summaryrefslogtreecommitdiff
path: root/vendor/paragonie/random_compat
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2015-12-18 09:29:56 +0000
committerGreg Roach <fisharebest@gmail.com>2015-12-18 09:29:56 +0000
commitaf5d9a801adf160537b257060c194a073886f688 (patch)
tree2059aeebcccf3319a855165d1255ac0d20131a31 /vendor/paragonie/random_compat
parent3bdbc94afc4ae89ae0de20c2c3e2dcdb77c8df44 (diff)
downloadwebtrees-af5d9a801adf160537b257060c194a073886f688.tar.gz
webtrees-af5d9a801adf160537b257060c194a073886f688.tar.bz2
webtrees-af5d9a801adf160537b257060c194a073886f688.zip
Consolidate PHP polyfills
Diffstat (limited to 'vendor/paragonie/random_compat')
-rw-r--r--vendor/paragonie/random_compat/.gitignore4
-rw-r--r--vendor/paragonie/random_compat/.scrutinizer.yml4
-rw-r--r--vendor/paragonie/random_compat/.travis.yml26
-rw-r--r--vendor/paragonie/random_compat/ERRATA.md40
-rw-r--r--vendor/paragonie/random_compat/LICENSE22
-rw-r--r--vendor/paragonie/random_compat/README.md149
-rw-r--r--vendor/paragonie/random_compat/SECURITY.md108
-rw-r--r--vendor/paragonie/random_compat/composer.json35
-rw-r--r--vendor/paragonie/random_compat/lib/byte_safe_strings.php160
-rw-r--r--vendor/paragonie/random_compat/lib/cast_to_int.php64
-rw-r--r--vendor/paragonie/random_compat/lib/error_polyfill.php42
-rw-r--r--vendor/paragonie/random_compat/lib/random.php145
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php77
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php142
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_libsodium.php84
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php72
-rw-r--r--vendor/paragonie/random_compat/lib/random_bytes_openssl.php76
-rw-r--r--vendor/paragonie/random_compat/lib/random_int.php185
-rw-r--r--vendor/paragonie/random_compat/phpunit.sh62
-rw-r--r--vendor/paragonie/random_compat/phpunit.xml.dist29
-rw-r--r--vendor/paragonie/random_compat/tests/full/DieHardTest.php61
-rw-r--r--vendor/paragonie/random_compat/tests/full/StatTest.php52
-rw-r--r--vendor/paragonie/random_compat/tests/specific/capicom.php7
-rw-r--r--vendor/paragonie/random_compat/tests/specific/dev_urandom.php7
-rw-r--r--vendor/paragonie/random_compat/tests/specific/libsodium.php7
-rw-r--r--vendor/paragonie/random_compat/tests/specific/mcrypt.php7
-rw-r--r--vendor/paragonie/random_compat/tests/specific/openssl.php7
-rw-r--r--vendor/paragonie/random_compat/tests/unit/RandomBytesTest.php52
-rw-r--r--vendor/paragonie/random_compat/tests/unit/RandomIntTest.php52
-rw-r--r--vendor/paragonie/random_compat/tests/unit/UtilityTest.php95
30 files changed, 1873 insertions, 0 deletions
diff --git a/vendor/paragonie/random_compat/.gitignore b/vendor/paragonie/random_compat/.gitignore
new file mode 100644
index 0000000000..de26af5798
--- /dev/null
+++ b/vendor/paragonie/random_compat/.gitignore
@@ -0,0 +1,4 @@
+composer.lock
+/vendor/
+/tests/phpunit.phar
+/tests/phpunit.phar.asc \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/.scrutinizer.yml b/vendor/paragonie/random_compat/.scrutinizer.yml
new file mode 100644
index 0000000000..a2f32ead6b
--- /dev/null
+++ b/vendor/paragonie/random_compat/.scrutinizer.yml
@@ -0,0 +1,4 @@
+checks:
+ php:
+ code_rating: true
+ duplication: false \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/.travis.yml b/vendor/paragonie/random_compat/.travis.yml
new file mode 100644
index 0000000000..43ec1272ea
--- /dev/null
+++ b/vendor/paragonie/random_compat/.travis.yml
@@ -0,0 +1,26 @@
+language: php
+php:
+
+- "7.0"
+- "5.6"
+- "5.5"
+- "5.4"
+- "5.3"
+- "hhvm"
+
+
+sudo: false
+
+matrix:
+ fast_finish: true
+ allow_failures:
+ - php: "hhvm"
+
+install:
+
+- composer install
+- composer self-update
+- composer update
+- chmod +x ./phpunit.sh
+
+script: ./phpunit.sh travis
diff --git a/vendor/paragonie/random_compat/ERRATA.md b/vendor/paragonie/random_compat/ERRATA.md
new file mode 100644
index 0000000000..9c0ef9fdb3
--- /dev/null
+++ b/vendor/paragonie/random_compat/ERRATA.md
@@ -0,0 +1,40 @@
+## Errata (Design Decisions)
+
+### Reasoning Behind the Order of Preferred Random Data Sources
+
+The order is:
+
+ 1. `libsodium if available`
+ 2. `fread() /dev/urandom if available`
+ 3. `mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)`
+ 4. `COM('CAPICOM.Utilities.1')->GetRandom()`
+ 5. `openssl_random_pseudo_bytes()`
+
+If libsodium is available, we get random data from it. This is the preferred
+method on all OSes, but libsodium is not very widely installed, so other
+fallbacks are available.
+
+Next, we read `/dev/urandom` (if it exists). This is the preferred file to read
+for random data for cryptographic purposes for BSD and Linux.
+
+Despite [strongly urging people not to use mcrypt in their projects](https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong),
+because libmcrypt is abandonware and the API puts too much responsibility on the
+implementor, we prioritize `mcrypt_create_iv()` with `MCRYPT_DEV_URANDOM` above
+the remaining implementations.
+
+The reason is simple: `mcrypt_create_iv()` is part of PHP's `ext/mcrypt` code,
+and is not part `libmcrypt`. It actually does the right thing:
+
+ * On Unix-based operating systems, it reads from `/dev/urandom`, which is the
+ sane and correct thing to do.
+ * On Windows, it reads from `CryptGenRandom`, which is an exclusively Windows
+ way to get random bytes.
+
+If we're on Windows and don't have access to `mcrypt`, we use `CAPICOM.Utilities.1`.
