From dcd7e67721da9c50d05df3324f2b6d0c0cf5626f Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ben@benramsey.com>
Date: Tue, 15 Mar 2016 10:56:25 -0500
Subject: [PATCH 1/4] Drop OpenSSL support and use paragonie/random_compat

Fixes issue #80 for the 2.x series
---
 CHANGELOG.md       | 10 ++++++++++
 composer.json      |  3 ++-
 src/Uuid.php       | 16 ++++++++--------
 tests/UuidTest.php | 22 +++++++++++-----------
 4 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3cbd955..d17776e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Rhumsaa\Uuid Changelog
 
+## 2.9.0
+
+_Released: TBD_
+
+  * Drop support for OpenSSL in favor of [paragonie/random_compat][]. This addresses and fixes the [collision issue][].
+
 ## 2.8.4
 
 _Released: 2015-12-17_
@@ -176,3 +182,7 @@ _Released: 2012-08-06_
 _Released: 2012-07-19_
 
   * Initial release
+
+
+[paragonie/random_compat]: https://github.com/paragonie/random_compat
+[collision issue]: https://github.com/ramsey/uuid/issues/80
diff --git a/composer.json b/composer.json
index ccd8f2c..ec31191 100644
--- a/composer.json
+++ b/composer.json
@@ -20,7 +20,8 @@
         "source": "https://github.com/ramsey/uuid"
     },
     "require": {
-        "php": ">=5.3.3"
+        "php": ">=5.3.3",
+        "paragonie/random_compat": "dev-without-openssl"
     },
     "require-dev": {
         "moontoast/math": "~1.1",
diff --git a/src/Uuid.php b/src/Uuid.php
index 1a5d806..7c8b814 100644
--- a/src/Uuid.php
+++ b/src/Uuid.php
@@ -111,12 +111,12 @@ final class Uuid
     public static $forceNoBigNumber = false;
 
     /**
-     * For testing, openssl_random_pseudo_bytes() override; if true, treat as
-     * if openssl_random_pseudo_bytes() is not available
+     * For testing, random_bytes() override; if true, treat as
+     * if random_bytes() is not available
      *
      * @var bool
      */
-    public static $forceNoOpensslRandomPseudoBytes = false;
+    public static $forceNoRandomBytes = false;
 
     /**
      * For testing, sets time of day to a static, known value
@@ -1185,13 +1185,13 @@ final class Uuid
     }
 
     /**
-     * Returns true if the system has openssl_random_pseudo_bytes()
+     * Returns true if the system has random_bytes()
      *
      * @return bool
      */
-    protected static function hasOpensslRandomPseudoBytes()
+    protected static function hasRandomBytes()
     {
-        return (function_exists('openssl_random_pseudo_bytes') && !self::$forceNoOpensslRandomPseudoBytes);
+        return (function_exists('random_bytes') && !self::$forceNoRandomBytes);
     }
 
     /**
@@ -1244,8 +1244,8 @@ final class Uuid
      */
     private static function generateBytes($length)
     {
-        if (self::hasOpensslRandomPseudoBytes()) {
-            return openssl_random_pseudo_bytes($length);
+        if (self::hasRandomBytes()) {
+            return random_bytes($length);
         }
 
         $bytes = '';
diff --git a/tests/UuidTest.php b/tests/UuidTest.php
index 538d428..88ae2f0 100644
--- a/tests/UuidTest.php
+++ b/tests/UuidTest.php
@@ -8,7 +8,7 @@ class UuidTest extends TestCase
         Uuid::$timeOfDayTest = null;
         Uuid::$force32Bit = false;
         Uuid::$forceNoBigNumber = false;
-        Uuid::$forceNoOpensslRandomPseudoBytes = false;
+        Uuid::$forceNoRandomBytes = false;
         Uuid::$ignoreSystemNode = false;
     }
 
