<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[46859] branches/5.3/src/wp-includes/sodium_compat: Upgrade/Install: Update sodium_compat to v1.12.1.</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/46859">46859</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/46859","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>SergeyBiryukov</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2019-12-09 16:44:58 +0000 (Mon, 09 Dec 2019)</dd>
</dl>

<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Upgrade/Install: Update sodium_compat to v1.12.1.

This includes a speedup for signature verification on most platforms and bugfixes for 32-bit platforms.

Props paragoninitiativeenterprises, lukaswaudentio.
Merges <a href="https://core.trac.wordpress.org/changeset/46858">[46858]</a> to the 5.3 branch.
Fixes <a href="https://core.trac.wordpress.org/ticket/48371">#48371</a>.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branches53srcwpincludessodium_compatLICENSE">branches/5.3/src/wp-includes/sodium_compat/LICENSE</a></li>
<li><a href="#branches53srcwpincludessodium_compatautoloadphp">branches/5.3/src/wp-includes/sodium_compat/autoload.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatcomposerjson">branches/5.3/src/wp-includes/sodium_compat/composer.json</a></li>
<li><a href="#branches53srcwpincludessodium_compatlibconstantsphp">branches/5.3/src/wp-includes/sodium_compat/lib/constants.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatlibnamespacedphp">branches/5.3/src/wp-includes/sodium_compat/lib/namespaced.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatlibphp72compatphp">branches/5.3/src/wp-includes/sodium_compat/lib/php72compat.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatlibsodium_compatphp">branches/5.3/src/wp-includes/sodium_compat/lib/sodium_compat.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCompatphp">branches/5.3/src/wp-includes/sodium_compat/src/Compat.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCoreBLAKE2bphp">branches/5.3/src/wp-includes/sodium_compat/src/Core/BLAKE2b.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCoreEd25519php">branches/5.3/src/wp-includes/sodium_compat/src/Core/Ed25519.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCorePoly1305Statephp">branches/5.3/src/wp-includes/sodium_compat/src/Core/Poly1305/State.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCoreXChaCha20php">branches/5.3/src/wp-includes/sodium_compat/src/Core/XChaCha20.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCore32BLAKE2bphp">branches/5.3/src/wp-includes/sodium_compat/src/Core32/BLAKE2b.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCore32Ed25519php">branches/5.3/src/wp-includes/sodium_compat/src/Core32/Ed25519.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCore32Poly1305Statephp">branches/5.3/src/wp-includes/sodium_compat/src/Core32/Poly1305/State.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCore32X25519php">branches/5.3/src/wp-includes/sodium_compat/src/Core32/X25519.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCryptophp">branches/5.3/src/wp-includes/sodium_compat/src/Crypto.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcCrypto32php">branches/5.3/src/wp-includes/sodium_compat/src/Crypto32.php</a></li>
<li><a href="#branches53srcwpincludessodium_compatsrcFilephp">branches/5.3/src/wp-includes/sodium_compat/src/File.php</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#branches53srcwpincludessodium_compatlibphp72compat_constphp">branches/5.3/src/wp-includes/sodium_compat/lib/php72compat_const.php</a></li>
<li>branches/5.3/src/wp-includes/sodium_compat/src/Core/Base64/</li>
<li>branches/5.3/src/wp-includes/sodium_compat/src/Core/SecretStream/</li>
<li>branches/5.3/src/wp-includes/sodium_compat/src/Core32/SecretStream/</li>
<li>branches/5.3/src/wp-includes/sodium_compat/src/PHP52/</li>
</ul>

<h3>Property Changed</h3>
<ul>
<li><a href="#branches53">branches/5.3/</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<span class="cx" style="display: block; padding: 0 10px">Index: branches/5.3
</span><span class="cx" style="display: block; padding: 0 10px">===================================================================
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">--- branches/5.3 2019-12-09 16:40:11 UTC (rev 46858)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+++ branches/5.3  2019-12-09 16:44:58 UTC (rev 46859)
</ins><a id="branches53"></a>
<div class="propset"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Property changes: branches/5.3</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: svn:mergeinfo</h4></div>
<span class="cx" style="display: block; padding: 0 10px"> /branches/3.4:21757
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/4.9:43557,43622
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/5.0:43681-43682,43684-43688,43719-43720,43723,43726-43727,43729-43731,43734-43744,43747,43751-43754,43758,43760-43765,43767-43770,43772,43774-43781,43783,43785,43790-43806,43808-43821,43825,43828,43830-43834,43836-43843,43846-43863,43867-43889,43891-43894,43897-43905,43908-43909,43911-43929,43931-43942,43946-43947,43949-43956,43959-43964,43967-43969,43988,43994,44014,44017,44047,44183,44185,44187-44206,44208-44213,44231-44232,44235,44248,44284,44287-44288
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/trunk:46583,46605-46606,46613,46616,46656,46658,46665,46668,46676-46677,46700-46703,46705,46707,46709,46711,46713,46715,46719-46720,46722,46724,46738,46745-46748,46753,46756-46758,46761-46762,46765,46770,46772,46779,46782,46786,46788,46793,46795,46797,46809,46813,46815,46817,46822,46824,46832,46835,46837-46838,46840,46842,46844-46845,46849,46851-46852,46854,46856
</del><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/trunk:46583,46605-46606,46613,46616,46656,46658,46665,46668,46676-46677,46700-46703,46705,46707,46709,46711,46713,46715,46719-46720,46722,46724,46738,46745-46748,46753,46756-46758,46761-46762,46765,46770,46772,46779,46782,46786,46788,46793,46795,46797,46809,46813,46815,46817,46822,46824,46832,46835,46837-46838,46840,46842,46844-46845,46849,46851-46852,46854,46856,46858
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span><a id="branches53srcwpincludessodium_compatLICENSE"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/LICENSE</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/LICENSE        2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/LICENSE  2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,10 +1,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /*
</span><span class="cx" style="display: block; padding: 0 10px">  * ISC License
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2016-2018
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2016-2019
</ins><span class="cx" style="display: block; padding: 0 10px">  * Paragon Initiative Enterprises <security at paragonie dot com>
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2013-2018
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2013-2019
</ins><span class="cx" style="display: block; padding: 0 10px">  * Frank Denis <j at pureftpd dot org>
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="cx" style="display: block; padding: 0 10px">  * Permission to use, copy, modify, and/or distribute this software for any
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatautoloadphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/autoload.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/autoload.php   2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/autoload.php     2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -43,7 +43,17 @@
</span><span class="cx" style="display: block; padding: 0 10px">     // unless PHP >= 5.3.0
</span><span class="cx" style="display: block; padding: 0 10px">     require_once dirname(__FILE__) . '/lib/namespaced.php';
</span><span class="cx" style="display: block; padding: 0 10px">     require_once dirname(__FILE__) . '/lib/sodium_compat.php';
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+} else {
+    require_once dirname(__FILE__) . '/src/PHP52/SplFixedArray.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if (PHP_VERSION_ID < 70200 || !extension_loaded('sodium')) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    require_once dirname(__FILE__) . '/lib/php72compat.php';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    if (PHP_VERSION_ID >= 50300 && !defined('SODIUM_CRYPTO_SCALARMULT_BYTES')) {
+        require_once dirname(__FILE__) . '/lib/php72compat_const.php';
+    }
+    if (PHP_VERSION_ID >= 70000) {
+        assert(class_exists('ParagonIE_Sodium_Compat'), 'Possible filesystem/autoloader bug?');
+    } else {
+        assert(class_exists('ParagonIE_Sodium_Compat'));
+    }
+    require_once (dirname(__FILE__) . '/lib/php72compat.php');
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatcomposerjson"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/composer.json</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/composer.json  2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/composer.json    2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -54,7 +54,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     "paragonie/random_compat": ">=1"
</span><span class="cx" style="display: block; padding: 0 10px">   },
</span><span class="cx" style="display: block; padding: 0 10px">   "require-dev": {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    "phpunit/phpunit": "^3|^4|^5"
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    "phpunit/phpunit": "^3|^4|^5|^6|^7"
</ins><span class="cx" style="display: block; padding: 0 10px">   },
</span><span class="cx" style="display: block; padding: 0 10px">   "suggest": {
</span><span class="cx" style="display: block; padding: 0 10px">     "ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatlibconstantsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/lib/constants.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/lib/constants.php      2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/lib/constants.php        2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,6 +1,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> namespace Sodium;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once dirname(dirname(__FILE__)) . '/autoload.php';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> use ParagonIE_Sodium_Compat;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px"> const CRYPTO_AEAD_AES256GCM_KEYBYTES = ParagonIE_Sodium_Compat::CRYPTO_AEAD_AES256GCM_KEYBYTES;
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatlibnamespacedphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/lib/namespaced.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/lib/namespaced.php     2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/lib/namespaced.php       2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,5 +1,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once dirname(dirname(__FILE__)) . '/autoload.php';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> if (PHP_VERSION_ID < 50300) {
</span><span class="cx" style="display: block; padding: 0 10px">     return;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -36,7 +38,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     // Replace the namespace prefix with the base directory, replace namespace
</span><span class="cx" style="display: block; padding: 0 10px">     // separators with directory separators in the relative class name, append
</span><span class="cx" style="display: block; padding: 0 10px">     // with .php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    $file = dirname(__DIR__) . '/namespaced/' . str_replace('\\', '/', $relative_class) . '.php';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    $file = dirname(dirname(__FILE__)) . '/namespaced/' . str_replace('\\', '/', $relative_class) . '.php';
</ins><span class="cx" style="display: block; padding: 0 10px">     // if the file exists, require it
</span><span class="cx" style="display: block; padding: 0 10px">     if (file_exists($file)) {
</span><span class="cx" style="display: block; padding: 0 10px">         require_once $file;
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatlibphp72compatphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/lib/php72compat.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/lib/php72compat.php    2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/lib/php72compat.php      2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,5 +1,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once dirname(dirname(__FILE__)) . '/autoload.php';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px">  * This file will monkey patch the pure-PHP implementation in place of the
</span><span class="cx" style="display: block; padding: 0 10px">  * PECL functions and constants, but only if they do not already exist.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -8,6 +10,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">  * ParagonIE_Sodium_Compat method or class constant, respectively.