+
+Finally, we use `openssl_random_pseudo_bytes()` **as a last resort**, due to
+[PHP bug #70014](https://bugs.php.net/bug.php?id=70014). Internally, this
+function calls `RAND_pseudo_bytes()`, which has been [deprecated](https://github.com/paragonie/random_compat/issues/5)
+by the OpenSSL team. Furthermore, [it might silently return weak random data](https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973)
+if it is called before OpenSSL's **userspace** CSPRNG is seeded. Also,
+[you want the OS CSPRNG, not a userspace CSPRNG](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/).
diff --git a/vendor/paragonie/random_compat/LICENSE b/vendor/paragonie/random_compat/LICENSE
new file mode 100644
index 0000000000..45c7017dfb
--- /dev/null
+++ b/vendor/paragonie/random_compat/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Paragon Initiative Enterprises
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/paragonie/random_compat/README.md b/vendor/paragonie/random_compat/README.md
new file mode 100644
index 0000000000..ed5b1d85cf
--- /dev/null
+++ b/vendor/paragonie/random_compat/README.md
@@ -0,0 +1,149 @@
+# random_compat
+
+[![Build Status](https://travis-ci.org/paragonie/random_compat.svg?branch=master)](https://travis-ci.org/paragonie/random_compat)
+[![Scrutinizer](https://scrutinizer-ci.com/g/paragonie/random_compat/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/paragonie/random_compat)
+
+PHP 5.x polyfill for `random_bytes()` and `random_int()` created and maintained
+by [Paragon Initiative Enterprises](https://paragonie.com).
+
+Although this library *should* function in earlier versions of PHP, we will only
+consider issues relevant to [supported PHP versions](https://secure.php.net/supported-versions.php).
+**If you are using an unsupported version of PHP, please upgrade as soon as possible.**
+
+## Important
+
+Although this library has been examined by some security experts in the PHP
+community, there will always be a chance that we overlooked something. Please
+ask your favorite trusted hackers to hammer it for implementation errors and
+bugs before even thinking about deploying it in production.
+
+**Do not use the master branch, use a [stable release](https://github.com/paragonie/random_compat/releases/latest).**
+
+For the background of this library, please refer to our blog post on
+[Generating Random Integers and Strings in PHP](https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php).
+
+### Usability Notice
+
+If PHP cannot safely generate random data, this library will throw an `Exception`.
+It will never fall back to insecure random data. If this keeps happening, upgrade
+to a newer version of PHP immediately.
+
+## Usage
+
+This library exposes the [CSPRNG functions added in PHP 7](https://secure.php.net/manual/en/ref.csprng.php)
+for use in PHP 5 projects. Their behavior should be identical.
+
+### Generate a string of random bytes
+
+```php
+try {
+ $string = random_bytes(32);
+} catch (TypeError $e) {
+ // Well, it's an integer, so this IS unexpected.
+ die("An unexpected error has occurred");
+} catch (Error $e) {
+ // This is also unexpected because 32 is a reasonable integer.
+ die("An unexpected error has occurred");
+} catch (Exception $e) {
+ // If you get this message, the CSPRNG failed hard.
+ die("Could not generate a random string. Is our OS secure?");
+}
+
+var_dump(bin2hex($string));
+// string(64) "5787c41ae124b3b9363b7825104f8bc8cf27c4c3036573e5f0d4a91ad2eeac6f"
+```
+
+### Generate a random integer between two given integers (inclusive)
+
+```php
+try {
+ $int = random_int(0,255);
+
+} catch (TypeError $e) {
+ // Well, it's an integer, so this IS unexpected.
+ die("An unexpected error has occurred");
+} catch (Error $e) {
+ // This is also unexpected because 0 and 255 are both reasonable integers.
+ die("An unexpected error has occurred");
+} catch (Exception $e) {
+ // If you get this message, the CSPRNG failed hard.
+ die("Could not generate a random string. Is our OS secure?");
+}
+
+var_dump($int);
+// int(47)
+```
+
+### Exception handling
+
+When handling exceptions and errors you must account for differences between
+PHP 5 and PHP7.
+
+The differences:
+
+* Catching `Error` works, so long as it is caught before `Exception`.
+* Catching `Exception` has different behavior, without previously catching `Error`.
+* There is *no* portable way to catch all errors/exceptions.
+
+#### Our recommendation
+
+**Always** catch `Error` before `Exception`.
+
+#### Example
+
+```php
+try {
+ return random_int(1, $userInput);
+} catch (TypeError $e) {
+ // This is okay, so long as `Error` is caught before `Exception`.
+ throw new Exception('Please enter a number!');
+} catch (Error $e) {
+ // This is required, if you do not need to do anything just rethrow.
+ throw $e;
+} catch (Exception $e) {
+ // This is optional and maybe omitted if you do not want to handle errors
+ // during generation.
+ throw new InternalServerErrorException(
+ 'Oops, our server is bust and cannot generate any random data.',
+ 500,
+ $e
+ );
+}
+```
+
+## Contributors
+
+This project would not be anywhere near as excellent as it is today if it
+weren't for the contributions of the following individuals:
+
+* [@AndrewCarterUK (Andrew Carter)](https://github.com/AndrewCarterUK)
+* [@asgrim (James Titcumb)](https://github.com/asgrim)
+* [@CodesInChaos (Christian Winnerlein)](https://github.com/CodesInChaos)
+* [@chriscct7 (Chris Christoff)](https://github.com/chriscct7)
+* [@cs278 (Chris Smith)](https://github.com/cs278)
+* [@cweagans (Cameron Eagans)](https://github.com/cweagans)
+* [@dd32 (Dion Hulse)](https://github.com/dd32)
+* [@geggleto (Glenn Eggleton)](https://github.com/geggleto)
+* [@ircmaxell (Anthony Ferrara)](https://github.com/ircmaxell)
+* [@jedisct1 (Frank Denis)](https://github.com/jedisct1)
+* [@juliangut (Julián Gutiérrez)](https://github.com/juliangut)
+* [@kelunik (Niklas Keller)](https://github.com/kelunik)
+* [@lt (Leigh)](https://github.com/lt)
+* [@MasonM (Mason Malone)](https://github.com/MasonM)
+* [@mmeyer2k (Michael M)](https://github.com/mmeyer2k)
+* [@narfbg (Andrey Andreev)](https://github.com/narfbg)
+* [@nicolas-grekas (Nicolas Grekas)](https://github.com/nicolas-grekas)
+* [@oittaa](https://github.com/oittaa)
+* [@redragonx (Stephen Chavez)](https://github.com/redragonx)
+* [@rchouinard (Ryan Chouinard)](https://github.com/rchouinard)
+* [@SammyK (Sammy Kaye Powers)](https://github.com/SammyK)
+* [@scottchiefbaker (Scott Baker)](https://github.com/scottchiefbaker)
+* [@skyosev (Stoyan Kyosev)](https://github.com/skyosev)
+* [@stof (Christophe Coevoet)](https://github.com/stof)
+* [@teohhanhui (Teoh Han Hui)](https://github.com/teohhanhui)
+* [@tom-- (Tom Worster)](https://github.com/tom--)
+* [@tsyr2ko](https://github.com/tsyr2ko)
+* [@trowski (Aaron Piotrowski)](https://github.com/trowski)
+* [@twistor (Chris Lepannen)](https://github.com/twistor)
+* [@voku (Lars Moelleken)](https://github.com/voku)
+* [@xabbuh (Christian Flothmann)](https://github.com/xabbuh)
diff --git a/vendor/paragonie/random_compat/SECURITY.md b/vendor/paragonie/random_compat/SECURITY.md
new file mode 100644
index 0000000000..8f731b38da
--- /dev/null
+++ b/vendor/paragonie/random_compat/SECURITY.md
@@ -0,0 +1,108 @@
+# An Invitation to Security Researchers
+
+Every company says they take security "very seriously." Rather than bore anyone
+with banal boilerplate, here are some quick answers followed by detailed
+elaboration. If you have any questions about our policies, please email them to
+`scott@paragonie.com`.
