Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72894 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 509 invoked from network); 2 Mar 2014 01:50:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Mar 2014 01:50:21 -0000 Authentication-Results: pb1.pair.com smtp.mail=theanomaly.is@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=theanomaly.is@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.181 as permitted sender) X-PHP-List-Original-Sender: theanomaly.is@gmail.com X-Host-Fingerprint: 209.85.212.181 mail-wi0-f181.google.com Received: from [209.85.212.181] ([209.85.212.181:64545] helo=mail-wi0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EE/70-30643-B5E82135 for ; Sat, 01 Mar 2014 20:50:19 -0500 Received: by mail-wi0-f181.google.com with SMTP id hi5so1938157wib.14 for ; Sat, 01 Mar 2014 17:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rq4klejoIOgFIeXmHPg+P29F9oRWYkIlHUSdL3n0SpI=; b=OerSHcrWYQOIs/FW3DnKQbDRDsx9KqRAoTQhy0kO1T+VyT8YtJf81ERNvVXmBJ1mQg Ihq0MIKlcc7OwcLIrtEP9SuslECgAzJaK+efzD5/8h6S7gD6T1BQhlx2h1uS/RRedAwG KHgcPFWkD2DuyG/rSvdzvp8x47G3AIwtdrZuvJ9Dv6AJ8sboKTuRgaJMhzal/qZYOtbV G+Ie418b6sgxGF3/wJwgT5qOgDBGht/T5gD40CbtqgLMCM6OgiNWIzbVSU+uKy1ZXt+n 2k8i0Ca8rNeUQuFa4sBa2DWhB0jLhcVDE6b9BEcmyOGFx4t024x0rZk5Ec9NPSv+7C5s COTg== MIME-Version: 1.0 X-Received: by 10.180.19.69 with SMTP id c5mr8506641wie.7.1393725015893; Sat, 01 Mar 2014 17:50:15 -0800 (PST) Received: by 10.227.24.136 with HTTP; Sat, 1 Mar 2014 17:50:15 -0800 (PST) In-Reply-To: References: Date: Sat, 1 Mar 2014 20:50:15 -0500 Message-ID: To: Nikita Popov Cc: PHP internals Content-Type: multipart/alternative; boundary=bcaec53d5a8b7cad7304f395e402 Subject: Re: [PHP-DEV] Stricter error handling in mcrypt extension From: theanomaly.is@gmail.com (Sherif Ramadan) --bcaec53d5a8b7cad7304f395e402 Content-Type: text/plain; charset=ISO-8859-1 On Sat, Mar 1, 2014 at 7:12 PM, Nikita Popov wrote: > Hi internals! > > I would like to add a number of additional error checks in > php_mcrypt_do_crypt - which affects the mcrypt_encrypt, mcrypt_decrypt and > mcrypt_{BLOCK_CHAINING_MODE} userland functions. > > The proposed changes are: > * Throw a warning and return bool(false) if the IV size is invalid. The > old behavior was to throw a warning and use a NUL-byte IV. > * Throw a warning and return bool(false) if no IV was specified, but the > block chaining mode requires an IV. The old behavior was to throw a warning > and use a NUL-byte IV. > * Throw a warning and return bool(false) if the key size is invalid. The > old behavior was to **silently** pad the string to the next valid key size > with NUL bytes or, if the key is too long, to throw a warning and truncate > it to the maximum valid key size. > > An implementation of these changes can be found in the PR > https://github.com/php/php-src/pull/610. > > The reason why I'd like to make the mcrypt input handling stricter is to > ensure that incorrectly implemented encryption will fail and fail > violently. With the current lax input checking it is very easy to > completely compromise confidentiality through simple mistakes - like using > a password as the encryption key. > > Thanks, > Nikita > > PS: I'm running this change by the list because stricter error handling is > technically a BC break. Of course this change is targeting PHP 5.6 only. > I think that's a good idea given the number of people I've heard complaints from about confusion around using mcrypt and the default NUL-byte IV. My only concern is, isn't it a bit late in the game to push this to 5.6? Or is that when we're at beta? Overall I think it's a smart change though despite the BC. --bcaec53d5a8b7cad7304f395e402--