PHP requires integer typehints to be written "int" and does not
allow "integer" as an alias. This changes type error messages to
match the actual type name and avoids confusing messages like
"must be of the type integer, integer given".
Apparently, `argon2_encodedlen()` also counts the terminating NUL byte;
that doesn't appear to be documented somewhere, but from looking at the
implementation[1] it is pretty obvious. Therefore, the respective
`zend_string` has to be one byte shorter.
[1] <https://github.com/P-H-C/phc-winner-argon2/blob/20161029/src/argon2.c#L431-L436>
Argon2d is not suitable for password_hashing. To ensure best practices
within password_*, Argon2d was removed.
--with-argon2 implies the full feature set of Argon2, whereas this
feature only implements Argon2i within password_*. Consequently
the feature flag was renamed to --with-password-argon2
- Configure flag now accepts --with-argon2 for dynamic linking with
libargon2. Argon2 will be enabled in password_* only if this
flag is passed.
- --with-argon2 config flag allows user passed directory for linking
- Added Argon2 specific tests to ensure existing tests do not fail
when argon2 is disable
The deprecation of DES salts created a warning when trying to verify them with password_hash. This bug fix adds a quiet mode to php_crypt() which is used by password_verify.
Gabriel Caruso