php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77646 sodium_crypto_sign_detached() does not zero-terminate signature
Submitted: 2019-02-21 13:15 UTC Modified: 2019-02-21 15:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: thomaswouters+bugs dot php dot net at gmail dot com Assigned: jedisct1 (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.3.2 OS: Linux
Private report: No CVE-ID: None
 [2019-02-21 13:15 UTC] thomaswouters+bugs dot php dot net at gmail dot com
Description:
------------
sodium_crypto_sign_detached() behaves irregular on a legacy system (I guess it might be related to an old gcc version - 4.7.2).

Using the function sodium_crypto_sign_detached() in php-fpm resulted in a fatal error:

PHP Fatal error:  Uncaught SodiumException: secret key size should be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes in /tmp/sodium.php

I was able to reproduce it with php command line on older systems by enabling opcache (-d "opcache.enable_cli=On") but not on Debian stretch, buster, Archlinux or Alpine.
Toggling opcache in php-fpm did not make a difference and the exception was thrown regardless.

When built with --enable-debug PHP throws an assertion error on `ZEND_ASSERT(ZSTR_VAL(signature)[signature_real_len] == 0);`:

Warning: String is not zero-terminated (*garbage*) in Unknown on line 0

After taking a look at sodium_crypto_sign() I've noticed that there's some extra code to zero-terminate the signed message:

	PHP_SODIUM_ZSTR_TRUNCATE(msg_signed, (size_t) msg_signed_real_len);
	ZSTR_VAL(msg_signed)[msg_signed_real_len] = 0;

I've replaced the assertion in sodium_crypto_sign_detached() with the following code and was unable to reproduce the SodiumException both on cli as php-fpm:

	PHP_SODIUM_ZSTR_TRUNCATE(signature, (size_t) signature_real_len);
	ZSTR_VAL(signature)[signature_real_len] = 0;


Test script:
---------------
<?php
$alice_sk = base64_decode('NNiJwjbkZ/5zUEj8KW8HENU34RVZ22XmvqFLj2xhlUa6ht6V6u/t97mfF6hW8UQgEvOdA/JSz/grVFVxoM5Y5g==');
$message = 'This is a test message.';
$signature = sodium_crypto_sign_detached($message, $alice_sk);
var_dump($signature);

Expected result:
----------------
string(88) "Fb5LHxwnrUnmNzdc01sEBJpgi+milnYjWagSiS4WfCmdjC4XOHIF753unPMSLAmmYQqjhS3raQfHs/02QQGoDA=="


Actual result:
--------------
Fatal error: Uncaught SodiumException: secret key size should be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes in /tmp/sodium.php:4
Stack trace:
#0 /tmp/sodium.php(4): sodium_crypto_sign_detached()
#1 {main}
  thrown in /tmp/sodium.php on line 4


Patches

sodium_crypto_sign_detached-zero-termination.patch (last revision 2019-02-21 13:15 UTC by thomaswouters+bugs dot php dot net at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-21 13:19 UTC] thomaswouters+bugs dot php dot net at gmail dot com
Test script should have been:

<?php
$alice_sk = base64_decode('NNiJwjbkZ/5zUEj8KW8HENU34RVZ22XmvqFLj2xhlUa6ht6V6u/t97mfF6hW8UQgEvOdA/JSz/grVFVxoM5Y5g==');

$message = 'This is a test message.';
$signature = sodium_crypto_sign_detached($message, $alice_sk);
var_dump(base64_encode($signature));
 [2019-02-21 13:22 UTC] nikic@php.net
-Assigned To: +Assigned To: jedisct1
 [2019-02-21 15:11 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ad3dac378e019590855c462ac69d1bda421520bb
Log: Fix bug #77646
 [2019-02-21 15:11 UTC] jedisct1@php.net
-Status: Assigned +Status: Closed
 [2019-02-21 15:14 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:20 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:22 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:24 UTC] jedisct1@php.net
Thanks for your report, Thomas!

This has been fixed in version 2.0.21 on the PECL extension, as well as in the PHP source code.

Thanks again!
 [2019-02-21 15:26 UTC] thomaswouters+bugs dot php dot net at gmail dot com
No problem, I'm glad that it's accepted as is :-)

Can it be applied on 7.2 as well?
 [2019-02-21 15:33 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:35 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:47 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:48 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu May 23 09:01:32 2019 UTC