rfc:improve-openssl-random-pseudo-bytes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:improve-openssl-random-pseudo-bytes [2018/10/19 20:36] – add patch & update status sammykrfc:improve-openssl-random-pseudo-bytes [2018/11/16 18:24] – Mark as accepted sammyk
Line 3: Line 3:
   * Date: 2018-10-19   * Date: 2018-10-19
   * Author: Sammy Kaye Powers <sammyk@php.net>   * Author: Sammy Kaye Powers <sammyk@php.net>
-  * Status: Under Discussion+  * Implementation: https://github.com/php/php-src/pull/3649 
 +  * Status: Accepted
  
 ===== Introduction ===== ===== Introduction =====
-The ''openssl_random_pseudo_bytes()'' function is a wrapper for OpenSSL's [[https://www.openssl.org/docs/man1.0.2/crypto/RAND_bytes.html|''RAND_bytes'' CSPRNG]]. CSPRNG implementations should always fail closed, but ''openssl_random_pseudo_bytes()'' fails open pushing critical fail checks into userland. It also has an unnecessary second parameter that confuses the usage of the API.+The ''openssl_random_pseudo_bytes()'' function is a wrapper for OpenSSL's [[https://www.openssl.org/docs/man1.0.2/crypto/RAND_bytes.html|RAND_bytes CSPRNG]]. CSPRNG implementations should always fail closed, but ''openssl_random_pseudo_bytes()'' fails open pushing critical fail checks into userland. It also has an unnecessary second parameter that confuses the usage of the API.
  
 ===== The Fail-Open Problem ===== ===== The Fail-Open Problem =====
Line 77: Line 78:
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
 Requires a 2/3 majority Requires a 2/3 majority
 +
 +Voting started **2018-11-02 @ 19:30 UTC** and will close sometime around **2018-11-16 @ 19:30 UTC**
 +
 +==== Vote #1: Make openssl_random_pseudo_bytes() fail closed ====
 +
 +<doodle title="Make openssl_random_pseudo_bytes() fail closed" auth="sammyk" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
 +
 +==== Vote #2: Deprecate the usage of the $crypto_strong parameter ====
 +
 +<doodle title="Deprecate the usage of the $crypto_strong parameter" auth="sammyk" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
Line 90: Line 107:
 ===== References ===== ===== References =====
   - [[https://externals.io/message/103331|Initial discussion]]   - [[https://externals.io/message/103331|Initial discussion]]
 +  - [[https://externals.io/message/103345|Under-discussion announcement]]
  
 ===== Rejected Features ===== ===== Rejected Features =====
   - The original ping to @internals suggested aliasing ''openssl_random_pseudo_bytes()'' to ''random_bytes()'', but this was not received well so that idea got put in the bin.   - The original ping to @internals suggested aliasing ''openssl_random_pseudo_bytes()'' to ''random_bytes()'', but this was not received well so that idea got put in the bin.
rfc/improve-openssl-random-pseudo-bytes.txt · Last modified: 2019/01/11 10:18 by nikic

Page Tools