From: Scott MacVicar <scottmac@php.net>
Date: Mon, 17 Nov 2008 21:54:20 +0000 (+0000)
Subject: Add openssl_random_pseudo_bytes() in order to expose access to a PRG, this wraps... 
X-Git-Tag: BEFORE_HEAD_NS_CHANGES_MERGE~162
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=355c955639d2580b577e26a0bab914725e90068a;p=php

Add openssl_random_pseudo_bytes() in order to expose access to a PRG, this wraps around whatever the OS provides.

- OpenBSD uses arc4random()
- Windows uses the Windows Crypto API
- FreeBSD, Linux, etc use /dev/random or /dev/urandom if available
[DOC]
---

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 7d99b5f28a..d7e1be06ce 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -91,6 +91,7 @@ PHP_FUNCTION(openssl_encrypt);
 PHP_FUNCTION(openssl_decrypt);
 
 PHP_FUNCTION(openssl_dh_compute_key);
+PHP_FUNCTION(openssl_random_pseudo_bytes);
 
 /* {{{ arginfo */
 ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 0, 2)
@@ -349,6 +350,11 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_dh_compute_key, 0)
     ZEND_ARG_INFO(0, pub_key)
     ZEND_ARG_INFO(0, dh_key)
 ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_random_pseudo_bytes, 0, 0, 1)
+    ZEND_ARG_INFO(0, length)
+    ZEND_ARG_INFO(1, returned_strong_result)
+ZEND_END_ARG_INFO()
 /* }}} */
 
 /* {{{ openssl_functions[]
@@ -413,6 +419,7 @@ const zend_function_entry openssl_functions[] = {
 
 	PHP_FE(openssl_dh_compute_key,      arginfo_openssl_dh_compute_key)
 
+	PHP_FE(openssl_random_pseudo_bytes,    arginfo_openssl_random_pseudo_bytes)
 	PHP_FE(openssl_error_string, arginfo_openssl_error_string)
 	{NULL, NULL, NULL}
 };
@@ -4968,6 +4975,52 @@ PHP_FUNCTION(openssl_dh_compute_key)
 }
 /* }}} */
 
+/* {{{ proto string openssl_random_pseudo_bytes(integer length [, &bool returned_strong_result]) U
+   Returns a string of the length specified filled with random pseudo bytes */
+PHP_FUNCTION(openssl_random_pseudo_bytes)
+{
+	long buffer_length;
+	unsigned char *buffer = NULL;
+	zval *zstrong_result_returned = NULL;
+	int strong_result = 0;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|z", &buffer_length, &zstrong_result_returned) == FAILURE) {
+		return;
+	}
+
+	if (buffer_length <= 0) {
+		RETURN_FALSE;
+	}
+
+	if (zstrong_result_returned) {
+		zval_dtor(zstrong_result_returned);
+		ZVAL_BOOL(zstrong_result_returned, 0);
+	}
+
+	buffer = emalloc(buffer_length);
+
+	if (!buffer) {
+		RETURN_FALSE;
+	}
+
+#ifdef WINDOWS
+        RAND_screen();
+#endif
+
+	if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) < 0) {
+		RETVAL_FALSE;
+	} else {
+		RETVAL_STRINGL((char *)buffer, buffer_length, 1);
+
+		if (zstrong_result_returned) {
+			ZVAL_BOOL(zstrong_result_returned, strong_result);
+		}
+
+	}
+	efree(buffer);
+}
+/* }}} */
+
 /*
  * Local variables:
  * tab-width: 8
diff --git a/ext/openssl/tests/openssl_random_pseudo_bytes.phpt b/ext/openssl/tests/openssl_random_pseudo_bytes.phpt
new file mode 100644
index 0000000000..339f08e94e
--- /dev/null
+++ b/ext/openssl/tests/openssl_random_pseudo_bytes.phpt
@@ -0,0 +1,22 @@
+--TEST--
+openssl_random_pseudo_bytes() tests
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+for ($i = 0; $i < 10; $i++) {
+	var_dump(bin2hex(openssl_random_pseudo_bytes($i, $strong)));
+}
+
+?>
+--EXPECTF--
+unicode(0) ""
+unicode(2) "%s"
+unicode(4) "%s"
+unicode(6) "%s"
+unicode(8) "%s"
+unicode(10) "%s"
+unicode(12) "%s"
+unicode(14) "%s"
+unicode(16) "%s"
+unicode(18) "%s"
\ No newline at end of file