From 5a5edc7798b749c503a873953ef7cbf98796433f Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 14:48:45 -0400 Subject: [PATCH 1/6] Use random_bytes() when appropriate. --- phpseclib/Crypt/Random.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 9fb1d15b..0c053d76 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -53,6 +53,20 @@ class Random */ public static function string($length) { + if (version_compare(PHP_VERSION, '7.0.0', '>=')) { + try { + $string = random_bytes($length); + return $string; + } + catch (\EngineException $e) { + // If a sufficient source of randomness is unavailable, random_bytes() will emit a warning. + // We don't actually need to do anything here. The string() method should just continue + // as normal. Note, however, that if we don't have a sufficient source of randomness for + // random_bytes(), most of the other calls here will fail too, so we'll end up using + // the PHP implementation. + } + } + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { // method 1. prior to PHP 5.3 this would call rand() on windows hence the function_exists('class_alias') call. // ie. class_alias is a function that was introduced in PHP 5.3 From 08025c134ddbac3cf9ecafd1ecf2b31d82c97b4f Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 14:53:45 -0400 Subject: [PATCH 2/6] Remove string assignment --- phpseclib/Crypt/Random.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 0c053d76..ef6c6e3f 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -55,8 +55,7 @@ class Random { if (version_compare(PHP_VERSION, '7.0.0', '>=')) { try { - $string = random_bytes($length); - return $string; + return random_bytes($length); } catch (\EngineException $e) { // If a sufficient source of randomness is unavailable, random_bytes() will emit a warning. From bbbfc1795d3e8c648ba20a16004af829ac53a874 Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 14:55:44 -0400 Subject: [PATCH 3/6] Switch from EngineException to Error --- phpseclib/Crypt/Random.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index ef6c6e3f..13f08047 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -57,7 +57,7 @@ class Random try { return random_bytes($length); } - catch (\EngineException $e) { + catch (\Error $e) { // If a sufficient source of randomness is unavailable, random_bytes() will emit a warning. // We don't actually need to do anything here. The string() method should just continue // as normal. Note, however, that if we don't have a sufficient source of randomness for From 8a5dc21835726f6784ecd8d72104ee929024faf6 Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 15:00:57 -0400 Subject: [PATCH 4/6] Coding standards fix --- phpseclib/Crypt/Random.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 13f08047..52bc1a54 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -56,8 +56,7 @@ class Random if (version_compare(PHP_VERSION, '7.0.0', '>=')) { try { return random_bytes($length); - } - catch (\Error $e) { + } catch (\Error $e) { // If a sufficient source of randomness is unavailable, random_bytes() will emit a warning. // We don't actually need to do anything here. The string() method should just continue // as normal. Note, however, that if we don't have a sufficient source of randomness for From 465d1d975c74b4ff84b75ed46b751600d759b894 Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 15:02:58 -0400 Subject: [PATCH 5/6] Test on PHP 7 & allow failures --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.travis.yml b/.travis.yml index 3469c380..a4268149 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,7 @@ php: - 5.4 - 5.5 - 5.6 + - 7.0 - hhvm env: @@ -14,6 +15,12 @@ env: # the travis/code_coverage_id_rsa RSA private key. - secure: "jtQTZKQBnzUlp/jz7NlM6470ZDnLGVAs53sgvIm4tcYqf9TWSXSXjIYvFsrS\nKPR2eyZaAevYysUkIGRFTUXTlG6tC36YngMp9+6FPxASl8mnGXsTbKcm613B\n59vD3242pgIgqhhmgFQ0c8gbvnE8PuF2aS4/hluP3r+AxhWN56E=" +# Allow failures on PHP 7.0 for now (until a final release). +# @TODO: Remove this. +matrix: + allow_failures: + - php: 7.0 + before_install: true install: From 29393228269be86534e1d6e5966fccca1116af1e Mon Sep 17 00:00:00 2001 From: Cameron Eagans Date: Tue, 1 Sep 2015 15:08:00 -0400 Subject: [PATCH 6/6] Remove duplicate allow_failures section --- .travis.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index a4268149..bbf3f59d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,12 +15,6 @@ env: # the travis/code_coverage_id_rsa RSA private key. - secure: "jtQTZKQBnzUlp/jz7NlM6470ZDnLGVAs53sgvIm4tcYqf9TWSXSXjIYvFsrS\nKPR2eyZaAevYysUkIGRFTUXTlG6tC36YngMp9+6FPxASl8mnGXsTbKcm613B\n59vD3242pgIgqhhmgFQ0c8gbvnE8PuF2aS4/hluP3r+AxhWN56E=" -# Allow failures on PHP 7.0 for now (until a final release). -# @TODO: Remove this. -matrix: - allow_failures: - - php: 7.0 - before_install: true install: