| #
4da46107 |
| 23-May-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix memory leaks in ext/sodium on failure of some functions
Infallible in practice right now, but should be fixed as infallible today does not mean infallible tomorrow:
- sodium_crypto_s
Fix memory leaks in ext/sodium on failure of some functions
Infallible in practice right now, but should be fixed as infallible today does not mean infallible tomorrow:
- sodium_crypto_sign_publickey_from_secretkey
- sodium_crypto_kx_seed_keypair
- sodium_crypto_kx_keypair
- sodium_crypto_auth
- sodium_crypto_sign_ed25519_sk_to_curve25519
- sodium_pad
Fallible today:
- sodium_crypto_sign_ed25519_pk_to_curve25519
Closes GH-14309.
show more ...
|
| #
1816403d |
| 07-Dec-2023 |
Frank Denis <124872+jedisct1@users.noreply.github.com> |
[sodium] Add AEGIS-128L and AEGIS-256 (#12867)
Also don't prevent usage of AES-GCM on aarch64, it's been supported since libsodium 1.0.18.
Fixes #12312
|
| #
692cea5c |
| 13-Sep-2023 |
Ilija Tovilo |
Use zend_error_noreturn for E_ERROR consistently
To be clear, these already don't return. zend_error_noreturn just hints at this
fact through the ZEND_NORETURN attribute.
Closes
Use zend_error_noreturn for E_ERROR consistently
To be clear, these already don't return. zend_error_noreturn just hints at this
fact through the ZEND_NORETURN attribute.
Closes GH-12204
show more ...
|
| #
d5ad7510 |
| 08-Jun-2023 |
George Peter Banyard |
More usage of known zend_str instead of C string (#11381)
|
| #
03fd4054 |
| 06-Sep-2022 |
Tim Düsterhus |
Use php_info_print_table_header for actual column headers only (#9485)
Using php_info_print_table_header() for "Foo: bar" looks odd and out of place,
because the whole line is colored. I
Use php_info_print_table_header for actual column headers only (#9485)
Using php_info_print_table_header() for "Foo: bar" looks odd and out of place,
because the whole line is colored. It is also questionable from a HTML
semantics point of view, because it does not described the columns that follow.
The use of this across extensions is inconsistent. It was part of the skeleton,
but ext/date or ext/json already use a regular row.
show more ...
|
| #
4679805c |
| 02-Aug-2022 |
Máté Kocsis |
Declare ext/sodium constants in stubs (#9225)
|
| #
8f824331 |
| 12-Apr-2022 |
Tim Düsterhus |
Mark parameter in ext/sodium as sensitive
|
| #
d03a94a0 |
| 05-Apr-2022 |
Christoph M. Becker |
Use proper types in sodium_crypto_stream_xchacha20_xor_ic()
Most importantly, `ic` needs to be of type `zend_long`, not `zend_long*`.
Closes GH-8302.
|
| #
afd8f84c |
| 30-Mar-2022 |
Paragon Initiative Enterprises |
Add sodium_crypto_stream_xchacha20_xor_ic()
There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-pa
Add sodium_crypto_stream_xchacha20_xor_ic()
There are many use-cases where a PHP user is currently using sodium_compat's implementation of this low-level XChaCha20 API. For example, multi-part message processing (in low-memory settings) for a ciphertext that was encrypted with XChaCha20-Poly1305 (rather than the secretstream API).
Adding this function to ext/sodium offers better performance and lowers users' memory usage with the polyfill, and ensures that users coming from other languages that provide libsodium bindings have a more consistent experience with our bindings. This is a win-win.
This patch follows the libsodium precedent of adding functions instead of optional parameters to existing functions. The parameter order is also consistent with the C API.
https://doc.libsodium.org/advanced/stream_ciphers/xchacha20#usage
Closes GH-8276.
show more ...
|
| #
98184afd |
| 10-Aug-2021 |
Nikita Popov |
Improve ristretto255 scalarmult exception messages
These fail due to bad inputs, not internal errors.
|
| #
9168aab3 |
| 10-Aug-2021 |
Nikita Popov |
Fix ristretto255 tests
Both tests were skipped because of a typo in the checked constant
name.
