summaryrefslogtreecommitdiff
path: root/ext/standard/crypt.c
Commit message (Collapse)AuthorAgeFilesLines
* Replace zend_bool uses with boolNikita Popov2021-01-151-1/+1
| | | | | | | We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
* Drop support for crypt() without explicit saltNikita Popov2020-09-071-30/+3
| | | | | | | crypt() without salt generates a weak $1$ MD5 hash. It has been throwing a notice since 2013 and we provide a much better alternative in password_hash() (which can auto-generate salts for strong password hashes), so keeping this is just a liability.
* Remove proto comments from C filesMax Semenik2020-07-061-2/+1
| | | | Closes GH-5758
* Clean house in cryptographic hashing codeAlex Dowad2020-06-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Remove dead code from php_crypt_r.c This code has been commented out since the file was added in 2008. It's safe to say that no-one is ever going to use it. - Fix typo in comment in php_crypt_r.c - Remove redundant Windows-only implementation of php_md5_crypt_r There is a portable implementation in the same file, which is selected if not building for Windows. But why should Windows have its own special implementation of this function at all? There doesn't seem to be any good reason. Better to use the portable implementation on all platforms. - Don't define useless __CONST macro in php_crypt_r.h This preprocessor macro is not used anywhere. - Add comment on functions for encoding data as Base64 - Remove dead code from crypt_blowfish.h - Remove unneeded junk comments from crypt_freesec.c - Remove dead code from crypt_blowfish.c This function has been commented out since 2011.
* Fix potential use-after-scope if crypt_r is usedNikita Popov2020-06-241-6/+4
|
* Remove deprecated DES fallback in crypt()Nikita Popov2020-06-241-23/+5
|
* Merge branch 'PHP-7.4'Nikita Popov2020-06-241-2/+5
|\ | | | | | | | | * PHP-7.4: Handle *0 / *1 more consistently
| * Handle *0 / *1 more consistentlyNikita Popov2020-06-241-2/+5
| | | | | | | | | | Avoid throwing a DES salt deprecation warning if the libc crypt implementation is used.
* | Remove mention of PHP major version in Copyright headersGabriel Caruso2019-09-251-2/+0
|/ | | | Closes GH-4732.
* Fix build warningsRemi Collet2019-07-251-1/+1
| | | | - switch from strncpy to memcpy for -Wstringop-truncation
* Use unsigned char in _crypt_extended_rNikita Popov2019-06-191-1/+1
| | | | Avoid signed shift UB.
* Remove local variablesPeter Kokot2019-02-031-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the so called local variables defined per file basis for certain editors to properly show tab width, and similar settings. These are mainly used by Vim and Emacs editors yet with recent changes the once working definitions don't work anymore in Vim without custom plugins or additional configuration. Neither are these settings synced across the PHP code base. A simpler and better approach is EditorConfig and fixing code using some code style fixing tools in the future instead. This patch also removes the so called modelines for Vim. Modelines allow Vim editor specifically to set some editor configuration such as syntax highlighting, indentation style and tab width to be set in the first line or the last 5 lines per file basis. Since the php test files have syntax highlighting already set in most editors properly and EditorConfig takes care of the indentation settings, this patch removes these as well for the Vim 6.0 and newer versions. With the removal of local variables for certain editors such as Emacs and Vim, the footer is also probably not needed anymore when creating extensions using ext_skel.php script. Additionally, Vim modelines for setting php syntax and some editor settings has been removed from some *.phpt files. All these are mostly not relevant for phpt files neither work properly in the middle of the file.
* Remove yearly range from copyright noticeZeev Suraski2019-01-301-1/+1
|
* Future-proof email addresses...Zeev Suraski2018-11-011-1/+1
|
* Remove HAVE_STRING_HPeter Kokot2018-09-181-4/+0
| | | | | | | | | | | | | | | | | | | The C89 standard and later defines the `<string.h>` header as part of the standard headers [1] and on current systems it is always present. Code included also `<strings.h>` header as an alterinative in some files. This kind of check was relevant on some older systems where the `<strings.h>` file included definitions for the C89 compliant `<string.h>`. Today such alternative check is not required anymore. The `<strings.h>` file is part of the POSIX definition these days. Also Autoconf suggests doing this and relying on C89 or above [2] and [3]. This patch also cleans few unused `<strings.h>` inclusions in the libmbfl. [1]: https://port70.net/~nsz/c/c89/c89-draft.html#4.1.2 [2]: http://git.savannah.gnu.org/cgit/autoconf.git/tree/lib/autoconf/headers.m4 [3]: https://www.gnu.org/software/autoconf/manual/autoconf-2.69/autoconf.html
* Remove AC_STRUCT_TM macroPeter Kokot2018-08-291-4/+0
| | | | | | | | | | | | | | | | | | | | Autoconf 2.59d (released in 2006) [1] started promoting several macros as not relevant for newer systems anymore, including the `AC_STRUCT_TM`. This macro checks if `struct tm` is defined in either `<sys/time.h>` or `<time.h>` and defines the `TM_IN_SYS_TIME` symbol accordingly. This check was relevant in times before the C89 for some embedded systems, microcontrollers or very old systems. For newer systems it can be avoided and the `<time.h>` should be included instead since current systems should be well supported by now. [2] Since PHP requires at least C89, this patch removes the obsolescent call and time.h checks. Refs: - [1]: http://git.savannah.gnu.org/cgit/autoconf.git/tree/NEWS - [2]: https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Structures.html
* Remove unused Git attributes identPeter Kokot2018-07-251-2/+0
| | | | | | | | | | | | | | | The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last user who changed it. In Git this functionality is different and can be done with Git attribute ident. These need to be defined manually for each file in the .gitattributes file and are afterwards replaced with 40-character hexadecimal blob object name which is based only on the particular file contents. This patch simplifies handling of $Id$ keywords by removing them since they are not used anymore.
