> -----Original Message----- > From: Leigh [mailto:lei...@gmail.com] > Sent: Wednesday, October 28, 2015 11:14 PM > To: Anatol Belski <anatol....@belski.net> > Cc: php-...@lists.php.net; PHP Internals <internals@lists.php.net> > Subject: [PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] com php-src: Remove > arc4random: ext/standard/config.m4 ext/standard/random.c > > On 28 October 2015 at 09:51, Anatol Belski <anatol....@belski.net> wrote: > > > Yeah, I was only talking about those two OS versions that are known > > for sure to have proper implementations. Even that is a smaller > > community than fe Linux, IMHO no reason to handicap users, especially > > as the corresponding codes are present and would need just a condition > > to extend. It's not that anyone would judge what is secure, but based > > on the fact that ChaCha is already used, is being widely adopted and > > there's no > evidence of any flaws. > > Probably when it is implemented in more places like other more popular > > BSD and Solaris forks, we'll see some patches to PHP anyway. > > > > Are you saying you would like me to add arc4random back in, > > conditionally > for those OS versions only? > > I'll test on VMs obviously, but it looks like it should only require: > > #if defined(__OpenBSD__) || defined(__NetBSD__) # include <sys/param.h> > #endif > > #if HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD > >= > 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001)) > arc4random_buf(bytes, size); > #elif > ... > > 201405 maps to the 5.5 release date.
Yeah, I'd suggest the old code to stay under the new conditions. As per current info an improved arc4random implementation is to appear in more OSes, thus not losing this code is also future open. Except someone can point out a real issue with ChaCha20, the time for the investigations should not have been spent for nothing. Regards anatol -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
