Skip to content

fix(argon2): respect max value for hashingThreads #45027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
remicollet wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(argon2): respect max value for hashingThreads #45027

remicollet wants to merge 1 commit into from
+8 −4

Conversation

@remicollet
Copy link

@remicollet remicollet commented Apr 25, 2024
edited by solracsf
Loading

Summary

When argon2 password hashing is provided bu sodium extension, threads is not supported, so value > 1 raise an exception

See https://github.com/php/php-src/blob/PHP-8.1.28/ext/sodium/sodium_pwhash.c#L65

Threads are only supported by standard extension (libargon2) and soon by openssl extension (with OpenSSL 3.2 and PHP 8.4)

Checklist

@solracsf solracsf added the 3. to review Waiting for reviews label Apr 25, 2024
@solracsf solracsf added this to the Nextcloud 30 milestone Apr 25, 2024
@solracsf solracsf changed the title also respect max value for hashingThreads fix(argon2): respect max value for hashingThreads Apr 25, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 25, 2024
View reviewed changes
lib/private/Security/Hasher.php
if (\defined('PASSWORD_ARGON2_PROVIDER')) {
// password_hash fails, when the minimum values are undershot or maximum overshot
// In this case, apply minimum/maximum.
if (PASSWORD_ARGON2_PROVIDER === 'sodium') {

Check failure

Code scanning / Psalm

TypeDoesNotContainType

'sodium' cannot be identical to 'standard'
Copy link
Author

@remicollet remicollet Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

obviously a false positive

$ php -r 'var_dump(PASSWORD_ARGON2_PROVIDER);'
string(6) "sodium"

Copy link
Collaborator

@Altahrim Altahrim Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add it to baseline or add a comment to suppress it?

This was referenced Jul 30, 2024
Merged
Merged
@Altahrim Altahrim mentioned this pull request Aug 5, 2024
Merged
@skjnldsv skjnldsv added 2. developing Work in progress stale Ticket or PR with no recent activity and removed 3. to review Waiting for reviews labels Aug 6, 2024
@Altahrim Altahrim mentioned this pull request Aug 7, 2024
Merged
@skjnldsv skjnldsv mentioned this pull request Aug 13, 2024
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 30, Nextcloud 31 Aug 14, 2024
@blizzz blizzz mentioned this pull request Jan 8, 2025
Merged
This was referenced Jan 14, 2025
Merged
Merged
This was referenced Jan 21, 2025
Merged
Merged
@blizzz blizzz mentioned this pull request Jan 29, 2025
Merged
1 task
@blizzz blizzz modified the milestones: Nextcloud 31, Nextcloud 32 Jan 29, 2025
This was referenced Aug 22, 2025
Merged
Merged
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Sep 2, 2025
Merged
This was referenced Sep 4, 2025
Merged
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Sep 18, 2025
Merged
This was referenced Sep 25, 2025
Merged
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
@nextcloud-bot nextcloud-bot mentioned this pull request Jan 7, 2026
Merged
@Altahrim Altahrim force-pushed the argon-sodium-threads branch from abef80a to 2be8c3f Compare January 8, 2026 09:45
@Altahrim Altahrim requested a review from a team as a code owner January 8, 2026 09:45
@Altahrim Altahrim requested review from ArtificialOwl, artonge, salmart-dev and yemkareems and removed request for a team January 8, 2026 09:45
@nextcloud-bot nextcloud-bot mentioned this pull request Jan 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Altahrim Altahrim Altahrim approved these changes

@solracsf solracsf solracsf approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-backend

@yemkareems yemkareems Awaiting requested review from yemkareems yemkareems is a code owner automatically assigned from nextcloud/server-backend

Assignees

No one assigned

Labels

2. developing Work in progress bug stale Ticket or PR with no recent activity

Projects

None yet

Milestone

Nextcloud 33

Development

Successfully merging this pull request may close these issues.

6 participants

@remicollet @Altahrim @solracsf @joshtrichards @blizzz @skjnldsv