Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:103336
Return-Path: <php@golemon.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 47238 invoked from network); 19 Oct 2018 17:47:17 -0000
Received: from unknown (HELO mail-qk1-f173.google.com) (209.85.222.173)
  by pb1.pair.com with SMTP; 19 Oct 2018 17:47:17 -0000
Received: by mail-qk1-f173.google.com with SMTP id 84-v6so21042081qkf.0
        for <internals@lists.php.net>; Fri, 19 Oct 2018 07:01:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=9Vl10gl/lE9ZoaVt5waWZVK2Wfs4shPCci2d98kfLUE=;
        b=lPL3IYoLPgXWbcVwKMARgMxiXg/CXXN8MBOY/ogdB7fvEVzzFjy6TcFZRT9YPRSIE9
         pW1IlMDeliECGOgzQREqP1mer0JkLhDDI/CAktA2Ki+E9Or1vsWHaMrDhig6HlHxW+/C
         IqekIwVPiJHYe4UbIZc5Kk1P25pQuLEn9u5QmlAEXSmut87At44dubQtO5zHEDyRAza8
         xka8Rkq0DEbaDbCK4OSZ/ipzZbm527EV7JiXi5sZAo6CeeUMJhKSftXmSZ00dZ844HeX
         t9Y3+9VtM+xTlLmhfXWwZ+is4NuEKDUVzb4bjkr3J+74iDsQBBio+zz0Z1s93mqVKF5/
         C0gw==
X-Gm-Message-State: ABuFfogruXDt+nmMwgqWbG7L86e9ULanzlRDAlCUkS2PZ48PKE1pvE0N
	cA1rwyzv/5OzANMOyvpTZMWPQSi8j4LJvB6+mwFAT7uChdo=
X-Google-Smtp-Source: ACcGV61uITlTQYVHg6NI1MVQz7nyOLqWU9wLDQt2hm+/VyYJeC42uW8Wj0dC+5C7rhgx19q7n60MfnFiOFLrGvq6KkY=
X-Received: by 2002:a37:a6d8:: with SMTP id p207-v6mr33595465qke.226.1539957670796;
 Fri, 19 Oct 2018 07:01:10 -0700 (PDT)
MIME-Version: 1.0
References: <CALYT1YoC4Us2Hwh+MGfBaUrx7CQ32krVBQ2M2xs414WTMC8veQ@mail.gmail.com>
 <CAEKnhAGhiRvvkoGHH+noSHxhADyBdLwOnbV5a2w3UVi7VY_B5w@mail.gmail.com>
In-Reply-To: <CAEKnhAGhiRvvkoGHH+noSHxhADyBdLwOnbV5a2w3UVi7VY_B5w@mail.gmail.com>
Date: Fri, 19 Oct 2018 09:00:59 -0500
Message-ID: <CAESVnVpsp_Ep9EtdQGCqDOZi6RzTGTRRQ_YoXuLCL8M=N8wSBw@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
Cc: Sammy Kaye Powers <me@sammyk.me>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] Alias openssl_random_pseudo_bytes() to php_random_bytes_throw()
From: pollita@php.net (Sara Golemon)

On Fri, Oct 19, 2018 at 4:28 AM Jakub Zelenka <bukka@php.net> wrote:
> On Fri, Oct 19, 2018 at 1:38 AM Sammy Kaye Powers <me@sammyk.me> wrote:
> > I wanted to propose aliasing openssl_random_pseudo_bytes() to
> > php_random_bytes_throw() in PHP 7.4 for the following reasons:
> >
>
Sorry, I'm with Jakub here, and for the largely the same reasons, but I'll add:

1) Magic.  Having something say: "I'm going to call OpenSSL for a
security related reason", then proceed to not call OpenSSL at all is
false advertising, for good or bad.
2) The point about the openssl function's poor return value stands,
but I would say we can trivially make that function throwing without
having to change its happy-path behavior.
3) I don't actually think making all sources of randomness the same is
good.  There's value in having random_bytes() *and* OpenSSL *and*
Sodium to hedge against weaknesses being discovered in any one of
them.

> > 1) Make openssl_random_pseudo_bytes() return bytes from
> > php_random_bytes_throw() causing the function to fail closed and never
> > returning false.
> >
-1 for reasons above and what Jakub's already said.
Per #2 above however, I support having openssl_random_psuedo_bytes()
throw on failure rather than merely return false.  A failure there
**should** break any code which isn't explicitly dealing with it.

> > 2) Deprecate the usage of the second pass-by-reference parameter and
> > remove in PHP 8.0. Until then, it always sets the value to true.
> >
>
+1

-Sara