Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107300
Return-Path: <larry@garfieldtech.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9566 invoked from network); 23 Sep 2019 17:38:31 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 23 Sep 2019 17:38:31 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 3C1372CB267
	for <internals@lists.php.net>; Mon, 23 Sep 2019 08:17:11 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS11403 66.111.4.0/24
X-Spam-Virus: No
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp3.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 23 Sep 2019 08:17:10 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 10ABB2239F
	for <internals@lists.php.net>; Mon, 23 Sep 2019 11:17:10 -0400 (EDT)
Received: from imap26 ([10.202.2.76])
  by compute7.internal (MEProxy); Mon, 23 Sep 2019 11:17:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=XBcGaB
	D/qEGveisfk9DabSxHtB/Ebofb1eFD+Hrzd0U=; b=v4Uuhxln+ws0CF7E3ot4U0
	e7ZhHVoWOqME9IwRLbscpSIA4zuvxjjbD0SDuJF6U94e/Zj+8SNdfcAXv0xcpDEj
	6Z+yVLZedCjba83zoKYGORXSv/G5XFlT9gc5ic+krSqb292L/lInc5C0mcBmbYMp
	zTPaxH3+Ok0RDwd5evcbNVr56oWozNqDeQ69X/FVWGQ1iLP5HgJmKxZX7Hxyu23h
	FfdomFR2my6bNfOEukjIofyEfvjYs83l/T+VunDMArJu7TcraJjCqL6TgDvpJr/V
	KCfKdlSWpYyZPVP0qyxXm2HFkD/gFGq/fUfFHBiR0lCMGFb3DMWVw99psuyIaSbA
	==
X-ME-Sender: <xms:9eGIXdVUXy71bQ9bL5sayOe_07n7pyZt7aeobgPEZzyBZjob-JeJgQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdekgdekhecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgrrhhr
    hicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtghomh
    eqnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpphhhphdrnhgvthenucfrrghrrghm
    pehmrghilhhfrhhomheplhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtohhmnecuve
    hluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:9eGIXVUA9TcvOFqfzMy1syFgbsi_ZfSerDORFwyYRpobCyr2ZEVoDA>
    <xmx:9eGIXcf9WmAYakYj4rdU-fJ4nry3o19ujw2vNQCf7Mk9qMssg54wxw>
    <xmx:9eGIXeVYxFarhyYesq-3K9_N29uOWRwZfCXNnmqd_o2s3MHR0BijbA>
    <xmx:9uGIXTgxAK8TMTRw-NF9rEXrje3Ghrj0H8y7j1glnfsIn9URrD2ytA>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 8861D14200A1; Mon, 23 Sep 2019 11:17:09 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-238-g170a812-fmstable-20190913v1
Mime-Version: 1.0
Message-ID: <696dc114-c2df-40aa-aad6-5b87d4373c0e@www.fastmail.com>
In-Reply-To: 
 <CAF+90c_75x0ZoD63CoLXY3kUKNQQuR_HhaO998osHuzV7ZGXuw@mail.gmail.com>
References: <A91E718E-B023-42DC-AC8D-BC989F5A80E4@cschneid.com>
 <CAF+90c_75x0ZoD63CoLXY3kUKNQQuR_HhaO998osHuzV7ZGXuw@mail.gmail.com>
Date: Mon, 23 Sep 2019 08:16:49 -0700
To: "php internals" <internals@lists.php.net>
Content-Type: text/plain
X-Envelope-From: <larry@garfieldtech.com>
Subject: Re: [PHP-DEV] PHP 7.4 BC break with openssl_random_pseudo_bytes()
From: larry@garfieldtech.com ("Larry Garfield")

On Mon, Sep 23, 2019, at 6:01 AM, Nikita Popov wrote:
> On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider <cschneid@cschneid.com>
> wrote:
> 
> > Hi,
> > I just noted (too late in the process, I know) that
> > openssl_random_pseudo_bytes(0) now throws an exception.
> >
> > This breaks code like
> >         $ivsize = openssl_cipher_iv_length($method);
> >         $iv = openssl_random_pseudo_bytes($ivsize);
> >         $data = openssl_encrypt($string, $method, $key, OPENSSL_RAW_DATA,
> > $iv);
> > if $method is 'aes-256-ecb' because $ivsize is 0.
> >
> > I do realize that ECB mode ciphers are deprecated but having them throw an
> > exception indirectly via openssl_random_pseudo_bytes() seems a bit strange,
> > even in the context of security.
> >
> > I checked the RFC
> > https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes and it
> > doesn't mention this BC break:
> > "False-checks on the return value of openssl_random_pseudo_bytes() will do
> > nothing since the function fails closed. Usage of $crypto_strongwill
> > generate errors."
> >
> > While I would have preferred the exception to be thrown only when $ivsize
> > is not an integer or less than 0 but I guess this cannot be changed at the
> > RC stage.
> >
> > I would recommend though that we aim to keep BC breaks to what's mentioned
> > in RFCs.
> >
> 
> This was noted during the PR review in:
> https://github.com/php/php-src/pull/3649#discussion_r230598754 Especially
> in conjunction with your example, I think we should revert this part an
> make openssl_random_pseudo_bytes(0) return "" without exception or warning.
> Ideally we'd adjust random_bytes() to do the same.
> 
> Nikita

I cannot speak for OpenSSL,  but random_bytes() and random_int() were changed very late in the 7.0 cycle to throw exceptions so that they "fail closed".  Otherwise if you expect a random value back but get a constant value (false or empty string), if you don't remember to check it yourself every time then you now have a security hole because you're using a constant seed for random-dependent behavior.

That was a good change, and it should be kept that way, IMO.

--Larry Garfield