Merge branch 'php:master' into master

Author: marcosmarcolin

NEWS

@@ -81,6 +81,7 @@ PHP                                                                        NEWS
   . Added Randomizer::nextFloat(), ::getFloat(), and IntervalBoundary. (timwolla)
   . Fix GH-10292 (Made the default value of the first param of srand() and
     mt_srand() nullable). (kocsismate)
+  . Enable getrandom() for NetBSD (from 10.x). (David Carlier)
 
 - Reflection:
   . Fix GH-9470 (ReflectionMethod constructor should not find private parent
@@ -101,6 +102,8 @@ PHP                                                                        NEWS
   . Make array_pad's $length warning less confusing. (nielsdos)
   . E_WARNING emitted by strtok in the caase both arguments are not provided when
     starting tokenisation. (David Carlier)
+  . password_hash() will now chain the original RandomException to the ValueError
+    on salt generation failure. (timwolla)
 
 - Streams:
   . Fixed bug #51056: blocking fread() will block even if data is available.

UPGRADING

@@ -69,6 +69,8 @@ PHP 8.3 UPGRADE NOTES
     can have. Before, it was only possible to add at most 1048576 elements at a
     time.
   . strtok() raises a warning in the case token is not provided when starting tokenization.
+  . password_hash() will now chain the underlying Random\RandomException
+    as the ValueError’s $previous Exception when salt generation fails.
 
 ========================================
 6. New Functions

ext/posix/config.m4

@@ -10,7 +10,7 @@ if test "$PHP_POSIX" = "yes"; then
 
   AC_CHECK_HEADERS([sys/mkdev.h sys/sysmacros.h])
 
-  AC_CHECK_FUNCS(seteuid setegid setsid getsid getpgid ctermid mkfifo mknod setrlimit getrlimit getgroups makedev initgroups getgrgid_r)
+  AC_CHECK_FUNCS(seteuid setegid setsid getsid getpgid ctermid mkfifo mknod setrlimit getrlimit getgroups makedev initgroups getgrgid_r posix_pathconf)
 
   AC_MSG_CHECKING([for working ttyname_r() implementation])
   AC_RUN_IFELSE([AC_LANG_SOURCE([[

ext/posix/posix.c

@@ -1197,6 +1197,7 @@ PHP_FUNCTION(posix_sysconf)
 	RETURN_LONG(sysconf(conf_id));
 }
 
+#ifdef HAVE_POSIX_PATHCONF
 PHP_FUNCTION(posix_pathconf)
 {
 	zend_long name, ret;
@@ -1257,3 +1258,4 @@ PHP_FUNCTION(posix_fpathconf)
 
 	RETURN_LONG(ret);
 }
+#endif

ext/posix/posix.stub.php

@@ -428,6 +428,8 @@ function posix_initgroups(string $username, int $group_id): bool {}
 
 function posix_sysconf(int $conf_id): int {}
 
+#ifdef HAVE_POSIX_PATHCONF
 function posix_pathconf(string $path, int $name): int|false {}
 /** @param resource|int $file_descriptor */
 function posix_fpathconf($file_descriptor, int $name): int|false {}
+#endif

ext/posix/posix_arginfo.h

@@ -2,6 +2,10 @@
 Test posix_fpathconf
 --EXTENSIONS--
 posix
+--SKIPIF--
+<?php
+if (!function_exists("posix_pathconf")) die("skip only platforms with posix_pathconf");
+?>
 --FILE--
 <?php
 var_dump(posix_fpathconf(-1, POSIX_PC_PATH_MAX));

ext/posix/tests/posix_fpathconf.phpt

@@ -2,6 +2,10 @@
 Test posix_pathconf
 --EXTENSIONS--
 posix
+--SKIPIF--
+<?php
+if (!function_exists("posix_pathconf")) die("skip only platforms with posix_pathconf");
+?>
 --FILE--
 <?php
 try {

