PHP RFC: Your Title Here

• Version: 0.1
• Date: 2016-01-02
• Author: Jakub Zelenka, bukka@php.net
• Status: Draft

The PHP OpenSSL extension provides functions for data encryption (openssl_encrypt) and decryption (openssl_decrypt). These function works fine for all cipher algorithms (cipher + mode) except ciphers with AEAD (Authenticated Encrypt with Associated Data) mode. These modes requires special handling in OpenSSL and a need for supplying resp. retrieving of the authenticated tag and optionally AAD (associated application data).

There are two AEAD modes supported by OpenSSL (up to version 1.0.2) - GCM (Galois Counter Mode) and CCM (Counter with CBC-MAC). Both of these modes currently fails on decryption as there is no way how to supply an authentication tag.

This RFC proposes adding extra parameters to openssl_encrypt and openssl_decrypt for accessing authenticated tag and AAD. These parameters are optional and makes sense only for AEAD modes. The parameters differs for each function.

none

PHP 7.1

none

none

none

none

Default tag length and parameters order.

The current encryption and decryption is unaffected. The new parameters are optional.

Adding support for OCB mode once the extension supports OpenSSL 1.1

50%+1 majority

https://github.com/php/php-src/compare/master...bukka:openssl_aead

After the project is implemented, this section should contain

1. the version(s) it was merged to
2. a link to the git commit(s)
3. a link to the PHP manual entry for the feature

Links to external references, discussions or RFCs

Keep this updated with features that were discussed on the mail lists.