- Proper management commands (.account 2fa)
- Secrets can now be encrypted (set TOTPTokenSecret in .conf)
- Secret now stored in binary
- Argon2 and AES primitives
- Base32/64 support
(cherry picked from commit 4211645834)
- no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA)
- salt/verifier/session_key are now binary
- old s/v/sha_pass_hash fields kept around for backwards compatibility
- sha_pass_hash is still updated (for now), s/v are not
- sha_pass_hash is only read if s/v have been manually changed
- SRP6 b now uses the full 32 bytes of randomness (instead of randomly only using 19)
(cherry picked from commit 3164b58c7d)
- Did you know BigNumber quietly assumes every byte array it gets is little-endian, even though openssl bignums use big-endian? Now you do!
- In entirely unrelated news, make the above behavior explicit through a default-true boolean, same as existing GetBytes derivatives.
- Also, if you are in the enlightened openssl 1.1 crowd, there's no more endian wrangling involved, because openssl now does all of that for us. Progress!
(cherry picked from commit 5e36bf7c67)
- Fix a handful of 1/256 bugs with most significant byte zero in BigNumber
- Get rid of (most of) the C-style arrays in authserver
- CryptoRandom as a unified source for cryptographic randomness
- Bring our other crypto APIs into 2020
- BigNumber usability improvements
- Authserver is now actually readable as a result of all of the above
(cherry picked from commit 210176fd91)
Support for both OpenSSL 1.0 LTS and OpenSSL 1.1 versions.
Many Linux distributions are still on 1.0 and will stay on LTS for quite
some time.
Port of CMaNGOS commit: e1b0048f05
