Hi,
> We intend to send a pull request later this year > Just note that there are some bigger internal changes being done on separation of backend starting with https://github.com/php/php-src/commit/d662ab5f08af83297dc64499edf0b79182d79e91 which should ultimately result in usage of custom libctx in OpenSSL 3.x. So things might be moving around in the next couple of months. to include PHP functions in the OpenSSL extension that look like this: > > function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array; > The name should be more openssl_pkey_encapsulate > // 0 -> shared secret (typically 32 bytes) > // 1 -> KEM ciphertext for decaps > Not really sure if this is good return format. Most functions currently return additional data by reference which is probably not ideal either but it would be probably a bit more consistent. > function openssl_kem_decaps(OpenSSLAsymmetricKey $sk, string > $kemCiphertext): string; > // Returns a shared secret or throws an exception upon decryption > failure. > > openssl_pkey_decapsulate > I don't know if this change needs an RFC or not, but I wanted to start the > discussion just in case. > > We don't usually require RFC unless there would be some objections against the API. Still makes sense to at least agree on API here and if we don't agree, then it might need RFC. Regards Jakub