</span><span class="cx" style="display: block; padding: 0 10px">  */
</span><span class="cx" style="display: block; padding: 0 10px"> foreach (array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    'BASE64_VARIANT_ORIGINAL',
+    'BASE64_VARIANT_ORIGINAL_NO_PADDING',
+    'BASE64_VARIANT_URLSAFE',
+    'BASE64_VARIANT_URLSAFE_NO_PADDING',
</ins><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -29,10 +35,17 @@
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_BOX_MACBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_BOX_NONCEBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_BOX_SEEDBYTES',
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    'CRYPTO_KDF_BYTES_MIN',
+    'CRYPTO_KDF_BYTES_MAX',
+    'CRYPTO_KDF_CONTEXTBYTES',
+    'CRYPTO_KDF_KEYBYTES',
</ins><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_KX_BYTES',
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    'CRYPTO_KX_KEYPAIRBYTES',
+    'CRYPTO_KX_PRIMITIVE',
</ins><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_KX_SEEDBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_KX_PUBLICKEYBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_KX_SECRETKEYBYTES',
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    'CRYPTO_KX_SESSIONKEYBYTES',
</ins><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_GENERICHASH_BYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_GENERICHASH_BYTES_MIN',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_GENERICHASH_BYTES_MAX',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -56,6 +69,14 @@
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SECRETBOX_KEYBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SECRETBOX_MACBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SECRETBOX_NONCEBYTES',
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PUSH',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PULL',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL',
+    'CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX',
</ins><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SIGN_BYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SIGN_SEEDBYTES',
</span><span class="cx" style="display: block; padding: 0 10px">     'CRYPTO_SIGN_PUBLICKEYBYTES',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -68,11 +89,52 @@
</span><span class="cx" style="display: block; padding: 0 10px">     'VERSION_STRING'
</span><span class="cx" style="display: block; padding: 0 10px">     ) as $constant
</span><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    if (!defined("SODIUM_$constant")) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    if (!defined("SODIUM_$constant") && defined("ParagonIE_Sodium_Compat::$constant")) {
</ins><span class="cx" style="display: block; padding: 0 10px">         define("SODIUM_$constant", constant("ParagonIE_Sodium_Compat::$constant"));
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_add')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::add()
+     * @param string $val
+     * @param string $addv
+     * @return void
+     * @throws SodiumException
+     */
+    function sodium_add(&$val, $addv)
+    {
+        ParagonIE_Sodium_Compat::add($val, $addv);
+    }
+}
+if (!is_callable('sodium_base642bin')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::bin2base64()
+     * @param string $string
+     * @param int $variant
+     * @param string $ignore
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_base642bin($string, $variant, $ignore ='')
+    {
+        return ParagonIE_Sodium_Compat::base642bin($string, $variant, $ignore);
+    }
+}
+if (!is_callable('sodium_bin2base64')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::bin2base64()
+     * @param string $string
+     * @param int $variant
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_bin2base64($string, $variant)
+    {
+        return ParagonIE_Sodium_Compat::bin2base64($string, $variant);
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_bin2hex')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::hex2bin()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -186,6 +248,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_aead_chacha20poly1305_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -232,6 +295,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_aead_chacha20poly1305_ietf_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -278,6 +342,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_aead_xchacha20poly1305_ietf_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -302,6 +367,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_auth_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_auth_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -516,6 +582,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_generichash_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_generichash_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -536,6 +603,37 @@
</span><span class="cx" style="display: block; padding: 0 10px">         ParagonIE_Sodium_Compat::crypto_generichash_update($ctx, $message);
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_crypto_kdf_keygen')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_kdf_keygen()
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kdf_keygen()
+    {
+        return ParagonIE_Sodium_Compat::crypto_kdf_keygen();
+    }
+}
+if (!is_callable('sodium_crypto_kdf_derive_from_key')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_kdf_derive_from_key()
+     * @param int $subkey_len
+     * @param int $subkey_id
+     * @param string $context
+     * @param string $key
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kdf_derive_from_key($subkey_len, $subkey_id, $context, $key)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kdf_derive_from_key(
+            $subkey_len,
+            $subkey_id,
+            $context,
+            $key
+        );
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_crypto_kx')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_kx()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -557,6 +655,73 @@
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_crypto_kx_seed_keypair')) {
+    /**
+     * @param string $seed
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kx_seed_keypair($seed)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_seed_keypair($seed);
+    }
+}
+if (!is_callable('sodium_crypto_kx_keypair')) {
+    /**
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kx_keypair()
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_keypair();
+    }
+}
+if (!is_callable('sodium_crypto_kx_client_session_keys')) {
+    /**
+     * @param string $keypair
+     * @param string $serverPublicKey
+     * @return array{0: string, 1: string}
+     * @throws SodiumException
+     */
+    function sodium_crypto_kx_client_session_keys($keypair, $serverPublicKey)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_client_session_keys($keypair, $serverPublicKey);
+    }
+}
+if (!is_callable('sodium_crypto_kx_server_session_keys')) {
+    /**
+     * @param string $keypair
+     * @param string $clientPublicKey
+     * @return array{0: string, 1: string}
+     * @throws SodiumException
+     */
+    function sodium_crypto_kx_server_session_keys($keypair, $clientPublicKey)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_server_session_keys($keypair, $clientPublicKey);
+    }
+}
+if (!is_callable('sodium_crypto_kx_secretkey')) {
+    /**
+     * @param string $keypair
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kx_secretkey($keypair)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_secretkey($keypair);
+    }
+}
+if (!is_callable('sodium_crypto_kx_publickey')) {
+    /**
+     * @param string $keypair
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_kx_publickey($keypair)
+    {
+        return ParagonIE_Sodium_Compat::crypto_kx_publickey($keypair);
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_crypto_pwhash')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_pwhash()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -590,6 +755,21 @@
</span><span class="cx" style="display: block; padding: 0 10px">         return ParagonIE_Sodium_Compat::crypto_pwhash_str($passwd, $opslimit, $memlimit);
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_crypto_pwhash_str_needs_rehash')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_pwhash_str_needs_rehash()
+     * @param string $hash
+     * @param int $opslimit
+     * @param int $memlimit
+     * @return bool
+     *
+     * @throws SodiumException
+     */
+    function sodium_crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit)
+    {
+        return ParagonIE_Sodium_Compat::crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit);
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_crypto_pwhash_str_verify')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_pwhash_str_verify()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -696,6 +876,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_secretbox_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_secretbox_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -721,6 +902,77 @@
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_init_push')) {
+    /**
+     * @param string $key
+     * @return array<int, string>
+     * @throws SodiumException
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_init_push($key)
+    {
+        return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_push($key);
+    }
+}
+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_push')) {
+    /**
+     * @param string $state
+     * @param string $msg
+     * @param string $aad
+     * @param int $tag
+     * @return string
+     * @throws SodiumException
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
+    {
+        return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_push($state, $msg, $aad, $tag);
+    }
+}
+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_init_pull')) {
+    /**
+     * @param string $header
+     * @param string $key
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $key)
+    {
+        return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_init_pull($header, $key);
+    }
+}
+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_pull')) {
+    /**
+     * @param string $state
+     * @param string $cipher
+     * @param string $aad
+     * @return bool|array{0: string, 1: int}
+     * @throws SodiumException
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_pull(&$state, $cipher, $aad = '')
+    {
+        return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_pull($state, $cipher, $aad);
+    }
+}
+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_rekey')) {
+    /**
+     * @param string $state
+     * @return void
+     * @throws SodiumException
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_rekey(&$state)
+    {
+        ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_rekey($state);
+    }
+}
+if (!is_callable('sodium_crypto_secretstream_xchacha20poly1305_keygen')) {
+    /**
+     * @return string
+     * @throws Exception
+     */
+    function sodium_crypto_secretstream_xchacha20poly1305_keygen()
+    {
+        return ParagonIE_Sodium_Compat::crypto_secretstream_xchacha20poly1305_keygen();
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_crypto_shorthash')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_shorthash()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -739,6 +991,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_shorthash_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_shorthash_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -773,6 +1026,20 @@
</span><span class="cx" style="display: block; padding: 0 10px">         return ParagonIE_Sodium_Compat::crypto_sign_detached($message, $sk);
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_crypto_sign_keypair_from_secretkey_and_publickey')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::crypto_sign_keypair_from_secretkey_and_publickey()
+     * @param string $sk
+     * @param string $pk
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk)
+    {
+        return ParagonIE_Sodium_Compat::crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk);
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_crypto_sign_keypair')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_sign_keypair()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -915,6 +1182,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::crypto_stream_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return string
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_crypto_stream_keygen()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1019,6 +1287,34 @@
</span><span class="cx" style="display: block; padding: 0 10px">         ParagonIE_Sodium_Compat::memzero($str);
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('sodium_pad')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::pad()
+     * @param string $unpadded
+     * @param int $blockSize
+     * @return int
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_pad($unpadded, $blockSize)
+    {
+        return ParagonIE_Sodium_Compat::pad($unpadded, $blockSize, true);
+    }
+}
+if (!is_callable('sodium_unpad')) {
+    /**
+     * @see ParagonIE_Sodium_Compat::pad()
+     * @param string $padded
+     * @param int $blockSize
+     * @return int
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    function sodium_unpad($padded, $blockSize)
+    {
+        return ParagonIE_Sodium_Compat::unpad($padded, $blockSize, true);
+    }
+}
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!is_callable('sodium_randombytes_buf')) {
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::randombytes_buf()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1049,6 +1345,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @see ParagonIE_Sodium_Compat::randombytes_random16()
</span><span class="cx" style="display: block; padding: 0 10px">      * @return int
