From 80a9bcec25821e6eb08ce6171a3a0a842192c2ee Mon Sep 17 00:00:00 2001 From: zeriyoshi Date: Fri, 18 Dec 2020 14:16:55 +0900 Subject: [PATCH 1/4] Standard: use if available php_random_bytes() in uniqid(). --- ext/standard/uniqid.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index 3671cc3213a09..dd35c60900aa9 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -32,6 +32,7 @@ #endif #include "php_lcg.h" +#include "php_random.h" #ifdef HAVE_GETTIMEOFDAY ZEND_TLS struct timeval prev_tv = { 0, 0 }; @@ -71,7 +72,14 @@ PHP_FUNCTION(uniqid) * digits for usecs. */ if (more_entropy) { - uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg() * 10); + uint32_t bytes; + double seed; + if (php_random_bytes_silent(&bytes, sizeof(uint32_t)) == FAILURE) { + seed = php_combined_lcg() * 10; + } else { + seed = 1.0 / ((double) UINT32_MAX / bytes); + } + uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, seed); } else { uniqid = strpprintf(0, "%s%08x%05x", prefix, sec, usec); } From a67cbf08c25f52b343eb11588bccb45ef2c6eb3f Mon Sep 17 00:00:00 2001 From: zeriyoshi Date: Fri, 18 Dec 2020 20:56:19 +0900 Subject: [PATCH 2/4] Standard: use if available php_random_bytes() in mt_rand() / mt_srand(). --- ext/standard/mt_rand.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ext/standard/mt_rand.c b/ext/standard/mt_rand.c index 3c33a42df3f66..d49740d40e763 100644 --- a/ext/standard/mt_rand.c +++ b/ext/standard/mt_rand.c @@ -24,6 +24,7 @@ #include "php.h" #include "php_rand.h" +#include "php_random.h" #include "php_mt_rand.h" /* MT RAND FUNCTIONS */ @@ -161,7 +162,11 @@ PHPAPI uint32_t php_mt_rand(void) register uint32_t s1; if (UNEXPECTED(!BG(mt_rand_is_seeded))) { - php_mt_srand(GENERATE_SEED()); + zend_long bytes; + if (php_random_bytes_silent(&bytes, sizeof(zend_long)) == FAILURE) { + bytes = GENERATE_SEED(); + } + php_mt_srand(bytes); } if (BG(left) == 0) { @@ -189,8 +194,11 @@ PHP_FUNCTION(mt_srand) Z_PARAM_LONG(mode) ZEND_PARSE_PARAMETERS_END(); - if (ZEND_NUM_ARGS() == 0) - seed = GENERATE_SEED(); + if (ZEND_NUM_ARGS() == 0) { + if (php_random_bytes_silent(&seed, sizeof(zend_long)) == FAILURE) { + seed = GENERATE_SEED(); + } + } switch (mode) { case MT_RAND_PHP: From 432d7bfd2e68e06d235d2bf29625a7917e6da52e Mon Sep 17 00:00:00 2001 From: zeriyoshi Date: Fri, 18 Dec 2020 23:20:03 +0900 Subject: [PATCH 3/4] Standard: fix compatibility for uniqid(). --- ext/standard/uniqid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index dd35c60900aa9..13e4c4ebd7baa 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -77,7 +77,7 @@ PHP_FUNCTION(uniqid) if (php_random_bytes_silent(&bytes, sizeof(uint32_t)) == FAILURE) { seed = php_combined_lcg() * 10; } else { - seed = 1.0 / ((double) UINT32_MAX / bytes); + seed = (10.0 / ((double) UINT32_MAX / bytes)); } uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, seed); } else { From da019d8c0c76f383777074dc46452817b203f11c Mon Sep 17 00:00:00 2001 From: zeriyoshi Date: Tue, 22 Dec 2020 22:27:17 +0900 Subject: [PATCH 4/4] Standard: fix redundant expression. --- ext/standard/uniqid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c index 13e4c4ebd7baa..89c4bc8736f20 100644 --- a/ext/standard/uniqid.c +++ b/ext/standard/uniqid.c @@ -77,7 +77,7 @@ PHP_FUNCTION(uniqid) if (php_random_bytes_silent(&bytes, sizeof(uint32_t)) == FAILURE) { seed = php_combined_lcg() * 10; } else { - seed = (10.0 / ((double) UINT32_MAX / bytes)); + seed = ((double) bytes / UINT32_MAX) * 10.0; } uniqid = strpprintf(0, "%s%08x%05x%.8F", prefix, sec, usec, seed); } else {