archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
99637 commits 526 branches 1434 tags 878 MiB
Commit graph

84 commits

Author SHA1 Message Date
Nikita Popov
1a94b24ca5 Use zend_string_free instead of efree 
Fingers crossed I didn't break the build.
 2016-09-16 21:30:26 +02:00
Charles R. Portwood II
0e3b3b031f Changing m_cost and t_cost to memory_cost and time_cost 
- Updating tests
- Adjusting cost factors:
 - memory_cost = 1 MiB
 - time_cost = 2
 - threads = 2
 2016-08-17 13:45:06 -05:00
Charles R. Portwood II
0d4d8eab53 Removing Argon2d, changing config arg to --with-password-argon2 
Argon2d is not suitable for password_hashing. To ensure best practices
within password_*, Argon2d was removed.

--with-argon2 implies the full feature set of Argon2, whereas this
feature only implements Argon2i within password_*. Consequently
the feature flag was renamed to --with-password-argon2
 2016-08-01 18:53:24 -05:00
Charles R. Portwood II
ab837a6a0a Fixing potential memory leak with encoded in password_hash 
Using zend_string_alloc instead of char* for out and encoded
variables
 2016-07-18 13:15:29 -05:00
Charles R. Portwood II
bcfccdd9f4 Removing argon2 library files in favor of --with-argon2[=DIR] 
- Configure flag now accepts --with-argon2 for dynamic linking with
  libargon2. Argon2 will be enabled in password_* only if this
  flag is passed.
- --with-argon2 config flag allows user passed directory for linking
- Added Argon2 specific tests to ensure existing tests do not fail
  when argon2 is disable
 2016-07-11 16:44:40 -05:00
Charles R. Portwood II
1bc381848a Reverting PASSWORD_DEFAULT to PASSWORD_BCRYPT 
Indicating constants as defaults
Minor coding standards change
 2016-07-10 08:16:55 -05:00
Charles R. Portwood II
0a1274f2b1 Adding test cases for Argon2i and Argon2d 
Added Windows config.w32 changes
Updated constants in php_password.h
 2016-07-09 13:18:45 -05:00
Charles R. Portwood II
c2551a74d4 Working implementation with password_hash, password_verify 2016-07-08 23:45:19 -05:00
Charles R. Portwood II
3c7fb71a90 Introducing Argon2 memory, time, and lanes constants 
PASSWORD_ARGON2_MEMORY_COST
PASSWORD_ARGON2_TIME_COST
PASSWORD_ARGON2_LANES
 2016-07-08 15:31:30 -05:00
Charles R. Portwood II
de85c2e526 Implementing password_verify and password_get_info for Argon2 2016-07-08 15:27:20 -05:00
Dmitry Stogov
adc95c5114 Fixed compilation warnings 2016-06-23 12:47:06 +03:00
Nikita Popov
d3ed75b9eb Remove HAVE_CRYPT checks 
We always provide a crypt implementation. HAVE_CRYPT is only
relevant as to whether the crypt() C function exists.
 2016-03-25 21:09:47 +01:00
Julien Pauli
ef4dc15831 Moved buffer from heap to stack 2016-01-06 11:41:16 +01:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Xinchen Hui
3d3782c328 Unused vars 2015-12-14 09:23:01 -08:00
Anthony Ferrara
02e85045dc Refactor password_hash to use random_bytes internally to generate salts 2015-12-14 09:05:16 +01:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Nikita Popov
5d3cf577aa Make convert_to_* safe with rc>1 
This only involves switching zval_dtor to zval_ptr_dtor for arrays
and making the convert_to_object for arrays a bit more generic.

All the other changes outside zend_operators.c just make use of
this new ability (use COPY instead of DUP).

What's still missing: Proper references handling. I've seen many
convert_to* calls that will break when a reference is used.

Also fixes bug #69788.
 2015-06-11 23:23:57 +02:00
Anthony Ferrara
ed4052f1d5 Fixed bug #69686 password_verify reports back error on PHP7 will null string. 
The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
 2015-05-21 17:12:51 -04:00
Nikita Popov
40e465e357 Clean up some type conversions 
While at it also fix some type checks in iconv and drop dead and
unported code in standard/filters.
 2015-04-27 18:50:08 +02:00
Anthony Ferrara
94e222c14d Deprecate password_hash salt option 2015-04-09 15:51:04 -04:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Veres Lajos
4b9535341a typo fixes - https://github.com/vlajos/misspell_fixer 2014-11-19 20:23:00 +00:00
Anatol Belski
f8f86a44ef return after the warning, to fix uninitialized salt usage 2014-11-18 13:19:52 +01:00
Anatol Belski
a85ce501da partial cleanup to work with size_t str length in password_hash 
php_crypt() and co use int, though this is fair enough. Could
be refactored later for tidiness reasons.
 2014-11-14 17:39:41 +01:00
Anatol Belski
4fa92438f4 fix datatype mismatches 2014-10-23 16:38:25 +02:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
34e39783b1 remove useless casts and checks 2014-09-14 11:00:22 +02:00
Nikita Popov
6cceb54c09 Fix a number of format issues 2014-09-03 15:57:28 +02:00
Anatol Belski
bf96ee95ce 's' works with size_t round 4 2014-08-27 20:49:37 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
af59e92b24 master renames phase 7 2014-08-25 21:51:49 +02:00
Anatol Belski
4d997f63d9 master renames phase 3 2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
745a71be33 yet more fixes to zpp 2014-08-20 14:46:14 +02:00
Anatol Belski
cb25136f4e fix macros in the 5 basic extensions 2014-08-16 11:37:14 +02:00
Dmitry Stogov
17d027ed47 Split IS_BOOL into IS_FALSE and IS_TRUE 2014-04-30 18:32:42 +04:00
Dmitry Stogov
050d7e38ad Cleanup (1-st round) 2014-04-15 15:40:40 +04:00
Xinchen Hui
2ed1f00869 Refactor php_crypt to returning zend_string 2014-02-25 12:46:51 +08:00
Xinchen Hui
93428dc6b9 Refactor base64 to returning zend_string 2014-02-24 18:48:22 +08:00
Dmitry Stogov
398256e5fe Use better data structures (incomplete) 2014-02-14 13:40:11 +04:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Nikita Popov
870d3e75ca Remove dead comparison (size_t < 0) 2013-10-19 23:46:09 +02:00
Anthony Ferrara
83e3466898 Fix return types of password API helper functions. 
This fixes issues that were found during static analysis by cjones where failure was impossible to detect due to return type mangling (casting an int to a char, then comparing to an int).
 2013-08-21 12:10:40 -04:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Anthony Ferrara
0bc9ca39ce Refactor to using a stack based zval instead of dynamic allocation 2012-10-07 05:42:08 -04:00