External Libraries: Update random_compat to version 2.0.21.

The latest release includes improved compatibility with PHP 8.1, as well as some bug fixes for Windows platforms.

Release notes:
https://github.com/paragonie/random_compat/releases/tag/v2.0.21

For a full list of changes in this update, see the random_compat GitHub:
https://github.com/paragonie/random_compat/compare/v2.0.11...v2.0.21

Follow-up to [42130].

Props jrf, paragoninitiativeenterprises.
Fixes #55181.
Built from https://develop.svn.wordpress.org/trunk@52742


git-svn-id: http://core.svn.wordpress.org/trunk@52331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2022-02-16 21:19:04 +00:00
parent a73446f6ed
commit a5d6245d60
11 changed files with 165 additions and 100 deletions

View File

@ -5,7 +5,7 @@
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,8 +28,9 @@
if (!is_callable('RandomCompat_strlen')) { if (!is_callable('RandomCompat_strlen')) {
if ( if (
defined('MB_OVERLOAD_STRING') && defined('MB_OVERLOAD_STRING')
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING &&
((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
) { ) {
/** /**
* strlen() implementation that isn't brittle to mbstring.func_overload * strlen() implementation that isn't brittle to mbstring.func_overload
@ -82,8 +83,8 @@ if (!is_callable('RandomCompat_substr')) {
if ( if (
defined('MB_OVERLOAD_STRING') defined('MB_OVERLOAD_STRING')
&& &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING ((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
) { ) {
/** /**
* substr() implementation that isn't brittle to mbstring.func_overload * substr() implementation that isn't brittle to mbstring.func_overload
@ -93,7 +94,7 @@ if (!is_callable('RandomCompat_substr')) {
* *
* @param string $binary_string * @param string $binary_string
* @param int $start * @param int $start
* @param int $length (optional) * @param int|null $length (optional)
* *
* @throws TypeError * @throws TypeError
* *
@ -118,6 +119,7 @@ if (!is_callable('RandomCompat_substr')) {
* mb_substr($str, 0, NULL, '8bit') returns an empty string on * mb_substr($str, 0, NULL, '8bit') returns an empty string on
* PHP 5.3, so we have to find the length ourselves. * PHP 5.3, so we have to find the length ourselves.
*/ */
/** @var int $length */
$length = RandomCompat_strlen($binary_string) - $start; $length = RandomCompat_strlen($binary_string) - $start;
} elseif (!is_int($length)) { } elseif (!is_int($length)) {
throw new TypeError( throw new TypeError(
@ -133,7 +135,12 @@ if (!is_callable('RandomCompat_substr')) {
return ''; return '';
} }
return (string) mb_substr($binary_string, $start, $length, '8bit'); return (string) mb_substr(
(string) $binary_string,
(int) $start,
(int) $length,
'8bit'
);
} }
} else { } else {
@ -145,7 +152,7 @@ if (!is_callable('RandomCompat_substr')) {
* *
* @param string $binary_string * @param string $binary_string
* @param int $start * @param int $start
* @param int $length (optional) * @param int|null $length (optional)
* *
* @throws TypeError * @throws TypeError
* *
@ -172,10 +179,17 @@ if (!is_callable('RandomCompat_substr')) {
); );
} }
return (string) substr($binary_string, $start, $length); return (string) substr(
(string )$binary_string,
(int) $start,
(int) $length
);
} }
return (string) substr($binary_string, $start); return (string) substr(
(string) $binary_string,
(int) $start
);
} }
} }
} }

View File

@ -5,7 +5,7 @@
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -27,19 +27,19 @@
*/ */
if (!is_callable('RandomCompat_intval')) { if (!is_callable('RandomCompat_intval')) {
/** /**
* Cast to an integer if we can, safely. * Cast to an integer if we can, safely.
* *
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX) * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
* (non-inclusive), it will sanely cast it to an int. If you it's equal to * (non-inclusive), it will sanely cast it to an int. If you it's equal to
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
* lose precision, so the <= and => operators might accidentally let a float * lose precision, so the <= and => operators might accidentally let a float
* through. * through.
* *
* @param int|float $number The number we want to convert to an int * @param int|float $number The number we want to convert to an int
* @param bool $fail_open Set to true to not throw an exception * @param bool $fail_open Set to true to not throw an exception
* *
* @return float|int * @return float|int
* @psalm-suppress InvalidReturnType * @psalm-suppress InvalidReturnType
* *
@ -50,14 +50,16 @@ if (!is_callable('RandomCompat_intval')) {
if (is_int($number) || is_float($number)) { if (is_int($number) || is_float($number)) {
$number += 0; $number += 0;
} elseif (is_numeric($number)) { } elseif (is_numeric($number)) {
/** @psalm-suppress InvalidOperand */
$number += 0; $number += 0;
} }
/** @var int|float $number */
if ( if (
is_float($number) is_float($number)
&& &&
$number > ~PHP_INT_MAX $number > ~PHP_INT_MAX
&& &&
$number < PHP_INT_MAX $number < PHP_INT_MAX
) { ) {
$number = (int) $number; $number = (int) $number;

