/src/php-src/ext/random/zend_utils.c

Source
/*
   +----------------------------------------------------------------------+
   | Copyright © The PHP Group and Contributors.                          |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Authors: Arnaud Le Blanc <arnaud.lb@gmail.com>                       |
   |          Tim Düsterhus <timwolla@php.net>                            |
   +----------------------------------------------------------------------+
*/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include "php_random_zend_utils.h"

ZEND_ATTRIBUTE_NONNULL PHPAPI void php_random_bytes_insecure_for_zend(
    zend_random_bytes_insecure_state *opaque_state, void *bytes, size_t size)
{
  php_random_bytes_insecure_state_for_zend *state = (php_random_bytes_insecure_state_for_zend*) opaque_state;

  if (UNEXPECTED(!state->initialized)) {
    uint64_t t[4];
    php_random_fallback_seed_state fallback_state;
    fallback_state.initialized = false;

    do {
      /* Skip the CSPRNG if it has already failed */
      if (!fallback_state.initialized) {
        char errstr[128];
        if (php_random_bytes_ex(&t, sizeof(t), errstr, sizeof(errstr)) == FAILURE) {
#if ZEND_DEBUG
          fprintf(stderr, "php_random_bytes_ex: Failed to generate a random seed: %s\n", errstr);
#endif
          goto fallback;
        }
      } else {
fallback:
        t[0] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[1] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[2] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[3] = php_random_generate_fallback_seed_ex(&fallback_state);
      }
    } while (UNEXPECTED(t[0] == 0 && t[1] == 0 && t[2] == 0 && t[3] == 0));

    php_random_xoshiro256starstar_seed256(&state->xoshiro256starstar_state, t[0], t[1], t[2], t[3]);
    state->initialized = true;
  }

  while (size > 0) {
    php_random_result result = php_random_algo_xoshiro256starstar.generate(&state->xoshiro256starstar_state);
    ZEND_ASSERT(result.size == 8 && sizeof(result.result) == 8);
    size_t chunk_size = MIN(size, 8);
    bytes = zend_mempcpy(bytes, &result.result, chunk_size);
    size -= chunk_size;
  }
}

Coverage Report

Created: 2026-06-02 06:39

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright © The PHP Group and Contributors. \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to the Modified BSD License that is \|
6		\| bundled with this package in the file LICENSE, and is available \|
7		\| through the World Wide Web at <https://www.php.net/license/>. \|
8		\| \|
9		\| SPDX-License-Identifier: BSD-3-Clause \|
10		+----------------------------------------------------------------------+
11		\| Authors: Arnaud Le Blanc <arnaud.lb@gmail.com> \|
12		\| Tim Düsterhus <timwolla@php.net> \|
13		+----------------------------------------------------------------------+
14		*/
15
16		#ifdef HAVE_CONFIG_H
17		# include "config.h"
18		#endif
19
20		#include "php_random_zend_utils.h"
21
22		ZEND_ATTRIBUTE_NONNULL PHPAPI void php_random_bytes_insecure_for_zend(
23		zend_random_bytes_insecure_state opaque_state, void bytes, size_t size)
24	0	{
25	0	php_random_bytes_insecure_state_for_zend state = (php_random_bytes_insecure_state_for_zend) opaque_state;
26
27	0	if (UNEXPECTED(!state->initialized)) {
28	0	uint64_t t[4];
29	0	php_random_fallback_seed_state fallback_state;
30	0	fallback_state.initialized = false;
31
32	0	do {
33		/* Skip the CSPRNG if it has already failed */
34	0	if (!fallback_state.initialized) {
35	0	char errstr[128];
36	0	if (php_random_bytes_ex(&t, sizeof(t), errstr, sizeof(errstr)) == FAILURE) {
37	0	#if ZEND_DEBUG
38	0	fprintf(stderr, "php_random_bytes_ex: Failed to generate a random seed: %s\n", errstr);
39	0	#endif
40	0	goto fallback;
41	0	}
42	0	} else {
43	0	fallback:
44	0	t[0] = php_random_generate_fallback_seed_ex(&fallback_state);
45	0	t[1] = php_random_generate_fallback_seed_ex(&fallback_state);
46	0	t[2] = php_random_generate_fallback_seed_ex(&fallback_state);
47	0	t[3] = php_random_generate_fallback_seed_ex(&fallback_state);
48	0	}
49	0	} while (UNEXPECTED(t[0] == 0 && t[1] == 0 && t[2] == 0 && t[3] == 0));
50
51	0	php_random_xoshiro256starstar_seed256(&state->xoshiro256starstar_state, t[0], t[1], t[2], t[3]);
52	0	state->initialized = true;
53	0	}
54
55	0	while (size > 0) {
56	0	php_random_result result = php_random_algo_xoshiro256starstar.generate(&state->xoshiro256starstar_state);
57	0	ZEND_ASSERT(result.size == 8 && sizeof(result.result) == 8);
58	0	size_t chunk_size = MIN(size, 8);
59	0	bytes = zend_mempcpy(bytes, &result.result, chunk_size);
60	0	size -= chunk_size;
61	0	}
62	0	}