Den 2019-11-06 kl. 20:44, skrev Jakub Zelenka:
On Wed, Oct 30, 2019 at 6:33 PM Jakub Zelenka wrote:
On Wed, 30 Oct 2019, 18:32 Jakub Zelenka, wrote:
On Mon, 23 Sep 2019, 14:02 Nikita Popov, wrote:
On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider <
cschn...@cschneid.com>
wrote:
Hi,
On Wed, 6 Nov 2019 at 19:44, Jakub Zelenka wrote:
> I have to say that the RFC wasn't really well done as the implementation
> followed which caused this omission. We should really look properly to the
> implementation when creating RFC so it's more detailed and doesn't cause
> omission like this
On Wed, Oct 30, 2019 at 6:33 PM Jakub Zelenka wrote:
>
>
> On Wed, 30 Oct 2019, 18:32 Jakub Zelenka, wrote:
>
>>
>>
>> On Mon, 23 Sep 2019, 14:02 Nikita Popov, wrote:
>>
>>> On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider <
>>> cschn...@cschneid.com>
>>> wrote:
>>>
>>> > Hi,
>>> > I just no
On Wed, 30 Oct 2019, 18:32 Jakub Zelenka, wrote:
>
>
> On Mon, 23 Sep 2019, 14:02 Nikita Popov, wrote:
>
>> On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider <
>> cschn...@cschneid.com>
>> wrote:
>>
>> > Hi,
>> > I just noted (too late in the process, I know) that
>> > openssl_random_pseudo_by
On Mon, 23 Sep 2019, 14:02 Nikita Popov, wrote:
> On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider >
> wrote:
>
> > Hi,
> > I just noted (too late in the process, I know) that
> > openssl_random_pseudo_bytes(0) now throws an exception.
> >
> > This breaks code like
> > $ivsize = opens
Am 25.09.2019 um 03:47 schrieb Pierre Joye :
> The question is also about what is a BC break, f.e is changing error level
> a BC break? or the return value on error?
This seems to be a complicated question but I think if we boil it down to a
guideline instead of a hard rule it is not that hard
On Tue, Sep 24, 2019, 3:11 PM Christian Schneider
wrote:
>
> So here is my question: Am I the only one who thinks BC breaks should be
> fully covered in an RFC before voting?
>
If I am not mistaken this is the rule yes. A specific section should exist
to list BC breaks.
Also a BC break is not
On Tue, 24 Sep 2019 at 15:26, Larry Garfield wrote:
> And no, random_int(0,0) does what it says on the tin: return a random int
> between 0 and 0. If you call it that way, well, it's your own PEBCAK. But
> it throws an exception if the underlying sources of entropy are not working
> for some re
On Mon, Sep 23, 2019, at 11:34 AM, Christian Schneider wrote:
> Am 23.09.2019 um 17:16 schrieb Larry Garfield :
> > I cannot speak for OpenSSL, but random_bytes() and random_int() were
> > changed very late in the 7.0 cycle to throw exceptions so that they "fail
> > closed". Otherwise if you ex
Am 24.09.2019 um 06:18 schrieb Pierre Joye :
> On Mon, Sep 23, 2019 at 10:17 PM Larry Garfield
> wrote:
>
>> I cannot speak for OpenSSL, but random_bytes() and random_int() were
>> changed very late in the 7.0 cycle to throw exceptions so that they "fail
>> closed". Otherwise if you expect a
On Mon, Sep 23, 2019 at 10:17 PM Larry Garfield wrote:
> I cannot speak for OpenSSL, but random_bytes() and random_int() were changed
> very late in the 7.0 cycle to throw exceptions so that they "fail closed".
> Otherwise if you expect a random value back but get a constant value (false
> o
Hello,
"A little side-node: random_int(0, 0) does not throw an exception which
makes random_bytes and random_int inconsistent by your logic ;-)"
not really; there are still different functions; hence they can differ in
their behavior; + that's not a matter of individual logic but an api
choice; e
Am 23.09.2019 um 17:16 schrieb Larry Garfield :
> I cannot speak for OpenSSL, but random_bytes() and random_int() were changed
> very late in the 7.0 cycle to throw exceptions so that they "fail closed".
> Otherwise if you expect a random value back but get a constant value (false
> or empty s
On Mon, Sep 23, 2019, at 6:01 AM, Nikita Popov wrote:
> On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider
> wrote:
>
> > Hi,
> > I just noted (too late in the process, I know) that
> > openssl_random_pseudo_bytes(0) now throws an exception.
> >
> > This breaks code like
> > $ivsize = op
On Mon, Sep 23, 2019 at 2:52 PM Christian Schneider
wrote:
> Hi,
> I just noted (too late in the process, I know) that
> openssl_random_pseudo_bytes(0) now throws an exception.
>
> This breaks code like
> $ivsize = openssl_cipher_iv_length($method);
> $iv = openssl_random_pseudo_b
Hi,
I just noted (too late in the process, I know) that
openssl_random_pseudo_bytes(0) now throws an exception.
This breaks code like
$ivsize = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivsize);
$data = openssl_encrypt($string, $method, $key, OP
16 matches
Mail list logo