View File

@ -1,12 +1,12 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
@ -30,7 +30,7 @@ if (!class_exists('Error', false)) {
// We can't really avoid making this extend Exception in PHP 5. // We can't really avoid making this extend Exception in PHP 5.
class Error extends Exception class Error extends Exception
{ {
} }
} }
@ -38,12 +38,12 @@ if (!class_exists('TypeError', false)) {
if (is_subclass_of('Error', 'Exception')) { if (is_subclass_of('Error', 'Exception')) {
class TypeError extends Error class TypeError extends Error
{ {
} }
} else { } else {
class TypeError extends Exception class TypeError extends Exception
{ {
} }
} }
} }

View File

@ -3,12 +3,12 @@
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* @version 2.0.10 * @version 2.0.17
* @released 2017-03-13 * @released 2018-07-04
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -54,9 +54,9 @@ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
$RandomCompatDIR = dirname(__FILE__); $RandomCompatDIR = dirname(__FILE__);
require_once $RandomCompatDIR . '/byte_safe_strings.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'byte_safe_strings.php';
require_once $RandomCompatDIR . '/cast_to_int.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'cast_to_int.php';
require_once $RandomCompatDIR . '/error_polyfill.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'error_polyfill.php';
if (!is_callable('random_bytes')) { if (!is_callable('random_bytes')) {
/** /**
@ -76,9 +76,9 @@ if (!is_callable('random_bytes')) {
if (extension_loaded('libsodium')) { if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php // See random_bytes_libsodium.php
if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) { if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium.php';
} elseif (method_exists('Sodium', 'randombytes_buf')) { } elseif (method_exists('Sodium', 'randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium_legacy.php';
} }
} }
@ -117,7 +117,7 @@ if (!is_callable('random_bytes')) {
// place, that is not helpful to us here. // place, that is not helpful to us here.
// See random_bytes_dev_urandom.php // See random_bytes_dev_urandom.php
require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_dev_urandom.php';
} }
// Unset variables after use // Unset variables after use
$RandomCompat_basedir = null; $RandomCompat_basedir = null;
@ -159,7 +159,7 @@ if (!is_callable('random_bytes')) {
extension_loaded('mcrypt') extension_loaded('mcrypt')
) { ) {
// See random_bytes_mcrypt.php // See random_bytes_mcrypt.php
require_once $RandomCompatDIR . '/random_bytes_mcrypt.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_mcrypt.php';
} }
$RandomCompatUrandom = null; $RandomCompatUrandom = null;
@ -182,9 +182,10 @@ if (!is_callable('random_bytes')) {
if (!in_array('com', $RandomCompat_disabled_classes)) { if (!in_array('com', $RandomCompat_disabled_classes)) {
try { try {
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
if (method_exists($RandomCompatCOMtest, 'GetRandom')) { /** @psalm-suppress TypeDoesNotContainType */
if (is_callable(array($RandomCompatCOMtest, 'GetRandom'))) {
// See random_bytes_com_dotnet.php // See random_bytes_com_dotnet.php
require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_com_dotnet.php';
} }
} catch (com_exception $e) { } catch (com_exception $e) {
// Don't try to use it. // Don't try to use it.
@ -203,8 +204,9 @@ if (!is_callable('random_bytes')) {
* and hope the developer won't let it fail silently. * and hope the developer won't let it fail silently.
* *
* @param mixed $length * @param mixed $length
* @return void * @psalm-suppress InvalidReturnType
* @throws Exception * @throws Exception
* @return string
*/ */
function random_bytes($length) function random_bytes($length)
{ {
@ -212,12 +214,13 @@ if (!is_callable('random_bytes')) {
throw new Exception( throw new Exception(
'There is no suitable CSPRNG installed on your system' 'There is no suitable CSPRNG installed on your system'
); );
return '';
} }
} }
} }
if (!is_callable('random_int')) { if (!is_callable('random_int')) {
require_once $RandomCompatDIR . '/random_int.php'; require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_int.php';
} }
$RandomCompatDIR = null; $RandomCompatDIR = null;

