The $options
parameter is not defined here. We should be very conservative with which options we permit users to muck with.
The constructor for each should look like:
public function __construct($driver) {
switch ($driver) {
case self::DRIVER_OPENSSL:
// use openssl for underlying crypto
break;
case self::DRIVER_LIBSODIUM:
// if ext/libsodium, use it for underlying crypto
// else throw catchable fatal error
break;
default:
// throw catchable fatal error
}
}
Someone with more RSA padding oracle experience should probably decide our default padding strategies. Though cperciva provides some useful suggestions.