Merge f4e4b1d88b into b81edff92d

go.mod

@@ -21,6 +21,6 @@ require (
 	golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
 	gopkg.in/hlandau/easymetric.v1 v1.0.0 // indirect
 	gopkg.in/hlandau/measurable.v1 v1.0.1 // indirect
-	gopkg.in/hlandau/passlib.v1 v1.0.10
+	gopkg.in/hlandau/passlib.v1 v1.0.11
 	gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840
 )

go.sum

@@ -47,5 +47,7 @@ gopkg.in/hlandau/passlib.v1 v1.0.9 h1:VfsIu2uKK6xsr9VHCtJtIgNuZ/RNUrIi67hxl8K/7G
 gopkg.in/hlandau/passlib.v1 v1.0.9/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
 gopkg.in/hlandau/passlib.v1 v1.0.10 h1:q5xh9ZHp907XTjVw8/EqG03//fnlITnIYQmv4Gn7TpE=
 gopkg.in/hlandau/passlib.v1 v1.0.10/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
+gopkg.in/hlandau/passlib.v1 v1.0.11 h1:vKeHwGRdWBD9mm4bJ56GAAdBXpFUYvg/BYYkmphjnmA=
+gopkg.in/hlandau/passlib.v1 v1.0.11/go.mod h1:wxGAv2CtQHlzWY8NJp+p045yl4WHyX7v2T6XbOcmqjM=
 gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840 h1:BftvRMCaj0KX6UeD7gnNJv0W8b4HAYTEWes978CoWlY=
 gopkg.in/yaml.v2 v2.0.0-20170208141851-a3f3340b5840/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=

vendor/gopkg.in/hlandau/passlib.v1/.travis.yml

@@ -1,12 +0,0 @@
-language: go
-os:
-  - linux
-go:
-  - 1.10
-  - tip
-sudo: false
-install:
-  - mkdir -p $HOME/gopath/src/gopkg.in/hlandau/
-  - ln -s $TRAVIS_BUILD_DIR $HOME/gopath/src/gopkg.in/hlandau/passlib.v1
-  - cd $HOME/gopath/src/gopkg.in/hlandau/passlib.v1
-  - go get

vendor/gopkg.in/hlandau/passlib.v1/README.md

@@ -1,100 +0,0 @@
-passlib for go
-==============
-
-[![GoDoc](https://godoc.org/gopkg.in/hlandau/passlib.v1?status.svg)](https://godoc.org/gopkg.in/hlandau/passlib.v1) [![Build Status](https://travis-ci.org/hlandau/passlib.svg?branch=master)](https://travis-ci.org/hlandau/passlib)
-
-[Python's passlib](https://pythonhosted.org/passlib/) is quite an amazing
-library. I'm not sure there's a password library in existence with more thought
-put into it, or with more support for obscure password formats.
-
-This is a skeleton of a port of passlib to Go. It dogmatically adopts the
-modular crypt format, which [passlib has excellent documentation for](https://pythonhosted.org/passlib/modular_crypt_format.html#modular-crypt-format).
-
-Currently, it supports:
-
-  - sha256-crypt
-  - sha512-crypt
-  - scrypt-sha256
-  - bcrypt
-  - passlib's bcrypt-sha256 variant
-  - pbkdf2-sha1 (in passlib format)
-  - pbkdf2-sha256 (in passlib format)
-  - pbkdf2-sha512 (in passlib format)
-
-By default, it will hash using scrypt-sha256 and verify existing hashes using
-any of these schemes.
-
-Example Usage
--------------
-There's a default context for ease of use. Most people need only concern
-themselves with the functions `Hash` and `Verify`:
-
-```go
-// Hash a plaintext, UTF-8 password.
-func Hash(password string) (hash string, err error)
-
-// Verifies a plaintext, UTF-8 password using a previously derived hash.
-// Returns non-nil err if verification fails.
-//
-// Also returns an upgraded password hash if the hash provided is
-// deprecated.
-func Verify(password, hash string) (newHash string, err error)
-```
-
-Here's a rough skeleton of typical usage.
-
-```go
-import "gopkg.in/hlandau/passlib.v1"
-
-func RegisterUser() {
-  (...)
-
-  password := get a (UTF-8, plaintext) password from somewhere
-
-  hash, err := passlib.Hash(password)
-  if err != nil {
-    // couldn't hash password for some reason
-    return
-  }
-
-  (store hash in database, etc.)
-}
-
-func CheckPassword() bool {
-  password := get the password the user entered
-  hash := the hash you stored from the call to Hash()
-
-  newHash, err := passlib.Verify(password, hash)
-  if err != nil {
-    // incorrect password, malformed hash, etc.
-    // either way, reject
-    return false
-  }
-
-  // The context has decided, as per its policy, that
-  // the hash which was used to validate the password
-  // should be changed. It has upgraded the hash using
-  // the verified password.
-  if newHash != "" {
-    (store newHash in database, replacing old hash)
-  }
-
-  return true
-}
-```
-
-scrypt Modular Crypt Format
----------------------------
-Since scrypt does not have a pre-existing modular crypt format standard, I made one. It's as follows:
-
-    $s2$N$r$p$salt$hash
-
-...where `N`, `r` and `p` are the respective difficulty parameters to scrypt as positive decimal integers without leading zeroes, and `salt` and `hash` are base64-encoded binary strings. Note that the RFC 4648 base64 encoding is used (not the one used by sha256-crypt and sha512-crypt).
-
-Licence
--------
-passlib is partially derived from Python's passlib and so maintains its BSD license.
-
-    © 2008-2012 Assurance Technologies LLC.  (Python passlib)  BSD License
-    © 2014 Hugo Landau <hlandau@devever.net>  BSD License
-

vendor/gopkg.in/hlandau/passlib.v1/hash/pbkdf2/raw/pbkdf2.go

@@ -7,7 +7,7 @@ import (
 
 const (
 	MinRounds = 1
-	MaxRounds = 0xffffffff // setting at 32-bit limit for now
+	MaxRounds = 0x7fffffff // setting at 32-bit signed integer limit for now
 )
 
 func Hash(password, salt []byte, rounds int, hf func() hash.Hash) (hash string) {

vendor/modules.txt

@@ -62,7 +62,7 @@ gopkg.in/hlandau/easymetric.v1/cexp
 # gopkg.in/hlandau/measurable.v1 v1.0.1
 ## explicit
 gopkg.in/hlandau/measurable.v1
-# gopkg.in/hlandau/passlib.v1 v1.0.10
+# gopkg.in/hlandau/passlib.v1 v1.0.11
 ## explicit
 gopkg.in/hlandau/passlib.v1
 gopkg.in/hlandau/passlib.v1/abstract