ext/posix/tests/posix_pathconf.phpt

@@ -49,7 +49,8 @@
 
 #if HAVE_SYS_PARAM_H
 # include <sys/param.h>
-# if (__FreeBSD__ && __FreeBSD_version > 1200000) || (__DragonFly__ && __DragonFly_version >= 500700) || defined(__sun)
+# if (__FreeBSD__ && __FreeBSD_version > 1200000) || (__DragonFly__ && __DragonFly_version >= 500700) || \
+     defined(__sun) || (defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000)
 #  include <sys/random.h>
 # endif
 #endif
@@ -502,14 +503,27 @@ PHPAPI int php_random_bytes(void *bytes, size_t size, bool should_throw)
 		}
 		return FAILURE;
 	}
-#elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001) || defined(__APPLE__) || defined(__GLIBC__))
+#elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001 && __NetBSD_Version__ < 1000000000) || \
+  defined(__APPLE__))
+	/*
+	 * OpenBSD until there is a valid equivalent
+	 * or NetBSD before the 10.x release
+	 * falls back to arc4random_buf
+	 * giving a decent output, the main benefit
+	 * is being (relatively) failsafe.
+	 * Older macOs releases fall also into this
+	 * category for reasons explained above.
+	 */
 	arc4random_buf(bytes, size);
 #else
 	size_t read_bytes = 0;
 	ssize_t n;
-# if (defined(__linux__) && defined(SYS_getrandom)) || (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || (defined(__DragonFly__) && __DragonFly_version >= 500700) || defined(__sun)
-	/* Linux getrandom(2) syscall or FreeBSD/DragonFlyBSD getrandom(2) function*/
-	/* Keep reading until we get enough entropy */
+# if (defined(__linux__) && defined(SYS_getrandom)) || (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || (defined(__DragonFly__) && __DragonFly_version >= 500700) || \
+  defined(__sun) || (defined(__NetBSD__) && __NetBSD_Version__ >= 1000000000)
+	/* Linux getrandom(2) syscall or FreeBSD/DragonFlyBSD/NetBSD getrandom(2) function
+	 * Being a syscall, implemented in the kernel, getrandom offers higher quality output
+	 * compared to the arc4random api albeit a fallback to /dev/urandom is considered.
+	 */
 	while (read_bytes < size) {
 		errno = 0;
 
@@ -594,20 +608,17 @@ PHPAPI int php_random_bytes(void *bytes, size_t size, bool should_throw)
 		for (read_bytes = 0; read_bytes < size; read_bytes += (size_t) n) {
 			errno = 0;
 			n = read(fd, bytes + read_bytes, size - read_bytes);
-			if (n <= 0) {
-				break;
-			}
-		}
 
-		if (read_bytes < size) {
-			if (should_throw) {
-				if (errno != 0) {
-					zend_throw_exception_ex(random_ce_Random_RandomException, 0, "Could not gather sufficient random data: %s", strerror(errno));
-				} else {
-					zend_throw_exception_ex(random_ce_Random_RandomException, 0, "Could not gather sufficient random data");
+			if (n <= 0) {
+				if (should_throw) {
+					if (errno != 0) {
+						zend_throw_exception_ex(random_ce_Random_RandomException, 0, "Could not gather sufficient random data: %s", strerror(errno));
+					} else {
+						zend_throw_exception_ex(random_ce_Random_RandomException, 0, "Could not gather sufficient random data");
+					}
 				}
+				return FAILURE;
 			}
-			return FAILURE;
 		}
 	}
 #endif

ext/random/random.c

@@ -83,7 +83,7 @@ static zend_string* php_password_make_salt(size_t length) /* {{{ */
 	}
 
 	buffer = zend_string_alloc(length * 3 / 4 + 1, 0);
-	if (FAILURE == php_random_bytes_silent(ZSTR_VAL(buffer), ZSTR_LEN(buffer))) {
+	if (FAILURE == php_random_bytes_throw(ZSTR_VAL(buffer), ZSTR_LEN(buffer))) {
 		zend_value_error("Unable to generate salt");
 		zend_string_release_ex(buffer, 0);
 		return NULL;