Releases: paragonie/random_compat
Releases · paragonie/random_compat
Version 2.0.3
- Updated
lib/error_polyfill.php
to resolve corner cases. - The README was updated to help users troubleshoot and fix insecure environments.
- Tags will now be signed by the GnuPG key used by the security team at Paragon Initiative Enterprises, LLC.
Version 2.0.2
Added a consistency check (discovered by Taylor Hornby in his PHP encryption library). It wasn't likely causing any trouble for us.
Version 2.0.1
Update comment in random.php
Version 2.0.0
Due to downstream errors, the OpenSSL removal now belongs in version 2.0.0.
Version 1.4.1
Update comment in random.php
Version 1.4.0
Restored OpenSSL in the version 1 branch in preparation to remove OpenSSL in version 2.
Version 1.3.1
- Add more possible values to
open_baseir
check. Thanks @narfbg
Version 1.2.3
- Add more possible values to
open_baseir
check. Thanks @narfbg
Version 1.3.0
Removed openssl_random_pseudo_bytes()
entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access /dev/urandom
, version 1.3+ will throw an Exception
. If you want to trust OpenSSL, feel free to write your own fallback code. e.g.
try {
$bytes = random_bytes(32);
} catch (Exception $ex) {
$strong = false;
$bytes = openssl_random_pseudo_bytes(32, $strong);
if (!$strong) {
throw $ex;
}
}
Version 1.2.2
- To prevent applications from hanging, if
/dev/urandom
is not
accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
a chance and was morally equivalent to not offering OpenSSL at all).