Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:110691
Return-Path: <ekohler@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50717 invoked from network); 21 Jun 2020 14:25:49 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 21 Jun 2020 14:25:49 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 5F27F1804E1
	for <internals@lists.php.net>; Sun, 21 Jun 2020 06:12:29 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_20,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <ekohler@gmail.com>
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun, 21 Jun 2020 06:12:28 -0700 (PDT)
Received: by mail-wm1-f52.google.com with SMTP id l17so12493242wmj.0
        for <internals@lists.php.net>; Sun, 21 Jun 2020 06:12:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=p7nDKntD08tMIhr8UxMd03TPrn3K6pMdsDEIIOpfQqw=;
        b=LT+g5/qv27DpSO3AO/ZgEoLfmzOY3Eo+RGCMHcjiCqB1p7JO2Cb9lUZnMWnHWmPv6k
         VfuZzbuWIsy7XfYfIkGLxmW71wRozu3AA2k9wH4Rh9S85tP1Ytpoi1uHp0ZHXYzWpkRh
         QEP5OF/pXs7VN0kRvbOAFbWyf/46f7WmdBy1rhatJk9pgV8nM59LMy3CemhLSCW/RBhU
         Ea8avKL7e8/GAxKqQDNMKhZUP+W/t/4LX68Ia3wXOidpz8NfmWQL2g7AZXJM64eq6kK4
         OdDXdbB9sfj43lukUtId0tvlHqFbyUFgBjpE8Ygcp9fAL1hpSiA3S22Ctm7GxLnXXg29
         V1GQ==
X-Gm-Message-State: AOAM532YP7UEkqkvOT9FLVpOhfw+Udd8hUVG72ql1f+NBxOMDetsWuCd
	b6/P3OteboUBu/Xs0Xkyqfx4uPKUKg21s9YPBSk=
X-Google-Smtp-Source: ABdhPJzSBJlYWzzXci/dqutlDohoJZh/RmG1+50NisZZi0wpAM9fMKV/5eaxsBJr620WZ80+BK+B+3+5VfbAUliQSzE=
X-Received: by 2002:a7b:ce15:: with SMTP id m21mr13551494wmc.117.1592745145135;
 Sun, 21 Jun 2020 06:12:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAF0C5SL8c_2TGPKCxo37nbRseA=2ZLoQBtUzZ01DDTgmJNSC8A@mail.gmail.com>
 <aabd8ab36a5894b06bbcb284dc18b56cafaf852e.camel@schlueters.de>
 <CAF0C5S+920VXCk5ba5KoyYT-8-GmH-xtTPquD4b3_Z=mTTJkVA@mail.gmail.com> <CAESVnVrpmL3pYHwx973CZMhvAEMEWVijUiXoHt4mdyYi9aGjpg@mail.gmail.com>
In-Reply-To: <CAESVnVrpmL3pYHwx973CZMhvAEMEWVijUiXoHt4mdyYi9aGjpg@mail.gmail.com>
Date: Sun, 21 Jun 2020 09:12:14 -0400
Message-ID: <CAF0C5S+Nufs0ZtT8BpHMET36=wUJ=5MU3=v+5uGX2yi10nwb=A@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
Cc: Eddie Kohler <kohler@seas.harvard.edu>, =?UTF-8?Q?Johannes_Schl=C3=BCter?= <johannes@schlueters.de>, 
	PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000097f53e05a897e0df"
Subject: Re: [PHP-DEV] New functions `hash_serialize` and `hash_unserialize`?
From: kohler@seas.harvard.edu (Eddie Kohler)

--00000000000097f53e05a897e0df
Content-Type: text/plain; charset="UTF-8"

Hi all,

I've opened up a pull request and responded to this message there. I'd love
any further comments.

https://github.com/php/php-src/pull/5702

Eddie


On Thu, Jun 11, 2020 at 5:42 PM Sara Golemon <pollita@php.net> wrote:

> WARNING: Harvard cannot validate this message was sent from an authorized
> system. Please be careful when opening attachments, clicking links, or
> following instructions. For more information, visit the HUIT IT Portal and
> search for SPF.
> ------------------------------
> On Thu, Jun 11, 2020 at 11:59 AM Eddie Kohler <kohler@seas.harvard.edu>
> wrote:
>
>> Thanks for this suggestion. I've updated the implementation to make
>> HashContext implement Serializable.
>>
>> I'd still be grateful for more feedback, or perhaps I should just create
>> an RFC?
>>
>> Be careful what you ask for. :)
>
> Overall +1 on the concept with a few notes:
>
> 1. Please put this on a branch and make it a PR so we can comment on it
> directly.
> 2. Consider using zend_parse_parameters_throws() and family so that the
> exception which is thrown contains the type error information rather than
> the generic RETURN_THROWS() macros.
> 3. Consider using hex or base64 to serialize the contexts.  This will
> reduce various transport/storage issues.
> 4. It's great that you've thought about endianness, but the current
> implementation simply bails on endian mismatch. It'd be a nice-to-have for
> the user if these serializations were portable.  I know this represents a
> lot of work for sort of an edge case so I won't hold it against you if you
> say 'no' and/or save this for later work if demand surfaces.
> 5. Storing $key makes me nervous.  I don't have a good solution to this
> since the deserialization doesn't actually give us a chance to specify it
> in the deserialization process.  I wish I'd made $key/hmac an option to
> hash_final rather than hash_init.  Maybe we can think about allowing that
> to be specified at either end.  Let's expand on this topic while you work
> on your RFC.
> 6. Yeah... I think you need an RFC because of #5. Sorry.
> 7. TABS v SPACES indentation issues.
>
> -Sara
>
>

--00000000000097f53e05a897e0df--