diff --git a/wp-includes/sodium_compat/src/Compat.php b/wp-includes/sodium_compat/src/Compat.php index b2ccd21ddf..cc6c92b92b 100644 --- a/wp-includes/sodium_compat/src/Compat.php +++ b/wp-includes/sodium_compat/src/Compat.php @@ -3533,9 +3533,13 @@ class ParagonIE_Sodium_Compat ); } } + /** @var positive-int $numBytes */ if (self::use_fallback('randombytes_buf')) { return (string) call_user_func('\\Sodium\\randombytes_buf', $numBytes); } + if ($numBytes < 0) { + throw new SodiumException("Number of bytes must be a positive integer"); + } return random_bytes($numBytes); } diff --git a/wp-includes/sodium_compat/src/Core/BLAKE2b.php b/wp-includes/sodium_compat/src/Core/BLAKE2b.php index 5251bafe71..6ad4ab7ce6 100644 --- a/wp-includes/sodium_compat/src/Core/BLAKE2b.php +++ b/wp-includes/sodium_compat/src/Core/BLAKE2b.php @@ -50,6 +50,9 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util */ public static function new64($high, $low) { + if (PHP_INT_SIZE === 4) { + throw new SodiumException("Error, use 32-bit"); + } $i64 = new SplFixedArray(2); $i64[0] = $high & 0xffffffff; $i64[1] = $low & 0xffffffff; @@ -86,6 +89,9 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util */ protected static function add64($x, $y) { + if (PHP_INT_SIZE === 4) { + throw new SodiumException("Error, use 32-bit"); + } $l = ($x[1] + $y[1]) & 0xffffffff; return self::new64( (int) ($x[0] + $y[0] + ( @@ -119,6 +125,9 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util */ protected static function xor64(SplFixedArray $x, SplFixedArray $y) { + if (PHP_INT_SIZE === 4) { + throw new SodiumException("Error, use 32-bit"); + } if (!is_numeric($x[0])) { throw new SodiumException('x[0] is not an integer'); } @@ -147,6 +156,9 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util */ public static function rotr64($x, $c) { + if (PHP_INT_SIZE === 4) { + throw new SodiumException("Error, use 32-bit"); + } if ($c >= 64) { $c %= 64; } @@ -164,8 +176,8 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util $l0 = 0; $c = 64 - $c; + /** @var int $c */ if ($c < 32) { - /** @var int $h0 */ $h0 = ((int) ($x[0]) << $c) | ( ( (int) ($x[1]) & ((1 << $c) - 1) @@ -173,10 +185,8 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util (32 - $c) ) >> (32 - $c) ); - /** @var int $l0 */ $l0 = (int) ($x[1]) << $c; } else { - /** @var int $h0 */ $h0 = (int) ($x[1]) << ($c - 32); } @@ -184,12 +194,9 @@ abstract class ParagonIE_Sodium_Core_BLAKE2b extends ParagonIE_Sodium_Core_Util $c1 = 64 - $c; if ($c1 < 32) { - /** @var int $h1 */ $h1 = (int) ($x[0]) >> $c1; - /** @var int $l1 */ $l1 = ((int) ($x[1]) >> $c1) | ((int) ($x[0]) & ((1 << $c1) - 1)) << (32 - $c1); } else { - /** @var int $l1 */ $l1 = (int) ($x[0]) >> ($c1 - 32); } diff --git a/wp-includes/sodium_compat/src/Core/Curve25519.php b/wp-includes/sodium_compat/src/Core/Curve25519.php index 7c31cfc925..dfcf26af02 100644 --- a/wp-includes/sodium_compat/src/Core/Curve25519.php +++ b/wp-includes/sodium_compat/src/Core/Curve25519.php @@ -342,6 +342,9 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu ParagonIE_Sodium_Core_Curve25519_Fe $f, ParagonIE_Sodium_Core_Curve25519_Fe $g ) { + // Ensure limbs aren't oversized. + $f = self::fe_normalize($f); + $g = self::fe_normalize($g); $f0 = $f[0]; $f1 = $f[1]; $f2 = $f[2]; @@ -476,6 +479,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $f9g7_38 = self::mul($g7_19, $f9_2, 26); $f9g8_19 = self::mul($g8_19, $f9, 25); $f9g9_38 = self::mul($g9_19, $f9_2, 26); + $h0 = $f0g0 + $f1g9_38 + $f2g8_19 + $f3g7_38 + $f4g6_19 + $f5g5_38 + $f6g4_19 + $f7g3_38 + $f8g2_19 + $f9g1_38; $h1 = $f0g1 + $f1g0 + $f2g9_19 + $f3g8_19 + $f4g7_19 + $f5g6_19 + $f6g5_19 + $f7g4_19 + $f8g3_19 + $f9g2_19; $h2 = $f0g2 + $f1g1_2 + $f2g0 + $f3g9_38 + $f4g8_19 + $f5g7_38 + $f6g6_19 + $f7g5_38 + $f8g4_19 + $f9g3_38; @@ -530,18 +534,20 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $h1 += $carry0; $h0 -= $carry0 << 26; - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( - array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + return self::fe_normalize( + ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( + array( + (int) $h0, + (int) $h1, + (int) $h2, + (int) $h3, + (int) $h4, + (int) $h5, + (int) $h6, + (int) $h7, + (int) $h8, + (int) $h9 + ) ) ); } @@ -563,7 +569,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu for ($i = 0; $i < 10; ++$i) { $h[$i] = -$f[$i]; } - return $h; + return self::fe_normalize($h); } /** @@ -578,6 +584,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu */ public static function fe_sq(ParagonIE_Sodium_Core_Curve25519_Fe $f) { + $f = self::fe_normalize($f); $f0 = (int) $f[0]; $f1 = (int) $f[1]; $f2 = (int) $f[2]; @@ -711,18 +718,20 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $h1 += $carry0; $h0 -= $carry0 << 26; - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( - array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + return self::fe_normalize( + ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( + array( + (int) $h0, + (int) $h1, + (int) $h2, + (int) $h3, + (int) $h4, + (int) $h5, + (int) $h6, + (int) $h7, + (int) $h8, + (int) $h9 + ) ) ); } @@ -740,6 +749,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu */ public static function fe_sq2(ParagonIE_Sodium_Core_Curve25519_Fe $f) { + $f = self::fe_normalize($f); $f0 = (int) $f[0]; $f1 = (int) $f[1]; $f2 = (int) $f[2]; @@ -874,18 +884,20 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $h1 += $carry0; $h0 -= $carry0 << 26; - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( - array( - (int) $h0, - (int) $h1, - (int) $h2, - (int) $h3, - (int) $h4, - (int) $h5, - (int) $h6, - (int) $h7, - (int) $h8, - (int) $h9 + return self::fe_normalize( + ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( + array( + (int) $h0, + (int) $h1, + (int) $h2, + (int) $h3, + (int) $h4, + (int) $h5, + (int) $h6, + (int) $h7, + (int) $h8, + (int) $h9 + ) ) ); } @@ -958,6 +970,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu */ public static function fe_pow22523(ParagonIE_Sodium_Core_Curve25519_Fe $z) { + $z = self::fe_normalize($z); # fe_sq(t0, z); # fe_sq(t1, t0); # fe_sq(t1, t1); @@ -1085,18 +1098,20 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu */ public static function fe_sub(ParagonIE_Sodium_Core_Curve25519_Fe $f, ParagonIE_Sodium_Core_Curve25519_Fe $g) { - return ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( - array( - (int) ($f[0] - $g[0]), - (int) ($f[1] - $g[1]), - (int) ($f[2] - $g[2]), - (int) ($f[3] - $g[3]), - (int) ($f[4] - $g[4]), - (int) ($f[5] - $g[5]), - (int) ($f[6] - $g[6]), - (int) ($f[7] - $g[7]), - (int) ($f[8] - $g[8]), - (int) ($f[9] - $g[9]) + return self::fe_normalize( + ParagonIE_Sodium_Core_Curve25519_Fe::fromArray( + array( + (int) ($f[0] - $g[0]), + (int) ($f[1] - $g[1]), + (int) ($f[2] - $g[2]), + (int) ($f[3] - $g[3]), + (int) ($f[4] - $g[4]), + (int) ($f[5] - $g[5]), + (int) ($f[6] - $g[6]), + (int) ($f[7] - $g[7]), + (int) ($f[8] - $g[8]), + (int) ($f[9] - $g[9]) + ) ) ); } @@ -2535,7 +2550,7 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $s20 = 2097151 & (self::load_4(self::substr($s, 52, 4)) >> 4); $s21 = 2097151 & (self::load_3(self::substr($s, 55, 3)) >> 1); $s22 = 2097151 & (self::load_4(self::substr($s, 57, 4)) >> 6); - $s23 = (self::load_4(self::substr($s, 60, 4)) >> 3); + $s23 = 0x1fffffff & (self::load_4(self::substr($s, 60, 4)) >> 3); $s11 += self::mul($s23, 666643, 20); $s12 += self::mul($s23, 470296, 19); @@ -3782,4 +3797,40 @@ abstract class ParagonIE_Sodium_Core_Curve25519 extends ParagonIE_Sodium_Core_Cu $s_[31] &= 128; return self::intArrayToString($s_); } + + /** + * Ensure limbs are less than 28 bits long to prevent float promotion. + * + * This uses a constant-time conditional swap under the hood. + * + * @param ParagonIE_Sodium_Core_Curve25519_Fe $f + * @return ParagonIE_Sodium_Core_Curve25519_Fe + */ + public static function fe_normalize(ParagonIE_Sodium_Core_Curve25519_Fe $f) + { + $x = (PHP_INT_SIZE << 3) - 1; // 31 or 63 + + $g = self::fe_copy($f); + for ($i = 0; $i < 10; ++$i) { + $mask = -(($g[$i] >> $x) & 1); + + /* + * Get two candidate normalized values for $g[$i], depending on the sign of $g[$i]: + */ + $a = $g[$i] & 0x7ffffff; + $b = -((-$g[$i]) & 0x7ffffff); + + /* + * Return the appropriate candidate value, based on the sign of the original input: + * + * The following is equivalent to this ternary: + * + * $g[$i] = (($g[$i] >> $x) & 1) ? $a : $b; + * + * Except what's written doesn't contain timing leaks. + */ + $g[$i] = ($a ^ (($a ^ $b) & $mask)); + } + return $g; + } } diff --git a/wp-includes/sodium_compat/src/Core/Util.php b/wp-includes/sodium_compat/src/Core/Util.php index bde9df1106..13221b366c 100644 --- a/wp-includes/sodium_compat/src/Core/Util.php +++ b/wp-includes/sodium_compat/src/Core/Util.php @@ -458,7 +458,7 @@ abstract class ParagonIE_Sodium_Core_Util } /** @var array $unpacked */ $unpacked = unpack('V', $string); - return (int) ($unpacked[1] & 0xffffffff); + return (int) $unpacked[1]; } /** @@ -613,7 +613,11 @@ abstract class ParagonIE_Sodium_Core_Util { $high = 0; /** @var int $low */ - $low = $num & 0xffffffff; + if (PHP_INT_SIZE === 4) { + $low = (int) $num; + } else { + $low = $num & 0xffffffff; + } if ((+(abs($num))) >= 1) { if ($num > 0) { diff --git a/wp-includes/sodium_compat/src/Core32/Curve25519.php b/wp-includes/sodium_compat/src/Core32/Curve25519.php index d6d700e0fa..aafffcd132 100644 --- a/wp-includes/sodium_compat/src/Core32/Curve25519.php +++ b/wp-includes/sodium_compat/src/Core32/Curve25519.php @@ -325,25 +325,15 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $carry9 = $f[9]->shiftRight(25); $f[9] = $f[9]->subInt64($carry9->shiftLeft(25)); - /** @var int $h0 */ $h0 = $f[0]->toInt32()->toInt(); - /** @var int $h1 */ $h1 = $f[1]->toInt32()->toInt(); - /** @var int $h2 */ $h2 = $f[2]->toInt32()->toInt(); - /** @var int $h3 */ $h3 = $f[3]->toInt32()->toInt(); - /** @var int $h4 */ $h4 = $f[4]->toInt32()->toInt(); - /** @var int $h5 */ $h5 = $f[5]->toInt32()->toInt(); - /** @var int $h6 */ $h6 = $f[6]->toInt32()->toInt(); - /** @var int $h7 */ $h7 = $f[7]->toInt32()->toInt(); - /** @var int $h8 */ $h8 = $f[8]->toInt32()->toInt(); - /** @var int $h9 */ $h9 = $f[9]->toInt32()->toInt(); /** @@ -418,7 +408,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 if ($zero === null) { $zero = str_repeat("\x00", 32); } - /** @var string $str */ $str = self::fe_tobytes($f); /** @var string $zero */ return !self::verify_32($str, $zero); @@ -497,15 +486,10 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $g7_19 = $g7->mulInt(19, 5); $g8_19 = $g8->mulInt(19, 5); $g9_19 = $g9->mulInt(19, 