From ff76e1a660669bb56ba74ba0583fd8d41417bf39 Mon Sep 17 00:00:00 2001 From: Scott Date: Thu, 17 Mar 2016 12:11:57 -0400 Subject: [PATCH] Update documentation for 1.3 --- CHANGELOG.md | 19 +++++++++++++++++++ ERRATA.md | 8 +------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb6b127..8698731 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +### Version 1.3.0 - 2016-03-18 + +* Removed `openssl_random_pseudo_bytes()` entirely. If you are using + random_compat in PHP on a Unix-like OS but cannot access + `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to + trust OpenSSL, feel free to write your own fallback code. e.g. + + ```php + try { + $bytes = random_bytes(32); + } catch (Exception $ex) { + $strong = false; + $bytes = openssl_random_pseudo_bytes(32, $strong); + if (!$strong) { + throw $ex; + } + } + ``` + ### Version 1.2.2 - 2016-03-11 * To prevent applications from hanging, if `/dev/urandom` is not diff --git a/ERRATA.md b/ERRATA.md index 371a23f..0561630 100644 --- a/ERRATA.md +++ b/ERRATA.md @@ -8,7 +8,6 @@ The order is: 2. `fread() /dev/urandom if available` 3. `mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)` 4. `COM('CAPICOM.Utilities.1')->GetRandom()` - 5. `openssl_random_pseudo_bytes()` If libsodium is available, we get random data from it. This is the preferred method on all OSes, but libsodium is not very widely installed, so other @@ -32,9 +31,4 @@ and is not part `libmcrypt`. It actually does the right thing: If we're on Windows and don't have access to `mcrypt`, we use `CAPICOM.Utilities.1`. -Finally, we use `openssl_random_pseudo_bytes()` **as a last resort**, due to -[PHP bug #70014](https://bugs.php.net/bug.php?id=70014). Internally, this -function calls `RAND_pseudo_bytes()`, which has been [deprecated](https://github.com/paragonie/random_compat/issues/5) -by the OpenSSL team. Furthermore, [it might silently return weak random data](https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973) -if it is called before OpenSSL's **userspace** CSPRNG is seeded. Also, -[you want the OS CSPRNG, not a userspace CSPRNG](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/). +As of random_compat 1.3, we no longer fall through to OpenSSL.