On 28 October 2015 at 09:51, Anatol Belski <anatol....@belski.net> wrote:
> Yeah, I was only talking about those two OS versions that are known for > sure to have proper implementations. Even that is a smaller community than > fe Linux, IMHO no reason to handicap users, especially as the corresponding > codes are present and would need just a condition to extend. It's not that > anyone would judge what is secure, but based on the fact that ChaCha is > already used, is being widely adopted and there's no evidence of any flaws. > Probably when it is implemented in more places like other more popular BSD > and Solaris forks, we'll see some patches to PHP anyway. > > Are you saying you would like me to add arc4random back in, conditionally for those OS versions only? I'll test on VMs obviously, but it looks like it should only require: #if defined(__OpenBSD__) || defined(__NetBSD__) # include <sys/param.h> #endif #if HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001)) arc4random_buf(bytes, size); #elif ... 201405 maps to the 5.5 release date.
