diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index cd3551bfad..538ec2e1ca 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -1199,6 +1199,39 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f } + // Verify runtime speed of Sodium_Compat is acceptable. + if ( ! extension_loaded( 'sodium' ) && ! ParagonIE_Sodium_Compat::polyfill_is_fast() ) { + $sodium_compat_is_fast = false; + + // Allow for an old version of Sodium_Compat being loaded before the bundled WordPress one. + if ( method_exists( 'ParagonIE_Sodium_Compat', 'runtime_speed_test' ) ) { + // Run `ParagonIE_Sodium_Compat::runtime_speed_test()` in optimized integer mode, as that's what WordPress utilises during signing verifications. + $old_fastMult = ParagonIE_Sodium_Compat::$fastMult; + ParagonIE_Sodium_Compat::$fastMult = true; + $sodium_compat_is_fast = ParagonIE_Sodium_Compat::runtime_speed_test( 100, 10 ); + ParagonIE_Sodium_Compat::$fastMult = $old_fastMult; + } + + // This cannot be performed in a reasonable amount of time + // https://github.com/paragonie/sodium_compat#help-sodium_compat-is-slow-how-can-i-make-it-fast + if ( ! $sodium_compat_is_fast ) { + return new WP_Error( + 'signature_verification_unsupported', + sprintf( + /* translators: 1: The filename of the package. */ + __( 'The authenticity of %1$s could not be verified as signature verification is unavailable on this system.' ), + '' . esc_html( $filename_for_errors ) . '' + ), + array( + 'php' => phpversion(), + 'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ), + 'polyfill_is_fast' => false, + 'max_execution_time' => ini_get( 'max_execution_time' ), + ) + ); + } + } + if ( ! $signatures ) { return new WP_Error( 'signature_verification_no_signature', diff --git a/wp-includes/version.php b/wp-includes/version.php index 7c787e65e4..d36ba9a685 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-alpha-45344'; +$wp_version = '5.3-alpha-45345'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.