Make WordPress Core


Ignore:
Timestamp:
05/17/2019 05:48:23 PM (6 years ago)
Author:
desrosj
Message:

Upgrade/Install: Don't run signature verify on slow 32-bit systems.

The sodium_compat library can be very slow for certain operations on 32-bit architectures, which can lead to web server timeouts while attempting to verify an update. This adds a runtime speed check to skip signature verification on systems that would otherwise time out. Includes simple unit tests.

Merges [45345] to the 5.2 branch.

Props dd32, paragoninitiativeenterprises, tellyworth.
Fixes #47186.

Location:
branches/5.2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.2

  • branches/5.2/tests/phpunit/tests/file.php

    r42343 r45356  
    184184    }
    185185
     186    /**
     187     * @ticket 47186
     188     */
     189    function test_file_signature_functions_as_expected() {
     190        $file = wp_tempnam();
     191        file_put_contents( $file, 'WordPress' );
     192
     193        // The signature of 'WordPress' after SHA384 hashing, for verification against the key within self::filter_trust_plus85Tq_key().
     194        $expected_signature = 'PmNv0b1ziwJAsVhjdpjd4+PQZidZWSlBm5b+GbbwE9m9HVKDFhEyvyRTHkRYOLypB8P2YvbW7CoOMZqGh8mEAA==';
     195
     196        add_filter( 'wp_trusted_keys', array( $this, 'filter_trust_plus85Tq_key' ) );
     197
     198        // Measure how long the call takes.
     199        $timer_start = microtime( 1 );
     200        $verify      = verify_file_signature( $file, $expected_signature, 'WordPress' );
     201        $timer_end   = microtime( 1 );
     202        $time_taken  = ( $timer_end - $timer_start );
     203
     204        unlink( $file );
     205        remove_filter( 'wp_trusted_keys', array( $this, 'filter_trust_plus85Tq_key' ) );
     206
     207        // verify_file_signature() should intentionally never take more than 10s to run.
     208        $this->assertLessThan( 10, $time_taken, 'verify_file_signature() took longer than 10 seconds.' );
     209
     210        // Check to see if the system parameters prevent signature verifications.
     211        if ( is_wp_error( $verify ) && 'signature_verification_unsupported' == $verify->get_error_code() ) {
     212            $this->markTestSkipped( 'This system does not support Signature Verification.' );
     213        }
     214
     215        $this->assertNotWPError( $verify );
     216        $this->assertTrue( $verify );
     217    }
     218
     219    /**
     220     * @ticket 47186
     221     */
     222    function test_file_signature_expected_failure() {
     223        $file = wp_tempnam();
     224        file_put_contents( $file, 'WordPress' );
     225
     226        // Test an invalid signature.
     227        $expected_signature = base64_encode( str_repeat( 'A', SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES ) );
     228        $verify             = verify_file_signature( $file, $expected_signature, 'WordPress' );
     229        unlink( $file );
     230
     231        if ( is_wp_error( $verify ) && 'signature_verification_unsupported' == $verify->get_error_code() ) {
     232            $this->markTestSkipped( 'This system does not support Signature Verification.' );
     233        }
     234
     235        $this->assertWPError( $verify );
     236        $this->assertEquals( 'signature_verification_failed', $verify->get_error_code() );
     237    }
     238
     239    function filter_trust_plus85Tq_key( $keys ) {
     240        // A static once-off key used to verify verify_file_signature() works as expected.
     241        $keys[] = '+85TqMhxQVAYVW4BSCVkJQvZH4q7z8I9lePbvngvf7A=';
     242
     243        return $keys;
     244    }
    186245}
Note: See TracChangeset for help on using the changeset viewer.