Sara Golemon
7165e28738
Refactor password.c
...
Use zend_string instread of char*/size_t
Clean up use of scope vars
Get rid of some temporaries/overstacked expressions.
2017-07-16 17:02:39 -04:00
Charles R. Portwood II
498716c2f7
Compatibility with libargon2 versions 20161029 and 20160821
...
libargon2 20161029 introduces the `type` parameter to the argon2_encodedlen
function that is not present in 20160821. This change ensures the Argon2
functionality introduced in RFC `argon2_password_hash` is compatible with
both versions, as the library version that package maintainers package may
differ.
2017-06-18 19:19:20 -04:00
Xinchen Hui
696bd37e67
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Fixed condition check
Fixed condition check
another place
Conflicts:
ext/mcrypt/mcrypt.c
2017-04-10 14:49:13 +08:00
Xinchen Hui
65d77812fc
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fixed condition check
2017-04-10 14:47:42 +08:00
Xinchen Hui
4bebcb84ad
Fixed condition check
2017-04-10 14:47:24 +08:00
Sammy Kaye Powers
dac6c639bb
Update copyright headers to 2017
2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
Sammy Kaye Powers
9e29f841ce
Update copyright headers to 2017
2017-01-02 09:30:12 -06:00
Sara Golemon
a23f08a33c
Use new param API in standard
2016-12-30 17:28:55 -08:00
Nikita Popov
1a94b24ca5
Use zend_string_free instead of efree
...
Fingers crossed I didn't break the build.
2016-09-16 21:30:26 +02:00
Charles R. Portwood II
0e3b3b031f
Changing m_cost and t_cost to memory_cost and time_cost
...
- Updating tests
- Adjusting cost factors:
- memory_cost = 1 MiB
- time_cost = 2
- threads = 2
2016-08-17 13:45:06 -05:00
Charles R. Portwood II
0d4d8eab53
Removing Argon2d, changing config arg to --with-password-argon2
...
Argon2d is not suitable for password_hashing. To ensure best practices
within password_*, Argon2d was removed.
--with-argon2 implies the full feature set of Argon2, whereas this
feature only implements Argon2i within password_*. Consequently
the feature flag was renamed to --with-password-argon2
2016-08-01 18:53:24 -05:00
Charles R. Portwood II
ab837a6a0a
Fixing potential memory leak with encoded in password_hash
...
Using zend_string_alloc instead of char* for out and encoded
variables
2016-07-18 13:15:29 -05:00
Charles R. Portwood II
bcfccdd9f4
Removing argon2 library files in favor of --with-argon2[=DIR]
...
- Configure flag now accepts --with-argon2 for dynamic linking with
libargon2. Argon2 will be enabled in password_* only if this
flag is passed.
- --with-argon2 config flag allows user passed directory for linking
- Added Argon2 specific tests to ensure existing tests do not fail
when argon2 is disable
2016-07-11 16:44:40 -05:00
Charles R. Portwood II
1bc381848a
Reverting PASSWORD_DEFAULT to PASSWORD_BCRYPT
...
Indicating constants as defaults
Minor coding standards change
2016-07-10 08:16:55 -05:00
Charles R. Portwood II
0a1274f2b1
Adding test cases for Argon2i and Argon2d
...
Added Windows config.w32 changes
Updated constants in php_password.h
2016-07-09 13:18:45 -05:00
Charles R. Portwood II
c2551a74d4
Working implementation with password_hash, password_verify
2016-07-08 23:45:19 -05:00
Charles R. Portwood II
3c7fb71a90
Introducing Argon2 memory, time, and lanes constants
...
PASSWORD_ARGON2_MEMORY_COST
PASSWORD_ARGON2_TIME_COST
PASSWORD_ARGON2_LANES
2016-07-08 15:31:30 -05:00
Charles R. Portwood II
de85c2e526
Implementing password_verify and password_get_info for Argon2
2016-07-08 15:27:20 -05:00
Dmitry Stogov
adc95c5114
Fixed compilation warnings
2016-06-23 12:47:06 +03:00
Nikita Popov
d3ed75b9eb
Remove HAVE_CRYPT checks
...