+
+## Quick Answers
+
+* There is no compulsion to disclose vulnerabilities privately, but we
+ appreciate a head's up.
+* `security@paragonie.com` will get your reports to the right person. Our GPG
+ fingerprint, should you decide to encrypt your report, is
+ `7F52 D5C6 1D12 55C7 3136 2E82 6B97 A1C2 8264 04DA`.
+
+* **YES**, we will reward security researchers who disclose vulnerabilities in
+ our software.
+* In most cases, **No Proof-of-Concept Required.**
+
+## How to Report a Security Bug to Paragon Initiative Enterprises
+
+### There is no compulsion to disclose privately.
+
+We believe vulnerability disclosure style is a personal choice and enjoy working
+with a diverse community. We understand and appreciate the importance of Full
+Disclosure in the history and practice of security research.
+
+We would *like* to know about high-severity bugs before they become public
+knowledge, so we can fix them in a timely manner, but **we do not believe in
+threatening researchers or trying to enforce vulnerability embargoes**.
+
+Ultimately, if you discover a security-affecting vulnerability, what you do with
+it is your choice. We would like to work with people, and to celebrate and
+reward their skill, experience, and dedication. We appreciate being informed of
+our mistakes so we can learn from them and build a better product. Our goal is
+to empower the community.
+
+### Where to Send Security Vulnerabilities
+
+Our security email address is `security@paragonie.com`. Also feel free to open a
+new issue on Github if you want to disclose publicly.
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG
+
+mQENBFUgwRUBCADcIpqNwyYc5UmY/tpx1sF/rQ3knR1YNXYZThzFV+Gmqhp1fDH5
+qBs9foh1xwI6O7knWmQngnf/nBumI3x6xj7PuOdEZUh2FwCG/VWnglW8rKmoHzHA
+ivjiu9SLnPIPAgHSHeh2XD7q3Ndm3nenbjAiRFNl2iXcwA2cTQp9Mmfw9vVcw0G0
+z1o0G3s8cC8ZS6flFySIervvfSRWj7A1acI5eE3+AH/qXJRdEJ+9J8OB65p1JMfk
+6+fWgOB1XZxMpz70S0rW6IX38WDSRhEK2fXyZJAJjyt+YGuzjZySNSoQR/V6vNYn
+syrNPCJ2i5CgZQxAkyBBcr7koV9RIhPRzct/ABEBAAG0IVNlY3VyaXR5IDxzZWN1
+cml0eUBwYXJhZ29uaWUuY29tPokBOQQTAQIAIwUCVSDBFQIbAwcLCQgHAwIBBhUI
+AgkKCwQWAgMBAh4BAheAAAoJEGuXocKCZATat2YIAIoejNFEQ2c1iaOEtSuB7Pn/
+WLbsDsHNLDKOV+UnfaCjv/vL7D+5NMChFCi2frde/NQb2TsjqmIH+V+XbnJtlrXD
+Vj7yvMVal+Jqjwj7v4eOEWcKVcFZk+9cfUgh7t92T2BMX58RpgZF0IQZ6Z1R3FfC
+9Ub4X6ykW+te1q0/4CoRycniwmlQi6iGSr99LQ5pfJq2Qlmz/luTZ0UX0h575T7d
+cp2T1sX/zFRk/fHeANWSksipdDBjAXR7NMnYZgw2HghEdFk/xRDY7K1NRWNZBf05
+WrMHmh6AIVJiWZvI175URxEe268hh+wThBhXQHMhFNJM1qPIuzb4WogxM3UUD7m5
+AQ0EVSDBFQEIALNkpzSuJsHAHh79sc0AYWztdUe2MzyofQbbOnOCpWZebYsC3EXU
+335fIg59k0m6f+O7GmEZzzIv5v0i99GS1R8CJm6FvhGqtH8ZqmOGbc71WdJSiNVE
+0kpQoJlVzRbig6ZyyjzrggbM1eh5OXOk5pw4+23FFEdw7JWU0HJS2o71r1hwp05Z
+vy21kcUEobz/WWQQyGS0Neo7PJn+9KS6wOxXul/UE0jct/5f7KLMdWMJ1VgniQmm
+hjvkHLPSICteqCI04RfcmMseW9gueHQXeUu1SNIvsWa2MhxjeBej3pDnrZWszKwy
+gF45GO9/v4tkIXNMy5J1AtOyRgQ3IUMqp8EAEQEAAYkBHwQYAQIACQUCVSDBFQIb
+DAAKCRBrl6HCgmQE2jnIB/4/xFz8InpM7eybnBOAir3uGcYfs3DOmaKn7qWVtGzv
+rKpQPYnVtlU2i6Z5UO4c4jDLT/8Xm1UDz3Lxvqt4xCaDwJvBZexU5BMK8l5DvOzH
+6o6P2L1UDu6BvmPXpVZz7/qUhOnyf8VQg/dAtYF4/ax19giNUpI5j5o5mX5w80Rx
+qSXV9NdSL4fdjeG1g/xXv2luhoV53T1bsycI3wjk/x5tV+M2KVhZBvvuOm/zhJje
+oLWp0saaESkGXIXqurj6gZoujJvSvzl0n9F9VwqMEizDUfrXgtD1siQGhP0sVC6q
+ha+F/SAEJ0jEquM4TfKWWU2S5V5vgPPpIQSYRnhQW4b1
+=xJPW
+-----END PGP PUBLIC KEY BLOCK-----
+```
+
+### We Will Reward Security Researchers
+
+**This process has not been formalized; nor have dollar amounts been
+discussed.**
+
+However, if you report a valid security-affecting bug, we will compensate you
+for the time spent finding the vulnerability and reward you for being a good
+neighbor.
+
+#### What does a "valid" bug mean?
+
+There are two sides to this:
+
+1. Some have spammed projects with invalid bug reports hoping to collect
+ bounties for pressing a button and running an automated analysis tool. This
+ is not cool.
+2. There is a potential for the developers of a project to declare all security
+ bug reports as invalid to save money.
+
+Our team members have an established history of reporting vulnerabilities to
+large open source projects. **We aren't in the business of ripping people off.**
+When in doubt, our policy is to err on the side of generosity.
+
+### No Proof-of-Concept Required
+
+We might ask for one if we feel we do not understand some of the details
+pertaining to a specific vulnerability. We certainly appreciate them if you
+include them in your report, but we believe **the burden lies with the developer
+to prove their software *is* secure** rather than with the researcher to prove
+that it isn't.
+
+In our experience, most bugs are simpler to fix than they are to exploit.
