Update random_compat to v2.0.4

2016-11-08 16:52:43 +01:00 · 2016-11-08 16:52:43 +01:00 · 3b1eb64386
commit 3b1eb64386
parent bd30ae419a
1 changed files with 24 additions and 6 deletions
--- a/vendor/paragonie/random_compat/lib/random.php
+++ b/vendor/paragonie/random_compat/lib/random.php
@ -3,8 +3,8 @@
 * Random_* Compatibility Library
 * for using the new PHP 7 random_* API in PHP 5 projects
 *
- * @version 2.0.2
- * @released 2016-04-03
+ * @version 2.0.4
+ * @released 2016-11-07
 *
 * The MIT License (MIT)
 *
@ -41,8 +41,10 @@ if (!defined('PHP_VERSION_ID')) {
    $RandomCompatversion = null;
 }

+/**
+ * PHP 7.0.0 and newer have these functions natively.
+ */
 if (PHP_VERSION_ID < 70000) {
-
    if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
        define('RANDOM_COMPAT_READ_BUFFER', 8);
    }
@ -67,7 +69,7 @@ if (PHP_VERSION_ID < 70000) {
         *   4. COM('CAPICOM.Utilities.1')->GetRandom()
         *   5. openssl_random_pseudo_bytes() (absolute last resort)
         *
-         * See ERRATA.md for our reasoning behind this particular order
+         * See RATIONALE.md for our reasoning behind this particular order
         */
        if (extension_loaded('libsodium')) {
            // See random_bytes_libsodium.php
@ -123,6 +125,20 @@ if (PHP_VERSION_ID < 70000) {

        /**
         * mcrypt_create_iv()
+         *
+         * We only want to use mcypt_create_iv() if:
+         *
+         * - random_bytes() hasn't already been defined
+         * - PHP >= 5.3.7
+         * - the mcrypt extensions is loaded
+         * - One of these two conditions is true:
+         *   - We're on Windows (DIRECTORY_SEPARATOR !== '/')
+         *   - We're not on Windows and /dev/urandom is readabale
+         *     (i.e. we're not in a chroot jail)
+         * - Special case:
+         *   - If we're not on Windows, but the PHP version is between
+         *     5.6.10 and 5.6.12, we don't want to use mcrypt. It will
+         *     hang indefinitely. This is bad.
         */
        if (
            !is_callable('random_bytes')
@ -130,8 +146,6 @@ if (PHP_VERSION_ID < 70000) {
            PHP_VERSION_ID >= 50307
            &&
            extension_loaded('mcrypt')
-            &&
-            (DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
        ) {
            // Prevent this code from hanging indefinitely on non-Windows;
            // see https://bugs.php.net/bug.php?id=69833
@ -145,6 +159,10 @@ if (PHP_VERSION_ID < 70000) {
        }
        $RandomCompatUrandom = null;

+        /**
+         * This is a Windows-specific fallback, for when the mcrypt extension
+         * isn't loaded.
+         */
        if (
            !is_callable('random_bytes')
            &&