; $i < $bytes; $i += 1073741824) {
- $n = ($bytes - $i) > 1073741824
- ? 1073741824
- : $bytes - $i;
- $buf .= Sodium::randombytes_buf($n);
+
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= Sodium::randombytes_buf((int) $n);
+ }
+ } else {
+ $buf .= Sodium::randombytes_buf((int) $bytes);
}
- } else {
- $buf = Sodium::randombytes_buf($bytes);
- }
- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
- return $buf;
+ if (is_string($buf)) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
}
- }
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+ }
}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
index 7ac9d910..aac9c013 100644
--- a/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
+++ b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
@@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -26,51 +26,52 @@
* SOFTWARE.
*/
+if (!is_callable('random_bytes')) {
+ /**
+ * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
+ *
+ * @ref https://bugs.php.net/bug.php?id=55169
+ * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
-/**
- * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
- *
- * @ref https://bugs.php.net/bug.php?id=55169
- * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
+ $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
+ if (
+ $buf !== false
+ &&
+ RandomCompat_strlen($buf) === $bytes
+ ) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
- $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
- if (
- $buf !== false
- &&
- RandomCompat_strlen($buf) === $bytes
- ) {
/**
- * Return our random entropy buffer here:
+ * If we reach here, PHP has failed us.
*/
- return $buf;
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
}
-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
}
diff --git a/vendor/paragonie/random_compat/lib/random_int.php b/vendor/paragonie/random_compat/lib/random_int.php
index fd3ef87a..5b2143a1 100644
--- a/vendor/paragonie/random_compat/lib/random_int.php
+++ b/vendor/paragonie/random_compat/lib/random_int.php
@@ -1,191 +1,190 @@
<?php
-/**
- * Random_* Compatibility Library
- * for using the new PHP 7 random_* API in PHP 5 projects
- *
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-/**
- * Fetch a random integer between $min and $max inclusive
- *
- * @param int $min
- * @param int $max
- *
- * @throws Exception
- *
- * @return int
- */
-function random_int($min, $max)
-{
- /**
- * Type and input logic checks
- *
- * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
- * (non-inclusive), it will sanely cast it to an int. If you it's equal to
- * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
- * lose precision, so the <= and => operators might accidentally let a float
- * through.
- */
-
- try {
- $min = RandomCompat_intval($min);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_int(): $min must be an integer'
- );
- }
- try {
- $max = RandomCompat_intval($max);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_int(): $max must be an integer'
- );
- }
-
+if (!is_callable('random_int')) {
/**
- * Now that we've verified our weak typing system has given us an integer,
- * let's validate the logic then we can move forward with generating random
- * integers along a given range.
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
*/
- if ($min > $max) {
- throw new Error(
- 'Minimum value must be less than or equal to the maximum value'
- );
- }
-
- if ($max === $min) {
- return $min;
- }
/**
- * Initialize variables to 0
- *
- * We want to store:
- * $bytes => the number of random bytes we need
- * $mask => an integer bitmask (for use with the &) operator
- * so we can minimize the number of discards
+ * Fetch a random integer between $min and $max inclusive
+ *
+ * @param int $min
+ * @param int $max
+ *
+ * @throws Exception
+ *
+ * @return int
*/
- $attempts = $bits = $bytes = $mask = $valueShift = 0;
-
- /**
- * At this point, $range is a positive number greater than 0. It might
- * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
- * a float and we will lose some precision.
- */
- $range = $max - $min;
-
- /**
- * Test for integer overflow:
- */
- if (!is_int($range)) {
-
+ function random_int($min, $max)
+ {
/**
- * Still safely calculate wider ranges.
- * Provided by @CodesInChaos, @oittaa
- *
- * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
- *
- * We use ~0 as a mask in this case because it generates all 1s
- *
- * @ref https://eval.in/400356 (32-bit)
- * @ref http://3v4l.org/XX9r5 (64-bit)
+ * Type and input logic checks
+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
*/
- $bytes = PHP_INT_SIZE;
- $mask = ~0;
- } else {
+ try {
+ $min = RandomCompat_intval($min);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $min must be an integer'
+ );
+ }
- /**
- * $bits is effectively ceil(log($range, 2)) without dealing with
- * type juggling
- */
- while ($range > 0) {
- if ($bits % 8 === 0) {
- ++$bytes;
- }
- ++$bits;
- $range >>= 1;
- $mask = $mask << 1 | 1;
+ try {
+ $max = RandomCompat_intval($max);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $max must be an integer'
+ );
}
- $valueShift = $min;
- }
- /**
- * Now that we have our parameters set up, let's begin generating
- * random integers until one falls between $min and $max
- */
- do {
/**
- * The rejection probability is at most 0.5, so this corresponds
- * to a failure probability of 2^-128 for a working RNG
+ * Now that we've verified our weak typing system has given us an integer,
+ * let's validate the logic then we can move forward with generating random
+ * integers along a given range.
