Skip to content

Fix undefined behaviour in GENERATE_SEED() #10942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ndossche wants to merge 1 commit into from
Closed

Fix undefined behaviour in GENERATE_SEED() #10942

ndossche wants to merge 1 commit into from

Conversation

@ndossche
Copy link
Member

@ndossche ndossche commented Mar 25, 2023

Signed multiply overflow is undefined behaviour.
If you run the CI tests with UBSAN enabled on a 32-bit platform, this is quite easy to hit. On 64-bit it's more difficult to hit though, but not impossible.

@ndossche
Fix undefined behaviour in GENERATE_SEED()
71e5df6 
Signed multiply overflow is undefined behaviour.
If you run the CI tests with UBSAN enabled on a 32-bit platform, this is
quite easy to hit. On 64-bit it's more difficult to hit though, but not
impossible.
@ndossche ndossche requested a review from TimWolla March 25, 2023 22:12
@TimWolla
Copy link
Member

TimWolla commented Mar 25, 2023

The change looks correct to me, but where are you still hitting GENERATE_SEED()? I believe everything should attempt to use the CSPRNG first and the CSPRNG is effectively infallible on modern systems.

@ndossche
Copy link
Member Author

ndossche commented Mar 25, 2023

In gmp_init_random() there's a GENERATE_SEED():

php-src/ext/gmp/gmp.c

Lines 1717 to 1727 in 93e0f6b

static void gmp_init_random(void)
{
if (!GMPG(rand_initialized)) {
/* Initialize */
gmp_randinit_mt(GMPG(rand_state));
/* Seed */
gmp_randseed_ui(GMPG(rand_state), GENERATE_SEED());
GMPG(rand_initialized) = 1;
}
}

TimWolla
TimWolla approved these changes Mar 25, 2023
View reviewed changes
Copy link
Member

@TimWolla TimWolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Be careful with the merge to PHP 8.2, as all the random stuff moved into the random extension.

ext/standard/php_rand.h
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(0) * (zend_ulong) GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
#else
#define GENERATE_SEED() (((zend_long) (time(0) * getpid())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(0) * (zend_ulong) getpid())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
Copy link
Member

@TimWolla TimWolla Mar 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also:

Suggested change
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(0) * (zend_ulong) getpid())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(NULL) * (zend_ulong) getpid())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))

while you're at it?

ext/standard/php_rand.h

#ifdef PHP_WIN32
#define GENERATE_SEED() (((zend_long) (time(0) * GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(0) * (zend_ulong) GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
Copy link
Member

@TimWolla TimWolla Mar 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(0) * (zend_ulong) GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))
#define GENERATE_SEED() (((zend_long) ((zend_ulong) time(NULL) * (zend_ulong) GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg())))

@ndossche
Copy link
Member Author

ndossche commented Mar 25, 2023

Thanks for the review. Noted, I'll look at what moved and I'll apply your suggestion in the merge. I'll wait first until CI is green.

@TimWolla
Copy link
Member

TimWolla commented Mar 25, 2023

In gmp_init_random() there's a GENERATE_SEED():

Okay, then this should likely be augmented with something like php_random_bytes_silent(&seed, sizeof(unsigned long)) == FAILURE to only use GENERATE_SEED() if the CSPRNG fails. A similar pattern is already in use in other locations. Are you interested in creating such a follow-up (likely master-only)?

The manual will also need a warning that the GMP RNG is not cryptographically secure.

@TimWolla TimWolla mentioned this pull request Mar 25, 2023
Closed
@ndossche
Copy link
Member Author

ndossche commented Mar 25, 2023

Okay, then this should likely be augmented with something like php_random_bytes_silent(&seed, sizeof(unsigned long)) == FAILURE to only use GENERATE_SEED() if the CSPRNG fails. A similar pattern is already in use in other locations. Are you interested in creating such a follow-up (likely master-only)?

Sure I'll take a look after this gets merged.

ndossche added a commit to ndossche/php-src that referenced this pull request Mar 25, 2023
@ndossche
Use php_random_bytes_silent() where possible in gmp_init_random()
7c7d6f5 
See phpGH-10942.
ndossche added a commit to ndossche/php-src that referenced this pull request Mar 25, 2023
@ndossche
Use php_random_bytes_silent() where possible in gmp_init_random()
017bfdf 
See phpGH-10942.
@ndossche ndossche mentioned this pull request Mar 25, 2023
Merged
ndossche added a commit that referenced this pull request Mar 26, 2023
@ndossche
Use php_random_bytes_silent() where possible in gmp_init_random() (#1…
8317a14 
…0944)

See GH-10942.
@ndossche ndossche closed this in 6f56c00 Mar 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TimWolla TimWolla TimWolla approved these changes

Assignees

No one assigned

Labels

Extension: random

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ndossche @TimWolla