In File, length of returned values are not checked.

[defuse]

            $ivsize = \openssl_cipher_iv_length($config['CIPHER_METHOD']);
            $iv = \fread($inputHandle, $ivsize);
            if ($iv === false ) {
                throw new Ex\CannotPerformOperation(
                    'Cannot read input file'
                );
            }

None of the code below that checks if $iv is actually the correct length, so if EOF was encountered (or some other weird condition), we'll get a wrong size IV. The same bug probably exists for other parameters read from the file too.

[paragonie-scott]

Feel free to copy https://github.com/paragonie/halite/blob/b202f427062c29566b6ae09b1ee72b2bc1746d61/src/File.php#L667-L695 for file reads.

[paragonie-scott]

(Aside: I'm going to create a congruent method in Halite for file writes.)

[paragonie-scott]

Should be fixed in #129

[defuse]

This looks good, except for the issue in #145.