Skip to content

Commit fc87934

Browse files
jedisct1jedisct1
committed
Revert "Revert "ext/sodium: pwhash: do not warn on low parameters""
This reverts commit a1845b7. Revert "Revert "ext/sodium: throw exceptions instead of errors"" This reverts commit 31d221f.
1 parent 367c0b4 commit fc87934

File tree

1 file changed

+38
-23
lines changed

1 file changed

+38
-23
lines changed

ext/sodium/libsodium.c

Lines changed: 38 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,19 @@ ZEND_END_ARG_INFO()
233233
# undef crypto_secretstream_xchacha20poly1305_ABYTES
234234
#endif
235235

236+
#ifndef crypto_pwhash_OPSLIMIT_MIN
237+
# define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_OPSLIMIT_INTERACTIVE
238+
#endif
239+
#ifndef crypto_pwhash_MEMLIMIT_MIN
240+
# define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_MEMLIMIT_INTERACTIVE
241+
#endif
242+
#ifndef crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN
243+
# define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
244+
#endif
245+
#ifndef crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN
246+
# define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
247+
#endif
248+
236249
const zend_function_entry sodium_functions[] = {
237250
PHP_FE(sodium_crypto_aead_aes256gcm_is_available, AI_None)
238251
#ifdef HAVE_AESGCM
@@ -1839,12 +1852,14 @@ PHP_FUNCTION(sodium_crypto_pwhash)
18391852
zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0);
18401853
return;
18411854
}
1842-
if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
1843-
zend_error(E_WARNING,
1844-
"number of operations for the password hashing function is low");
1855+
if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
1856+
zend_throw_exception(sodium_exception_ce,
1857+
"number of operations for the password hashing function is too low", 0);
1858+
return;
18451859
}
1846-
if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
1847-
zend_error(E_WARNING, "maximum memory for the password hashing function is low");
1860+
if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
1861+
zend_throw_exception(sodium_exception_ce,
1862+
"maximum memory for the password hashing function is too low", 0);
18481863
}
18491864
hash = zend_string_alloc((size_t) hash_len, 0);
18501865
ret = -1;
@@ -1902,13 +1917,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_str)
19021917
if (passwd_len <= 0) {
19031918
zend_error(E_WARNING, "empty password");
19041919
}
1905-
if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) {
1906-
zend_error(E_WARNING,
1907-
"number of operations for the password hashing function is low");
1920+
if (opslimit < crypto_pwhash_OPSLIMIT_MIN) {
1921+
zend_throw_exception(sodium_exception_ce,
1922+
"number of operations for the password hashing function is too low", 0);
19081923
}
1909-
if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) {
1910-
zend_error(E_WARNING,
1911-
"maximum memory for the password hashing function is low");
1924+
if (memlimit < crypto_pwhash_MEMLIMIT_MIN) {
1925+
zend_throw_exception(sodium_exception_ce,
1926+
"maximum memory for the password hashing function is too low", 0);
19121927
}
19131928
hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0);
19141929
if (crypto_pwhash_str
@@ -2016,13 +2031,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
20162031
0);
20172032
return;
20182033
}
2019-
if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
2020-
zend_error(E_WARNING,
2021-
"number of operations for the scrypt function is low");
2034+
if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
2035+
zend_throw_exception(sodium_exception_ce,
2036+
"number of operations for the scrypt function is too low", 0);
20222037
}
2023-
if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
2024-
zend_error(E_WARNING,
2025-
"maximum memory for the scrypt function is low");
2038+
if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
2039+
zend_throw_exception(sodium_exception_ce,
2040+
"maximum memory for the scrypt function is too low", 0);
20262041
}
20272042
hash = zend_string_alloc((size_t) hash_len, 0);
20282043
if (crypto_pwhash_scryptsalsa208sha256
@@ -2063,13 +2078,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str)
20632078
if (passwd_len <= 0) {
20642079
zend_error(E_WARNING, "empty password");
20652080
}
2066-
if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) {
2067-
zend_error(E_WARNING,
2068-
"number of operations for the scrypt function is low");
2081+
if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) {
2082+
zend_throw_exception(sodium_exception_ce,
2083+
"number of operations for the scrypt function is too low", 0);
20692084
}
2070-
if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) {
2071-
zend_error(E_WARNING,
2072-
"maximum memory for the scrypt function is low");
2085+
if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) {
2086+
zend_throw_exception(sodium_exception_ce,
2087+
"maximum memory for the scrypt function is too low", 0);
20732088
}
20742089
hash_str = zend_string_alloc
20752090
(crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0);

0 commit comments

Comments
 (0)