Move PASSWORD constants to stubs (#13349)

2025-08-15 13:38:49 +02:00 · 2024-02-12 22:37:32 +01:00 · 2024-02-12 22:37:32 +01:00 · 20c49f8524
commit 20c49f8524
parent c1609976a9
7 changed files with 171 additions and 36 deletions
--- a/ext/sodium/php_libsodium.h
+++ b/ext/sodium/php_libsodium.h
@ -34,6 +34,34 @@ extern zend_module_entry sodium_module_entry;

 #define SODIUM_CRYPTO_SIGN_KEYPAIRBYTES() crypto_sign_SECRETKEYBYTES + crypto_sign_PUBLICKEYBYTES

+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+
+/**
+ * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
+ * present a consistent user-facing API.
+ *
+ * Threads are fixed at 1 by libsodium.
+ *
+ * When updating these values, synchronize ext/standard/php_password.h values.
+ */
+#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST)
+#define PHP_SODIUM_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST
+#else
+#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10)
+#endif
+#if defined(PHP_PASSWORD_ARGON2_TIME_COST)
+#define PHP_SODIUM_PWHASH_OPSLIMIT PHP_PASSWORD_ARGON2_TIME_COST
+#else
+#define PHP_SODIUM_PWHASH_OPSLIMIT 4
+#endif
+#if defined(PHP_SODIUM_PWHASH_THREADS)
+#define PHP_SODIUM_PWHASH_THREADS PHP_SODIUM_PWHASH_THREADS
+#else
+#define PHP_SODIUM_PWHASH_THREADS 1
+#endif
+
+#endif
+
 PHP_MINIT_FUNCTION(sodium);
 PHP_MINIT_FUNCTION(sodium_password_hash);
 PHP_MSHUTDOWN_FUNCTION(sodium);
--- a/ext/sodium/sodium_pwhash.c
+++ b/ext/sodium/sodium_pwhash.c
@ -19,24 +19,14 @@
 #endif

 #include "php.h"
-#include "php_libsodium.h"
 #include "ext/standard/php_password.h"

 #include <sodium.h>

-#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+#include "php_libsodium.h"
+#include "sodium_pwhash_arginfo.h"

-/**
- * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
- * present a consistent user-facing API.
- *
- * Threads are fixed at 1 by libsodium.
- *
- * When updating these values, synchronize ext/standard/php_password.h values.
- */
-#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10)
-#define PHP_SODIUM_PWHASH_OPSLIMIT 4
-#define PHP_SODIUM_PWHASH_THREADS 1
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)

 static inline int get_options(zend_array *options, size_t *memlimit, size_t *opslimit) {
 	zval *opt;
@ -180,21 +170,14 @@ PHP_MINIT_FUNCTION(sodium_password_hash) /* {{{ */ {
 	}
 	zend_string_release(argon2i);

+	register_sodium_pwhash_symbols(module_number);
+
 	if (FAILURE == php_password_algo_register("argon2i", &sodium_algo_argon2i)) {
 		return FAILURE;
 	}
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT);
-
 	if (FAILURE == php_password_algo_register("argon2id", &sodium_algo_argon2id)) {
 		return FAILURE;
 	}
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT);
-
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_SODIUM_PWHASH_MEMLIMIT, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_SODIUM_PWHASH_OPSLIMIT, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_SODIUM_PWHASH_THREADS, CONST_PERSISTENT);
-
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "sodium", CONST_PERSISTENT);

