From f0f98fdbdcd46fad72f985bb06a5e7c08737ad52 Mon Sep 17 00:00:00 2001 From: haszi Date: Wed, 7 Feb 2024 15:08:45 +0100 Subject: [PATCH 1/6] Align macro definitions between password.h and sodium_pwhash.c --- ext/sodium/sodium_pwhash.c | 12 ++++++++++++ ext/standard/php_password.h | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c index 45e206bcd9435..fc10ce00b9f38 100644 --- a/ext/sodium/sodium_pwhash.c +++ b/ext/sodium/sodium_pwhash.c @@ -34,9 +34,21 @@ * * When updating these values, synchronize ext/standard/php_password.h values. */ +#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST) +#define PHP_SODIUM_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST +#else #define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10) +#endif +#if defined(PHP_PASSWORD_ARGON2_TIME_COST) +#define PHP_SODIUM_PWHASH_OPSLIMIT PHP_PASSWORD_ARGON2_TIME_COST +#else #define PHP_SODIUM_PWHASH_OPSLIMIT 4 +#endif +#if defined(PHP_SODIUM_PWHASH_THREADS) +#define PHP_SODIUM_PWHASH_THREADS PHP_SODIUM_PWHASH_THREADS +#else #define PHP_SODIUM_PWHASH_THREADS 1 +#endif static inline int get_options(zend_array *options, size_t *memlimit, size_t *opslimit) { zval *opt; diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index aa74b1a58f0dd..d1d6bd0937ce0 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -29,10 +29,22 @@ PHP_MSHUTDOWN_FUNCTION(password); * When updating these values, synchronize ext/sodium/sodium_pwhash.c values. * Note that libargon expresses memlimit in KB, while libsoidum uses bytes. */ +#if defined(PHP_SODIUM_PWHASH_MEMLIMIT) +#define PHP_PASSWORD_ARGON2_MEMORY_COST PHP_SODIUM_PWHASH_MEMLIMIT +#else #define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10) +#endif +#if defined(PHP_SODIUM_PWHASH_OPSLIMIT) +#define PHP_PASSWORD_ARGON2_TIME_COST PHP_SODIUM_PWHASH_OPSLIMIT +#else #define PHP_PASSWORD_ARGON2_TIME_COST 4 +#endif +#if defined(PHP_SODIUM_PWHASH_THREADS) +#define PHP_PASSWORD_ARGON2_THREADS PHP_SODIUM_PWHASH_THREADS +#else #define PHP_PASSWORD_ARGON2_THREADS 1 #endif +#endif typedef struct _php_password_algo { const char *name; From a8fe974da65ab5428eac894e99e5b9152bdd0c21 Mon Sep 17 00:00:00 2001 From: haszi Date: Wed, 7 Feb 2024 18:21:45 +0100 Subject: [PATCH 2/6] Move some password and sodium constants to stub files --- ext/sodium/php_libsodium.h | 24 ++++++++++++++++++++ ext/sodium/sodium_pwhash.c | 35 +++--------------------------- ext/sodium/sodium_pwhash.stub.php | 29 +++++++++++++++++++++++++ ext/sodium/sodium_pwhash_arginfo.h | 13 +++++++++++ ext/standard/password.c | 18 ++++++--------- ext/standard/password.stub.php | 19 ++++++++++++++++ ext/standard/password_arginfo.h | 11 ++++++++++ 7 files changed, 106 insertions(+), 43 deletions(-) create mode 100644 ext/sodium/sodium_pwhash.stub.php create mode 100644 ext/sodium/sodium_pwhash_arginfo.h create mode 100644 ext/standard/password.stub.php create mode 100644 ext/standard/password_arginfo.h diff --git a/ext/sodium/php_libsodium.h b/ext/sodium/php_libsodium.h index 3ea4571def40a..dae5edb0179f7 100644 --- a/ext/sodium/php_libsodium.h +++ b/ext/sodium/php_libsodium.h @@ -34,6 +34,30 @@ extern zend_module_entry sodium_module_entry; #define SODIUM_CRYPTO_SIGN_KEYPAIRBYTES() crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES +/** + * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to + * present a consistent user-facing API. + * + * Threads are fixed at 1 