On Mon, Sep 23, 2019, at 11:34 AM, Christian Schneider wrote: > Am 23.09.2019 um 17:16 schrieb Larry Garfield <la...@garfieldtech.com>: > > I cannot speak for OpenSSL, but random_bytes() and random_int() were > > changed very late in the 7.0 cycle to throw exceptions so that they "fail > > closed". Otherwise if you expect a random value back but get a constant > > value (false or empty string), if you don't remember to check it yourself > > every time then you now have a security hole because you're using a > > constant seed for random-dependent behavior. > > I see your point but I'm still not convinced that it is worth the BC. > But whatever is decided for this specific change, I'm more interested > in handling this properly for future RFCs, i.e. people should get the > full picture concerning BC before voting. > > A little side-node: random_int(0, 0) does not throw an exception which > makes random_bytes and random_int inconsistent by your logic ;-) > > - Chris
Er. Leaving random_bytes() as is has no BC break, kinda by definition. I was arguing that changing it to return false would be a Very Bad Thing(tm). And no, random_int(0,0) does what it says on the tin: return a random int between 0 and 0. If you call it that way, well, it's your own PEBCAK. But it throws an exception if the underlying sources of entropy are not working for some reason, rather than returning something that can easily be mistaken for a valid integer. random_*() are Doing It Right(tm). Don't change them. :-) --Larry Garfield -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
