Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: 3.1.1, 3.1.2, 3.1.3
-
Fix Version/s: 4.3.0
-
Component/s: None
-
Labels:None
Description
During the upgrade from 3.0.2 to 3.1.1 on a windows server (apache 2.2.11, php 5.2.8, mysql 5.1.30) there were 2 warnings from module CRM/utils/crypt.php (screenshot available - will add later from another computer). Similar warnings appeared when the box for sending an email thank you message was checked.
Identical lines 46 and 68 (or 47 and 69 in 3.1.3) in crypt.php ($iv = mcrypt_create_iv( 32 ) are responsible for these errors:
warning: mcrypt_create_iv() function.mcrypt-create-iv Cannot open source device in C:\indigoampp\apache-2.2.11\htdocs\drupal\sites\all\modules\civicrm\CRM\Utils\Crypt.php on line 68.
The problem seems to be explained on this php documentation page:
http://www.php.net/manual/en/function.mcrypt-create-iv.php
In particular note the following:
string mcrypt_create_iv ( int $size [, int $source = MCRYPT_DEV_RANDOM ] )
The source can be MCRYPT_RAND (system random number generator), MCRYPT_DEV_RANDOM (read data from /dev/random) and MCRYPT_DEV_URANDOM (read data from /dev/urandom). Prior to 5.3.0, MCRYPT_RAND was the only one supported on Windows.
That page further suggests that a call to srand() is required for php prior to php 5.3, so here's what I did:
Added the following line twice to crypt.php prior immediately after existing lines 44 and 66 (or 45 and 67 in 3.1.3):
srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
and changed existing lines 46 and 68 to the following:
$iv = mcrypt_create_iv( 32, MCRYPT_RAND);
That gets rid of the warnings, but I wondered if it was good form to use mcrypt_create_iv() for the decrypt part of this - looking further down in the php manual page I referenced above shows the following approach to decrypting:
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = substr($string,0,$iv_size);
Not sure which is the best solution.
