php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #51636 openssl_random_pseudo_bytes() painfully slow
Submitted: 2010-04-22 17:38 UTC Modified: 2011-06-14 18:23 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: kaisellgren at gmail dot com Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3.2 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
 [2010-04-22 17:38 UTC] kaisellgren at gmail dot com 
Description:
------------
Whenever I execute the following command:

openssl_random_pseudo_bytes(1); // or any other number

PHP will process the function call for like a minute.

I am using Windows 7, and it is affected by both x86 and x64 systems. I do not see a problem on Linux, though.

Test script:
---------------
$random = openssl_random_pseudo_bytes(1, $strong);

Expected result:
----------------
The random generation should happen within a blink of an eye.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-23 10:47 UTC] [email protected]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: pajo
 [2010-04-23 10:47 UTC] [email protected] 
Under CLI or inside a web server?

Can you try under CLI please?
 [2010-04-23 10:47 UTC] [email protected]
-Assigned To: pajo +Assigned To: pajoye
 [2010-04-23 10:47 UTC] [email protected] 
Under CLI or inside a web server?

Can you try under CLI please?
 [2011-06-14 10:22 UTC] [email protected] 
The changelog says this has been fixed in 5.3.4, but the function still takes 1second to return on my machine (5.3.6). Note that the amount of bytes doesn't matter, and it's always around 1second.

$t = microtime(true);
openssl_random_pseudo_bytes(1, $strong);
var_dump(microtime(true) - $t, $strong);

Outputs:
float 1.0317049026489
boolean true
 [2011-06-14 11:18 UTC] [email protected] 
Windows version?
 [2011-06-14 17:40 UTC] [email protected] 
On 5.3.6, Win7 x64, and it seems on other windows versions as well, the call to openssl_random_pseudo_bytes() still takes one second. Since apparently doing non-crypto-safe output is not possible on windows, it would be great to at least work on the delay for crypto-safe output.
 [2011-06-14 17:55 UTC] [email protected] 
It's a by reference parameter, not an option parameter.

I don't see the delay here on Win7 x64 with 5.3-dev
 [2011-06-14 18:23 UTC] [email protected]
-Status: Feedback +Status: Closed
 [2011-06-14 18:23 UTC] [email protected] 
It is not related to this bug.

This bug was due to a wrong implementation, which was using RAND_Screen.

The "delay" here is not one per se and is relatively constant. Please open a new 
one for performance issue, there may have some ways to do not call the crypto 
API everytime but to store a minimum amount of bytes per request (random size).

Move back to close.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Dec 26 13:00:02 2025 UTC