Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:110212 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 32084 invoked from network); 19 May 2020 11:05:54 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 19 May 2020 11:05:54 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id DC6731804C4 for ; Tue, 19 May 2020 02:44:17 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS,T_SPF_HELO_PERMERROR autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS51395 185.32.220.0/22 X-Spam-Virus: No X-Envelope-From: Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 19 May 2020 02:44:16 -0700 (PDT) Received: from [192.168.0.185] (31-10-155-197.cgn.dynamic.upc.ch [31.10.155.197]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-10) with ESMTPSA id 04J9iBkF062393 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 19 May 2020 11:44:12 +0200 Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1589881452; bh=1hSxDNpxeWsqsn+h3Djp2vGP00apBdTN0Bq2aBetZ30=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=VHVzDxVC6PgCe1b9s2ZyH+94RzYSnHUIyBUw1lXYy5PRC7nwD6e/hx1Gf6ENkg7SJ YRWJDNxqinN7x+ZgfqmFGwpsk7qxV7NC8nDFQ6UAf6pJZwbSGvGGy/5FsHXu9QFCnM i+6OWv0goErVLrVdyQ1S5Niwt80ESbw03XMdAScU= To: Dan Ackroyd Cc: PHP internals References: <95831d80-baa0-a57c-e83a-bc34ae62ecf5@lear.ch> Autocrypt: addr=lear@lear.ch; prefer-encrypt=mutual; keydata= mQENBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAG0GUVsaW90IExlYXIgPGxlYXJAbGVhci5jaD6JAU4EEwECADgCGwMCHgECF4AWIQSY0L2Q Rh2wkqeyYR2HtmtG2dJ6MwUCWxJwMwULCQgHAgYVCAkKCwIEFgIDAQAKCRCHtmtG2dJ6M8KI B/46pFrJX+4Ockl2fHR303ais9Lyx8jv6mXKKOr8WR0UYcJ0syQrhaaZNG1VV98tYQHHK9F5 y7hH4YCsrr3odZ6zoavnx5X1X/2xw8y732f/irVoOOkYLid9IGPxa2e2nYXCZpde5/yvv3we XVE4mG4dEAD5T8iKS4Hz/3fKGJQ15o79Jv92HgC7RpCt0WaiQ0b6acP3PuwjDJzJzLFZzb7j IiB3izxQESSWE1GNRmoAK/k0gW6kmx1/87tQENrK+3Nn4CJSFQWF6entLnY7UeVm95wbMQkJ evwddDWUO2huDbmZnmxgKXGzSSpuNq7n8ICAOlbt0HfdJAZQfy25bwveuQENBFMe1UQBCAC0 WV7Ydbv95xYGPhthTdChBIpPtl7JPCV/c6/3iEmvjpfGuFNaK4Macj9le20EA5A1BH7PgLGo HOiPM65NysRpZ96RRVX3TNfLmhGMFr5hPOGNdq+xcGHVutmwPV9U7bKeUNRiPFx3YdEkExdd qV2E8FltT0x2FSKe2xszPPHB6gVtMckX5buI9p1K3fbVhXdvEkcYY/jB0JEJGyhS5aEbct5c HUvDAkT81/YFK5Jfg8RRwu1q1t1YuIJSOWAZQ9J9oUsg6D9RpClU+tIFBoe3iTp1AUfJcypu cGKgLYKtpu/aygcpQONHYkYW5003mPsrajFhReVF5veycMbHs4u5ABEBAAGJAR8EGAECAAkF AlMe1UQCGwwACgkQh7ZrRtnSejOSuQgA27p2rYB7Kh20dym6V8c62pWpBHHTgxr/32zevxHS iXl6xvUCg5T8WUwfUk8OvgDcBErK/blDAMXQzSg3sp450JhR8RnXHXF5Zz2T04X7HnlIVJGw f2CjnwyEAJCqMzaCmI+g3Imvg/8L4nyBFvhlFHDv+kIvMiujyycjPAu7xxKplBs1/IEwmDoA MjneFmawvfeQnwdMhSKK8PjKSuzGU5uUmxj3GBfRqvTM0qpmhMPFOmDhJSmH55HLAky2Mlmq JYXJPt/9EfSEhFiua1M6gLiuNEuPkp+8jcnHQqKr0IeHt8UqcwLt2mGfIyl0FVdF9hvWPjNR zGbgqoT1Di03RQ== Message-ID: <688cc886-394d-b245-d001-c5aefa332882@lear.ch> Date: Tue, 19 May 2020 11:44:08 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Subject: Re: [PHP-DEV] [RFC] Add CMS Support From: lear@lear.ch (Eliot Lear) Dan, thanks.  Please see below. On 18.05.20 13:49, Dan Ackroyd wrote: > On Mon, 18 May 2020 at 10:55, Eliot Lear wrote: >> there is an open question as >> to whether it should be an RFC > I don't think it should be. > > The questions and problems related to cryptography are far too > detailed for a useful conversation to be had for anyone who doesn't > understand them deeply. > > I certainly don't even understand all of the words in the RFC so won't > comment on most of it. > > This is the type of thing that is better handled by trusting > release-managers and subject matter experts. Ok. > >> Returns TRUE on success and FALSE on failure. > Have you considered using an exception for failures? > > First, having a cryptographic function fail is bad enough that it > needs to break control flow, aka it would be easy to forget to check > for false. If the $outfile already existed before the call, and the > error condition wasn't checked, that could lead to Bad things. > > Second, I imagine there are multiple possible reasons why a crypto > function could fail. If the error is just 'false', then there would be > no way of figuring out what the problem is. More details could be > provided in the message of an exception ("can't open file for > writing", "signkey wrong format" etc) which would avoid a significant > amount of frustration. On your second point, the designers of OpenSSL and the earlier work on the PHP interface agree with you, as do I.  That is why there is indeed an interface to return multiple errors that is already defined (openssl_error_string) that can be called repeatedly.  This is similar to other OpenSSL interfaces. On your first point, I might academically want to explore it, but then we should do so for the entire openssl interface. Eliot