1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
### Version 2.0.2 - 2016-04-03
Added a consistency check (discovered by Taylor Hornby in his
[PHP encryption library](https://github.com/defuse/php-encryption)). It
wasn't likely causing any trouble for us.
### Version 2.0.1 - 2016-03-18
Update comment in random.php
### Version 2.0.0 - 2016-03-18
Due to downstream errors, the OpenSSL removal now belongs in version
2.0.0.
### Version 1.3.1 - 2016-03-18
* Add more possible values to `open_baseir` check.
### Version 1.3.0 - 2016-03-17
* Removed `openssl_random_pseudo_bytes()` entirely. If you are using
random_compat in PHP on a Unix-like OS but cannot access
`/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to
trust OpenSSL, feel free to write your own fallback code. e.g.
```php
try {
$bytes = random_bytes(32);
} catch (Exception $ex) {
$strong = false;
$bytes = openssl_random_pseudo_bytes(32, $strong);
if (!$strong) {
throw $ex;
}
}
```
### Version 1.2.2 - 2016-03-11
* To prevent applications from hanging, if `/dev/urandom` is not
accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
a chance and was morally equivalent to not offering OpenSSL at all).
### Version 1.2.1 - 2016-02-29
* PHP 5.6.10 - 5.6.12 will hang when mcrypt is used on Unix-based operating
systems ([PHP bug 69833](https://bugs.php.net/bug.php?id=69833)). If you are
running one of these versions, please upgrade (or make sure `/dev/urandom` is
readable) otherwise you're relying on OpenSSL.
### Version 1.2.0 - 2016-02-05
* Whitespace and other cosmetic changes
* Added a changelog.
* We now ship with a command line utility to build a PHP Archive from the
command line.
Every time we publish a new release, we will also upload a .phar
to Github. Our public key is signed by our GPG key.
### Version 1.1.6 - 2016-01-29
* Eliminate `open_basedir` warnings by detecting this configuration setting.
(Thanks [@oucil](https://github.com/oucil) for reporting this.)
* Added install instructions to the README.
* Documentation cleanup (there is, in fact, no `MCRYPT_CREATE_IV` constant, I
meant to write `MCRYPT_DEV_URANDOM`)
### Version 1.1.5 - 2016-01-06
Prevent fatal errors on platforms with older versions of libsodium.
### Version 1.1.4 - 2015-12-10
Thanks [@narfbg](https://github.com/narfbg) for [critiquing the previous patch](https://github.com/paragonie/random_compat/issues/79#issuecomment-163590589)
and suggesting a fix.
### Version 1.1.3 - 2015-12-09
The test for COM in disabled_classes is now case-insensitive.
### Version 1.1.2 - 2015-12-09
Don't instantiate COM if it's a disabled class. Removes the E_WARNING on Windows.
### Version 1.1.1 - 2015-11-30
Fix a performance issue with `/dev/urandom` buffering.
### Version 1.1.0 - 2015-11-09
Fix performance issues with ancient versions of PHP on Windows, but dropped
support for PHP < 5.4.1 without mcrypt on Windows 7+ in the process. Since this
is a BC break, semver dictates a minor version bump.
### Version 1.0.10 - 2015-10-23
* Avoid a performance killer with OpenSSL on Windows PHP 5.3.0 - 5.3.3 that was
affecting [WordPress users](https://core.trac.wordpress.org/ticket/34409).
* Use `$var = null` instead of `unset($var)` to avoid triggering the garbage
collector and slowing things down.
### Version 1.0.9 - 2015-10-20
There is an outstanding issue `mcrypt_create_iv()` and PHP 7's `random_bytes()`
on Windows reported by [@nicolas-grekas](https://github.com/nicolas-grekas) caused by `proc_open()` and environment
variable handling (discovered by Appveyor when developing Symfony).
Since the break is consistent, it's not our responsibility to fix it, but we
should fail the same way PHP 7 will (i.e. throw an `Exception` rather than raise
an error and then throw an `Exception`).
### Version 1.0.8 - 2015-10-18
* Fix usability issues with Windows (`new COM('CAPICOM.Utilities.1')` is not
always available).
* You can now test all the possible drivers by running `phpunit.sh each` in the
`tests` directory.
### Version 1.0.7 - 2015-10-16
Several large integer handling bugfixes were contributed by [@oittaa](https://github.com/oittaa).
### Version 1.0.6 - 2015-10-15
Don't let the version number fool you, this was a pretty significant change.
1. Added support for ext-libsodium, if it exists on the system. This is morally
equivalent to adding `getrandom(2)` support without having to expose the
syscall interface in PHP-land.
2. Relaxed open_basedir restrictions. In previous versions, if open_basedir was
set, PHP wouldn't even try to read from `/dev/urandom`. Now it will still do
so if you can.
3. Fixed integer casting inconsistencies between random_compat and PHP 7.
4. Handle edge cases where an integer overflow turns one of the parameters into
a float.
