Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90219 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 82003 invoked from network); 6 Jan 2016 19:28:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jan 2016 19:28:41 -0000 Authentication-Results: pb1.pair.com header.from=bishop.bettini@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=bishop.bettini@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.50 as permitted sender) X-PHP-List-Original-Sender: bishop.bettini@gmail.com X-Host-Fingerprint: 74.125.82.50 mail-wm0-f50.google.com Received: from [74.125.82.50] ([74.125.82.50:35407] helo=mail-wm0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2E/7A-21755-8EA6D865 for ; Wed, 06 Jan 2016 14:28:41 -0500 Received: by mail-wm0-f50.google.com with SMTP id f206so71365998wmf.0 for ; Wed, 06 Jan 2016 11:28:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=icwQVjUicdsSGm2J1FEUukGyZF3S2UGq5LsZAhrgPHA=; b=L2DZ7NVT6P0BfBP9Nf02jw6wvvZVgWlJ3Z8EVROiInaogeNfWx4Kn0z87MLhs19KuU BegnyK36hfshcpid9thI8Zo3vikEuhqeGZ9MjM8e+qIpfRDhcSsQ8rCLDoNWY1kHrCYr 4Grnik2x1oaHKpH7luWQpeeHUkaNAJtvNAbxatc1+flkk2/CWVSRVEiFoJySjl5XvaR+ 1msW7gk7wTY/xTnS7TuBjc4xJ1irhbwh+ShXhDL+Cxzv+KDEOVzqpfz0DKDPNL8GDZRP UrIk7H7T4wOPfd8C85II8czMgsNgP+gxYaRp1pQ60ZX88euX7RvMGhXI2rgnRx3KHk9s iuSA== X-Received: by 10.194.9.42 with SMTP id w10mr70499855wja.159.1452108517818; Wed, 06 Jan 2016 11:28:37 -0800 (PST) MIME-Version: 1.0 Reply-To: bishop@php.net Sender: bishop.bettini@gmail.com Received: by 10.194.45.230 with HTTP; Wed, 6 Jan 2016 11:28:08 -0800 (PST) In-Reply-To: References: Date: Wed, 6 Jan 2016 14:28:08 -0500 X-Google-Sender-Auth: 5yRLiTRNfbe0dUYsLhaHWpP-Tf8 Message-ID: To: Jakub Zelenka Cc: PHP internals list Content-Type: multipart/alternative; boundary=047d7b4504966146fc0528af5c6a Subject: Re: [PHP-DEV] [RFC] OpenSSL AEAD support From: bishop@php.net (Bishop Bettini) --047d7b4504966146fc0528af5c6a Content-Type: text/plain; charset=UTF-8 On Wed, Jan 6, 2016 at 11:09 AM, Jakub Zelenka wrote: > Hi, > > On Wed, Jan 6, 2016 at 3:35 PM, Bishop Bettini wrote: > >> >> I think the API might need to be more generic so that any future cipher >> modes with different parameters could also be passed in. >> >> Please see note in > https://wiki.php.net/rfc/openssl_aead#rejected_features . Any context > related features will add a lot to the size of the implementation. In this > case it would also mean introducing an object with dimension handler to the > openssl ext which doesn't really match with the rest of the extension API. > The proposed API is more conformant to the rest and the code addition is > also limited which is very important from the maintenance point of view. > Ok, a context resource may not be pragmatic. Perhaps a compromise in the form of a thin wrapper: string openssl_encrypt_aead(string $data , string $method , string $password [, int $options = 0 [, string $iv = "" [, string &$tag = "" [, string $aad = "" [, int $tag_length = 16 ]]]]) string openssl_decrypt_aead(string $data , string $method , string $password [, int $options = 0 [, string $iv = "" [, string $tag = "" [, string $aad = "" ]]]] ) This actually feels more right anyway: openssl_encrypt only does encryption, whereas openssl_encrypt_aead does encryption *and* integrity. I would hate for users to pass a method of aes128 and think they can forgo an HMAC because they thought PHP would give them back a valid tag. --047d7b4504966146fc0528af5c6a--