| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | no | RFC | no | QA | no

Description

Declared php 8.1 support It has dependency to the laminas-authentication package

BC Break Report

| Q | A |------------ | ------ | Version | 3.8.0

Summary

Current implementation of has() and get() functions not compatible with psr/container 1.1.1 using opcache.preload or declare_strict

PHP Fatal error: Declaration of Laminas\Crypt\Symmetric\PaddingPluginManager::has(string $id) must be compatible with Psr\Container\ContainerInterface::has(string $id): bool in /var/www/.../vendor/laminas/laminas-crypt/src/Symmetric/PaddingPluginManager.php on line 32 PHP Fatal error: Declaration of Laminas\Crypt\Symmetric\PaddingPluginManager::get($id) must be compatible with Psr\Container\ContainerInterface::get(string $id): object in /var/www/.../vendor/laminas/laminas-crypt/src/Symmetric/PaddingPluginManager.php on line 43

Same for has and get in Laminas\Crypt\SymmetricPluginManager

Feature Request

| Q | A |------------ | ------ | New Feature | yes | BC Break | yes

Summary

This issue is created to keep track of the status of getting rid container-interop in the laminas components.

This PR adds an extra class for the argon2i password hash algorithm introduced with PHP7.2.

There are some open questions with this:

1. Do we really want to have 1 new class for each algorithm PHP addes? "Argon2id" is just around the corner...

2. PHP's password_verify() accepts currently both Bcrypt and Argon2i hashes. So basically you could either use the Bcrypt class or the Argon2i class to verify either hashes. This makes it pretty easy to migrate users from Bcrypt to Argon2i:

• Use the new Argon2i class as the dependency
• old bcrypt passwords are still verified correctly
• new password will be created with argon2i

3. Do we need a wrapper function for password_needs_rehash() ? This would mean we need some kind of inter-class upgrade path (from class Bcrypt to Argon2i in future php-versions). Although we dont know WHY password_needs_rehash() returns false: is it because of the algorithm or the cost value(s)?

4. This class is marked as PHP7.2+ only (it throws an exception in the constructor). Do we want to provide fallbacks of some kind for older PHP Versions?

5. Other than the algorithm no other PHP7.2+ specific features were used in this class (e. g. scalar type hints and return types) because a syntax error is much more heavy and harder to catch than a constructor-exception (Pre 7.0). Should type hints and return types get added because its a PHP7.2+ class anyway?

Originally posted by @MatthiasKuehneEllerhold at https://github.com/zendframework/zend-crypt/pull/58

At the moment, laminas-filter needs this for it's CI to pass. See

https://github.com/laminas/laminas-filter/pull/90

and one of the run failures here

https://github.com/laminas/laminas-filter/actions/runs/3717446853/jobs/6304805223

https://github.com/paragonie/sodium_compat#cryptography-primitives-provided

Zend\Crypt users interested in modern ECC may want to see sodium_compat adopted in the near future. In particular, public-key encryption via ParagonIE_Sodium_Compat::crypto_box_seal() and digital signatures via ParagonIE_Sodium_Compat::crypto_sign_detached().

I would, however, wait until sodium_compat has been audited first: https://github.com/paragonie/sodium_compat/issues/8

Originally posted by @paragonie-scott at https://github.com/zendframework/zend-crypt/issues/43

| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | no | QA | no

Description

Rebased and simplified version of #14, does not throw deprecation messages on PHP 8.1.

Replace deprecated container-interop/container-interop with psr/container

"Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead."

From Fedora QA https://apps.fedoraproject.org/koschei/package/php-zendframework-zend-crypt?collection=f28

We encounter erratic test suite failure

• Test suite fails when builder is an arm computer
• Test suite passes everywhere else

There were 4 failures:
1) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorSalsa208Core
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f81'
+'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f484900000000065397009'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:56
2) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptBlockMix
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f8120edc975323881a80540f64c162dcd3c21077cfe5f8d5fe2b1a4168f953678b77d3b3d803b60e4ab920996e59b4d53b65d2a225877d5edf5842cb9f14eefe425'
+'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f4849000000000653970092a7c7e69abf6e67f2bf8f0b400000000b769a515b7db8485d347f4e2abe448101012149261772322a53e07fdc1ba1c14f0f8df09abdae6ca620f98f800000000'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:90
3) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptROMix
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'79ccc193629debca047f0b70604bf6b62ce3dd4a9626e355fafc6198e6ea2b46d58413673b99b029d665c357601fb426a0b2f4bba200ee9f0a43d19b571a9c71ef1142e65d5a266fddca832ce59faa7cac0b9cf1be2bffca300d01ee387619c4ae12fd4438f203a0e4e1c47ec314861f4e9087cb33396a6873e8f9d2539a4b8e'
+'226231f300000000c5eefc3d0000000038da7f66d108c506ee48cef300000000e8b3ef4ffcf1b396d308bfe0c90c825800000000073b2afc3cf1324600000000f73554500000000099e71816a8457c49a8e6ce14a6af6b0e88636ac921c78dbe8b3ddc7f1e0c19bf8b30e6b0436369ec867beb125b63f26059db393c297e83f3'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:124
4) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScrypt
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'d33c6ec1818daaf728f55afadfeaa558b38efa81305b3521a7f12f4be097e84d184092d2a2e93bf71fd1efe052710f66b956ce45da43aa9099de7406d3a05e2a'
+'caf1c85d0594b50d3ad3b16de5fcda6e5b814fa32bf16bdbd5b43e60af6b227f8496a2a619338c13a996a24d0d8e6bb014e499ba00823121524939f66b4f1c35'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:142

P.S. arm is quite common on low cost devices (ex: raspberry pi)

Originally posted by @remicollet at https://github.com/zendframework/zend-crypt/issues/53

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

• composer.json (composer)
• .github/workflows/auto-close.yml (github-actions)
• .github/workflows/continuous-integration.yml (github-actions)
• .github/workflows/docs-build.yml (github-actions)
• .github/workflows/release-on-milestone-closed.yml (github-actions)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Automerge patch and minor upgrades if they pass tests.
• If automerging, push the new commit directly to the base branch (no PR).
• Wait for branch tests to pass or fail before creating the PR.
• Rebase existing PRs any time the base branch has been updated.
• Separate major versions of dependencies into individual branches/PRs.
• Do not separate patch and minor upgrades into separate PRs for the same dependency.
• Raise PR when vulnerability alerts are detected.
• Evaluate schedules according to timezone UTC.
• Append Signed-off-by: to signoff Git commits.
• Apply label renovate to PRs.
• Group all minor and patch updates together.
• Default configuration for repositories in the Laminas organisation

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

What to Expect

With your current configuration, Renovate will create 2 Pull Requests:

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

Read more information about the use of Renovate Bot within Laminas.

| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | yes | QA | yes

Description

This patch prepares for the Renovate-Bot, performing the following changes:

• DROPS support for PHP 7.3
• Updates to Laminas CI 2.3 series (disabling strict types sniff), and applies automated and manual phpcs fixes as flagged by the Laminas CS
• Adds a platform PHP configuration settings
• Updates the CI and release workflows to use the automated workflows