Skip to content

extend libxcrypt bindings #15870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

extend libxcrypt bindings #15870

wants to merge 2 commits into from

Conversation

remicollet
Copy link
Member

@remicollet remicollet commented Sep 13, 2024
edited
Loading

Take benefit of latest lilbxcrypt 4.x

Add 3 functions:

  • crypt_gensalt
  • crypt_preferred_method
  • crypt_checksalt (libxcrypt >= 4.3)

Add CRYPT_PREFIX_* and CRYPT_SALT_* constants

Add 3 more hashing methods

  • scrypt
  • yescrypt
  • gost_yescript

This make using crypt much easier, without any mess about salt

 $hash = crypt($secret, crypt_gensalt());

This is compatible, when algo exists, with password_hash methods.

ONly a PoC for now

TODO:

  • check function availability
  • check algo availability
  • Windows ?

TimWolla
TimWolla reviewed Sep 25, 2024
View reviewed changes
ext/standard/basic_functions.stub.php
@@ -2111,6 +2154,12 @@ function crc32(string $string): int {}
/** @refcount 1 */
function crypt(#[\SensitiveParameter] string $string, string $salt): string {}

function crypt_gensalt(?string $salt = null, int $count = 0): ?string {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first parameter should likely be called $prefix instead of $salt.

ext/standard/basic_functions.stub.php

function crypt_preferred_method(): ?string {}

function crypt_checksalt(string $salt): int {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And here the parameter should probably be called $settings. Also affects the C code, which uses prefix.

ext/standard/crypt.c
if (crypt_gensalt_rn(prefix, (unsigned long)count, NULL, 0, salt, CRYPT_GENSALT_OUTPUT_SIZE)) {
RETURN_STRING(salt);
}
RETURN_NULL();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably throw an Exception, similarly to how password_hash() will either succeed or throw.

@TimWolla TimWolla mentioned this pull request Dec 13, 2024
Closed
@remicollet
Copy link
Member Author

Closing in favor of #17093

@remicollet remicollet closed this Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimWolla TimWolla TimWolla left review comments

@kocsismate kocsismate Awaiting requested review from kocsismate kocsismate will be requested when the pull request is marked ready for review kocsismate is a code owner

@bukka bukka Awaiting requested review from bukka bukka will be requested when the pull request is marked ready for review bukka is a code owner

Assignees
No one assigned
Labels
Extension: standard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@remicollet @TimWolla