Merge branch 'PHP-8.1'

Author: devnexen

NEWS

@@ -34,6 +34,7 @@ PHP                                                                        NEWS
     notation to int. (Dennis Snell)
   . Enable arc4random_buf for Linux glibc 2.36 and onwards
     for the random_bytes. (Cristian Rodriguez)
+  . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
 
 07 Jul 2022, PHP 8.2.0alpha3
 

ext/standard/config.m4

@@ -403,6 +403,12 @@ dnl Check for arc4random on BSD systems
 dnl
 AC_CHECK_DECLS([arc4random_buf])
 
+dnl
+dnl Check for CCRandomGenerateBytes
+dnl header absent in previous macOs releases
+dnl
+AC_CHECK_HEADERS([CommonCrypto/CommonRandom.h])
+
 dnl
 dnl Check for argon2
 dnl

ext/standard/random.c

@@ -35,6 +35,10 @@
 #  include <sys/random.h>
 # endif
 #endif
+#if HAVE_COMMONCRYPTO_COMMONRANDOM_H
+# include <CommonCrypto/CommonCryptoError.h>
+# include <CommonCrypto/CommonRandom.h>
+#endif
 
 #if __has_feature(memory_sanitizer)
 # include <sanitizer/msan_interface.h>
@@ -94,6 +98,19 @@ PHPAPI int php_random_bytes(void *bytes, size_t size, bool should_throw)
 		}
 		return FAILURE;
 	}
+#elif HAVE_COMMONCRYPTO_COMMONRANDOM_H
+	/*
+	 * Purposely prioritized upon arc4random_buf for modern macOs releases
+	 * arc4random api on this platform uses `ccrng_generate` which returns
+	 * a status but silented to respect the "no fail" arc4random api interface
+	 * the vast majority of the time, it works fine ; but better make sure we catch failures
+	 */
+	if (CCRandomGenerateBytes(bytes, size) != kCCSuccess) {
+		if (should_throw) {
+			zend_throw_exception(zend_ce_exception, "Error generating bytes", 0);
+		}
+		return FAILURE;
+	}
 #elif HAVE_DECL_ARC4RANDOM_BUF && ((defined(__OpenBSD__) && OpenBSD >= 201405) || (defined(__NetBSD__) && __NetBSD_Version__ >= 700000001) || defined(__APPLE__) || defined(__GLIBC__))
 	arc4random_buf(bytes, size);
 #else