php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #78269
Patch php73.patch revision 2019-07-10 09:16 UTC by remi@php.net
Patch php72.patch revision 2019-07-10 09:16 UTC by remi@php.net

Patch php73.patch for *Encryption and hash functions Bug #78269

Patch version 2019-07-10 09:16 UTC

Return to Bug #78269 | Download this patch
Patch Revisions:

Developer: remi@php.net

diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
index 0c2f83c650..f9b55be8f6 100644
--- a/ext/standard/php_password.h
+++ b/ext/standard/php_password.h
@@ -31,9 +31,9 @@ PHP_MINIT_FUNCTION(password);
 #define PHP_PASSWORD_BCRYPT_COST 10
 
 #if HAVE_ARGON2LIB
-#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
-#define PHP_PASSWORD_ARGON2_TIME_COST 2
-#define PHP_PASSWORD_ARGON2_THREADS 2
+#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)
+#define PHP_PASSWORD_ARGON2_TIME_COST 4
+#define PHP_PASSWORD_ARGON2_THREADS 1
 #endif
 
 typedef enum {
diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
index 9552be1dc9..69588d02ad 100644
--- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt
+++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
@@ -10,24 +10,20 @@ if (!defined('PASSWORD_ARGON2ID')) die('skip password_hash not built with Argon2
 
 $hash = password_hash('test', PASSWORD_ARGON2I);
 var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 4]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 4]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
 
 $hash = password_hash('test', PASSWORD_ARGON2ID);
 var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => 1<<17]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => 4]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['threads' => 4]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
+
 echo "OK!";
-?>
 --EXPECT--
 bool(false)
 bool(true)
 bool(true)
-bool(true)
 bool(false)
 bool(true)
 bool(true)
-bool(true)
 OK!
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Aug 06 13:01:26 2020 UTC