mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Merge pull request #5790 from rxu/ticket/16266

Browse Source 
[ticket/16266] Fix argon2 driver issue for Sodium implementation
This commit is contained in:
Marc Alexander
2019-12-29 21:43:06 +01:00
parent 71a1c9fee7 c71d4c364a
commit 036871cd95
2 changed files with 60 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
phpBB/phpbb/passwords/driver/argon2i.php
View File

@@ -37,10 +37,23 @@ class argon2i extends base_native
{
parent::__construct($config, $helper);
// Don't allow cost factors to be below default settings
$this->memory_cost = max($memory_cost, 1024);
$this->threads = max($threads, 2);
$this->time_cost = max($time_cost, 2);
// Workaround to prevent "Use of undefined constant" warning on some unsupported PHP installations
if (!defined('PASSWORD_ARGON2I'))
{
define('PASSWORD_ARGON2_DEFAULT_MEMORY_COST', 1024);
define('PASSWORD_ARGON2_DEFAULT_TIME_COST', 2);
define('PASSWORD_ARGON2_DEFAULT_THREADS', 1);
}
/**
* For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor
* See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266
* Don't allow cost factors to be below default settings where possible
*/
$this->memory_cost = max($memory_cost, PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
$this->time_cost = max($time_cost, PASSWORD_ARGON2_DEFAULT_TIME_COST);
$this->threads = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ?
PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, PASSWORD_ARGON2_DEFAULT_THREADS);
}
/**