Pull Request 1513 - Externals

9 years ago by Scott Arciszewski — view source

unread

Hi,

I wrote PR 1513 about two weeks ago to make the following enhancements
to the CSPRNG feature in PHP 7:

Use getrandom(2) on new Linux kernels
When reading from /dev/urandom, make sure it's actually a character device
On Linux, make sure that the device has a major ID of 1 and a minor
ID of 9 (which is the urandom device)
Removes /dev/arandom, as it was only available in deprecated
versions of OpenBSD and modern versions will use arc4random_buf()
anyway

I'd greatly appreciate it if anyone could look over it, test it on
weird machines, and let me know if it causes any issues. And then if
we can get it merged by 7.0.0-RC4, I'd be estatic.

https://github.com/php/php-src/pull/1513

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com

9 years ago by Anatol Belski — view source

unread

Hi,

-----Original Message-----
From: Scott Arciszewski [mailto:scott@paragonie.com]
Sent: Tuesday, September 22, 2015 2:52 AM
To: PHP Internals internals@lists.php.net
Subject: [PHP-DEV] Pull Request 1513

Hi,

I wrote PR 1513 about two weeks ago to make the following enhancements to
the CSPRNG feature in PHP 7:

Use getrandom(2) on new Linux kernels

When reading from /dev/urandom, make sure it's actually a character device

On Linux, make sure that the device has a major ID of 1 and a minor ID of 9
(which is the urandom device)

Removes /dev/arandom, as it was only available in deprecated versions of
OpenBSD and modern versions will use arc4random_buf() anyway

I'd greatly appreciate it if anyone could look over it, test it on weird machines,
and let me know if it causes any issues. And then if we can get it merged by
7.0.0-RC4, I'd be estatic.

https://github.com/php/php-src/pull/1513

Was someone able to test this patch? It appears to be a good improvement for RC4.

Regards

Anatol