1
0
mirror of https://github.com/php/php-src.git synced 2026-04-20 06:21:12 +02:00
Commit Graph

119 Commits

Author SHA1 Message Date
Niels Dossche
4da46107c4 Fix memory leaks in ext/sodium on failure of some functions
Infallible in practice right now, but should be fixed as infallible today does not mean infallible tomorrow:
- sodium_crypto_sign_publickey_from_secretkey
- sodium_crypto_kx_seed_keypair
- sodium_crypto_kx_keypair
- sodium_crypto_auth
- sodium_crypto_sign_ed25519_sk_to_curve25519
- sodium_pad

Fallible today:
- sodium_crypto_sign_ed25519_pk_to_curve25519

Closes GH-14309.
2024-05-23 22:40:28 +02:00
Máté Kocsis
4679805cd6 Declare ext/sodium constants in stubs (#9225) 2022-08-02 13:57:52 +02:00
Tim Düsterhus
8f8243318d Mark parameter in ext/sodium as sensitive 2022-06-13 11:09:12 +02:00
Christoph M. Becker
d03a94a0a6 Use proper types in sodium_crypto_stream_xchacha20_xor_ic()
Most importantly, `ic` needs to be of type `zend_long`, not `zend_long*`.

Closes GH-8302.
2022-04-05 16:34:12 +02:00
Paragon Initiative Enterprises
afd8f84c1a Add sodium_crypto_stream_xchacha20_xor_ic()
There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-part message processing (in low-memory settings) for a ciphertext that was encrypted with XChaCha20-Poly1305 (rather than the secretstream API).

Adding this function to ext/sodium offers better performance and lowers users' memory usage with the polyfill, and ensures that users coming from other languages that provide libsodium bindings have a more consistent experience with our bindings. This is a win-win.

This patch follows the libsodium precedent of adding functions instead of optional parameters to existing functions. The parameter order is also consistent with the C API.

https://doc.libsodium.org/advanced/stream_ciphers/xchacha20#usage

Closes GH-8276.
2022-04-04 15:43:42 +02:00
Nikita Popov
98184afd92 Improve ristretto255 scalarmult exception messages
These fail due to bad inputs, not internal errors.
2021-08-10 11:19:29 +02:00
Nikita Popov
9168aab381 Fix ristretto255 tests
Both tests were skipped because of a typo in the checked constant
name.

The scalarmult test was using illegal test vectors. The new test
is based on:
6d566070b4/test/default/scalarmult_ristretto255.c

The $L value contained one extra null byte. The number of "false"
return values was too small.

scalar_invert() doesn't return a valid point -- not sure on that
one.
2021-08-10 11:10:55 +02:00
P.I.E. Security Team
9b794f8e5e Expose libsodium's Ristretto255 API (#6922) 2021-05-07 17:43:00 -05:00
KsaR
01b3fc03c3 Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
2021-05-06 12:16:35 +02:00
Nikita Popov
6adfe9da98 Fix error messages for sodium_crypto_stream_xchacha20
And test them. Also adjust the constant check in the test so that
it actually runs.
2021-04-19 11:10:37 +02:00
P.I.E. Security Team
f7f1f7fce2 Add crypto_stream_xchacha20 to ext/sodium (#6868)
Paragon Initiative Enterprises is aware of PHP applications that use sodium_compat's ParagonIE\Sodium\Core\XChaCha20 class directly for stream encryption.

Greater performance and security assurance is offered by exposing libsodium's crypto_stream_xchacha20 API to PHP users.

It's acceptable to only include this change in PHP 8.1+; the offending applications are more than welcome to either install ext/sodium from PECL or upgrade to 8.1 when it comes out later this year.

