Merge pull request #45027 from remicollet/argon-sodium-threads

fix(argon2): respect max value for hashingThreads

Author: blizzz

lib/private/Security/Hasher.php

@@ -39,10 +39,15 @@ class Hasher implements IHasher {
 	public function __construct(
 		private IConfig $config,
 	) {
-		if (\defined('PASSWORD_ARGON2ID') || \defined('PASSWORD_ARGON2I')) {
-			// password_hash fails, when the minimum values are undershot.
-			// In this case, apply minimum.
-			$this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
+		if (\defined('PASSWORD_ARGON2_PROVIDER')) {
+			// password_hash fails, when the minimum values are undershot or maximum overshot. So apply minimum/maximum.
+			/** @psalm-suppress TypeDoesNotContainType - The constant defaults to "standard" but when sodium is installed it will be "sodium" */
+			if (PASSWORD_ARGON2_PROVIDER === 'sodium') {
+				$this->options['threads'] = 1;
+			} else {
+				// standard (libargon) or openssl
+				$this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
+			}
 			// The minimum memory cost is 8 KiB per thread.
 			$this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8);
 			$this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);