 	return SUCCESS;
 }
--- a/ext/sodium/sodium_pwhash.stub.php
+++ b/ext/sodium/sodium_pwhash.stub.php
@ -0,0 +1,33 @@
+<?php
+
+/** @generate-class-entries */
+
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2I = "argon2i";
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2ID = "argon2id";
+/**
+ * @var int
+ * @cvalue PHP_SODIUM_PWHASH_MEMLIMIT
+ */
+const PASSWORD_ARGON2_DEFAULT_MEMORY_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_SODIUM_PWHASH_OPSLIMIT
+ */
+const PASSWORD_ARGON2_DEFAULT_TIME_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_SODIUM_PWHASH_THREADS
+ */
+const PASSWORD_ARGON2_DEFAULT_THREADS = UNKNOWN;
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2_PROVIDER = "sodium";
+#endif
--- a/ext/sodium/sodium_pwhash_arginfo.h
+++ b/ext/sodium/sodium_pwhash_arginfo.h
@ -0,0 +1,26 @@
+/* This is a generated file, edit the .stub.php file instead.
+ * Stub hash: dd94e709f115ce05df0e25a8cb48c62438bb6d01 */
+
+
+
+static void register_sodium_pwhash_symbols(int module_number)
+{
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT);
+#endif
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT);
+#endif
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_SODIUM_PWHASH_MEMLIMIT, CONST_PERSISTENT);
+#endif
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_SODIUM_PWHASH_OPSLIMIT, CONST_PERSISTENT);
+#endif
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_SODIUM_PWHASH_THREADS, CONST_PERSISTENT);
+#endif
+#if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "sodium", CONST_PERSISTENT);
+#endif
+}
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@ -26,6 +26,7 @@
 #include "zend_interfaces.h"
 #include "info.h"
 #include "ext/random/php_random_csprng.h"
+#include "password_arginfo.h"
 #ifdef HAVE_ARGON2LIB
 #include "argon2.h"
 #endif
@ -416,32 +417,20 @@ const php_password_algo php_password_algo_argon2id = {
 PHP_MINIT_FUNCTION(password) /* {{{ */
 {
 	zend_hash_init(&php_password_algos, 4, NULL, ZVAL_PTR_DTOR, 1);
-	REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_PERSISTENT);
+
+	register_password_symbols(module_number);

 	if (FAILURE == php_password_algo_register("2y", &php_password_algo_bcrypt)) {
 		return FAILURE;
 	}
-	REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", "2y", CONST_PERSISTENT);

 #ifdef HAVE_ARGON2LIB
 	if (FAILURE == php_password_algo_register("argon2i", &php_password_algo_argon2i)) {
 		return FAILURE;
 	}
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT);
-
 	if (FAILURE == php_password_algo_register("argon2id", &php_password_algo_argon2id)) {
 		return FAILURE;
 	}
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT);
-#endif
-
-	REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_PERSISTENT);
-#ifdef HAVE_ARGON2LIB
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_PASSWORD_ARGON2_MEMORY_COST, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_PASSWORD_ARGON2_TIME_COST, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_PASSWORD_ARGON2_THREADS, CONST_PERSISTENT);
-
-	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_PERSISTENT);
 #endif

 	return SUCCESS;
--- a/ext/standard/password.stub.php
+++ b/ext/standard/password.stub.php
@ -0,0 +1,47 @@
+<?php
+
+/** @generate-class-entries */
+
+/**
+ * @var string
+ */
+const PASSWORD_DEFAULT = "2y";
+/**
+ * @var string
+ */
+const PASSWORD_BCRYPT = "2y";
+/**
+ * @var int
+ * @cvalue PHP_PASSWORD_BCRYPT_COST
+ */
+const PASSWORD_BCRYPT_DEFAULT_COST = UNKNOWN;
+
+#ifdef HAVE_ARGON2LIB
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2I = "argon2i";
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2ID = "argon2id";
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2_PROVIDER = "standard";
+/**
+ * @var int
+ * @cvalue PHP_PASSWORD_ARGON2_MEMORY_COST
+ */
+const PASSWORD_ARGON2_DEFAULT_MEMORY_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_PASSWORD_ARGON2_TIME_COST
+ */
+const PASSWORD_ARGON2_DEFAULT_TIME_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_PASSWORD_ARGON2_THREADS
+ */
+const PASSWORD_ARGON2_DEFAULT_THREADS = UNKNOWN;
+#endif
--- a/ext/standard/password_arginfo.h
+++ b/ext/standard/password_arginfo.h
@ -0,0 +1,29 @@
+/* This is a generated file, edit the .stub.php file instead.
+ * Stub hash: aab38646ace967e985c348b78251474693da95a7 */
+
+
+
+static void register_password_symbols(int module_number)
+{
+	REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", "2y", CONST_PERSISTENT);
+	REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", "2y", CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_PERSISTENT);
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT);
+#endif
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT);
+#endif
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_PERSISTENT);
+#endif
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_PASSWORD_ARGON2_MEMORY_COST, CONST_PERSISTENT);
+#endif
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_PASSWORD_ARGON2_TIME_COST, CONST_PERSISTENT);
+#endif
+#if defined(HAVE_ARGON2LIB)
+	REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_PASSWORD_ARGON2_THREADS, CONST_PERSISTENT);
+#endif
+}