php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #51636 openssl_random_pseudo_bytes() painfully slow
Submitted: 2010-04-22 17:38 UTC Modified: 2011-06-14 18:23 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: kaisellgren at gmail dot com Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3.2 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2010-04-22 17:38 UTC] kaisellgren at gmail dot com 
Description:
------------
Whenever I execute the following command:

openssl_random_pseudo_bytes(1); // or any other number

PHP will process the function call for like a minute.

I am using Windows 7, and it is affected by both x86 and x64 systems. I do not see a problem on Linux, though.

Test script:
---------------
$random = openssl_random_pseudo_bytes(1, $strong);

Expected result:
----------------
The random generation should happen within a blink of an eye.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-23 10:47 UTC] pajoye@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: pajo
 [2010-04-23 10:47 UTC] pajoye@php.net 
Under CLI or inside a web server?

Can you try under CLI please?
 [2010-04-23 10:47 UTC] pajoye@php.net
-Assigned To: pajo +Assigned To: pajoye
 [2010-04-23 10:47 UTC] pajoye@php.net 
Under CLI or inside a web server?

Can you try under CLI please?
 [2011-06-14 10:22 UTC] seld@php.net 
The changelog says this has been fixed in 5.3.4, but the function still takes 1second to return on my machine (5.3.6). Note that the amount of bytes doesn't matter, and it's always around 1second.

$t = microtime(true);
openssl_random_pseudo_bytes(1, $strong);
var_dump(microtime(true) - $t, $strong);

Outputs:
float 1.0317049026489
boolean true
 [2011-06-14 11:18 UTC] pajoye@php.net 
Windows version?
 [2011-06-14 17:40 UTC] seld@php.net 
On 5.3.6, Win7 x64, and it seems on other windows versions as well, the call to openssl_random_pseudo_bytes() still takes one second. Since apparently doing non-crypto-safe output is not possible on windows, it would be great to at least work on the delay for crypto-safe output.
 [2011-06-14 17:55 UTC] scottmac@php.net 
It's a by reference parameter, not an option parameter.

I don't see the delay here on Win7 x64 with 5.3-dev
 [2011-06-14 18:23 UTC] pajoye@php.net
-Status: Feedback +Status: Closed
 [2011-06-14 18:23 UTC] pajoye@php.net 
It is not related to this bug.

This bug was due to a wrong implementation, which was using RAND_Screen.

The "delay" here is not one per se and is relatively constant. Please open a new 
one for performance issue, there may have some ways to do not call the crypto 
API everytime but to store a minimum amount of bytes per request (random size).

Move back to close.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 01:01:28 2024 UTC