cleanup

Author: remicollet

ext/openssl/openssl.c

@@ -1412,6 +1412,11 @@ PHP_MSHUTDOWN_FUNCTION(openssl)
 	php_stream_xport_unregister("tlsv1.3");
 #endif
 
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+	if (FAILURE == PHP_MSHUTDOWN(openssl_pwhash)(SHUTDOWN_FUNC_ARGS_PASSTHRU)) {
+		return FAILURE;
+	}
+#endif
 	/* reinstate the default tcp handler */
 	php_stream_xport_register("tcp", php_stream_generic_socket_factory);
 

ext/openssl/openssl_pwhash.c

@@ -32,13 +32,18 @@
 #include <openssl/kdf.h>
 #include <openssl/thread.h>
 
-#define MEMLIMIT_MIN 8u
-#define MEMLIMIT_MAX 0xFFFFFFFFu
-#define OPSLIMIT_MIN 1u
-#define OPSLIMIT_MAX 0xFFFFFFFFu
-#define THREADS_MIN  1u
-#define THREADS_MAX  0xFFFFFFFFu
+#define MEMLIMIT_MIN  8u
+#define MEMLIMIT_MAX  UINT32_MAX
+#define OPSLIMIT_MIN  1u
+#define OPSLIMIT_MAX  UINT32_MAX
+#define THREADS_MIN   1u
+#define THREADS_MAX   UINT32_MAX
 
+#define ARGON_VERSION 0x13
+
+#define SALT_SIZE     16
+#define HASH_SIZE     32
+#define DIGEST_SIZE   128
 
 static inline int get_options(zend_array *options, uint32_t *memlimit, uint32_t *opslimit, uint32_t *threads)
 {
@@ -79,10 +84,6 @@ static inline int get_options(zend_array *options, uint32_t *memlimit, uint32_t
 	return SUCCESS;
 }
 
-#define SALT_SIZE    16
-#define HASH_SIZE  32
-#define DIGEST_SIZE   128
-
 static bool php_openssl_argon2_compute_hash(
 	const char *algo,
 	uint32_t version, uint32_t memlimit, uint32_t opslimit, uint32_t threads,
@@ -141,11 +142,11 @@ static bool php_openssl_argon2_compute_hash(
 
 static zend_string *php_openssl_argon2_hash(const zend_string *password, zend_array *options, const char *algo)
 {
-	uint32_t opslimit, memlimit, threads, version=0x13;
+	uint32_t opslimit, memlimit, threads, version = ARGON_VERSION;
 	zend_string *digest = NULL, *salt64 = NULL, *hash64 = NULL;
 	unsigned char hash[HASH_SIZE+1], salt[SALT_SIZE+1];
 
-	if ((ZSTR_LEN(password) >= 0xffffffff)) {
+	if ((ZSTR_LEN(password) >= UINT32_MAX)) {
 		zend_value_error("Password is too long");
 		return NULL;
 	}
@@ -161,7 +162,7 @@ static zend_string *php_openssl_argon2_hash(const zend_string *password, zend_ar
 		return NULL;
 	}
 
-	hash64 = php_base64_encode(hash, sizeof(hash)-1);
+	hash64 = php_base64_encode(hash, HASH_SIZE);
 	/* No padding utsing 32 *4 / 3 = 42.6 (43 + 1 padding char)  */
 	ZEND_ASSERT(ZSTR_LEN(hash64)==44 && ZSTR_VAL(hash64)[43]=='=');
 	ZSTR_VAL(hash64)[43] = 0;
@@ -237,7 +238,7 @@ static bool php_openssl_argon2_verify(const zend_string *password, const zend_st
 	zend_string *salt, *hash, *new;
 	bool ret = false;
 
