Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:48330
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 38127 invoked from network); 18 May 2010 21:44:44 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 May 2010 21:44:44 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass; domainkeys=bad
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.42 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 74.125.82.42 mail-ww0-f42.google.com  
Received: from [74.125.82.42] ([74.125.82.42:42085] helo=mail-ww0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A8/02-27340-B4A03FB4 for <internals@lists.php.net>; Tue, 18 May 2010 17:44:44 -0400
Received: by wwc33 with SMTP id 33so208404wwc.29
        for <internals@lists.php.net>; Tue, 18 May 2010 14:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:cc:content-type
         :content-transfer-encoding;
        bh=fzSk636VASsBBKutl2n1Vo7fTtsm+qf13tsPJ8j2rXs=;
        b=yC6VQNgT3s2qR3eK4w+DeJVky5gA1XGVEQNlkLojmpfVHqbzQZozMYupHo7Iray1Zk
         RzIoIA/067I/jg3qNqvfog+ZzVHOx+UPQfvgjb0mVBeyijjlJ8JeC+VY+c2T463wEPui
         wo63l3hlACbveCevXIozu4lVzoYojvMZYTbxE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        b=BJAvu/gui97Ym80gtJojTYt0Cy22vQg00MG0ljOeabQD83WBL+sgJJpqDzYMgvknhF
         SKElj/DCmgtCdH3RAUsr9AMsbP9lxu7ni8MwZhpEIU2EIrQXtaCh5DdFF8v3xGkoeeX3
         E+a6fQIlANEn9JOt1cz66Mn5VmW4kefuXfxVc=
MIME-Version: 1.0
Received: by 10.216.180.15 with SMTP id i15mr4397148wem.188.1274219079894; 
	Tue, 18 May 2010 14:44:39 -0700 (PDT)
Received: by 10.216.177.146 with HTTP; Tue, 18 May 2010 14:44:39 -0700 (PDT)
In-Reply-To: <D8.91.27340.B8803FB4@pb1.pair.com>
References: <D0.2B.05421.113F1FB4@pb1.pair.com>
	 <AANLkTilSOPh0yWZ6dcXCK-v7fcQDeRUcV85M6aOeD4in@mail.gmail.com>
	 <A8.40.27340.20403FB4@pb1.pair.com>
	 <AANLkTildJlXp3Re94TdFNhB7yoWo2YhYD_F4ENm8KR-o@mail.gmail.com>
	 <D8.91.27340.B8803FB4@pb1.pair.com>
Date: Tue, 18 May 2010 23:44:39 +0200
Message-ID: <AANLkTinLrvM-O-t9JHiNsM73FTFYft9FPJtymQ7TNvW0@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] openssl_(en|de)crypt missing IV
From: pierre.php@gmail.com (Pierre Joye)

On Tue, May 18, 2010 at 11:37 PM, Sara Golemon <pollita@php.net> wrote:
>>> The only BC break is the warning raised when using openssl_encrypt()
>>> without
>>> an IV. =A0Given the extremely bad practice using a NULL IV represents, =
I
>>> think
>>> this is a reasonable course of action.
>>
>> It changes the signature making the fifth argument a complete
>> different thing. I strongly disagree with this strategy, even if I can
>> understand your reasoning. We can't begin to "fix" things by changing
>> existing API signatures, that's going to end badly.
>>
> What do you mean by "making the fifth argument a complete different thing=
"?
> =A0Different to what? The current signature only has four arguments. =A0T=
his
> adds an optional argument which, by itself, is not BC breaking.

I misread this paragraph, I kept in mind what you said in your initial post=
:

>> P.S. - Here's the signature I'd go with: openssl_encrypt($data, $method,=
 $iv, $key, $raw=3Dfalse)

So yes, putting it at fifth optional argument can work as it won't
change the behavior either.

>> To define a new and clean API is not only BC but may also allow
>> obvious naming. And last but not least, it can then be merged in 5.3
>> without worrying about any possible impact.
>>
> Absolutely true, and /possibly/ worth the "wtf" that comes with having tw=
o
> essentially identical functions. =A0How would you feel about the trunk
> versions of the old functions (but not the 5.3 versions) gaining
> ZEND_ACC_DEPRECATED in that case?

Having new cleaner APIs is what I would prefer to do (in general). And
we can indeed add the deprecated flag to 5.3 as well.

Cheers,
--=20
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org