Upgrade/Install: Update sodium_compat to v1.23.0.

The previous version of sodium_compat was overly permissible with `sodium_base642bin()` when the `*_NO_PADDING` variants were specified, which was not compatible with `ext-sodium`. This has been fixed in version 1.22.0.

Version 1.23.0 includes some optimizations by replacing the array in the Curve25519 field element with 10 integer object properties instead. The result is a 7% to 12% speedup for the overall PHPUnit suite.

References:
* [https://github.com/paragonie/sodium_compat/releases/tag/v1.22.0 sodium_compat 1.22.0 release notes]
* [https://github.com/paragonie/sodium_compat/releases/tag/v1.23.0 sodium_compat 1.23.0 release notes]
* [paragonie/sodium_compat@v1.21.2...v1.23.0 Full list of changes in sodium_compat 1.23.0]

Follow-up to [55699], [58752], [58753], [60787].

Props paragoninitiativeenterprises, SergeyBiryukov.
Fixes #64079.

git-svn-id: https://develop.svn.wordpress.org/trunk@60905 602fd350-edb4-49c9-b593-d223f7449a82

Author: SergeyBiryukov

src/wp-includes/sodium_compat/src/Compat.php

@@ -25,6 +25,9 @@
     return;
 }
 
+/**
+ * @api
+ */
 class ParagonIE_Sodium_Compat
 {
     /**
@@ -204,9 +207,6 @@ public static function base642bin(
 
         /** @var string $encoded */
         $encoded = (string) $encoded;
-        if (ParagonIE_Sodium_Core_Util::strlen($encoded) === 0) {
-            return '';
-        }
 
         // Just strip before decoding
         if (!empty($ignore)) {
@@ -218,19 +218,19 @@ public static function base642bin(
                 case self::BASE64_VARIANT_ORIGINAL:
                     return ParagonIE_Sodium_Core_Base64_Original::decode($encoded, true);
                 case self::BASE64_VARIANT_ORIGINAL_NO_PADDING:
-                    return ParagonIE_Sodium_Core_Base64_Original::decode($encoded, false);
+                    return ParagonIE_Sodium_Core_Base64_Original::decodeNoPadding($encoded);
                 case self::BASE64_VARIANT_URLSAFE:
                     return ParagonIE_Sodium_Core_Base64_UrlSafe::decode($encoded, true);
                 case self::BASE64_VARIANT_URLSAFE_NO_PADDING:
-                    return ParagonIE_Sodium_Core_Base64_UrlSafe::decode($encoded, false);
+                    return ParagonIE_Sodium_Core_Base64_UrlSafe::decodeNoPadding($encoded);
                 default:
                     throw new SodiumException('invalid base64 variant identifier');
             }
         } catch (Exception $ex) {
             if ($ex instanceof SodiumException) {
                 throw $ex;
             }
-            throw new SodiumException('invalid base64 string');
+            throw new SodiumException('invalid base64 string', 0, $ex);
         }
     }
 
@@ -356,7 +356,7 @@ public static function crypto_aead_aegis128l_decrypt(
 
         /* Input validation: */
         if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
-            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS_128L_NPUBBYTES long');
+            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_NPUBBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
             throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
@@ -410,7 +410,7 @@ public static function crypto_aead_aegis128l_encrypt(
 
         /* Input validation: */
         if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS128L_NPUBBYTES) {
-            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_NPUBBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS128L_KEYBYTES) {
             throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
@@ -519,10 +519,10 @@ public static function crypto_aead_aegis256_encrypt(
 
         /* Input validation: */
         if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_AEGIS256_NPUBBYTES) {
-            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+            throw new SodiumException('Nonce must be CRYPTO_AEAD_AEGIS256_NPUBBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AEGIS256_KEYBYTES) {
-            throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS128L_KEYBYTES long');
+            throw new SodiumException('Key must be CRYPTO_AEAD_AEGIS256_KEYBYTES long');
         }
 
         list($ct, $tag) = ParagonIE_Sodium_Core_AEGIS256::encrypt($plaintext, $assocData, $key, $nonce);
@@ -562,6 +562,9 @@ public static function crypto_aead_aes256gcm_is_available()
             // OpenSSL doesn't support AEAD before 7.1.0
             return false;
         }
+        if (!extension_loaded('openssl')) {
+            return false;
+        }
         if (!is_callable('openssl_encrypt') || !is_callable('openssl_decrypt')) {
             // OpenSSL isn't installed
             return false;
@@ -615,6 +618,9 @@ public static function crypto_aead_aes256gcm_decrypt(
         if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_AEAD_AES256GCM_ABYTES) {
             throw new SodiumException('Message must be at least CRYPTO_AEAD_AES256GCM_ABYTES long');
         }
+        if (!extension_loaded('openssl')) {
+            throw new SodiumException('The OpenSSL extension is not installed');
+        }
         if (!is_callable('openssl_decrypt')) {
             throw new SodiumException('The OpenSSL extension is not installed, or openssl_decrypt() is not available');
         }
@@ -675,6 +681,9 @@ public static function crypto_aead_aes256gcm_encrypt(
             throw new SodiumException('Key must be CRYPTO_AEAD_AES256GCM_KEYBYTES long');
         }
 
+        if (!extension_loaded('openssl')) {
+            throw new SodiumException('The OpenSSL extension is not installed');
+        }
         if (!is_callable('openssl_encrypt')) {
             throw new SodiumException('The OpenSSL extension is not installed, or openssl_encrypt() is not available');
         }
@@ -823,10 +832,10 @@ public static function crypto_aead_chacha20poly1305_encrypt(
 
         /* Input validation: */
         if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES) {
-            throw new SodiumException('Nonce must be CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES long');
+            throw new SodiumException('Nonce must be CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES) {
-            throw new SodiumException('Key must be CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES long');
+            throw new SodiumException('Key must be CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES long');
         }
 
         if (self::useNewSodiumAPI()) {
@@ -901,10 +910,10 @@ public static function crypto_aead_chacha20poly1305_ietf_decrypt(
             throw new SodiumException('Nonce must be CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES) {
-            throw new SodiumException('Key must be CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES long');
+            throw new SodiumException('Key must be CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES long');
         }
         if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_AEAD_CHACHA20POLY1305_ABYTES) {
-            throw new SodiumException('Message must be at least CRYPTO_AEAD_CHACHA20POLY1305_ABYTES long');
+            throw new SodiumException('Message must be at least CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES long');
         }
 
         if (self::useNewSodiumAPI()) {
@@ -2781,6 +2790,9 @@ public static function crypto_secretbox_xchacha20poly1305_open(
         if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_SECRETBOX_KEYBYTES) {
             throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_KEYBYTES long.');
         }
+        if (ParagonIE_Sodium_Core_Util::strlen($ciphertext) < self::CRYPTO_SECRETBOX_MACBYTES) {
+            throw new SodiumException("Ciphertext must be at least CRYPTO_SECRETBOX_MACBYTES long");
+        }
 
         if (PHP_INT_SIZE === 4) {
             return ParagonIE_Sodium_Crypto32::secretbox_xchacha20poly1305_open($ciphertext, $nonce, $key);
@@ -3711,6 +3723,9 @@ public static function increment(
         }
 
         $len = ParagonIE_Sodium_Core_Util::strlen($var);
+        if ($len < 1) {
+            throw new SodiumException('Argument 1 cannot be empty');
+        }
         $c = 1;
         $copy = '';
         for ($i = 0; $i < $len; ++$i) {

src/wp-includes/sodium_compat/src/Core/Base64/Original.php

@@ -185,6 +185,32 @@ public static function decode($src, $strictPadding = false)
         }
         return $dest;
     }
+
+    /**
+     * @param string $encodedString
+     * @return string
+     */
+    public static function decodeNoPadding(
+        #[SensitiveParameter]
+        $encodedString
+    ) {
+        $srcLen = strlen($encodedString);
+        if ($srcLen === 0) {
+            return '';
+        }
+        if (($srcLen & 3) === 0) {
+            // If $strLen is not zero, and it is divisible by 4, then it's at least 4.
+            if ($encodedString[$srcLen - 1] === '=' || $encodedString[$srcLen - 2] === '=') {
+                throw new InvalidArgumentException(
+                    "decodeNoPadding() doesn't tolerate padding"
+                );
+            }
+        }
+        return self::decode(
+            $encodedString,
+            true
+        );
+    }
     // COPY ParagonIE_Sodium_Core_Base64_Common ENDING HERE
 
