From eb32f1d51302dc3a06360f989cfd62f557b0d872 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 25 Apr 2024 10:13:06 +0200 Subject: [PATCH] fix: also respect max value for `hashingThreads` Co-authored-by: Remi Collet Signed-off-by: Remi Collet --- lib/private/Security/Hasher.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index d962d4bef19cf..daaecf396d74f 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -39,10 +39,15 @@ class Hasher implements IHasher { public function __construct( private IConfig $config, ) { - if (\defined('PASSWORD_ARGON2ID') || \defined('PASSWORD_ARGON2I')) { - // password_hash fails, when the minimum values are undershot. - // In this case, apply minimum. - $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); + if (\defined('PASSWORD_ARGON2_PROVIDER')) { + // password_hash fails, when the minimum values are undershot or maximum overshot. So apply minimum/maximum. + /** @psalm-suppress TypeDoesNotContainType - The constant defaults to "standard" but when sodium is installed it will be "sodium" */ + if (PASSWORD_ARGON2_PROVIDER === 'sodium') { + $this->options['threads'] = 1; + } else { + // standard (libargon) or openssl + $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); + } // The minimum memory cost is 8 KiB per thread. $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);