+
diff --git a/vendor/paragonie/random_compat/composer.json b/vendor/paragonie/random_compat/composer.json
new file mode 100644
index 0000000000..d363f4c8cb
--- /dev/null
+++ b/vendor/paragonie/random_compat/composer.json
@@ -0,0 +1,35 @@
+{
+ "name": "paragonie/random_compat",
+ "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+ "keywords": [
+ "csprng",
+ "random",
+ "pseudorandom"
+ ],
+ "license": "MIT",
+ "type": "library",
+ "authors": [
+ {
+ "name": "Paragon Initiative Enterprises",
+ "email": "security@paragonie.com",
+ "homepage": "https://paragonie.com"
+ }
+ ],
+ "support": {
+ "issues": "https://github.com/paragonie/random_compat/issues",
+ "email": "info@paragonie.com",
+ "source": "https://github.com/paragonie/random_compat"
+ },
+ "require": {
+ "php": ">=5.2.0"
+ },
+ "require-dev": {
+ "phpunit/phpunit": "4.*|5.*"
+ },
+ "suggest": {
+ "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+ },
+ "autoload": {
+ "files": ["lib/random.php"]
+ }
+}
diff --git a/vendor/paragonie/random_compat/lib/byte_safe_strings.php b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
new file mode 100644
index 0000000000..a3cc90b146
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/byte_safe_strings.php
@@ -0,0 +1,160 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!function_exists('RandomCompat_strlen')) {
+ if (
+ defined('MB_OVERLOAD_STRING') &&
+ ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+ ) {
+ /**
+ * strlen() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version uses mb_strlen() in '8bit' mode to treat strings as raw
+ * binary rather than UTF-8, ISO-8859-1, etc
+ *
+ * @param string $binary_string
+ *
+ * @throws TypeError
+ *
+ * @return int
+ */
+ function RandomCompat_strlen($binary_string)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_strlen() expects a string'
+ );
+ }
+ return mb_strlen($binary_string, '8bit');
+ }
+ } else {
+ /**
+ * strlen() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version just used the default strlen()
+ *
+ * @param string $binary_string
+ *
+ * @throws TypeError
+ *
+ * @return int
+ */
+ function RandomCompat_strlen($binary_string)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_strlen() expects a string'
+ );
+ }
+ return strlen($binary_string);
+ }
+ }
+}
+
+if (!function_exists('RandomCompat_substr')) {
+ if (
+ defined('MB_OVERLOAD_STRING') &&
+ ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+ ) {
+ /**
+ * substr() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version uses mb_substr() in '8bit' mode to treat strings as raw
+ * binary rather than UTF-8, ISO-8859-1, etc
+ *
+ * @param string $binary_string
+ * @param int $start
+ * @param int $length (optional)
+ *
+ * @throws TypeError
+ *
+ * @return string
+ */
+ function RandomCompat_substr($binary_string, $start, $length = null)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): First argument should be a string'
+ );
+ }
+ if (!is_int($start)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Second argument should be an integer'
+ );
+ }
+ if ($length === null) {
+ /**
+ * mb_substr($str, 0, NULL, '8bit') returns an empty string on
+ * PHP 5.3, so we have to find the length ourselves.
+ */
+ $length = RandomCompat_strlen($length) - $start;
+ } elseif (!is_int($length)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Third argument should be an integer, or omitted'
+ );
+ }
+ return mb_substr($binary_string, $start, $length, '8bit');
+ }
+ } else {
+ /**
+ * substr() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version just uses the default substr()
+ *
+ * @param string $binary_string
+ * @param int $start
+ * @param int $length (optional)
+ *
+ * @throws TypeError
+ *
+ * @return string
+ */
+ function RandomCompat_substr($binary_string, $start, $length = null)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): First argument should be a string'
+ );
+ }
+ if (!is_int($start)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Second argument should be an integer'
+ );
+ }
+ if ($length !== null) {
+ if (!is_int($length)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Third argument should be an integer, or omitted'
+ );
+ }
+ return substr($binary_string, $start, $length);
+ }
+ return substr($binary_string, $start);
+ }
+ }
+}
diff --git a/vendor/paragonie/random_compat/lib/cast_to_int.php b/vendor/paragonie/random_compat/lib/cast_to_int.php
new file mode 100644
index 0000000000..474ce64008
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/cast_to_int.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!function_exists('RandomCompat_intval')) {
+
+ /**
+ * Cast to an integer if we can, safely.
+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
+ *
+ * @param numeric $number The number we want to convert to an int
+ * @param boolean $fail_open Set to true to not throw an exception
+ *
+ * @return int (or float if $fail_open)
+ */
+ function RandomCompat_intval($number, $fail_open = false)
+ {
+ if (is_numeric($number)) {
+ $number += 0;
+ }
+ if (
+ is_float($number) &&
+ $number > ~PHP_INT_MAX &&
+ $number < PHP_INT_MAX
+ ) {
+ $number = (int) $number;
+ }
+ if (is_int($number) || $fail_open) {
+ return $number;
+ }
+ throw new TypeError(
+ 'Expected an integer.'
+ );
+ }
+}
diff --git a/vendor/paragonie/random_compat/lib/error_polyfill.php b/vendor/paragonie/random_compat/lib/error_polyfill.php
new file mode 100644
index 0000000000..57cfefdcd1
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/error_polyfill.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!class_exists('Error', false)) {
+ // We can't really avoid making this extend Exception in PHP 5.
+ class Error extends Exception
+ {
+
+ }
+}
+
+if (!class_exists('TypeError', false)) {
+ class TypeError extends Error
+ {
+
+ }
+}
diff --git a/vendor/paragonie/random_compat/lib/random.php b/vendor/paragonie/random_compat/lib/random.php
new file mode 100644
index 0000000000..8898a35bcd
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random.php
@@ -0,0 +1,145 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('PHP_VERSION_ID')) {
+ // This constant was introduced in PHP 5.2.7
+ $RandomCompatversion = explode('.', PHP_VERSION);
+ define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
+ $RandomCompatversion = null;
+}
+if (PHP_VERSION_ID < 70000) {
+ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+ }
+ $RandomCompatDIR = dirname(__FILE__);
+ require_once $RandomCompatDIR.'/byte_safe_strings.php';
+ require_once $RandomCompatDIR.'/cast_to_int.php';
+ require_once $RandomCompatDIR.'/error_polyfill.php';
+ if (!function_exists('random_bytes')) {
+ /**
+ * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+ *
+ * We use conditional statements here to define the function in accordance
+ * to the operating environment. It's a micro-optimization.
+ *
+ * In order of preference:
+ * 1. Use libsodium if available.
+ * 2. fread() /dev/urandom if available (never on Windows)
+ * 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
+ * 4. COM('CAPICOM.Utilities.1')->GetRandom()
+ * 5. openssl_random_pseudo_bytes() (absolute last resort)
+ *
+ * See ERRATA.md for our reasoning behind this particular order
+ */
+ if (extension_loaded('libsodium')) {
+ // See random_bytes_libsodium.php
+ require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ DIRECTORY_SEPARATOR === '/' &&
+ @is_readable('/dev/urandom')
+ ) {
+ // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+ // way to exclude Windows.