by libsodium. + * + * When updating these values, synchronize ext/standard/php_password.h values. + */ +#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST) +#define PHP_SODIUM_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST +#else +#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10) +#endif +#if defined(PHP_PASSWORD_ARGON2_TIME_COST) +#define PHP_SODIUM_PWHASH_OPSLIMIT PHP_PASSWORD_ARGON2_TIME_COST +#else +#define PHP_SODIUM_PWHASH_OPSLIMIT 4 +#endif +#if defined(PHP_SODIUM_PWHASH_THREADS) +#define PHP_SODIUM_PWHASH_THREADS PHP_SODIUM_PWHASH_THREADS +#else +#define PHP_SODIUM_PWHASH_THREADS 1 +#endif + PHP_MINIT_FUNCTION(sodium); PHP_MINIT_FUNCTION(sodium_password_hash); PHP_MSHUTDOWN_FUNCTION(sodium); diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c index fc10ce00b9f38..68750f70bb847 100644 --- a/ext/sodium/sodium_pwhash.c +++ b/ext/sodium/sodium_pwhash.c @@ -19,37 +19,14 @@ #endif #include "php.h" -#include "php_libsodium.h" #include "ext/standard/php_password.h" +#include "php_libsodium.h" +#include "sodium_pwhash_arginfo.h" #include #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) -/** - * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to - * present a consistent user-facing API. - * - * Threads are fixed at 1 by libsodium. - * - * When updating these values, synchronize ext/standard/php_password.h values. - */ -#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST) -#define PHP_SODIUM_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST -#else -#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10) -#endif -#if defined(PHP_PASSWORD_ARGON2_TIME_COST) -#define PHP_SODIUM_PWHASH_OPSLIMIT PHP_PASSWORD_ARGON2_TIME_COST -#else -#define PHP_SODIUM_PWHASH_OPSLIMIT 4 -#endif -#if defined(PHP_SODIUM_PWHASH_THREADS) -#define PHP_SODIUM_PWHASH_THREADS PHP_SODIUM_PWHASH_THREADS -#else -#define PHP_SODIUM_PWHASH_THREADS 1 -#endif - static inline int get_options(zend_array *options, size_t *memlimit, size_t *opslimit) { zval *opt; @@ -195,19 +172,13 @@ PHP_MINIT_FUNCTION(sodium_password_hash) /* {{{ */ { if (FAILURE == php_password_algo_register("argon2i", &sodium_algo_argon2i)) { return FAILURE; } - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT); + register_sodium_pwhash_symbols(module_number); if (FAILURE == php_password_algo_register("argon2id", &sodium_algo_argon2id)) { return FAILURE; } REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_SODIUM_PWHASH_MEMLIMIT, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_SODIUM_PWHASH_OPSLIMIT, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_SODIUM_PWHASH_THREADS, CONST_PERSISTENT); - - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "sodium", CONST_PERSISTENT); - return SUCCESS; } /* }}} */ diff --git a/ext/sodium/sodium_pwhash.stub.php b/ext/sodium/sodium_pwhash.stub.php new file mode 100644 index 0000000000000..8280caffe429b --- /dev/null +++ b/ext/sodium/sodium_pwhash.stub.php @@ -0,0 +1,29 @@ + Date: Fri, 9 Feb 2024 19:42:03 +0100 Subject: [PATCH 3/6] Address review comments Move all remaining PASSWORD constants to stub files Assign string values directly to PHP variables in stubs Wrap all sodium_pwhash function calls and C constants in argon2lib and libsodium version checks --- ext/sodium/libsodium.c | 2 +- ext/sodium/php_libsodium.h | 6 +++++ ext/sodium/sodium_pwhash.c | 18 +++++---------- ext/sodium/sodium_pwhash.stub.php | 12 ++++++---- ext/sodium/sodium_pwhash_arginfo.h | 15 ++++++++++++- ext/standard/password.c | 7 ------ ext/standard/password.stub.php | 36 ++++++++++++++++++++++++++---- ext/standard/password_arginfo.h | 20 ++++++++++++++++- 8 files changed, 85 insertions(+), 31 deletions(-) diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c index 6a71d37a34903..6b51c43e34140 100644 --- a/ext/sodium/libsodium.c +++ b/ext/sodium/libsodium.c @@ -164,7 +164,7 @@ PHP_MINIT_FUNCTION(sodium) sodium_exception_ce = register_class_SodiumException(zend_ce_exception); sodium_exception_ce->create_object = sodium_exception_create_object; -#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) if (FAILURE == PHP_MINIT(sodium_password_hash)(INIT_FUNC_ARGS_PASSTHRU)) { return FAILURE; } diff --git a/ext/sodium/php_libsodium.h b/ext/sodium/php_libsodium.h index dae5edb0179f7..cb6ac9ba2ecd7 100644 --- a/ext/sodium/php_libsodium.h +++ b/ext/sodium/php_libsodium.h @@ -34,6 +34,8 @@ extern zend_module_entry sodium_module_entry; #define SODIUM_CRYPTO_SIGN_KEYPAIRBYTES() crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) + /** * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to * present a consistent user-facing API. @@ -58,8 +60,12 @@ extern zend_module_entry sodium_module_entry; #define PHP_SODIUM_PWHASH_THREADS 1 #endif +#endif + PHP_MINIT_FUNCTION(sodium); +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) PHP_MINIT_FUNCTION(sodium_password_hash); +#endif PHP_MSHUTDOWN_FUNCTION(sodium); PHP_RINIT_FUNCTION(sodium); PHP_RSHUTDOWN_FUNCTION(sodium); diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c index 68750f70bb847..a35c9d5e66f47 100644 --- a/ext/sodium/sodium_pwhash.c +++ b/ext/sodium/sodium_pwhash.c @@ -20,12 +20,13 @@ #include "php.h" #include "ext/standard/php_password.h" -#include "php_libsodium.h" -#include "sodium_pwhash_arginfo.h" #include -#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) +#include "php_libsodium.h" +#include "sodium_pwhash_arginfo.h" + +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) static inline int get_options(zend_array *options, size_t *memlimit, size_t *opslimit) { zval *opt; @@ -160,24 +161,15 @@ static const php_password_algo sodium_algo_argon2id = { }; PHP_MINIT_FUNCTION(sodium_password_hash) /* {{{ */ { - zend_string *argon2i = ZSTR_INIT_LITERAL("argon2i", 1); - if (php_password_algo_find(argon2i)) { - /* Nothing to do. Core has registered these algorithms for us. */ - zend_string_release(argon2i); - return SUCCESS; - } - zend_string_release(argon2i); + register_sodium_pwhash_symbols(module_number); if (FAILURE == php_password_algo_register("argon2i", &sodium_algo_argon2i)) { return FAILURE; } - register_sodium_pwhash_symbols(module_number); - if (FAILURE == php_password_algo_register("argon2id", &sodium_algo_argon2id)) { return FAILURE; } - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); return SUCCESS; } diff --git a/ext/sodium/sodium_pwhash.stub.php b/ext/sodium/sodium_pwhash.stub.php index 8280caffe429b..ae707090cf486 100644 --- a/ext/sodium/sodium_pwhash.stub.php +++ b/ext/sodium/sodium_pwhash.stub.php @@ -2,11 +2,15 @@ /** @generate-class-entries */ +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) /** * @var string - * @cvalue "argon2i" */ -const PASSWORD_ARGON2I = UNKNOWN; +const PASSWORD_ARGON2I = "argon2i"; +/** + * @var string + */ +const PASSWORD_ARGON2ID = "argon2id"; /** * @var int * @cvalue PHP_SODIUM_PWHASH_MEMLIMIT @@ -24,6 +28,6 @@ const PASSWORD_ARGON2_DEFAULT_THREADS = UNKNOWN; /** * @var string - * @cvalue "sodium" */ -const PASSWORD_ARGON2_PROVIDER = UNKNOWN; +const PASSWORD_ARGON2_PROVIDER = "sodium"; +#endif diff --git a/ext/sodium/sodium_pwhash_arginfo.h b/ext/sodium/sodium_pwhash_arginfo.h index 41ff2d280c8a4..f8fc97e126832 100644 --- a/ext/sodium/sodium_pwhash_arginfo.h +++ b/ext/sodium/sodium_pwhash_arginfo.h @@ -1,13 +1,26 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: d4ce6b501cb1ef26a26013c9329950c70d05eeb2 */ + * Stub hash: 8f44215c243ef1083155d58d06d3fdb74b51cf89 */ static void register_sodium_pwhash_symbols(int module_number) { +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT); +#endif +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) + REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); +#endif +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_SODIUM_PWHASH_MEMLIMIT, CONST_PERSISTENT); +#endif +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_SODIUM_PWHASH_OPSLIMIT, CONST_PERSISTENT); +#endif +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_SODIUM_PWHASH_THREADS, CONST_PERSISTENT); +#endif +#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "sodium", CONST_PERSISTENT); +#endif } diff --git a/ext/standard/password.c b/ext/standard/password.c index db5f932f6f37b..60fa7228a3d20 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -428,16 +428,9 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ if (FAILURE == php_password_algo_register("argon2i", &php_password_algo_argon2i)) { return FAILURE; } - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_PASSWORD_ARGON2_MEMORY_COST, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_PASSWORD_ARGON2_TIME_COST, CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_PASSWORD_ARGON2_THREADS, CONST_PERSISTENT); - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_PERSISTENT); - if (FAILURE == php_password_algo_register("argon2id", &php_password_algo_argon2id)) { return FAILURE; } - REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); #endif return SUCCESS; diff --git a/ext/standard/password.stub.php b/ext/standard/password.stub.php index d1ce903bd7ab1..c3c99117d514c 100644 --- a/ext/standard/password.stub.php +++ b/ext/standard/password.stub.php @@ -4,16 +4,44 @@ /** * @var string - * @cvalue "2y" */ -const PASSWORD_DEFAULT = UNKNOWN; +const PASSWORD_DEFAULT = "2y"; /** * @var string - * @cvalue "2y" */ -const PASSWORD_BCRYPT = UNKNOWN; +const PASSWORD_BCRYPT = "2y"; /** * @var int * @cvalue PHP_PASSWORD_BCRYPT_COST */ const PASSWORD_BCRYPT_DEFAULT_COST = UNKNOWN; + +#ifdef HAVE_ARGON2LIB +/** + * @var string + */ +const PASSWORD_ARGON2I = "argon2i"; +/** + * @var string + */ +const PASSWORD_ARGON2ID = "argon2id"; +/** + * @var string + */ +const PASSWORD_ARGON2_PROVIDER = "standard"; +/** + * @var int + * @cvalue PHP_PASSWORD_ARGON2_MEMORY_COST + */ +const PASSWORD_ARGON2_DEFAULT_MEMORY_COST = UNKNOWN; +/** + * @var int + * @cvalue PHP_PASSWORD_ARGON2_TIME_COST + */ +const PASSWORD_ARGON2_DEFAULT_TIME_COST = UNKNOWN; +/** + * @var int + * @cvalue PHP_PASSWORD_ARGON2_THREADS + */ +const PASSWORD_ARGON2_DEFAULT_THREADS = UNKNOWN; +#endif diff --git a/ext/standard/password_arginfo.h b/ext/standard/password_arginfo.h index 74335c1a618e1..485f4c8f77125 100644 --- a/ext/standard/password_arginfo.h +++ b/ext/standard/password_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: ed51811e21653356e3c576496e978eb487d6187f */ + * Stub hash: aab38646ace967e985c348b78251474693da95a7 */ @@ -8,4 +8,22 @@ static void register_password_symbols(int module_number) REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_PERSISTENT); REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", "2y", CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_PERSISTENT); +#if defined(HAVE_ARGON2LIB) + REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT); +#endif +#if defined(HAVE_ARGON2LIB) + REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); +#endif +#if defined(HAVE_ARGON2LIB) + REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_PERSISTENT); +#endif +#if defined(HAVE_ARGON2LIB) + REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_PASSWORD_ARGON2_MEMORY_COST, CONST_PERSISTENT); +#endif +#if defined(HAVE_ARGON2LIB) + REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_PASSWORD_ARGON2_TIME_COST, CONST_PERSISTENT); +#endif +#if defined(HAVE_ARGON2LIB) + REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_PASSWORD_ARGON2_THREADS, CONST_PERSISTENT); +#endif } From 2503df048694dbe54d46e61a43da9c6fb69741d0 Mon Sep 17 00:00:00 2001 From: haszi Date: Fri, 9 Feb 2024 21:49:01 +0100 Subject: [PATCH 4/6] Remove argon2lib check --- ext/sodium/libsodium.c | 2 +- ext/sodium/php_libsodium.h | 4 ++-- ext/sodium/sodium_pwhash.c | 10 +++++++++- ext/sodium/sodium_pwhash.stub.php | 2 +- ext/sodium/sodium_pwhash_arginfo.h | 14 +++++++------- 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c index 6b51c43e34140..6a71d37a34903 100644 --- a/ext/sodium/libsodium.c +++ b/ext/sodium/libsodium.c @@ -164,7 +164,7 @@ PHP_MINIT_FUNCTION(sodium) sodium_exception_ce = register_class_SodiumException(zend_ce_exception); sodium_exception_ce->create_object = sodium_exception_create_object; -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) if (FAILURE == PHP_MINIT(sodium_password_hash)(INIT_FUNC_ARGS_PASSTHRU)) { return FAILURE; } diff --git a/ext/sodium/php_libsodium.h b/ext/sodium/php_libsodium.h index cb6ac9ba2ecd7..353466c8b2308 100644 --- a/ext/sodium/php_libsodium.h +++ b/ext/sodium/php_libsodium.h @@ -34,7 +34,7 @@ extern zend_module_entry sodium_module_entry; #define SODIUM_CRYPTO_SIGN_KEYPAIRBYTES() crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) /** * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to @@ -63,7 +63,7 @@ extern zend_module_entry sodium_module_entry; #endif PHP_MINIT_FUNCTION(sodium); -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) PHP_MINIT_FUNCTION(sodium_password_hash); #endif PHP_MSHUTDOWN_FUNCTION(sodium); diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c index a35c9d5e66f47..eea7fe9eb0f1d 100644 --- a/ext/sodium/sodium_pwhash.c +++ b/ext/sodium/sodium_pwhash.c @@ -26,7 +26,7 @@ #include "php_libsodium.h" #include "sodium_pwhash_arginfo.h" -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) static inline int get_options(zend_array *options, size_t *memlimit, size_t *opslimit) { zval *opt; @@ -161,6 +161,14 @@ static const php_password_algo sodium_algo_argon2id = { }; PHP_MINIT_FUNCTION(sodium_password_hash) /* {{{ */ { + zend_string *argon2i = ZSTR_INIT_LITERAL("argon2i", 1); + + if (php_password_algo_find(argon2i)) { + /* Nothing to do. Core has registered these algorithms for us. */ + zend_string_release(argon2i); + return