Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Extend Argon2i support check to account for sodium_compat#25412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| returntrue; | ||
| } | ||
| if (\class_exists('\\ParagonIE_Sodium_Compat') &&\method_exists('\\ParagonIE_Sodium_Compat','crypto_pwhash_is_available')) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
you can remove the\\ in the strings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Done
chalasr commentedDec 10, 2017
Thanks for fixing this bug@mbabker. |
…(mbabker)This PR was merged into the 3.4 branch.Discussion----------Extend Argon2i support check to account for sodium_compat| Q | A| ------------- | ---| Branch? | 3.4| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets | N/A| License | MIT| Doc PR | N/AIn the Argon2i password encoder, if in an environment where `sodium_compat` is installed without either natively running PHP 7.2 or the (lib)sodium extension, the `isSupported` check can return true because the library exposes the `sodium_crypto_pwhash_str()` function however a pure PHP implementation of the method is not implemented, so the library does not actually support the hashes.paragonie/sodium_compat#55 requested a way to check support through the polyfill to avoid this condition and the 1.4 release added it. This PR extends the encoder's `isSupported` check to be aware of the `sodium_compat` library and use its support check if able to avoid misreporting that `sodium_crypto_pwhash_str()` is available for use when it isn't.Commits-------95c1fc8 Extend Argon2i support check to account for sodium_compat
Uh oh!
There was an error while loading.Please reload this page.
In the Argon2i password encoder, if in an environment where
sodium_compatis installed without either natively running PHP 7.2 or the (lib)sodium extension, theisSupportedcheck can return true because the library exposes thesodium_crypto_pwhash_str()function however a pure PHP implementation of the method is not implemented, so the library does not actually support the hashes.paragonie/sodium_compat#55 requested a way to check support through the polyfill to avoid this condition and the 1.4 release added it. This PR extends the encoder's
isSupportedcheck to be aware of thesodium_compatlibrary and use its support check if able to avoid misreporting thatsodium_crypto_pwhash_str()is available for use when it isn't.