#
6fb20cd9 |
| 20-Mar-2024 |
Tim Düsterhus |
random: Simplify implementation of php_random_generate_fallback_seed() (#13761) As all the input bits and pieces are mixed with SHA-1, cross-architecture compatibility is not required an
random: Simplify implementation of php_random_generate_fallback_seed() (#13761) As all the input bits and pieces are mixed with SHA-1, cross-architecture compatibility is not required and we can just mix in whatever they may look like in memory, instead of going through the `write_*()` helpers that were created for a previous in-development version that first filled a buffer that was then hashed (allowing for easy inspection of the input data, but making it harder to safely add values without checking for buffer overflows all the time). This change should also fix a build error on macOS ZTS: The thread ID is an opaque type and not guaranteed to be arithmetic as per IEEE Std 1003.1-2017. And indeed macOS defines it as a pointer to a structure, failing due to the implicit pointer to integer conversion.
show more ...
|
#
81744d6c |
| 18-Mar-2024 |
Tim Düsterhus |
random: Improve the output quality of RANDOM_SEED() (#13730) * random: Improve the output quality of RANDOM_SEED() Previously 4 consecutive calls to `RANDOM_SEED()` each for 4 diffe
random: Improve the output quality of RANDOM_SEED() (#13730) * random: Improve the output quality of RANDOM_SEED() Previously 4 consecutive calls to `RANDOM_SEED()` each for 4 different CLI requests resulted in: $ sapi/cli/php test.php 2c13e9fde9caa 2c13e9fd1d6b0 2c13e9fd4de34 2c13e9fd1610e $ sapi/cli/php test.php 2c1436764fe07 2c14367621770 2c143676c0bf6 2c143676e02f5 $ sapi/cli/php test.php 2c144995a0626 2c14499590fe2 2c144995c65db 2c14499536833 $ sapi/cli/php test.php 2c145cb30860b 2c145cb3ec027 2c145cb33b4ca 2c145cb38ff63 Now they result in: $ sapi/cli/php test.php 6796973ace1b5f3d 1913daf5c158cb4b 255dbf24237bc8c9 7c3ba22e60f35196 $ sapi/cli/php test.php afb7cc9ba9819cd2 3e01a71b91ad020c 6b718364d3ef108 bdcd17beeb4b31d2 $ sapi/cli/php test.php 53d36eb9b83f8788 4381c85e816187aa 2e9b32ee9898e71e 31d15c946842bddb $ sapi/cli/php test.php 2037a3cba88114b4 ba0b0d93a9bb43aa e13d82d2421269e2 191de474f3292240 * tree-wide: Replace GENERATE_SEED() by php_random_generate_fallback_seed() * random: Fix NTS build * random: Fix Windows build
show more ...
|
#
f34721ca |
| 13-Mar-2024 |
Tim Düsterhus |
random: Initialize the `mode` field when seeding in `php_random_default_status()` (#13690) This is not just an issue due to missing initialization since moving the state struct directly
random: Initialize the `mode` field when seeding in `php_random_default_status()` (#13690) This is not just an issue due to missing initialization since moving the state struct directly into the module globals. In earlier versions changing the mode to `MT_RAND_PHP` within a single request would also affect the mode for subsequent requests. Original commit message follows: This is a follow-up fix for GH-13579. The issue was detected in the nightly MSAN build. (cherry picked from commit bf0abd1629291c193064a9cb95a2da3565decc38)
show more ...
|
#
bf0abd16 |
| 06-Mar-2024 |
Tim Düsterhus |
random: Initialize the `mode` field when seeding in `php_random_default_status()` (#13608) This is a follow-up fix for GH-13579. The issue was detected in the nightly MSAN build.
|
#
650a8fb0 |
| 04-Mar-2024 |
Tim Düsterhus |
random: Embed the Mt19937 and CombinedLCG state within the module globals (#13579) These are always dynamically allocated in GINIT, thus always take up memory. By embedding them here we
random: Embed the Mt19937 and CombinedLCG state within the module globals (#13579) These are always dynamically allocated in GINIT, thus always take up memory. By embedding them here we can avoid the dynamic allocation and additional pointer indirection accessing them. The test script: <?php for ($i = 0; $i < 9999999; $i++) mt_rand(1, 100); Appears to run slightly faster with this change applied: Before this change it always ran in just over 3 seconds, after this change I was also seeing times below 3 seconds. Howver results are too close and too jittery to state this performance improvement as a fact.
