Changeset 61533 for branches/6.9/src/wp-includes/sodium_compat/src/File.php

Timestamp:

01/26/2026 10:51:10 PM (3 months ago)

Author:

jorbin

Message:

Upgrade/Install: Update sodium_compat to v1.24.0.

The latest version includes a security fix to ensure that the public key is on the prime order subgroup.

References:

• ​sodium_compat 1.24.0 release notes
• ​Full list of changes in sodium_compat 1.24.0

Follow-up to [55699], [58752], [58753], [60787], [60905].

Reviewed by jorbin.
Merges [61419] to the 6.9 branch.

Props paragoninitiativeenterprises, johnbillion, SergeyBiryukov.
Fixes #64462.

Location:

branches/6.9

Files:

• . (modified) (1 prop)
• src/wp-includes/sodium_compat/src/File.php (modified) (1 diff)

branches/6.9/src/wp-includes/sodium_compat/src/File.php

@@ -787 +787 @@
         ParagonIE_Sodium_Compat::$fastMult = true;
 
+        if (ParagonIE_Sodium_Core_Ed25519::small_order($publicKey)) {
+            throw new SodiumException('Public key has small order');
+        }
         /** @var ParagonIE_Sodium_Core_Curve25519_Ge_P3 $A */
         $A = ParagonIE_Sodium_Core_Ed25519::ge_frombytes_negate_vartime($publicKey);
+        if (!ParagonIE_Sodium_Core_Ed25519::is_on_main_subgroup($A)) {
+            throw new SodiumException('Public key is not on a member of the main subgroup');
+        }
 
         $hs = hash_init('sha512');