|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70742 random_bytes() fails when the SYSTEMROOT env var is empty
Submitted: 2015-10-19 14:56 UTC Modified: 2015-10-20 14:51 UTC
From: nicolas dot grekas+php at gmail dot com Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 7.0.0RC5 OS: Windows
Private report: No CVE-ID: None
 [2015-10-19 14:56 UTC] nicolas dot grekas+php at gmail dot com
On Windows, both random_bytes and mcrypt_create_iv fail when the SYSTEMROOT env var is not set.

Test script:


echo strlen(random_bytes(1));

Expected result:

Actual result:
PHP Warning:  mcrypt_create_iv(): Could not gather sufficient random data


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-20 11:16 UTC]
-Status: Open +Status: Not a bug
 [2015-10-20 11:16 UTC]
Thanks for the report. Why would you want to manipulate this env variable? Doing so, you'll probably break not only this but many other things.

In this particular case, since the default crypto service provider is used, the corresponding DLL will fail to load. Consequently CryptAcquireContext() will fail. This is expected behavior.

 [2015-10-20 13:09 UTC] nicolas dot grekas+php at gmail dot com
"Not a bug" is fine by me, I mostly wanted to get feedback on this behaviour and document it somewhere.
This can happen more frequently by using proc_open(): when one sets the $env argument, it's easy to miss some important vars there.
 [2015-10-20 14:51 UTC]
OK, I didn't think about it from this POV, but yes -proc_open() actually doesn't merge env. Btw. it'll be much easier in 7.1, getenv() without arguments will deliver the whole env vars (Ferenc already merged it).

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Mar 25 10:04:09 2023 UTC