show more ...
|
#
e059498c |
| 29-Feb-2024 |
Tim Düsterhus |
random: Fix unknown `mt_srand()` compatibility for unknown modes (#13544) PHP 8.1 and below interpreted unknown modes as `MT_RAND_MT19937`, but PHP 8.2+ interprets them as `MT_RAND_PHP`.
random: Fix unknown `mt_srand()` compatibility for unknown modes (#13544) PHP 8.1 and below interpreted unknown modes as `MT_RAND_MT19937`, but PHP 8.2+ interprets them as `MT_RAND_PHP`. Align the behavior with PHP 8.1 and below, because folks should be steered towards the standard mode.
show more ...
|
#
99e7cf07 |
| 29-Feb-2024 |
Tim Düsterhus |
random: Clean up seeding API (#13540) * random: Expose xoshiro256**'s seeding functions * random: Expose pcgoneseq128xslrr64's seeding functions * random: Expose Mt19937's
random: Clean up seeding API (#13540) * random: Expose xoshiro256**'s seeding functions * random: Expose pcgoneseq128xslrr64's seeding functions * random: Expose Mt19937's seeding functions * random: Expose CombinedLCG's seeding functions * random: Call php_random_mt19937_seed32 to seed the global Mt19937 This avoids the function pointer indirection and improves type safety. * random: NULL the generic seeding function Different engines work quite differently, it is not useful to attempt to seed them in a generic way using a 64 bit integer. As an example Mt19937 completely ignores the upper 32 bits. * random: Remove the `seed` member from `php_random_algo` See the explanation in the previous commit for the reasoning. This member is unused since the previous commit and was not consistently available even before that (specifically for the Secure engine). * UPGRADING.INTERNALS * random: Remove useless cast in `php_mt_srand()`
show more ...
|
#
dce6ed31 |
| 26-Feb-2024 |
Tim Düsterhus |
random: Adjust `status` to `state` (#13521) * random: Rename `status` local to `state` * random: Rename `php_random_algo_with_state`'s `status` member to `state`
|
#
79133df1 |
| 25-Feb-2024 |
Tim Düsterhus |
random: Pass algorithm and state together as `php_random_algo_with_state` (#13350) * random: Remove `php_random_status` Since 162e1dce9870168cb8c65c013f2b5a510b6536b1, the `php_rand
random: Pass algorithm and state together as `php_random_algo_with_state` (#13350) * random: Remove `php_random_status` Since 162e1dce9870168cb8c65c013f2b5a510b6536b1, the `php_random_status` struct contains just a single `void*`, resulting in needless indirection when accessing the engine state and thus decreasing readability because of the additional non-meaningful `->state` references / the local helper variables. There is also a small, but measurable performance benefit: <?php $e = new Random\Engine\Xoshiro256StarStar(0); $r = new Random\Randomizer($e); for ($i = 0; $i < 15; $i++) var_dump(strlen($r->getBytes(100000000))); goes from roughly 3.85s down to 3.60s. The names of the `status` variables have not yet been touched to keep the diff small. They will be renamed to the more appropriate `state` in a follow-up cleanup commit. * Introduce `php_random_algo_with_state`
show more ...
|
#
97b3b455 |
| 01-Feb-2024 |
Tim Düsterhus |
random: Move CSPRNG API into php_random_csprng.h (#13290) This allows consumers of just the CSPRNG to include a much smaller header. It also allows to verify at a glance whether a source
random: Move CSPRNG API into php_random_csprng.h (#13290) This allows consumers of just the CSPRNG to include a much smaller header. It also allows to verify at a glance whether a source file might use non-secure randomness. This commit includes the new header wherever the CSPRNG is used, possibly replacing the inclusion of php_random.h if nothing else is used, but also includes it in the main php_random.h header for compatibility. Somewhat related to 45f8cfaf104f504340b0073b9736bb50a88d70a1, 2b30f18708b4f73d2c1d29d3a92a606ebdc5ac4c, and b14dd85dca3b67a5462f5ed9b6aa0dc22beb615c.
show more ...
