diff -r be944660c56a -r 3d72ae0968f4 wp/wp-includes/sodium_compat/src/File.php --- a/wp/wp-includes/sodium_compat/src/File.php Wed Sep 21 18:19:35 2022 +0200 +++ b/wp/wp-includes/sodium_compat/src/File.php Tue Sep 27 16:37:53 2022 +0200 @@ -1154,19 +1154,15 @@ */ private static function sign_core32($filePath, $secretKey) { - /** @var int|bool $size */ $size = filesize($filePath); if (!is_int($size)) { throw new SodiumException('Could not obtain the file size'); } - /** @var int $size */ - /** @var resource|bool $fp */ $fp = fopen($filePath, 'rb'); if (!is_resource($fp)) { throw new SodiumException('Could not open input file for reading'); } - /** @var resource $fp */ /** @var string $az */ $az = hash('sha512', self::substr($secretKey, 0, 32), true); @@ -1179,16 +1175,9 @@ /** @var resource $hs */ $hs = self::updateHashWithFile($hs, $fp, $size); - /** @var string $nonceHash */ $nonceHash = hash_final($hs, true); - - /** @var string $pk */ $pk = self::substr($secretKey, 32, 32); - - /** @var string $nonce */ $nonce = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($nonceHash) . self::substr($nonceHash, 32); - - /** @var string $sig */ $sig = ParagonIE_Sodium_Core32_Ed25519::ge_p3_tobytes( ParagonIE_Sodium_Core32_Ed25519::ge_scalarmult_base($nonce) ); @@ -1199,13 +1188,10 @@ /** @var resource $hs */ $hs = self::updateHashWithFile($hs, $fp, $size); - /** @var string $hramHash */ $hramHash = hash_final($hs, true); - /** @var string $hram */ $hram = ParagonIE_Sodium_Core32_Ed25519::sc_reduce($hramHash); - /** @var string $sigAfter */ $sigAfter = ParagonIE_Sodium_Core32_Ed25519::sc_muladd($hram, $az, $nonce); /** @var string $sig */ @@ -1243,6 +1229,7 @@ if (ParagonIE_Sodium_Core32_Ed25519::small_order($sig)) { throw new SodiumException('Signature is on too small of an order'); } + if ((self::chrToInt($sig[63]) & 224) !== 0) { throw new SodiumException('Invalid signature'); }