PHP :: Bug #75725 :: ./configure: detecting RAND

Bug #75725	./configure: detecting RAND_egd
Submitted:	2017-12-23 13:17 UTC	Modified:	2020-10-14 14:21 UTC
From:	dpa-bugs at aegee dot org	Assigned:
Status:	Closed	Package:	*Compile Issues
PHP Version:	7.1.12	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2017-12-23 13:17 UTC] dpa-bugs at aegee dot org

Description:
------------
ext/openssl/config0.m4 contains:

  AC_CHECK_FUNCS([RAND_egd])                                                                                                                                                  
  PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, [AC_DEFINE(HAVE_OPENSSL_EXT,1,[ ])], [AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])])

meaning that ./configure first checks for RAND_egd and then adds -lcrypto to LDFLAGS.  This cannot work in this order, as RAND_egd can only be detected after -lcrypto is passed to the linker.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-02-27 17:11 UTC] dpa-bugs at aegee dot org

Proposed patch:

--- php-7.1.14/ext/openssl/config0.m4.old   2018-01-30 19:05:37.000000000 +0000
+++ php-7.1.14/ext/openssl/config0.m4.new   2018-02-01 18:40:38.340000000 +0000
@@ -19,8 +19,6 @@
     PHP_SETUP_KERBEROS(OPENSSL_SHARED_LIBADD)
   fi
 
-  AC_CHECK_FUNCS([RAND_egd])
-
   PHP_SETUP_OPENSSL(OPENSSL_SHARED_LIBADD, 
   [
     AC_DEFINE(HAVE_OPENSSL_EXT,1,[ ])
@@ -30,4 +28,6 @@
   if test "$PHP_SYSTEM_CIPHERS" != "no"; then
     AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
   fi
+  AC_CHECK_FUNCS([RAND_egd])
 fi
+

[2020-10-14 14:21 UTC] nikic@php.net

-Status: Open +Status: Verified

[2020-10-14 14:21 UTC] nikic@php.net

The check is certainly useless as-is. I was wondering why it exists at all, as the docs state:

> RAND_egd() is available since OpenSSL 0.9.5.

Turns out the check was added for LibreSSL compatibility: https://github.com/php/php-src/commit/456f4a78d24a929f5b9d1c064cd9c2ee7a8aaf5a

Which also makes me wonder if we shouldn't just drop the RAND_egd() call entirely, it seems like some rather dubious functionality.

[2021-11-19 19:33 UTC] dpa-bugs at aegee dot org

See also https://github.com/php/php-src/pull/7668 .

[2021-11-22 13:23 UTC] git@php.net

Automatic comment on behalf of dilyanpalauzov (author) and cmb69 (committer)
Revision: https://github.com/php/php-src/commit/60fe575ce3d5ad0647d3c12698d0d3fcb0cb8f7b
Log: Fix #75725: ./configure: detecting RAND_egd

[2021-11-22 13:23 UTC] git@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 08:01:30 2025 UTC