diff options
| author | rxu <rxu@mail.ru> | 2019-12-26 19:44:22 +0700 |
|---|---|---|
| committer | rxu <rxu@mail.ru> | 2019-12-26 19:44:22 +0700 |
| commit | 186a3d40c60b4d5f11e6f399737557ef08913078 (patch) | |
| tree | ee4bb48711a3aa18b43d6ae70ec7cc5a116705f8 | |
| parent | 230472de4529c4a9c0468488bee0edc6f08086c6 (diff) | |
| download | forums-186a3d40c60b4d5f11e6f399737557ef08913078.tar forums-186a3d40c60b4d5f11e6f399737557ef08913078.tar.gz forums-186a3d40c60b4d5f11e6f399737557ef08913078.tar.bz2 forums-186a3d40c60b4d5f11e6f399737557ef08913078.tar.xz forums-186a3d40c60b4d5f11e6f399737557ef08913078.zip | |
[ticket/16266] Fix argon2 driver issue for Sodium implementation
PHPBB3-16266
| -rw-r--r-- | phpBB/phpbb/passwords/driver/argon2i.php | 19 | ||||
| -rw-r--r-- | phpBB/phpbb/passwords/driver/base_native.php | 12 |
2 files changed, 27 insertions, 4 deletions
diff --git a/phpBB/phpbb/passwords/driver/argon2i.php b/phpBB/phpbb/passwords/driver/argon2i.php index 49d7d6393e..3babbaa780 100644 --- a/phpBB/phpbb/passwords/driver/argon2i.php +++ b/phpBB/phpbb/passwords/driver/argon2i.php @@ -37,10 +37,21 @@ class argon2i extends base_native { parent::__construct($config, $helper); - // Don't allow cost factors to be below default settings - $this->memory_cost = max($memory_cost, 1024); - $this->threads = max($threads, 2); - $this->time_cost = max($time_cost, 2); + if ($this->is_sodium()) + { + // For Sodium implementation, set special cost factor values (since PHP 7.4) + // See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266 + $this->memory_cost = max($memory_cost, 256*1024); + $this->threads = 1; + $this->time_cost = max($time_cost, 3); + } + else + { + // Otherwise don't allow cost factors to be below default settings + $this->memory_cost = max($memory_cost, 1024); + $this->threads = max($threads, 2); + $this->time_cost = max($time_cost, 2); + } } /** diff --git a/phpBB/phpbb/passwords/driver/base_native.php b/phpBB/phpbb/passwords/driver/base_native.php index 87498327f9..31d3465165 100644 --- a/phpBB/phpbb/passwords/driver/base_native.php +++ b/phpBB/phpbb/passwords/driver/base_native.php @@ -58,6 +58,18 @@ abstract class base_native extends base } /** + * Check if Sodium implementation for argon2 algorithm is being used + * + * @link https://wiki.php.net/rfc/sodium.argon.hash + * + * @return bool + */ + public function is_sodium() + { + return defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium'; + } + + /** * {@inheritdoc} */ public function is_supported() |