Fatal error with Sodium\hex2bin about halite HOT 20 CLOSED

While I donot use composer, and since, we keep libraries, outside webroot, I did change the $basedir, to reflect the correct path.

Use composer.

Alternatively, make sure you install this library too, which is listed in the require block in composer.json.

If you're on PHP 7.2, you shouldn't need anything from PECL.

from halite.

As the auto loader code, will include this src/HiddenString.php file, do i still try to manually attempt, to include this, or some other error scenario?

You need a use statement, or to refer to it by its fully qualified class name (ParagonIE\Halite\HiddenString).

from halite.

The manual entry was auto-generated. There is no length argument.

If ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly() does not return TRUE, install PECL libsodium again just to be sure.

from halite.

PECL libsodium as of version 2 no longer uses namespaces but underscore functions.
When you use the correct version of Halite this should work as expected.
https://github.com/paragonie/halite#installing-halite

PHP 7.0 is reaching end of life soon, you should upgrade to PHP 7.1 or better PHP 7.2 which has Libsodium build-in (2.0, so remember to use the underscored function names).

Secondly, you shoudn't hack into Halite as this may cause problems with interoperability.

from halite.

Does Halite v3.2.0 support PHP v7.1 Branch?
if so, which versions of Libsodium and PECL Libsodium, do I use w.r.t. latest minor version of PHP v7.1 Branch?

Our supported versions are in this table on the README: https://github.com/paragonie/halite#installing-halite

Alternatively, if we have to choose PHP v7.2.0, that is released a week before, only Halite 4 will be the option know?

No, I'm fairly sure Halite 3 will work on PHP 7.2, but you'll be better served with version 4, which will be supported when support for versions 2 and 3 are dropped.

from halite.

Uhhhh, what. sodium_memzero() must exist or else something screwy is going on. Can you run ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true) and paste the output? (Note, use three backticks followed by a newline to open a code block, and then follow it up with the same thing.)

```
code
```

from halite.

Happy to hear it. 👍

from halite.

I did change \Sodium\hex2bin to sodium_hex2bin

Now, I get the following error,

Fatal error: Uncaught Error: Call to undefined function Sodium\memzero() in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:678 Stack trace: #0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #1 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #2 {main} thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 678

When tried replacing, \Sodium\memzero with sodium_memzero, this error got subsided too.

an update

P.S. will share, if I have any further issues, thank you

from halite.

Now, I get the following error,

Fatal error: Uncaught Error: Undefined constant 'Sodium\CRYPTO_GENERICHASH_BYTES_MAX' in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php:699 Stack trace: #0 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(681): ParagonIE\Halite\KeyFactory::getKeyDataFromString('1@\x01\x00\xF0\xA0\xB6\x8DSX\xAE\x80\xCB\xC0h...') #1 /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php(587): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #2 /home/uatpgsw/public_html/index.php(267): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #3 {main} thrown in /home/uatpgsw/app/includes/halite-v320/src/KeyFactory.php on line 699

hope, we should not use values of constants directly from https://paragonie.com/book/pecl-libsodium/read/01-quick-start.md

please suggest, thank you

from halite.

Dear Mr.Sebastiaan

thanks for the quick response.

Does Halite v3.2.0 support PHP v7.1 Branch?
if so, which versions of Libsodium and PECL Libsodium, do I use w.r.t. latest minor version of PHP v7.1 Branch?

Alternatively, if we have to choose PHP v7.2.0, that is released a week before, only Halite 4 will be the option know?

Moreover, we currently, use a Control Panel (CPanel), to manage our dev server.

I am looking at all possible options, please share your inputs,

thank you

from halite.

Thanks for the confirmation,

we will test and share updates

from halite.

