From abef80a6fd71b513c4a7e1887a655e000a598b3a Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 25 Apr 2024 10:13:06 +0200
Subject: [PATCH] also respect max value for hashingThreads

Signed-off-by: Remi Collet <remi@php.net>
---
 lib/private/Security/Hasher.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
index 196b58df2ceb6..920c49c1338da 100644
--- a/lib/private/Security/Hasher.php
+++ b/lib/private/Security/Hasher.php
@@ -59,10 +59,14 @@ class Hasher implements IHasher {
 	public function __construct(
 		private IConfig $config,
 	) {
-		if (\defined('PASSWORD_ARGON2ID') || \defined('PASSWORD_ARGON2I')) {
-			// password_hash fails, when the minimum values are undershot.
-			// In this case, apply minimum.
-			$this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
+		if (\defined('PASSWORD_ARGON2_PROVIDER')) {
+			// password_hash fails, when the minimum values are undershot or maximum overshot
+			// In this case, apply minimum/maximum.
+			if (PASSWORD_ARGON2_PROVIDER === 'sodium') {
+				$this->options['threads'] = 1;
+			} else { // standard (libargon) or openssl
+				$this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1);
+			}
 			// The minimum memory cost is 8 KiB per thread.
 			$this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8);
 			$this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1);