We always provide a crypt implementation. HAVE_CRYPT is only
relevant as to whether the crypt() C function exists.
2016-03-25 21:09:47 +01:00
Julien Pauli
ef4dc15831
Moved buffer from heap to stack
2016-01-06 11:41:16 +01:00
Lior Kaplan
ed35de784f
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf
Happy new year (Update copyright to 2016)
2016-01-01 19:21:47 +02:00
Xinchen Hui
3d3782c328
Unused vars
2015-12-14 09:23:01 -08:00
Anthony Ferrara
02e85045dc
Refactor password_hash to use random_bytes internally to generate salts
2015-12-14 09:05:16 +01:00
Dmitry Stogov
4a2e40bb86
Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes).
2015-06-30 04:05:24 +03:00
Nikita Popov
5d3cf577aa
Make convert_to_* safe with rc>1
...
This only involves switching zval_dtor to zval_ptr_dtor for arrays
and making the convert_to_object for arrays a bit more generic.
All the other changes outside zend_operators.c just make use of
this new ability (use COPY instead of DUP).
What's still missing: Proper references handling. I've seen many
convert_to* calls that will break when a reference is used.
Also fixes bug #69788 .
2015-06-11 23:23:57 +02:00
Anthony Ferrara
ed4052f1d5
Fixed bug #69686 password_verify reports back error on PHP7 will null string.
...
The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
2015-05-21 17:12:51 -04:00
Nikita Popov
40e465e357
Clean up some type conversions
...
While at it also fix some type checks in iconv and drop dead and
unported code in standard/filters.
2015-04-27 18:50:08 +02:00
Anthony Ferrara
94e222c14d
Deprecate password_hash salt option
2015-04-09 15:51:04 -04:00
Xinchen Hui
fc33f52d8c
bump year
2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d
bump year
2015-01-15 23:26:37 +08:00
Stanislav Malyshev
b7a7b1a624
trailing whitespace removal
2015-01-10 15:07:38 -08:00
Anatol Belski
bdeb220f48
first shot remove TSRMLS_* things
2014-12-13 23:06:14 +01:00
Veres Lajos
4b9535341a
typo fixes - https://github.com/vlajos/misspell_fixer
2014-11-19 20:23:00 +00:00
Anatol Belski
f8f86a44ef
return after the warning, to fix uninitialized salt usage
2014-11-18 13:19:52 +01:00
Anatol Belski
a85ce501da
partial cleanup to work with size_t str length in password_hash
...
php_crypt() and co use int, though this is fair enough. Could
be refactored later for tidiness reasons.
2014-11-14 17:39:41 +01:00
Anatol Belski
4fa92438f4
fix datatype mismatches
2014-10-23 16:38:25 +02:00
Johannes Schlüter
d0cb715373
s/PHP 5/PHP 7/
2014-09-19 18:33:14 +02:00
Anatol Belski
34e39783b1
remove useless casts and checks
2014-09-14 11:00:22 +02:00
Nikita Popov
6cceb54c09
Fix a number of format issues
2014-09-03 15:57:28 +02:00
Anatol Belski
bf96ee95ce
's' works with size_t round 4
2014-08-27 20:49:37 +02:00
Anatol Belski
3234480827
first show to make 's' work with size_t
2014-08-27 20:49:31 +02:00
Anatol Belski
af59e92b24
master renames phase 7
2014-08-25 21:51:49 +02:00
Anatol Belski
4d997f63d9
master renames phase 3
2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6
master renames phase 1
2014-08-25 19:24:55 +02:00
Anatol Belski
745a71be33
yet more fixes to zpp
2014-08-20 14:46:14 +02:00
Anatol Belski
cb25136f4e
fix macros in the 5 basic extensions
2014-08-16 11:37:14 +02:00
Dmitry Stogov
17d027ed47
Split IS_BOOL into IS_FALSE and IS_TRUE
2014-04-30 18:32:42 +04:00