2023-02-24 02:17:09 +08:00
|
|
|
/*
|
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
| Copyright (c) The PHP Group |
|
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
| This source file is subject to version 3.01 of the PHP license, |
|
|
|
|
| that is bundled with this package in the file LICENSE, and is |
|
|
|
|
| available through the world-wide-web at the following url: |
|
|
|
|
| https://www.php.net/license/3_01.txt |
|
|
|
|
| If you did not receive a copy of the PHP license and are unable to |
|
|
|
|
| obtain it through the world-wide-web, please send a note to |
|
|
|
|
| license@php.net so we can mail you a copy immediately. |
|
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
| Authors: Tim Düsterhus <timwolla@php.net> |
|
|
|
|
| Go Kudo <zeriyoshi@php.net> |
|
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
|
|
#include "php.h"
|
|
|
|
|
|
|
|
#include "Zend/zend_exceptions.h"
|
2024-05-30 23:24:34 +08:00
|
|
|
#include "Zend/zend_atomic.h"
|
2023-02-24 02:17:09 +08:00
|
|
|
|
|
|
|
#include "php_random.h"
|
2024-02-02 02:09:35 +08:00
|
|
|
#include "php_random_csprng.h"
|
2023-02-24 02:17:09 +08:00
|
|
|
|
2024-06-09 20:23:41 +08:00
|
|
|
#ifdef HAVE_UNISTD_H
|
2023-02-24 02:17:09 +08:00
|
|
|
# include <unistd.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef PHP_WIN32
|
|
|
|
# include "win32/time.h"
|
|
|
|
# include "win32/winutil.h"
|
|
|
|
# include <process.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef __linux__
|
|
|
|
# include <sys/syscall.h>
|
|
|
|
#endif
|
|
|
|
|
2024-06-09 20:23:41 +08:00
|
|
|
#ifdef HAVE_SYS_PARAM_H
|
2023-02-24 02:17:09 +08:00
|
|
|
# include <sys/param.h>
|
2024-06-12 04:47:05 +08:00
|
|
|
# if (defined(__FreeBSD__) && __FreeBSD_version > 1200000) || (defined(__DragonFly__) && __DragonFly_version >= 500700) || \
|
2024-08-14 03:57:21 +08:00
|
|
|
(defined(__sun) && defined(HAVE_GETRANDOM)) || (defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000) || defined(__midipix__)
|
2023-02-24 02:17:09 +08:00
|
|
|
# include <sys/random.h>
|
|
|
|
# endif
|
|
|
|
#endif
|
|
|
|
|
2024-06-08 05:45:17 +08:00
|
|
|
#ifdef HAVE_COMMONCRYPTO_COMMONRANDOM_H
|
2023-02-24 02:17:09 +08:00
|
|
|
# include <CommonCrypto/CommonCryptoError.h>
|
|
|
|
# include <CommonCrypto/CommonRandom.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if __has_feature(memory_sanitizer)
|
|
|
|
# include <sanitizer/msan_interface.h>
|
|
|
|
#endif
|
|
|
|
|
2024-05-30 23:24:34 +08:00
|
|
|
#ifndef PHP_WIN32
|
|
|
|
static zend_atomic_int random_fd = ZEND_ATOMIC_INT_INITIALIZER(-1);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
ZEND_ATTRIBUTE_NONNULL PHPAPI zend_result php_random_bytes_ex(void *bytes, size_t size, char *errstr, size_t errstr_size)
|
2023-02-24 02:17:09 +08:00
|
|
|
{
|
|
|
|
#ifdef PHP_WIN32
|
|
|
|
/* Defer to CryptGenRandom on Windows */
|
|
|
|
if (php_win32_get_random_bytes(bytes, size) == FAILURE) {
|
2024-05-30 23:24:34 +08:00
|
|
|
snprintf(errstr, errstr_size, "Failed to retrieve randomness from the operating system (BCryptGenRandom)");
|
2023-02-24 02:17:09 +08:00
|
|
|
return FAILURE;
|
|
|
|
}
|
2024-06-08 05:45:17 +08:00
|
|
|
#elif defined(HAVE_COMMONCRYPTO_COMMONRANDOM_H)
|
2023-02-24 02:17:09 +08:00
|
|
|
/*
|
|
|
|
* Purposely prioritized upon arc4random_buf for modern macOs releases
|
|
|
|
* arc4random api on this platform uses `ccrng_generate` which returns
|
|
|
|
* a status but silented to respect the "no fail" arc4random api interface
|
|
|
|
* the vast majority of the time, it works fine ; but better make sure we catch failures
|
|
|
|
*/
|
|
|
|
if (CCRandomGenerateBytes(bytes, size) != kCCSuccess) {
|
2024-05-30 23:24:34 +08:00
|
|
|
snprintf(errstr, errstr_size, "Failed to retrieve randomness from the operating system (CCRandomGenerateBytes)");
|
2023-02-24 02:17:09 +08:00
|
|
|
return FAILURE;
|
|
|
|
}
|
2024-06-14 04:36:05 +08:00
|
|
|
#elif defined(HAVE_ARC4RANDOM_BUF) && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001 && __NetBSD_Version__ < 1000000000) || \
|
2024-09-28 21:05:54 +08:00
|
|
|
defined(__APPLE__) || defined(__HAIKU__))
|
2023-02-24 02:17:09 +08:00
|
|
|
/*
|
|
|
|
* OpenBSD until there is a valid equivalent
|
|
|
|
* or NetBSD before the 10.x release
|
|
|
|
* falls back to arc4random_buf
|
|
|
|
* giving a decent output, the main benefit
|
|
|
|
* is being (relatively) failsafe.
|
|
|
|
* Older macOs releases fall also into this
|
|
|
|
* category for reasons explained above.
|
|
|
|
*/
|
|
|
|
arc4random_buf(bytes, size);
|
|
|
|
#else
|
|
|
|
size_t read_bytes = 0;
|
|
|
|
# if (defined(__linux__) && defined(SYS_getrandom)) || (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || (defined(__DragonFly__) && __DragonFly_version >= 500700) || \
|
2024-08-14 03:57:21 +08:00
|
|
|
(defined(__sun) && defined(HAVE_GETRANDOM)) || (defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000) || defined(__midipix__)
|
2023-02-24 02:17:09 +08:00
|
|
|
/* Linux getrandom(2) syscall or FreeBSD/DragonFlyBSD/NetBSD getrandom(2) function
|
|
|
|
* Being a syscall, implemented in the kernel, getrandom offers higher quality output
|
|
|
|
* compared to the arc4random api albeit a fallback to /dev/urandom is considered.
|
|
|
|
*/
|
|
|
|
while (read_bytes < size) {
|
|
|
|
/* Below, (bytes + read_bytes) is pointer arithmetic.
|
|
|
|
|
|
|
|
bytes read_bytes size
|
|
|
|
| | |
|
|
|
|
[#######=============] (we're going to write over the = region)
|
|
|
|
\\\\\\\\\\\\\
|
|
|
|
amount_to_read
|
|
|
|
*/
|
|
|
|
size_t amount_to_read = size - read_bytes;
|
|
|
|
ssize_t n;
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
# if defined(__linux__)
|
|
|
|
n = syscall(SYS_getrandom, bytes + read_bytes, amount_to_read, 0);
|
|
|
|
# else
|
|
|
|
n = getrandom(bytes + read_bytes, amount_to_read, 0);
|
|
|
|
# endif
|
|
|
|
|
|
|
|
if (n == -1) {
|
|
|
|
if (errno == ENOSYS) {
|
|
|
|
/* This can happen if PHP was compiled against a newer kernel where getrandom()
|
|
|
|
* is available, but then runs on an older kernel without getrandom(). If this
|
|
|
|
* happens we simply fall back to reading from /dev/urandom. */
|
|
|
|
ZEND_ASSERT(read_bytes == 0);
|
|
|
|
break;
|
|
|
|
} else if (errno == EINTR || errno == EAGAIN) {
|
|
|
|
/* Try again */
|
|
|
|
continue;
|
|
|
|
} else {
|
|
|
|
/* If the syscall fails, fall back to reading from /dev/urandom */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# if __has_feature(memory_sanitizer)
|
|
|
|
/* MSan does not instrument manual syscall invocations. */
|
|
|
|
__msan_unpoison(bytes + read_bytes, n);
|
|
|
|
# endif
|
|
|
|
read_bytes += (size_t) n;
|
|
|
|
}
|
|
|
|
# endif
|
|
|
|
if (read_bytes < size) {
|
2024-05-30 23:24:34 +08:00
|
|
|
int fd = zend_atomic_int_load_ex(&random_fd);
|
2023-02-24 02:17:09 +08:00
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
if (fd < 0) {
|
|
|
|
errno = 0;
|
|
|
|
fd = open("/dev/urandom", O_RDONLY);
|
|
|
|
if (fd < 0) {
|
2024-05-30 23:24:34 +08:00
|
|
|
if (errno != 0) {
|
|
|
|
snprintf(errstr, errstr_size, "Cannot open /dev/urandom: %s", strerror(errno));
|
|
|
|
} else {
|
|
|
|
snprintf(errstr, errstr_size, "Cannot open /dev/urandom");
|
2023-02-24 02:17:09 +08:00
|
|
|
}
|
|
|
|
return FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
/* Does the file exist and is it a character device? */
|
|
|
|
if (fstat(fd, &st) != 0 ||
|
|
|
|
# ifdef S_ISNAM
|
|
|
|
!(S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))
|
|
|
|
# else
|
|
|
|
!S_ISCHR(st.st_mode)
|
|
|
|
# endif
|
|
|
|
) {
|
|
|
|
close(fd);
|
2024-05-30 23:24:34 +08:00
|
|
|
if (errno != 0) {
|
|
|
|
