php-src/ext/random/engine_secure.c

/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Sammy Kaye Powers <me@sammyk.me>                            |
   |          Go Kudo <zeriyoshi@php.net>                                 |
   +----------------------------------------------------------------------+
*/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include "php.h"
#include "php_random.h"

#include "Zend/zend_exceptions.h"

static uint64_t generate(php_random_status *status)
{
	zend_ulong r = 0;

	php_random_bytes_throw(&r, sizeof(zend_ulong));

	return r;
}

static zend_long range(php_random_status *status, zend_long min, zend_long max)
{
	zend_long result = 0;

	php_random_int_throw(min, max, &result);

	return result;
}

const php_random_algo php_random_algo_secure = {
	sizeof(zend_ulong),
	0,
	NULL,
	generate,
	range,
	NULL,
	NULL
};
Implement Random Extension https://wiki.php.net/rfc/rng_extension https://wiki.php.net/rfc/random_extension_improvement 2022-07-19 03:10:55 +00:00			`/*`
			`+----------------------------------------------------------------------+`
			`\| Copyright (c) The PHP Group \|`
			`+----------------------------------------------------------------------+`
			`\| This source file is subject to version 3.01 of the PHP license, \|`
			`\| that is bundled with this package in the file LICENSE, and is \|`
			`\| available through the world-wide-web at the following url: \|`
			`\| https://www.php.net/license/3_01.txt \|`
			`\| If you did not receive a copy of the PHP license and are unable to \|`
			`\| obtain it through the world-wide-web, please send a note to \|`
			`\| license@php.net so we can mail you a copy immediately. \|`
			`+----------------------------------------------------------------------+`
			`\| Authors: Sammy Kaye Powers <me@sammyk.me> \|`
[ci skip] Update EXTENSIONS and Author(s) in ext/random (#9074) php.net account is better suited for this cases. 2022-07-21 15:53:32 +00:00			`\| Go Kudo <zeriyoshi@php.net> \|`
Implement Random Extension https://wiki.php.net/rfc/rng_extension https://wiki.php.net/rfc/random_extension_improvement 2022-07-19 03:10:55 +00:00			`+----------------------------------------------------------------------+`
			`*/`

			`#ifdef HAVE_CONFIG_H`
			`# include "config.h"`
			`#endif`

			`#include "php.h"`
			`#include "php_random.h"`

			`#include "Zend/zend_exceptions.h"`

			`static uint64_t generate(php_random_status *status)`
			`{`
			`zend_ulong r = 0;`

Remove `->last_unsafe` from php_random_status (#9132) Whenever ->last_unsafe is set to `true` an exception has been thrown. Thus we can replace the check for `->last_unsafe` with a check for `EG(exception)` which is a much more natural way to ommunicate an error up the chain. 2022-07-26 07:02:51 +00:00			`php_random_bytes_throw(&r, sizeof(zend_ulong));`
Implement Random Extension https://wiki.php.net/rfc/rng_extension https://wiki.php.net/rfc/random_extension_improvement 2022-07-19 03:10:55 +00:00
			`return r;`
			`}`

			`static zend_long range(php_random_status *status, zend_long min, zend_long max)`
			`{`
Improve error reporting in random extension (#9071) * Use `php_random_bytes_throw()` in Secure engine's generate() This exposes the underlying exception, improving debugging: Fatal error: Uncaught Exception: Cannot open source device in php-src/test.php:5 Stack trace: #0 php-src/test.php(5): Random\Engine\Secure->generate() #1 {main} Next RuntimeException: Random number generation failed in php-src/test.php:5 Stack trace: #0 php-src/test.php(5): Random\Engine\Secure->generate() #1 {main} thrown in php-src/test.php on line 5 * Use `php_random_int_throw()` in Secure engine's range() This exposes the underlying exception, improving debugging: Exception: Cannot open source device in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getInt(1, 3) #1 {main} Next RuntimeException: Random number generation failed in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getInt(1, 3) #1 {main} * Throw exception when a user engine returns an empty string This improves debugging, because the actual reason for the failure is available as a previous Exception: DomainException: The returned string must not be empty in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getBytes(123) #1 {main} Next RuntimeException: Random number generation failed in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getBytes(123) #1 {main} * Throw exception when the range selector fails to get acceptable numbers in 50 attempts This improves debugging, because the actual reason for the failure is available as a previous Exception: RuntimeException: Failed to generate an acceptable random number in 50 attempts in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getInt(1, 3) #1 {main} Next RuntimeException: Random number generation failed in php-src/test.php:17 Stack trace: #0 php-src/test.php(17): Random\Randomizer->getInt(1, 3) #1 {main} * Improve user_unsafe test Select parameters for ->getInt() that will actually lead to unsafe behavior. * Fix user_unsafe test If an engine fails once it will be permanently poisoned by setting `->last_unsafe`. This is undesirable for the test, because it skews the results. Fix this by creating a fresh engine for each "assertion". * Remove duplication in user_unsafe.phpt * Catch `Throwable` in user_unsafe.phpt As we print the full stringified exception we implicitly assert the type of the exception. No need to be overly specific in the catch block. * Throw an error if an engine returns an empty string * Throw an Error if range fails to find an acceptable number in 50 attempts 2022-07-25 07:00:49 +00:00			`zend_long result = 0;`
Implement Random Extension https://wiki.php.net/rfc/rng_extension https://wiki.php.net/rfc/random_extension_improvement 2022-07-19 03:10:55 +00:00
Remove `->last_unsafe` from php_random_status (#9132) Whenever ->last_unsafe is set to `true` an exception has been thrown. Thus we can replace the check for `->last_unsafe` with a check for `EG(exception)` which is a much more natural way to ommunicate an error up the chain. 2022-07-26 07:02:51 +00:00			`php_random_int_throw(min, max, &result);`
Implement Random Extension https://wiki.php.net/rfc/rng_extension https://wiki.php.net/rfc/random_extension_improvement 2022-07-19 03:10:55 +00:00
			`return result;`
			`}`

			`const php_random_algo php_random_algo_secure = {`
			`sizeof(zend_ulong),`
			`0,`
			`NULL,`
			`generate,`
			`range,`
			`NULL,`
			`NULL`
			`};`