*/
- if ($attempts > 128) {
- throw new Exception(
- 'random_int: RNG is broken - too many rejections'
+ if ($min > $max) {
+ throw new Error(
+ 'Minimum value must be less than or equal to the maximum value'
);
}
+ if ($max === $min) {
+ return (int) $min;
+ }
+
/**
- * Let's grab the necessary number of random bytes
+ * Initialize variables to 0
+ *
+ * We want to store:
+ * $bytes => the number of random bytes we need
+ * $mask => an integer bitmask (for use with the &) operator
+ * so we can minimize the number of discards
*/
- $randomByteString = random_bytes($bytes);
- if ($randomByteString === false) {
- throw new Exception(
- 'Random number generator failure'
- );
- }
+ $attempts = $bits = $bytes = $mask = $valueShift = 0;
/**
- * Let's turn $randomByteString into an integer
- *
- * This uses bitwise operators (<< and |) to build an integer
- * out of the values extracted from ord()
- *
- * Example: [9F] | [6D] | [32] | [0C] =>
- * 159 + 27904 + 3276800 + 201326592 =>
- * 204631455
+ * At this point, $range is a positive number greater than 0. It might
+ * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+ * a float and we will lose some precision.
*/
- $val = 0;
- for ($i = 0; $i < $bytes; ++$i) {
- $val |= ord($randomByteString[$i]) << ($i * 8);
- }
+ $range = $max - $min;
/**
- * Apply mask
+ * Test for integer overflow:
*/
- $val &= $mask;
- $val += $valueShift;
+ if (!is_int($range)) {
+
+ /**
+ * Still safely calculate wider ranges.
+ * Provided by @CodesInChaos, @oittaa
+ *
+ * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+ *
+ * We use ~0 as a mask in this case because it generates all 1s
+ *
+ * @ref https://eval.in/400356 (32-bit)
+ * @ref http://3v4l.org/XX9r5 (64-bit)
+ */
+ $bytes = PHP_INT_SIZE;
+ $mask = ~0;
- ++$attempts;
+ } else {
+
+ /**
+ * $bits is effectively ceil(log($range, 2)) without dealing with
+ * type juggling
+ */
+ while ($range > 0) {
+ if ($bits % 8 === 0) {
+ ++$bytes;
+ }
+ ++$bits;
+ $range >>= 1;
+ $mask = $mask << 1 | 1;
+ }
+ $valueShift = $min;
+ }
+
+ $val = 0;
/**
- * If $val overflows to a floating point number,
- * ... or is larger than $max,
- * ... or smaller than $min,
- * then try again.
+ * Now that we have our parameters set up, let's begin generating
+ * random integers until one falls between $min and $max
*/
- } while (!is_int($val) || $val > $max || $val < $min);
+ do {
+ /**
+ * The rejection probability is at most 0.5, so this corresponds
+ * to a failure probability of 2^-128 for a working RNG
+ */
+ if ($attempts > 128) {
+ throw new Exception(
+ 'random_int: RNG is broken - too many rejections'
+ );
+ }
+
+ /**
+ * Let's grab the necessary number of random bytes
+ */
+ $randomByteString = random_bytes($bytes);
- return (int) $val;
+ /**
+ * Let's turn $randomByteString into an integer
+ *
+ * This uses bitwise operators (<< and |) to build an integer
+ * out of the values extracted from ord()
+ *
+ * Example: [9F] | [6D] | [32] | [0C] =>
+ * 159 + 27904 + 3276800 + 201326592 =>
+ * 204631455
+ */
+ $val &= 0;
+ for ($i = 0; $i < $bytes; ++$i) {
+ $val |= ord($randomByteString[$i]) << ($i * 8);
+ }
+
+ /**
+ * Apply mask
+ */
+ $val &= $mask;
+ $val += $valueShift;
+
+ ++$attempts;
+ /**
+ * If $val overflows to a floating point number,
+ * ... or is larger than $max,
+ * ... or smaller than $min,
+ * then try again.
+ */
+ } while (!is_int($val) || $val > $max || $val < $min);
+
+ return (int) $val;
+ }
}
diff --git a/vendor/paragonie/random_compat/psalm-autoload.php b/vendor/paragonie/random_compat/psalm-autoload.php
new file mode 100644
index 00000000..d71d1b81
--- /dev/null
+++ b/vendor/paragonie/random_compat/psalm-autoload.php
@@ -0,0 +1,9 @@
+<?php
+
+require_once 'lib/byte_safe_strings.php';
+require_once 'lib/cast_to_int.php';
+require_once 'lib/error_polyfill.php';
+require_once 'other/ide_stubs/libsodium.php';
+require_once 'lib/random.php';
+
+$int = random_int(0, 65536);
diff --git a/vendor/paragonie/random_compat/psalm.xml b/vendor/paragonie/random_compat/psalm.xml
new file mode 100644
index 00000000..1e914098
--- /dev/null
+++ b/vendor/paragonie/random_compat/psalm.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<psalm
+ autoloader="psalm-autoload.php"
+ stopOnFirstError="false"
+ useDocblockTypes="true"
+>
+ <projectFiles>
+ <directory name="lib" />
+ </projectFiles>
+ <issueHandlers>
+ <DuplicateClass errorLevel="info" />
+ <InvalidOperand errorLevel="info" />
+ <UndefinedConstant errorLevel="info" />
+ <MissingReturnType errorLevel="info" />
+ </issueHandlers>
+</psalm>