Upgrade/Install: Update sodium_compat to v1.18.0.

The latest version of sodium_compat includes some improvements, as well as a new feature which will also be included in PHP 8.2. * Fixed issues with the PHP autoloader: * [https://github.com/paragonie/sodium_compat/pull/145 #145]: For WordPress, this ensures when Ed25519 is included, so too is the class it inherits from. * [https://github.com/paragonie/sodium_compat/issues/148 #148], [https://github.com/paragonie/sodium_compat/issues/149 #149]: For PHP 7.4+ with opcache preloading, this ensures the include guards don't fail. * [https://github.com/paragonie/sodium_compat/pull/144 #144]: Added `sodium_crypto_stream_xchacha20_xor_ic()` * See [https://github.com/php/php-src/pull/8276 pull request for php-src] (merged in PHP 8.2) * For motivation: [https://github.com/paragonie/halite/issues/178 paragonie/halite#178] Release notes: https://github.com/paragonie/sodium_compat/releases/tag/v1.18.0 A full list of changes in this update can be found on GitHub: https://github.com/paragonie/sodium_compat/compare/v1.17.1...v1.18.0 Follow-up to [49741], [51002], [51591], [52988]. Props jrf, paragoninitiativeenterprises. Fixes #56564. Built from https://develop.svn.wordpress.org/trunk@54150 git-svn-id: http://core.svn.wordpress.org/trunk@53709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-14 00:13:14 +00:00 · 2022-09-14 00:13:14 +00:00 · aa22aba0ba
parent 7c01b0a340
commit aa22aba0ba
6 changed files with 76 additions and 2 deletions
--- a/wp-includes/sodium_compat/autoload.php
+++ b/wp-includes/sodium_compat/autoload.php
@ -42,7 +42,9 @@ if (PHP_VERSION_ID < 70000) {
 }

 /* Explicitly, always load the Compat class: */
-require_once dirname(__FILE__) . '/src/Compat.php';
+if (!class_exists('ParagonIE_Sodium_Compat', false)) {
+    require_once dirname(__FILE__) . '/src/Compat.php';
+}

 if (!class_exists('SodiumException', false)) {
    require_once dirname(__FILE__) . '/src/SodiumException.php';
@ -69,4 +71,5 @@ if (PHP_VERSION_ID < 70200 || !extension_loaded('sodium')) {
    // Older versions of {PHP, ext/sodium} will not define these
    require_once(dirname(__FILE__) . '/lib/php72compat.php');
 }
+require_once(dirname(__FILE__) . '/lib/stream-xchacha20.php');
 require_once(dirname(__FILE__) . '/lib/ristretto255.php');
--- a/wp-includes/sodium_compat/lib/stream-xchacha20.php
+++ b/wp-includes/sodium_compat/lib/stream-xchacha20.php
@ -41,3 +41,19 @@ if (!is_callable('sodium_crypto_stream_xchacha20_xor')) {
        return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor($message, $nonce, $key, true);
    }
 }
+if (!is_callable('sodium_crypto_stream_xchacha20_xor_ic')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic()
+     * @param string $message
+     * @param string $nonce
+     * @param int $counter
+     * @param string $key
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key)
+    {
+        return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, true);
+    }
+}
--- a/wp-includes/sodium_compat/src/Compat.php
+++ b/wp-includes/sodium_compat/src/Compat.php
@ -3154,6 +3154,55 @@ class ParagonIE_Sodium_Compat
        return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key);
    }

+    /**
+     * DANGER! UNAUTHENTICATED ENCRYPTION!
+     *
+     * Unless you are following expert advice, do not use this feature.
+     *
+     * Algorithm: XChaCha20
+     *
+     * This DOES NOT provide ciphertext integrity.
+     *
+     * @param string $message Plaintext message
+     * @param string $nonce Number to be used Once; must be 24 bytes
+     * @param int $counter
+     * @param string $key Encryption key
+     * @return string         Encrypted text which is vulnerable to chosen-
+     *                        ciphertext attacks unless you implement some
+     *                        other mitigation to the ciphertext (i.e.
+     *                        Encrypt then MAC)
+     * @param bool $dontFallback
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($counter, 'int', 3);
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+        /* Input validation: */
+        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) {
+            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) {
+            throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_XCHACHA20_KEYBYTES long.');
+        }
+
+        if (is_callable('sodium_crypto_stream_xchacha20_xor_ic') && !$dontFallback) {
+            return sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key);
+        }
+
+        $ic = ParagonIE_Sodium_Core_Util::store64_le($counter);
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Core32_XChaCha20::streamXorIc($message, $nonce, $key, $ic);
+        }
+        return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key, $ic);
+    }
+
    /**
     * Return a secure random key for use with crypto_stream_xchacha20
     *
--- a/wp-includes/sodium_compat/src/Core/Ed25519.php
+++ b/wp-includes/sodium_compat/src/Core/Ed25519.php
@ -3,6 +3,9 @@
 if (class_exists('ParagonIE_Sodium_Core_Ed25519', false)) {
    return;
 }
+if (!class_exists('ParagonIE_Sodium_Core_Curve25519', false)) {
+    require_once dirname(__FILE__) . '/Curve25519.php';
+}

 /**
 * Class ParagonIE_Sodium_Core_Ed25519
--- a/wp-includes/sodium_compat/src/Core32/Ed25519.php
+++ b/wp-includes/sodium_compat/src/Core32/Ed25519.php
@ -3,6 +3,9 @@
 if (class_exists('ParagonIE_Sodium_Core32_Ed25519', false)) {
    return;
 }
+if (!class_exists('ParagonIE_Sodium_Core32_Curve25519')) {
+    require_once dirname(__FILE__) . '/Curve25519.php';
+}

 /**
 * Class ParagonIE_Sodium_Core32_Ed25519
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '6.1-alpha-54149';
+$wp_version = '6.1-alpha-54150';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.