The scalarmult test was using illegal test vectors. The new test
is based on:
Fix ristretto255 tests
Both tests were skipped because of a typo in the checked constant
name.
The scalarmult test was using illegal test vectors. The new test
is based on:
https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455150aba9/test/default/scalarmult_ristretto255.c
The $L value contained one extra null byte. The number of "false"
return values was too small.
scalar_invert() doesn't return a valid point -- not sure on that
one.
show more ...
|
| #
9b794f8e |
| 07-May-2021 |
P.I.E. Security Team |
Expose libsodium's Ristretto255 API (#6922)
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
| #
6adfe9da |
| 19-Apr-2021 |
Nikita Popov |
Fix error messages for sodium_crypto_stream_xchacha20
And test them. Also adjust the constant check in the test so that
it actually runs.
|
| #
f7f1f7fc |
| 19-Apr-2021 |
P.I.E. Security Team |
Add crypto_stream_xchacha20 to ext/sodium (#6868)
Paragon Initiative Enterprises is aware of PHP applications that use sodium_compat's ParagonIE\Sodium\Core\XChaCha20 class directly for stre
Add crypto_stream_xchacha20 to ext/sodium (#6868)
Paragon Initiative Enterprises is aware of PHP applications that use sodium_compat's ParagonIE\Sodium\Core\XChaCha20 class directly for stream encryption.
Greater performance and security assurance is offered by exposing libsodium's crypto_stream_xchacha20 API to PHP users.
It's acceptable to only include this change in PHP 8.1+; the offending applications are more than welcome to either install ext/sodium from PECL or upgrade to 8.1 when it comes out later this year.
Ref: https://github.com/jedisct1/libsodium-php/pull/211
show more ...
|
| #
a730dc0c |
| 15-Feb-2021 |
Máté Kocsis |
Generate class entries for snmp, soap, sockets, sodium, sqlite3, sysv*, tidy
Closes GH-6696
|
| #
c37a1cd6 |
| 10-Sep-2020 |
Máté Kocsis |
Promote a few remaining errors in ext/standard
Closes GH-6110
|
| #
f6d7af21 |
| 14-Aug-2020 |
Nikita Popov |
Null terminate the sodium_crypto_kx_keypair() result
|
| #
978b7de2 |
| 07-Aug-2020 |
Nikita Popov |
Accept zend_object* in zend_get_exception_base
|
| #
7991fc27 |
| 07-Aug-2020 |
Nikita Popov |
Accept zend_object in zend_read_property
|
| #
21cfa03f |
| 05-Apr-2020 |
Máté Kocsis |
Generate function entries for another batch of extensions
Closes GH-5352
|
| #
118b04bd |
| 22-Feb-2020 |
Máté Kocsis |
Improve argument error messages in ext/sodium
Closes GH-5197
|
| #
01a50778 |
| 02-Jan-2020 |
Máté Kocsis |
Use RETURN_THROWS() after zend_throw_exception() in most of the extensions
|
| #
81760591 |
| 31-Dec-2019 |
Máté Kocsis |
Use RETURN_THROWS() during ZPP in the remaining extensions
In reflection, sodium, and SPL
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1 |
|
| #
4008704f |
| 01-Nov-2019 |
Christoph M. Becker |
zend_parse_parameters_throw() is obsolete
Since `zend_parse_parameters()` throws now, there is no reason to
explicitly call `zend_parse_parameters_throw()` anymore, and since both
ha
zend_parse_parameters_throw() is obsolete
Since `zend_parse_parameters()` throws now, there is no reason to
explicitly call `zend_parse_parameters_throw()` anymore, and since both
have actually the same implementation, we redefine the latter as macro.
show more ...
|
