Skip to content

Commit 3ebbf0e

Browse files
TimWollaTimWolla
committed
Mark parameter in ext/sodium as sensitive
- sodium_crypto_aead_aes256gcm_decrypt: $key - sodium_crypto_aead_aes256gcm_encrypt: $message, $key - sodium_crypto_aead_chacha20poly1305_decrypt: $key - sodium_crypto_aead_chacha20poly1305_encrypt: $message, $key - sodium_crypto_aead_chacha20poly1305_ietf_decrypt: $key - sodium_crypto_aead_chacha20poly1305_ietf_encrypt: $message, $key - sodium_crypto_aead_xchacha20poly1305_ietf_decrypt: $key - sodium_crypto_aead_xchacha20poly1305_ietf_encrypt: $message, $key - sodium_crypto_auth: $key - sodium_crypto_auth_verify: $key - sodium_crypto_box: $message, $key_pair - sodium_crypto_box_keypair_from_secretkey_and_publickey: $secret_key - sodium_crypto_box_open: $key_pair - sodium_crypto_box_publickey: $key_pair - sodium_crypto_box_publickey_from_secretkey: $secret_key - sodium_crypto_box_seal: $message - sodium_crypto_box_seal_open: $key_pair - sodium_crypto_box_secretkey: $key_pair - sodium_crypto_kx_publickey: $key_pair - sodium_crypto_kx_secretkey: $key_pair - sodium_crypto_kx_seed_keypair: $seed - sodium_crypto_kx_client_session_keys: $client_key_pair - sodium_crypto_kx_server_session_keys: $server_key_pair - sodium_crypto_generichash: $key - sodium_crypto_generichash_init: $key - sodium_crypto_kdf_derive_from_key: $key - sodium_crypto_pwhash: $password - sodium_crypto_pwhash_str: $password - sodium_crypto_pwhash_str_verify: $password - sodium_crypto_pwhash_scryptsalsa208sha256: $password - sodium_crypto_pwhash_scryptsalsa208sha256_str: $password - sodium_crypto_pwhash_scryptsalsa208sha256_str_verify: $password - sodium_crypto_secretbox: $message, $key - sodium_crypto_secretbox_open: $key - sodium_crypto_secretstream_xchacha20poly1305_init_push: $key - sodium_crypto_secretstream_xchacha20poly1305_push: $message - sodium_crypto_secretstream_xchacha20poly1305_init_pull: $key - sodium_crypto_shorthash: $key - sodium_crypto_sign: $secret_key - sodium_crypto_sign_detached: $secret_key - sodium_crypto_sign_ed25519_sk_to_curve25519: $secret_key - sodium_crypto_sign_keypair_from_secretkey_and_publickey: $secret_key - sodium_crypto_sign_publickey: $key_pair - sodium_crypto_sign_secretkey: $key_pair - sodium_crypto_sign_publickey_from_secretkey: $secret_key - sodium_crypto_sign_seed_keypair: $seed - sodium_crypto_stream: $key - sodium_crypto_stream_xor: $message, $key - sodium_crypto_stream_xchacha20: $key - sodium_crypto_stream_xchacha20_xor: $message, $key - sodium_crypto_stream_xchacha20_xor_ic: $message, $key - sodium_compare: $string1, $string2 - sodium_memcmp: $string1, $string2 - sodium_memzero: $string - sodium_pad: $string - sodium_unpad: $string - sodium_bin2hex: $string - sodium_hex2bin: $string - sodium_bin2base64: $string - sodium_base642bin: $string - sodium_crypto_scalarmult_base: $secret_key
1 parent 7e09d1c commit 3ebbf0e

File tree

1 file changed

+88
-0
lines changed

1 file changed

+88
-0
lines changed

ext/sodium/libsodium.c

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
#include "php_ini.h"
2323
#include "ext/standard/info.h"
2424
#include "php_libsodium.h"
25+
#include "zend_attributes.h"
2526
#include "zend_exceptions.h"
2627

2728
#include <sodium.h>
@@ -386,6 +387,93 @@ PHP_MINIT_FUNCTION(sodium)
386387
}
387388
#endif
388389

