Beware of the padding this method adds !
<?php
$encryption_key = openssl_random_pseudo_bytes(32);
$iv = openssl_random_pseudo_bytes(16);
$data = openssl_random_pseudo_bytes(32);
for ($i = 0; $i < 5; $i++) {
$data = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, OPENSSL_RAW_DATA, $iv);
echo strlen($data) . "\n";
}
?>
With this sample the output will be:
48
64
80
96
112
This is because our $data is already taking all the block size, so the method is adding a new block which will contain only padded bytes.
The only solution that come to my mind to avoid this situation is to add the option OPENSSL_ZERO_PADDING along with the first one:
<?php
$data = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
?>
/!\ Be careful when using this option, be sure that you provide data that have already been padded or that takes already all the block size.
