From d6e8288b368bf494cad1e495280658cba2b691e6 Mon Sep 17 00:00:00 2001 From: SergeyBiryukov Date: Wed, 14 Sep 2022 00:13:14 +0000 Subject: [PATCH] Upgrade/Install: Update sodium_compat to v1.18.0. The latest version of sodium_compat includes some improvements, as well as a new feature which will also be included in PHP 8.2. * Fixed issues with the PHP autoloader: * [https://github.com/paragonie/sodium_compat/pull/145 #145]: For WordPress, this ensures when Ed25519 is included, so too is the class it inherits from. * [https://github.com/paragonie/sodium_compat/issues/148 #148], [https://github.com/paragonie/sodium_compat/issues/149 #149]: For PHP 7.4+ with opcache preloading, this ensures the include guards don't fail. * [https://github.com/paragonie/sodium_compat/pull/144 #144]: Added `sodium_crypto_stream_xchacha20_xor_ic()` * See [https://github.com/php/php-src/pull/8276 pull request for php-src] (merged in PHP 8.2) * For motivation: [https://github.com/paragonie/halite/issues/178 paragonie/halite#178] Release notes: https://github.com/paragonie/sodium_compat/releases/tag/v1.18.0 A full list of changes in this update can be found on GitHub: https://github.com/paragonie/sodium_compat/compare/v1.17.1...v1.18.0 Follow-up to [49741], [51002], [51591], [52988]. Props jrf, paragoninitiativeenterprises. Fixes #56564. Built from https://develop.svn.wordpress.org/trunk@54150 --- wp-includes/sodium_compat/autoload.php | 5 +- .../sodium_compat/lib/stream-xchacha20.php | 16 ++++++ wp-includes/sodium_compat/src/Compat.php | 49 +++++++++++++++++++ .../sodium_compat/src/Core/Ed25519.php | 3 ++ .../sodium_compat/src/Core32/Ed25519.php | 3 ++ wp-includes/version.php | 2 +- 6 files changed, 76 insertions(+), 2 deletions(-) diff --git a/wp-includes/sodium_compat/autoload.php b/wp-includes/sodium_compat/autoload.php index 3f723bae7e..fd12f87b20 100644 --- a/wp-includes/sodium_compat/autoload.php +++ b/wp-includes/sodium_compat/autoload.php @@ -42,7 +42,9 @@ function sodiumCompatAutoloader($class) } /* Explicitly, always load the Compat class: */ -require_once dirname(__FILE__) . '/src/Compat.php'; +if (!class_exists('ParagonIE_Sodium_Compat', false)) { + require_once dirname(__FILE__) . '/src/Compat.php'; +} if (!class_exists('SodiumException', false)) { require_once dirname(__FILE__) . '/src/SodiumException.php'; @@ -69,4 +71,5 @@ function sodiumCompatAutoloader($class) // Older versions of {PHP, ext/sodium} will not define these require_once(dirname(__FILE__) . '/lib/php72compat.php'); } +require_once(dirname(__FILE__) . '/lib/stream-xchacha20.php'); require_once(dirname(__FILE__) . '/lib/ristretto255.php'); diff --git a/wp-includes/sodium_compat/lib/stream-xchacha20.php b/wp-includes/sodium_compat/lib/stream-xchacha20.php index 82d42f2fe2..ffeae33f33 100644 --- a/wp-includes/sodium_compat/lib/stream-xchacha20.php +++ b/wp-includes/sodium_compat/lib/stream-xchacha20.php @@ -41,3 +41,19 @@ function sodium_crypto_stream_xchacha20_xor($message, $nonce, $key) return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor($message, $nonce, $key, true); } } +if (!is_callable('sodium_crypto_stream_xchacha20_xor_ic')) { + /** + * @see ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic() + * @param string $message + * @param string $nonce + * @param int $counter + * @param string $key + * @return string + * @throws SodiumException + * @throws TypeError + */ + function sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key) + { + return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, true); + } +} diff --git a/wp-includes/sodium_compat/src/Compat.php b/wp-includes/sodium_compat/src/Compat.php index cc6c92b92b..7265d45cbb 100644 --- a/wp-includes/sodium_compat/src/Compat.php +++ b/wp-includes/sodium_compat/src/Compat.php @@ -3154,6 +3154,55 @@ public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dont return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key); } + /** + * DANGER! UNAUTHENTICATED ENCRYPTION! + * + * Unless you are following expert advice, do not use this feature. + * + * Algorithm: XChaCha20 + * + * This DOES NOT provide ciphertext integrity. + * + * @param string $message Plaintext message + * @param string $nonce Number to be used Once; must be 24 bytes + * @param int $counter + * @param string $key Encryption key + * @return string Encrypted text which is vulnerable to chosen- + * ciphertext attacks unless you implement some + * other mitigation to the ciphertext (i.e. + * Encrypt then MAC) + * @param bool $dontFallback + * @throws SodiumException + * @throws TypeError + * @psalm-suppress MixedArgument + */ + public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false) + { + /* Type checks: */ + ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1); + ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2); + ParagonIE_Sodium_Core_Util::declareScalarType($counter, 'int', 3); + ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4); + + /* Input validation: */ + if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) { + throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.'); + } + if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) { + throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_XCHACHA20_KEYBYTES long.'); + } + + if (is_callable('sodium_crypto_stream_xchacha20_xor_ic') && !$dontFallback) { + return sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key); + } + + $ic = ParagonIE_Sodium_Core_Util::store64_le($counter); + if (PHP_INT_SIZE === 4) { + return ParagonIE_Sodium_Core32_XChaCha20::streamXorIc($message, $nonce, $key, $ic); + } + return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key, $ic); + } + /** * Return a secure random key for use with crypto_stream_xchacha20 * diff --git a/wp-includes/sodium_compat/src/Core/Ed25519.php b/wp-includes/sodium_compat/src/Core/Ed25519.php index f135b1c611..3f18c7d49b 100644 --- a/wp-includes/sodium_compat/src/Core/Ed25519.php +++ b/wp-includes/sodium_compat/src/Core/Ed25519.php @@ -3,6 +3,9 @@ if (class_exists('ParagonIE_Sodium_Core_Ed25519', false)) { return; } +if (!class_exists('ParagonIE_Sodium_Core_Curve25519', false)) { + require_once dirname(__FILE__) . '/Curve25519.php'; +} /** * Class ParagonIE_Sodium_Core_Ed25519 diff --git a/wp-includes/sodium_compat/src/Core32/Ed25519.php b/wp-includes/sodium_compat/src/Core32/Ed25519.php index 3cb6422547..1b86b67742 100644 --- a/wp-includes/sodium_compat/src/Core32/Ed25519.php +++ b/wp-includes/sodium_compat/src/Core32/Ed25519.php @@ -3,6 +3,9 @@ if (class_exists('ParagonIE_Sodium_Core32_Ed25519', false)) { return; } +if (!class_exists('ParagonIE_Sodium_Core32_Curve25519')) { + require_once dirname(__FILE__) . '/Curve25519.php'; +} /** * Class ParagonIE_Sodium_Core32_Ed25519 diff --git a/wp-includes/version.php b/wp-includes/version.php index 4aef01dc83..3329532b29 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.1-alpha-54149'; +$wp_version = '6.1-alpha-54150'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.