Skip to content

Commit dd17608

Browse files
MichaIngMichaIng
committed
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com>
1 parent 192cf12 commit dd17608

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

lib/private/Security/Hasher.php

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -66,16 +66,11 @@ public function __construct(IConfig $config) {
6666

6767
if (\defined('PASSWORD_ARGON2I')) {
6868
// password_hash fails, when the minimum values are undershot.
69-
// In this case, ignore and revert to default
70-
if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) {
71-
$this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
72-
}
73-
if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
74-
$this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST);
75-
}
76-
if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
77-
$this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
78-
}
69+
// In this case, apply minimum.
70+
$this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
71+
// The minimum memory cost is 8 KiB per thread.
72+
$this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8);
73+
$this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);
7974
}
8075

8176
$hashingCost = $this->config->getSystemValue('hashingCost', null);

0 commit comments

Comments
 (0)