snprintf(errstr, errstr_size, "Error reading from /dev/urandom: %s", strerror(errno));
|
|
|
|
} else {
|
|
|
|
snprintf(errstr, errstr_size, "Error reading from /dev/urandom");
|
2023-02-24 02:17:09 +08:00
|
|
|
}
|
|
|
|
return FAILURE;
|
|
|
|
}
|
2024-05-30 23:24:34 +08:00
|
|
|
int expected = -1;
|
|
|
|
if (!zend_atomic_int_compare_exchange_ex(&random_fd, &expected, fd)) {
|
|
|
|
close(fd);
|
|
|
|
/* expected is now the actual value of random_fd */
|
|
|
|
fd = expected;
|
|
|
|
}
|
2023-02-24 02:17:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
read_bytes = 0;
|
|
|
|
while (read_bytes < size) {
|
|
|
|
errno = 0;
|
|
|
|
ssize_t n = read(fd, bytes + read_bytes, size - read_bytes);
|
|
|
|
|
|
|
|
if (n <= 0) {
|
2024-05-30 23:24:34 +08:00
|
|
|
if (errno != 0) {
|
|
|
|
snprintf(errstr, errstr_size, "Could not gather sufficient random data: %s", strerror(errno));
|
|
|
|
} else {
|
|
|
|
snprintf(errstr, errstr_size, "Could not gather sufficient random data");
|
2023-02-24 02:17:09 +08:00
|
|
|
}
|
|
|
|
return FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
read_bytes += (size_t) n;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return SUCCESS;
|
|
|
|
}
|
|
|
|
|
2024-05-30 23:24:34 +08:00
|
|
|
ZEND_ATTRIBUTE_NONNULL PHPAPI zend_result php_random_bytes(void *bytes, size_t size, bool should_throw)
|
|
|
|
{
|
|
|
|
char errstr[128];
|
|
|
|
zend_result result = php_random_bytes_ex(bytes, size, errstr, sizeof(errstr));
|
|
|
|
|
|
|
|
if (result == FAILURE && should_throw) {
|
|
|
|
zend_throw_exception(random_ce_Random_RandomException, errstr, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
ZEND_ATTRIBUTE_NONNULL PHPAPI zend_result php_random_int(zend_long min, zend_long max, zend_long *result, bool should_throw)
|
2023-02-24 02:17:09 +08:00
|
|
|
{
|
|
|
|
zend_ulong umax;
|
|
|
|
zend_ulong trial;
|
|
|
|
|
|
|
|
if (min == max) {
|
|
|
|
*result = min;
|
|
|
|
return SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
umax = (zend_ulong) max - (zend_ulong) min;
|
|
|
|
|
|
|
|
if (php_random_bytes(&trial, sizeof(trial), should_throw) == FAILURE) {
|
|
|
|
return FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Special case where no modulus is required */
|
|
|
|
if (umax == ZEND_ULONG_MAX) {
|
|
|
|
*result = (zend_long)trial;
|
|
|
|
return SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Increment the max so the range is inclusive of max */
|
|
|
|
umax++;
|
|
|
|
|
|
|
|
/* Powers of two are not biased */
|
|
|
|
if ((umax & (umax - 1)) != 0) {
|
|
|
|
/* Ceiling under which ZEND_LONG_MAX % max == 0 */
|
|
|
|
zend_ulong limit = ZEND_ULONG_MAX - (ZEND_ULONG_MAX % umax) - 1;
|
|
|
|
|
|
|
|
/* Discard numbers over the limit to avoid modulo bias */
|
|
|
|
while (trial > limit) {
|
|
|
|
if (php_random_bytes(&trial, sizeof(trial), should_throw) == FAILURE) {
|
|
|
|
return FAILURE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*result = (zend_long)((trial % umax) + min);
|
|
|
|
return SUCCESS;
|
|
|
|
}
|
2024-05-30 23:24:34 +08:00
|
|
|
|
|
|
|
PHPAPI void php_random_csprng_shutdown(void)
|
|
|
|
{
|
|
|
|
#ifndef PHP_WIN32
|
|
|
|
int fd = zend_atomic_int_exchange(&random_fd, -1);
|
|
|
|
if (fd != -1) {
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
}
|