Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compatibility with libargon2 versions 20161029 and 20160821 #2582

Closed
wants to merge 1 commit into from
Closed

Compatibility with libargon2 versions 20161029 and 20160821 #2582

wants to merge 1 commit into from

Conversation

charlesportwoodii
Copy link
Contributor

@charlesportwoodii charlesportwoodii commented Jun 18, 2017

Information

libargon2 20161029 introduces the type parameter to theargon2_encodedlen function that is not present in 20160821.

This change is a preemptive patch against the Argon2 functionality introduced in #1997 to ensure compatibility with both versions.

With the release of Debian Stretch today, it seems like 20160821 is what is being packaged (see https://packages.debian.org/stretch/mips/libs/libargon2-0), however other distributions may package 20161029. Additionally end users may download the latest libargon2 20161029 and compile against it directly instead of using the one provided by their OS.

This patch does not introduce any new functionality into PHP.


Technical Details

A check against the argon2id_hash_raw function is used as the Argon2_version enum in the lib wasn't bumped in P-H-C/phc-winner-argon2@2016082...2016102#diff-7d1c36b407eae6a25b79dad261dd5c6eL212 and libargon2 doesn't expose any way to detect the build versioning string.

On Linux, all tests pass against both 20161029 and 20160821 . I can verify the config.win32 updates work on Windows, however I'm seeing linkage issues against zendparse in VS2017 using the latest php-sdk and windows build instructions. As I'm seeing this issue against the base deps as well I don't think this is an issue with this patch.

If desired, the argon2 library in PHP-SDK deps can be bumped to 20161029 with this patch.


Discussion Topics

I don't believe this necessitates an RFC or a larger mailing list discussion, however I'll open one up if there are concerns. If I need to file a separate bug report to reference this against this let me know.

Please advise if the config.win32 feature check can be improved upon.

Thanks

libargon2 20161029 introduces the `type` parameter to the argon2_encodedlen
function that is not present in 20160821. This change ensures the Argon2
functionality introduced in RFC `argon2_password_hash` is compatible with
both versions, as the library version that package maintainers package may
differ.
@php-pulls
Copy link

Comment on behalf of pollita at php.net:

498716c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants