diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-04-30 15:42:33 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-30 15:42:33 +0300 |
| commit | 8d5404b750df85a947c43aacc266c6088d8b4aed (patch) | |
| tree | e2315c5cf31ec8287f3e378172bc7a6f09d8b5ce | |
| parent | fa914f2e249b155a61078f6a8d1b352b9afec875 (diff) | |
| parent | ad606196554dadea49e5ddfa44fb54b89ba24d3e (diff) | |
Merge pull request #20710 from nextcloud/fix/argon2-options-checks
Fix Argon2 options checks
| -rw-r--r-- | lib/private/Security/Hasher.php | 15 | ||||
| -rw-r--r-- | tests/lib/Security/HasherTest.php | 5 |
2 files changed, 10 insertions, 10 deletions
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index 7a6c66d8f87..2ed21e7e427 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -67,16 +67,11 @@ class Hasher implements IHasher { if (\defined('PASSWORD_ARGON2I')) { // password_hash fails, when the minimum values are undershot. - // In this case, ignore and revert to default - if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) { - $this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST); - } - if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST); - } - if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS); - } + // In this case, apply minimum. + $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); + // The minimum memory cost is 8 KiB per thread. + $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); + $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1); } $hashingCost = $this->config->getSystemValue('hashingCost', null); diff --git a/tests/lib/Security/HasherTest.php b/tests/lib/Security/HasherTest.php index cc5cb786088..e1faef2f69b 100644 --- a/tests/lib/Security/HasherTest.php +++ b/tests/lib/Security/HasherTest.php @@ -113,6 +113,11 @@ class HasherTest extends \Test\TestCase { $this->config = $this->createMock(IConfig::class); + $this->config->method('getSystemValueInt') + ->willReturnCallback(function ($name, $default) { + return $default; + }); + $this->hasher = new Hasher($this->config); } |