From 3669849368b8b39d661e08c2476c510cd4fc7445 Mon Sep 17 00:00:00 2001 From: rxu Date: Sat, 28 Dec 2019 12:20:51 +0700 Subject: [ticket/16266] Refactor patch using argon2 predefined constants PHPBB3-16266 --- phpBB/phpbb/passwords/driver/argon2i.php | 9 +++++---- phpBB/phpbb/passwords/driver/base_native.php | 19 ------------------- 2 files changed, 5 insertions(+), 23 deletions(-) (limited to 'phpBB/phpbb/passwords/driver') diff --git a/phpBB/phpbb/passwords/driver/argon2i.php b/phpBB/phpbb/passwords/driver/argon2i.php index f4a6e3e644..f622ad889b 100644 --- a/phpBB/phpbb/passwords/driver/argon2i.php +++ b/phpBB/phpbb/passwords/driver/argon2i.php @@ -38,13 +38,14 @@ class argon2i extends base_native parent::__construct($config, $helper); /** - * For Sodium implementation of argon2 algorithm, set special cost factor values (since PHP 7.4) + * For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor * See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266 * Don't allow cost factors to be below default settings where possible */ - $this->memory_cost = $this->is_sodium() ? max($memory_cost, 256 * 1024) : max($memory_cost, 1024); - $this->threads = $this->is_sodium() ? 1 : max($threads, 2); - $this->time_cost = $this->is_sodium() ? max($time_cost, 3) : max($time_cost, 2); + $this->memory_cost = max($memory_cost, PASSWORD_ARGON2_DEFAULT_MEMORY_COST); + $this->time_cost = max($time_cost, PASSWORD_ARGON2_DEFAULT_TIME_COST); + $this->threads = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? + PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, PASSWORD_ARGON2_DEFAULT_THREADS); } /** diff --git a/phpBB/phpbb/passwords/driver/base_native.php b/phpBB/phpbb/passwords/driver/base_native.php index ab2e9f83a4..87498327f9 100644 --- a/phpBB/phpbb/passwords/driver/base_native.php +++ b/phpBB/phpbb/passwords/driver/base_native.php @@ -57,25 +57,6 @@ abstract class base_native extends base return password_hash($password, $this->get_algo_value(), $this->get_options()); } - /** - * Check if Sodium implementation for argon2 algorithm is being used - * - * @link https://wiki.php.net/rfc/sodium.argon.hash - * - * @return bool - */ - public function is_sodium() - { - static $is_sodium; - - if (!isset($is_sodium)) - { - $is_sodium = defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium'; - } - - return $is_sodium; - } - /** * {@inheritdoc} */ -- cgit v1.2.1