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     function sodium_randombytes_random16()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatlibphp72compat_constphpfromrev46858trunksrcwpincludessodium_compatlibphp72compat_constphp"></a>
<div class="copfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Copied: branches/5.3/src/wp-includes/sodium_compat/lib/php72compat_const.php (from rev 46858, trunk/src/wp-includes/sodium_compat/lib/php72compat_const.php)</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/lib/php72compat_const.php                              (rev 0)
+++ branches/5.3/src/wp-includes/sodium_compat/lib/php72compat_const.php        2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,90 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+
+const SODIUM_LIBRARY_MAJOR_VERSION = 9;
+const SODIUM_LIBRARY_MINOR_VERSION = 1;
+const SODIUM_LIBRARY_VERSION = '1.0.8';
+
+const SODIUM_BASE64_VARIANT_ORIGINAL = 1;
+const SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING = 3;
+const SODIUM_BASE64_VARIANT_URLSAFE = 5;
+const SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING = 7;
+const SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES = 32;
+const SODIUM_CRYPTO_AEAD_AES256GCM_NSECBYTES = 0;
+const SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES = 12;
+const SODIUM_CRYPTO_AEAD_AES256GCM_ABYTES = 16;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES = 32;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NSECBYTES = 0;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES = 8;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_ABYTES = 16;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES = 32;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NSECBYTES = 0;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES = 12;
+const SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES = 16;
+const SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES = 32;
+const SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES = 0;
+const SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES = 24;
+const SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_ABYTES = 16;
+const SODIUM_CRYPTO_AUTH_BYTES = 32;
+const SODIUM_CRYPTO_AUTH_KEYBYTES = 32;
+const SODIUM_CRYPTO_BOX_SEALBYTES = 16;
+const SODIUM_CRYPTO_BOX_SECRETKEYBYTES = 32;
+const SODIUM_CRYPTO_BOX_PUBLICKEYBYTES = 32;
+const SODIUM_CRYPTO_BOX_KEYPAIRBYTES = 64;
+const SODIUM_CRYPTO_BOX_MACBYTES = 16;
+const SODIUM_CRYPTO_BOX_NONCEBYTES = 24;
+const SODIUM_CRYPTO_BOX_SEEDBYTES = 32;
+const SODIUM_CRYPTO_KDF_BYTES_MIN = 16;
+const SODIUM_CRYPTO_KDF_BYTES_MAX = 64;
+const SODIUM_CRYPTO_KDF_CONTEXTBYTES = 8;
+const SODIUM_CRYPTO_KDF_KEYBYTES = 32;
+const SODIUM_CRYPTO_KX_BYTES = 32;
+const SODIUM_CRYPTO_KX_PRIMITIVE = 'x25519blake2b';
+const SODIUM_CRYPTO_KX_SEEDBYTES = 32;
+const SODIUM_CRYPTO_KX_KEYPAIRBYTES = 64;
+const SODIUM_CRYPTO_KX_PUBLICKEYBYTES = 32;
+const SODIUM_CRYPTO_KX_SECRETKEYBYTES = 32;
+const SODIUM_CRYPTO_KX_SESSIONKEYBYTES = 32;
+const SODIUM_CRYPTO_GENERICHASH_BYTES = 32;
+const SODIUM_CRYPTO_GENERICHASH_BYTES_MIN = 16;
+const SODIUM_CRYPTO_GENERICHASH_BYTES_MAX = 64;
+const SODIUM_CRYPTO_GENERICHASH_KEYBYTES = 32;
+const SODIUM_CRYPTO_GENERICHASH_KEYBYTES_MIN = 16;
+const SODIUM_CRYPTO_GENERICHASH_KEYBYTES_MAX = 64;
+const SODIUM_CRYPTO_PWHASH_SALTBYTES = 16;
+const SODIUM_CRYPTO_PWHASH_STRPREFIX = '$argon2id$';
+const SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13 = 1;
+const SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 = 2;
+const SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE = 33554432;
+const SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE = 4;
+const SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE = 134217728;
+const SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE = 6;
+const SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE = 536870912;
+const SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE = 8;
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES = 32;
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_STRPREFIX = '$7$';
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE = 534288;
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE = 16777216;
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE = 33554432;
+const SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE = 1073741824;
+const SODIUM_CRYPTO_SCALARMULT_BYTES = 32;
+const SODIUM_CRYPTO_SCALARMULT_SCALARBYTES = 32;
+const SODIUM_CRYPTO_SHORTHASH_BYTES = 8;
+const SODIUM_CRYPTO_SHORTHASH_KEYBYTES = 16;
+const SODIUM_CRYPTO_SECRETBOX_KEYBYTES = 32;
+const SODIUM_CRYPTO_SECRETBOX_MACBYTES = 16;
+const SODIUM_CRYPTO_SECRETBOX_NONCEBYTES = 24;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES = 17;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES = 24;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES = 32;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PUSH = 0;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PULL = 1;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY = 2;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL = 3;
+const SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX = 0x3fffffff80;
+const SODIUM_CRYPTO_SIGN_BYTES = 64;
+const SODIUM_CRYPTO_SIGN_SEEDBYTES = 32;
+const SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES = 32;
+const SODIUM_CRYPTO_SIGN_SECRETKEYBYTES = 64;
+const SODIUM_CRYPTO_SIGN_KEYPAIRBYTES = 96;
+const SODIUM_CRYPTO_STREAM_KEYBYTES = 32;
+const SODIUM_CRYPTO_STREAM_NONCEBYTES = 24;
</ins></span></pre></div>
<a id="branches53srcwpincludessodium_compatlibsodium_compatphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/lib/sodium_compat.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/lib/sodium_compat.php  2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/lib/sodium_compat.php    2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,6 +1,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> namespace Sodium;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once dirname(dirname(__FILE__)) . '/autoload.php';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> use ParagonIE_Sodium_Compat;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCompatphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Compat.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Compat.php 2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Compat.php   2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -49,6 +49,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">     const VERSION_STRING = 'polyfill-1.0.8';
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     // From libsodium
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const BASE64_VARIANT_ORIGINAL = 1;
+    const BASE64_VARIANT_ORIGINAL_NO_PADDING = 3;
+    const BASE64_VARIANT_URLSAFE = 5;
+    const BASE64_VARIANT_URLSAFE_NO_PADDING = 7;
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_AEAD_AES256GCM_KEYBYTES = 32;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_AEAD_AES256GCM_NSECBYTES = 0;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_AEAD_AES256GCM_NPUBBYTES = 12;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -74,10 +78,17 @@
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_BOX_MACBYTES = 16;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_BOX_NONCEBYTES = 24;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_BOX_SEEDBYTES = 32;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_KDF_BYTES_MIN = 16;
+    const CRYPTO_KDF_BYTES_MAX = 64;
+    const CRYPTO_KDF_CONTEXTBYTES = 8;
+    const CRYPTO_KDF_KEYBYTES = 32;
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_KX_BYTES = 32;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_KX_PRIMITIVE = 'x25519blake2b';
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_KX_SEEDBYTES = 32;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_KX_KEYPAIRBYTES = 64;
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_KX_PUBLICKEYBYTES = 32;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_KX_SECRETKEYBYTES = 32;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_KX_SESSIONKEYBYTES = 32;
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_GENERICHASH_BYTES = 32;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_GENERICHASH_BYTES_MIN = 16;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_GENERICHASH_BYTES_MAX = 64;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -85,7 +96,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_GENERICHASH_KEYBYTES_MIN = 16;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_GENERICHASH_KEYBYTES_MAX = 64;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_PWHASH_SALTBYTES = 16;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    const CRYPTO_PWHASH_STRPREFIX = '$argon2i$';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_PWHASH_STRPREFIX = '$argon2id$';
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_PWHASH_ALG_ARGON2I13 = 1;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_PWHASH_ALG_ARGON2ID13 = 2;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE = 33554432;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -107,6 +118,14 @@
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SECRETBOX_KEYBYTES = 32;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SECRETBOX_MACBYTES = 16;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SECRETBOX_NONCEBYTES = 24;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES = 17;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES = 24;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES = 32;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PUSH = 0;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_PULL = 1;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY = 2;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL = 3;
+    const CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX = 0x3fffffff80;
</ins><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SIGN_BYTES = 64;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SIGN_SEEDBYTES = 32;
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_SIGN_PUBLICKEYBYTES = 32;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -116,6 +135,110 @@
</span><span class="cx" style="display: block; padding: 0 10px">     const CRYPTO_STREAM_NONCEBYTES = 24;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Add two numbers (little-endian unsigned), storing the value in the first
+     * parameter.
+     *
+     * This mutates $val.
+     *
+     * @param string $val
+     * @param string $addv
+     * @return void
+     * @throws SodiumException
+     */
+    public static function add(&$val, $addv)
+    {
+        $val_len = ParagonIE_Sodium_Core_Util::strlen($val);
+        $addv_len = ParagonIE_Sodium_Core_Util::strlen($addv);
+        if ($val_len !== $addv_len) {
+            throw new SodiumException('values must have the same length');
+        }
+        $A = ParagonIE_Sodium_Core_Util::stringToIntArray($val);
+        $B = ParagonIE_Sodium_Core_Util::stringToIntArray($addv);
+
+        $c = 0;
+        for ($i = 0; $i < $val_len; $i++) {
+            $c += ($A[$i] + $B[$i]);
+            $A[$i] = ($c & 0xff);
+            $c >>= 8;
+        }
+        $val = ParagonIE_Sodium_Core_Util::intArrayToString($A);
+    }
+
+    /**
+     * @param string $encoded
+     * @param int $variant
+     * @param string $ignore
+     * @return string
+     * @throws SodiumException
+     */
+    public static function base642bin($encoded, $variant, $ignore = '')
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($encoded, 'string', 1);
+
+        /** @var string $encoded */
+        $encoded = (string) $encoded;
+        if (ParagonIE_Sodium_Core_Util::strlen($encoded) === 0) {
+            return '';
+        }
+
+        // Just strip before decoding
+        if (!empty($ignore)) {
+            $encoded = str_replace($ignore, '', $encoded);
+        }
+
+        try {
+            switch ($variant) {
+                case self::BASE64_VARIANT_ORIGINAL:
+                    return ParagonIE_Sodium_Core_Base64_Original::decode($encoded, true);
+                case self::BASE64_VARIANT_ORIGINAL_NO_PADDING:
+                    return ParagonIE_Sodium_Core_Base64_Original::decode($encoded, false);
+                case self::BASE64_VARIANT_URLSAFE:
+                    return ParagonIE_Sodium_Core_Base64_UrlSafe::decode($encoded, true);
+                case self::BASE64_VARIANT_URLSAFE_NO_PADDING:
+                    return ParagonIE_Sodium_Core_Base64_UrlSafe::decode($encoded, false);
+                default:
+                    throw new SodiumException('invalid base64 variant identifier');
+            }
+        } catch (Exception $ex) {
+            if ($ex instanceof SodiumException) {
+                throw $ex;
+            }
+            throw new SodiumException('invalid base64 string');
+        }
+    }
+
+    /**
+     * @param string $decoded
+     * @param int $variant
+     * @return string
+     * @throws SodiumException
+     */
+    public static function bin2base64($decoded, $variant)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($decoded, 'string', 1);
+        /** @var string $decoded */
+        $decoded = (string) $decoded;
+        if (ParagonIE_Sodium_Core_Util::strlen($decoded) === 0) {
+            return '';
+        }
+
+        switch ($variant) {
+            case self::BASE64_VARIANT_ORIGINAL:
+                return ParagonIE_Sodium_Core_Base64_Original::encode($decoded);
+            case self::BASE64_VARIANT_ORIGINAL_NO_PADDING:
+                return ParagonIE_Sodium_Core_Base64_Original::encodeUnpadded($decoded);
+            case self::BASE64_VARIANT_URLSAFE:
+                return ParagonIE_Sodium_Core_Base64_UrlSafe::encode($decoded);
+            case self::BASE64_VARIANT_URLSAFE_NO_PADDING:
+                return ParagonIE_Sodium_Core_Base64_UrlSafe::encodeUnpadded($decoded);
+            default:
+                throw new SodiumException('invalid base64 variant identifier');
+        }
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Cache-timing-safe implementation of bin2hex().
