Patch php72.patch for *Encryption and hash functions Bug #78269
Patch version 2019-07-10 09:16 UTC
Return to Bug #78269 |
Download this patch
Patch Revisions:
Developer: remi@php.net
diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
index c7dca73839..ada0c802f2 100644
--- a/ext/standard/php_password.h
+++ b/ext/standard/php_password.h
@@ -33,9 +33,9 @@ PHP_MINIT_FUNCTION(password);
#define PHP_PASSWORD_BCRYPT_COST 10
#if HAVE_ARGON2LIB
-#define PHP_PASSWORD_ARGON2_MEMORY_COST 1<<10
-#define PHP_PASSWORD_ARGON2_TIME_COST 2
-#define PHP_PASSWORD_ARGON2_THREADS 2
+#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)
+#define PHP_PASSWORD_ARGON2_TIME_COST 4
+#define PHP_PASSWORD_ARGON2_THREADS 1
#endif
typedef enum {
diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
index 0b5fede1e3..129bed5989 100644
--- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt
+++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
@@ -9,14 +9,12 @@ if (!defined('PASSWORD_ARGON2I')) die('skip password_needs_rehash not built with
$hash = password_hash('test', PASSWORD_ARGON2I);
var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 4]));
-var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 4]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST +1]));
echo "OK!";
?>
--EXPECT--
bool(false)
bool(true)
bool(true)
-bool(true)
OK!
|