Skip to content

Releases: paragonie/random_compat

Version 2.0.3

17 Oct 15:27
v2.0.3
Compare
Choose a tag to compare

Version 2.0.2

03 Apr 06:01
Compare
Choose a tag to compare

Added a consistency check (discovered by Taylor Hornby in his PHP encryption library). It wasn't likely causing any trouble for us.

Version 2.0.1

18 Mar 20:36
Compare
Choose a tag to compare

Update comment in random.php

Version 2.0.0

18 Mar 17:19
Compare
Choose a tag to compare

Due to downstream errors, the OpenSSL removal now belongs in version 2.0.0.

Version 1.4.1

18 Mar 20:35
Compare
Choose a tag to compare

Update comment in random.php

Version 1.4.0

18 Mar 17:19
Compare
Choose a tag to compare

Restored OpenSSL in the version 1 branch in preparation to remove OpenSSL in version 2.

Version 1.3.1

18 Mar 16:00
Compare
Choose a tag to compare
  • Add more possible values to open_baseir check. Thanks @narfbg

Version 1.2.3

18 Mar 16:01
Compare
Choose a tag to compare
  • Add more possible values to open_baseir check. Thanks @narfbg

Version 1.3.0

17 Mar 18:28
Compare
Choose a tag to compare

Removed openssl_random_pseudo_bytes() entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access /dev/urandom, version 1.3+ will throw an Exception. If you want to trust OpenSSL, feel free to write your own fallback code. e.g.

try {
    $bytes = random_bytes(32);
} catch (Exception $ex) {
    $strong = false;
    $bytes = openssl_random_pseudo_bytes(32, $strong);
    if (!$strong) {
        throw $ex;
    }
}

Version 1.2.2

11 Mar 19:58
Compare
Choose a tag to compare
  • To prevent applications from hanging, if /dev/urandom is not
    accessible to PHP, skip mcrypt (which just fails before giving OpenSSL
    a chance and was morally equivalent to not offering OpenSSL at all).