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $string A string (probably raw binary)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1310,6 +1433,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">      * @throws TypeError
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress MixedArgument
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress ReferenceConstraintViolation
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @psalm-suppress ConflictingReferenceConstraint
</ins><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     public static function crypto_generichash_final(&$ctx, $length = self::CRYPTO_GENERICHASH_BYTES)
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1324,6 +1448,14 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $func = '\\Sodium\\crypto_generichash_final';
</span><span class="cx" style="display: block; padding: 0 10px">             return (string) $func($ctx, $length);
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($length < 1) {
+            try {
+                self::memzero($ctx);
+            } catch (SodiumException $ex) {
+                unset($ctx);
+            }
+            return '';
+        }
</ins><span class="cx" style="display: block; padding: 0 10px">         if (PHP_INT_SIZE === 4) {
</span><span class="cx" style="display: block; padding: 0 10px">             $result = ParagonIE_Sodium_Crypto32::generichash_final($ctx, $length);
</span><span class="cx" style="display: block; padding: 0 10px">         } else {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1380,6 +1512,53 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Initialize a BLAKE2b hashing context, for use in a streaming interface.
+     *
+     * @param string|null $key If specified must be a string between 16 and 64 bytes
+     * @param int $length      The size of the desired hash output
+     * @param string $salt     Salt (up to 16 bytes)
+     * @param string $personal Personalization string (up to 16 bytes)
+     * @return string          A BLAKE2 hashing context, encoded as a string
+     *                         (To be 100% compatible with ext/libsodium)
+     * @throws SodiumException
+     * @throws TypeError
+     * @psalm-suppress MixedArgument
+     */
+    public static function crypto_generichash_init_salt_personal(
+        $key = '',
+        $length = self::CRYPTO_GENERICHASH_BYTES,
+        $salt = '',
+        $personal = ''
+    ) {
+        /* Type checks: */
+        if (is_null($key)) {
+            $key = '';
+        }
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($length, 'int', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($salt, 'string', 3);
+        ParagonIE_Sodium_Core_Util::declareScalarType($personal, 'string', 4);
+        $salt = str_pad($salt, 16, "\0", STR_PAD_RIGHT);
+        $personal = str_pad($personal, 16, "\0", STR_PAD_RIGHT);
+
+        /* Input validation: */
+        if (!empty($key)) {
+            /*
+            if (ParagonIE_Sodium_Core_Util::strlen($key) < self::CRYPTO_GENERICHASH_KEYBYTES_MIN) {
+                throw new SodiumException('Unsupported key size. Must be at least CRYPTO_GENERICHASH_KEYBYTES_MIN bytes long.');
+            }
+            */
+            if (ParagonIE_Sodium_Core_Util::strlen($key) > self::CRYPTO_GENERICHASH_KEYBYTES_MAX) {
+                throw new SodiumException('Unsupported key size. Must be at most CRYPTO_GENERICHASH_KEYBYTES_MAX bytes long.');
+            }
+        }
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Crypto32::generichash_init_salt_personal($key, $length, $salt, $personal);
+        }
+        return ParagonIE_Sodium_Crypto::generichash_init_salt_personal($key, $length, $salt, $personal);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Update a BLAKE2b hashing context with additional data.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $ctx    BLAKE2 hashing context. Generated by crypto_generichash_init().
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1425,6 +1604,65 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param int $subkey_len
+     * @param int $subkey_id
+     * @param string $context
+     * @param string $key
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_kdf_derive_from_key(
+        $subkey_len,
+        $subkey_id,
+        $context,
+        $key
+    ) {
+        ParagonIE_Sodium_Core_Util::declareScalarType($subkey_len, 'int', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($subkey_id, 'int', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($context, 'string', 3);
+        ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 4);
+        $subkey_id = (int) $subkey_id;
+        $subkey_len = (int) $subkey_len;
+        $context = (string) $context;
+        $key = (string) $key;
+
+        if ($subkey_len < self::CRYPTO_KDF_BYTES_MIN) {
+            throw new SodiumException('subkey cannot be smaller than SODIUM_CRYPTO_KDF_BYTES_MIN');
+        }
+        if ($subkey_len > self::CRYPTO_KDF_BYTES_MAX) {
+            throw new SodiumException('subkey cannot be larger than SODIUM_CRYPTO_KDF_BYTES_MAX');
+        }
+        if ($subkey_id < 0) {
+            throw new SodiumException('subkey_id cannot be negative');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($context) !== self::CRYPTO_KDF_CONTEXTBYTES) {
+            throw new SodiumException('context should be SODIUM_CRYPTO_KDF_CONTEXTBYTES bytes');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_KDF_KEYBYTES) {
+            throw new SodiumException('key should be SODIUM_CRYPTO_KDF_KEYBYTES bytes');
+        }
+
+        $salt = ParagonIE_Sodium_Core_Util::store64_le($subkey_id);
+        $state = self::crypto_generichash_init_salt_personal(
+            $key,
+            $subkey_len,
+            $salt,
+            $context
+        );
+        return self::crypto_generichash_final($state, $subkey_len);
+    }
+
+    /**
+     * @return string
+     * @throws Exception
+     * @throws Error
+     */
+    public static function crypto_kdf_keygen()
+    {
+        return random_bytes(self::CRYPTO_KDF_KEYBYTES);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Perform a key exchange, between a designated client and a server.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * Typically, you would designate one machine to be the client and the
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1511,6 +1749,149 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $seed
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_kx_seed_keypair($seed)
+    {
+        ParagonIE_Sodium_Core_Util::declareScalarType($seed, 'string', 1);
+
+        $seed = (string) $seed;
+
+        if (ParagonIE_Sodium_Core_Util::strlen($seed) !== self::CRYPTO_KX_SEEDBYTES) {
+            throw new SodiumException('seed must be SODIUM_CRYPTO_KX_SEEDBYTES bytes');
+        }
+
+        $sk = self::crypto_generichash($seed, '', self::CRYPTO_KX_SECRETKEYBYTES);
+        $pk = self::crypto_scalarmult_base($sk);
+        return $sk . $pk;
+    }
+
+    /**
+     * @return string
+     * @throws Exception
+     */
+    public static function crypto_kx_keypair()
+    {
+        $sk = self::randombytes_buf(self::CRYPTO_KX_SECRETKEYBYTES);
+        $pk = self::crypto_scalarmult_base($sk);
+        return $sk . $pk;
+    }
+
+    /**
+     * @param string $keypair
+     * @param string $serverPublicKey
+     * @return array{0: string, 1: string}
+     * @throws SodiumException
+     */
+    public static function crypto_kx_client_session_keys($keypair, $serverPublicKey)
+    {
+        ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($serverPublicKey, 'string', 2);
+
+        $keypair = (string) $keypair;
+        $serverPublicKey = (string) $serverPublicKey;
+
+        if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_KX_KEYPAIRBYTES) {
+            throw new SodiumException('keypair should be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($serverPublicKey) !== self::CRYPTO_KX_PUBLICKEYBYTES) {
+            throw new SodiumException('public keys must be SODIUM_CRYPTO_KX_PUBLICKEYBYTES bytes');
+        }
+
+        $sk = self::crypto_kx_secretkey($keypair);
+        $pk = self::crypto_kx_publickey($keypair);
+        $h = self::crypto_generichash_init(null, self::CRYPTO_KX_SESSIONKEYBYTES * 2);
+        self::crypto_generichash_update($h, self::crypto_scalarmult($sk, $serverPublicKey));
+        self::crypto_generichash_update($h, $pk);
+        self::crypto_generichash_update($h, $serverPublicKey);
+        $sessionKeys = self::crypto_generichash_final($h, self::CRYPTO_KX_SESSIONKEYBYTES * 2);
+        return array(
+            ParagonIE_Sodium_Core_Util::substr(
+                $sessionKeys,
+                0,
+                self::CRYPTO_KX_SESSIONKEYBYTES
+            ),
+            ParagonIE_Sodium_Core_Util::substr(
+                $sessionKeys,
+                self::CRYPTO_KX_SESSIONKEYBYTES,
+                self::CRYPTO_KX_SESSIONKEYBYTES
+            )
+        );
+    }
+
+    /**
+     * @param string $keypair
+     * @param string $clientPublicKey
+     * @return array{0: string, 1: string}
+     * @throws SodiumException
+     */
+    public static function crypto_kx_server_session_keys($keypair, $clientPublicKey)
+    {
+        ParagonIE_Sodium_Core_Util::declareScalarType($keypair, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($clientPublicKey, 'string', 2);
+
+        $keypair = (string) $keypair;
+        $clientPublicKey = (string) $clientPublicKey;
+
+        if (ParagonIE_Sodium_Core_Util::strlen($keypair) !== self::CRYPTO_KX_KEYPAIRBYTES) {
+            throw new SodiumException('keypair should be SODIUM_CRYPTO_KX_KEYPAIRBYTES bytes');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($clientPublicKey) !== self::CRYPTO_KX_PUBLICKEYBYTES) {
+            throw new SodiumException('public keys must be SODIUM_CRYPTO_KX_PUBLICKEYBYTES bytes');
+        }
+
+        $sk = self::crypto_kx_secretkey($keypair);
+        $pk = self::crypto_kx_publickey($keypair);
+        $h = self::crypto_generichash_init(null, self::CRYPTO_KX_SESSIONKEYBYTES * 2);
+        self::crypto_generichash_update($h, self::crypto_scalarmult($sk, $clientPublicKey));
+        self::crypto_generichash_update($h, $clientPublicKey);
+        self::crypto_generichash_update($h, $pk);
+        $sessionKeys = self::crypto_generichash_final($h, self::CRYPTO_KX_SESSIONKEYBYTES * 2);
+        return array(
+            ParagonIE_Sodium_Core_Util::substr(
+                $sessionKeys,
+                self::CRYPTO_KX_SESSIONKEYBYTES,
+                self::CRYPTO_KX_SESSIONKEYBYTES
+            ),
+            ParagonIE_Sodium_Core_Util::substr(
+                $sessionKeys,
+                0,
+                self::CRYPTO_KX_SESSIONKEYBYTES
+            )
+        );
+    }
+
+    /**
+     * @param string $kp
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_kx_secretkey($kp)
+    {
+        return ParagonIE_Sodium_Core_Util::substr(
+            $kp,
+            0,
+            self::CRYPTO_KX_SECRETKEYBYTES
+        );
+    }
+
+    /**
+     * @param string $kp
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_kx_publickey($kp)
+    {
+        return ParagonIE_Sodium_Core_Util::substr(
+            $kp,
+            self::CRYPTO_KX_SECRETKEYBYTES,
+            self::CRYPTO_KX_PUBLICKEYBYTES
+        );
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * @param int $outlen
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $passwd
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $salt
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1593,6 +1974,36 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Do we need to rehash this password?
