php · TimWolla · Jan 23, 2023 · Jan 21, 2023 · Jan 23, 2023 · Jan 23, 2023
diff --git a/NEWS b/NEWS
@@ -101,6 +101,8 @@ PHP                                                                        NEWS
   . Make array_pad's $length warning less confusing. (nielsdos)
   . E_WARNING emitted by strtok in the caase both arguments are not provided when
     starting tokenisation. (David Carlier)
+  . password_hash() will now chain the original RandomException to the ValueError
+    on salt generation failure. (timwolla)
 
 - Streams:
   . Fixed bug #51056: blocking fread() will block even if data is available.

diff --git a/UPGRADING b/UPGRADING
@@ -69,6 +69,8 @@ PHP 8.3 UPGRADE NOTES
     can have. Before, it was only possible to add at most 1048576 elements at a
     time.
   . strtok() raises a warning in the case token is not provided when starting tokenization.
+  . password_hash() will now chain the underlying Random\RandomException
+    as the ValueError’s $previous Exception when salt generation fails.
 
 ========================================
 6. New Functions

@@ -83,7 +83,7 @@ static zend_string* php_password_make_salt(size_t length) /* {{{ */
 	}
 
 	buffer = zend_string_alloc(length * 3 / 4 + 1, 0);
-	if (FAILURE == php_random_bytes_silent(ZSTR_VAL(buffer), ZSTR_LEN(buffer))) {
+	if (FAILURE == php_random_bytes_throw(ZSTR_VAL(buffer), ZSTR_LEN(buffer))) {
 		zend_value_error("Unable to generate salt");
 		zend_string_release_ex(buffer, 0);
 		return NULL;