diff --git a/vendor/paragonie/random_compat/lib/random.php b/vendor/paragonie/random_compat/lib/random.php index c3dacb76..5a451da7 100644 --- a/vendor/paragonie/random_compat/lib/random.php +++ b/vendor/paragonie/random_compat/lib/random.php @@ -3,8 +3,8 @@ * Random_* Compatibility Library * for using the new PHP 7 random_* API in PHP 5 projects * - * @version 2.0.2 - * @released 2016-04-03 + * @version 2.0.4 + * @released 2016-11-07 * * The MIT License (MIT) * @@ -41,8 +41,10 @@ if (!defined('PHP_VERSION_ID')) { $RandomCompatversion = null; } +/** + * PHP 7.0.0 and newer have these functions natively. + */ if (PHP_VERSION_ID < 70000) { - if (!defined('RANDOM_COMPAT_READ_BUFFER')) { define('RANDOM_COMPAT_READ_BUFFER', 8); } @@ -67,7 +69,7 @@ if (PHP_VERSION_ID < 70000) { * 4. COM('CAPICOM.Utilities.1')->GetRandom() * 5. openssl_random_pseudo_bytes() (absolute last resort) * - * See ERRATA.md for our reasoning behind this particular order + * See RATIONALE.md for our reasoning behind this particular order */ if (extension_loaded('libsodium')) { // See random_bytes_libsodium.php @@ -123,6 +125,20 @@ if (PHP_VERSION_ID < 70000) { /** * mcrypt_create_iv() + * + * We only want to use mcypt_create_iv() if: + * + * - random_bytes() hasn't already been defined + * - PHP >= 5.3.7 + * - the mcrypt extensions is loaded + * - One of these two conditions is true: + * - We're on Windows (DIRECTORY_SEPARATOR !== '/') + * - We're not on Windows and /dev/urandom is readabale + * (i.e. we're not in a chroot jail) + * - Special case: + * - If we're not on Windows, but the PHP version is between + * 5.6.10 and 5.6.12, we don't want to use mcrypt. It will + * hang indefinitely. This is bad. */ if ( !is_callable('random_bytes') @@ -130,8 +146,6 @@ if (PHP_VERSION_ID < 70000) { PHP_VERSION_ID >= 50307 && extension_loaded('mcrypt') - && - (DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom) ) { // Prevent this code from hanging indefinitely on non-Windows; // see https://bugs.php.net/bug.php?id=69833 @@ -145,6 +159,10 @@ if (PHP_VERSION_ID < 70000) { } $RandomCompatUrandom = null; + /** + * This is a Windows-specific fallback, for when the mcrypt extension + * isn't loaded. + */ if ( !is_callable('random_bytes') &&