+ //
+ // Error suppression on is_readable() in case of an open_basedir or
+ // safe_mode failure. All we care about is whether or not we can
+ // read it at this point. If the PHP environment is going to panic
+ // over trying to see if the file can be read in the first place,
+ // that is not helpful to us here.
+
+ // See random_bytes_dev_urandom.php
+ require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ PHP_VERSION_ID >= 50307 &&
+ extension_loaded('mcrypt')
+ ) {
+ // See random_bytes_mcrypt.php
+ require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ extension_loaded('com_dotnet') &&
+ class_exists('COM')
+ ) {
+ $RandomCompat_disabled_classes = preg_split(
+ '#\s*,\s*#',
+ strtolower(ini_get('disable_classes'))
+ );
+
+ if (!in_array('com', $RandomCompat_disabled_classes)) {
+ try {
+ $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+ if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+ // See random_bytes_com_dotnet.php
+ require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
+ }
+ } catch (com_exception $e) {
+ // Don't try to use it.
+ }
+ }
+ $RandomCompat_disabled_classes = null;
+ $RandomCompatCOMtest = null;
+ }
+ if (
+ !function_exists('random_bytes') &&
+ extension_loaded('openssl') &&
+ (
+ // Unix-like with PHP >= 5.3.0 or
+ (
+ DIRECTORY_SEPARATOR === '/' &&
+ PHP_VERSION_ID >= 50300
+ ) ||
+ // Windows with PHP >= 5.4.1
+ PHP_VERSION_ID >= 50401
+ )
+ ) {
+ // See random_bytes_openssl.php
+ require_once $RandomCompatDIR.'/random_bytes_openssl.php';
+ }
+ if (!function_exists('random_bytes')) {
+ /**
+ * We don't have any more options, so let's throw an exception right now
+ * and hope the developer won't let it fail silently.
+ */
+ function random_bytes()
+ {
+ throw new Exception(
+ 'There is no suitable CSPRNG installed on your system'
+ );
+ }
+ }
+ }
+ if (!function_exists('random_int')) {
+ require_once $RandomCompatDIR.'/random_int.php';
+ }
+ $RandomCompatDIR = null;
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
new file mode 100644
index 0000000000..0a781f4efa
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Windows with PHP < 5.3.0 will not have the function
+ * openssl_random_pseudo_bytes() available, so let's use
+ * CAPICOM to work around this deficiency.
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ $buf = '';
+ $util = new COM('CAPICOM.Utilities.1');
+ $execCount = 0;
+ /**
+ * Let's not let it loop forever. If we run N times and fail to
+ * get N bytes of random data, then CAPICOM has failed us.
+ */
+ do {
+ $buf .= base64_decode($util->GetRandom($bytes, 0));
+ if (RandomCompat_strlen($buf) >= $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return RandomCompat_substr($buf, 0, $bytes);
+ }
+ ++$execCount;
+ } while ($execCount < $bytes);
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
new file mode 100644
index 0000000000..5d07104b3f
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php
@@ -0,0 +1,142 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
+
+/**
+ * Unless open_basedir is enabled, use /dev/urandom for
+ * random numbers in accordance with best practices
+ *
+ * Why we use /dev/urandom and not /dev/random
+ * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ static $fp = null;
+ /**
+ * This block should only be run once
+ */
+ if (empty($fp)) {
+ /**
+ * We use /dev/urandom if it is a char device.
+ * We never fall back to /dev/random
+ */
+ $fp = fopen('/dev/urandom', 'rb');
+ if (!empty($fp)) {
+ $st = fstat($fp);
+ if (($st['mode'] & 0170000) !== 020000) {
+ fclose($fp);
+ $fp = false;
+ }
+ }
+ if (!empty($fp)) {
+ /**
+ * stream_set_read_buffer() does not exist in HHVM
+ *
+ * If we don't set the stream's read buffer to 0, PHP will
+ * internally buffer 8192 bytes, which can waste entropy
+ *
+ * stream_set_read_buffer returns 0 on success
+ */
+ if (function_exists('stream_set_read_buffer')) {
+ stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
+ if (function_exists('stream_set_chunk_size')) {
+ stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
+ }
+ }
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ /**
+ * This if() block only runs if we managed to open a file handle
+ *
+ * It does not belong in an else {} block, because the above
+ * if (empty($fp)) line is logic that should only be run once per
+ * page load.
+ */
+ if (!empty($fp)) {
+ $remaining = $bytes;
+ $buf = '';
+ /**
+ * We use fread() in a loop to protect against partial reads
+ */
+ do {
+ $read = fread($fp, $remaining);
+ if ($read === false) {
+ /**
+ * We cannot safely read from the file. Exit the
+ * do-while loop and trigger the exception condition
+ */
+ $buf = false;
+ break;
+ }
+ /**
+ * Decrease the number of bytes returned from remaining
+ */
+ $remaining -= RandomCompat_strlen($read);
+ $buf .= $read;
+ } while ($remaining > 0);
+
+ /**
+ * Is our result valid?
+ */
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Error reading from source device'
+ );
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
new file mode 100644
index 0000000000..938cac9290
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_libsodium.php
@@ -0,0 +1,84 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ $buf = '';
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= \Sodium\randombytes_buf($n);
+ }
+ } else {
+ $buf = \Sodium\randombytes_buf($bytes);
+ }
+
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
new file mode 100644
index 0000000000..5a1b688f60
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+/**
+ * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
+ *
+ * @ref https://bugs.php.net/bug.php?id=55169
+ * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+
+ $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+}
diff --git a/vendor/paragonie/random_compat/lib/random_bytes_openssl.php b/vendor/paragonie/random_compat/lib/random_bytes_openssl.php
new file mode 100644
index 0000000000..3e12d3da59
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_bytes_openssl.php
@@ -0,0 +1,76 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Since openssl_random_pseudo_bytes() uses openssl's
+ * RAND_pseudo_bytes() API, which has been marked as deprecated by the
+ * OpenSSL team, this is our last resort before failure.
+ *
+ * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ $secure = true;
+ /**
+ * $secure is passed by reference. If it's set to false, fail. Note
+ * that this will only return false if this function fails to return
+ * any data.
+ *
+ * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973
+ */
+ $buf = openssl_random_pseudo_bytes($bytes, $secure);
+ if ($buf !== false && $secure) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+}
diff --git a/vendor/paragonie/random_compat/lib/random_int.php b/vendor/paragonie/random_compat/lib/random_int.php
new file mode 100644
index 0000000000..6c91dbc516
--- /dev/null
+++ b/vendor/paragonie/random_compat/lib/random_int.php
@@ -0,0 +1,185 @@
+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Fetch a random integer between $min and $max inclusive
+ *
+ * @param int $min
+ * @param int $max
+ *
+ * @throws Exception
+ *
+ * @return int
+ */
+function random_int($min, $max)
+{
+ /**
+ * Type and input logic checks
+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
+ */
+
+ try {
+ $min = RandomCompat_intval($min);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $min must be an integer'
+ );
+ }
+ try {
+ $max = RandomCompat_intval($max);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $max must be an integer'
+ );
+ }
+
+ /**
+ * Now that we've verified our weak typing system has given us an integer,
+ * let's validate the logic then we can move forward with generating random
+ * integers along a given range.
