Add zend_general_random_bytes function

Author: arnaud-lb

Zend/zend.c

@@ -95,6 +95,7 @@ ZEND_API zend_string *(*zend_resolve_path)(zend_string *filename);
 ZEND_API zend_result (*zend_post_startup_cb)(void) = NULL;
 ZEND_API void (*zend_post_shutdown_cb)(void) = NULL;
 ZEND_API zend_result (*zend_os_csprng_random_bytes)(void *bytes, size_t size, char *errstr, size_t errstr_size) = NULL;
+ZEND_API zend_result (*zend_general_random_bytes)(zend_utility_general_random_state *state, void *bytes, size_t size) = NULL;
 
 /* This callback must be signal handler safe! */
 void (*zend_on_timeout)(int seconds);
@@ -914,8 +915,9 @@ void zend_startup(zend_utility_functions *utility_functions) /* {{{ */
 #endif
 
 	/* Set up early utility functions. zend_mm depends on
-	 * zend_os_csprng_random_bytes */
-	zend_os_csprng_random_bytes = utility_functions->os_csprng_randomn_bytes_function;
+	 * zend_general_random_bytes */
+	zend_os_csprng_random_bytes = utility_functions->os_csprng_random_bytes_function;
+	zend_general_random_bytes = utility_functions->general_random_bytes_function;
 
 	start_memory_manager();
 

Zend/zend.h

@@ -234,6 +234,11 @@ struct _zend_class_entry {
 	} info;
 };
 
+typedef union {
+	zend_max_align_t align;
+	uint64_t opaque[5];
+} zend_utility_general_random_state;
+
 typedef struct _zend_utility_functions {
 	void (*error_function)(int type, zend_string *error_filename, const uint32_t error_lineno, zend_string *message);
 	size_t (*printf_function)(const char *format, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 1, 2);
@@ -248,7 +253,8 @@ typedef struct _zend_utility_functions {
 	void (*printf_to_smart_str_function)(smart_str *buf, const char *format, va_list ap);
 	char *(*getenv_function)(const char *name, size_t name_len);
 	zend_string *(*resolve_path_function)(zend_string *filename);
-	zend_result (*os_csprng_randomn_bytes_function)(void *bytes, size_t size, char *errstr, size_t errstr_size);
+	zend_result (*os_csprng_random_bytes_function)(void *bytes, size_t size, char *errstr, size_t errstr_size);
+	zend_result (*general_random_bytes_function)(zend_utility_general_random_state *state, void *bytes, size_t size);
 } zend_utility_functions;
 
 typedef struct _zend_utility_values {
@@ -342,6 +348,7 @@ extern void (*zend_printf_to_smart_str)(smart_str *buf, const char *format, va_l
 extern ZEND_API char *(*zend_getenv)(const char *name, size_t name_len);
 extern ZEND_API zend_string *(*zend_resolve_path)(zend_string *filename);
 extern ZEND_API zend_result (*zend_os_csprng_random_bytes)(void *bytes, size_t size, char *errstr, size_t errstr_size);
+extern ZEND_API zend_result (*zend_general_random_bytes)(zend_utility_general_random_state *state, void *bytes, size_t size);
 
 /* These two callbacks are especially for opcache */
 extern ZEND_API zend_result (*zend_post_startup_cb)(void);

Zend/zend_alloc.c

@@ -263,10 +263,6 @@ typedef struct  _zend_mm_huge_list zend_mm_huge_list;
 
 static bool zend_mm_use_huge_pages = false;
 
-typedef struct _zend_mm_rand_state {
-	uint32_t state[4];
-} zend_mm_rand_state;
-
 /*
  * Memory is retrieved from OS by chunks of fixed size 2MB.
  * Inside chunk it's managed by pages of fixed size 4096B.
@@ -342,7 +338,7 @@ struct _zend_mm_heap {
 	HashTable *tracked_allocs;
 #endif
 	pid_t pid;
-	zend_mm_rand_state rand_state;
+	zend_utility_general_random_state rand_state;
 };
 
 struct _zend_mm_chunk {
@@ -2043,105 +2039,18 @@ static void zend_mm_free_huge(zend_mm_heap *heap, void *ptr ZEND_FILE_LINE_DC ZE
 #endif
 }
 
