From a53510239f629b36f1fdccc860670872463eeb77 Mon Sep 17 00:00:00 2001
From: Leigh <leigh@php.net>
Date: Mon, 26 Oct 2015 20:40:28 +0000
Subject: [PATCH] Remove arc4random

There has been a lot of discussion around whether arc4random should be included. Given how many different impementations of it are in the wild, we can't guarantee a secure implementation on all platforms.
---
 ext/standard/config.m4 | 5 -----
 ext/standard/random.c  | 2 --
 2 files changed, 7 deletions(-)

diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
index c435f96554..f41df7e986 100644
--- a/ext/standard/config.m4
+++ b/ext/standard/config.m4
@@ -592,11 +592,6 @@ dnl Check for atomic operation API availability in Solaris
 dnl
 AC_CHECK_HEADERS([atomic.h])
 
-dnl
-dnl Check for arc4random on BSD systems
-dnl
-AC_CHECK_DECLS([arc4random_buf])
-
 dnl
 dnl Check for getrandom on newer Linux kernels
 dnl
diff --git a/ext/standard/random.c b/ext/standard/random.c
index f46c4e0a14..fd730d1bfd 100644
--- a/ext/standard/random.c
+++ b/ext/standard/random.c
@@ -87,8 +87,6 @@ static int php_random_bytes(void *bytes, size_t size)
 		zend_throw_exception(zend_ce_exception, "Could not gather sufficient random data", 0);
 		return FAILURE;
 	}
-#elif HAVE_DECL_ARC4RANDOM_BUF
-	arc4random_buf(bytes, size);
 #elif HAVE_DECL_GETRANDOM
 	/* Linux getrandom(2) syscall */
 	size_t read_bytes = 0;
-- 
2.40.0