+     *
+     * @param string $hash
+     * @param int $opslimit
+     * @param int $memlimit
+     * @return bool
+     * @throws SodiumException
+     */
+    public static function crypto_pwhash_str_needs_rehash($hash, $opslimit, $memlimit)
+    {
+        ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
+        ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);
+
+        // Just grab the first 4 pieces.
+        $pieces = explode('$', (string) $hash);
+        $prefix = implode('$', array_slice($pieces, 0, 4));
+
+        // Rebuild the expected header.
+        /** @var int $ops */
+        $ops = (int) $opslimit;
+        /** @var int $mem */
+        $mem = (int) $memlimit >> 10;
+        $encoded = self::CRYPTO_PWHASH_STRPREFIX . 'v=19$m=' . $mem . ',t=' . $ops . ',p=1';
+
+        // Do they match? If so, we don't need to rehash, so return false.
+        return !ParagonIE_Sodium_Core_Util::hashEquals($encoded, $prefix);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * @param string $passwd
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $hash
</span><span class="cx" style="display: block; padding: 0 10px">      * @return bool
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1988,6 +2399,111 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $key
+     * @return array<int, string> Returns a state and a header.
+     * @throws Exception
+     * @throws SodiumException
+     */
+    public static function crypto_secretstream_xchacha20poly1305_init_push($key)
+    {
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_init_push($key);
+        }
+        return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_init_push($key);
+    }
+
+    /**
+     * @param string $header
+     * @param string $key
+     * @return string Returns a state.
+     * @throws Exception
+     */
+    public static function crypto_secretstream_xchacha20poly1305_init_pull($header, $key)
+    {
+        if (ParagonIE_Sodium_Core_Util::strlen($header) < self::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES) {
+            throw new SodiumException(
+                'header size should be SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES bytes'
+            );
+        }
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_init_pull($key, $header);
+        }
+        return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_init_pull($key, $header);
+    }
+
+    /**
+     * @param string $state
+     * @param string $msg
+     * @param string $aad
+     * @param int $tag
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
+    {
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_push(
+                $state,
+                $msg,
+                $aad,
+                $tag
+            );
+        }
+        return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_push(
+            $state,
+            $msg,
+            $aad,
+            $tag
+        );
+    }
+
+    /**
+     * @param string $state
+     * @param string $msg
+     * @param string $aad
+     * @return bool|array{0: string, 1: int}
+     * @throws SodiumException
+     */
+    public static function crypto_secretstream_xchacha20poly1305_pull(&$state, $msg, $aad = '')
+    {
+        if (PHP_INT_SIZE === 4) {
+            return ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_pull(
+                $state,
+                $msg,
+                $aad
+            );
+        }
+        return ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_pull(
+            $state,
+            $msg,
+            $aad
+        );
+    }
+
+    /**
+     * @return string
+     * @throws Exception
+     */
+    public static function crypto_secretstream_xchacha20poly1305_keygen()
+    {
+        return random_bytes(self::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES);
+    }
+
+    /**
+     * @param string $state
+     * @return void
+     * @throws SodiumException
+     */
+    public static function crypto_secretstream_xchacha20poly1305_rekey(&$state)
+    {
+        if (PHP_INT_SIZE === 4) {
+            ParagonIE_Sodium_Crypto32::secretstream_xchacha20poly1305_rekey($state);
+        } else {
+            ParagonIE_Sodium_Crypto::secretstream_xchacha20poly1305_rekey($state);
+        }
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Calculates a SipHash-2-4 hash of a message for a given key.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $message Input message
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2137,6 +2653,32 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $sk
+     * @param string $pk
+     * @return string
+     * @throws SodiumException
+     */
+    public static function crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk)
+    {
+        ParagonIE_Sodium_Core_Util::declareScalarType($sk, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($pk, 'string', 1);
+        $sk = (string) $sk;
+        $pk = (string) $pk;
+
+        if (ParagonIE_Sodium_Core_Util::strlen($sk) !== self::CRYPTO_SIGN_SECRETKEYBYTES) {
+            throw new SodiumException('secretkey should be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes');
+        }
+        if (ParagonIE_Sodium_Core_Util::strlen($pk) !== self::CRYPTO_SIGN_PUBLICKEYBYTES) {
+            throw new SodiumException('publickey should be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes');
+        }
+
+        if (self::useNewSodiumAPI()) {
+            return sodium_crypto_sign_keypair_from_secretkey_and_publickey($sk, $pk);
+        }
+        return $sk . $pk;
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Generate an Ed25519 keypair from a seed.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $seed Input seed
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2624,6 +3166,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">         ParagonIE_Sodium_Core_Util::declareScalarType($left, 'string', 1);
</span><span class="cx" style="display: block; padding: 0 10px">         ParagonIE_Sodium_Core_Util::declareScalarType($right, 'string', 2);
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if (self::useNewSodiumAPI()) {
+            return sodium_memcmp($left, $right);
+        }
</ins><span class="cx" style="display: block; padding: 0 10px">         if (self::use_fallback('memcmp')) {
</span><span class="cx" style="display: block; padding: 0 10px">             return (int) call_user_func('\\Sodium\\memcmp', $left, $right);
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2669,6 +3214,158 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $unpadded
+     * @param int $blockSize
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function pad($unpadded, $blockSize, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($unpadded, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
+
+        $unpadded = (string) $unpadded;
+        $blockSize = (int) $blockSize;
+
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return (string) sodium_pad($unpadded, $blockSize);
+        }
+
+        if ($blockSize <= 0) {
+            throw new SodiumException(
+                'block size cannot be less than 1'
+            );
+        }
+        $unpadded_len = ParagonIE_Sodium_Core_Util::strlen($unpadded);
+        $xpadlen = ($blockSize - 1);
+        if (($blockSize & ($blockSize - 1)) === 0) {
+            $xpadlen -= $unpadded_len & ($blockSize - 1);
+        } else {
+            $xpadlen -= $unpadded_len % $blockSize;
+        }
+
+        $xpadded_len = $unpadded_len + $xpadlen;
+        $padded = str_repeat("\0", $xpadded_len - 1);
+        if ($unpadded_len > 0) {
+            $st = 1;
+            $i = 0;
+            $k = $unpadded_len;
+            for ($j = 0; $j <= $xpadded_len; ++$j) {
+                $i = (int) $i;
+                $k = (int) $k;
+                $st = (int) $st;
+                if ($j >= $unpadded_len) {
+                    $padded[$j] = "\0";
+                } else {
+                    $padded[$j] = $unpadded[$j];
+                }
+                /** @var int $k */
+                $k -= $st;
+                $st = (int) (~(
+                            (
+                                (
+                                    ($k >> 48)
+                                        |
+                                    ($k >> 32)
+                                        |
+                                    ($k >> 16)
+                                        |
+                                    $k
+                                ) - 1
+                            ) >> 16
+                        )
+                    ) & 1;
+                $i += $st;
+            }
+        }
+
+        $mask = 0;
+        $tail = $xpadded_len;
+        for ($i = 0; $i < $blockSize; ++$i) {
+            # barrier_mask = (unsigned char)
+            #     (((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1U) * CHAR_BIT));
+            $barrier_mask = (($i ^ $xpadlen) -1) >> ((PHP_INT_SIZE << 3) - 1);
+            # tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask);
+            $padded[$tail - $i] = ParagonIE_Sodium_Core_Util::intToChr(
+                (ParagonIE_Sodium_Core_Util::chrToInt($padded[$tail - $i]) & $mask)
+                    |
+                (0x80 & $barrier_mask)
+            );
+            # mask |= barrier_mask;
+            $mask |= $barrier_mask;
+        }
+        return $padded;
+    }
+
+    /**
+     * @param string $padded
+     * @param int $blockSize
+     * @param bool $dontFallback
+     * @return string
+     * @throws SodiumException
+     */
+    public static function unpad($padded, $blockSize, $dontFallback = false)
+    {
+        /* Type checks: */
+        ParagonIE_Sodium_Core_Util::declareScalarType($padded, 'string', 1);
+        ParagonIE_Sodium_Core_Util::declareScalarType($blockSize, 'int', 2);
+
+        $padded = (string) $padded;
+        $blockSize = (int) $blockSize;
+
+        if (self::useNewSodiumAPI() && !$dontFallback) {
+            return (string) sodium_unpad($padded, $blockSize);
+        }
+        if ($blockSize <= 0) {
+            throw new SodiumException('block size cannot be less than 1');
+        }
+        $padded_len = ParagonIE_Sodium_Core_Util::strlen($padded);
+        if ($padded_len < $blockSize) {
+            throw new SodiumException('invalid padding');
+        }
+
+        # tail = &padded[padded_len - 1U];
+        $tail = $padded_len - 1;
+
+        $acc = 0;
+        $valid = 0;
+        $pad_len = 0;
+
+        $found = 0;
+        for ($i = 0; $i < $blockSize; ++$i) {
+            # c = tail[-i];
+            $c = ParagonIE_Sodium_Core_Util::chrToInt($padded[$tail - $i]);
+
+            # is_barrier =
+            #     (( (acc - 1U) & (pad_len - 1U) & ((c ^ 0x80) - 1U) ) >> 8) & 1U;
+            $is_barrier = (
+                (
+                    ($acc - 1) & ($pad_len - 1) & (($c ^ 80) - 1)
+                ) >> 7
+            ) & 1;
+            $is_barrier &= ~$found;
+            $found |= $is_barrier;
+
+            # acc |= c;
+            $acc |= $c;
+
+            # pad_len |= i & (1U + ~is_barrier);
+            $pad_len |= $i & (1 + ~$is_barrier);
+
+            # valid |= (unsigned char) is_barrier;
+            $valid |= ($is_barrier & 0xff);
+        }
+        # unpadded_len = padded_len - 1U - pad_len;
+        $unpadded_len = $padded_len - 1 - $pad_len;
+        if ($valid !== 1) {
+            throw new SodiumException('invalid padding');
+        }
+        return ParagonIE_Sodium_Core_Util::substr($padded, 0, $unpadded_len);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Will sodium_compat run fast on the current hardware and PHP configuration?