-/********/
-/* Rand */
-/********/
-
-/* Xoshiro256** PRNG based on implementation from Go Kudo in
- * ext/random/engine_xoshiro256starstar.c, based on code from David Blackman,
- * Sebastiano Vigna. */
-
-static inline uint64_t splitmix64(uint64_t *seed)
-{
-	uint64_t r;
-
-	r = (*seed += 0x9e3779b97f4a7c15ULL);
-	r = (r ^ (r >> 30)) * 0xbf58476d1ce4e5b9ULL;
-	r = (r ^ (r >> 27)) * 0x94d049bb133111ebULL;
-	return (r ^ (r >> 31));
-}
-
-ZEND_ATTRIBUTE_CONST static inline uint64_t rotl(const uint64_t x, int k)
-{
-	return (x << k) | (x >> (64 - k));
-}
-
-static inline uint64_t zend_mm_rand_generate(zend_mm_rand_state *s)
-{
-	const uint64_t r = rotl(s->state[1] * 5, 7) * 9;
-	const uint64_t t = s->state[1] << 17;
-
-	s->state[2] ^= s->state[0];
-	s->state[3] ^= s->state[1];
-	s->state[1] ^= s->state[2];
-	s->state[0] ^= s->state[3];
-
-	s->state[2] ^= t;
-
-	s->state[3] = rotl(s->state[3], 45);
-
-	return r;
-}
-
-static inline void zend_mm_rand_seed256(zend_mm_rand_state *state, uint64_t s0, uint64_t s1, uint64_t s2, uint64_t s3)
-{
-	state->state[0] = s0;
-	state->state[1] = s1;
-	state->state[2] = s2;
-	state->state[3] = s3;
-}
-
-static inline void zend_mm_rand_seed64(zend_mm_rand_state *state, uint64_t seed)
-{
-	uint64_t s[4];
-
-	s[0] = splitmix64(&seed);
-	s[1] = splitmix64(&seed);
-	s[2] = splitmix64(&seed);
-	s[3] = splitmix64(&seed);
-
-	zend_mm_rand_seed256(state, s[0], s[1], s[2], s[3]);
-}
-
 /******************/
 /* Initialization */
 /******************/
 
 static zend_result zend_mm_refresh_key(zend_mm_heap *heap)
 {
-	heap->shadow_key = (uintptr_t) zend_mm_rand_generate(&heap->rand_state);
-
-	return SUCCESS;
+	return zend_general_random_bytes(&heap->rand_state, &heap->shadow_key, sizeof(heap->shadow_key));
 }
 
 static zend_result zend_mm_init_key(zend_mm_heap *heap)
 {
-	uint64_t seed[4];
-	char errstr[128];
-	if (zend_os_csprng_random_bytes(&seed, sizeof(seed), errstr, sizeof(errstr)) == SUCCESS) {
-		zend_mm_rand_seed256(&heap->rand_state,
-				seed[0], seed[1], seed[2], seed[3]);
-	} else {
-		/* Fallback to weak seed generation */
-#if ZEND_MM_ERROR
-		fprintf(stderr, "Could not generate secure random seed: %s\n", errstr);
-#endif
-		zend_hrtime_t nanotime = zend_hrtime();
-		uint64_t v = 0;
-		v ^= (uint64_t) nanotime;
-		splitmix64(&v);
-		v ^= (uint64_t) getpid();
-		splitmix64(&v);
-#ifdef ZTS
-		THREAD_T tid = tsrm_thread_id();
-		uint64_t tmp = 0;
-		memcpy(&tmp, &tid, MIN(sizeof(tmp), sizeof(tid)));
-		v ^= tmp;
-		splitmix64(&v);
-#endif
-		zend_mm_rand_seed64(&heap->rand_state, v);
-	}
-
+	memset(&heap->rand_state, 0, sizeof(heap->rand_state));
 	return zend_mm_refresh_key(heap);
 }
 