|
#
162e1dce |
| 09-Jan-2024 |
Tim Düsterhus |
random: Optimize data flow for the `generate` function of native engines (#13043) Instead of returning the generated `uint64_t` and providing the size (i.e. the number of bytes of the ge
random: Optimize data flow for the `generate` function of native engines (#13043) Instead of returning the generated `uint64_t` and providing the size (i.e. the number of bytes of the generated value) out-of-band via the `last_generated_size` member of the `php_random_status` struct, the `generate` function is now expected to return a new `php_random_result` struct containing both the `size` and the `result`. This has two benefits, one for the developer: It's no longer possible to forget setting `last_generated_size` to the correct value, because it now happens at the time of returning from the function. and the other benefit is for performance: The `php_random_result` struct will be returned as a register pair, thus the `size` will be directly available without reloading it from main memory. Checking a simplified version of `php_random_range64()` on Compiler Explorer (“Godbolt”) with clang 17 shows a single change in the resulting assembly showcasing the improvement (https://godbolt.org/z/G4WjdYxqx): - add rbp, qword ptr [r14] + add rbp, rdx Empirical testing confirms a measurable performance increase for the `Randomizer::getBytes()` method: <?php $e = new Random\Engine\Xoshiro256StarStar(0); $r = new Random\Randomizer($e); var_dump(strlen($r->getBytes(100000000))); goes from 250ms (before the change) to 220ms (after the change). While generating 100 MB of random data certainly is not the most common use case, it confirms the theoretical improvement in practice.
show more ...
|
#
61251093 |
| 07-Jul-2023 |
Tim Düsterhus |
Deprecate MT_RAND_PHP (#11560) see https://wiki.php.net/rfc/deprecations_php_8_3#mt_rand_php
|
#
b14dd85d |
| 23-Feb-2023 |
Tim Düsterhus |
random: Move the CSPRNG implementation into a separate C file (#10668) The CSPRNG is a delicate and security relevant piece of code and having it in the giant random.c makes it much hard
random: Move the CSPRNG implementation into a separate C file (#10668) The CSPRNG is a delicate and security relevant piece of code and having it in the giant random.c makes it much harder to verify changes to it. Split it into a separate file.
show more ...
|
#
6c8ef1d9 |
| 25-Jan-2023 |
Tim Düsterhus |
random: Reduce variable scopes in CSPRNG (#10426) * random: Convert the urandom loop into a while() loop This allows us to more easily reduce the scope of `n` in a future commit and
random: Reduce variable scopes in CSPRNG (#10426) * random: Convert the urandom loop into a while() loop This allows us to more easily reduce the scope of `n` in a future commit and now matches the getrandom(2) loop. * random: Move the errno reset immediately above the getrandom(2) call * random: Reduce the scope of `n` in the CSPRNG * random: Declare `n` outside of preprocessor branch
show more ...
|
#
2740920a |
| 23-Jan-2023 |
David Carlier |
random disable arc4random_buf for glibc, merge mistake
|
#
948cb470 |
| 15-Jan-2023 |
David Carlier |
random netbsd 10 update finally supporting getrandom syscall properly. Close GH-10327.
|
#
a7998fda |
| 23-Jan-2023 |
Tim Düsterhus |
random: Simplify control flow for handling /dev/urandom errors (#10392) The only way the previous `if (read_bytes < size)` branch could be taken is when the loop was exited by the `break
random: Simplify control flow for handling /dev/urandom errors (#10392) The only way the previous `if (read_bytes < size)` branch could be taken is when the loop was exited by the `break;` statement. We can just merge this into the loop to make the code more obvious.
show more ...
|
#
57b362b7 |
| 23-Jan-2023 |
Tim Düsterhus |
random: Do not trust arc4random_buf() on glibc (#10390) This effectively reverts #8984. As discussed in #10327 which will enable the use of the getrandom(2) syscall on NetBSD in
random: Do not trust arc4random_buf() on glibc (#10390) This effectively reverts #8984. As discussed in #10327 which will enable the use of the getrandom(2) syscall on NetBSD instead of relying on the userland arc4random_buf(), the CSPRNG should prioritize security over speed [1] and history has shown that userland implementations unavoidably fall short on the security side. In fact the glibc implementation is a thin wrapper around the syscall due to security concerns and thus does not provide any benefit over just calling getrandom(2) ourselves. Even without any performance optimizations the CSPRNG should be plenty fast for the vast majority of applications, because they often only need a few bytes of randomness to generate a session ID. If speed is desired, the OO API offers faster, but non-cryptographically secure engines.
show more ...
