On Tue, May 18, 2010 at 11:37 PM, Sara Golemon wrote:
>>> The only BC break is the warning raised when using openssl_encrypt()
>>> without
>>> an IV. Given the extremely bad practice using a NULL IV represents, I
>>> think
>>> this is a reasonable course of action.
>>
>> It changes the signature
The only BC break is the warning raised when using openssl_encrypt() without
an IV. Given the extremely bad practice using a NULL IV represents, I think
this is a reasonable course of action.
It changes the signature making the fifth argument a complete
different thing. I strongly disagree with
On Tue, May 18, 2010 at 11:17 PM, Sara Golemon wrote:
>>> Fixing this is a simple matter, but I wanted to bounce approaches for BC
>>> (or
>>> lack thereof) off everyone else since this version of openssl_encrypt()
>>> is
>>> already "in the wild".
>>
>>> I think it's worth a BC break. Comments?
Fixing this is a simple matter, but I wanted to bounce approaches for BC (or
lack thereof) off everyone else since this version of openssl_encrypt() is
already "in the wild".
I think it's worth a BC break. Comments?
To break BC is a no go, even if your arguments are appealing (even in
a majo
On Tue, May 18, 2010 at 13:02, Pierre Joye wrote:
> hi,
>
> On Tue, May 18, 2010 at 12:56 PM, Rob Richards
> wrote:
>
>>
>> Personally I would like to see the signature changed to be even more aligned
>> with the ones from mcrypt - since thats what people are most used to using.
>
> I would like
hi,
On Tue, May 18, 2010 at 12:56 PM, Rob Richards wrote:
>
> Personally I would like to see the signature changed to be even more aligned
> with the ones from mcrypt - since thats what people are most used to using.
I would like to as well but we can't. To change method signatures in a
way tha
Sara Golemon wrote:
I was just looking through the implementation of openssl_encrypt()
(and openssl_decrypt()) today because I need to make some encrypted
payloads, but the prototype didn't have anywhere to place an
initialization vector.
On opening ext/openssl/openssl.c, I noticed line 4620
hi Sara,
On Tue, May 18, 2010 at 3:53 AM, Sara Golemon wrote:
> I was just looking through the implementation of openssl_encrypt() (and
> openssl_decrypt()) today because I need to make some encrypted payloads, but
> the prototype didn't have anywhere to place an initialization vector.
>
> On ope
On Tue, May 18, 2010 at 10:19 AM, Davey Shafik wrote:
> The least disruptive change would be to have it as the last arg, and default
> to the current all-null value.
>
> Perhaps you could do this and add a warning akin to the date.timezone if none
> is passed?
>
> Having said that, I don't think
The least disruptive change would be to have it as the last arg, and default to
the current all-null value.
Perhaps you could do this and add a warning akin to the date.timezone if none
is passed?
Having said that, I don't think the disruption would be too bad, I haven't seen
much use of the o
I was just looking through the implementation of openssl_encrypt() (and
openssl_decrypt()) today because I need to make some encrypted payloads,
but the prototype didn't have anywhere to place an initialization vector.
On opening ext/openssl/openssl.c, I noticed line 4620 which simply
hardcode
11 matches
Mail list logo
