/src/php-src/ext/random/zend_utils.c

Source (jump to first uncovered line)
/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Authors: Arnaud Le Blanc <arnaud.lb@gmail.com>                       |
   |          Tim Düsterhus <timwolla@php.net>                            |
   +----------------------------------------------------------------------+
*/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include "php_random_zend_utils.h"

ZEND_ATTRIBUTE_NONNULL PHPAPI void php_random_bytes_insecure_for_zend(
    zend_random_bytes_insecure_state *opaque_state, void *bytes, size_t size)
{
  php_random_bytes_insecure_state_for_zend *state = (php_random_bytes_insecure_state_for_zend*) opaque_state;

  if (UNEXPECTED(!state->initialized)) {
    uint64_t t[4];
    php_random_fallback_seed_state fallback_state;
    fallback_state.initialized = false;

    do {
      /* Skip the CSPRNG if it has already failed */
      if (!fallback_state.initialized) {
        char errstr[128];
        if (php_random_bytes_ex(&t, sizeof(t), errstr, sizeof(errstr)) == FAILURE) {
#if ZEND_DEBUG
          fprintf(stderr, "php_random_bytes_ex: Failed to generate a random seed: %s\n", errstr);
#endif
          goto fallback;
        }
      } else {
fallback:
        t[0] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[1] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[2] = php_random_generate_fallback_seed_ex(&fallback_state);
        t[3] = php_random_generate_fallback_seed_ex(&fallback_state);
      }
    } while (UNEXPECTED(t[0] == 0 && t[1] == 0 && t[2] == 0 && t[3] == 0));

    php_random_xoshiro256starstar_seed256(&state->xoshiro256starstar_state, t[0], t[1], t[2], t[3]);
    state->initialized = true;
  }

  while (size > 0) {
    php_random_result result = php_random_algo_xoshiro256starstar.generate(&state->xoshiro256starstar_state);
    ZEND_ASSERT(result.size == 8 && sizeof(result.result) == 8);
    size_t chunk_size = MIN(size, 8);
    bytes = zend_mempcpy(bytes, &result.result, chunk_size);
    size -= chunk_size;
  }
}

Coverage Report

Created: 2025-06-13 06:43

Line	Count	Source (jump to first uncovered line)
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright (c) The PHP Group \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to version 3.01 of the PHP license, \|
6		\| that is bundled with this package in the file LICENSE, and is \|
7		\| available through the world-wide-web at the following url: \|
8		\| https://www.php.net/license/3_01.txt \|
9		\| If you did not receive a copy of the PHP license and are unable to \|
10		\| obtain it through the world-wide-web, please send a note to \|
11		\| license@php.net so we can mail you a copy immediately. \|
12		+----------------------------------------------------------------------+
13		\| Authors: Arnaud Le Blanc <arnaud.lb@gmail.com> \|
14		\| Tim Düsterhus <timwolla@php.net> \|
15		+----------------------------------------------------------------------+
16		*/
17
18		#ifdef HAVE_CONFIG_H
19		# include "config.h"
20		#endif
21
22		#include "php_random_zend_utils.h"
23
24		ZEND_ATTRIBUTE_NONNULL PHPAPI void php_random_bytes_insecure_for_zend(
25		zend_random_bytes_insecure_state opaque_state, void bytes, size_t size)
26	0	{
27	0	php_random_bytes_insecure_state_for_zend state = (php_random_bytes_insecure_state_for_zend) opaque_state;
28
29	0	if (UNEXPECTED(!state->initialized)) {
30	0	uint64_t t[4];
31	0	php_random_fallback_seed_state fallback_state;
32	0	fallback_state.initialized = false;
33
34	0	do {
35		/* Skip the CSPRNG if it has already failed */
36	0	if (!fallback_state.initialized) {
37	0	char errstr[128];
38	0	if (php_random_bytes_ex(&t, sizeof(t), errstr, sizeof(errstr)) == FAILURE) {
39	0	#if ZEND_DEBUG
40	0	fprintf(stderr, "php_random_bytes_ex: Failed to generate a random seed: %s\n", errstr);
41	0	#endif
42	0	goto fallback;
43	0	}
44	0	} else {
45	0	fallback:
46	0	t[0] = php_random_generate_fallback_seed_ex(&fallback_state);
47	0	t[1] = php_random_generate_fallback_seed_ex(&fallback_state);
48	0	t[2] = php_random_generate_fallback_seed_ex(&fallback_state);
49	0	t[3] = php_random_generate_fallback_seed_ex(&fallback_state);
50	0	}
51	0	} while (UNEXPECTED(t[0] == 0 && t[1] == 0 && t[2] == 0 && t[3] == 0));
52
53	0	php_random_xoshiro256starstar_seed256(&state->xoshiro256starstar_state, t[0], t[1], t[2], t[3]);
54	0	state->initialized = true;
55	0	}
56
57	0	while (size > 0) {
58	0	php_random_result result = php_random_algo_xoshiro256starstar.generate(&state->xoshiro256starstar_state);
59	0	ZEND_ASSERT(result.size == 8 && sizeof(result.result) == 8);
60	0	size_t chunk_size = MIN(size, 8);
61	0	bytes = zend_mempcpy(bytes, &result.result, chunk_size);
62	0	size -= chunk_size;
63	0	}
64	0	}