Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103332 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 61421 invoked from network); 19 Oct 2018 09:15:42 -0000 Received: from unknown (HELO mail-ot1-f51.google.com) (209.85.210.51) by pb1.pair.com with SMTP; 19 Oct 2018 09:15:42 -0000 Received: by mail-ot1-f51.google.com with SMTP id l58so32103149otd.6 for ; Thu, 18 Oct 2018 22:29:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yVf3utLWzWbR9Nm7Os+H9MJSRbOMicyIwaZ3IkdMK9k=; b=ujIJnKSb14karAZpFbVKwP4qOlci6ANPzwsUoO88Ntk/LoL0FXqEdo5g9BK37SIiBZ 6gFIq7zhoXgC76rv8aoVrztzaUVX+SGCDZVNTE3zgyIMFgHhgnv/Ogeqfb2GQDKlnY9A EWfRSPNf6UR0kiRZFebGl/VFNFkOjJn5UD+hfAJrt8slTkY7il2vr+ETMOauiBpqUiAy CIXvoukGdrWki5svvTuHcS5hMtnAxQo/DU3NNifykbt7FvWN/SEDSmDVXt7VWvFXMhM6 sD/9Zgp+4DRd3uYYzRsm7IDzy99rJBiT7Q1OOILh86Dyryw1+g8AXoTTCBkflYTg/gju UJVA== X-Gm-Message-State: ABuFfoi6q27mtbLZrShzsSkYRYvq0ms13Ec8SUKI1dMz6nKzvkZZtIB9 Ru83thSoeYG+Aiia9ldobdeBIGb9UOUJI5/4v0jPxg== X-Google-Smtp-Source: ACcGV63wgsZeStJ7/TeR3FZPVpdfq2CM+Ef4umvnBLcifd6Cmm99vJycpsysl8oxj6NUEqpeRmXJlIknzyHKvDU3oJk= X-Received: by 2002:a9d:5c19:: with SMTP id o25mr7024088otk.264.1539926970198; Thu, 18 Oct 2018 22:29:30 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 19 Oct 2018 07:29:19 +0200 Message-ID: To: Sammy Kaye Powers Cc: Internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] Alias openssl_random_pseudo_bytes() to php_random_bytes_throw() From: kalle@php.net (Kalle Sommer Nielsen) Hi Sammy Den fre. 19. okt. 2018 kl. 02.38 skrev Sammy Kaye Powers : > 4) We get to consolidate our CSPRNG code in one place. This would make > it nice to be able to upgrade all the CSPRNG code to libsodium's > CSPRNG if we choose to in the future for example. I would prefer this, any instead of making it an alias or something, then just straight down deprecate it instead seems like a more flawless option to me. > The change I'm proposing would be to: > > 1) Make openssl_random_pseudo_bytes() return bytes from > php_random_bytes_throw() causing the function to fail closed and never > returning false. > 2) Deprecate the usage of the second pass-by-reference parameter and > remove in PHP 8.0. Until then, it always sets the value to true. > > Do you think this kind of change would warrant an RFC? It would. -- regards, Kalle Sommer Nielsen kalle@php.net