enable support of Argon2 hashes in PHP 7.4

[tagirb]

Dear Remi,

thanks a lot for your work on providing RPM packages for PHP! While updating our PHP infrastructure from 7.3 to 7.4 I found out that it is not supporting Argon2 hashes anymore:

• PHP 7.3

$ docker run -it --rm <private_registry>/php:7.3-centos bash -c "rpm -qa | grep php-7; php -r \"echo password_hash('password', PASSWORD_ARGON2ID);\""
php-7.3.14-1.el7.remi.x86_64
$argon2id$v=19$m=65536,t=4,p=1$SE9OLi5SNDRJUXE5eVo5Zw$AoriwJ1amVTmcgjmsz/l4MeJC8CXvrDeH5UrRY6qcmw%                                                                                            

• PHP 7.4

$ docker run -it --rm <private_registry>/php:7.4-centos bash -c "rpm -qa | grep php-7; php -r \"echo password_hash('password', PASSWORD_ARGON2ID);\""
php-7.4.1-1.el7.remi.x86_64
PHP Warning:  Use of undefined constant PASSWORD_ARGON2ID - assumed 'PASSWORD_ARGON2ID' (this will throw an Error in a future version of PHP) in Command line code on line 1
PHP Stack trace:
PHP   1. {main}() Command line code:0
PHP Warning:  password_hash(): Unknown password hashing algorithm: PASSWORD_ARGON2ID in Command line code on line 1
PHP Stack trace:
PHP   1. {main}() Command line code:0
PHP   2. password_hash() Command line code:1

Are there any reasons for disabling it? If not, would it be possible to enable it?

[remicollet]

If not, would it be possible to enable it?

Yes: sodium have a better / faster implementation
Simply install php-sodium and you will have it.

In Fedora and EL-8 package, sodium extension is pulled by default, but sadly, weak dependencies are not supported by old RPM verison in EL-7

[remicollet]

As the question raise quite often, I think it make sense to make it a hard dependency

Fixed in
https://git.remirepo.net/cgit/rpms/scl-php74/php.git/commit/?id=5a65044e28389b8540ad1256a3543da54d108f10
https://git.remirepo.net/cgit/rpms/php/php74.git/commit/?id=948ee97e75c706159b20013cf87462ab1cf40c11

Wil be in next build (7.4.3RC1 in 1 week, 7.4.3 in 3 weeks)

[remicollet]

$ php -r 'var_dump(PHP_VERSION, password_hash("password", PASSWORD_ARGON2ID));'
string(5) "7.4.2"
string(97) "$argon2id$v=19$m=65536,t=4,p=1$NBV8zI57UOY4AAhpjEUNiA$aJGV1L24YjDFBBCBCHvFFYiUgd4mZiioy9ERjJQV1MI"

[tagirb]

Awesome, thanks for the prompt response!

[remicollet]

For memory

$ php73 /tmp/foo.php 
PHP version : 7.3.15
Hash: $argon2id$v=19$m=65536,t=4,p=1$YVpBRkRhNHZtOW9yYjRTRw$a8n605+eX2CQteUbGcNfM/u/BmMGds8LzT+hft9tWHw
Genrerated in 0.142"

$ php74 /tmp/foo.php 
PHP version : 7.4.3
Hash: $argon2id$v=19$m=65536,t=4,p=1$MU7U6SvlTgI37KaEUUYITA$k6+N4NsfX4qe/8JDc9IQzub3tEdJo3zGpWzQYNamsx8
Genrerated in 0,081"

So 40% saved.