-	if ((ZSTR_LEN(password) >= 0xffffffff) || (ZSTR_LEN(digest) >= 0xffffffff)) {
+	if ((ZSTR_LEN(password) >= UINT32_MAX) || (ZSTR_LEN(digest) >= UINT32_MAX)) {
 		return false;
 	}
 	if (FAILURE == php_openssl_argon2_extract(digest, &version, &memlimit, &opslimit, &threads, &salt, &hash)) {
@@ -271,7 +272,7 @@ static bool php_openssl_argon2id_verify(const zend_string *password, const zend_
 static bool php_openssl_argon2_needs_rehash(const zend_string *hash, zend_array *options)
 {
 	uint32_t version, opslimit, memlimit, threads;
-	uint32_t new_version = 0x13, new_opslimit, new_memlimit, new_threads;
+	uint32_t new_version = ARGON_VERSION, new_opslimit, new_memlimit, new_threads;
 
 	if (FAILURE == get_options(options, &new_memlimit, &new_opslimit, &new_threads)) {
 		return true;
@@ -280,7 +281,7 @@ static bool php_openssl_argon2_needs_rehash(const zend_string *hash, zend_array
 		return true;
 	}
 
-	// Algo checked before
+	// Algo already checked in pasword_needs_rehash implementation
 	return (version != new_version) ||
 		(opslimit != new_opslimit) ||
 		(memlimit != new_memlimit) ||
@@ -289,7 +290,7 @@ static bool php_openssl_argon2_needs_rehash(const zend_string *hash, zend_array
 
 static int php_openssl_argon2_get_info(zval *return_value, const zend_string *hash)
 {
-	uint32_t v = 0, threads = 1;
+	uint32_t v, threads;
 	uint32_t memory_cost;
 	uint32_t time_cost;
 
@@ -299,6 +300,7 @@ static int php_openssl_argon2_get_info(zval *return_value, const zend_string *ha
 	add_assoc_long(return_value, "memory_cost", memory_cost);
 	add_assoc_long(return_value, "time_cost", time_cost);
 	add_assoc_long(return_value, "threads", threads);
+
 	return SUCCESS;
 }
 
@@ -333,7 +335,7 @@ static const php_password_algo openssl_algo_argon2id = {
 
 PHP_FUNCTION(openssl_password_hash)
 {
-	zend_string *password, *algo, *digest = NULL;
+	zend_string *password, *algo, *digest;
 	zend_array *options = NULL;
 
 	ZEND_PARSE_PARAMETERS_START(2, 3)
@@ -384,7 +386,7 @@ PHP_MINIT_FUNCTION(openssl_pwhash)
 	zend_register_functions(NULL, ext_functions, NULL, type);
 
 	if (php_password_algo_find(argon2i)) {
-		/* Nothing to do. Core has registered these algorithms for us. */
+		/* Nothing to do. Core or sodium has registered these algorithms for us. */
 		zend_string_release(argon2i);
 		return SUCCESS;
 	}
@@ -402,4 +404,10 @@ PHP_MINIT_FUNCTION(openssl_pwhash)
 	return SUCCESS;
 }
 
+PHP_MSHUTDOWN_FUNCTION(openssl_pwhash)
+{
+	zend_unregister_functions(ext_functions, -1, NULL);
+
+	return SUCCESS;
+}
 #endif /* PHP_OPENSSL_API_VERSION >= 0x30200 */

ext/openssl/php_openssl.h

@@ -187,11 +187,14 @@ static inline php_openssl_certificate_object *php_openssl_certificate_from_obj(z
 #endif
 
 PHP_MINIT_FUNCTION(openssl);
-PHP_MINIT_FUNCTION(openssl_pwhash);
 PHP_MSHUTDOWN_FUNCTION(openssl);
 PHP_MINFO_FUNCTION(openssl);
 PHP_GINIT_FUNCTION(openssl);
 PHP_GSHUTDOWN_FUNCTION(openssl);
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+PHP_MINIT_FUNCTION(openssl_pwhash);
+PHP_MSHUTDOWN_FUNCTION(openssl_pwhash);
+#endif
 
 #ifdef PHP_WIN32
 #define PHP_OPENSSL_BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")