+ */
+ if ($min > $max) {
+ throw new Error(
+ 'Minimum value must be less than or equal to the maximum value'
+ );
+ }
+ if ($max === $min) {
+ return $min;
+ }
+
+ /**
+ * Initialize variables to 0
+ *
+ * We want to store:
+ * $bytes => the number of random bytes we need
+ * $mask => an integer bitmask (for use with the &) operator
+ * so we can minimize the number of discards
+ */
+ $attempts = $bits = $bytes = $mask = $valueShift = 0;
+
+ /**
+ * At this point, $range is a positive number greater than 0. It might
+ * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+ * a float and we will lose some precision.
+ */
+ $range = $max - $min;
+
+ /**
+ * Test for integer overflow:
+ */
+ if (!is_int($range)) {
+ /**
+ * Still safely calculate wider ranges.
+ * Provided by @CodesInChaos, @oittaa
+ *
+ * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+ *
+ * We use ~0 as a mask in this case because it generates all 1s
+ *
+ * @ref https://eval.in/400356 (32-bit)
+ * @ref http://3v4l.org/XX9r5 (64-bit)
+ */
+ $bytes = PHP_INT_SIZE;
+ $mask = ~0;
+ } else {
+ /**
+ * $bits is effectively ceil(log($range, 2)) without dealing with
+ * type juggling
+ */
+ while ($range > 0) {
+ if ($bits % 8 === 0) {
+ ++$bytes;
+ }
+ ++$bits;
+ $range >>= 1;
+ $mask = $mask << 1 | 1;
+ }
+ $valueShift = $min;
+ }
+
+ /**
+ * Now that we have our parameters set up, let's begin generating
+ * random integers until one falls between $min and $max
+ */
+ do {
+ /**
+ * The rejection probability is at most 0.5, so this corresponds
+ * to a failure probability of 2^-128 for a working RNG
+ */
+ if ($attempts > 128) {
+ throw new Exception(
+ 'random_int: RNG is broken - too many rejections'
+ );
+ }
+
+ /**
+ * Let's grab the necessary number of random bytes
+ */
+ $randomByteString = random_bytes($bytes);
+ if ($randomByteString === false) {
+ throw new Exception(
+ 'Random number generator failure'
+ );
+ }
+
+ /**
+ * Let's turn $randomByteString into an integer
+ *
+ * This uses bitwise operators (<< and |) to build an integer
+ * out of the values extracted from ord()
+ *
+ * Example: [9F] | [6D] | [32] | [0C] =>
+ * 159 + 27904 + 3276800 + 201326592 =>
+ * 204631455
+ */
+ $val = 0;
+ for ($i = 0; $i < $bytes; ++$i) {
+ $val |= ord($randomByteString[$i]) << ($i * 8);
+ }
+
+ /**
+ * Apply mask
+ */
+ $val &= $mask;
+ $val += $valueShift;
+
+ ++$attempts;
+ /**
+ * If $val overflows to a floating point number,
+ * ... or is larger than $max,
+ * ... or smaller than $min,
+ * then try again.
+ */
+ } while (!is_int($val) || $val > $max || $val < $min);
+ return (int) $val;
+}
diff --git a/vendor/paragonie/random_compat/phpunit.sh b/vendor/paragonie/random_compat/phpunit.sh
new file mode 100644
index 0000000000..c4c6a9f669
--- /dev/null
+++ b/vendor/paragonie/random_compat/phpunit.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+if [ "$1" == 'full' ]; then
+ fulltest=1
+elif [ "$1" == 'each' ]; then
+ testeach=1
+else
+ fulltest=0
+fi
+
+PHP_VERSION=$(php -r "echo PHP_VERSION_ID;")
+
+echo
+echo -e "\033[33mBegin Unit Testing\033[0m"
+# Run the testing suite
+echo "Basic test suite:"
+php vendor/bin/phpunit tests/unit
+if [ $? -ne 0 ]; then
+ # Test failure
+ exit 1
+fi
+echo "With open_basedir enabled:"
+php -d open_basedir=`pwd` vendor/bin/phpunit tests/unit
+if [ $? -ne 0 ]; then
+ # Test failure
+ exit 1
+fi
+echo "With open_basedir enabled, allowing /dev:"
+php -d open_basedir=`pwd`:/dev vendor/bin/phpunit tests/unit
+if [ $? -ne 0 ]; then
+ # Test failure
+ exit 1
+fi
+echo "With mbstring.func_overload enabled:"
+php -d mbstring.func_overload=7 vendor/bin/phpunit tests/unit
+if [ $? -ne 0 ]; then
+ # Test failure
+ exit 1
+fi
+
+if [[ "$testeach" == "1" ]]; then
+ echo " CAPICOM:"
+ php vendor/bin/phpunit --bootstrap tests/specific/capicom.php tests/unit
+ echo " /dev/urandom:"
+ php vendor/bin/phpunit --bootstrap tests/specific/dev_urandom.php tests/unit
+ echo " libsodium:"
+ php vendor/bin/phpunit --bootstrap tests/specific/libsodium.php tests/unit
+ echo " mcrypt:"
+ php vendor/bin/phpunit --bootstrap tests/specific/mcrypt.php tests/unit
+ echo " openssl:"
+ php vendor/bin/phpunit --bootstrap tests/specific/openssl.php tests/unit
+fi
+
+# Should we perform full statistical analyses?
+if [[ "$fulltest" == "1" ]]; then
+ php vendor/bin/phpunit tests/full
+ if [ $? -ne 0 ]; then
+ # Test failure
+ exit 1
+ fi
+fi
+
diff --git a/vendor/paragonie/random_compat/phpunit.xml.dist b/vendor/paragonie/random_compat/phpunit.xml.dist
new file mode 100644
index 0000000000..b4697d35a1
--- /dev/null
+++ b/vendor/paragonie/random_compat/phpunit.xml.dist
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+ backupStaticAttributes="false"
+ bootstrap="lib/random.php"
+ colors="true"
+ convertErrorsToExceptions="true"
+ convertNoticesToExceptions="true"
+ convertWarningsToExceptions="true"
+ processIsolation="false"
+ stopOnError="false"
+ stopOnFailure="false"
+ syntaxCheck="true"
+>
+ <testsuites>
+ <testsuite name="Unit">
+ <directory>tests/unit</directory>
+ </testsuite>
+ </testsuites>
+ <testsuites>
+ <testsuite name="Random Compat Test Suite">
+ <directory suffix="Test.php">./tests/unit</directory>
+ </testsuite>
+ </testsuites>
+ <filter>
+ <whitelist processUncoveredFilesFromWhitelist="true">
+ <directory suffix=".php">./lib</directory>
+ </whitelist>
+ </filter>
+</phpunit> \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/full/DieHardTest.php b/vendor/paragonie/random_compat/tests/full/DieHardTest.php
new file mode 100644
index 0000000000..2e6dc70051
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/full/DieHardTest.php
@@ -0,0 +1,61 @@
+<?php
+class DieHardTest extends PHPUnit_Framework_TestCase
+{
+ /**
+ * Birthday spacings: Choose random points on a large interval.
