Comments (14)
interesting! also on alpine linux. but not with 1.0.12. looking at libsodium what changed between those two versions.
from pysodium.
smallest reproducible testcase is this:
state = pysodium.crypto_generichash_init()
from pysodium.
maybe this change triggered it: jedisct1/libsodium@f72bcfa
from pysodium.
Very likely.
But you shouldn't assume anything about the content of the structure. This may change, especially if BLAKE2X is added.
Use crypto_generichash_statebytes()
to get the correct amount of bytes required to store the state, and you will always be safe.
from pysodium.
confirmed. just built a libsodium with that change reverted and it doesn't segfault anymore.
from pysodium.
not sure it's the number of bytes that's the problem, but the alignment itself?
this https://github.com/stef/pysodium/blob/master/pysodium/__init__.py#L160 seems to be exactly matching this https://github.com/jedisct1/libsodium/blob/master/src/libsodium/include/sodium/crypto_generichash_blake2b.h#L23
from pysodium.
Use crypto_generichash_statebytes()
, trust me :)
from pysodium.
would this be correct to pass to generichash_init?
state = sodium_malloc(crypto_generichash_statebytes());
and i would not have to mess with alignment?
from pysodium.
That would work! But maybe CryptoGenericHashState
can just be an array whose size is ctypes.c_uint8 * sodium.crypto_generichash_statebytes()
bytes?
from pysodium.
seems to work. pushed a fix.
from pysodium.
thx to all of you, for reporting and contributing a fix
from pysodium.
i bumped the version and also uploaded a new version to pypi, if you agree to the fix please close this issue.
from pysodium.
Awesome, thanks Stef!
from pysodium.
Thanks for the prompt response. Debian package updated:
https://packages.qa.debian.org/p/pysodium/news/20170811T211431Z.html
Christopher
from pysodium.
Related Issues (20)
- New release for crypto_stream_xchacha20_xor support HOT 2
- crypto_generichash ValueError HOT 2
- crypto_secretbox_open_easy is missing HOT 1
- value of crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX bigger than it should be HOT 3
- ability to check version of pysodium in-code missing HOT 2
- cant find libsodium.dll on windows HOT 6
- Stale Python Pakcage index (2016-06-02) HOT 1
- Harmonize the interface of crypto_aead_chacha20poly1305_* HOT 1
- Inconsistent copyright for test/ HOT 2
- crypto_secretstream* functions? HOT 92
- Input range checking HOT 39
- crypto_aead _NPUBBYTES vs. _NONCEBYTES HOT 8
- Newly added functions lack version checks HOT 6
- PyPi version number not compliant with PEP 0440? HOT 4
- crypto_auth and crypto_auth_verify use empty byte string as a key by default HOT 1
- py3 strings f*ck up generichash HOT 1
- how to use a specific algorithm HOT 7
- crypto_secretbox_detached and crypto_secretbox_open_detached HOT 6
- Expose remaining crypto_core_ ristretto crypto_core_ristretto255_add and crypto_core_ristretto255_sub HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pysodium.