Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No sodium for 7.2 #101

Open
aolko opened this issue Mar 2, 2018 · 9 comments
Open

No sodium for 7.2 #101

aolko opened this issue Mar 2, 2018 · 9 comments
Labels
left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery.

Comments

@aolko
Copy link

aolko commented Mar 2, 2018
edited

apparently you don't need to apt install php7.2-sodium anymore oerdnj/deb.sury.org#747

https://kinsta.com/blog/php-7-2/

Starting from version 7.2, PHP includes the Sodium library into the core.
@Nenglish7
Copy link
Contributor

Nenglish7 commented Mar 2, 2018 via email
edited

@aolko
Copy link
Author

aolko commented Mar 3, 2018
edited

so that's the travis issue, otherwise this package is retired...at least for ondrej ppa (as linked in the first post)

@paragonie-scott
Copy link
Member

The OS needs to include libsodium with PHP 7.2. Failure to do so is a sign that your OS vendor is asleep at the wheel regarding the PHP community.

@paragonie-scott paragonie-scott added the left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery. label Mar 28, 2018
@multiwebinc
Copy link

multiwebinc commented May 9, 2018
edited

For Ubuntu/Debian the package is php-libsodium.

Nevermind. Do not install php-libsodium since this actually conflicts with the libsodium included in PHP. PHP 7.2 requires the libsodium23 package on Ubuntu.

@pavarnos
Copy link
Contributor

does this make https://github.com/paragonie/halite/blob/master/doc/Install-Guides/Ubuntu.md redundant?

@peter279k
Copy link

When I use the Ubuntu 16.04, add the ondrej/php repository.

And try to find php7.2-sodium and php7.3-sodium and they've been removed.

My executed commands are as follows:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-cache search php7.2-sodium
sudo apt-cache search php7.3-sodium

And the result is nothing to be presented.

lee@PowerEdge-R730:~$ sudo apt-cache search php7.2-sodium
lee@PowerEdge-R730:~$ sudo apt-cache search php7.3-sodium
lee@PowerEdge-R730:~$

@paragonie-scott
Copy link
Member

paragonie-scott commented Aug 27, 2019
edited by paragonie-security

What is the output of the following PHP script?

<?php
if (extension_loaded('sodium')) {
    $key = sodium_hex2bin('ba6d0a2309dc546d1131f4be04dfa14da9d7e8a5430f99b7446f4207405473d5');
    $nonce = sodium_hex2bin('94417152051bd43661f12dff58709b1566f052aba4fd7806');
    $c = sodium_hex2bin(
        'd2207e8651189c0b4d3a51d544f7811b51f899ca55a6dc0630e5c9dd262c34' . 
        'bb0af2fd248493899c3dfb007a2bc366faf300034a602bbe8b54d38df135dd' . 
        '2a70086f89c711e86d60e44ac1826909c4527c7f8cc55a3c4e45a79ae573da' . 
        '1c352ed618b3'
    );
    echo sodium_crypto_secretbox_open($c, $nonce, $key), PHP_EOL;
} else {
    echo 'Not loaded', PHP_EOL;
    exit(1);
}

@peter279k
Copy link

peter279k commented Aug 27, 2019
edited

@paragonie-scott, thanks for your reply. The result is available here after executing the code snippets you mention:

And the test.php contains the code snippets you mention.

lee@PowerEdge-R730:~$ php -v
PHP 7.2.21-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Aug  7 2019 09:53:51) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.21-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.2, Copyright (c) 2002-2019, by Derick Rethans
lee@PowerEdge-R730:~$ php test.php
PHP Fatal error:  Uncaught SodiumException: nonce size should be SODIUM_CRYPTO_SECRETBOX_NONCEBYTES bytes in /home/lee/test.php:11
Stack trace:
#0 /home/lee/test.php(11): sodium_crypto_secretbox_open()
#1 {main}
  thrown in /home/lee/test.php on line 11
lee@PowerEdge-R730:~$

Why? According to the sodium_crypto_secretbox_open function reference, it should be the sodium_crypto_secretbox_open ( string $ciphertext , string $nonce , string $key ) : string.

Your code snippets seem to be have the incorrect argument order. After exchanging the $nonce and $key, it presents following message:

lee@PowerEdge-R730:~$ php test.php
All is working as expected. Libsodium is installed in core, not a separate package.
lee@PowerEdge-R730:~$

@approached
Copy link

Sodium is installed in php7.2 just check with:

php -m | grep sodium
=> sodium

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@aolko @pavarnos @multiwebinc @approached @peter279k @paragonie-scott @Nenglish7