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @return bool
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCoreBLAKE2bphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core/BLAKE2b.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core/BLAKE2b.php   2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core/BLAKE2b.php     2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -88,10 +88,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="cx" style="display: block; padding: 0 10px">         $l = ($x[1] + $y[1]) & 0xffffffff;
</span><span class="cx" style="display: block; padding: 0 10px">         return self::new64(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $x[0] + $y[0] + (
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            (int) ($x[0] + $y[0] + (
</ins><span class="cx" style="display: block; padding: 0 10px">                 ($l < $x[1]) ? 1 : 0
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            ),
-            $l
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            )),
+            (int) $l
</ins><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -132,8 +132,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('y[1] is not an integer');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px">         return self::new64(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            (int) ($x[0] ^ $y[0]),
-            (int) ($x[1] ^ $y[1])
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            (int) (($x[0] ^ $y[0]) & 0xffffffff),
+            (int) (($x[1] ^ $y[1]) & 0xffffffff)
</ins><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -299,12 +299,13 @@
</span><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     protected static function context()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $ctx    = new SplFixedArray(5);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $ctx    = new SplFixedArray(6);
</ins><span class="cx" style="display: block; padding: 0 10px">         $ctx[0] = new SplFixedArray(8);   // h
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[1] = new SplFixedArray(2);   // t
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[2] = new SplFixedArray(2);   // f
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[3] = new SplFixedArray(256); // buf
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[4] = 0;                      // buflen
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $ctx[5] = 0;                      // last_node (uint8_t)
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 8; $i--;) {
</span><span class="cx" style="display: block; padding: 0 10px">             $ctx[0][$i] = self::$iv[$i];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -550,6 +551,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param SplFixedArray|null $key
</span><span class="cx" style="display: block; padding: 0 10px">      * @param int $outlen
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param SplFixedArray|null $salt
+     * @param SplFixedArray|null $personal
</ins><span class="cx" style="display: block; padding: 0 10px">      * @return SplFixedArray
</span><span class="cx" style="display: block; padding: 0 10px">      * @throws SodiumException
</span><span class="cx" style="display: block; padding: 0 10px">      * @throws TypeError
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -559,8 +562,12 @@
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress MixedArrayAssignment
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress MixedArrayOffset
</span><span class="cx" style="display: block; padding: 0 10px">      */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    public static function init($key = null, $outlen = 64)
-    {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    public static function init(
+        $key = null,
+        $outlen = 64,
+        $salt = null,
+        $personal = null
+    ) {
</ins><span class="cx" style="display: block; padding: 0 10px">         self::pseudoConstructor();
</span><span class="cx" style="display: block; padding: 0 10px">         $klen = 0;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -578,6 +585,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx = self::context();
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         $p = new SplFixedArray(64);
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        // Zero our param buffer...
</ins><span class="cx" style="display: block; padding: 0 10px">         for ($i = 64; --$i;) {
</span><span class="cx" style="display: block; padding: 0 10px">             $p[$i] = 0;
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -587,10 +595,32 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $p[2] = 1;       // fanout
</span><span class="cx" style="display: block; padding: 0 10px">         $p[3] = 1;       // depth
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($salt instanceof SplFixedArray) {
+            // salt: [32] through [47]
+            for ($i = 0; $i < 16; ++$i) {
+                $p[32 + $i] = (int) $salt[$i];
+            }
+        }
+        if ($personal instanceof SplFixedArray) {
+            // personal: [48] through [63]
+            for ($i = 0; $i < 16; ++$i) {
+                $p[48 + $i] = (int) $personal[$i];
+            }
+        }
+
</ins><span class="cx" style="display: block; padding: 0 10px">         $ctx[0][0] = self::xor64(
</span><span class="cx" style="display: block; padding: 0 10px">             $ctx[0][0],
</span><span class="cx" style="display: block; padding: 0 10px">             self::load64($p, 0)
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($salt instanceof SplFixedArray || $personal instanceof SplFixedArray) {
+            // We need to do what blake2b_init_param() does:
+            for ($i = 1; $i < 8; ++$i) {
+                $ctx[0][$i] = self::xor64(
+                    $ctx[0][$i],
+                    self::load64($p, $i << 3)
+                );
+            }
+        }
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         if ($klen > 0 && $key instanceof SplFixedArray) {
</span><span class="cx" style="display: block; padding: 0 10px">             $block = new SplFixedArray(128);
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -601,6 +631,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">                 $block[$i] = $key[$i];
</span><span class="cx" style="display: block; padding: 0 10px">             }
</span><span class="cx" style="display: block; padding: 0 10px">             self::update($ctx, $block, 128);
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $ctx[4] = 128;
</ins><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         return $ctx;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -693,7 +724,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 56) & 0xff)
</span><span class="cx" style="display: block; padding: 0 10px">         ));
</span><span class="cx" style="display: block; padding: 0 10px">         # uint8_t last_node;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        return $str . "\x00";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        return $str . self::intToChr($ctx[5]) . str_repeat("\x00", 23);
</ins><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -746,7 +777,6 @@
</span><span class="cx" style="display: block; padding: 0 10px">         # uint8_t buf[2 * 128];
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[3] = self::stringToSplFixedArray(self::substr($string, 96, 256));
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><span class="cx" style="display: block; padding: 0 10px">         # uint8_t buf[2 * 128];
</span><span class="cx" style="display: block; padding: 0 10px">         $int = 0;
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 0; $i < 8; ++$i) {
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCoreEd25519php"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core/Ed25519.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core/Ed25519.php   2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core/Ed25519.php     2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -276,7 +276,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         if (self::strlen($sig) < 64) {
</span><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('Signature is too short');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        if (self::check_S_lt_L(self::substr($sig, 32, 32))) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) {
</ins><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('S < L - Invalid signature');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px">         if (self::small_order($sig)) {
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCorePoly1305Statephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core/Poly1305/State.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core/Poly1305/State.php    2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core/Poly1305/State.php      2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -80,6 +80,29 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Zero internal buffer upon destruction
+     */
+    public function __destruct()
+    {
+        $this->r[0] ^= $this->r[0];
+        $this->r[1] ^= $this->r[1];
+        $this->r[2] ^= $this->r[2];
+        $this->r[3] ^= $this->r[3];
+        $this->r[4] ^= $this->r[4];
+        $this->h[0] ^= $this->h[0];
+        $this->h[1] ^= $this->h[1];
+        $this->h[2] ^= $this->h[2];
+        $this->h[3] ^= $this->h[3];
+        $this->h[4] ^= $this->h[4];
+        $this->pad[0] ^= $this->pad[0];
+        $this->pad[1] ^= $this->pad[1];
+        $this->pad[2] ^= $this->pad[2];
+        $this->pad[3] ^= $this->pad[3];
+        $this->leftover = 0;
+        $this->final = true;
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * @internal You should not use this directly from another application
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $message
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -90,6 +113,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">     public function update($message = '')
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><span class="cx" style="display: block; padding: 0 10px">         $bytes = self::strlen($message);
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($bytes < 1) {
+            return $this;
+        }
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /* handle leftover */
</span><span class="cx" style="display: block; padding: 0 10px">         if ($this->leftover) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -111,7 +137,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">             $this->blocks(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                static::intArrayToString($this->buffer),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                self::intArrayToString($this->buffer),
</ins><span class="cx" style="display: block; padding: 0 10px">                 ParagonIE_Sodium_Core_Poly1305::BLOCK_SIZE
</span><span class="cx" style="display: block; padding: 0 10px">             );
</span><span class="cx" style="display: block; padding: 0 10px">             $this->leftover = 0;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -296,7 +322,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $this->final = true;
</span><span class="cx" style="display: block; padding: 0 10px">             $this->blocks(
</span><span class="cx" style="display: block; padding: 0 10px">                 self::substr(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                    static::intArrayToString($this->buffer),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                    self::intArrayToString($this->buffer),
</ins><span class="cx" style="display: block; padding: 0 10px">                     0,
</span><span class="cx" style="display: block; padding: 0 10px">                     ParagonIE_Sodium_Core_Poly1305::BLOCK_SIZE
</span><span class="cx" style="display: block; padding: 0 10px">                 ),
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCoreXChaCha20php"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core/XChaCha20.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core/XChaCha20.php 2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core/XChaCha20.php   2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -39,6 +39,33 @@
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="cx" style="display: block; padding: 0 10px">      * @internal You should not use this directly from another application
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param int $len
+     * @param string $nonce
+     * @param string $key
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    public static function ietfStream($len = 64, $nonce = '', $key = '')
+    {
+        if (self::strlen($nonce) !== 24) {
+            throw new SodiumException('Nonce must be 24 bytes long');
+        }
+        return self::encryptBytes(
+            new ParagonIE_Sodium_Core_ChaCha20_IetfCtx(
+                self::hChaCha20(
+                    self::substr($nonce, 0, 16),
+                    $key
+                ),
+                "\x00\x00\x00\x00" . self::substr($nonce, 16, 8)
+            ),
+            str_repeat("\x00", $len)
+        );
+    }
+
+    /**
+     * @internal You should not use this directly from another application
+     *
</ins><span class="cx" style="display: block; padding: 0 10px">      * @param string $message
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $nonce
</span><span class="cx" style="display: block; padding: 0 10px">      * @param string $key
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -61,4 +88,30 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $message
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+    /**
+     * @internal You should not use this directly from another application
+     *
+     * @param string $message
+     * @param string $nonce
+     * @param string $key
+     * @param string $ic
+     * @return string
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    public static function ietfStreamXorIc($message, $nonce = '', $key = '', $ic = '')
+    {
+        if (self::strlen($nonce) !== 24) {
+            throw new SodiumException('Nonce must be 24 bytes long');
+        }
+        return self::encryptBytes(
+            new ParagonIE_Sodium_Core_ChaCha20_IetfCtx(
+                self::hChaCha20(self::substr($nonce, 0, 16), $key),
+                "\x00\x00\x00\x00" . self::substr($nonce, 16, 8),
+                $ic
+            ),
+            $message
+        );
+    }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCore32BLAKE2bphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core32/BLAKE2b.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core32/BLAKE2b.php 2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core32/BLAKE2b.php   2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -223,12 +223,13 @@
</span><span class="cx" style="display: block; padding: 0 10px">      */
</span><span class="cx" style="display: block; padding: 0 10px">     protected static function context()
</span><span class="cx" style="display: block; padding: 0 10px">     {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $ctx    = new SplFixedArray(5);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $ctx    = new SplFixedArray(6);
</ins><span class="cx" style="display: block; padding: 0 10px">         $ctx[0] = new SplFixedArray(8);   // h
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[1] = new SplFixedArray(2);   // t
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[2] = new SplFixedArray(2);   // f
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[3] = new SplFixedArray(256); // buf
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[4] = 0;                      // buflen
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $ctx[5] = 0;                      // last_node (uint8_t)
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 8; $i--;) {
</span><span class="cx" style="display: block; padding: 0 10px">             $ctx[0][$i] = self::$iv[$i];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -482,6 +483,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @param SplFixedArray|null $key
</span><span class="cx" style="display: block; padding: 0 10px">      * @param int $outlen
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param SplFixedArray|null $salt
+     * @param SplFixedArray|null $personal
</ins><span class="cx" style="display: block; padding: 0 10px">      * @return SplFixedArray
</span><span class="cx" style="display: block; padding: 0 10px">      * @throws SodiumException
</span><span class="cx" style="display: block; padding: 0 10px">      * @throws TypeError
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -491,8 +494,12 @@
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress MixedArrayAssignment
</span><span class="cx" style="display: block; padding: 0 10px">      * @psalm-suppress MixedMethodCall
</span><span class="cx" style="display: block; padding: 0 10px">      */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-    public static function init($key = null, $outlen = 64)
-    {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+    public static function init(
+        $key = null,
+        $outlen = 64,
+        $salt = null,
+        $personal = null
+    ) {
</ins><span class="cx" style="display: block; padding: 0 10px">         self::pseudoConstructor();
</span><span class="cx" style="display: block; padding: 0 10px">         $klen = 0;
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -510,6 +517,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx = self::context();
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         $p = new SplFixedArray(64);
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        // Zero our param buffer...
