diff options
author | Anthony Ferrara <ircmaxell@ircmaxell.com> | 2012-06-26 21:15:56 -0400 |
---|---|---|
committer | Anthony Ferrara <ircmaxell@ircmaxell.com> | 2012-06-26 21:15:56 -0400 |
commit | 232da90388de2a3ba4ad430d281469498e88aca2 (patch) | |
tree | 65c375a455100ad4426c1cbc77946efda8883fd0 /ext/standard/password.c | |
parent | 2d4b7cb653efc3f52ca907f48b1c828632df5e41 (diff) | |
download | php-git-232da90388de2a3ba4ad430d281469498e88aca2.tar.gz |
Implement php.ini setting password.bcrypt_cost
Diffstat (limited to 'ext/standard/password.c')
-rw-r--r-- | ext/standard/password.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/ext/standard/password.c b/ext/standard/password.c index f049fbcbf1..94aa4dc3e3 100644 --- a/ext/standard/password.c +++ b/ext/standard/password.c @@ -43,6 +43,11 @@ PHP_MINIT_FUNCTION(password) /* {{{ */ } /* }}} */ +PHP_MINFO_FUNCTION(password) /* {{{ */ +{ + php_info_print_table_row(2, "Default Password BCrypt Cost", INI_STR("password.bcrypt_cost")); +} +/* }}} */ static int php_password_salt_is_alphabet(const char *str, const int len) { @@ -169,7 +174,11 @@ PHP_FUNCTION(password_verify) zval_ptr_dtor(&ret); RETURN_FALSE; } - + + /* We're using this method instead of == in order to provide + * resistence towards timing attacks. This is a constant time + * equality check that will always check every byte of both + * values. */ for (i = 0; i < Z_STRLEN_P(ret); i++) { status |= (Z_STRVAL_P(ret)[i] ^ Z_STRVAL_P(hash)[i]); } @@ -231,16 +240,20 @@ PHP_FUNCTION(password_hash) } if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) { - int cost = PHP_PASSWORD_BCRYPT_DEFAULT_COST; + int cost = 0; + cost = (int) INI_INT("password.bcrypt_cost"); + if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) { convert_to_long_ex(option_buffer); cost = Z_LVAL_PP(option_buffer); zval_ptr_dtor(option_buffer); - if (cost < 4 || cost > 31) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); - RETURN_FALSE; - } } + + if (cost < 4 || cost > 31) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost); + RETURN_FALSE; + } + required_salt_len = 22; hash_format = emalloc(8); sprintf(hash_format, "$2y$%02d$", cost); |