     /**

src/wp-includes/sodium_compat/src/Core/Base64/UrlSafe.php

@@ -185,6 +185,33 @@ public static function decode($src, $strictPadding = false)
         }
         return $dest;
     }
+
+    /**
+     * @param string $encodedString
+     * @return string
+     */
+    public static function decodeNoPadding(
+        #[SensitiveParameter]
+        $encodedString
+    ) {
+        $srcLen = strlen($encodedString);
+        if ($srcLen === 0) {
+            return '';
+        }
+        if (($srcLen & 3) === 0) {
+            // If $strLen is not zero, and it is divisible by 4, then it's at least 4.
+            if ($encodedString[$srcLen - 1] === '=' || $encodedString[$srcLen - 2] === '=') {
+                throw new InvalidArgumentException(
+                    "decodeNoPadding() doesn't tolerate padding"
+                );
+            }
+        }
+        return self::decode(
+            $encodedString,
+            true
+        );
+    }
+
     // COPY ParagonIE_Sodium_Core_Base64_Common ENDING HERE
     /**
      * Uses bitwise operators instead of table-lookups to turn 6-bit integers

src/wp-includes/sodium_compat/src/Core/ChaCha20.php

@@ -329,7 +329,7 @@ public static function encryptBytes(
      * @throws SodiumException
      * @throws TypeError
      */
-    public static function stream($len = 64, $nonce = '', $key = '')
+    public static function stream($len, $nonce, $key)
     {
         return self::encryptBytes(
             new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce),
@@ -347,7 +347,7 @@ public static function stream($len = 64, $nonce = '', $key = '')
      * @throws SodiumException
      * @throws TypeError
      */
-    public static function ietfStream($len, $nonce = '', $key = '')
+    public static function ietfStream($len, $nonce, $key)
     {
         return self::encryptBytes(
             new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce),
@@ -366,7 +366,7 @@ public static function ietfStream($len, $nonce = '', $key = '')
      * @throws SodiumException
      * @throws TypeError
      */
-    public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '')
+    public static function ietfStreamXorIc($message, $nonce, $key, $ic = '')
     {
         return self::encryptBytes(
             new ParagonIE_Sodium_Core_ChaCha20_IetfCtx($key, $nonce, $ic),
@@ -385,7 +385,7 @@ public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '
      * @throws SodiumException
      * @throws TypeError
      */
-    public static function streamXorIc($message, $nonce = '', $key = '', $ic = '')
+    public static function streamXorIc($message, $nonce, $key, $ic = '')
     {
         return self::encryptBytes(
             new ParagonIE_Sodium_Core_ChaCha20_Ctx($key, $nonce, $ic),

src/wp-includes/sodium_compat/src/Core/ChaCha20/Ctx.php

@@ -50,13 +50,9 @@ public function __construct($key = '', $iv = '', $counter = '')
         $this->container[10] = self::load_4(self::substr($key, 24, 4));
         $this->container[11] = self::load_4(self::substr($key, 28, 4));
 
-        if (empty($counter)) {
-            $this->container[12] = 0;
-            $this->container[13] = 0;
-        } else {
-            $this->container[12] = self::load_4(self::substr($counter, 0, 4));
-            $this->container[13] = self::load_4(self::substr($counter, 4, 4));
-        }
+        $counter = $this->initCounter($counter);
+        $this->container[12] = self::load_4(self::substr($counter, 0, 4));
+        $this->container[13] = self::load_4(self::substr($counter, 4, 4));
         $this->container[14] = self::load_4(self::substr($iv, 0, 4));
         $this->container[15] = self::load_4(self::substr($iv, 4, 4));
     }
@@ -120,4 +116,28 @@ public function offsetGet($offset)
             ? $this->container[$offset]
             : null;
     }
+
+    /**
+     * Initialize (pad) a counter value.
+     * @throws SodiumException
+     *
+     * @param string $ctr
+     * @return string
+     */
+    public function initCounter(
+        #[SensitiveParameter]
+        $ctr
+    ) {
+        $len = self::strlen($ctr);
+        if ($len === 0) {
+            return str_repeat("\0", 8);
+        }
+        if ($len < 8) {
+            return $ctr . str_repeat("\0", 8 - $len);
+        }
+        if ($len > 8) {
+            throw new SodiumException("counter cannot be more than 8 bytes");
+        }
+        return $ctr;
+    }
 }

src/wp-includes/sodium_compat/src/Core/ChaCha20/IetfCtx.php

@@ -26,11 +26,9 @@ public function __construct($key = '', $iv = '', $counter = '')
         if (self::strlen($iv) !== 12) {
             throw new InvalidArgumentException('ChaCha20 expects a 96-bit nonce in IETF mode.');
         }
+        $counter = $this->initCounter($counter);
         parent::__construct($key, self::substr($iv, 0, 8), $counter);
-
-        if (!empty($counter)) {
-            $this->container[12] = self::load_4(self::substr($counter, 0, 4));
-        }
+        $this->container[12] = self::load_4(self::substr($counter, 0, 4));
         $this->container[13] = self::load_4(self::substr($iv, 0, 4));
         $this->container[14] = self::load_4(self::substr($iv, 4, 4));
         $this->container[15] = self::load_4(self::substr($iv, 8, 4));