Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:81580 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15751 invoked from network); 2 Feb 2015 10:55:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2015 10:55:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.177 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.212.177 mail-wi0-f177.google.com Received: from [209.85.212.177] ([209.85.212.177:39288] helo=mail-wi0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F0/60-13421-E975FC45 for ; Mon, 02 Feb 2015 05:55:27 -0500 Received: by mail-wi0-f177.google.com with SMTP id r20so14299794wiv.4 for ; Mon, 02 Feb 2015 02:55:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OJI3lqTV6wFpsd7HK1dWlM8iRj5I5cXBUoUzmbD+9HY=; b=M0yBu4BRXEBweenoAEFW7tShXgAjyZyyDMzzWcXUQ79Ur89q0TRVGCiYnklYXiCREq FypXsmGtiXpA9iSZo1xFERDtgqNlR4/aDjd7PGnjszydfQaPxLURG4ml68bnMPiNGODa zjKFHCPnsrTZjdJmeusLxSeMQDdXH5XFpZRshaKv/1Th+70i07Jdlb0zgUjjZt1QzNbt CQTu29L10lu/jKIWjojO4iFKkwhDJSUJu34f4dVId05Tyh6SOKlhrHMfy71hhmnpF/8N fYZW6O1JQ5IVgPu/EF1RB4D5UN1QatJ0qUXErdTYxc+Ed0ooWV1/hAhdnITJM/Kvhppr GHYw== MIME-Version: 1.0 X-Received: by 10.180.76.133 with SMTP id k5mr22494500wiw.30.1422874519708; Mon, 02 Feb 2015 02:55:19 -0800 (PST) Received: by 10.216.50.139 with HTTP; Mon, 2 Feb 2015 02:55:19 -0800 (PST) In-Reply-To: References: Date: Mon, 2 Feb 2015 10:55:19 +0000 Message-ID: To: Daniel Lowrey Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes. From: leight@gmail.com (Leigh) I should have stated my intent more clearly in the original mail. I would be targeting 5.5 and above for a core change, and would provide a an extension to back-fill 5.3 and 5.4. I think people should be able to use authenticated modes of operation _now_, not when PHP 7 is released and / or when it lands in a stable distro. On 1 February 2015 at 17:49, Daniel Lowrey wrote: > How about ... > > Old API: > -------- > string openssl_decrypt ( string $data , string $method , string $password > [, int $options = 0 [, string $iv = "" ]] ) > string openssl_encrypt ( string $data , string $method , string $password > [, int $options = 0 [, string $iv = "" ]] ) > > New: > -------- > mixed openssl_decrypt ( string $data , string $method , string $password [, > mixed $options = 0 [, string $iv = "" ]] ) > string openssl_encrypt ( string $data , string $method , string $password > [, mixed $options = 0 [, string $iv = "" ]] ) Really not sure. On one hand it keeps the parameter count down and opens the door for other options to be passed in future, on the other the mixed return type bothers me a little. > The main changes are: > > - the $options parameter becomes mixed (either long or array) in both > functions > - a long $options parameter triggers E_DEPRECATED in php7 (expects array) > - the presence of an $iv triggers E_DEPRECATED in php7 (scheduled for > removal) Is the intent to have the IV moved to the options array? $options = [ 'flags' => OPENSSL_RAW_DATA, 'tag' => ..., 'taglen' => 16, 'iv' => ..., 'associated_data' => ... ]; > - openssl_decrypt() now returns mixed ... if $options['get_tag'] == true > then return [$decryptedString, $tag], otherwise return $decrypted string as > before to preserve BC. > - the encrypt function could use $options['set_tag'] to define that (or > any other secondary information needed for the operation). The result of a mode like GCM is useless without the tag, it should automatically be provided when you choose a mode that results in a ciphertext and a tag, and likewise the mode should fail if you try and decrypt without providing the tag. > What I would prefer NOT to see is piling on more optional parameters to > these already too-long function signatures. Also, I don't really like the > idea of adding "state" to this operation with new > openssl_set_tag/openssl_get_tag functions. I agree about set/get. My least favourite option. The extra params aren't really _that_ bad. string openssl_encrypt ( string $data , string $method , string $password [, int $options = 0 [, string $iv = "" [, string &$tag [, string $associated_data ]]]] ) By the time you get to $associated_data, everything preceding it is a required parameter. Yes it's verbose, but it still doesn't break BC, and the options and return types remain the same (although this forgoes the option to specify the tag length - another param would just be silly ;)).