ENGCOM-5500: additional check for correct version of sodium #23866

magento-engcom-team · magento-engcom-team · commit 7be50d8044b9 · 2019-07-30T07:04:16.000-05:00
- Merge Pull Request #23866 from matei/magento2:fix-issue-23405 - Merged commits: 1. 856d3e9 2. eea95a0
diff --git a/lib/internal/Magento/Framework/Encryption/Encryptor.php b/lib/internal/Magento/Framework/Encryption/Encryptor.php
@@ -314,8 +314,8 @@ public function validateHashVersion($hash, $validateCount = false)
      * Explode password hash
      *
      * @param string $hash
-     * @throws \RuntimeException When given hash cannot be processed.
      * @return array
+     * @throws \RuntimeException When given hash cannot be processed.
      */
     private function explodePasswordHash($hash)
     {
@@ -398,6 +398,7 @@ public function encryptWithFastestAvailableAlgorithm($data)
             ':' . $this->getCipherVersion() .
             ':' . base64_encode($crypt->encrypt($data));
     }
+
     /**
      * Look for key and crypt versions in encrypted data before decrypting
      *
@@ -579,13 +580,15 @@ private function getArgonHash($data, $salt = ''): string
             $salt = str_pad($salt, SODIUM_CRYPTO_PWHASH_SALTBYTES, $salt);
         }
 
-        return bin2hex(sodium_crypto_pwhash(
-            SODIUM_CRYPTO_SIGN_SEEDBYTES,
-            $data,
-            $salt,
-            SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
-            SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
-            $this->hashVersionMap[self::HASH_VERSION_ARGON2ID13]
-        ));
+        return bin2hex(
+            sodium_crypto_pwhash(
+                SODIUM_CRYPTO_SIGN_SEEDBYTES,
+                $data,
+                $salt,
+                SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
+                SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
+                $this->hashVersionMap[self::HASH_VERSION_ARGON2ID13]
+            )
+        );
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -314,8 +314,8 @@ public function validateHashVersion($hash, $validateCount = false)`
`314`	`314`	`* Explode password hash`
`315`	`315`	`*`
`316`	`316`	`* @param string $hash`
`317`		`- * @throws \RuntimeException When given hash cannot be processed.`
`318`	`317`	`* @return array`
	`318`	`+ * @throws \RuntimeException When given hash cannot be processed.`
`319`	`319`	`*/`
`320`	`320`	`private function explodePasswordHash($hash)`
`321`	`321`	`{`
`@@ -398,6 +398,7 @@ public function encryptWithFastestAvailableAlgorithm($data)`
`398`	`398`	`':' . $this->getCipherVersion() .`
`399`	`399`	`':' . base64_encode($crypt->encrypt($data));`
`400`	`400`	`}`
	`401`	`+`
`401`	`402`	`/**`
`402`	`403`	`* Look for key and crypt versions in encrypted data before decrypting`
`403`	`404`	`*`
`@@ -579,13 +580,15 @@ private function getArgonHash($data, $salt = ''): string`
`579`	`580`	`$salt = str_pad($salt, SODIUM_CRYPTO_PWHASH_SALTBYTES, $salt);`
`580`	`581`	`}`
`581`	`582`
`582`		`- return bin2hex(sodium_crypto_pwhash(`
`583`		`- SODIUM_CRYPTO_SIGN_SEEDBYTES,`
`584`		`- $data,`
`585`		`- $salt,`
`586`		`- SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,`
`587`		`- SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,`
`588`		`- $this->hashVersionMap[self::HASH_VERSION_ARGON2ID13]`
`589`		`- ));`
	`583`	`+ return bin2hex(`
	`584`	`+ sodium_crypto_pwhash(`
	`585`	`+ SODIUM_CRYPTO_SIGN_SEEDBYTES,`
	`586`	`+ $data,`
	`587`	`+ $salt,`
	`588`	`+ SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,`
	`589`	`+ SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,`
	`590`	`+ $this->hashVersionMap[self::HASH_VERSION_ARGON2ID13]`
	`591`	`+ )`
	`592`	`+ );`
`590`	`593`	`}`
`591`	`594`	`}`