Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

On Mon, Feb 2, 2015 at 2:30 PM, Daniel Lowrey wrote: > > The extra params aren't really _that_ bad. > > Okay, I'd like to reset the conversation a bit here. It's clear that the > current API does not fit the problem domain very well. Tacking on more > parameters only creates a bigger mess. Six pa

Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

On 2 February 2015 at 14:30, Daniel Lowrey wrote: >> The extra params aren't really _that_ bad. > > Okay, I'd like to reset the conversation a bit here. It's clear that the > current API does not fit the problem domain very well. Tacking on more > parameters only creates a bigger mess. Six paramet

Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

> The extra params aren't really _that_ bad. Okay, I'd like to reset the conversation a bit here. It's clear that the current API does not fit the problem domain very well. Tacking on more parameters only creates a bigger mess. Six parameters to a stateless function call is a completely incoherent

Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

I should have stated my intent more clearly in the original mail. I would be targeting 5.5 and above for a core change, and would provide a an extension to back-fill 5.3 and 5.4. I think people should be able to use authenticated modes of operation _now_, not when PHP 7 is released and / or when it

Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

On Sun, Feb 1, 2015 at 1:07 PM, Jakub Zelenka wrote: > Hey, > > On Sun, Feb 1, 2015 at 5:49 PM, Daniel Lowrey wrote: >> >> - openssl_decrypt() now returns mixed ... if $options['get_tag'] == true >> then return [$decryptedString, $tag], otherwise return $decrypted string >> as >> before to pre

Re: [PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

Hey, On Sun, Feb 1, 2015 at 5:49 PM, Daniel Lowrey wrote: > > - openssl_decrypt() now returns mixed ... if $options['get_tag'] == true > then return [$decryptedString, $tag], otherwise return $decrypted string as > before to preserve BC. > - the encrypt function could use $options['set_tag']

[PHP-DEV] Re: OpenSSL ext. improvements for authenticated cipher modes.

> Hi list, > > A couple of bug reports have highlighted the fact that our > openssl_encrypt and openssl_decrupt functions have no way of getting > or setting tags required for authenticated cipher modes (i.e. GCM, > CCM, OCB (not sure if this is available in OpenSSL)). > > https://bugs.php.net/bug.