From: Adam Harvey Date: Wed, 19 Mar 2014 13:24:01 +0000 (-0700) Subject: Restore NEWS and UPGRADING for hash_equals(). X-Git-Tag: PRE_PHPNG_MERGE~463^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d613b0acc2969512da55cdc6649879cfa489f668;p=php Restore NEWS and UPGRADING for hash_equals(). --- diff --git a/NEWS b/NEWS index 708b31cc2a..79003afd1e 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,8 @@ PHP NEWS - Hash: . Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions). (Michael M Slusarz). + . Implemented timing attack safe string comparison function + (RFC: https://wiki.php.net/rfc/timing_attack). (Rouven Weßling) - Intl: . Fixed bug #66873 (A reproductible crash in UConverter when given invalid diff --git a/UPGRADING b/UPGRADING index 47c463c922..c7dd8ee3ff 100755 --- a/UPGRADING +++ b/UPGRADING @@ -71,6 +71,9 @@ PHP 5.6 UPGRADE NOTES - Added use function and use const. (https://wiki.php.net/rfc/use_function) +- Added a function for timing attack safe string comparison + (https://wiki.php.net/rfc/timing_attack) + - Added gost-crypto (CryptoPro S-box) hash algorithm. - Stream wrappers verify peer certificates and host names by default in @@ -208,6 +211,9 @@ PHP 5.6 UPGRADE NOTES - GMP: Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots. +- Hash + Added hash_equals($known_string, $user_string) + - OpenSSL: Added string openssl_x509_fingerprint($x509, $type, $binary). Added string openssl_spki_new($private_key, $challenge, $algorithm)