Our Dev Environment:

• PHP 7.2.0

• Libsodium v1.0.14

• PECL Libsodium v2.0.10

I had downloaded Halite v4.01. While I donot use composer, and since, we keep libraries, outside webroot, I did change the $basedir, to reflect the correct path, in the autoload.php code.

irrespective of whether, I use manual includes, of all library files or when using the above approach, I am finding a common error, when loading the previously saved Asymmetric Encryption KeyPair:

Fatal error: Uncaught Error: Class 'ParagonIE\ConstantTime\Hex' not found in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php:677 Stack trace: #0 /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php(588): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...') #1 /home/uatpgsw/public_html/index.php(352): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...') #2 {main} thrown in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php on line 677
Do I need to specifically uninstall PECL Libsodium v2.0.10, since, I have PHP 7.2.0 and Libsodium 1.0.14?

can someone, share, where I am doing wrong?

thanks alot, for the quick response :)

from halite.

Thanks a lot Mr.Scott

I will do as you suggested,

from halite.

Thanks a lot Mr.Scott, the Hex Encoding issue seems to be resolved, I now get the following error,

Fatal error:  Uncaught Error: Call to undefined function sodium_memzero() in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php:678
Stack trace:
#0 /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php(588): ParagonIE\Halite\KeyFactory::loadKeyFile('/home/uatpgsw/g...')
#1 /home/uatpgsw/public_html/index.php(354): ParagonIE\Halite\KeyFactory::loadEncryptionKeyPair('/home/uatpgsw/g...')
#2 {main}
  thrown in /home/uatpgsw/app/includes/halite-v401/src/KeyFactory.php on line 678

the following is the code, I see, in the Keyfactory.php page

/**
     * Read a key from a file, verify its checksum
     * 
     * @param string $filePath
     * @return HiddenString
     * @throws Alerts\CannotPerformOperation
     */
    protected static function loadKeyFile(string $filePath): HiddenString
    {
        $fileData = \file_get_contents($filePath);
        if ($fileData === false) {
            throw new Alerts\CannotPerformOperation(
                'Cannot load key from file: '. $filePath
            );
        }
        $data = Hex::decode($fileData);
        \sodium_memzero($fileData);
        return new HiddenString(
            self::getKeyDataFromString($data)
        );
    }

your help is really appreciated :)

from halite.

echo ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true);

Result:

You do not have the sodium extension enabled.

I did ask our server admin, to uninstall PECL Libsodium v2.0.10 only.

While sodium_memzero is correct, is the following, in the loadKeyFile() function correct?

\sodium_memzero($fileData);

from halite.

Yes, it's wiping data from memory after it builds it into a key object.

from halite.

thank you for the update,

seeing this, http://php.net/manual/en/function.sodium-memzero.php

am I doing something wrong somewhere? I got the PECL Libsodium v2.0.10 uninstalled, after you confirmed,

please share your inputs, thank you

from halite.

the PECL Libsodium v2.0.10 is re-installed now.

if (ParagonIE\Halite\Halite::isLibsodiumSetupCorrectly(true) === true) {
	echo "true";
}

results in:

true

Sample Anonymous Asymmetric Encryption code:

$sealed = \ParagonIE\Halite\Asymmetric\Crypto::seal(
    new HiddenString(
        "Your message here. Any string content will do just fine."
    ),
    $public_key
);
echo "sealed: <br>" . $sealed . "<br><hr><br>";

Result:

Fatal error:  Uncaught Error: Class 'HiddenString' not found in /home/uatpgsw/public_html/index.php:386
Stack trace:
#0 {main}
  thrown in /home/uatpgsw/public_html/index.php on line 386

As the auto loader code, will include this src/HiddenString.php file, do i still try to manually attempt, to include this, or some other error scenario?

please share your inputs,

thank you

from halite.

when I run the following:

var_dump([
    SODIUM_LIBRARY_MAJOR_VERSION,
    SODIUM_LIBRARY_MINOR_VERSION,
    SODIUM_LIBRARY_VERSION
]);

Result:
array(3) { [0]=> int(9) [1]=> int(6) [2]=> string(6) "1.0.14" }

from halite.

now, it is working, Thanks a lot Mr.Scott and Paragonie-security and Mr.Sebastian as well, everyone, for helping me, with Libsodium issues and in the process of migration to latest version of v4.01, from Halite 1.5

from halite.