5); - /** @var ParagonIE_Sodium_Core32_Int64 $f1_2 */ $f1_2 = $f1->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f3_2 */ $f3_2 = $f3->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f5_2 */ $f5_2 = $f5->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f7_2 */ $f7_2 = $f7->shiftLeft(1); - /** @var ParagonIE_Sodium_Core32_Int64 $f9_2 */ $f9_2 = $f9->shiftLeft(1); $f0g0 = $f0->mulInt64($g0, 27); $f0g1 = $f0->mulInt64($g1, 27); @@ -775,28 +759,17 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function fe_sq(ParagonIE_Sodium_Core32_Curve25519_Fe $f) { - /** @var ParagonIE_Sodium_Core32_Int64 $f0 */ $f0 = $f[0]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f1 */ $f1 = $f[1]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f2 */ $f2 = $f[2]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f3 */ $f3 = $f[3]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f4 */ $f4 = $f[4]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f5 */ $f5 = $f[5]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f6 */ $f6 = $f[6]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f7 */ $f7 = $f[7]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f8 */ $f8 = $f[8]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f9 */ $f9 = $f[9]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f0_2 */ $f0_2 = $f0->shiftLeft(1); $f1_2 = $f1->shiftLeft(1); $f2_2 = $f2->shiftLeft(1); @@ -810,7 +783,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $f7_38 = $f7->mulInt(38, 6); $f8_19 = $f8->mulInt(19, 5); $f9_38 = $f9->mulInt(38, 6); - /** @var ParagonIE_Sodium_Core32_Int64 $f0f0*/ + $f0f0 = $f0->mulInt64($f0, 28); $f0f1_2 = $f0_2->mulInt64($f1, 28); $f0f2_2 = $f0_2->mulInt64($f2, 28); @@ -979,25 +952,15 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function fe_sq2(ParagonIE_Sodium_Core32_Curve25519_Fe $f) { - /** @var ParagonIE_Sodium_Core32_Int64 $f0 */ $f0 = $f[0]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f1 */ $f1 = $f[1]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f2 */ $f2 = $f[2]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f3 */ $f3 = $f[3]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f4 */ $f4 = $f[4]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f5 */ $f5 = $f[5]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f6 */ $f6 = $f[6]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f7 */ $f7 = $f[7]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f8 */ $f8 = $f[8]->toInt64(); - /** @var ParagonIE_Sodium_Core32_Int64 $f9 */ $f9 = $f[9]->toInt64(); $f0_2 = $f0->shiftLeft(1); @@ -1479,7 +1442,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 { static $d = null; if (!$d) { - /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */ $d = ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray( array( ParagonIE_Sodium_Core32_Int32::fromInt(self::$d[0]), @@ -1495,6 +1457,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 ) ); } + /** @var ParagonIE_Sodium_Core32_Curve25519_Fe $d */ # fe_frombytes(h->Y,s); # fe_1(h->Z); @@ -1833,7 +1796,14 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function equal($b, $c) { - return (int) ((($b ^ $c) - 1 & 0xffffffff) >> 31); + $b0 = $b & 0xffff; + $b1 = ($b >> 16) & 0xffff; + $c0 = $c & 0xffff; + $c1 = ($c >> 16) & 0xffff; + + $d0 = (($b0 ^ $c0) - 1) >> 31; + $d1 = (($b1 ^ $c1) - 1) >> 31; + return ($d0 & $d1) & 1; } /** @@ -1850,7 +1820,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 return $char < 0 ? 