Ref: https://github.com/jedisct1/libsodium-php/pull/211
2021-04-19 11:04:29 +02:00
Máté Kocsis
a730dc0cf9 Generate class entries for snmp, soap, sockets, sodium, sqlite3, sysv*, tidy
Closes GH-6696
2021-02-15 11:45:26 +01:00
Máté Kocsis
c37a1cd650 Promote a few remaining errors in ext/standard
Closes GH-6110
2020-09-15 14:26:16 +02:00
Nikita Popov
124260c165 Merge branch 'PHP-7.4'
* PHP-7.4:
  Null terminate the sodium_crypto_kx_keypair() result
2020-08-14 15:52:31 +02:00
Nikita Popov
5885eecf23 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Null terminate the sodium_crypto_kx_keypair() result
2020-08-14 15:52:15 +02:00
Nikita Popov
f6d7af21a3 Null terminate the sodium_crypto_kx_keypair() result 2020-08-14 15:51:31 +02:00
Nikita Popov
978b7de244 Accept zend_object* in zend_get_exception_base 2020-08-07 16:40:27 +02:00
Nikita Popov
7991fc2753 Accept zend_object in zend_read_property 2020-08-07 16:40:27 +02:00
Máté Kocsis
21cfa03f17 Generate function entries for another batch of extensions
Closes GH-5352
2020-04-05 21:15:30 +02:00
Máté Kocsis
118b04bd6e Improve argument error messages in ext/sodium
Closes GH-5197
2020-02-28 18:09:39 +01:00
Máté Kocsis
01a50778d1 Use RETURN_THROWS() after zend_throw_exception() in most of the extensions 2020-01-02 10:56:18 +01:00
Máté Kocsis
817605917b Use RETURN_THROWS() during ZPP in the remaining extensions
In reflection, sodium, and SPL
2019-12-31 16:33:02 +01:00
Christoph M. Becker
4008704f62 zend_parse_parameters_throw() is obsolete
Since `zend_parse_parameters()` throws now, there is no reason to
explicitly call `zend_parse_parameters_throw()` anymore, and since both
have actually the same implementation, we redefine the latter as macro.
2019-11-01 16:47:15 +01:00
Christoph M. Becker
f7c61c070f Add ext/sodium arginfo stubs 2019-10-21 10:19:57 +02:00
Gabriel Caruso
5d6e923d46 Remove mention of PHP major version in Copyright headers
Closes GH-4732.
2019-09-25 14:51:43 +02:00
Christoph M. Becker
167ea6307b Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #78510: Partially uninitialized buffer returned by sodium_crypto_generichash_init()
2019-09-09 15:33:02 +02:00
Christoph M. Becker
af2033b1cd Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  Fix #78510: Partially uninitialized buffer returned by sodium_crypto_generichash_init()
2019-09-09 15:31:15 +02:00
Christoph M. Becker
8ead77936e Fix #78510: Partially uninitialized buffer returned by sodium_crypto_generichash_init()
Backport jedisct1/libsodium.php@28d13bf437.
2019-09-09 15:30:28 +02:00
Sara Golemon
0ba1db7a4a Provide argon2i(d) password hashing from sodium when needed 2019-07-07 21:53:43 -04:00
Christoph M. Becker
b2b528b973 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix #78114: segfault when calling sodium_* functions from eval
2019-06-06 10:01:12 +02:00
Christoph M. Becker
22a3fa0b2e Fix #78114: segfault when calling sodium_* functions from eval
We must not follow the NULL pointer.
2019-06-06 10:00:15 +02:00
Frank Denis
08089b575b Fix bug #77646 2019-02-21 16:33:03 +01:00
Frank Denis
9609950331 Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
  Fix bug #77646
2019-02-21 16:19:44 +01:00
Frank Denis
e7ca69f1fa Fix bug #77646 2019-02-21 16:14:33 +01:00
Peter Kokot
92ac598aab Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.

A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.

This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.

With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.

Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files.  All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
2019-02-03 21:03:00 +01:00
Zeev Suraski
0cf7de1c70 Remove yearly range from copyright notice 2019-01-30 11:03:12 +02:00
Scott
e0e08d376e Fix #77297: SodiumException segfaults on PHP 7.3
Instead of trying to clean the argument arrays from the backtrace, we
overwrite them with empty arrays.
2018-12-16 16:36:47 +01:00
Frank Denis
8e5381915b Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  ext/sodium: remove redundant code
  ext/sodium: Correct base64 decoding with unpadded variants
2018-11-24 17:56:33 +01:00
Frank Denis
ff02d50909 ext/sodium: remove redundant code 2018-11-24 17:55:36 +01:00
Frank Denis
542d0bce50 ext/sodium: Correct base64 decoding with unpadded variants
Backports 0eee0b957a3b75f8175cdd30b306c15e372685e8 from the PECL extension
2018-11-24 17:53:08 +01:00
Frank Denis
c4ea98455d Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
  ext/sodium: sodium_pad(): do not copy any bytes if the string is empty
  ext/sodium: Fix sodium_pad() with blocksize >= 256
  ext/sodium: Use a correct max output size for base64 decoding
  ext/sodium: Avoid shifts wider than 32 bits on size_t values
2018-10-14 11:01:53 +02:00
Frank Denis
82a93c1794 ext/sodium: sodium_pad(): do not copy any bytes if the string is empty
Spotted by San Zhang, thanks!

Backport from PECL libsodium-php 2.0.13
2018-10-14 10:43:21 +02:00
Frank Denis
bf48d0c475 ext/sodium: Fix sodium_pad() with blocksize >= 256
Backport from PECL libsodium-php 2.0.12
2018-10-14 10:37:37 +02:00
Frank Denis
15ba7df224 ext/sodium: Use a correct max output size for base64 decoding
Also handle the case where the function is not available in test.

Backport from PECL libsodium-php 2.0.12
2018-10-14 10:37:18 +02:00
Frank Denis
d057458166 ext/sodium: Avoid shifts wider than 32 bits on size_t values
Backport from PECL libsodium-php 2.0.10
2018-10-14 10:21:29 +02:00
Nikita Popov
b617a5b2ea Merge branch 'PHP-7.2' into PHP-7.3 2018-09-29 21:20:01 +02:00
James Titcumb
950c338f80 Fix reflection arguments for sodium_memzero function 2018-09-29 21:19:42 +02:00
Nikita Popov
fc8f5b0f09 Merge branch 'PHP-7.2' 2018-06-08 23:02:25 +02:00
Keyur Govande
695b8192c7 Avoid leaking the urandom fd
When Apache is reloaded, it unloads the extension, but the open file descriptor to /dev/urandom is left hanging around and is leaked. This fixes the bug.

Duplicate of https://github.com/jedisct1/libsodium-php/pull/173
2018-06-08 23:01:57 +02:00
Dmitry Stogov
524f5245c5 Avoid useless checks, using zend_string_efree(), in cases where the string is known to be a temporary allocated zend_string. 2018-05-08 17:30:15 +03:00