WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/17/2019 11:05:45 AM (21 months ago)
Author:
tellyworth
Message:

Upgrade/Install: Don't run signature verify on slow 32-bit systems.

The sodium_compat library can be very slow for certain operations on 32-bit architectures, which can lead to web server timeouts while attempting to verify an update. This adds a runtime speed check to skip signature verification on systems that would otherwise time out. Includes simple unit tests.

Props dd32, paragoninitiativeenterprises.
See #47186.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r45298 r45345  
    12001200    }
    12011201
     1202    // Verify runtime speed of Sodium_Compat is acceptable.
     1203    if ( ! extension_loaded( 'sodium' ) && ! ParagonIE_Sodium_Compat::polyfill_is_fast() ) {
     1204        $sodium_compat_is_fast = false;
     1205
     1206        // Allow for an old version of Sodium_Compat being loaded before the bundled WordPress one.
     1207        if ( method_exists( 'ParagonIE_Sodium_Compat', 'runtime_speed_test' ) ) {
     1208            // Run `ParagonIE_Sodium_Compat::runtime_speed_test()` in optimized integer mode, as that's what WordPress utilises during signing verifications.
     1209            $old_fastMult                      = ParagonIE_Sodium_Compat::$fastMult;
     1210            ParagonIE_Sodium_Compat::$fastMult = true;
     1211            $sodium_compat_is_fast             = ParagonIE_Sodium_Compat::runtime_speed_test( 100, 10 );
     1212            ParagonIE_Sodium_Compat::$fastMult = $old_fastMult;
     1213        }
     1214
     1215        // This cannot be performed in a reasonable amount of time
     1216        // https://github.com/paragonie/sodium_compat#help-sodium_compat-is-slow-how-can-i-make-it-fast
     1217        if ( ! $sodium_compat_is_fast ) {
     1218            return new WP_Error(
     1219                'signature_verification_unsupported',
     1220                sprintf(
     1221                    /* translators: 1: The filename of the package. */
     1222                    __( 'The authenticity of %1$s could not be verified as signature verification is unavailable on this system.' ),
     1223                    '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
     1224                ),
     1225                array(
     1226                    'php'                => phpversion(),
     1227                    'sodium'             => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
     1228                    'polyfill_is_fast'   => false,
     1229                    'max_execution_time' => ini_get( 'max_execution_time' ),
     1230                )
     1231            );
     1232        }
     1233    }
     1234
    12021235    if ( ! $signatures ) {
    12031236        return new WP_Error(
Note: See TracChangeset for help on using the changeset viewer.