PHP RFC: Migration Hash Context from Resource to Object

• Version: 1.0
• Date: 2016-12-26
• Author: Sara Golemon pollita@php.net, with initial implementation from Rouven Weßling me@rouvenwessling.de
• Status: Under Discussion
• First Published at: http://wiki.php.net/rfc/hash-context.as-resource

Since PHP5, objects have been the preferred structure for wrapping internal data, however some clod created the hash extension to use resources. This RFC seeks to rectify that error by migrating the Hash extension to use an object implementation for hash contexts instead of a resource.

Convert the opaque resource to an opaque object. This is the lightest touch change to ensure that existing code should continue to function unless it has explciit is_resource() checks. These checks can be easily replaced with is_resource|is_object checks instead.

• Actual oop interface in the form of a few methods: HashContext::__construct() mirroring hash_init, HashContext::update() mirroring hash_update, etc...
• String casting to invoke `->final()` - Probably a bad idea as the object becomes immutable once it is finalized.
• Comparison overloading - Handy, but should explicitly use hash_equals() algorithm to avoid timing attacks.
• Operator overloading (e.g. `$b = $a + 'foo';` ~= `$b = clone $a; $b->update('foo');` - Probably a bad idea, but included for completeness.
• Serialization/Deserialization - Potential (but unconfirmed) security issues as the internal hash state becomes visible and previously impossible replays may become available.

Any userspace code which explicitly type checks HashContext values using is_resource()/get_resource_type()

PHP 7.next

Finalizing a hash context currenly invalidates the resource via `zend_list_close()` making all future operations on that value fail. This patch emulates this by clearing the internal value `context` and verifying it in all function invocations using the value. This isn't typical object behavior, but minimizes BC breakage. We could potentially invoke hash_copy() to save the context prior to finalization, finalize it, then revert to the prior state by restoring the saved context. This makes sense to me, but introduces a change to behavior which needs to be discussed.

Include the patch at https://github.com/php/php-src/compare/master...sgolemon:pr-660 50%+1 required.

• Implementation for PHP 7.2 https://github.com/php/php-src/compare/master...sgolemon:pr-660
• Original PR by Rouven Weßling: https://github.com/php/php-src/pull/660