Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87465 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16362 invoked from network); 31 Jul 2015 22:34:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 31 Jul 2015 22:34:37 -0000 Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.50 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.215.50 mail-la0-f50.google.com Received: from [209.85.215.50] ([209.85.215.50:32849] helo=mail-la0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BC/F4-24609-CF7FBB55 for ; Fri, 31 Jul 2015 18:34:36 -0400 Received: by labks4 with SMTP id ks4so6799548lab.0 for ; Fri, 31 Jul 2015 15:34:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PAG7LSuwPq5Dw3IROyGLAjDjk31iXRRwxTkazmVqd4w=; b=NN41oQQXtgNFaby2wsoWqlB0fEy6alfP1Uj7Xyuj6x0j923WqsrlD9LZ9LyB0Y/hqP HG8XjKxfNSpCng81WZcCk6ztP5FtB9R8/GNv6zR8bT8YkftWeJHLDqKy341PpY9ZCPWa xnKjtJ9vJ2z75NzMDLFmaQ485of7J/ahRSPgFjcHKdRtKI4Yq4JKetXK7zT1poQP0jfE NscBhahWbpuGnyWzUqcXDwPPBZRl4mqPOLBNVZSYkS3Y+ajnF1ca5+XT2AV1y8ycF5kk DFUsxWJsFf10o71ocTpHGlGdtCU1wb/fEXWAHCTpuHaCPZFp6eeANw9ku9HPP/8nxwIA K+wQ== MIME-Version: 1.0 X-Received: by 10.152.29.200 with SMTP id m8mr3512999lah.83.1438382072258; Fri, 31 Jul 2015 15:34:32 -0700 (PDT) Received: by 10.152.43.105 with HTTP; Fri, 31 Jul 2015 15:34:32 -0700 (PDT) In-Reply-To: References: Date: Sat, 1 Aug 2015 00:34:32 +0200 Message-ID: To: Sammy Kaye Powers , Nikita Popov , Anthony Ferrara Cc: PHP Internals Content-Type: multipart/alternative; boundary=089e0158c29c77e644051c336c63 Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 From: tyra3l@gmail.com (Ferenc Kovacs) --089e0158c29c77e644051c336c63 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Jul 14, 2015 at 11:04 PM, Sammy Kaye Powers wrote: > Hello lovely PHP nerds, > > There are two open PR's for PHP7 to modify the behavior of the CSPRNG's: > > https://github.com/php/php-src/pull/1397 (main discussion) > https://github.com/php/php-src/pull/1398 > > Currently the random_*() functions will issue a warning and return false = if > a good source of random cannot be found. This is a potential security hol= e > in the event the RNG fails and returns false which gets evaluated as 0 in= a > cryptographic context. > > To prevent this exploit the proposed behavior will throw an Exception whe= n > the RNG fails or certain argument validation fails. This also gives the > developer a graceful way to fall back to an alternate CSPRNG. > > Since the core functions in PHP don't throw Exceptions, there is debate o= n > whether or not this change should be implemented. Some say the CSPRNG's > should get a special pass since they will be relied on for cryptography. = If > we can't throw Exceptions, there were suggestions of raising a fatal erro= r > if the RNG fails. > > I think the argument can be boiled down to consistency vs security. We'd > love to hear your feedback to decide what we should do in this context. := ) > > Thanks, > Sammy Kaye Powers > sammyk.me > > Chicago, IL 60604 > I would vote for E_WARNING and return false. This can be wrapped in an oop wrapper in userland if somebody prefers and exception but would still keep the procedural style as first class citizen. Plus this would be consistent with other security/crypto related errors like mcrypt_encrypt() getting an invalid key/iv Nikita, Anthony what do you think? --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --089e0158c29c77e644051c336c63--