One change that we discussed was making `random_bytes()` and `random_int()`
strict typed; meaning you could *only* pass integers to either function. While
most veteran programmers are probably only doing this already (we strongly
encourage it), it wouldn't be consistent with how these functions behave in PHP
7. Please use these functions responsibly.
We've had even more of the PHP community involved in this release; the
contributors list has been updated. If I forgot anybody, I promise you it's not
because your contributions (either code or ideas) aren't valued, it's because
I'm a bit overloaded with information at the moment. Please let me know
immediately and I will correct my oversight.
Thanks everyone for helping make random_compat better.
### Version 1.0.5 - 2015-10-08
Got rid of the methods in the `Throwable` interface, which was causing problems
on PHP 5.2. While we would normally not care about 5.2 (since [5.4 and earlier are EOL'd](https://secure.php.net/supported-versions.php)),
we do want to encourage widespread adoption (e.g. [Wordpress](https://core.trac.wordpress.org/ticket/28633)).
### Version 1.0.4 - 2015-10-02
Removed redundant `if()` checks, since `lib/random.php` is the entrypoint people
should use.
### Version 1.0.3 - 2015-10-02
This release contains bug fixes contributed by the community.
* Avoid a PHP Notice when PHP is running without the mbstring extension
* Use a compatible version of PHPUnit for testing on older versions of PHP
Although none of these bugs were outright security-affecting, updating ASAP is
still strongly encouraged.
### Version 1.0.2 - 2015-09-23
Less strict input validation on `random_int()` parameters. PHP 7's `random_int()`
accepts strings and floats that look like numbers, so we should too.
Thanks [@dd32](https://github.com/@dd32) for correcting this oversight.
### Version 1.0.1 - 2015-09-10
Instead of throwing an Exception immediately on insecure platforms, only do so
when `random_bytes()` is invoked.
### Version 1.0.0 - 2015-09-07
Our API is now stable and forward-compatible with the CSPRNG features in PHP 7
(as of 7.0.0 RC3).
A lot of great people have contributed their time and expertise to make this
compatibility library possible. That this library has reached a stable release
is more a reflection on the community than it is on PIE.
We are confident that random_compat will serve as the simplest and most secure
CSPRNG interface available for PHP5 projects.
### Version 0.9.7 (pre-release) - 2015-09-01
An attempt to achieve compatibility with Error/TypeError in the RFC.
This should be identical to 1.0.0 sans any last-minute changes or performance enhancements.
### Version 0.9.6 (pre-release) - 2015-08-06
* Split the implementations into their own file (for ease of auditing)
* Corrected the file type check after `/dev/urandom` has been opened (thanks
[@narfbg](https://github.com/narfbg) and [@jedisct1](https://github.com/jedisct1))
### Version 0.9.5 (pre-release) - 2015-07-31
* Validate that `/dev/urandom` is a character device
* Reported by [@lokdnet](https://twitter.com/lokdnet)
* Investigated by [@narfbg](https://github.com/narfbg) and [frymaster](http://stackoverflow.com/users/1226810/frymaster) on [StackOverflow](http://stackoverflow.com/q/31631066/2224584)
* Remove support for `/dev/arandom` which is an old OpenBSD feature, thanks [@jedisct1](https://github.com/jedisct1)
* Prevent race conditions on the `filetype()` check, thanks [@jedisct1](https://github.com/jedisct1)
* Buffer file reads to 8 bytes (performance optimization; PHP defaults to 8192 bytes)
### Version 0.9.4 (pre-release) - 2015-07-27
* Add logic to verify that `/dev/arandom` and `/dev/urandom` are actually devices.
* Some clean-up in the comments
### Version 0.9.3 (pre-release) - 2015-07-22
Unless the Exceptions change to PHP 7 fails, this should be the last pre-release
version. If need be, we'll make one more pre-release version with compatible
behavior.
Changes since 0.9.2:
* Prioritize `/dev/arandom` and `/dev/urandom` over mcrypt.
[@oittaa](https://github.com/oittaa) removed the -1 and +1 juggling on `$range` calculations for `random_int()`
* Whitespace and comment clean-up, plus better variable names
* Actually put a description in the composer.json file...
### Version 0.9.2 (pre-release) - 2015-07-16
* Consolidated `$range > PHP_INT_MAX` logic with `$range <= PHP_INT_MAX` (thanks
[@oittaa](https://github.com/oittaa) and [@CodesInChaos](https://github.com/CodesInChaos))
* `tests/phpunit.sh` now also runs the tests with `mbstring.func_overload` and
`open_basedir`
* Style consistency, whitespace cleanup, more meaningful variable names
### Version 0.9.1 (pre-release) - 2015-07-09
* Return random values on integer ranges > `PHP_INT_MAX` (thanks [@CodesInChaos](https://github.com/CodesInChaos))
* Determined CSPRNG preference:
1. `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM`
2. `/dev/arandom`
3. `/dev/urandom`
4. `openssl_random_pseudo_bytes()`
* Optimized backend selection (thanks [@lt](https://github.com/lt))
* Fix #3 (thanks [@scottchiefbaker](https://github.com/scottchiefbaker))
### Version 0.9.0 (pre-release) - 2015-07-07
This should be a sane polyfill for PHP 7's `random_bytes()` and `random_int()`.
We hesitate to call it production ready until it has received sufficient third
party review.
|
