-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
switch to libxcrypt implementation when all algo available #7580
Conversation
Would it make sense to use our own implementation for algorithms we support and fall back to system implementation if we don't? This will avoid behavior differences. |
Not for "security guys", who prefer using a well known / audited / reviewed implementation ;) |
3rd commit fix the PHP_CRYPT_R_STYLE function in build/php.m4 which was broken and breaks ZTS builds |
seems ext/standard/tests/strings/bug50052.phpt is failing on some libcrypt.so variant... at least the one used in CI... :( |
FreeBSD CI has even more failures:
This is exactly what I'm concerned about. There are behavior differences between crypt implementations. |
Will work back later on this, perhaps with a new build flag At least this allow to find an issue, fixed separately in pr #7582 |
For discussion:
@nikic can you please have a look, some changes coming from you in 7d05bc8
Using libxcrypt could also allow to add more algo, especially yescrypt which mays have interest for password hashing
(also used by pam in some modern linux distro)