Remove arc4random

There has been a lot of discussion around whether arc4random should be included. Given how many different impementations of it are in the wild, we can't guarantee a secure implementation on all platforms.

diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
index c435f9655407e2467537c131c28b59c502373c38..f41df7e98618fb7f05878fe4ab64340734606677 100644 (file)
--- a/ext/standard/config.m4
+++ b/ext/standard/config.m4
@@ -592,11 +592,6 @@ dnl Check for atomic operation API availability in Solaris
 dnl
 AC_CHECK_HEADERS([atomic.h])
 
-dnl
-dnl Check for arc4random on BSD systems
-dnl
-AC_CHECK_DECLS([arc4random_buf])
-
 dnl
 dnl Check for getrandom on newer Linux kernels
 dnl

diff --git a/ext/standard/random.c b/ext/standard/random.c
index f46c4e0a14cf0a76db05c72ff9a6457f8d4caf07..fd730d1bfd71d341ee66620f221f4b2d4dbb19d6 100644 (file)
--- a/ext/standard/random.c
+++ b/ext/standard/random.c
@@ -87,8 +87,6 @@ static int php_random_bytes(void *bytes, size_t size)
                zend_throw_exception(zend_ce_exception, "Could not gather sufficient random data", 0);
                return FAILURE;
        }
-#elif HAVE_DECL_ARC4RANDOM_BUF
-       arc4random_buf(bytes, size);
 #elif HAVE_DECL_GETRANDOM
        /* Linux getrandom(2) syscall */
        size_t read_bytes = 0;