Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87175 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99990 invoked from network); 15 Jul 2015 08:28:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Jul 2015 08:28:14 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.175 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.160.175 mail-yk0-f175.google.com Received: from [209.85.160.175] ([209.85.160.175:34149] helo=mail-yk0-f175.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6F/70-27477-C9916A55 for ; Wed, 15 Jul 2015 04:28:12 -0400 Received: by ykax123 with SMTP id x123so30159141yka.1 for ; Wed, 15 Jul 2015 01:28:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=md0Sc85EedFG2t/lwbg5iU7dBReIatQZvH7OL4G5vaY=; b=N0G73G/jK6HpGR1CuPolbmTrj2h/IsVSLzpOOT7coK5TsBLliMSGEeeubolLqy6nx9 mjTK6lQ88ZBCjNtSk/CoVB1Xf3BNrCZKgNesAQCmj7jd75ppqKCmAnLYMFmXsci1iHfi WgnHfjf+WtEofwJyECMqN8TlOUnY15gA3Y8PJLZTB8mhjGDUbH2tULPGPeFJmAuL66JE MHiutRLhLwcRA9792fpAGLvz5Ozr3tbLMgESyRL2uiXP07ri1WPktoSO3aH6gk4lIMEV V2KbTVpCrZmYJ0ujIvFxCo5datdIVPMIjT9Y5F85Yy4/vX/fqQ+fgxlO3i47l3UHZZ8h 3LVw== X-Received: by 10.129.98.198 with SMTP id w189mr2884778ywb.32.1436948888343; Wed, 15 Jul 2015 01:28:08 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.129.40.77 with HTTP; Wed, 15 Jul 2015 01:27:28 -0700 (PDT) In-Reply-To: References: Date: Wed, 15 Jul 2015 17:27:28 +0900 X-Google-Sender-Auth: HsqkPQNxhwHnMycF36GrOQqF-mA Message-ID: To: Sammy Kaye Powers Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a114713b80cdc0a051ae5bc1b Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a114713b80cdc0a051ae5bc1b Content-Type: text/plain; charset=UTF-8 Hi Sammy, On Wed, Jul 15, 2015 at 6:04 AM, Sammy Kaye Powers wrote: > There are two open PR's for PHP7 to modify the behavior of the CSPRNG's: > > https://github.com/php/php-src/pull/1397 (main discussion) > https://github.com/php/php-src/pull/1398 > > Currently the random_*() functions will issue a warning and return false if > a good source of random cannot be found. This is a potential security hole > in the event the RNG fails and returns false which gets evaluated as 0 in a > cryptographic context. > > To prevent this exploit the proposed behavior will throw an Exception when > the RNG fails or certain argument validation fails. This also gives the > developer a graceful way to fall back to an alternate CSPRNG. > > Since the core functions in PHP don't throw Exceptions, there is debate on > whether or not this change should be implemented. Some say the CSPRNG's > should get a special pass since they will be relied on for cryptography. If > we can't throw Exceptions, there were suggestions of raising a fatal error > if the RNG fails. > > I think the argument can be boiled down to consistency vs security. We'd > love to hear your feedback to decide what we should do in this context. :) > I prefer exception rather than error. However, I would not like to see exception in "some" functions. It's whether we use exception for builtin functions or not. I understand the risk, but users should handle all errors properly to be secure anyway. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a114713b80cdc0a051ae5bc1b--