Add streaming encryption/decryption API to OpenSSL extension (openssl_encrypt_init / openssl_encrypt_update / openssl_encrypt_final)

[degtyaryov]

Description

Currently, the OpenSSL extension in PHP provides openssl_encrypt() and openssl_decrypt(), which require the entire data buffer in memory for AES-128-GCM, AES-256-GCM... This makes it impractical to process very large files (e.g. 100 MB, 1 GB, 1 TB) because PHP will try to load the entire content into memory before encrypting/decrypting.

Proposal
Introduce a streaming API for encryption/decryption, similar to how hash_init(), hash_update(), and hash_final() work.

For example for encryption:

$res = openssl_encrypt_init('aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $tag_length);

openssl_encrypt_update($ctx, $aad);

while (!feof($fp_in)) {
    $chunk = fread($fp_in, 1048576); // 1 MB
    $enc = openssl_encrypt_update($res, $chunk);
    fwrite($fp_out, $enc);
}

$enc = openssl_encrypt_final($res, $tag);
fwrite($fp_out, $enc);

And for decryption:

$res = openssl_decrypt_init("aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $tag);

openssl_decrypt_update($ctx, $aad);

while (!feof($fp_in)) {
    $chunk = fread($fp_in, 1048576);
    $dec = openssl_decrypt_update($res, $chunk);
    fwrite($fp_out, $dec);
}

$dec = openssl_decrypt_final($res);
fwrite($fp_out, $dec);

[bukka]

Not sure if I want to add such stuff to core openssl ext. I'm thinking more about updating crypto extension that has got already support for this. I plan to start looking into it more after the first RC and merging more libctx updates. The idea would be to eventually get it to the core as well.

That extension has already support for streamed encryption so that part can be already used. Will just need to release a new PECL version to work on the latest PHP versions (master already does but there has not been release for a long time).

[degtyaryov]

I think many people specifically use the OpenSSL module, since it is included in PHP itself and does not require installing any additional modules.
It’s impractical to include the crypto module just for a single case.
It’s even harder to rewrite everything to use crypto just because of one problematic case.

It’s much simpler to replace openssl_encrypt with the functions openssl_encrypt_init / openssl_encrypt_update / openssl_encrypt_final in the problematic spot.

For example, aws-sdk-php uses the OpenSSL module specifically.

I’ve seen the source code of openssl_encrypt; internally, it uses EVP_CipherInit / EVP_CipherUpdate / EVP_EncryptFinal for a single chunk.

[bukka]

I'm not saying that this should be closed as it might be eventually be added. What I meant is that my preference is to get crypto ext to the better shape and make it more available.

This can be implemented like anything but it will require some further refactoring as it will need to keep the state in a new object and all those things around it. This is also not like adding a new parameter or a small function - it's a new API design so such thing will require RFC. So if anyone is happy to do the RFC and provide a good implementation, then I don't see any reason why it couldn't be added.