baileyJchoi baileyJchoi - 13 days ago 9
MySQL Question

libsodium for PHP is not working

I want to use Argon2i to hash my password but it's not working. I get the following error:


Fatal error: Uncaught Error: Call to undefined function Sodium\crypto_pwhash_str()


This is the guide I'm using to install libsodium:
https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium

I have checked that libsodium is installed and working.

I implemented the Argon2i hashing that I got from this link: https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016

Here is the code from that link:

// Password hashing:
$hash_str = \Sodium\crypto_pwhash_str(
$password,
\Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
\Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);


What could be the problem?

Answer

The most likely cause for this problem is an outdated version of libsodium, often because Linux distribution patches erroneously only provide libsodium version 1.0.3 or 1.0.8 despite 1.0.11 being available.

Installing Libsodium in a PHP project requires installing two different things:

  1. libsodium, the library itself
  2. ext/libsodium, the PHP extension (if this becomes a core extension, we'll probably shorten it to ext/sodium instead)

In order to use \Sodium\crypto_pwhash_str(), two conditions must be met:

  1. You must be using libsodium 1.0.9 or higher when your PHP extension is compiled.
  2. You must be using ext/libsodium 1.0.3 or higher (compiled against 1.0.9 or higher of the underlying library).

In Halite, we have a function called Halite::isLibsodiumSetupCorrectly() to quickly diagnose version issues.

Your best best is:

  1. Uninstall the PHP extension.
  2. Uninstall libsodium.
  3. Compile libsodium 1.0.11 from source.
  4. Reinstall the PHP extension now that 1.0.11 is installed.
  5. (Recommended but optional:) Ask your operating system to provide up-to-date versions of libsodium rather than shackling their users to an outdated version as a result of a flawed understanding of stability.
Comments