diff options
| author | Ori Livneh <ori@wikimedia.org> | 2016-05-30 09:47:48 +0000 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@wikimedia.org> | 2016-05-30 09:47:48 +0000 |
| commit | 3ef1ed0bed9be109843ffe58994f9d36133c504b (patch) | |
| tree | bf11df070b1e0c7753b14b304437059f41af8c13 /includes/session | |
| parent | df6e5e0091c1c30cb6bc003b4effff88065b3d06 (diff) | |
| parent | acca48094cc7ceaf00a0452a14740c4776f5e9c6 (diff) | |
| download | mediawikicore-3ef1ed0bed9be109843ffe58994f9d36133c504b.tar.gz mediawikicore-3ef1ed0bed9be109843ffe58994f9d36133c504b.zip | |
Merge "Make number of PBKDF2 iterations used for deriving session secret configurable"
Diffstat (limited to 'includes/session')
| -rw-r--r-- | includes/session/Session.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/includes/session/Session.php b/includes/session/Session.php index 29878d49f6b5..3d48101acc4a 100644 --- a/includes/session/Session.php +++ b/includes/session/Session.php @@ -384,7 +384,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess { * @return string[] Encryption key, HMAC key */ private function getSecretKeys() { - global $wgSessionSecret, $wgSecretKey; + global $wgSessionSecret, $wgSecretKey, $wgSessionPbkdf2Iterations; $wikiSecret = $wgSessionSecret ?: $wgSecretKey; $userSecret = $this->get( 'wsSessionSecret', null ); @@ -392,8 +392,13 @@ final class Session implements \Countable, \Iterator, \ArrayAccess { $userSecret = \MWCryptRand::generateHex( 32 ); $this->set( 'wsSessionSecret', $userSecret ); } + $iterations = $this->get( 'wsSessionPbkdf2Iterations', null ); + if ( $iterations === null ) { + $iterations = $wgSessionPbkdf2Iterations; + $this->set( 'wsSessionPbkdf2Iterations', $iterations ); + } - $keymats = hash_pbkdf2( 'sha256', $wikiSecret, $userSecret, 10001, 64, true ); + $keymats = hash_pbkdf2( 'sha256', $wikiSecret, $userSecret, $iterations, 64, true ); return [ substr( $keymats, 0, 32 ), substr( $keymats, 32, 32 ), |