Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:106827
Return-Path: <qissolol@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67579 invoked from network); 1 Sep 2019 06:01:08 -0000
Received: from unknown (HELO mail-qt1-f181.google.com) (209.85.160.181)
  by pb1.pair.com with SMTP; 1 Sep 2019 06:01:08 -0000
Received: by mail-qt1-f181.google.com with SMTP id n7so12155533qtb.6
        for <internals@lists.php.net>; Sat, 31 Aug 2019 20:34:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=leocavalcante-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=X71mSvzdHjU9wQ0HKkqJV5F9vXIyx949KY4/iDJi1Fo=;
        b=fqeTNWXZ204Ne0y+vfrZDMnE86Vz97FNOduiKoMlYuxr4Y9cCv0TSxEx96YA7RtOUJ
         83dCpb8H1aJkw2BGbg3y1bCwWfGlgp/0/x7CdpeRk4/ONyqIbZi91PwrQaQ6k9wXtkf1
         L9MoxzdZ6TcyqDpaen3x4jg3RbUxn8gbZlCNnJJfMPq44bP5ndLRHymBMX6u5qRXTMYZ
         BLRxaui4rtYzzj6rnIEgbn2LChEkfhy3nr2AYQTEI80jPD5GkKH8ADfIehHtqxg03SmZ
         CX0uHHkPYwpbLHIrCnIYf98h3CKjtgFEaY9uAab/8Z7H0QoIfNnxF4ge3J6M1d0s/1Sd
         eonA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=X71mSvzdHjU9wQ0HKkqJV5F9vXIyx949KY4/iDJi1Fo=;
        b=Fq0th03ItfmdTJ0OdbhBBnVsHMaCs+UkgcwmP36OitT6tC1geaTGq1wDT2rGUVdJlr
         1LceCfFXZT4ZUY3f2vpDvAL48LmueqbcQKmL2qRLHSDEXgmnqU7FQwaPumJDFIu2VLIv
         S+yMEmDAWKBEZTwpaHnlksQhjb3LQQyqIAHFK+ijxvsMlU7kJ/S3cy0PyM+oEdwq2jDy
         Cwq93hzhLm2PaRGJpVyG+KeNP6akRBd6BHTf+ZFSyjevll72QUnHyOTujskAQKL1OORV
         t2+6alBlLIJAbn8udzJGvpdTawrcw0c6xDL5vyxZqbO+w5a1+J4TALY5B8iTdCdQuyia
         j4IA==
X-Gm-Message-State: APjAAAWkwBaIGmkqgpdXtvhEgtxNJPiSWAr1wb4WeOObnctHvZPkXntW
	y5f6Emfvo6QexoV435FMUac3e+gb2VBTA91vDYLPgA==
X-Google-Smtp-Source: APXvYqwdzNfJN6bQ0BNZomabbDY1pmn/hm4HQdNGd2lkWei/38tgLgkUjld+CeYiMFoDY1Yc0ZvSsDoSQR78a6r4sqs=
X-Received: by 2002:ac8:6717:: with SMTP id e23mr21908189qtp.27.1567308851378;
 Sat, 31 Aug 2019 20:34:11 -0700 (PDT)
MIME-Version: 1.0
Date: Sun, 1 Sep 2019 00:33:59 -0300
Message-ID: <CAAndJaSv9xH5JdSq_S0R14H+4DpD4Q8D+X4cW=2RRa-BayFpdQ@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/alternative; boundary="0000000000005700bd0591758713"
Subject: Handling over sized keys on OpenSSL
From: lc@leocavalcante.com (Leo Cavalcante)

--0000000000005700bd0591758713
Content-Type: text/plain; charset="UTF-8"

Hi Internals,
I just spent this entire Saturday debugging a code to discover that OpenSSL
truncates over sized keys.
Yeah, I was using a 256-bit length key with AES-128-CBC then trying to
decrypt it in another program never works.
Did some research I found that Ruby did it a few years ago
<https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1?fbclid=IwAR2W3mJEljXwedq4VkhWjkXO0fsiEliORsuPSN2YqOAhkZk1fGfC3CqkPaU>
.
And in fact, its better to throw or even warn/notice about it instead of
silently allowing it, *what you think?*
Regards,
Leo

--0000000000005700bd0591758713--