php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77646 sodium_crypto_sign_detached() does not zero-terminate signature
Submitted: 2019-02-21 13:15 UTC Modified: 2019-02-21 15:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: thomaswouters+bugs dot php dot net at gmail dot com Assigned: jedisct1 (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 7.3.2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: thomaswouters+bugs dot php dot net at gmail dot com
New email:
PHP Version: OS:

 

 [2019-02-21 13:15 UTC] thomaswouters+bugs dot php dot net at gmail dot com
Description:
------------
sodium_crypto_sign_detached() behaves irregular on a legacy system (I guess it might be related to an old gcc version - 4.7.2).

Using the function sodium_crypto_sign_detached() in php-fpm resulted in a fatal error:

PHP Fatal error:  Uncaught SodiumException: secret key size should be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes in /tmp/sodium.php

I was able to reproduce it with php command line on older systems by enabling opcache (-d "opcache.enable_cli=On") but not on Debian stretch, buster, Archlinux or Alpine.
Toggling opcache in php-fpm did not make a difference and the exception was thrown regardless.

When built with --enable-debug PHP throws an assertion error on `ZEND_ASSERT(ZSTR_VAL(signature)[signature_real_len] == 0);`:

Warning: String is not zero-terminated (*garbage*) in Unknown on line 0

After taking a look at sodium_crypto_sign() I've noticed that there's some extra code to zero-terminate the signed message:

	PHP_SODIUM_ZSTR_TRUNCATE(msg_signed, (size_t) msg_signed_real_len);
	ZSTR_VAL(msg_signed)[msg_signed_real_len] = 0;

I've replaced the assertion in sodium_crypto_sign_detached() with the following code and was unable to reproduce the SodiumException both on cli as php-fpm:

	PHP_SODIUM_ZSTR_TRUNCATE(signature, (size_t) signature_real_len);
	ZSTR_VAL(signature)[signature_real_len] = 0;


Test script:
---------------
<?php
$alice_sk = base64_decode('NNiJwjbkZ/5zUEj8KW8HENU34RVZ22XmvqFLj2xhlUa6ht6V6u/t97mfF6hW8UQgEvOdA/JSz/grVFVxoM5Y5g==');
$message = 'This is a test message.';
$signature = sodium_crypto_sign_detached($message, $alice_sk);
var_dump($signature);

Expected result:
----------------
string(88) "Fb5LHxwnrUnmNzdc01sEBJpgi+milnYjWagSiS4WfCmdjC4XOHIF753unPMSLAmmYQqjhS3raQfHs/02QQGoDA=="


Actual result:
--------------
Fatal error: Uncaught SodiumException: secret key size should be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes in /tmp/sodium.php:4
Stack trace:
#0 /tmp/sodium.php(4): sodium_crypto_sign_detached()
#1 {main}
  thrown in /tmp/sodium.php on line 4


Patches

sodium_crypto_sign_detached-zero-termination.patch (last revision 2019-02-21 13:15 UTC by thomaswouters+bugs dot php dot net at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-21 13:19 UTC] thomaswouters+bugs dot php dot net at gmail dot com
Test script should have been:

<?php
$alice_sk = base64_decode('NNiJwjbkZ/5zUEj8KW8HENU34RVZ22XmvqFLj2xhlUa6ht6V6u/t97mfF6hW8UQgEvOdA/JSz/grVFVxoM5Y5g==');

$message = 'This is a test message.';
$signature = sodium_crypto_sign_detached($message, $alice_sk);
var_dump(base64_encode($signature));
 [2019-02-21 13:22 UTC] nikic@php.net
-Assigned To: +Assigned To: jedisct1
 [2019-02-21 15:11 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ad3dac378e019590855c462ac69d1bda421520bb
Log: Fix bug #77646
 [2019-02-21 15:11 UTC] jedisct1@php.net
-Status: Assigned +Status: Closed
 [2019-02-21 15:14 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:20 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:22 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e7ca69f1fa6b7e7b63f40080b1a6cea3a071b034
Log: Fix bug #77646
 [2019-02-21 15:24 UTC] jedisct1@php.net
Thanks for your report, Thomas!

This has been fixed in version 2.0.21 on the PECL extension, as well as in the PHP source code.

Thanks again!
 [2019-02-21 15:26 UTC] thomaswouters+bugs dot php dot net at gmail dot com
No problem, I'm glad that it's accepted as is :-)

Can it be applied on 7.2 as well?
 [2019-02-21 15:33 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:35 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:47 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 [2019-02-21 15:48 UTC] jedisct1@php.net
Automatic comment on behalf of github@pureftpd.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=08089b575bdd0d7a99c016a31d06444f35084f7d
Log: Fix bug #77646
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 16:01:26 2024 UTC