On Thu, Feb 13, 2025, at 8:51 AM, Paragon Initiative Enterprises Security Team
wrote:
> OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds
> of cryptographic operations used by the NIST post-quantum cryptography
> standards (i.e., FIPS-203).
>
> KEM stands for "Key Encapsulati
On Thu, Feb 13, 2025, at 8:16 AM, Tim Düsterhus wrote:
> Hi
>
> Am 2025-02-12 22:31, schrieb Larry Garfield:
>> I'm still undecided on the RFC overall, but one thing that is
>> problematic is the phrasing of the messages. Currently, the messages
>> in the attribute are fragments of an English se
The PHP development team announces the immediate availability of PHP
8.3.17. This is a bugfix release.
All PHP 8.3 users are encouraged to upgrade to this version.
For source downloads of PHP 8.3.17 please visit our downloads page:
https://www.php.net/downloads
Windows source and binaries can be
The PHP development team announces the immediate availability of PHP
8.4.4. This is a bugfix release.
All PHP 8.4 users are encouraged to upgrade to this version.
For source downloads of PHP 8.4.4 please visit our downloads page.
Windows binaries can be found on the PHP for Windows site.
The list
>
>
> to include PHP functions in the OpenSSL extension that look like this:
>>
>> function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array;
>>
>
> The name should be more openssl_pkey_encapsulate
>
>
I just did a bit more checking and we should consider having required kem
operation as select
Hi,
> We intend to send a pull request later this year
>
Just note that there are some bigger internal changes being done on
separation of backend starting with
https://github.com/php/php-src/commit/d662ab5f08af83297dc64499edf0b79182d79e91
which should ultimately result in usage of custom libctx
On 2/13/25 06:51, Paragon Initiative Enterprises Security Team wrote:
OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds
of cryptographic operations used by the NIST post-quantum cryptography
standards (i.e., FIPS-203).
KEM stands for "Key Encapsulation Mechanism". It's the
I have no issue with adding more functions to the OpenSSL extension,
but they need to be very clearly documented and have an obvious API.
Cryptic names such as $pk or $sk cannot be used. While I really hate
array return types, if you must use it then it must be clearly
documented. It cannot just be
OpenSSL 3 introduced a KEM API, which is an abstraction for the kinds of
cryptographic operations used by the NIST post-quantum cryptography
standards (i.e., FIPS-203).
KEM stands for "Key Encapsulation Mechanism". It's the preferred way to do
asymmetric cryptography. Even RSA-KEM is safer than ho
Hi
Am 2025-02-13 09:49, schrieb Eugene Sidelnyk:
I'm just wondering how the new attribute that defines behavior (not
just
additional metadata) will fit into the rest of the system.
See my reply to Jakob: There are already several attributes that define
behavior.
Do you think it's reasonab
Hi
Am 2025-02-13 09:16, schrieb Jakob Givoni:
Attributes were added as a structured replacement for docblock props
and I
don't like it when they affect how a program actually runs (as long as
you're not using reflection).
Excluding the `#[\Attribute]` attribute, PHP currently has 5 native
at
Hi
Am 2025-02-12 22:31, schrieb Larry Garfield:
I'm still undecided on the RFC overall, but one thing that is
problematic is the phrasing of the messages. Currently, the messages
in the attribute are fragments of an English sentence, seemingly
designed to fit grammatically with a sentence fra
On Wed, Jan 29, 2025 at 4:14 PM Tim Düsterhus wrote:
> Hi
>
> Volker and I would like to start discussion on our RFC to allow "Marking
> return values as important (#[\NoDiscard])".
>
> Please find the following resources for your reference:
>
> - RFC: https://wiki.php.net/rfc/marking_return_valu
Hello, everyone
I'm just wondering how the new attribute that defines behavior (not just
additional metadata) will fit into the rest of the system.
Right now, return type hints are not implemented just as an attribute, but
as "native" type declaration.
I mean, what we have right now:
function f
My thoughts overall on this:
0. I'm not against introducing the attribute, only how it's used/enforced
etc. (And, incidentally, what it actually MEANS, see if you can spot that
from the rest of my comments)
1. Static analysers and IDEs: I agree with everyone who's said that whether
or not the
15 matches
Mail list logo