Zend/zend_portability.h

@@ -791,4 +791,20 @@ extern "C++" {
 # define ZEND_STATIC_ASSERT(c, m)
 #endif
 
+#if (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) /* C11 */ \
+  || (defined(__cplusplus) && __cplusplus >= 201103L) /* C++11 */
+typedef max_align_t zend_max_align_t;
+#else
+typedef union {
+	char c;
+	short s;
+	int i;
+	long l;
+	float f;
+	double d;
+	void *p;
+	void (*fun)();
+} zend_max_align_t;
+#endif
+
 #endif /* ZEND_PORTABILITY_H */

ext/random/php_random.h

@@ -37,7 +37,12 @@
 
 PHPAPI double php_combined_lcg(void);
 
+typedef struct _php_random_fallback_seed_state php_random_fallback_seed_state;
+typedef struct _php_random_state_for_zend php_random_state_for_zend;
+
 PHPAPI uint64_t php_random_generate_fallback_seed(void);
+PHPAPI uint64_t php_random_generate_fallback_seed_ex(php_random_fallback_seed_state *state);
+PHPAPI zend_result php_general_random_bytes_for_zend(zend_utility_general_random_state *state, void *bytes, size_t size);
 
 static inline zend_long GENERATE_SEED(void)
 {
@@ -108,6 +113,18 @@ typedef struct _php_random_algo_with_state {
 	void *state;
 } php_random_algo_with_state;
 
+typedef struct _php_random_fallback_seed_state {
+	bool initialized;
+	unsigned char seed[20];
+} php_random_fallback_seed_state;
+
+typedef struct _php_random_state_for_zend {
+	bool initialized;
+	php_random_status_state_xoshiro256starstar xoshiro256starstar_state;
+} php_random_state_for_zend;
+
+ZEND_STATIC_ASSERT(sizeof(zend_utility_general_random_state) >= sizeof(php_random_state_for_zend), "");
+
 extern PHPAPI const php_random_algo php_random_algo_combinedlcg;
 extern PHPAPI const php_random_algo php_random_algo_mt19937;
 extern PHPAPI const php_random_algo php_random_algo_pcgoneseq128xslrr64;
@@ -206,8 +223,7 @@ PHP_RINIT_FUNCTION(random);
 ZEND_BEGIN_MODULE_GLOBALS(random)
 	bool combined_lcg_seeded;
 	bool mt19937_seeded;
-	bool fallback_seed_initialized;
-	unsigned char fallback_seed[20];
+	php_random_fallback_seed_state fallback_seed_state;
 	php_random_status_state_combinedlcg combined_lcg;
 	php_random_status_state_mt19937 mt19937;
 ZEND_END_MODULE_GLOBALS(random)

ext/random/random.c

@@ -622,7 +622,7 @@ static inline void fallback_seed_add(PHP_SHA1_CTX *c, void *p, size_t l){
 	PHP_SHA1Update(c, p, l);
 }
 
-uint64_t php_random_generate_fallback_seed(void)
+uint64_t php_random_generate_fallback_seed_ex(php_random_fallback_seed_state *state)
 {
 	/* Mix various values using SHA-1 as a PRF to obtain as
 	 * much entropy as possible, hopefully generating an
@@ -640,7 +640,7 @@ uint64_t php_random_generate_fallback_seed(void)
 	char buf[64 + 1];
 
 	PHP_SHA1Init(&c);
-	if (!RANDOM_G(fallback_seed_initialized)) {
+	if (!state->initialized) {
 		/* Current time. */
 		gettimeofday(&tv, NULL);
 		fallback_seed_add(&c, &tv, sizeof(tv));
@@ -656,7 +656,7 @@ uint64_t php_random_generate_fallback_seed(void)
 		fallback_seed_add(&c, &tid, sizeof(tid));
 #endif
 		/* Pointer values to benefit from ASLR. */
-		pointer = &RANDOM_G(fallback_seed_initialized);
+		pointer = state;
 		fallback_seed_add(&c, &pointer, sizeof(pointer));
 		pointer = &c;
 		fallback_seed_add(&c, &pointer, sizeof(pointer));
@@ -680,24 +680,82 @@ uint64_t php_random_generate_fallback_seed(void)
 		gettimeofday(&tv, NULL);
 		fallback_seed_add(&c, &tv, sizeof(tv));
 		/* Previous state. */
-		fallback_seed_add(&c, RANDOM_G(fallback_seed), 20);
+		fallback_seed_add(&c, state->seed, 20);
 	}
-	PHP_SHA1Final(RANDOM_G(fallback_seed), &c);
-	RANDOM_G(fallback_seed_initialized) = true;
+	PHP_SHA1Final(state->seed, &c);
+	state->initialized = true;
 
 	uint64_t result = 0;
 
 	for (int i = 0; i < sizeof(result); i++) {
-		result = result | (((uint64_t)RANDOM_G(fallback_seed)[i]) << (i * 8));
+		result = result | (((uint64_t)state->seed[i]) << (i * 8));
 	}
 
 	return result;
 }
 
+uint64_t php_random_generate_fallback_seed(void)
+{
+	return php_random_generate_fallback_seed_ex(&RANDOM_G(fallback_seed_state));
+}
+
+static zend_result php_general_random_bytes_for_zend_initialize(php_random_state_for_zend *state)
+{
+	uint64_t t[4];
+
+	do {
+		char errstr[128];
+		if (php_random_bytes_ex(&t, sizeof(t), errstr, sizeof(errstr)) == FAILURE) {
+#if ZEND_DEBUG
+			fprintf(stderr, "php_random_bytes_ex: Failed to generate a random seed: %s\n", errstr);
+#endif
+			return FAILURE;
+		}
+	} while (UNEXPECTED(t[0] == 0 && t[1] == 0 && t[2] == 0 && t[3] == 0));
+
+	php_random_xoshiro256starstar_seed256(&state->xoshiro256starstar_state, t[0], t[1], t[2], t[3]);
+
+	return SUCCESS;
+}
+
+static void php_general_random_bytes_for_zend_initialize_fallback(php_random_state_for_zend *state)
+{
+	uint64_t t;
+	php_random_fallback_seed_state fallback_state;
+
+	do {
+		t = php_random_generate_fallback_seed_ex(&fallback_state);
+	} while (UNEXPECTED(t == 0));
+
+	php_random_xoshiro256starstar_seed64(&state->xoshiro256starstar_state, t);
+}
+
+PHPAPI zend_result php_general_random_bytes_for_zend(zend_utility_general_random_state *opaque_state, void *bytes, size_t size)
+{
+	php_random_state_for_zend *state = (php_random_state_for_zend*) opaque_state;
+
+	if (!state->initialized) {
+		if (php_general_random_bytes_for_zend_initialize(state) == FAILURE) {
+			php_general_random_bytes_for_zend_initialize_fallback(state);
+		}
+		state->initialized = true;
+	}
+
+	while (size > 0) {
+		php_random_result result = php_random_algo_xoshiro256starstar.generate(&state->xoshiro256starstar_state);
+		size_t chunk_size = MIN(size, sizeof(result.size));
+		memcpy(bytes, &result.result, chunk_size);
+		size -= chunk_size;
+		bytes += chunk_size;
+	}
+
+	return SUCCESS;
+}
+
 /* {{{ PHP_GINIT_FUNCTION */
 static PHP_GINIT_FUNCTION(random)
 {
-	random_globals->fallback_seed_initialized = false;
+	random_globals->fallback_seed_state.initialized = false;
 }
 /* }}} */
 

main/main.c

@@ -2115,7 +2115,8 @@ zend_result php_module_startup(sapi_module_struct *sf, zend_module_entry *additi
 	zuf.printf_to_smart_str_function = php_printf_to_smart_str;
 	zuf.getenv_function = sapi_getenv;
 	zuf.resolve_path_function = php_resolve_path_for_zend;
-	zuf.os_csprng_randomn_bytes_function = php_random_bytes_ex;
+	zuf.os_csprng_random_bytes_function = php_random_bytes_ex;
+	zuf.general_random_bytes_function = php_general_random_bytes_for_zend;
 	zend_startup(&zuf);
 	zend_reset_lc_ctype_locale();
 	zend_update_current_locale();