Bug in crypt.php for windows users

[khapeman]

We upgraded from 3.0.2 to 3.1.1 this week and although the upgrade was successful there were 2 warnings from module CRM/utils/crypt.php.  I'm attaching a screenshot of the warnings from the install.  Everything seemed to be ok until we started entering contributions and again similar warnings appeared whenever we checked the box for sending an email thank you message.

I found and fixed the problem that caused the warnings in crypt.php, but I would like to be sure my fixes are correct.  Identical lines 46 and 68 in crypt.php ($iv = mcrypt_create_iv( 32 ) are responsible for these errors:

warning: mcrypt_create_iv() function.mcrypt-create-iv  Cannot open source device in C:\indigoampp\apache-2.2.11\htdocs\drupal\sites\all\modules\civicrm\CRM\Utils\Crypt.php on line 68.

The problem seems to be explained on this php documentation page:
http://www.php.net/manual/en/function.mcrypt-create-iv.php
In particular note the following:
string mcrypt_create_iv  ( int $size  [, int $source = MCRYPT_DEV_RANDOM  ] )
The source can be MCRYPT_RAND (system random number generator), MCRYPT_DEV_RANDOM  (read data from /dev/random) and MCRYPT_DEV_URANDOM (read data from /dev/urandom). Prior to 5.3.0, MCRYPT_RAND was the only one supported on Windows.

That page further suggests that a call to srand() is required for php prior to php 5.3, so here's what I did:
Added the following line twice to crypt.php prior immediately after existing lines 44 and 66:
srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
and changed existing lines 46 and 68 to the following:
$iv = mcrypt_create_iv( 32, MCRYPT_RAND);
That gets rid of the warnings, but I wondered if it was good form to use mcrypt_create_iv() for the decrypt part of this - looking further down in the php manual page I referenced above shows the following approach to decrypting:
  $iv_size = mcrypt_enc_get_iv_size($td);
  $iv = substr($string,0,$iv_size);
Which is the best approach?
Ken

[Kurund Jalmi]

Are you using XAMP? Can you give more details?

Kurund

[khapeman]

We use indigoampp (v9.04) which installs apache 2.2.11, php 5.2.8 and mysql 5.1.30 on windows server 2003 (xp).  Selected parts of our phpinfo follows:

Today is Mon Feb 08 2010 10:18:01AM
Current directory C:\indigoampp\apache-2.2.11\htdocs
PHP_VERISON 5.2.8
PHP_INFO
PHP Logo
PHP Version 5.2.8

System    Windows NT SPC-SERVER 5.2 build 3790
Build Date    Dec 8 2008 19:30:48
Configure Command    cscript /nologo configure.js "--enable-snapshot-build" "--enable-debug-pack" "--with-snapshot-template=d:\php-sdk\snap_5_2\vc6\x86\template" "--with-php-build=d:\php-sdk\snap_5_2\vc6\x86\php_build" "--with-pdo-oci=D:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8=D:\php-sdk\oracle\instantclient10\sdk,shared"
Server API    CGI/FastCGI
Virtual Directory Support    enabled
Configuration File (php.ini) Path    C:\WINDOWS
Loaded Configuration File    C:\indigoampp\php-5.2.8\php.ini
Scan this dir for additional .ini files    (none)
additional .ini files parsed    (none)
PHP API    20041225
PHP Extension    20060613
Zend Extension    220060519
Debug Build    no
Thread Safety    enabled
Zend Memory Manager    enabled
IPv6 Support    enabled
Registered PHP Streams    php, file, data, http, ftp, compress.zlib, https, ftps
Registered Stream Socket Transports    tcp, udp, ssl, sslv3, sslv2, tls
Registered Stream Filters    convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, zlib.*

Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

PHP Credits
Configuration
PHP Core
Directive   Local Value   Master Value
allow_call_time_pass_reference   Off   Off
allow_url_fopen   On   On
allow_url_include   Off   Off
always_populate_raw_post_data   Off   Off
arg_separator.input   &   &
arg_separator.output   &   &
asp_tags   Off   Off
auto_append_file   no value   no value
auto_globals_jit   On   On
auto_prepend_file   no value   no value
browscap   no value   no value
default_charset   no value   no value
default_mimetype   text/html   text/html
define_syslog_variables   Off   Off
disable_classes   no value   no value
disable_functions   no value   no value
display_errors   Off   Off
display_startup_errors   Off   Off
doc_root   no value   no value
docref_ext   no value   no value
docref_root   no value   no value
enable_dl   On   On
error_append_string   no value   no value
error_log   no value   no value
error_prepend_string   no value   no value
error_reporting   6143   6143
expose_php   On   On
extension_dir   ./ext   ./ext
file_uploads   On   On
highlight.bg   #FFFFFF   #FFFFFF
highlight.comment   #FF8000   #FF8000
highlight.default   #0000BB   #0000BB
highlight.html   #000000   #000000
highlight.keyword   #007700   #007700
highlight.string   #DD0000   #DD0000
html_errors   On   On
ignore_repeated_errors   Off   Off
ignore_repeated_source   Off   Off
ignore_user_abort   Off   Off
implicit_flush   Off   Off
include_path   .;c:\indigoampp\php-5.2.8\includes   .;c:\indigoampp\php-5.2.8\includes
log_errors   On   On
log_errors_max_len   1024   1024
magic_quotes_gpc   Off   Off
magic_quotes_runtime   Off   Off
magic_quotes_sybase   Off   Off
mail.force_extra_parameters   no value   no value
max_execution_time   7200   7200
max_input_nesting_level   64   64
max_input_time   7200   7200
memory_limit   128M   128M
open_basedir   no value   no value
output_buffering   4096   4096
output_handler   no value   no value
post_max_size   8M   8M
precision   14   14
realpath_cache_size   16K   16K
realpath_cache_ttl   120   120
register_argc_argv   Off   Off
register_globals   Off   Off
register_long_arrays   Off   Off
report_memleaks   On   On
report_zend_debug   On   On
safe_mode   Off   Off
safe_mode_exec_dir   no value   no value
safe_mode_gid   Off   Off
safe_mode_include_dir   no value   no value
serialize_precision   100   100
short_open_tag   Off   Off
SMTP   ssl://smtp.gmail.com   ssl://smtp.gmail.com
smtp_port   465   465
sql.safe_mode   Off   Off
track_errors   Off   Off
unserialize_callback_func   no value   no value
upload_max_filesize   2M   2M
upload_tmp_dir   no value   no value
user_dir   no value   no value
variables_order   GPCS   GPCS
xmlrpc_error_number   0   0
xmlrpc_errors   Off   Off
y2k_compliance   On   On
zend.ze1_compatibility_mode   Off   Off

mcrypt
mcrypt support   enabled
Version    2.5.7
Api No    20021217
Supported ciphers    cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes    cbc cfb ctr ecb ncfb nofb ofb stream

Directive   Local Value   Master Value
mcrypt.algorithms_dir   no value   no value
mcrypt.modes_dir   no value   no value

mysql
MySQL Support   enabled
Active Persistent Links    0
Active Links    0
Client API version    5.1.30

Directive   Local Value   Master Value
mysql.allow_persistent   On   On
mysql.connect_timeout   60   60
mysql.default_host   no value   no value
mysql.default_password   no value   no value
mysql.default_port   no value   no value
mysql.default_socket   no value   no value
mysql.default_user   no value   no value
mysql.max_links   Unlimited   Unlimited
mysql.max_persistent   Unlimited   Unlimited
mysql.trace_mode   Off   Off

mysqli
MysqlI Support   enabled
Client API library version    5.1.30
Client API header version    5.1.30
MYSQLI_SOCKET    /tmp/mysql.sock

Directive   Local Value   Master Value
mysqli.default_host   no value   no value
mysqli.default_port   3306   3306
mysqli.default_pw   no value   no value
mysqli.default_socket   no value   no value
mysqli.default_user   no value   no value
mysqli.max_links   Unlimited   Unlimited
mysqli.reconnect   Off   Off