Restore NEWS and UPGRADING for hash_equals().

diff --git a/NEWS b/NEWS
index 708b31cc2a9d6ff774ef21d2d7216cf90617bfac..79003afd1ebe85e1511b1d8b4e0931737fc05bf3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ PHP                                                                        NEWS
 - Hash:
   . Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions).
     (Michael M Slusarz).
+  . Implemented timing attack safe string comparison function
+    (RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling)
 
 - Intl:
   . Fixed bug #66873 (A reproductible crash in UConverter when given invalid

diff --git a/UPGRADING b/UPGRADING
index 47c463c9226d15595075bb3d85ce76895255975e..c7dd8ee3ff527b3f3eb71ac5f5fcff8cc3d9b503 100755 (executable)
--- a/UPGRADING
+++ b/UPGRADING
@@ -71,6 +71,9 @@ PHP 5.6 UPGRADE NOTES
 - Added use function and use const.
   (https://wiki.php.net/rfc/use_function)
 
+- Added a function for timing attack safe string comparison
+  (https://wiki.php.net/rfc/timing_attack)
+
 - Added gost-crypto (CryptoPro S-box) hash algorithm.
 
 - Stream wrappers verify peer certificates and host names by default in
@@ -208,6 +211,9 @@ PHP 5.6 UPGRADE NOTES
 - GMP:
   Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
 
+- Hash
+  Added hash_equals($known_string, $user_string)
+
 - OpenSSL:
   Added string openssl_x509_fingerprint($x509, $type, $binary).
   Added string openssl_spki_new($private_key, $challenge, $algorithm)