Security Advisories (2)

CVE-2025-15444 (2026-01-06)

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

CVE-2026-30910 (2026-03-08)

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U

https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes

NAME

Crypt::Sodium::XS::auth - Secret key message authentication

SYNOPSIS

use Crypt::Sodium::XS::auth ":default";

my $key = auth_keygen;
my $msg = "authenticate this message";

my $tag = auth($msg, $key);
die "message tampered with!" unless auth_verify($tag, $msg, $key);

my $multipart = auth_init($key);
$multipart->update("authenticate");
$multipart->update(" this", " message");
$tag = $multipart->final;
die "message tampered with!" unless auth_verify($tag, $msg, $key);

DESCRIPTION

Crypt::Sodium::XS::auth Computes an authentication tag for a message and a secret key, and provides a way to verify that a given tag is valid for a given message and a key.

The function computing the tag is deterministic: the same ($message, $key) tuple will always produce the same output. However, even if the message is public, knowing the key is required in order to be able to compute a valid tag. Therefore, the key should remain confidential. The tag, however, can be public.

A typical use case is:

* Alice prepares a message, adds an authentication tag, sends it to Bob

* Alice doesn't store the message

* Later on, Bob sends the message and the authentication tag back to Alice

* Alice uses the authentication tag to verify that she created this message

Crypt::Sodium::XS::auth does not encrypt the message. It only computes and verifies an authentication tag.

FUNCTIONS

Nothing is exported by default. A :default tag imports the functions and constants documented below. A separate :<primitive> import tag is provided for each of the primitives listed in "PRIMITIVES". These tags import the auth_<primitive>_* functions and constants for that primitive. A :all tag imports everything.

auth

auth_<primitive>

my $tag = auth($message, $key);

$message is the message to authenticate. It may be a Crypt::Sodium::XS::MemVault.

$key is the secret key with which to generate the authentication tag. It must be "auth_KEYBYTES" bytes. It may be a Crypt::Sodium::XS::MemVault.

Returns the authentication tag. The tag is "auth_BYTES" bytes.

auth_init

auth_<primitive>_init

my $multipart = auth_init($key, $flags);

$key is the secret key used by the multipart object. It should be at least "auth_KEYBYTES" bytes. It may be a Crypt::Sodium::XS::MemVault.

$flags is optional. It is the flags used for the multipart protected memory object. See Crypt::Sodium::XS::ProtMem.

Returns an opaque protected memory object: a multi-part auth object. This is useful when authenticating a stream or large message in chunks, rather than in one message. See "MULTI-PART INTERFACE".

Note: The multipart interface may use arbitrary-size keys. This is not recommended as it can be easily misused (e.g., accidentally using an empty key). Avoid by always using keys of "auth_KEYBYTES" bytes as returned by "auth_keygen".

auth_keygen

auth_<primitive>_keygen

my $key = auth_keygen($flags);

$flags is optional. It is the flags used for the $key Crypt::Sodium::XS::MemVault. See Crypt::Sodium::XS::ProtMem.

Returns a Crypt::Sodium::XS::MemVault: a new secret key of "auth_KEYBYTES" bytes.

auth_verify

auth_<primitive>_verify

my $is_valid = auth_verify($tag, $message, $key);

$tag is the previously generated authentication tag. It must be "auth_BYTES" bytes.

$message is the message to authenticate.

$key is the secret key used to generate the authentication tag. It must be "auth_KEYBYTES" bytes. It may be a Crypt::Sodium::XS::MemVault.

Returns true if $tag is a valid tag for $message and $key, false otherwise.

MULTI-PART INTERFACE

A multipart auth object is created by calling the "auth_init" function. Data to be authenticated is added by calling the "update" method of that object as many times as desired. An output tag is generated by calling its "final" method. Do not use the object after calling "final".

The multipart auth object is an opaque object which provides the following methods:

clone

my $multipart_copy = $multipart->clone;

Returns a cloned copy of the multipart auth object, duplicating its internal state.

final

my $tag = $multipart->final;

Returns a tag for $key (from "auth_init") and all authenticated data (from "update"). The tag is "auth_BYTES" bytes.

Once "final" has been called, the multipart object must not be used further.

update

$multipart->update(@messages);

Adds all given arguments (stringified) to authenticated data. Any argument may be a Crypt::Sodium::XS::MemVault.

CONSTANTS

auth_PRIMITIVE

my $default_primitive = auth_PRIMITIVE();

Returns the name of the default primitive.

auth_BYTES

auth_<primitive>_BYTES

my $tag_size = auth_BYTES();

The size, in bytes, of an authentication tag.

auth_KEYBYTES

auth_<primitive>_KEYBYTES

my $key_size = auth_KEYBYTES();

The size, in bytes, of a secret key.

PRIMITIVES

hmachsa256
hmacsha512
hmacsha512256 (default)

FEEDBACK

For reporting bugs, giving feedback, submitting patches, etc. please use the following:

RT queue at https://rt.cpan.org/Dist/Display.html?Name=Crypt-Sodium-XS
IRC channel #sodium on irc.perl.org.
Email the author directly.

AUTHOR

Brad Barden <perlmodules@5c30.org>

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)