php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #39498 ext/mcrypt/mcrypt.c hardcoded to use /dev/random
Submitted: 2006-11-13 15:48 UTC Modified: 2006-11-13 17:50 UTC
From: mark at exonetric dot com Assigned:
Status: Not a bug Package: Performance problem
PHP Version: 4.4.4 OS: Linux 2.6/Debian Etch
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mark at exonetric dot com
New email:
PHP Version: OS:

 

 [2006-11-13 15:48 UTC] mark at exonetric dot com 
Description:
------------
mcrypt.c appears to be written to use /dev/random for entropy in all cases. As good entropy is a limited resource when obtained from /dev/random, code that makes frequent calls to mcrypt routines that require entropy can block waiting for entropy unexpectedly. 

 PHP_FUNCTION(mcrypt_create_iv) should be modified to permit configuration of /dev/random or /dev/urandom at least at compile time if not at run time.

Reproduce code:
---------------
any code that calls mcrypt routines frequently

Expected result:
----------------
if called frequently enough, will block waiting for entropy.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-13 15:58 UTC] tony2001@php.net 
You can use MCRYPT_DEV_URANDOM and get the data for /dev/urandom.
 [2006-11-13 16:28 UTC] derick@php.net 
http://no.php.net/mcrypt_create_iv
 [2006-11-13 17:50 UTC] mark at exonetric dot com 
right, i can see now there is some odd zend_parameter stuff that fiddles with the source variable directly. That's very non-intuitive and will teach me to read docs I suppose.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Mar 13 21:01:32 2025 UTC