Reported Integer Overflows with PHP-FPM (not PHP-CLI)
paragonie-scott opened this issue · 1 comments
From Dion Hulse on Wordpress Slack:
Did some more digging, turns out the PHP CLI in that environment works, while php-fpm doesn’t.
Got down as far as the final loop inParagonIE_Sodium_Core_Curve25519::ge_double_scalarmult_vartime()
ati = 247
whereself::ge_p2_dbl()
starts returning different data,T: 60762035, -28864121, -22424362, 37674336, 25959391, -1347853,.....
when it’s workingT: 60762016, 2506747835552135, -14802114316999430, 6459153759631826, -7767544285703312,.....
in a non-working case, so looks like some kind of int overflow issue
https://bugs.php.net/bug.php?id=75938 looks like this is the culprit. PHP 7.2.0, PHP 7.2.1, and PHP 7.2.2 are affected when used in PHP-FPM. PHP 7.2.3+ are unaffected.