</ins><span class="cx" style="display: block; padding: 0 10px">         for ($i = 64; --$i;) {
</span><span class="cx" style="display: block; padding: 0 10px">             $p[$i] = 0;
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -519,11 +527,34 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $p[2] = 1;       // fanout
</span><span class="cx" style="display: block; padding: 0 10px">         $p[3] = 1;       // depth
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($salt instanceof SplFixedArray) {
+            // salt: [32] through [47]
+            for ($i = 0; $i < 16; ++$i) {
+                $p[32 + $i] = (int) $salt[$i];
+            }
+        }
+        if ($personal instanceof SplFixedArray) {
+            // personal: [48] through [63]
+            for ($i = 0; $i < 16; ++$i) {
+                $p[48 + $i] = (int) $personal[$i];
+            }
+        }
+
</ins><span class="cx" style="display: block; padding: 0 10px">         $ctx[0][0] = self::xor64(
</span><span class="cx" style="display: block; padding: 0 10px">             $ctx[0][0],
</span><span class="cx" style="display: block; padding: 0 10px">             self::load64($p, 0)
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ($salt instanceof SplFixedArray || $personal instanceof SplFixedArray) {
+            // We need to do what blake2b_init_param() does:
+            for ($i = 1; $i < 8; ++$i) {
+                $ctx[0][$i] = self::xor64(
+                    $ctx[0][$i],
+                    self::load64($p, $i << 3)
+                );
+            }
+        }
+
</ins><span class="cx" style="display: block; padding: 0 10px">         if ($klen > 0 && $key instanceof SplFixedArray) {
</span><span class="cx" style="display: block; padding: 0 10px">             $block = new SplFixedArray(128);
</span><span class="cx" style="display: block; padding: 0 10px">             for ($i = 128; $i--;) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -533,6 +564,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">                 $block[$i] = $key[$i];
</span><span class="cx" style="display: block; padding: 0 10px">             }
</span><span class="cx" style="display: block; padding: 0 10px">             self::update($ctx, $block, 128);
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $ctx[4] = 128;
</ins><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         return $ctx;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -595,7 +627,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             }
</span><span class="cx" style="display: block; padding: 0 10px">             /** @var ParagonIE_Sodium_Core32_Int64 $ctxAi */
</span><span class="cx" style="display: block; padding: 0 10px">             $ctxAi = $ctxA[$i];
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $str .= $ctxAi->toString();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $str .= $ctxAi->toReverseString();
</ins><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         # uint64_t t[2];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -608,8 +640,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">             /** @var ParagonIE_Sodium_Core32_Int64 $ctxA2 */
</span><span class="cx" style="display: block; padding: 0 10px">             $ctxA2 = $ctxA[1];
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $str .= $ctxA1->toString();
-            $str .= $ctxA2->toString();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $str .= $ctxA1->toReverseString();
+            $str .= $ctxA2->toReverseString();
</ins><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         # uint8_t buf[2 * 128];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -624,13 +656,16 @@
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 8) & 0xff),
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 16) & 0xff),
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 24) & 0xff),
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            "\x00\x00\x00\x00"
+            /*
</ins><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 32) & 0xff),
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 40) & 0xff),
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 48) & 0xff),
</span><span class="cx" style="display: block; padding: 0 10px">             self::intToChr(($ctx4 >> 56) & 0xff)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            */
</ins><span class="cx" style="display: block; padding: 0 10px">         ));
</span><span class="cx" style="display: block; padding: 0 10px">         # uint8_t last_node;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        return $str . "\x00";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        return $str . self::intToChr($ctx[5]) . str_repeat("\x00", 23);
</ins><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -652,7 +687,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         # uint64_t h[8];
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 0; $i < 8; ++$i) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $ctx[0][$i] = ParagonIE_Sodium_Core32_Int64::fromString(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $ctx[0][$i] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
</ins><span class="cx" style="display: block; padding: 0 10px">                 self::substr($string, (($i << 3) + 0), 8)
</span><span class="cx" style="display: block; padding: 0 10px">             );
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -660,10 +695,10 @@
</span><span class="cx" style="display: block; padding: 0 10px">         # uint64_t t[2];
</span><span class="cx" style="display: block; padding: 0 10px">         # uint64_t f[2];
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 1; $i < 3; ++$i) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $ctx[$i][1] = ParagonIE_Sodium_Core32_Int64::fromString(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $ctx[$i][1] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
</ins><span class="cx" style="display: block; padding: 0 10px">                 self::substr($string, 72 + (($i - 1) << 4), 8)
</span><span class="cx" style="display: block; padding: 0 10px">             );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-            $ctx[$i][0] = ParagonIE_Sodium_Core32_Int64::fromString(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+            $ctx[$i][0] = ParagonIE_Sodium_Core32_Int64::fromReverseString(
</ins><span class="cx" style="display: block; padding: 0 10px">                 self::substr($string, 64 + (($i - 1) << 4), 8)
</span><span class="cx" style="display: block; padding: 0 10px">             );
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -671,7 +706,6 @@
</span><span class="cx" style="display: block; padding: 0 10px">         # uint8_t buf[2 * 128];
</span><span class="cx" style="display: block; padding: 0 10px">         $ctx[3] = self::stringToSplFixedArray(self::substr($string, 96, 256));
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><span class="cx" style="display: block; padding: 0 10px">         # uint8_t buf[2 * 128];
</span><span class="cx" style="display: block; padding: 0 10px">         $int = 0;
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 0; $i < 8; ++$i) {
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCore32Ed25519php"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core32/Ed25519.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core32/Ed25519.php 2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core32/Ed25519.php   2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -278,7 +278,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         if (self::strlen($sig) < 64) {
</span><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('Signature is too short');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        if (self::check_S_lt_L(self::substr($sig, 32, 32))) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if ((self::chrToInt($sig[63]) & 240) && self::check_S_lt_L(self::substr($sig, 32, 32))) {
</ins><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('S < L - Invalid signature');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px">         if (self::small_order($sig)) {
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCore32Poly1305Statephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core32/Poly1305/State.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core32/Poly1305/State.php  2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core32/Poly1305/State.php    2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -142,7 +142,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">             $this->blocks(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                static::intArrayToString($this->buffer),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                self::intArrayToString($this->buffer),
</ins><span class="cx" style="display: block; padding: 0 10px">                 ParagonIE_Sodium_Core32_Poly1305::BLOCK_SIZE
</span><span class="cx" style="display: block; padding: 0 10px">             );
</span><span class="cx" style="display: block; padding: 0 10px">             $this->leftover = 0;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -346,7 +346,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $this->final = true;
</span><span class="cx" style="display: block; padding: 0 10px">             $this->blocks(
</span><span class="cx" style="display: block; padding: 0 10px">                 self::substr(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-                    static::intArrayToString($this->buffer),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+                    self::intArrayToString($this->buffer),
</ins><span class="cx" style="display: block; padding: 0 10px">                     0,
</span><span class="cx" style="display: block; padding: 0 10px">                     ParagonIE_Sodium_Core32_Poly1305::BLOCK_SIZE
</span><span class="cx" style="display: block; padding: 0 10px">                 ),
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCore32X25519php"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Core32/X25519.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Core32/X25519.php  2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Core32/X25519.php    2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -151,8 +151,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">         for ($i = 0; $i < 10; ++$i) {
</span><span class="cx" style="display: block; padding: 0 10px">             $h[$i] = $h[$i]->toInt32();
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        /** @var array<int, ParagonIE_Sodium_Core32_Int32> $h */
-        return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($h);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        /** @var array<int, ParagonIE_Sodium_Core32_Int32> $h2 */
+        $h2 = $h;
+        return ParagonIE_Sodium_Core32_Curve25519_Fe::fromArray($h2);
</ins><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCryptophp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Crypto.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Crypto.php 2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Crypto.php   2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -778,6 +778,53 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Initialize a hashing context for BLAKE2b.
+     *
+     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
+     *
+     * @param string $key
+     * @param int $outputLength
+     * @param string $salt
+     * @param string $personal
+     * @return string
+     * @throws RangeException
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    public static function generichash_init_salt_personal(
+        $key = '',
+        $outputLength = 32,
+        $salt = '',
+        $personal = ''
+    ) {
+        // This ensures that ParagonIE_Sodium_Core_BLAKE2b::$iv is initialized
+        ParagonIE_Sodium_Core_BLAKE2b::pseudoConstructor();
+
+        $k = null;
+        if (!empty($key)) {
+            $k = ParagonIE_Sodium_Core_BLAKE2b::stringToSplFixedArray($key);
+            if ($k->count() > ParagonIE_Sodium_Core_BLAKE2b::KEYBYTES) {
+                throw new RangeException('Invalid key size');
+            }
+        }
+        if (!empty($salt)) {
+            $s = ParagonIE_Sodium_Core_BLAKE2b::stringToSplFixedArray($salt);
+        } else {
+            $s = null;
+        }
+        if (!empty($salt)) {
+            $p = ParagonIE_Sodium_Core_BLAKE2b::stringToSplFixedArray($personal);
+        } else {
+            $p = null;
+        }
+
+        /** @var SplFixedArray $ctx */
+        $ctx = ParagonIE_Sodium_Core_BLAKE2b::init($k, $outputLength, $s, $p);
+
+        return ParagonIE_Sodium_Core_BLAKE2b::contextToString($ctx);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Update a hashing context for BLAKE2b with $message
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1186,6 +1233,362 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $key
+     * @return array<int, string> Returns a state and a header.
