diff options
author | webchick <webchick@24967.no-reply.drupal.org> | 2012-02-14 13:48:20 -0500 |
---|---|---|
committer | webchick <webchick@24967.no-reply.drupal.org> | 2012-02-14 13:48:20 -0500 |
commit | 47c19b8bc695621693927224efc8100642302c61 (patch) | |
tree | 2bb0cc62f5adfd22cdb000a6ed684d46f0a215a6 | |
parent | 476843c25e4da2ac1c6c375b2ee6e2c0f97275ff (diff) | |
download | brdo-47c19b8bc695621693927224efc8100642302c61.tar.gz brdo-47c19b8bc695621693927224efc8100642302c61.tar.bz2 |
Issue #838800 by kotnik, Damien Tournoud, jromine: Improve random number generation.
-rw-r--r-- | includes/bootstrap.inc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 677b216ee..c8280374a 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -1913,7 +1913,7 @@ function drupal_block_denied($ip) { */ function drupal_random_bytes($count) { // $random_state does not use drupal_static as it stores random bytes. - static $random_state, $bytes; + static $random_state, $bytes, $php_compatible; // Initialize on the first call. The contents of $_SERVER includes a mix of // user-specific and system information that varies a little with each page. if (!isset($random_state)) { @@ -1925,6 +1925,11 @@ function drupal_random_bytes($count) { $bytes = ''; } if (strlen($bytes) < $count) { + // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes() + // locking on Windows and rendered it unusable. + if (!isset($php_compatible)) { + $php_compatible = version_compare(PHP_VERSION, '5.3.4', '>='); + } // /dev/urandom is available on many *nix systems and is considered the // best commonly available pseudo-random source. if ($fh = @fopen('/dev/urandom', 'rb')) { @@ -1934,6 +1939,11 @@ function drupal_random_bytes($count) { $bytes .= fread($fh, max(4096, $count)); fclose($fh); } + // openssl_random_pseudo_bytes() will find entropy in a system-dependent + // way. + elseif ($php_compatible && function_exists('openssl_random_pseudo_bytes')) { + $bytes .= openssl_random_pseudo_bytes($count - strlen($bytes)); + } // If /dev/urandom is not available or returns no bytes, this loop will // generate a good set of pseudo-random bytes on any system. // Note that it may be important that our $random_state is passed |