> > > to include PHP functions in the OpenSSL extension that look like this: >> >> function openssl_kem_encaps(OpenSSLAsymmetricKey $pk): array; >> > > The name should be more openssl_pkey_encapsulate > >
I just did a bit more checking and we should consider having required kem operation as selected by EVP_PKEY_CTX_set_kem_op . There are currently just single operations (e.g. RSAVE for RSA and DHKEM for others). OpenSSL chose not set default which has got some good reasoning described in https://github.com/openssl/openssl/pull/12750 . I haven't checked out how it is in the current PQC (whether there are already more operations) but possibly there might be more in the future. This would make the function harder to use as one would need to know the operations but setting our own defaults prove usually not ideal in the long term (it's hard to change those defaults (BC break) if there are issues with them) so it might be just better to leave that to user space maybe. Or it might be worth to check what other implementations do. It should certainly have some consideration. Regards Jakub