+ * The spacings between the points should be asymptotically exponentially
+ * distributed.
+ */
+ public function testBirthday()
+ {
+ // Number of buckets to make
+ $num_buckets = 17;
+ // How much tolerance should we allow? 0.01 = 1% 0.50 = 50%, etc.
+ $tolerance = 0.03;
+ $rand_min = 200000;
+ $rand_max = 600000;
+ $rand_step = 100000;
+
+ $minT = (1.00 - $tolerance);
+ $maxT = (1.00 + $tolerance);
+
+ for ($nums_to_generate = $rand_min; $nums_to_generate < $rand_max; $nums_to_generate += $rand_step) {
+ $buckets = array_fill(0, $num_buckets, 0);
+
+ // The number of ints we expect per bucket +/- 2%;
+ $min = (int) ceil($minT * $nums_to_generate / $num_buckets);
+ $max = (int) floor($maxT * $nums_to_generate / $num_buckets);
+
+ for ($i = 0; $i < $nums_to_generate; ++$i) {
+ $random = random_int(0, 999);
+ $bucket = $random % $num_buckets;
+ $buckets[$bucket]++;
+ }
+ for ($i = 0; $i < $num_buckets; ++$i) {
+
+ // Debugging code:
+
+ if ($buckets[$i] <= $min ) {
+ var_dump([
+ 'bucket' => $i,
+ 'value' => $buckets[$i],
+ 'min' => $min,
+ 'nums' => $nums_to_generate,
+ 'reason' => 'below min'
+ ]);
+ }
+ if ($buckets[$i] >= $max ) {
+ var_dump([
+ 'bucket' => $i,
+ 'value' => $buckets[$i],
+ 'maax' => $max,
+ 'nums' => $nums_to_generate,
+ 'reason' => 'above max'
+ ]);
+ }
+
+ $this->assertTrue($buckets[$i] < $max && $buckets[$i] > $min);
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/full/StatTest.php b/vendor/paragonie/random_compat/tests/full/StatTest.php
new file mode 100644
index 0000000000..e78eb14633
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/full/StatTest.php
@@ -0,0 +1,52 @@
+<?php
+
+class StatTest extends PHPUnit_Framework_TestCase
+{
+ /**
+ * All possible values should be > 30% but less than 170%
+ *
+ * This also catches 0 and 1000
+ */
+ public function testDistribution()
+ {
+ $integers = array_fill(0, 100, 0);
+ for ($i = 0; $i < 10000; ++$i) {
+ ++$integers[random_int(0,99)];
+ }
+ for ($i = 0; $i < 100; ++$i) {
+ $this->assertFalse($integers[$i] < 30);
+ $this->assertFalse($integers[$i] > 170);
+ }
+ }
+
+ /**
+ * This should be between 55% and 75%, always
+ */
+ public function testCoverage()
+ {
+ $integers = array_fill(0, 2000, 0);
+ for ($i = 0; $i < 2000; ++$i) {
+ ++$integers[random_int(0,1999)];
+ }
+ $coverage = 0;
+ for ($i = 0; $i < 2000; ++$i) {
+ if ($integers[$i] > 0) {
+ ++$coverage;
+ }
+ }
+ $this->assertTrue($coverage >= 1150);
+ $this->assertTrue($coverage <= 1350);
+ }
+
+ public function testCompressionRatios()
+ {
+ $some_bytes = random_bytes(65536);
+ $compressed = gzcompress($some_bytes, 9);
+ if (function_exists('mb_strlen')) {
+ $length = mb_strlen($compressed, '8bit');
+ } else {
+ $length = strlen($compressed);
+ }
+ $this->assertTrue($length >= 65000 && $length <= 67000);
+ }
+} \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/specific/capicom.php b/vendor/paragonie/random_compat/tests/specific/capicom.php
new file mode 100644
index 0000000000..640be1b5b8
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/specific/capicom.php
@@ -0,0 +1,7 @@
+<?php
+$ut_dir = dirname(dirname(__DIR__));
+require_once $ut_dir.'/lib/byte_safe_strings.php';
+require_once $ut_dir.'/lib/cast_to_int.php';
+require_once $ut_dir.'/lib/error_polyfill.php';
+require_once $ut_dir.'/lib/random_bytes_com_dotnet.php';
+require_once $ut_dir.'/lib/random_int.php'; \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/specific/dev_urandom.php b/vendor/paragonie/random_compat/tests/specific/dev_urandom.php
new file mode 100644
index 0000000000..bc8bfc968f
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/specific/dev_urandom.php
@@ -0,0 +1,7 @@
+<?php
+$ut_dir = dirname(dirname(__DIR__));
+require_once $ut_dir.'/lib/byte_safe_strings.php';
+require_once $ut_dir.'/lib/cast_to_int.php';
+require_once $ut_dir.'/lib/error_polyfill.php';
+require_once $ut_dir.'/lib/random_bytes_dev_urandom.php';
+require_once $ut_dir.'/lib/random_int.php'; \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/specific/libsodium.php b/vendor/paragonie/random_compat/tests/specific/libsodium.php
new file mode 100644
index 0000000000..3283c0f109
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/specific/libsodium.php
@@ -0,0 +1,7 @@
+<?php
+$ut_dir = dirname(dirname(__DIR__));
+require_once $ut_dir.'/lib/byte_safe_strings.php';
+require_once $ut_dir.'/lib/cast_to_int.php';
+require_once $ut_dir.'/lib/error_polyfill.php';
+require_once $ut_dir.'/lib/random_bytes_libsodium.php';
+require_once $ut_dir.'/lib/random_int.php'; \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/specific/mcrypt.php b/vendor/paragonie/random_compat/tests/specific/mcrypt.php
new file mode 100644
index 0000000000..fe0ffa70f8
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/specific/mcrypt.php
@@ -0,0 +1,7 @@
+<?php
+$ut_dir = dirname(dirname(__DIR__));
+require_once $ut_dir.'/lib/byte_safe_strings.php';
+require_once $ut_dir.'/lib/cast_to_int.php';
+require_once $ut_dir.'/lib/error_polyfill.php';
+require_once $ut_dir.'/lib/random_bytes_mcrypt.php';
+require_once $ut_dir.'/lib/random_int.php'; \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/specific/openssl.php b/vendor/paragonie/random_compat/tests/specific/openssl.php
new file mode 100644
index 0000000000..2f4acce515
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/specific/openssl.php
@@ -0,0 +1,7 @@
+<?php
+$ut_dir = dirname(dirname(__DIR__));
+require_once $ut_dir.'/lib/byte_safe_strings.php';
+require_once $ut_dir.'/lib/cast_to_int.php';
+require_once $ut_dir.'/lib/error_polyfill.php';
+require_once $ut_dir.'/lib/random_bytes_openssl.php';
+require_once $ut_dir.'/lib/random_int.php'; \ No newline at end of file
diff --git a/vendor/paragonie/random_compat/tests/unit/RandomBytesTest.php b/vendor/paragonie/random_compat/tests/unit/RandomBytesTest.php
