rfc:improve-openssl-random-pseudo-bytes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:improve-openssl-random-pseudo-bytes [2018/10/19 20:36]
sammyk add patch & update status
rfc:improve-openssl-random-pseudo-bytes [2019/01/11 10:18] (current)
nikic Implemented
Line 3: Line 3:
   * Date: 2018-10-19   * Date: 2018-10-19
   * Author: Sammy Kaye Powers <sammyk@php.net>   * Author: Sammy Kaye Powers <sammyk@php.net>
-  * Status: Under Discussion+  * Implementation: https://github.com/php/php-src/pull/3649 
 +  * Status: Implemented (in PHP 7.4)
  
 ===== Introduction ===== ===== Introduction =====
-The ''openssl_random_pseudo_bytes()'' function is a wrapper for OpenSSL's [[https://www.openssl.org/docs/man1.0.2/crypto/RAND_bytes.html|''RAND_bytes'' CSPRNG]]. CSPRNG implementations should always fail closed, but ''openssl_random_pseudo_bytes()'' fails open pushing critical fail checks into userland. It also has an unnecessary second parameter that confuses the usage of the API.+The ''openssl_random_pseudo_bytes()'' function is a wrapper for OpenSSL's [[https://www.openssl.org/docs/man1.0.2/crypto/RAND_bytes.html|RAND_bytes CSPRNG]]. CSPRNG implementations should always fail closed, but ''openssl_random_pseudo_bytes()'' fails open pushing critical fail checks into userland. It also has an unnecessary second parameter that confuses the usage of the API.
  
 ===== The Fail-Open Problem ===== ===== The Fail-Open Problem =====
Line 77: Line 78:
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
 Requires a 2/3 majority Requires a 2/3 majority
 +
 +Voting started **2018-11-02 @ 19:30 UTC** and will close sometime around **2018-11-16 @ 19:30 UTC**
 +
 +==== Vote #1: Make openssl_random_pseudo_bytes() fail closed ====
 +
 +<doodle title="Make openssl_random_pseudo_bytes() fail closed" auth="sammyk" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
 +
 +==== Vote #2: Deprecate the usage of the $crypto_strong parameter ====
 +
 +<doodle title="Deprecate the usage of the $crypto_strong parameter" auth="sammyk" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
Line 90: Line 107:
 ===== References ===== ===== References =====
   - [[https://externals.io/message/103331|Initial discussion]]   - [[https://externals.io/message/103331|Initial discussion]]
 +  - [[https://externals.io/message/103345|Under-discussion announcement]]
  
 ===== Rejected Features ===== ===== Rejected Features =====
   - The original ping to @internals suggested aliasing ''openssl_random_pseudo_bytes()'' to ''random_bytes()'', but this was not received well so that idea got put in the bin.   - The original ping to @internals suggested aliasing ''openssl_random_pseudo_bytes()'' to ''random_bytes()'', but this was not received well so that idea got put in the bin.
rfc/improve-openssl-random-pseudo-bytes.1539981417.txt.gz · Last modified: 2018/10/19 20:36 by sammyk