Added OpensslRandPseudo random source. #25
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This uses openssl_random_pseudo_bytes. This is suggested for use only with
with php5-openssl compiled against LibreSSL:
OpenSSL copying RNG state on fork:
ramsey/uuid#80 (comment)
Fixed in LibreSSL:
http://opensslrampage.org/post/91910269738/fix-for-the-libressl-prng-issue-under-linux
Additionally, CVE-2015-8867 was fixed only in versions 5.6.12, 5.5.28,
5.4.44 and above:
https://bugs.php.net/bug.php?id=70014
http://www.php.net/ChangeLog-5.php
CVE-2015-8867 does not affect versions compiled against LibreSSL.
For these reasons, it only is considered a LOW source of randomness,
unless it is compiled against LibreSSL.
The reason for this to exist at all is because of problems with the
nature of /dev/urandom. For example, if we cannot open or read the
file. openssl_random_pseudo_bytes should never fail.