Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:93719
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88772 invoked from network); 2 Jun 2016 14:30:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Jun 2016 14:30:17 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.53 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com  
Received: from [209.85.218.53] ([209.85.218.53:35762] helo=mail-oi0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/34-62101-7F240575 for <internals@lists.php.net>; Thu, 02 Jun 2016 10:30:15 -0400
Received: by mail-oi0-f53.google.com with SMTP id w184so79648518oiw.2
        for <internals@lists.php.net>; Thu, 02 Jun 2016 07:30:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc;
        bh=EHzD0hLsGTv3WfEhdehZlIgpRx6Jhf9ZTG1cO+5Qn3Y=;
        b=RnaOXVTgqiv0Ap6oqIQ6iSJC1NqwoLbP9Z/zxLtHdELLQv6rIVEXhv+EVTEjDjQnrN
         EN4HQeOiXACZJCQh/mvuNXQf/F2A/wCvDO+/NjtxO71mLoTqY6bbGnaDccWtGPwE8+no
         NzkR6vleS8LHh1g3HagwWPssCVWx0dHPR8CA732ffrsgcGFwyUOlSARVpOL7zh8QLcqF
         jLarCIxQOK7NROcPAiT+IKcvhCQKBg2GYeNU2C+msZgGZaKcEOvCL6EF4CVpPzupeO6d
         DucXVSeTdrQ4fVo2fwmi1KJLhEQmaHnzFBZcUk6FdXNacta8lNlpLdRwEYuqXJFZevYG
         vxiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc;
        bh=EHzD0hLsGTv3WfEhdehZlIgpRx6Jhf9ZTG1cO+5Qn3Y=;
        b=C088YpaNVvlBBit7FeaF41AKphgcQU2YvUOj6JXAsOw1cXCov1a4uAe97ypOs342bJ
         s2WqIVfXbklFzhLXdrfpEFbdco+FIIQy8u0xRzkjVV5mx00uYDUUvqQQi6qM0OXrDUkm
         VNZbaYHXcrJYF6bA9n+9VZkRb8QI0Z5NZdoy8fThNWMQrCd0tT7fTnRAqGrdNmaHLF+3
         2Y4kHbJAupUhjiOidKXZ9N+A9EMvhxQFjGmaulPBS7XlO0qzCkmBmE6Jjmc/jXHn8nwD
         24XU96m5iD1RHac8B4TnGKwNBZSVq5yZp247gEYYZCVTVNHBDwQj9uJxscpg7+xL4xUs
         LMRQ==
X-Gm-Message-State: ALyK8tLqbehfLDh8giazpBD+xQETgAZgPirmNG/Le0i4zIRQH/yDZMTaiik7qwl1ootnxaRIDVnOKe9kS56Ccw==
MIME-Version: 1.0
X-Received: by 10.157.27.212 with SMTP id v20mr6275015otv.82.1464877811859;
 Thu, 02 Jun 2016 07:30:11 -0700 (PDT)
Received: by 10.202.108.197 with HTTP; Thu, 2 Jun 2016 07:30:11 -0700 (PDT)
In-Reply-To: <CAKws9z114YcHkDaXO3o-E0JuHR10WsPzyedeF_8Q=shHDziwug@mail.gmail.com>
References: <CAKws9z114YcHkDaXO3o-E0JuHR10WsPzyedeF_8Q=shHDziwug@mail.gmail.com>
Date: Thu, 2 Jun 2016 21:30:11 +0700
Message-ID: <CAEZPtU4a8EpVhOmy5SSoP1mb_4PYjYuX=7G1d+12EC_YWxmqxA@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion
From: pierre.php@gmail.com (Pierre Joye)

hi Scott,

On Wed, Jun 1, 2016 at 2:49 PM, Scott Arciszewski <scott@paragonie.com> wrote:
> Hi PHP Internals Team,
>
> Let's begin discussing the prospect of adding libsodium as a core extension
> in PHP 7.1. I've updated the RFC to explain why this would be a good idea
> and the benefits it offers.
>
> https://wiki.php.net/rfc/libsodium
>
> If the subsequent discussion goes smoothly, I would like to open voting on
> June 15.
>
> Together, let's make PHP cryptography so safe that it becomes boring.

Good work and very good choice for the backend library.

I am overall in favor of having this extension in the core. However a
couple of things are sub optimal or not ideal (in no special order):


- \Sodium\library_version_major() \Sodium\library_version_minor() and
\Sodium\version_string() should be constants

For  \Sodium\version_string(), the name is not consistent as it refers
to the library version not the extension version ("Returns a string
identifier of the current version of the sodium library installed.")
(edit: used would better represent what is actually happening)


- memzero, memcmp, hex2bin

I am not totally convinced that memzero and maybe memcmp names are
good nor they should be there. Both would be very useful as operator
on variables. Given the simplicity of the implementations, it could be
very useful in many other areas in case this ext is not installed

For hex2bin, the optional parameter could be added to the existing
functions. As this function does not require crypto safe
implementation (and does not need from an implementation), we should
have them as part of the engine instead.


- buf and other abbreviations should be better. I think we had a
discussion some time ago about how to provide interfaces for non C
developers.

- compare should be string_compare, or it could be confusing about
what it can compare, especially in code review while checking crypt
code, where many other types come into the game



Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org