@@ -826,9 +826,9 @@ class UuidTest extends TestCase
      * @covers Rhumsaa\Uuid\Uuid::generateBytes
      * @covers Rhumsaa\Uuid\Uuid::uuidFromHashedName
      */
-    public function testUuid4WithoutOpensslRandomPseudoBytes()
+    public function testUuid4WithoutRandomBytes()
     {
-        Uuid::$forceNoOpensslRandomPseudoBytes = true;
+        Uuid::$forceNoRandomBytes = true;
         $uuid = Uuid::uuid4();
         $this->assertInstanceOf('Rhumsaa\Uuid\Uuid', $uuid);
         $this->assertEquals(2, $uuid->getVariant());
@@ -1275,21 +1275,21 @@ class UuidTest extends TestCase
     }
 
     /**
-     * @covers Rhumsaa\Uuid\Uuid::hasOpensslRandomPseudoBytes
+     * @covers Rhumsaa\Uuid\Uuid::hasRandomBytes
      */
-    public function testHasOpensslRandomPseudoBytes()
+    public function testHasRandomBytes()
     {
-        $hasOpensslRandomPseudoBytes = new \ReflectionMethod(
-            'Rhumsaa\Uuid\Uuid', 'hasOpensslRandomPseudoBytes'
+        $hasRandomBytes = new \ReflectionMethod(
+            'Rhumsaa\Uuid\Uuid', 'hasRandomBytes'
         );
-        $hasOpensslRandomPseudoBytes->setAccessible(true);
+        $hasRandomBytes->setAccessible(true);
 
         $uuid = Uuid::fromString('ff6f8cb0-c57d-11e1-9b21-0800200c9a66');
 
-        $this->assertTrue($hasOpensslRandomPseudoBytes->invoke($uuid));
+        $this->assertTrue($hasRandomBytes->invoke($uuid));
 
-        Uuid::$forceNoOpensslRandomPseudoBytes = true;
-        $this->assertFalse($hasOpensslRandomPseudoBytes->invoke($uuid));
+        Uuid::$forceNoRandomBytes = true;
+        $this->assertFalse($hasRandomBytes->invoke($uuid));
     }
 
     /**

From 1057be4147c6f460ea3c530176244768d2c26b67 Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ben@benramsey.com>
Date: Thu, 17 Mar 2016 10:48:28 -0500
Subject: [PATCH 2/4] Bump paragonie/random_compat to dev-master in prep for
 its release

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index ec31191..41a95a4 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,7 @@
     },
     "require": {
         "php": ">=5.3.3",
-        "paragonie/random_compat": "dev-without-openssl"
+        "paragonie/random_compat": "dev-master"
     },
     "require-dev": {
         "moontoast/math": "~1.1",

From 0e754148667651bf8f9b6f4d9fd456d5918cda34 Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ben@benramsey.com>
Date: Tue, 22 Mar 2016 11:54:28 -0300
Subject: [PATCH 3/4] Use stable version of paragonie/random_compat

---
 CHANGELOG.md  | 2 +-
 composer.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d17776e..5d0ee58 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
 
 ## 2.9.0
 
-_Released: TBD_
+_Released: 2016-03-22_
 
   * Drop support for OpenSSL in favor of [paragonie/random_compat][]. This addresses and fixes the [collision issue][].
 
diff --git a/composer.json b/composer.json
index 41a95a4..b0c4971 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,7 @@
     },
     "require": {
         "php": ">=5.3.3",
-        "paragonie/random_compat": "dev-master"
+        "paragonie/random_compat": "^2.0"
     },
     "require-dev": {
         "moontoast/math": "~1.1",

From b64eb3039a2bea7452636f2149922d8e71629908 Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ben@benramsey.com>
Date: Tue, 22 Mar 2016 14:50:32 -0300
Subject: [PATCH 4/4] Allow ^1.0|^2.0 for paragonie/random_compat for those
 depending on 1.x

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index b0c4971..628e467 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,7 @@
     },
     "require": {
         "php": ">=5.3.3",
-        "paragonie/random_compat": "^2.0"
+        "paragonie/random_compat": "^1.0|^2.0"
     },
     "require-dev": {
         "moontoast/math": "~1.1",