Comments (5)
paragonie-security
commented on June 20, 2024
1
This is fixed in v1.15.0.
from sodium_compat.
superpoincare
commented on June 20, 2024
Thanks.
This is not giving an error now but using null doesn't decrypt.
from sodium_compat.
paragonie-security
commented on June 20, 2024
Given this code...
<?php
if (!extension_loaded('sodium')) {
exit;
}
$key = random_bytes(32);
$nonce = random_bytes(24);
$message = 'Pi day was a month ago and I suddenly crave pie.';
$ciphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($message, '', $nonce, $key);
$c2 = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($message, NULL, $nonce, $key);
var_dump(
bin2hex($ciphertext), bin2hex($c2)
);...I get this output:
string(128) "8e2e220c7c917e7dc65fe2af6af246eb9c1b38be92a1a2ef15cf9bd8cfbe242f46934485e5f94706df06dcb75a88acf79a6e044fb929113c9e56c42899ff677a"
string(128) "8e2e220c7c917e7dc65fe2af6af246eb9c1b38be92a1a2ef15cf9bd8cfbe242f46934485e5f94706df06dcb75a88acf79a6e044fb929113c9e56c42899ff677a"
This tells me that NULL and "" (empty string) are treated the same by ext/sodium. Does that solve the problem for you?
from sodium_compat.
paragonie-security
commented on June 20, 2024
Version v1.5.3 contains the complete fix, and has a regression test added to prevent this from ever being reintroduced.
from sodium_compat.
superpoincare
commented on June 20, 2024
Yeah, I had a decrypt function and that decrypts well now.
Great!
from sodium_compat.
Related Issues (20)
- Constants such as SODIUM_CRYPTO_PWHASH_ALG_DEFAULT
- Undefined constant 'CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES' HOT 15
- Issue in crypto_box_open function HOT 2
- suggests ext-sodium HOT 2
- Argument 1 must be at least CRYPTO_SIGN_BYTES long HOT 5
- What would a hypothetical sodium_compat v2 look like? HOT 1
- PHP 8.1 x86 deprecation: Implicit conversion from float 4294967295 to int loses precision HOT 11
- Uncaught Error: Class 'ParagonIE_Sodium_Core32_Curve25519' not found HOT 4
- 'include guards' in src/Compat.php (among others) do nothing HOT 3
- Class not found due to autoload-fast.php not including directory HOT 2
- php newb seeing memory exhaustion composer-requiring into snipe-it HOT 2
- Build of sodium-compat.phar fails
- box.json omits autoload-php7.php HOT 2
- HKDF HOT 2
- AEAD - AEGIS-128L and AEGIS-256 HOT 1
- Missing file using composer install HOT 3
- Appveyor is failing (PHP 5.6 on Windows) HOT 1
- PHP 8.4 Compatibility
- [Internal] Modernize Code Style
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sodium_compat.