diff options
| author | MichaIng <micha@dietpi.com> | 2020-04-28 21:04:34 +0200 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2020-05-01 09:37:24 +0000 |
| commit | e5f1523577dc027621092d95166f20fcee95cf96 (patch) | |
| tree | f6e0f8a91ca56cc5c93bd23e169ca950b770cbb8 /lib/private/Security | |
| parent | cfd6f0b6fbbbb6d1597ff6dce6dfc3270af40c0f (diff) | |
| download | nextcloud-server-e5f1523577dc027621092d95166f20fcee95cf96.tar.gz nextcloud-server-e5f1523577dc027621092d95166f20fcee95cf96.zip | |
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Security')
| -rw-r--r-- | lib/private/Security/Hasher.php | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index 882f80ea2bf..e28b3856678 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -65,16 +65,11 @@ class Hasher implements IHasher { if (\defined('PASSWORD_ARGON2I')) { // password_hash fails, when the minimum values are undershot. - // In this case, ignore and revert to default - if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) { - $this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST); - } - if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST); - } - if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS); - } + // In this case, apply minimum. + $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); + // The minimum memory cost is 8 KiB per thread. + $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); + $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1); } $hashingCost = $this->config->getSystemValue('hashingCost', null); |