From 750ed9c63a0117ccf681f59390c54f20c2bdb822 Mon Sep 17 00:00:00 2001 From: kotnik Date: Tue, 13 Dec 2011 11:02:02 +0100 Subject: [PATCH] Improve random number generation See http://drupal.org/node/838800 --- core/includes/bootstrap.inc | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index f01a3de..336dc33 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -1956,7 +1956,7 @@ function drupal_block_denied($ip) { */ function drupal_random_bytes($count) { // $random_state does not use drupal_static as it stores random bytes. - static $random_state, $bytes; + static $random_state, $bytes, $php_compatible; // Initialize on the first call. The contents of $_SERVER includes a mix of // user-specific and system information that varies a little with each page. if (!isset($random_state)) { @@ -1968,6 +1968,11 @@ function drupal_random_bytes($count) { $bytes = ''; } if (strlen($bytes) < $count) { + // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes() + // locking on Windows and rendered it unusable. + if (!isset($php_compatible)) { + $php_compatible = version_compare(PHP_VERSION, '5.3.4', '>='); + } // /dev/urandom is available on many *nix systems and is considered the // best commonly available pseudo-random source. if ($fh = @fopen('/dev/urandom', 'rb')) { @@ -1977,6 +1982,11 @@ function drupal_random_bytes($count) { $bytes .= fread($fh, max(4096, $count)); fclose($fh); } + // openssl_random_pseudo_bytes() will find entropy in a system-dependent + // way. + elseif ($php_compatible && function_exists('openssl_random_pseudo_bytes')) { + $bytes .= openssl_random_pseudo_bytes($count - strlen($bytes)); + } // If /dev/urandom is not available or returns no bytes, this loop will // generate a good set of pseudo-random bytes on any system. // Note that it may be important that our $random_state is passed -- 1.7.8