From 77fc402c76a6fdff98b165cbdc1c6fc17025d70f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 9 Jan 2024 19:56:21 +0100 Subject: [PATCH 1/2] random: Reduce variable scope in Random\Engine\PcgOneseq128XslRr64::__construct() This is for consistency with xoshiro256**'s constructor. --- ext/random/engine_pcgoneseq128xslrr64.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ext/random/engine_pcgoneseq128xslrr64.c b/ext/random/engine_pcgoneseq128xslrr64.c index 885fd9bf0aab3..ccbe146321edd 100644 --- a/ext/random/engine_pcgoneseq128xslrr64.c +++ b/ext/random/engine_pcgoneseq128xslrr64.c @@ -146,8 +146,6 @@ PHP_METHOD(Random_Engine_PcgOneseq128XslRr64, __construct) zend_string *str_seed = NULL; zend_long int_seed = 0; bool seed_is_null = true; - uint32_t i, j; - uint64_t t[2]; ZEND_PARSE_PARAMETERS_START(0, 1) Z_PARAM_OPTIONAL; @@ -163,13 +161,16 @@ PHP_METHOD(Random_Engine_PcgOneseq128XslRr64, __construct) if (str_seed) { /* char (byte: 8 bit) * 16 = 128 bits */ if (ZSTR_LEN(str_seed) == 16) { + uint64_t t[2]; + /* Endianness safe copy */ - for (i = 0; i < 2; i++) { + for (uint32_t i = 0; i < 2; i++) { t[i] = 0; - for (j = 0; j < 8; j++) { + for (uint32_t j = 0; j < 8; j++) { t[i] += ((uint64_t) (unsigned char) ZSTR_VAL(str_seed)[(i * 8) + j]) << (j * 8); } } + seed128(engine->status, php_random_uint128_constant(t[0], t[1])); } else { zend_argument_value_error(1, "must be a 16 byte (128 bit) string"); From 88c83c20fffa2a90234fb0fcd95f8c783ca3f7a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 9 Jan 2024 20:12:50 +0100 Subject: [PATCH 2/2] random: Dynamically calculate the state size when seeding with CSPRNG Instead of hardcoding struct names, or even sizes, we can just determine the actual size of the target structure using sizeof(). --- ext/random/engine_pcgoneseq128xslrr64.c | 2 +- ext/random/engine_xoshiro256starstar.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/random/engine_pcgoneseq128xslrr64.c b/ext/random/engine_pcgoneseq128xslrr64.c index ccbe146321edd..b19aff7e987ee 100644 --- a/ext/random/engine_pcgoneseq128xslrr64.c +++ b/ext/random/engine_pcgoneseq128xslrr64.c @@ -153,7 +153,7 @@ PHP_METHOD(Random_Engine_PcgOneseq128XslRr64, __construct) ZEND_PARSE_PARAMETERS_END(); if (seed_is_null) { - if (php_random_bytes_throw(&state->state, sizeof(php_random_uint128_t)) == FAILURE) { + if (php_random_bytes_throw(&state->state, sizeof(state->state)) == FAILURE) { zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0); RETURN_THROWS(); } diff --git a/ext/random/engine_xoshiro256starstar.c b/ext/random/engine_xoshiro256starstar.c index 78cafe341c32e..5d4dad08a1407 100644 --- a/ext/random/engine_xoshiro256starstar.c +++ b/ext/random/engine_xoshiro256starstar.c @@ -213,7 +213,7 @@ PHP_METHOD(Random_Engine_Xoshiro256StarStar, __construct) if (seed_is_null) { do { - if (php_random_bytes_throw(&state->state, 32) == FAILURE) { + if (php_random_bytes_throw(&state->state, sizeof(state->state)) == FAILURE) { zend_throw_exception(random_ce_Random_RandomException, "Failed to generate a random seed", 0); RETURN_THROWS(); }