Skip to content

Improve error messages in php_random_bytes() #9169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 28, 2022
Merged

Improve error messages in php_random_bytes() #9169

merged 3 commits into from
Jul 28, 2022

Conversation

@TimWolla
Copy link
Member

see #9160 (comment) for context

Not sure if this is lipstick on a pig, because php_random_bytes() really really should not fail on modern systems, but I'm putting it up for discussion nonetheless.

Technically a breaking change, in case someone relies in the specific wording in the error message, but this exception really shouldn't be caught as the system likely is broken beyond repair.

Review requests for devnexen for the general C and operating system experience, cmb for the Windows and PHP internals experience.

@TimWolla TimWolla requested review from cmb69 and devnexen July 27, 2022 18:17
cmb69
cmb69 reviewed Jul 27, 2022
View reviewed changes
devnexen
devnexen reviewed Jul 27, 2022
View reviewed changes
@devnexen
Copy link
Member

Looks ok in general minus @cmb69 remarks which makes sense.

@TimWolla TimWolla requested a review from cmb69 July 28, 2022 16:14
cmb69
cmb69 approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you!

@TimWolla TimWolla merged commit b948f80 into php:master Jul 28, 2022
@TimWolla TimWolla deleted the csprng-exception-message branch July 28, 2022 16:45
TimWolla added a commit to TimWolla/php-src that referenced this pull request Jul 31, 2022
@TimWolla
Remove exception in Randomizer::shuffleBytes()
b3fbaf9 
The only way that `php_binary_string_shuffle` fails is when the engine itself
fails. With the currently available list of engines we have:

- Mt19937            : Infallible.
- PcgOneseq128XslRr64: Infallible.
- Xoshiro256StarStar : Infallible.
- Secure             : Practically infallible on modern systems.
                       Exception messages were cleaned up in phpGH-9169.
- User               : Error when returning an empty string.
                       Error when seriously biased (range() fails).
                       And whatever Throwable the userland developer decides to use.

So the existing engines are either infallible or throw an Exception/Error with
a high quality message themselves, making this exception not a value-add and
possibly confusing.
TimWolla added a commit to TimWolla/php-src that referenced this pull request Aug 1, 2022
@TimWolla
Remove exception in Randomizer::shuffleBytes()
6903a2a 
The only way that `php_binary_string_shuffle` fails is when the engine itself
fails. With the currently available list of engines we have:

- Mt19937            : Infallible.
- PcgOneseq128XslRr64: Infallible.
- Xoshiro256StarStar : Infallible.
- Secure             : Practically infallible on modern systems.
                       Exception messages were cleaned up in phpGH-9169.
- User               : Error when returning an empty string.
                       Error when seriously biased (range() fails).
                       And whatever Throwable the userland developer decides to use.

So the existing engines are either infallible or throw an Exception/Error with
a high quality message themselves, making this exception not a value-add and
possibly confusing.
TimWolla added a commit that referenced this pull request Aug 2, 2022
@TimWolla
Clean up nested exceptions without value-add in ext/random (#9211)
54e406c 
* Remove exception in Randomizer::shuffleBytes()

The only way that `php_binary_string_shuffle` fails is when the engine itself
fails. With the currently available list of engines we have:

- Mt19937            : Infallible.
- PcgOneseq128XslRr64: Infallible.
- Xoshiro256StarStar : Infallible.
- Secure             : Practically infallible on modern systems.
                       Exception messages were cleaned up in GH-9169.
- User               : Error when returning an empty string.
                       Error when seriously biased (range() fails).
                       And whatever Throwable the userland developer decides to use.

So the existing engines are either infallible or throw an Exception/Error with
a high quality message themselves, making this exception not a value-add and
possibly confusing.

* Remove exception in Randomizer::shuffleArray()

Same reasoning as in the previous commit applies.

* Remove exception in Randomizer::getInt()

Same reasoning as in the previous commit applies.

* Remove exception in Randomizer::nextInt()

Same reasoning as in the previous commit applies, except that it won't throw on
a seriously biased user engine, as `range()` is not used.

* Remove exception in Randomizer::getBytes()

Same reasoning as in the previous commit applies.

* Remove exception in Mt19937::generate()

This implementation is shared across all native engines. Thus the same
reasoning as the previous commits applies, except that the User engine does not
use this method. Thus is only applicable to the Secure engine, which is the
only fallible native engine.

* [ci skip] Add cleanup of Randomizer exceptions to NEWS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devnexen devnexen devnexen left review comments

@cmb69 cmb69 cmb69 approved these changes

Assignees

No one assigned

Labels

Extension: random

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TimWolla @devnexen @cmb69