1/3 Updated Makefile to allow VENDOR flag (adds -vendor to version string)

2/3 Added vendor/ dir to lock down dependent pkg versions. The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still inconsistently refer to git.schwanenlied.me/, breaking build. Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an issue. Until the two aforementioned issues are resolved, locking to last-good versions is probably the best way forward for now. To build with vendored deps, use make VENDOR=1 clean all 3/3 Moved body of CI push script into bacillus/
2024-08-14 10:26:42 +00:00 · 2020-01-29 13:25:14 -08:00 · 2020-01-29 13:25:14 -08:00 · f5be3578a8
commit f5be3578a8
parent 7fe915450b
854 changed files with 287417 additions and 7 deletions
--- a/vendor/gopkg.in/hlandau/passlib.v1/abstract/compare.go
+++ b/vendor/gopkg.in/hlandau/passlib.v1/abstract/compare.go
@ -0,0 +1,11 @@
+package abstract
+
+import "crypto/subtle"
+
+// Compares two strings (typicaly password hashes) in a secure, constant-time
+// fashion. Returns true iff they are equal.
+func SecureCompare(a, b string) bool {
+	ab := []byte(a)
+	bb := []byte(b)
+	return subtle.ConstantTimeCompare(ab, bb) == 1
+}
--- a/vendor/gopkg.in/hlandau/passlib.v1/abstract/errors.go
+++ b/vendor/gopkg.in/hlandau/passlib.v1/abstract/errors.go
@ -0,0 +1,15 @@
+// Package abstract contains the abstract description of the Scheme interface,
+// plus supporting error definitions.
+package abstract
+
+import "fmt"
+
+// Indicates that password verification failed because the provided password
+// does not match the provided hash.
+var ErrInvalidPassword = fmt.Errorf("invalid password")
+
+// Indicates that password verification is not possible because the hashing
+// scheme used by the hash provided is not supported.
+var ErrUnsupportedScheme = fmt.Errorf("unsupported scheme")
+
+// © 2014 Hugo Landau <hlandau@devever.net>  MIT License
--- a/vendor/gopkg.in/hlandau/passlib.v1/abstract/scheme.go
+++ b/vendor/gopkg.in/hlandau/passlib.v1/abstract/scheme.go
@ -0,0 +1,34 @@
+package abstract
+
+// The Scheme interface provides an abstract interface to an implementation
+// of a particular password hashing scheme. The Scheme generates password
+// hashes from passwords, verifies passwords using password hashes, randomly
+// generates new stubs and can determines whether it recognises a given
+// stub or hash. It may also decide to issue upgrades.
+type Scheme interface {
+	// Hashes a plaintext UTF-8 password using a modular crypt stub. Returns the
+	// hashed password in modular crypt format.
+	//
+	// A modular crypt stub is a prefix of a hash in modular crypt format which
+	// expresses all necessary configuration information, such as salt and
+	// iteration count. For example, for sha256-crypt, a valid stub would be:
+	//
+	//     $5$rounds=6000$salt
+	//
+	// A full modular crypt hash may also be passed as the stub, in which case
+	// the hash is ignored.
+	Hash(password string) (string, error)
+
+	// Verifies a plaintext UTF-8 password using a modular crypt hash.  Returns
+	// an error if the inputs are malformed or the password does not match.
+	Verify(password, hash string) (err error)
+
+	// Returns true iff this crypter supports the given stub.
+	SupportsStub(stub string) bool
+
+	// Returns true iff this stub needs an update.
+	NeedsUpdate(stub string) bool
+
+	// Make a stub with the configured defaults. The salt is generated randomly.
+	//MakeStub() (string, error)
+}