View File

@ -1,22 +1,22 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -41,6 +41,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes) function random_bytes($bytes)
{ {
try { try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes); $bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -54,12 +55,14 @@ if (!is_callable('random_bytes')) {
); );
} }
/** @var string $buf */
$buf = ''; $buf = '';
if (!class_exists('COM')) { if (!class_exists('COM')) {
throw new Error( throw new Error(
'COM does not exist' 'COM does not exist'
); );
} }
/** @var COM $util */
$util = new COM('CAPICOM.Utilities.1'); $util = new COM('CAPICOM.Utilities.1');
$execCount = 0; $execCount = 0;
@ -68,12 +71,12 @@ if (!is_callable('random_bytes')) {
* get N bytes of random data, then CAPICOM has failed us. * get N bytes of random data, then CAPICOM has failed us.
*/ */
do { do {
$buf .= base64_decode($util->GetRandom($bytes, 0)); $buf .= base64_decode((string) $util->GetRandom($bytes, 0));
if (RandomCompat_strlen($buf) >= $bytes) { if (RandomCompat_strlen($buf) >= $bytes) {
/** /**
* Return our random entropy buffer here: * Return our random entropy buffer here:
*/ */
return RandomCompat_substr($buf, 0, $bytes); return (string) RandomCompat_substr($buf, 0, $bytes);
} }
++$execCount; ++$execCount;
} while ($execCount < $bytes); } while ($execCount < $bytes);
@ -85,4 +88,4 @@ if (!is_callable('random_bytes')) {
'Could not gather sufficient random data' 'Could not gather sufficient random data'
); );
} }
} }

View File

@ -1,22 +1,22 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -36,6 +36,7 @@ if (!is_callable('random_bytes')) {
* random numbers in accordance with best practices * random numbers in accordance with best practices
* *
* Why we use /dev/urandom and not /dev/random * Why we use /dev/urandom and not /dev/random
* @ref https://www.2uo.de/myths-about-urandom
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
* *
* @param int $bytes * @param int $bytes
@ -46,25 +47,47 @@ if (!is_callable('random_bytes')) {
*/ */
function random_bytes($bytes) function random_bytes($bytes)
{ {
/** @var resource $fp */
static $fp = null; static $fp = null;
/** /**
* This block should only be run once * This block should only be run once
*/ */
if (empty($fp)) { if (empty($fp)) {
/** /**
* We use /dev/urandom if it is a char device. * We don't want to ever read C:\dev\random, only /dev/urandom on
* We never fall back to /dev/random * Unix-like operating systems. While we guard against this
* condition in random.php, it doesn't hurt to be defensive in depth
* here.
*
* To that end, we only try to open /dev/urandom if we're on a Unix-
* like operating system (which means the directory separator is set
* to "/" not "\".
*/ */
$fp = fopen('/dev/urandom', 'rb'); if (DIRECTORY_SEPARATOR === '/') {
if (!empty($fp)) { if (!is_readable('/dev/urandom')) {
$st = fstat($fp); throw new Exception(
if (($st['mode'] & 0170000) !== 020000) { 'Environment misconfiguration: ' .
fclose($fp); '/dev/urandom cannot be read.'
$fp = false; );
}
/**
* We use /dev/urandom if it is a char device.
* We never fall back to /dev/random
*/
/** @var resource|bool $fp */
$fp = fopen('/dev/urandom', 'rb');
if (is_resource($fp)) {
/** @var array<string, int> $st */
$st = fstat($fp);
if (($st['mode'] & 0170000) !== 020000) {
fclose($fp);
$fp = false;
}
} }
} }
if (!empty($fp)) { if (is_resource($fp)) {
/** /**
* stream_set_read_buffer() does not exist in HHVM * stream_set_read_buffer() does not exist in HHVM
* *
@ -83,6 +106,7 @@ if (!is_callable('random_bytes')) {
} }
try { try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes); $bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -103,7 +127,7 @@ if (!is_callable('random_bytes')) {
* if (empty($fp)) line is logic that should only be run once per * if (empty($fp)) line is logic that should only be run once per
* page load. * page load.
*/ */
if (!empty($fp)) { if (is_resource($fp)) {
/** /**
* @var int * @var int
*/ */
@ -123,29 +147,28 @@ if (!is_callable('random_bytes')) {
*/ */
$read = fread($fp, $remaining); $read = fread($fp, $remaining);
if (!is_string($read)) { if (!is_string($read)) {
if ($read === false) { /**
/** * We cannot safely read from the file. Exit the
* We cannot safely read from the file. Exit the * do-while loop and trigger the exception condition
* do-while loop and trigger the exception condition *
* * @var string|bool
* @var string|bool */
*/ $buf = false;
$buf = false; break;
break;
}
} }
/** /**
* Decrease the number of bytes returned from remaining * Decrease the number of bytes returned from remaining
*/ */
$remaining -= RandomCompat_strlen($read); $remaining -= RandomCompat_strlen($read);
/** /**
* @var string|bool * @var string $buf
*/ */
$buf = $buf . $read; $buf .= $read;
} while ($remaining > 0); } while ($remaining > 0);
/** /**
* Is our result valid? * Is our result valid?
* @var string|bool $buf
*/ */
if (is_string($buf)) { if (is_string($buf)) {
if (RandomCompat_strlen($buf) === $bytes) { if (RandomCompat_strlen($buf) === $bytes) {

