archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

session: Remove PS_EXTRA_RAND_BYTES (#10394)

Browse source 
This was introduced in 3467526a65 and the
corresponding RFC gives some reasoning. However the CSPRNG being “not secure
enough” is not a thing and reading these extra bytes is just security theater:

If the CSPRNG would hypothetically be broken, then PHP’s session IDs are the
least of one’s concerns, because we already trust it in `random_bytes()` and
might generate long-term secrets using that.
This commit is contained in:
Tim Düsterhus 2023-01-23 14:42:32 +01:00 committed by GitHub
parent bf5fdbd3a8
commit d9c2cf7e3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ext/session/session.c
View file

@ -306,17 +306,14 @@ static void bin_to_readable(unsigned char *in, size_t inlen, char *out, size_t o
}
/* }}} */
#define PS_EXTRA_RAND_BYTES 60
PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
{
unsigned char rbuf[PS_MAX_SID_LENGTH + PS_EXTRA_RAND_BYTES];
unsigned char rbuf[PS_MAX_SID_LENGTH];
zend_string *outid;
/* It would be enough to read ceil(sid_length * sid_bits_per_character / 8) bytes here.
* We read sid_length bytes instead for simplicity. */
/* Read additional PS_EXTRA_RAND_BYTES just in case CSPRNG is not safe enough */
if (php_random_bytes_throw(rbuf, PS(sid_length) + PS_EXTRA_RAND_BYTES) == FAILURE) {
if (php_random_bytes_throw(rbuf, PS(sid_length)) == FAILURE) {
return NULL;
}