With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.
https://github.com/oerdnj/deb.sury.org/issues/990
(PHP 5 >= 5.3.0, PHP 7, PHP 8)
openssl_get_cipher_methods — Récupère la liste des méthodes de chiffrements disponibles
$aliases
= false
): arrayRécupère la liste des méthodes de chiffrements disponibles.
aliases
Passez true
si vous voulez que les alias des méthodes chiffrements
soient inclus dans le tableau retourné.
Un array des méthodes de chiffrements disponibles. Il est à noter que antérieur à OpenSSL 1.1.1, les méthodes de chiffrements étaient retournées en majuscule et en minuscule ; à partir de OpenSSL 1.1.1 seul la variante en minuscule est retourné.
Exemple #1 Exemple openssl_get_cipher_methods()
Montre à quoi ressemblent les ciphers disponibles, ainsi que les alias disponibles.
<?php
$ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);
//ECB mode should be avoided
$ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );
print_r($ciphers);
print_r($cipher_aliases);
?>
Résultat de l'exemple ci-dessus est similaire à :
Array ( [0] => aes-128-cbc [1] => aes-128-cbc-hmac-sha1 [2] => aes-128-cbc-hmac-sha256 [3] => aes-128-ccm [4] => aes-128-cfb [5] => aes-128-cfb1 [6] => aes-128-cfb8 [7] => aes-128-ctr [9] => aes-128-gcm [10] => aes-128-ocb [11] => aes-128-ofb [12] => aes-128-xts [13] => aes-192-cbc [14] => aes-192-ccm [15] => aes-192-cfb [16] => aes-192-cfb1 [17] => aes-192-cfb8 [18] => aes-192-ctr [20] => aes-192-gcm [21] => aes-192-ocb [22] => aes-192-ofb [23] => aes-256-cbc [24] => aes-256-cbc-hmac-sha1 [25] => aes-256-cbc-hmac-sha256 [26] => aes-256-ccm [27] => aes-256-cfb [28] => aes-256-cfb1 [29] => aes-256-cfb8 [30] => aes-256-ctr [32] => aes-256-gcm [33] => aes-256-ocb [34] => aes-256-ofb [35] => aes-256-xts [36] => aria-128-cbc [37] => aria-128-ccm [38] => aria-128-cfb [39] => aria-128-cfb1 [40] => aria-128-cfb8 [41] => aria-128-ctr [43] => aria-128-gcm [44] => aria-128-ofb [45] => aria-192-cbc [46] => aria-192-ccm [47] => aria-192-cfb [48] => aria-192-cfb1 [49] => aria-192-cfb8 [50] => aria-192-ctr [52] => aria-192-gcm [53] => aria-192-ofb [54] => aria-256-cbc [55] => aria-256-ccm [56] => aria-256-cfb [57] => aria-256-cfb1 [58] => aria-256-cfb8 [59] => aria-256-ctr [61] => aria-256-gcm [62] => aria-256-ofb [63] => bf-cbc [64] => bf-cfb [66] => bf-ofb [67] => camellia-128-cbc [68] => camellia-128-cfb [69] => camellia-128-cfb1 [70] => camellia-128-cfb8 [71] => camellia-128-ctr [73] => camellia-128-ofb [74] => camellia-192-cbc [75] => camellia-192-cfb [76] => camellia-192-cfb1 [77] => camellia-192-cfb8 [78] => camellia-192-ctr [80] => camellia-192-ofb [81] => camellia-256-cbc [82] => camellia-256-cfb [83] => camellia-256-cfb1 [84] => camellia-256-cfb8 [85] => camellia-256-ctr [87] => camellia-256-ofb [88] => cast5-cbc [89] => cast5-cfb [91] => cast5-ofb [92] => chacha20 [93] => chacha20-poly1305 [111] => id-aes128-CCM [112] => id-aes128-GCM [113] => id-aes128-wrap [114] => id-aes128-wrap-pad [115] => id-aes192-CCM [116] => id-aes192-GCM [117] => id-aes192-wrap [118] => id-aes192-wrap-pad [119] => id-aes256-CCM [120] => id-aes256-GCM [121] => id-aes256-wrap [122] => id-aes256-wrap-pad [124] => idea-cbc [125] => idea-cfb [127] => idea-ofb [137] => seed-cbc [138] => seed-cfb [140] => seed-ofb [141] => sm4-cbc [142] => sm4-cfb [143] => sm4-ctr [145] => sm4-ofb ) Array ( [36] => aes128 [37] => aes128-wrap [38] => aes192 [39] => aes192-wrap [40] => aes256 [41] => aes256-wrap [69] => aria128 [70] => aria192 [71] => aria256 [72] => bf [77] => blowfish [99] => camellia128 [100] => camellia192 [101] => camellia256 [102] => cast [103] => cast-cbc [146] => idea [164] => seed [169] => sm4 )
With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.
https://github.com/oerdnj/deb.sury.org/issues/990
May be useful for cyphers execution speed.
<?php
const TEST_COUNT = 100000;
const SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
const KEY = "password";
function TESTER( $testing_function, $argument )
{
$t = microtime(true);
for ($test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
$testing_function( $argument );
}
return round(microtime(true) - $t, 4);
}
$crypt = function($cipher) {
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
};
$methods = openssl_get_cipher_methods(false);
array_splice( $methods, 0, count($methods) / 2);
$timings = array();
foreach ($methods as $cypher) {
$time = TESTER( $crypt, $cypher );
$timings[ $cypher ] = $time;
echo str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
}
uasort($timings, function($a, $b){
return $a <=> $b;
});
$min_time = round(reset($timings) / TEST_COUNT, 7);
$min_cypher = key($timings);
$max_time = round(end($timings) / TEST_COUNT, 7);
$max_cypher = key($timings);
echo '-------------', PHP_EOL;
echo "Total tests: ", count($timings), PHP_EOL;
echo "Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
echo "Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;
echo 'Details: ', PHP_EOL;
foreach ($timings as $m => $t) {
echo '- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`", PHP_EOL;
}
echo PHP_EOL;