View File

@ -1,22 +1,22 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -43,6 +43,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes) function random_bytes($bytes)
{ {
try { try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes); $bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -60,6 +61,7 @@ if (!is_callable('random_bytes')) {
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
* generated in one invocation. * generated in one invocation.
*/ */
/** @var string|bool $buf */
if ($bytes > 2147483647) { if ($bytes > 2147483647) {
$buf = ''; $buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) { for ($i = 0; $i < $bytes; $i += 1073741824) {
@ -69,10 +71,11 @@ if (!is_callable('random_bytes')) {
$buf .= \Sodium\randombytes_buf($n); $buf .= \Sodium\randombytes_buf($n);
} }
} else { } else {
/** @var string|bool $buf */
$buf = \Sodium\randombytes_buf($bytes); $buf = \Sodium\randombytes_buf($bytes);
} }
if ($buf !== false) { if (is_string($buf)) {
if (RandomCompat_strlen($buf) === $bytes) { if (RandomCompat_strlen($buf) === $bytes) {
return $buf; return $buf;
} }

View File

@ -1,22 +1,22 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -43,6 +43,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes) function random_bytes($bytes)
{ {
try { try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes); $bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(

View File

@ -1,22 +1,22 @@
<?php <?php
/** /**
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -42,6 +42,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes) function random_bytes($bytes)
{ {
try { try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes); $bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -55,10 +56,11 @@ if (!is_callable('random_bytes')) {
); );
} }
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); /** @var string|bool $buf */
$buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM);
if ( if (
$buf !== false is_string($buf)
&& &&
RandomCompat_strlen($buf) === $bytes RandomCompat_strlen($buf) === $bytes
) { ) {
/** /**

View File

@ -7,7 +7,7 @@ if (!is_callable('random_int')) {
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -51,6 +51,7 @@ if (!is_callable('random_int')) {
*/ */
try { try {
/** @var int $min */
$min = RandomCompat_intval($min); $min = RandomCompat_intval($min);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -59,6 +60,7 @@ if (!is_callable('random_int')) {
} }
try { try {
/** @var int $max */
$max = RandomCompat_intval($max); $max = RandomCompat_intval($max);
} catch (TypeError $ex) { } catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
@ -90,11 +92,18 @@ if (!is_callable('random_int')) {
* so we can minimize the number of discards * so we can minimize the number of discards
*/ */
$attempts = $bits = $bytes = $mask = $valueShift = 0; $attempts = $bits = $bytes = $mask = $valueShift = 0;
/** @var int $attempts */
/** @var int $bits */
/** @var int $bytes */
/** @var int $mask */
/** @var int $valueShift */
/** /**
* At this point, $range is a positive number greater than 0. It might * At this point, $range is a positive number greater than 0. It might
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
* a float and we will lose some precision. * a float and we will lose some precision.
*
* @var int|float $range
*/ */
$range = $max - $min; $range = $max - $min;
@ -115,6 +124,7 @@ if (!is_callable('random_int')) {
* @ref http://3v4l.org/XX9r5 (64-bit) * @ref http://3v4l.org/XX9r5 (64-bit)
*/ */
$bytes = PHP_INT_SIZE; $bytes = PHP_INT_SIZE;
/** @var int $mask */
$mask = ~0; $mask = ~0;
} else { } else {
@ -129,16 +139,19 @@ if (!is_callable('random_int')) {
} }
++$bits; ++$bits;
$range >>= 1; $range >>= 1;
/** @var int $mask */
$mask = $mask << 1 | 1; $mask = $mask << 1 | 1;
} }
$valueShift = $min; $valueShift = $min;
} }
/** @var int $val */
$val = 0; $val = 0;
/** /**
* Now that we have our parameters set up, let's begin generating * Now that we have our parameters set up, let's begin generating
* random integers until one falls between $min and $max * random integers until one falls between $min and $max
*/ */
/** @psalm-suppress RedundantCondition */
do { do {
/** /**
* The rejection probability is at most 0.5, so this corresponds * The rejection probability is at most 0.5, so this corresponds
@ -169,6 +182,7 @@ if (!is_callable('random_int')) {
for ($i = 0; $i < $bytes; ++$i) { for ($i = 0; $i < $bytes; ++$i) {
$val |= ord($randomByteString[$i]) << ($i * 8); $val |= ord($randomByteString[$i]) << ($i * 8);
} }
/** @var int $val */
/** /**
* Apply mask * Apply mask

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.0-alpha-52741'; $wp_version = '6.0-alpha-52742';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.