From 6a217dcecc518a79f3251ce5461c6a60858098ac Mon Sep 17 00:00:00 2001
From: Pierre du Plessis <pierre@pcservice.co.za>
Date: Wed, 23 Sep 2015 11:48:44 +0200
Subject: [PATCH] Use random_bytes function if it is available for random
 number generation

---
 .../Component/Security/Core/Util/SecureRandom.php    | 12 ++++++++----
 src/Symfony/Component/Security/composer.json         |  3 ++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/Symfony/Component/Security/Core/Util/SecureRandom.php b/src/Symfony/Component/Security/Core/Util/SecureRandom.php
index c0924df61f..3461b4ec37 100644
--- a/src/Symfony/Component/Security/Core/Util/SecureRandom.php
+++ b/src/Symfony/Component/Security/Core/Util/SecureRandom.php
@@ -42,12 +42,12 @@ final class SecureRandom implements SecureRandomInterface
         $this->seedFile = $seedFile;
         $this->logger = $logger;
 
+        $isUnsupportedPhp = '\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304;
+
         // determine whether to use OpenSSL
-        if ('\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304) {
-            $this->useOpenSsl = false;
-        } elseif (!function_exists('openssl_random_pseudo_bytes')) {
+        if (!function_exists('random_bytes') && ($isUnsupportedPhp || !function_exists('openssl_random_pseudo_bytes'))) {
             if (null !== $this->logger) {
-                $this->logger->notice('It is recommended that you enable the "openssl" extension for random number generation.');
+                $this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
             }
             $this->useOpenSsl = false;
         } else {
@@ -60,6 +60,10 @@ final class SecureRandom implements SecureRandomInterface
      */
     public function nextBytes($nbBytes)
     {
+        if (function_exists('random_bytes')) {
+            return random_bytes($nbBytes);
+        }
+
         // try OpenSSL
         if ($this->useOpenSsl) {
             $bytes = openssl_random_pseudo_bytes($nbBytes, $strong);
diff --git a/src/Symfony/Component/Security/composer.json b/src/Symfony/Component/Security/composer.json
index d18b644b09..2026fc4810 100644
--- a/src/Symfony/Component/Security/composer.json
+++ b/src/Symfony/Component/Security/composer.json
@@ -39,7 +39,8 @@
         "symfony/validator": "",
         "symfony/routing": "",
         "doctrine/dbal": "to use the built-in ACL implementation",
-        "ircmaxell/password-compat": ""
+        "ircmaxell/password-compat": "",
+        "paragonie/random_compat": ""
     },
     "autoload": {
         "psr-0": { "Symfony\\Component\\Security\\": "" }