* year++Xinchen Hui2018-01-021-1/+1
|
* Resolve conflictSammy Kaye Powers2017-01-031-4/+4
|\
| * Merge branch 'pull-request/2163'Joe Watkins2017-01-031-4/+4
| |\ | | | | | | | | | | | | * pull-request/2163: import explicit_bzero + strlc* functions update since 1999 algorithms have changed and register k/w not necessary anymore.
| | * let s use the macro insteadDavid Carlier2016-10-151-4/+4
| | |
| | * import explicit_bzero + strlc* functions updateDavid Carlier2016-10-151-4/+4
| | | | | | | | | | | | | | | since 1999 algorithms have changed and register k/w not necessary anymore.
* | | Update copyright headers to 2017Sammy Kaye Powers2017-01-021-1/+1
|/ /
* | Use new param API in standardSara Golemon2016-12-301-3/+5
|/
* Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2016-09-101-8/+0
|\ | | | | | | | | * PHP-7.0: Bug #73058 crypt broken when salt is 'too' long
| * Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-09-101-8/+0
| |\ | | | | | | | | | | | | * PHP-5.6: Bug #73058 crypt broken when salt is 'too' long
| | * Bug #73058 crypt broken when salt is 'too' longAnatol Belski2016-09-101-8/+0
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Anatol Belski2016-08-291-0/+8
|\ \ \ | |/ / | | | | | | | | | * PHP-7.0: Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
| * | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-08-291-0/+8
| |\ \ | | |/ | | | | | | | | | * PHP-5.6: Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by password_verify
| | * Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by ā†µAnatol Belski2016-08-291-0/+8
| | | | | | | | | | | | password_verify
* | | Fixed warning: "operation on ā€˜sā€™ may be undefined"Xinchen Hui2016-08-021-5/+6
| | |
* | | Fix crypt salt not being converted to b64Leigh2016-07-071-3/+3
| | |
* | | Fix some insecure usages of php_randLeigh2016-07-051-7/+3
| | |
* | | Remove HAVE_CRYPT checksNikita Popov2016-03-251-2/+0
| | | | | | | | | | | | | | | We always provide a crypt implementation. HAVE_CRYPT is only relevant as to whether the crypt() C function exists.
* | | Remove PHP_*_CRYPT constantsNikita Popov2016-03-251-54/+7
|/ / | | | | | | They are always 1.
* | Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2016-03-251-13/+19
|\ \ | |/ | | | | | | Conflicts: ext/standard/crypt.c
| * Fixed bug #67512Nikita Popov2016-03-251-7/+12
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
|\ \ | |/ | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| * Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| |
| * bump yearXinchen Hui2015-01-151-1/+1
| |
* | Fixed bug #69686 password_verify reports back error on PHP7 will null string.Anthony Ferrara2015-05-211-5/+10
| | | | | | | | The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
* | Merge branch 'pull-request/989'Stanislav Malyshev2015-01-311-4/+23
|\ \ | | | | | | | | | | | | | | | | | | * pull-request/989: Fix a few tests and remove error/warning for *0 Fix spaces -> tabs Add deprecated notice to invalid DES salts.
| * | Fix a few tests and remove error/warning for *0Anthony Ferrara2015-01-131-0/+2
| | |
| * | Fix spaces -> tabsAnthony Ferrara2015-01-091-13/+13
| | |
| * | Add deprecated notice to invalid DES salts.Anthony Ferrara2015-01-091-4/+21
| | | | | | | | | | | | | | | | | | This will cause an error in the case where invalid salts are provided for other algorithms. Currently, these invalid salts will silently fall back to STD_DES which is extremely weak. By detecting invalid DES salts, we can alert the user that there is a bug in their code. The error is currently E_DEPRECATED as this has potential to break currently working (yet insecure) code. In the future it should be changed to an E_WARNING and return *0
* | | bump yearXinchen Hui2015-01-151-1/+1
| | |
* | | trailing whitespace removalStanislav Malyshev2015-01-101-1/+1
|/ /
* | first shot remove TSRMLS_* thingsAnatol Belski2014-12-131-3/+3
| |
* | Merge branch 'PHP-5.6'Stanislav Malyshev2014-11-301-4/+3
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: update news update news update NEWS Apply error-code-salt fix to Windows too Bug fixes in light of failing bcrypt tests Add tests from 1.3. Add missing tests. Upgrade crypt_blowfish to version 1.3 Apply error-code-salt fix to Windows too Bug fixes in light of failing bcrypt tests Add tests from 1.3. Add missing tests. Upgrade crypt_blowfish to version 1.3 Conflicts: ext/standard/crypt.c
| * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2014-11-301-3/+2
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: update news update news update NEWS Apply error-code-salt fix to Windows too Bug fixes in light of failing bcrypt tests Add tests from 1.3. Add missing tests. Upgrade crypt_blowfish to version 1.3 Apply error-code-salt fix to Windows too Bug fixes in light of failing bcrypt tests Add tests from 1.3. Add missing tests. Upgrade crypt_blowfish to version 1.3
View Lorry Controller Status