- m4 and Windows configure scripts now forces Argon2 reference library version >= 20161029
- Implementation tested against 20161029 and 20171227 for Argon2id support
- Updates Argon2 ext/standard/password/tests to run tests for both Argon2i and Argon2id
libargon2 20161029 introduces the `type` parameter to the argon2_encodedlen
function that is not present in 20160821. This change ensures the Argon2
functionality introduced in RFC `argon2_password_hash` is compatible with
both versions, as the library version that package maintainers package may
differ.
Argon2d is not suitable for password_hashing. To ensure best practices
within password_*, Argon2d was removed.
--with-argon2 implies the full feature set of Argon2, whereas this
feature only implements Argon2i within password_*. Consequently
the feature flag was renamed to --with-password-argon2
- Configure flag now accepts --with-argon2 for dynamic linking with
libargon2. Argon2 will be enabled in password_* only if this
flag is passed.
- --with-argon2 config flag allows user passed directory for linking
- Added Argon2 specific tests to ensure existing tests do not fail
when argon2 is disable
Starting with glibc-2.17, the crypt() function will report an EINVAL
and return NULL when the format of the "salt" parameter is
invalid. The current tests for crypt() pass its result to strcmp(),
causing segfaults when the value returned from crypt() is NULL.
This commit modifies the test programs to exit with failure when
crypt() returns NULL.
Reference: https://bugs.gentoo.org/show_bug.cgi?id=518964
There has been a lot of discussion around whether arc4random should be included. Given how many different impementations of it are in the wild, we can't guarantee a secure implementation on all platforms.
Fix to_read, throw exception if syscall fails
Fixes thanks to feedback from sarnold at ##crypto on freenode
Correction on error conditions
Remove dead code (thanks @defuse)
It turns out getrandom can take >256, getentropy refuses.
Better semantics
Thanks @defuse for catching my silly mistake here
Cast to size_t to be explicit
Let's simplify the logic a bit
Let's be consistent; define everything before we do any logic
Continuously check that the file descriptor is still a valid one
Add device type check on fd initialization
