Bug#919703: php7.3: sodium_crypto_pwhash() Causes Error

Fri, 18 Jan 2019 10:45:50 -0800 

Package: php7.3
Version: 7.3.0-2
Severity: normal

Dear Maintainer,

Attempting to use sodium_crypto_pwhash is triggering a (non-informative) error 
from libsodium. The proximate cause appears to be the final argument. I can 
trigger the error with the following line in an interactive PHP shell:

php > echo base64_encode(sodium_crypto_pwhash(32, 'test', 
random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES), 
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, 
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13));
PHP Warning:  Uncaught SodiumException: internal error in php shell code:1
Stack trace:
#0 php shell code(1): sodium_crypto_pwhash()
#1 {main}
  thrown in php shell code on line 1

What I expect to see is 32 bytes of essentially random data base64-encoded.

I am able to get output without an error by executing either of the follwing 
statements:

echo base64_encode(sodium_crypto_pwhash(32, 'test', 
random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES), 
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, 
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE));
echo base64_encode(sodium_crypto_pwhash(32, 'test', 
random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES), 
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, 
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_ALG_DEFAULT));

Curiously, the default algorithm right now is supposed to be 
SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13, so it must be something in how this is 
mapped to the algorithm when passed on to libsodium.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages php7.3 depends on:
pn  libapache2-mod-php7.3 | php7.3-fpm | php7.3-cgi  <none>
pn  php7.3-common                                    <none>

php7.3 recommends no packages.

php7.3 suggests no packages.

Reply via email to