makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/16266] Fix argon2 driver issue for Sodium implementation

Browse source 
PHPBB3-16266
This commit is contained in:
rxu 2019-12-26 19:44:22 +07:00
parent 230472de45
commit 186a3d40c6
No known key found for this signature in database
GPG key ID: 955F0567380E586A
2 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
phpBB/phpbb/passwords/driver/argon2i.php
View file

@ -37,10 +37,21 @@ class argon2i extends base_native
{ {
parent::__construct($config, $helper); parent::__construct($config, $helper);
// Don't allow cost factors to be below default settings if ($this->is_sodium())
$this->memory_cost = max($memory_cost, 1024); {
$this->threads = max($threads, 2); // For Sodium implementation, set special cost factor values (since PHP 7.4)
$this->time_cost = max($time_cost, 2); // See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266
$this->memory_cost = max($memory_cost, 256*1024);
$this->threads = 1;
$this->time_cost = max($time_cost, 3);
}
else
{
// Otherwise don't allow cost factors to be below default settings
$this->memory_cost = max($memory_cost, 1024);
$this->threads = max($threads, 2);
$this->time_cost = max($time_cost, 2);
}
} }
/** /**

12
phpBB/phpbb/passwords/driver/base_native.php
View file

@ -57,6 +57,18 @@ abstract class base_native extends base
return password_hash($password, $this->get_algo_value(), $this->get_options()); return password_hash($password, $this->get_algo_value(), $this->get_options());
} }
/**
* Check if Sodium implementation for argon2 algorithm is being used
*
* @link https://wiki.php.net/rfc/sodium.argon.hash
*
* @return bool
*/
public function is_sodium()
{
return defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium';
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */