Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99449 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4515 invoked from network); 7 Jun 2017 23:12:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jun 2017 23:12:51 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:36940] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C1/3C-27119-17888395 for ; Wed, 07 Jun 2017 19:12:50 -0400 Received: (qmail 42863 invoked by uid 89); 7 Jun 2017 23:12:46 -0000 Received: from unknown (HELO mail-it0-f48.google.com) (yohgaki@ohgaki.net@209.85.214.48) by 0 with ESMTPA; 7 Jun 2017 23:12:46 -0000 Received: by mail-it0-f48.google.com with SMTP id m62so117866108itc.0 for ; Wed, 07 Jun 2017 16:12:45 -0700 (PDT) X-Gm-Message-State: AODbwcDeaZ0w0a5ZxKYsU/SRHmoKdtcLEcHV5akW8zfj38axd74dwgWl rzzLSwu+ncJvSxq6JiCwhNRko7YkdA== X-Received: by 10.36.40.12 with SMTP id h12mr2746168ith.50.1496877160482; Wed, 07 Jun 2017 16:12:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.33.132 with HTTP; Wed, 7 Jun 2017 16:12:00 -0700 (PDT) Date: Thu, 8 Jun 2017 08:12:00 +0900 X-Gmail-Original-Message-ID: Message-ID: To: "internals@lists.php.net" Content-Type: multipart/alternative; boundary="001a114514146c5013055166dfe5" Subject: hash_hkdf() manual improvement From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a114514146c5013055166dfe5 Content-Type: text/plain; charset="UTF-8" Hi all, hash_hkdf() does not have sane/optimal/consistent signature, but this is what we've decided by RFC vote. We should have good manual page for users to avoid vulnerable usage at least. Current hash_hkdf() manual page. http://php.net/hash_hkdf This is final proposal patch for hash_hkdf.xml. https://gist.github.com/yohgaki/e518898ffda2fe37ab911d7a7fcb1a9f I've put most aspects discussed in the RFC 5869. If you find anything that violates RFC 5869 recommendation/suggestion (and/or HMAC recommendation/suggestion), please let me know. https://tools.ietf.org/html/rfc5869 Please note that previous discussion for this revealed that there is no valid example usage that justifies current signature. i.e. Specifying $length/$info parameter(s) only cannot be common/optimal/recommended usage. If any example, I'll add it to the manual. Corrections/improvements are appreciated. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a114514146c5013055166dfe5--