Upgrade/Install: Don't run signature verify on slow 32-bit systems.
The sodium_compat library can be very slow for certain operations on 32-bit architectures, which can lead to web server timeouts while attempting to verify an update. This adds a runtime speed check to skip signature verification on systems that would otherwise time out. Includes simple unit tests. Props dd32, paragoninitiativeenterprises. See #47186. Built from https://develop.svn.wordpress.org/trunk@45345 git-svn-id: http://core.svn.wordpress.org/trunk@45156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b9782736b6
commit
1d730f20e5
|
@ -1199,6 +1199,39 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verify runtime speed of Sodium_Compat is acceptable.
|
||||||
|
if ( ! extension_loaded( 'sodium' ) && ! ParagonIE_Sodium_Compat::polyfill_is_fast() ) {
|
||||||
|
$sodium_compat_is_fast = false;
|
||||||
|
|
||||||
|
// Allow for an old version of Sodium_Compat being loaded before the bundled WordPress one.
|
||||||
|
if ( method_exists( 'ParagonIE_Sodium_Compat', 'runtime_speed_test' ) ) {
|
||||||
|
// Run `ParagonIE_Sodium_Compat::runtime_speed_test()` in optimized integer mode, as that's what WordPress utilises during signing verifications.
|
||||||
|
$old_fastMult = ParagonIE_Sodium_Compat::$fastMult;
|
||||||
|
ParagonIE_Sodium_Compat::$fastMult = true;
|
||||||
|
$sodium_compat_is_fast = ParagonIE_Sodium_Compat::runtime_speed_test( 100, 10 );
|
||||||
|
ParagonIE_Sodium_Compat::$fastMult = $old_fastMult;
|
||||||
|
}
|
||||||
|
|
||||||
|
// This cannot be performed in a reasonable amount of time
|
||||||
|
// https://github.com/paragonie/sodium_compat#help-sodium_compat-is-slow-how-can-i-make-it-fast
|
||||||
|
if ( ! $sodium_compat_is_fast ) {
|
||||||
|
return new WP_Error(
|
||||||
|
'signature_verification_unsupported',
|
||||||
|
sprintf(
|
||||||
|
/* translators: 1: The filename of the package. */
|
||||||
|
__( 'The authenticity of %1$s could not be verified as signature verification is unavailable on this system.' ),
|
||||||
|
'<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'php' => phpversion(),
|
||||||
|
'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
|
||||||
|
'polyfill_is_fast' => false,
|
||||||
|
'max_execution_time' => ini_get( 'max_execution_time' ),
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! $signatures ) {
|
if ( ! $signatures ) {
|
||||||
return new WP_Error(
|
return new WP_Error(
|
||||||
'signature_verification_no_signature',
|
'signature_verification_no_signature',
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.3-alpha-45344';
|
$wp_version = '5.3-alpha-45345';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue