chore: require ext-sodium

Promote ext-sodium from recommended to required so RFC 9421 Ed25519 signing/verifying can rely on libsodium unconditionally. Add the matching openssl + sodium psalm stubs. Signed-off-by: Micke Nordin <kano@sunet.se>
2026-05-28 04:32:30 -04:00 · 2026-05-05 16:29:09 +02:00 · 2026-05-05 16:29:09 +02:00 · ea9bbe64c1
commit ea9bbe64c1
parent a1991eca6e
5 changed files with 29 additions and 2 deletions
--- a/apps/settings/lib/SetupChecks/PhpModules.php
+++ b/apps/settings/lib/SetupChecks/PhpModules.php
@ -24,6 +24,7 @@ class PhpModules implements ISetupCheck {
 		'openssl',
 		'posix',
 		'session',
+		'sodium',
 		'xml',
 		'xmlreader',
 		'xmlwriter',
@ -35,7 +36,6 @@ class PhpModules implements ISetupCheck {
 		'exif',
 		'gmp',
 		'intl',
-		'sodium',
 		'sysvsem',
 	];

@ -58,7 +58,6 @@ class PhpModules implements ISetupCheck {
 	protected function getRecommendedModuleDescription(string $module): string {
 		return match($module) {
 			'intl' => $this->l10n->t('increases language translation performance and fixes sorting of non-ASCII characters'),
-			'sodium' => $this->l10n->t('for Argon2 for password hashing'),
 			'gmp' => $this->l10n->t('required for SFTP storage and recommended for WebAuthn performance'),
 			'exif' => $this->l10n->t('for picture rotation in server and metadata extraction in the Photos app'),
 			default => '',
--- a/build/stubs/openssl.php
+++ b/build/stubs/openssl.php
@ -0,0 +1,12 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+// ext-openssl padding mode constants for psalm. PSS omitted: PHP 8.5+ only.
+const OPENSSL_PKCS1_PADDING = 1;
+const OPENSSL_SSLV23_PADDING = 2;
+const OPENSSL_NO_PADDING = 3;
+const OPENSSL_PKCS1_OAEP_PADDING = 4;
--- a/build/stubs/sodium.php
+++ b/build/stubs/sodium.php
@ -0,0 +1,13 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+// ext-sodium Ed25519 size constants for psalm.
+const SODIUM_CRYPTO_SIGN_BYTES = 64;
+const SODIUM_CRYPTO_SIGN_SEEDBYTES = 32;
+const SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES = 32;
+const SODIUM_CRYPTO_SIGN_SECRETKEYBYTES = 64;
+const SODIUM_CRYPTO_SIGN_KEYPAIRBYTES = 96;
--- a/composer.json
+++ b/composer.json
@ -41,6 +41,7 @@
 		"ext-posix": "*",
 		"ext-session": "*",
 		"ext-simplexml": "*",
+		"ext-sodium": "*",
 		"ext-xml": "*",
 		"ext-xmlreader": "*",
 		"ext-xmlwriter": "*",
--- a/psalm.xml
+++ b/psalm.xml
@ -116,9 +116,11 @@
 		<file name="build/stubs/SensitiveParameter.phpstub"/>
 		<file name="build/stubs/ldap.php"/>
 		<file name="build/stubs/memcached.php"/>
+		<file name="build/stubs/openssl.php"/>
 		<file name="build/stubs/redis.php"/>
 		<file name="build/stubs/redis_cluster.php"/>
 		<file name="build/stubs/sftp.php"/>
+		<file name="build/stubs/sodium.php"/>
 		<file name="build/stubs/ssh2.php"/>
 		<file name="build/stubs/xsl.php"/>
 		<file name="build/stubs/ftp.php"/>