390+
#ifdef HAVE_AESGCM
391+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_aes256gcm_decrypt", 3 /* $key */);
392+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_aes256gcm_encrypt", 0 /* $message */);
393+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_aes256gcm_encrypt", 3 /* $key */);
394+
#endif
395+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_decrypt", 3 /* $key */);
396+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_encrypt", 0 /* $message */);
397+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_encrypt", 3 /* $key */);
398+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_ietf_decrypt", 3 /* $key */);
399+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_ietf_encrypt", 0 /* $message */);
400+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_chacha20poly1305_ietf_encrypt", 3 /* $key */);
401+
#ifdef crypto_aead_xchacha20poly1305_IETF_NPUBBYTES
402+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_xchacha20poly1305_ietf_decrypt", 3 /* $key */);
403+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_xchacha20poly1305_ietf_encrypt", 0 /* $message */);
404+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_aead_xchacha20poly1305_ietf_encrypt", 3 /* $key */);
405+
#endif
406+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_auth", 1 /* $key */);
407+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_auth_verify", 2 /* $key */);
408+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box", 0 /* $message */);
409+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box", 2 /* $key_pair */);
410+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_keypair_from_secretkey_and_publickey", 0 /* $secret_key */);
411+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_open", 2 /* $key_pair */);
412+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_publickey", 0 /* $key_pair */);
413+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_publickey_from_secretkey", 0 /* $secret_key */);
414+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_seal", 0 /* $message */);
415+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_seal_open", 1 /* $key_pair */);
416+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_box_secretkey", 0 /* $key_pair */);
417+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kx_publickey", 0 /* $key_pair */);
418+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kx_secretkey", 0 /* $key_pair */);
419+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kx_seed_keypair", 0 /* $seed */);
420+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kx_client_session_keys", 0 /* $client_key_pair */);
421+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kx_server_session_keys", 0 /* $server_key_pair */);
422+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_generichash", 1 /* $key */);
423+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_generichash_init", 0 /* $key */);
424+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_kdf_derive_from_key", 3 /* $key */);
425+
#ifdef crypto_pwhash_SALTBYTES
426+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash", 1 /* $password */);
427+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash_str", 0 /* $password */);
428+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash_str_verify", 1 /* $password */);
429+
#endif
430+
#ifdef crypto_pwhash_scryptsalsa208sha256_SALTBYTES
431+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash_scryptsalsa208sha256", 1 /* $password */);
432+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash_scryptsalsa208sha256_str", 0 /* $password */);
433+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_pwhash_scryptsalsa208sha256_str_verify", 1 /* $password */);
434+
#endif
435+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretbox", 0 /* $message */);
436+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretbox", 2 /* $key */);
437+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretbox_open", 2 /* $key */);
438+
#ifdef crypto_secretstream_xchacha20poly1305_ABYTES
439+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretstream_xchacha20poly1305_init_push", 0 /* $key */);
440+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretstream_xchacha20poly1305_push", 1 /* $message */);
441+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_secretstream_xchacha20poly1305_init_pull", 1 /* $key */);
442+
#endif
443+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_shorthash", 1 /* $key */);
444+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign", 1 /* $secret_key */);
445+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_detached", 1 /* $secret_key */);
446+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_ed25519_sk_to_curve25519", 0 /* $secret_key */);
447+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_keypair_from_secretkey_and_publickey", 0 /* $secret_key */);
448+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_publickey", 0 /* $key_pair */);
449+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_secretkey", 0 /* $key_pair */);
450+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_publickey_from_secretkey", 0 /* $secret_key */);
451+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_sign_seed_keypair", 0 /* $seed */);
452+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream", 2 /* $key */);
453+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xor", 0 /* $message */);
454+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xor", 2 /* $key */);
455+
#if defined(crypto_stream_xchacha20_KEYBYTES)
456+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xchacha20", 2 /* $key */);
457+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xchacha20_xor", 0 /* $message */);
458+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xchacha20_xor", 2 /* $key */);
459+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xchacha20_xor_ic", 0 /* $message */);
460+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_stream_xchacha20_xor_ic", 3 /* $key */);
461+
#endif
462+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_compare", 0 /* $string1 */);
463+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_compare", 1 /* $string2 */);
464+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_memcmp", 0 /* $string1 */);
465+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_memcmp", 1 /* $string2 */);
466+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_memzero", 0 /* $string */);
467+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_pad", 0 /* $string */);
468+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_unpad", 0 /* $string */);
469+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_bin2hex", 0 /* $string */);
470+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_hex2bin", 0 /* $string */);
471+
#ifdef sodium_base64_VARIANT_ORIGINAL
472+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_bin2base64", 0 /* $string */);
473+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_base642bin", 0 /* $string */);
474+
#endif
475+
zend_mark_function_parameter_as_sensitive(CG(function_table), "sodium_crypto_scalarmult_base", 0 /* $secret_key */);
476+
389477
return SUCCESS;
390478
}
391479

0 commit comments

Comments
 (0)