Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107309
Return-Path: <cschneid@cschneid.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95160 invoked from network); 24 Sep 2019 10:32:24 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 24 Sep 2019 10:32:24 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 2E0622CFF37
	for <internals@lists.php.net>; Tue, 24 Sep 2019 01:11:15 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS15623 62.12.128.0/17
X-Spam-Virus: No
Received: from mail.gna.ch (darkcity.gna.ch [62.12.172.119])
	by php-smtp3.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Tue, 24 Sep 2019 01:11:14 -0700 (PDT)
Received: from [10.0.1.55] (77-56-180-37.dclient.hispeed.ch [77.56.180.37])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by darkcity.gna.ch (Postfix) with ESMTPSA id 9AAB420EBC
	for <internals@lists.php.net>; Tue, 24 Sep 2019 10:11:12 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 24 Sep 2019 10:11:11 +0200
References: <A91E718E-B023-42DC-AC8D-BC989F5A80E4@cschneid.com>
 <CAF+90c_75x0ZoD63CoLXY3kUKNQQuR_HhaO998osHuzV7ZGXuw@mail.gmail.com>
 <696dc114-c2df-40aa-aad6-5b87d4373c0e@www.fastmail.com>
 <CAEZPtU7fCC=zkr1DxzL9ZaAZXbmNe0RBWvy1XM5tpEmwvPYCRg@mail.gmail.com>
To: php internals <internals@lists.php.net>
In-Reply-To: <CAEZPtU7fCC=zkr1DxzL9ZaAZXbmNe0RBWvy1XM5tpEmwvPYCRg@mail.gmail.com>
Message-ID: <83A8831C-1570-4E62-BF37-06774C5FB26D@cschneid.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Envelope-From: <cschneid@cschneid.com>
Subject: Re: RFCs should mention all BC breaks (was Re: [PHP-DEV] PHP 7.4 BC
 break with openssl_random_pseudo_bytes())
From: cschneid@cschneid.com (Christian Schneider)

Am 24.09.2019 um 06:18 schrieb Pierre Joye <pierre.php@gmail.com>:
> On Mon, Sep 23, 2019 at 10:17 PM Larry Garfield =
<larry@garfieldtech.com> wrote:
>=20
>> I cannot speak for OpenSSL,  but random_bytes() and random_int() were =
changed very late in the 7.0 cycle to throw exceptions so that they =
"fail closed".  Otherwise if you expect a random value back but get a =
constant value (false or empty string), if you don't remember to check =
it yourself every time then you now have a security hole because you're =
using a constant seed for random-dependent behavior.
>>=20
>> That was a good change, and it should be kept that way, IMO.
>=20
> Fully agree. This is actually pretty the only way to handle errors
> with these functions. Anything else creates a risk that we could have
> easily prevented.


The main point of my original mail was stripped so I changed the subject =
to emphasise what I really care about.

So here is my question: Am I the only one who thinks BC breaks should be =
fully covered in an RFC before voting?

Regards,
- Chris