new file mode 100644
index 0000000000..0b3c3eb88b
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/unit/RandomBytesTest.php
@@ -0,0 +1,52 @@
+<?php
+class RandomBytesTest extends PHPUnit_Framework_TestCase
+{
+ public function testFuncExists()
+ {
+ $this->assertTrue(function_exists('random_bytes'));
+ }
+
+ public function testOutput()
+ {
+ $bytes = array(
+ random_bytes(12),
+ random_bytes(64),
+ random_bytes(64),
+ random_bytes(1.5)
+ );
+
+ $this->assertTrue(
+ strlen(bin2hex($bytes[0])) === 24
+ );
+ $this->assertTrue(
+ strlen(bin2hex($bytes[3])) === 2
+ );
+
+ // This should never generate identical byte strings
+ $this->assertFalse(
+ $bytes[1] === $bytes[2]
+ );
+
+ try {
+ $x = random_bytes(~PHP_INT_MAX - 1000000000);
+ $this->assertTrue(false);
+ } catch (TypeError $ex) {
+ $this->assertTrue(true);
+ } catch (Error $ex) {
+ $this->assertTrue(true);
+ } catch (Exception $ex) {
+ $this->assertTrue(true);
+ }
+
+ try {
+ $x = random_bytes(PHP_INT_MAX + 1000000000);
+ $this->assertTrue(false);
+ } catch (TypeError $ex) {
+ $this->assertTrue(true);
+ } catch (Error $ex) {
+ $this->assertTrue(true);
+ } catch (Exception $ex) {
+ $this->assertTrue(true);
+ }
+ }
+}
diff --git a/vendor/paragonie/random_compat/tests/unit/RandomIntTest.php b/vendor/paragonie/random_compat/tests/unit/RandomIntTest.php
new file mode 100644
index 0000000000..f9fc3c30c2
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/unit/RandomIntTest.php
@@ -0,0 +1,52 @@
+<?php
+class RandomIntTest extends PHPUnit_Framework_TestCase
+{
+ public function testFuncExists()
+ {
+ $this->assertTrue(function_exists('random_int'));
+ }
+
+ public function testOutput()
+ {
+ $half_neg_max = (~PHP_INT_MAX / 2);
+ $integers = array(
+ random_int(0, 1000),
+ random_int(1001,2000),
+ random_int(-100, -10),
+ random_int(-1000, 1000),
+ random_int(~PHP_INT_MAX, PHP_INT_MAX),
+ random_int("0", "1"),
+ random_int(0.11111, 0.99999),
+ random_int($half_neg_max, PHP_INT_MAX),
+ random_int(0.0, 255.0),
+ random_int(-4.5, -4.5),
+ random_int("1337e3","1337e3")
+ );
+
+ $this->assertFalse($integers[0] === $integers[1]);
+ $this->assertTrue($integers[0] >= 0 && $integers[0] <= 1000);
+ $this->assertTrue($integers[1] >= 1001 && $integers[1] <= 2000);
+ $this->assertTrue($integers[2] >= -100 && $integers[2] <= -10);
+ $this->assertTrue($integers[3] >= -1000 && $integers[3] <= 1000);
+ $this->assertTrue($integers[4] >= ~PHP_INT_MAX && $integers[4] <= PHP_INT_MAX);
+ $this->assertTrue($integers[5] >= 0 && $integers[5] <= 1);
+ $this->assertTrue($integers[6] === 0);
+ $this->assertTrue($integers[7] >= $half_neg_max && $integers[7] <= PHP_INT_MAX);
+ $this->assertTrue($integers[8] >= 0 && $integers[8] <= 255);
+ $this->assertTrue($integers[9] === -4);
+ $this->assertTrue($integers[10] === 1337000);
+
+ try {
+ $h = random_int("2147483648", "2147483647");
+ $i = random_int("9223372036854775808", "9223372036854775807");
+ $this->assertFalse(is_int($i));
+ $h = random_int("-2147483648", "2147483647");
+ $i = random_int("-9223372036854775808", "9223372036854775807");
+ $this->assertFalse(true);
+ } catch (Error $ex) {
+ $this->assertTrue($ex instanceof Error);
+ } catch (Exception $ex) {
+ $this->assertTrue($ex instanceof Exception);
+ }
+ }
+}
diff --git a/vendor/paragonie/random_compat/tests/unit/UtilityTest.php b/vendor/paragonie/random_compat/tests/unit/UtilityTest.php
new file mode 100644
index 0000000000..294a8019db
--- /dev/null
+++ b/vendor/paragonie/random_compat/tests/unit/UtilityTest.php
@@ -0,0 +1,95 @@
+<?php
+class UtilityTest extends PHPUnit_Framework_TestCase
+{
+ public function testStrlen()
+ {
+ if (!function_exists('RandomCompat_strlen')) {
+ return $this->markTestSkipped(
+ 'We don\' need to test this in PHP 7.'
+ );
+ }
+ $this->assertEquals(RandomCompat_strlen("\xF0\x9D\x92\xB3"), 4);
+ }
+
+ public function testIntval()
+ {
+ if (!function_exists('RandomCompat_intval')) {
+ return $this->markTestSkipped(
+ 'We don\' need to test this in PHP 7.'
+ );
+ }
+ // Equals
+ $this->assertEquals(
+ abs(RandomCompat_intval(-4.5)),
+ abs(RandomCompat_intval(4.5))
+ );
+
+ // True
+ $this->assertTrue(
+ is_int(RandomCompat_intval(PHP_INT_MAX, true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval(~PHP_INT_MAX, true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval(~PHP_INT_MAX + 1, true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("1337e3", true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("1.", true))
+ );
+
+ // False
+ $this->assertFalse(
+ is_int(RandomCompat_intval((float) PHP_INT_MAX, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval((float) ~PHP_INT_MAX, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval(PHP_INT_MAX + 1, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval(~PHP_INT_MAX - 1, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval(~PHP_INT_MAX - 0.1, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval(PHP_INT_MAX + 0.1, true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval("hello", true))
+ );
+
+ if (PHP_INT_SIZE === 8) {
+ $this->assertFalse(
+ is_int(RandomCompat_intval("-9223372036854775809", true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("-9223372036854775808", true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval("9223372036854775808", true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("9223372036854775807", true))
+ );
+ } else {
+ $this->assertFalse(
+ is_int(RandomCompat_intval("2147483648", true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("2147483647", true))
+ );
+ $this->assertFalse(
+ is_int(RandomCompat_intval("-2147483649", true))
+ );
+ $this->assertTrue(
+ is_int(RandomCompat_intval("-2147483648", true))
+ );
+ }
+ }
+}