PHP RFC: Add sha256() and sha256_file() functions

• Version: 0.1
• Date: 2024-09-19
• Author: Rowan Tommins imsop@php.net
• Status: Draft
• First Published at: http://wiki.php.net/rfc/add-sha256-function

PHP currently has dedicated functions for calculating MD5 and SHA-1 hashes, both of which were once common but are now considered broken from a security point of view. It is widely recommended to use SHA-256 for the purposes these were previously suited to, but PHP lacks dedicated functions to do so. This RFC proposes to add functions for calculating a SHA-256 hash from a string (sha256()), and from a file (sha256_file()). It also proposes to move these functions from ext/standard to ext/hash, primarily as an aid to organising the official manual.

The following new functions will be added:

A proposal to deprecate the md5(), sha1(), md5_file(), and sha1_file() functions in the bulk deprecations for PHP 8.4 RFC was declined. Its rationale said, in part:

Unfortunately these cryptographically secure hash functions are only available by means of the generic hash() function (and the closely related hash_init(), hash_file(), and hash_hmac functions), making using them more verbose and thus seemingly more complicated than the standalone md5(), sha1(), md5_file(), and sha1_file() functions [...]

The hash() family of functions (including hash_file, hash_init(), and more) form a powerful “toolkit”

• Python's hashlib module provides named constructors for each supported algorithm; the minimum list is MD5, SHA-1, four variants of SHA-2 (sha224(), sha256(), sha384(), and sha512()), four variants of SHA-3, two of SHAKE, and two of BLAKE2. The SHA-3, SHAKE, and BLAKE2 algorithms were added in Python 3.6 (2016).
• C# has classes derived from ''HashAlgorithm'' for MD5, SHA1, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, and SHA3_512; separate classes (outside of that hierarchy) also exist for Shake128 and Shake256.
• Java provides only a universal constructor ''MessageDigest.getInstance(String algorithm)''. The minimum set of algorithms supported is SHA-1 and SHA-256.
• Apple CryptoKit (for Swift) has classes adopting the ''HashFunction'' protocol for SHA256, SHA384, and SHA512.
• Ruby's Digest module provides classes for MD5, RIPEMD-160, SHA1, and SHA2 (both via Digest::SHA2.new(bitlen) and short-hand Digest::SHA256, Digest::SHA384, and Digest::SHA512).
• Go's standard-library ''crypto'' package includes classes for md5, sha1, sha256 (which also implements SHA-224), and sha512 (which also implements SHA-384, SHA-512/224 and SHA-512/256).
• The Web Crypto API (for JavaScript) has a single ''digest()'' method taking a string algorithm name; the only supported algorithms are 'SHA-1', 'SHA-256', 'SHA-384', and 'SHA-512'.
• As far as I can see, Rust and Perl do not provide any digest functions in their standard libraries.

Some databases also provide standalone functions for common hashing algorithms:

• MySQL has functions for md5() and sha1(), plus a combined ''sha2()'' function which takes an argument to select SHA-224, SHA-256, SHA-384, or SHA-512.
• PostgreSQL offers built-in sha224(), sha256(), sha384(), and sha512() functions since version 11.0 (released in 2018). Prior versions offered only md5() outside of an optional extension, as discussed in the patch proposing them.
• Microsoft SQL Server has only a ''HASHBYTES'' function, which takes an algorithm as a string, and accepts MD2, MD4, MD5, SHA, SHA1, SHA2_256, and SHA2_512 (the algorithm older than SHA-2 log a deprecation notice)
• Presto and Trino (big data query engines used by tools like Amazon Athena) include nine hashing functions - like PHP these include crc32(), md5() and sha1; sha256() and sha512() variants of SHA-2, plus two variants of SpookyHashV2, one of xxHash, and one of Murmur3

What breaks, and what is the justification for it?

List the proposed PHP versions that the feature will be included in. Use relative versions such as “next PHP 8.x” or “next PHP 8.x.y”.

Describe the impact to CLI, Development web server, embedded PHP etc.

Will existing extensions be affected?

It is necessary to develop RFC's with opcache in mind, since opcache is a core extension distributed with PHP.

Please explain how you have verified your RFC's compatibility with opcache.

Describe any new constants so they can be accurately and comprehensively explained in the PHP documentation.

If there are any php.ini settings then list:

• hardcoded default values
• php.ini-development values
• php.ini-production values

Make sure there are no open issues when the vote starts!

List existing areas/features of PHP that will not be changed by the RFC.

This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise.

This section details areas where the feature might be improved in future, but that are not currently proposed in this RFC.

Include these so readers know where you are heading and can discuss the proposed voting options.

Links to any external patches and tests go here.

If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed.

Make it clear if the patch is intended to be the final patch, or is just a prototype.

For changes affecting the core language, you should also provide a patch for the language specification.

After the project is implemented, this section should contain

1. the version(s) it was merged into
2. a link to the git commit(s)
3. a link to the PHP manual entry for the feature
4. a link to the language specification section (if any)

Links to external references, discussions or RFCs

Keep this updated with features that were discussed on the mail lists.