Skip to content

Commit c908fd7

Browse files
MichaIngMichaIng
committed
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with a valid integer, higher or equal the minimum, it is applied. - If config.php does not contain the setting or an invalid integer, but the related PASSWORD_ARGON2_DEFAULT_* variable is set and contains a valid integer, it is applied instead. - If PASSWORD_ARGON2_DEFAULT_* is not set or contains no valid integer, the minimum value is applied instead. Signed-off-by: MichaIng <micha@dietpi.com>
1 parent 192cf12 commit c908fd7

1 file changed

Lines changed: 6 additions & 5 deletions

File tree

lib/private/Security/Hasher.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -67,15 +67,16 @@ public function __construct(IConfig $config) {
6767
if (\defined('PASSWORD_ARGON2I')) {
6868
// password_hash fails, when the minimum values are undershot.
6969
// In this case, ignore and revert to default
70-
if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) {
70+
if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS) >= 1) {
71+
$this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
72+
}
73+
// The minimum memory cost is 8 KiB per thread.
74+
if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8 * $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS)) {
7175
$this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
7276
}
73-
if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
77+
if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST) >= 1) {
7478
$this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST);
7579
}
76-
if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
77-
$this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
78-
}
7980
}
8081

8182
$hashingCost = $this->config->getSystemValue('hashingCost', null);

0 commit comments

Comments
 (0)