Not such as fix but taking more precautions.
Indeed, the arc4random has two little flaws in this platform,
one already caught upfront by the extension (ie size 0), also
internal use of ccrng_generate which can silently fail in few rare
cases.
Closes#7824.
We already tried this in PHP 7.4, but ran into issues, because
alpine did not support pkg-config for libargon2 (or had a broken
pc file, not sure). The Alpine issue has been resolved in the
meantime, so let's give this another try.
Based on:
"Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction"
V. Gopal, E. Ozturk, et al., 2009, http://intel.ly/2ySEwL0
Signed-off-by: Frank Du <frank.du@intel.com>
Closes GH-6018
Looking at the history of this function, the original implementation had a bug where
it would return from the middle of the function without unlocking the mutex first.
The author attempted to fix this by incrementing the `initialized` flag atomically,
which is not necessary, since the section which modifies the flag is protected by a
mutex.
Coincidentally, at the same time that all this unnecessary 'atomic' machinery was
introduced, the code was also changed so that it didn't return without unlocking the
mutex. So it looks like the bug was fixed by accident.
It's not necessary to declare the flag as `volatile` either, since it is protected
by a mutex.
Further, the 'fixed' implementation was also wrong in another respect: on Windows
and Solaris, the `initialized` flag was not even declared as `static`!! So the
initialization of the static tables for S-boxes, P-boxes, etc. was repeated on
each call to `php_crypt`, completely defeating the purpose of this function.
C99 no longer has implicit function declarations and implicit ints.
Current GCC versions enable them as an extension, but this will
change in a future GCC version.
Removed unused checks:
- mbsinit check removed, HAVE_MBSINIT removed (not used in php-src)
- mempcpy check removed, HAVE_MEMPCPY removed (not used in php-src anymore since
560ed89bfb which uses PHP's own implementation)
- strpncpy check removed, added via a8c9e893b6 and
not used.
- setpgid check removed since HAVE_SETPGID is not used
Moved to a central configure.ac:
- fpclass
- mbrlen moved to configure.ac (since the HAVE_MBRLEN is used accross the php-src)
- sigprocmask
- getcwd
- getwd
- glob
- strfmon
- nice
Duplicated checks removed:
- gethostname
- getlogin
- getpwuid_r
- socketpair
- mprotect check simplified
Some headers were checked multiple times in the main configure.ac file
and in the bundled extensions or SAPIs themselves. Also many of these
checks are then used accross other extensions or SAPIs so a central
configure.ac makes most sense for these checks.
This reverts commit bdcef51bcb.
It seems that pkg-config support for libargon2 is still flaky:
* No pc file on Alpine.
* Custom builds of released libargon2 versions create a broken
pc file. This is fixed in master, but not released.
Go back to the old detection code for now.
Normalization include:
- Use dnl for everything that can be ommitted when configure is built in
favor of the shell comment character # which is visible in the output.
- Line length normalized to 80 columns
- Dots for most of the one line sentences
- Macro definitions include similar pattern header comments now
- remove some outdated and not used macro calls
- remove some unused variables
- Remove not needed comment from tokenizer config.m4
- Remove not needed comment
- remove not needed local variables for editors and syntax highlighting
This fixes two minor Autoconf coding styles. Double quotes in arguments
don't need to be escaped. This removes warning given by autoreconf:
- warning: back quotes and double quotes must not be escaped in...
Autoconf 2.50 released in 2001 made several macros obsolete including
the AC_TRY_RUN, AC_TRY_COMPILE and AC_TRY_LINK:
http://git.savannah.gnu.org/cgit/autoconf.git/tree/ChangeLog.2
These macros should be replaced with the current AC_FOO_IFELSE instead:
- AC_TRY_RUN with AC_RUN_IFELSE and AC_LANG_SOURCE
- AC_TRY_LINK with AC_LINK_IFELSE and AC_LANG_PROGRAM
- AC_TRY_COMPILE with AC_COMPILE_IFELSE and AC_LANG_PROGRAM
PHP 5.4 to 7.1 require Autoconf 2.59+ version, PHP 7.2 and above require
2.64+ version, and the PHP 7.2 phpize script requires 2.59+ version which
are all greater than above mentioned 2.50 version therefore systems
should be well supported by now.
This patch was created with the help of autoupdate script:
autoupdate <file>
Reference docs:
- https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Obsolete-Macros.html
- https://www.gnu.org/software/autoconf/manual/autoconf-2.59/autoconf.pdf
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
- m4 and Windows configure scripts now forces Argon2 reference library version >= 20161029
- Implementation tested against 20161029 and 20171227 for Argon2id support
- Updates Argon2 ext/standard/password/tests to run tests for both Argon2i and Argon2id
libargon2 20161029 introduces the `type` parameter to the argon2_encodedlen
function that is not present in 20160821. This change ensures the Argon2
functionality introduced in RFC `argon2_password_hash` is compatible with
both versions, as the library version that package maintainers package may
differ.
David Carlier