|
#
2b395f7b |
| 20-Jan-2023 |
Tim Düsterhus |
random: Remove check for HAVE_DEV_URANDOM It cannot be decided whether the device is available at build time, PHP might run in a container or chroot that does not expose the device. Simp
random: Remove check for HAVE_DEV_URANDOM It cannot be decided whether the device is available at build time, PHP might run in a container or chroot that does not expose the device. Simply attempt to open it, if it does not exist it will fail. This improves readability of php_random_bytes() by removing one layer of preprocessor conditions.
show more ...
|
#
1f05d6ef |
| 20-Jan-2023 |
Máté Kocsis |
Fix GH-10292 make the default value of the first parame of srand() and mt_srand() nullable (#10380) Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
|
#
c8955c07 |
| 16-Jan-2023 |
Christoph M. Becker |
Revert GH-10220 Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>. This reverts commit ecc880f491d66081298a16634629f149459706a9. This reverts commit 588a07
Revert GH-10220 Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>. This reverts commit ecc880f491d66081298a16634629f149459706a9. This reverts commit 588a07f7371ee2b5fac17de147926780e427fae6. This reverts commit f377e15751d3aa48b69cd9bcc366ede7803d511f. This reverts commit b4ba16fe189b109144aff669e11d81365160104b. This reverts commit 694ec1deea36e366b28b6349a52be49824e1a1a8. This reverts commit 6b34de8eba9f66882ae16e6073af28783670ac53. This reverts commit aa1cd02a4367834026ea2205ea13a2f904455aa1. This reverts commit 308fd311ea6fcf3094b448df7f2b264f08e4fe4f. This reverts commit 16203b53e1822a37b6ba6f2ab198bb435d05fdad. This reverts commit 738fb5ca5412f5e833a7fab82b11519e635a3357. This reverts commit 9fdbefacd3c382d731aa175b7bdc002ec9cb2b30. This reverts commit cd4a7c1d90562ebb5f89caf94d00d579631b9fbe. This reverts commit 928685eba2b2f0ded90e7f78fd806ea164002f6e. This reverts commit 01e5ffc85cd4357fd7b5b7ceefa29f2d10ca26b7.
show more ...
|
#
e7c0f4e8 |
| 10-Jan-2023 |
Tim Düsterhus |
random: Rely on `free(NULL)` being safe for random status freeing (#10246) * random: Rely on `free(NULL)` being safe for random status freeing * random: Restructure `php_random_stat
random: Rely on `free(NULL)` being safe for random status freeing (#10246) * random: Rely on `free(NULL)` being safe for random status freeing * random: Restructure `php_random_status_free()` to not early-return
show more ...
|
#
308fd311 |
| 04-Jan-2023 |
Max Kellermann |
ext/{standard,json,random,...}: add missing includes
|
#
32f503e4 |
| 07-Jan-2023 |
Tim Düsterhus |
random: Fix check before closing `random_fd` (#10247) If, for whatever reason, the random_fd has been assigned file descriptor `0` it previously failed to close during module shutdown, t
random: Fix check before closing `random_fd` (#10247) If, for whatever reason, the random_fd has been assigned file descriptor `0` it previously failed to close during module shutdown, thus leaking the descriptor.
show more ...
|
#
f9a1a903 |
| 14-Dec-2022 |
Tim Düsterhus |
Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679) * random: Add Randomizer::nextFloat() * random: Check that doubles are IEEE-754 in Randomizer::nextFloat() *
Add Randomizer::nextFloat() and Randomizer::getFloat() (#9679) * random: Add Randomizer::nextFloat() * random: Check that doubles are IEEE-754 in Randomizer::nextFloat() * random: Add Randomizer::nextFloat() tests * random: Add Randomizer::getFloat() implementing the y-section algorithm The algorithm is published in: Drawing Random Floating-Point Numbers from an Interval. Frédéric Goualard, ACM Trans. Model. Comput. Simul., 32:3, 2022. https://doi.org/10.1145/3503512 * random: Implement getFloat_gamma() optimization see https://github.com/php/php-src/pull/9679/files#r994668327 * random: Add Random\IntervalBoundary * random: Split the implementation of γ-section into its own file * random: Add tests for Randomizer::getFloat() * random: Fix γ-section for 32-bit systems * random: Replace check for __STDC_IEC_559__ by compile-time check for DBL_MANT_DIG * random: Drop nextFloat_spacing.phpt * random: Optimize Randomizer::getFloat() implementation * random: Reject non-finite parameters in Randomizer::getFloat() * random: Add NEWS/UPGRADING for Randomizer’s float functionality
show more ...
|