1 : 0; } /** @var string $char */ - /** @var int $x */ $x = self::chrToInt(self::substr($char, 0, 1)); return (int) ($x >> 31); } @@ -1956,7 +1925,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 } $bnegative = self::negative($b); - /** @var int $babs */ $babs = $b - (((-$bnegative) & $b) << 1); $t = self::ge_precomp_0(); @@ -1964,7 +1932,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $t = self::cmov( $t, $base[$pos][$i], - self::equal($babs, $i + 1) + -self::equal($babs, $i + 1) ); } $minusT = new ParagonIE_Sodium_Core32_Curve25519_Ge_Precomp( @@ -2230,9 +2198,7 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 $carry = 0; for ($i = 0; $i < 63; ++$i) { $e[$i] += $carry; - /** @var int $carry */ $carry = $e[$i] + 8; - /** @var int $carry */ $carry >>= 4; $e[$i] -= $carry << 4; } @@ -3140,7 +3106,6 @@ abstract class ParagonIE_Sodium_Core32_Curve25519 extends ParagonIE_Sodium_Core3 */ public static function ge_mul_l(ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A) { - /** @var array $aslide */ $aslide = array( 13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, diff --git a/wp-includes/sodium_compat/src/Core32/Curve25519/Fe.php b/wp-includes/sodium_compat/src/Core32/Curve25519/Fe.php index 27537a6f1a..21b3188226 100644 --- a/wp-includes/sodium_compat/src/Core32/Curve25519/Fe.php +++ b/wp-includes/sodium_compat/src/Core32/Curve25519/Fe.php @@ -48,6 +48,9 @@ class ParagonIE_Sodium_Core32_Curve25519_Fe implements ArrayAccess } } else { for ($i = 0; $i < $count; ++$i) { + if (!($array[$i] instanceof ParagonIE_Sodium_Core32_Int32)) { + throw new TypeError('Expected ParagonIE_Sodium_Core32_Int32'); + } $array[$i]->overflow = 0; $obj->offsetSet($i, $array[$i]); } diff --git a/wp-includes/sodium_compat/src/Core32/Int32.php b/wp-includes/sodium_compat/src/Core32/Int32.php index c3a17900a5..81821556d4 100644 --- a/wp-includes/sodium_compat/src/Core32/Int32.php +++ b/wp-includes/sodium_compat/src/Core32/Int32.php @@ -138,9 +138,10 @@ class ParagonIE_Sodium_Core32_Int32 public function mask($m = 0) { /** @var int $hi */ - $hi = ($m >> 16) & 0xffff; + $hi = ((int) $m >> 16); + $hi &= 0xffff; /** @var int $lo */ - $lo = ($m & 0xffff); + $lo = ((int) $m) & 0xffff; return new ParagonIE_Sodium_Core32_Int32( array( (int) ($this->limbs[0] & $hi), @@ -168,8 +169,8 @@ class ParagonIE_Sodium_Core32_Int32 for ($j = 0; $j < $a_l; ++$j) { $b_j = $b[$j]; $product = ($a_i * $b_j) + $r[$i + $j]; - $carry = ($product >> $baseLog2 & 0xffff); - $r[$i + $j] = ($product - (int) ($carry * $base)) & 0xffff; + $carry = ((int) $product >> $baseLog2 & 0xffff); + $r[$i + $j] = ((int) $product - (int) ($carry * $base)) & 0xffff; $r[$i + $j + 1] += $carry; } } diff --git a/wp-includes/sodium_compat/src/Core32/Int64.php b/wp-includes/sodium_compat/src/Core32/Int64.php index dd06a3fbeb..e94d798233 100644 --- a/wp-includes/sodium_compat/src/Core32/Int64.php +++ b/wp-includes/sodium_compat/src/Core32/Int64.php @@ -337,9 +337,9 @@ class ParagonIE_Sodium_Core32_Int64 $a_i = $a[$i]; for ($j = 0; $j < $a_l; ++$j) { $b_j = $b[$j]; - $product = ($a_i * $b_j) + $r[$i + $j]; - $carry = ($product >> $baseLog2 & 0xffff); - $r[$i + $j] = ($product - (int) ($carry * $base)) & 0xffff; + $product = (($a_i * $b_j) + $r[$i + $j]); + $carry = (((int) $product >> $baseLog2) & 0xffff); + $r[$i + $j] = ((int) $product - (int) ($carry * $base)) & 0xffff; $r[$i + $j + 1] += $carry; } } diff --git a/wp-includes/sodium_compat/src/Core32/Poly1305/State.php b/wp-includes/sodium_compat/src/Core32/Poly1305/State.php index d80e1ff981..e77a8f42ee 100644 --- a/wp-includes/sodium_compat/src/Core32/Poly1305/State.php +++ b/wp-includes/sodium_compat/src/Core32/Poly1305/State.php @@ -419,7 +419,7 @@ class ParagonIE_Sodium_Core32_Poly1305_State extends ParagonIE_Sodium_Core32_Uti $g4 = $g4->mask($mask); /** @var int $mask */ - $mask = (~$mask) & 0xffffffff; + $mask = ~$mask; $h0 = $h0->mask($mask)->orInt32($g0); $h1 = $h1->mask($mask)->orInt32($g1); diff --git a/wp-includes/sodium_compat/src/Core32/XChaCha20.php b/wp-includes/sodium_compat/src/Core32/XChaCha20.php index 1dfc8591d7..404e8d2444 100644 --- a/wp-includes/sodium_compat/src/Core32/XChaCha20.php +++ b/wp-includes/sodium_compat/src/Core32/XChaCha20.php @@ -61,4 +61,27 @@ class ParagonIE_Sodium_Core32_XChaCha20 extends ParagonIE_Sodium_Core32_HChaCha2 $message ); } + + /** + * @internal You should not use this directly from another application + * + * @param string $message + * @param string $nonce + * @param string $key + * @param string $ic + * @return string + * @throws SodiumException + * @throws TypeError + */ + public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '') + { + return self::encryptBytes( + new ParagonIE_Sodium_Core32_ChaCha20_IetfCtx( + self::hChaCha20(self::substr($nonce, 0, 16), $key), + "\x00\x00\x00\x00" . self::substr($nonce, 16, 8), + $ic + ), + $message + ); + } } diff --git a/wp-includes/sodium_compat/src/File.php b/wp-includes/sodium_compat/src/File.php index d71bc7e5ad..e8622c7eba 100644 --- a/wp-includes/sodium_compat/src/File.php +++ b/wp-includes/sodium_compat/src/File.php @@ -1154,19 +1154,15 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util */ private static function sign_core32($filePath, $secretKey) { - /** @var int|bool $size */ $size = filesize($filePath); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var int $size */ - /** @var resource|bool $fp */ $fp = fopen($filePath, 'rb'); if (!is_resource($fp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $fp */ /** @var string $az */ $az = hash('sha512', self::substr($secretKey, 0, 32), true); @@ -1179,16 +1175,9 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util /** @var resource $hs */ $hs = self::updateHashWithFile($hs, $fp, $size); - /** @var string $nonceHash */ $nonceHash = hash_final($hs, true); - - /** @var string $pk */ $pk = self::substr($secretKey, 32, 32); - - /** @var string $nonce */ $nonce = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($nonceHash) . self::substr($nonceHash, 32); - - /** @var string $sig */ $sig = ParagonIE_Sodium_Core32_Ed25519::ge_p3_tobytes( ParagonIE_Sodium_Core32_Ed25519::ge_scalarmult_base($nonce) ); @@ -1199,13 +1188,10 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util /** @var resource $hs */ $hs = self::updateHashWithFile($hs, $fp, $size); - /** @var string $hramHash */ $hramHash = hash_final($hs, true); - /** @var string $hram */ $hram = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($hramHash); - /** @var string $sigAfter */ $sigAfter = ParagonIE_Sodium_Core32_Ed25519::sc_muladd($hram, $az, $nonce); /** @var string $sig */ @@ -1243,6 +1229,7 @@ class ParagonIE_Sodium_File extends ParagonIE_Sodium_Core_Util if (ParagonIE_Sodium_Core32_Ed25519::small_order($sig)) { throw new SodiumException('Signature is on too small of an order'); } + if ((self::chrToInt($sig[63]) & 224) !== 0) { throw new SodiumException('Invalid signature'); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 82e7388e2a..dae47d1b34 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.0-alpha-52987'; +$wp_version = '6.0-alpha-52988'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.