在启用 Argon2 的 Amazon Linux 2 上安装 PHP

Question

I am having a problem with enabling Argon2 for password hashing. I am building PHP from source of Amazon Linux 2 but once the build have finishing and PHP is compiled, the PASSWORD_ARGON2I constant is undefined and the algorithm is not available.

I have tried numerous different ways to compile PHP using different libraries but none of them give me the Argon2 algorithm that I need. Below I will list some steps I have taken:

1) Giving flag --with-sodium

Compiling with this flag completes, but running a test script that includes the function password_hash() shows that Argon2I is not available.

2) Compiling with flag --with-password-argon2

This fails to compile due to a missing library which can be seen in the error below.

checking for Argon2 support... yes
checking for Argon2 library... not found
configure: error: Please ensure the argon2 header and library are installed

From this, I assume that I am missing a library required for the flag to work so I have installed Libsodium . Trying again has the same result.

3) Next I install some more dependencies on the recommendation from a tutorial. These are: - argon2 - libargon2-0 - libargon2-0-dev

This does give me the cli tool argon2 which works, however compiling PHP again doesn't work with the same errors.

At the point Im not sure what my next step is, any help would be greatly appreciated.

Answer 1

I received an Argon2i not supported.. error when trying to install the LexikJWTAuthenticationBundle on my Cloud9 EC2 instance where PHP72 is running. After much research I came up with a solution.

Here are the steps to follow.

Install libsodium:

$ sudo yum install libsodium-devel

After it is installed, if you run this command to view your PHP modules, you would expect to see libsodium listed, but it is not there.

$ php -m 

The package is actually installed as sodium.so and not libsodium.so (perhaps that is the root of the problem?) To get PHP to load the module, some manual steps are required.

Go to the directory that PHP looks for installed modules.

$ cd /etc/php.d

Create a file that will point to the sodium.so package.

$ sudo touch libsodium.ini

Give the file read/write permissions.

$ sudo chmod 666 20-libsodium.ini

Open the file in an editor. I like to use vim.

$ vi libsodium.ini

Click the 'i' key to get into the insert mode and paste the following:

; Enable sodium extension module
extension=sodium.so

Save the file by clicking the escape key and typing:

:wq!

Now if you look at the installed PHP modules by typing php -m, you will see libsodium listed.

At this point you should be able to run whatever was throwing the Argon2i errors.

FYI, I am not a PHP developer, nor an AWS expert, but I had to get this working to deploy a company PHP application on EC2. So if you have any issues with the above, I may not be able to help..but I'll try;)

Answer 2

I was able to resolve this issue. I created a new AWS Amazon Linux 2 instance and followed these steps:

Install Argon2

sudo -s
git clone https://github.com/P-H-C/phc-winner-argon2.git
cd phc-winner-argon2
make
make test
make install PREFIX=/usr
cp /usr/lib/libargon2.so.1 /lib64/

Navigate back to the parent directory

cd ..

Install PHP 7.3.5

wget https://www.php.net/distributions/php-7.3.5.tar.gz
tar -zxvf php-7.3.5.tar.gz
cd php-7.3.5
./configure --with-password-argon2
make 
make test
make install
exit

Navigate back to the parent directory

cd ..

Check your PHP version

php --version

Create the following PHP script (pwd.php).

<?php

  error_reporting(E_ALL);

  $hash = \password_hash('password', PASSWORD_ARGON2ID);
  echo "$hash\n";

?>

Execute the PHP script to test Argon2 functionality

php pwd.php

You will receive an output similiar to the following:

$argon2id$v=19$m=1024,t=2,p=2$dlB2SWdpUEFYZE9RSWNmQg$JGWNTXEomWX1hyM8OfzkRNx5C3zmBu3sqKU1hwohNOU

Answer 3

sudo yum install -y libargon2 libargon2-devel

This worked for me.