Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107294
Return-Path: <cschneid@cschneid.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75761 invoked from network); 23 Sep 2019 15:13:19 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 23 Sep 2019 15:13:19 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 28DAD2D19B3
	for <internals@lists.php.net>; Mon, 23 Sep 2019 05:51:42 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
	SUBJ_OBFU_PUNCT_FEW,SUBJ_OBFU_PUNCT_MANY autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS3215 2.0.0.0/16
X-Spam-Virus: No
Received: from mail.gna.ch (www.gna.ch [IPv6:2001:8a8:21:3::1:80])
	by php-smtp3.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Mon, 23 Sep 2019 05:51:41 -0700 (PDT)
Received: from [10.200.37.3] (unknown [217.192.174.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by darkcity.gna.ch (Postfix) with ESMTPSA id 52E8E21D9E
	for <internals@lists.php.net>; Mon, 23 Sep 2019 14:51:38 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-ID: <A91E718E-B023-42DC-AC8D-BC989F5A80E4@cschneid.com>
Date: Mon, 23 Sep 2019 14:51:37 +0200
To: PHP internals <internals@lists.php.net>
X-Mailer: Apple Mail (2.3445.104.11)
X-Envelope-From: <cschneid@cschneid.com>
Subject: PHP 7.4 BC break with openssl_random_pseudo_bytes()
From: cschneid@cschneid.com (Christian Schneider)

Hi,
I just noted (too late in the process, I know) that =
openssl_random_pseudo_bytes(0) now throws an exception.

This breaks code like
	$ivsize =3D openssl_cipher_iv_length($method);
	$iv =3D openssl_random_pseudo_bytes($ivsize);
	$data =3D openssl_encrypt($string, $method, $key, =
OPENSSL_RAW_DATA, $iv);
if $method is 'aes-256-ecb' because $ivsize is 0.

I do realize that ECB mode ciphers are deprecated but having them throw =
an exception indirectly via openssl_random_pseudo_bytes() seems a bit =
strange, even in the context of security.

I checked the RFC =
https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes and it =
doesn't mention this BC break:
"False-checks on the return value of openssl_random_pseudo_bytes() will =
do nothing since the function fails closed. Usage of $crypto_strongwill =
generate errors."

While I would have preferred the exception to be thrown only when =
$ivsize is not an integer or less than 0 but I guess this cannot be =
changed at the RC stage.

I would recommend though that we aim to keep BC breaks to what's =
mentioned in RFCs.

- Chris