Upgrade/Install: Update sodium_compat to v1.18.0.

The latest version of sodium_compat includes some improvements, as well as a new feature which will also be included in PHP 8.2.

* Fixed issues with the PHP autoloader:
 * [paragonie/sodium_compat#145 #145]: For WordPress, this ensures when Ed25519 is included, so too is the class it inherits from.
 * [paragonie/sodium_compat#148 #148], [paragonie/sodium_compat#149 #149]: For PHP 7.4+ with opcache preloading, this ensures the include guards don't fail.
* [paragonie/sodium_compat#144 #144]: Added `sodium_crypto_stream_xchacha20_xor_ic()`
 * See [php/php-src#8276 pull request for php-src] (merged in PHP 8.2)
 * For motivation: [paragonie/halite#178 paragonie/halite#178]

Release notes:
https://github.com/paragonie/sodium_compat/releases/tag/v1.18.0

A full list of changes in this update can be found on GitHub:
paragonie/sodium_compat@v1.17.1...v1.18.0

Follow-up to [49741], [51002], [51591], [52988].

Props jrf, paragoninitiativeenterprises.
Fixes #56564.
Built from https://develop.svn.wordpress.org/trunk@54150


git-svn-id: https://core.svn.wordpress.org/trunk@53709 1a063a9b-81f0-0310-95a4-ce76da25c4cd

Author: SergeyBiryukov

wp-includes/sodium_compat/autoload.php

@@ -42,7 +42,9 @@ function sodiumCompatAutoloader($class)
 }
 
 /* Explicitly, always load the Compat class: */
-require_once dirname(__FILE__) . '/src/Compat.php';
+if (!class_exists('ParagonIE_Sodium_Compat', false)) {
+    require_once dirname(__FILE__) . '/src/Compat.php';
+}
 
 if (!class_exists('SodiumException', false)) {
     require_once dirname(__FILE__) . '/src/SodiumException.php';
@@ -69,4 +71,5 @@ function sodiumCompatAutoloader($class)
     // Older versions of {PHP, ext/sodium} will not define these
     require_once(dirname(__FILE__) . '/lib/php72compat.php');
 }
+require_once(dirname(__FILE__) . '/lib/stream-xchacha20.php');
 require_once(dirname(__FILE__) . '/lib/ristretto255.php');

wp-includes/sodium_compat/lib/stream-xchacha20.php

@@ -41,3 +41,19 @@ function sodium_crypto_stream_xchacha20_xor($message, $nonce, $key)
         return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor($message, $nonce, $key, true);
     }
 }
+if (!is_callable('sodium_crypto_stream_xchacha20_xor_ic')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic()
+     * @param string $message
+     * @param string $nonce
+     * @param int $counter
+     * @param string $key
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key)
+    {
+        return ParagonIE_Sodium_Compat::crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, true);
+    }
+}

wp-includes/sodium_compat/src/Compat.php

@@ -3154,6 +3154,55 @@ public static function crypto_stream_xchacha20_xor($message, $nonce, $key, $dont
         return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key);
     }
 
+    /**
+     * DANGER! UNAUTHENTICATED ENCRYPTION!
+     *
+     * Unless you are following expert advice, do not use this feature.
+     *
+     * Algorithm: XChaCha20
+     *
+     * This DOES NOT provide ciphertext integrity.
+     *
+     * @param string $message Plaintext message
+     * @param string $nonce Number to be used Once; must be 24 bytes
+     * @param int $counter
+     * @param string $key Encryption key
+     * @return string         Encrypted text which is vulnerable to chosen-
+     *                        ciphertext attacks unless you implement some
+     *                        other mitigation to the ciphertext (i.e.
+     *                        Encrypt then MAC)
+     * @param bool $dontFallback
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($counter, 'int', 3);
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+
+        /* Input validation: */
+        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_XCHACHA20_NONCEBYTES) {
+            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_XCHACHA20_NONCEBYTES long.');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_XCHACHA20_KEYBYTES) {
+            throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_XCHACHA20_KEYBYTES long.');
+        }
+
+        if (is_callable('sodium_crypto_stream_xchacha20_xor_ic') && !$dontFallback) {
+            return sodium_crypto_stream_xchacha20_xor_ic($message, $nonce, $counter, $key);
+        }
+
+        $ic = ParagonIE_Sodium_Core_Util::store64_le($counter);
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Core32_XChaCha20::streamXorIc($message, $nonce, $key, $ic);
+        }
+        return ParagonIE_Sodium_Core_XChaCha20::streamXorIc($message, $nonce, $key, $ic);
+    }
+
     /**
      * Return a secure random key for use with crypto_stream_xchacha20
      *

wp-includes/sodium_compat/src/Core/Ed25519.php

@@ -3,6 +3,9 @@
 if (class_exists('ParagonIE_Sodium_Core_Ed25519', false)) {
     return;
 }
+if (!class_exists('ParagonIE_Sodium_Core_Curve25519', false)) {
+    require_once dirname(__FILE__) . '/Curve25519.php';
+}
 
 /**
  * Class ParagonIE_Sodium_Core_Ed25519

wp-includes/sodium_compat/src/Core32/Ed25519.php

@@ -3,6 +3,9 @@
 if (class_exists('ParagonIE_Sodium_Core32_Ed25519', false)) {
     return;
 }
+if (!class_exists('ParagonIE_Sodium_Core32_Curve25519')) {
+    require_once dirname(__FILE__) . '/Curve25519.php';
+}
 
 /**
  * Class ParagonIE_Sodium_Core32_Ed25519

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-alpha-54149';
+$wp_version = '6.1-alpha-54150';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.