SUCCESS; + } + zend_string_release(argon2i); register_sodium_pwhash_symbols(module_number); diff --git a/ext/sodium/sodium_pwhash.stub.php b/ext/sodium/sodium_pwhash.stub.php index ae707090cf486..58d7139c0ebc3 100644 --- a/ext/sodium/sodium_pwhash.stub.php +++ b/ext/sodium/sodium_pwhash.stub.php @@ -2,7 +2,7 @@ /** @generate-class-entries */ -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) /** * @var string */ diff --git a/ext/sodium/sodium_pwhash_arginfo.h b/ext/sodium/sodium_pwhash_arginfo.h index f8fc97e126832..7e8c8648d4810 100644 --- a/ext/sodium/sodium_pwhash_arginfo.h +++ b/ext/sodium/sodium_pwhash_arginfo.h @@ -1,26 +1,26 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 8f44215c243ef1083155d58d06d3fdb74b51cf89 */ + * Stub hash: dd94e709f115ce05df0e25a8cb48c62438bb6d01 */ static void register_sodium_pwhash_symbols(int module_number) { -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT); #endif -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT); #endif -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_SODIUM_PWHASH_MEMLIMIT, CONST_PERSISTENT); #endif -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_SODIUM_PWHASH_OPSLIMIT, CONST_PERSISTENT); #endif -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_SODIUM_PWHASH_THREADS, CONST_PERSISTENT); #endif -#if !defined(HAVE_ARGON2LIB) && (SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)) +#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "sodium", CONST_PERSISTENT); #endif } From 804a1a87394d079947d7ee67e78adb8c73f3fa6f Mon Sep 17 00:00:00 2001 From: haszi Date: Sun, 11 Feb 2024 17:26:00 +0100 Subject: [PATCH 5/6] Make sodium_password_hash MINIT function declaration non-conditional --- ext/sodium/php_libsodium.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/ext/sodium/php_libsodium.h b/ext/sodium/php_libsodium.h index 353466c8b2308..3ff8d526ae654 100644 --- a/ext/sodium/php_libsodium.h +++ b/ext/sodium/php_libsodium.h @@ -63,9 +63,7 @@ extern zend_module_entry sodium_module_entry; #endif PHP_MINIT_FUNCTION(sodium); -#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6) PHP_MINIT_FUNCTION(sodium_password_hash); -#endif PHP_MSHUTDOWN_FUNCTION(sodium); PHP_RINIT_FUNCTION(sodium); PHP_RSHUTDOWN_FUNCTION(sodium); From 5023bce2956a29e1279c1cff19f672dcb1c06ea9 Mon Sep 17 00:00:00 2001 From: haszi Date: Mon, 12 Feb 2024 09:05:41 +0100 Subject: [PATCH 6/6] Remove conditional macro definition --- ext/standard/php_password.h | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h index d1d6bd0937ce0..aa74b1a58f0dd 100644 --- a/ext/standard/php_password.h +++ b/ext/standard/php_password.h @@ -29,22 +29,10 @@ PHP_MSHUTDOWN_FUNCTION(password); * When updating these values, synchronize ext/sodium/sodium_pwhash.c values. * Note that libargon expresses memlimit in KB, while libsoidum uses bytes. */ -#if defined(PHP_SODIUM_PWHASH_MEMLIMIT) -#define PHP_PASSWORD_ARGON2_MEMORY_COST PHP_SODIUM_PWHASH_MEMLIMIT -#else #define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10) -#endif -#if defined(PHP_SODIUM_PWHASH_OPSLIMIT) -#define PHP_PASSWORD_ARGON2_TIME_COST PHP_SODIUM_PWHASH_OPSLIMIT -#else #define PHP_PASSWORD_ARGON2_TIME_COST 4 -#endif -#if defined(PHP_SODIUM_PWHASH_THREADS) -#define PHP_PASSWORD_ARGON2_THREADS PHP_SODIUM_PWHASH_THREADS -#else #define PHP_PASSWORD_ARGON2_THREADS 1 #endif -#endif typedef struct _php_password_algo { const char *name;