Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87959 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66787 invoked from network); 31 Aug 2015 20:13:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 31 Aug 2015 20:13:30 -0000 Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.178 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.213.178 mail-ig0-f178.google.com Received: from [209.85.213.178] ([209.85.213.178:34267] helo=mail-ig0-f178.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8A/63-39890-965B4E55 for ; Mon, 31 Aug 2015 16:13:30 -0400 Received: by igui7 with SMTP id i7so64087257igu.1 for ; Mon, 31 Aug 2015 13:13:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=2P8d4D03w70m7kfC2w99JPiFmWRwtnxLEqWWtQ4YNOc=; b=0bfTKD3PtNR1W6Zy5Vw2i66prP80bXwaaDXUiqCPlSqKkJ2NRt0rkK5PfqhIdPkjg6 9DlBNBje/FUMQf1DEAr4P38/fY267FobWmjPB2NVjHsVwetDTFQ6IWCOZfSKgHQ6ug5k xLyPH7XP1Vgyo/qPwMdR3pF2xCtx0T8DllZzehJLwg2buEfu5wpHTuDRAuKD34aBT8P4 Bc6bNTO2tpBWzZY9iTq7tojkNS/Aa8Mg+xR21UHsUl6cTzIJoV9fMv+ErhCnsMmoqI1f S4li2p/SZ56Zb8vXUhK/WaNSgasy8tceHMpNy0a6qfiwGfTP1EUkt7/7O8LREFDgbNjl FFbA== MIME-Version: 1.0 X-Received: by 10.50.114.100 with SMTP id jf4mr401282igb.94.1441052006494; Mon, 31 Aug 2015 13:13:26 -0700 (PDT) Sender: jakub.php@gmail.com Received: by 10.107.155.70 with HTTP; Mon, 31 Aug 2015 13:13:26 -0700 (PDT) In-Reply-To: <020801d0e3de$a8be40f0$fa3ac2d0$@belski.net> References: <020801d0e3de$a8be40f0$fa3ac2d0$@belski.net> Date: Mon, 31 Aug 2015 21:13:26 +0100 X-Google-Sender-Auth: NHuL_dK2qSSh4i0ItGi8DnMDy4U Message-ID: To: Anatol Belski Cc: PHP internals list , Ferenc Kovacs , Pierre Joye Content-Type: multipart/alternative; boundary=047d7b414316f357a3051ea110dd Subject: Re: [PHP-DEV] openssl_seal new param From: bukka@php.net (Jakub Zelenka) --047d7b414316f357a3051ea110dd Content-Type: text/plain; charset=UTF-8 Hi Anatol, On Mon, Aug 31, 2015 at 12:17 PM, Anatol Belski wrote: > > > Hi, > > > > I have been looking to https://bugs.php.net/bug.php?id=60632 which is > about > > failing (segfaulting) openssl_seal when used with cipher alg that > requires IV (e.g. > > AES-128-CBC). I think that the patch looks reasonable from the quick > look. > > > > The only question and the reason why I'm sending this here is if > everyone (and > > mainly Ferenc ) is ok with adding new ref arg to openssl_seal that will > return iv > > to 5.6? So the definition is: > > > > int openssl_seal ( string $data , string &$sealed_data , array > &$env_keys , array > > $pub_key_ids [, string $method[, string &$iv ]] ) > > > > (the last iv is new). There would be also a new param for openssl_open > that > > would allow to pass that IV for opening sealed data. > > > > Alternatively we could just disable IV ciphers in 5.6 to at least > prevent the > > segfault and add it to 7 if Anatol and Kalle are ok with that or 7.1 if > not :) ? > > > Were it possible to list the ciphers that are affected? IMHO adding the IV > arg were fine for 7.0 if there are many ciphers affected (say 1/3 of them), > otherwise just checking EVP_CIPHER_iv_length() and returning false were > appropriate with a subsequent proper fix flowing into 7.1. > > It's actually about cipher algorithms (cipher + mode) where the IV is required by the mode en/decryption. Basically all modes except ECB require IV. There also are some archaic ciphers that don't have mode defined which is equal ECB (example is default example cipher for rc4). If you do php -r 'print_r(openssl_get_cipher_methods());' you will see that there are more than 80% of cipher algs requiring IV. The main thing is that openssl_seal doesn't have a practical usage at the moment if you encrypt (seal) a message longer than one block size because there is a risk of reply attack. The patch is self contained so I think that it shouldn't be a big issue for 7.0 if you are fine with that? About 5.6 I'm not really sure. I'm not a big fun of changing signature in the later stages of point release. It could be also a small motivation for updating to 7. So probably best to disable IV ciphers for 5.6 just to fix the segfault. If anyone doesn't have any objection and you are ok with adding new param to 7, I will go for it. > > There also is an another thing for TS Win build (probably question for > Anatol and > > Pierre :) ). The thing is that EVP_SealInit uses internally RAND_bytes. > IIRC there is > > some locking issue with openssl RAND on TS win ( the reason why > > openssl_random_pseudo_bytes uses Win random) so I was wondering if it > > should be disabled on win? The thing is that it is already a case for > other > > functions. One example is generating key params in > > openssl_pkey_new: > > > > openssl_pkey_new(array( 'dh'=> array( 'p' => $bin_prime, 'g' => '2' ))); > > > > This will also call RAND_bytes when generating priv key. > > > If you look into crypto/rand/rand_lib.c within the openssl src - it is not > thread safe even in 1.0.2 branch. It is a good catch, but has only to do > with the thread safety. And the issue is exactly that there is no locking > around RAND_bytes() affected codes in PHP. So the issue is cross platform. > > A quick solution could be using the mutex functionality exported from TSRM > (tsrm_mutex_*() functions) in the thread safe builds for affected functions. > > > Yeah I was thinking about that after I sent an email yesterday. I will check if there are more places where this can be an issue and try to put together a patch. Cheers Jakub --047d7b414316f357a3051ea110dd--