diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #32169 [Security/Core] require libsodium >= 1.0.14 (nicolas-grekas) 

This PR was merged into the 4.3 branch.

Discussion
----------

[Security/Core] require libsodium >= 1.0.14

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #32166
| License       | MIT
| Doc PR        | -

- bump libsodium to >=1.0.14
- Minimum opscost must be 3, as described in https://wiki.php.net/rfc/libsodium and in https://github.com/jedisct1/libsodium/releases/tag/1.0.15
- ParagonIE_Sodium_Compat [explicitly doesn't implement Argon2](https://github.com/paragonie/sodium_compat#features-excluded-from-this-polyfill), so it makes no sense to check for it.

Commits
-------

4fed5d3813 [Security/Core] require libsodium >= 1.0.14
This commit is contained in:
Fabien Potencier 2019-06-25 15:28:12 +02:00
parent 9830c64db0 4fed5d3813
commit 4e6951b1d3
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Component/Security/Core/Encoder/NativePasswordEncoder.php
View File

@ -33,8 +33,8 @@ final class NativePasswordEncoder implements PasswordEncoderInterface, SelfSalti
$opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);
$memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 1024);
if (2 > $opsLimit) {
throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');
if (3 > $opsLimit) {
throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');
}
if (10 * 1024 > $memLimit) {

10
src/Symfony/Component/Security/Core/Encoder/SodiumPasswordEncoder.php
View File

@ -37,8 +37,8 @@ final class SodiumPasswordEncoder implements PasswordEncoderInterface, SelfSalti
$this->opsLimit = $opsLimit ?? max(6, \defined('SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE') ? \SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE : 6);
$this->memLimit = $memLimit ?? max(64 * 1024 * 1024, \defined('SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE') ? \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE : 64 * 1024 * 2014);
if (2 > $this->opsLimit) {
throw new \InvalidArgumentException('$opsLimit must be 2 or greater.');
if (3 > $this->opsLimit) {
throw new \InvalidArgumentException('$opsLimit must be 3 or greater.');
}
if (10 * 1024 > $this->memLimit) {
@ -48,11 +48,7 @@ final class SodiumPasswordEncoder implements PasswordEncoderInterface, SelfSalti
public static function isSupported(): bool
{
if (class_exists('ParagonIE_Sodium_Compat') && method_exists('ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) {
return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available();
}
return \function_exists('sodium_crypto_pwhash_str') || \extension_loaded('libsodium');
return \function_exists('sodium_crypto_pwhash_str_needs_rehash') || \function_exists('Sodium\crypto_pwhash_str_needs_rehash');
}
/**