+     * @throws Exception
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_init_push($key)
+    {
+        # randombytes_buf(out, crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+        $out = random_bytes(24);
+
+        # crypto_core_hchacha20(state->k, out, k, NULL);
+        $subkey = ParagonIE_Sodium_Core_HChaCha20::hChaCha20($out, $key);
+        $state = new ParagonIE_Sodium_Core_SecretStream_State(
+            $subkey,
+            ParagonIE_Sodium_Core_Util::substr($out, 16, 8) . str_repeat("\0", 4)
+        );
+
+        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
+        $state->counterReset();
+
+        # memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
+        #        crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        # memset(state->_pad, 0, sizeof state->_pad);
+        return array(
+            $state->toString(),
+            $out
+        );
+    }
+
+    /**
+     * @param string $key
+     * @param string $header
+     * @return string Returns a state.
+     * @throws Exception
+     */
+    public static function secretstream_xchacha20poly1305_init_pull($key, $header)
+    {
+        # crypto_core_hchacha20(state->k, in, k, NULL);
+        $subkey = ParagonIE_Sodium_Core_HChaCha20::hChaCha20(
+            ParagonIE_Sodium_Core_Util::substr($header, 0, 16),
+            $key
+        );
+        $state = new ParagonIE_Sodium_Core_SecretStream_State(
+            $subkey,
+            ParagonIE_Sodium_Core_Util::substr($header, 16)
+        );
+        $state->counterReset();
+        # memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
+        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        # memset(state->_pad, 0, sizeof state->_pad);
+        # return 0;
+        return $state->toString();
+    }
+
+    /**
+     * @param string $state
+     * @param string $msg
+     * @param string $aad
+     * @param int $tag
+     * @return string
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
+    {
+        $st = ParagonIE_Sodium_Core_SecretStream_State::fromString($state);
+        # crypto_onetimeauth_poly1305_state poly1305_state;
+        # unsigned char                     block[64U];
+        # unsigned char                     slen[8U];
+        # unsigned char                    *c;
+        # unsigned char                    *mac;
+
+        $msglen = ParagonIE_Sodium_Core_Util::strlen($msg);
+        $aadlen = ParagonIE_Sodium_Core_Util::strlen($aad);
+
+        if ((($msglen + 63) >> 6) > 0xfffffffe) {
+            throw new SodiumException(
+                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
+            );
+        }
+
+        # if (outlen_p != NULL) {
+        #     *outlen_p = 0U;
+        # }
+        # if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
+        #     sodium_misuse();
+        # }
+
+        # crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
+        # crypto_onetimeauth_poly1305_init(&poly1305_state, block);
+        # sodium_memzero(block, sizeof block);
+        $auth = new ParagonIE_Sodium_Core_Poly1305_State(
+            ParagonIE_Sodium_Core_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
+        $auth->update($aad);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
+        #     (0x10 - adlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));
+
+        # memset(block, 0, sizeof block);
+        # block[0] = tag;
+        # crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
+        #                                    state->nonce, 1U, state->k);
+        $block = ParagonIE_Sodium_Core_ChaCha20::ietfStreamXorIc(
+            ParagonIE_Sodium_Core_Util::intToChr($tag) . str_repeat("\0", 63),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core_Util::store64_le(1)
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
+        $auth->update($block);
+
+        # out[0] = block[0];
+        $out = $block[0];
+        # c = out + (sizeof tag);
+        # crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k);
+        $cipher = ParagonIE_Sodium_Core_ChaCha20::ietfStreamXorIc(
+            $msg,
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core_Util::store64_le(2)
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
+        $auth->update($cipher);
+
+        $out .= $cipher;
+        unset($cipher);
+
+        # crypto_onetimeauth_poly1305_update
+        # (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));
+
+        # STORE64_LE(slen, (uint64_t) adlen);
+        $slen = ParagonIE_Sodium_Core_Util::store64_le($aadlen);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $auth->update($slen);
+
+        # STORE64_LE(slen, (sizeof block) + mlen);
+        $slen = ParagonIE_Sodium_Core_Util::store64_le(64 + $msglen);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $auth->update($slen);
+
+        # mac = c + mlen;
+        # crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
+        $mac = $auth->finish();
+        $out .= $mac;
+
+        # sodium_memzero(&poly1305_state, sizeof poly1305_state);
+        unset($auth);
+
+
+        # XOR_BUF(STATE_INONCE(state), mac,
+        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        $st->xorNonce($mac);
+
+        # sodium_increment(STATE_COUNTER(state),
+        #     crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+        $st->incrementCounter();
+        // Overwrite by reference:
+        $state = $st->toString();
+
+        /** @var bool $rekey */
+        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
+        # if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
+        #     sodium_is_zero(STATE_COUNTER(state),
+        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
+        #     crypto_secretstream_xchacha20poly1305_rekey(state);
+        # }
+        if ($rekey || $st->needsRekey()) {
+            // DO REKEY
+            self::secretstream_xchacha20poly1305_rekey($state);
+        }
+        # if (outlen_p != NULL) {
+        #     *outlen_p = crypto_secretstream_xchacha20poly1305_ABYTES + mlen;
+        # }
+        return $out;
+    }
+
+    /**
+     * @param string $state
+     * @param string $cipher
+     * @param string $aad
+     * @return bool|array{0: string, 1: int}
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_pull(&$state, $cipher, $aad = '')
+    {
+        $st = ParagonIE_Sodium_Core_SecretStream_State::fromString($state);
+
+        $cipherlen = ParagonIE_Sodium_Core_Util::strlen($cipher);
+        #     mlen = inlen - crypto_secretstream_xchacha20poly1305_ABYTES;
+        $msglen = $cipherlen - ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES;
+        $aadlen = ParagonIE_Sodium_Core_Util::strlen($aad);
+
+        #     if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
+        #         sodium_misuse();
+        #     }
+        if ((($msglen + 63) >> 6) > 0xfffffffe) {
+            throw new SodiumException(
+                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
+            );
+        }
+
+        #     crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
+        #     crypto_onetimeauth_poly1305_init(&poly1305_state, block);
+        #     sodium_memzero(block, sizeof block);
+        $auth = new ParagonIE_Sodium_Core_Poly1305_State(
+            ParagonIE_Sodium_Core_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
+        );
+
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
+        $auth->update($aad);
+
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
+        #         (0x10 - adlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));
+
+
+        #     memset(block, 0, sizeof block);
+        #     block[0] = in[0];
+        #     crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
+        #                                        state->nonce, 1U, state->k);
+        $block = ParagonIE_Sodium_Core_ChaCha20::ietfStreamXorIc(
+            $cipher[0] . str_repeat("\0", 63),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core_Util::store64_le(1)
+        );
+        #     tag = block[0];
+        #     block[0] = in[0];
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
+        $tag = ParagonIE_Sodium_Core_Util::chrToInt($block[0]);
+        $block[0] = $cipher[0];
+        $auth->update($block);
+
+
+        #     c = in + (sizeof tag);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
+        $auth->update(ParagonIE_Sodium_Core_Util::substr($cipher, 1, $msglen));
+
+        #     crypto_onetimeauth_poly1305_update
+        #     (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));
+
+        #     STORE64_LE(slen, (uint64_t) adlen);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $slen = ParagonIE_Sodium_Core_Util::store64_le($aadlen);
+        $auth->update($slen);
+
+        #     STORE64_LE(slen, (sizeof block) + mlen);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $slen = ParagonIE_Sodium_Core_Util::store64_le(64 + $msglen);
+        $auth->update($slen);
+
+        #     crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
+        #     sodium_memzero(&poly1305_state, sizeof poly1305_state);
+        $mac = $auth->finish();
+
+        #     stored_mac = c + mlen;
+        #     if (sodium_memcmp(mac, stored_mac, sizeof mac) != 0) {
+        #     sodium_memzero(mac, sizeof mac);
+        #         return -1;
+        #     }
+
+        $stored = ParagonIE_Sodium_Core_Util::substr($cipher, $msglen + 1, 16);
+        if (!ParagonIE_Sodium_Core_Util::hashEquals($mac, $stored)) {
+            return false;
+        }
+
+        #     crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k);
+        $out = ParagonIE_Sodium_Core_ChaCha20::ietfStreamXorIc(
+            ParagonIE_Sodium_Core_Util::substr($cipher, 1, $msglen),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core_Util::store64_le(2)
+        );
+
+        #     XOR_BUF(STATE_INONCE(state), mac,
+        #         crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        $st->xorNonce($mac);
+
+        #     sodium_increment(STATE_COUNTER(state),
+        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+        $st->incrementCounter();
+
+        #     if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
+        #         sodium_is_zero(STATE_COUNTER(state),
+        #             crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
+        #         crypto_secretstream_xchacha20poly1305_rekey(state);
+        #     }
+
+        // Overwrite by reference:
+        $state = $st->toString();
+
+        /** @var bool $rekey */
+        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
+        if ($rekey || $st->needsRekey()) {
+            // DO REKEY
+            self::secretstream_xchacha20poly1305_rekey($state);
+        }
+        return array($out, $tag);
+    }
+
+    /**
+     * @param string $state
+     * @return void
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_rekey(&$state)
+    {
+        $st = ParagonIE_Sodium_Core_SecretStream_State::fromString($state);
+        # unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
+        # crypto_secretstream_xchacha20poly1305_INONCEBYTES];
+        # size_t        i;
+        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
+        #     new_key_and_inonce[i] = state->k[i];
+        # }
+        $new_key_and_inonce = $st->getKey();
+
+        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
+        #     new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i] =
+        #         STATE_INONCE(state)[i];
+        # }
+        $new_key_and_inonce .= ParagonIE_Sodium_Core_Util::substR($st->getNonce(), 0, 8);
+
+        # crypto_stream_chacha20_ietf_xor(new_key_and_inonce, new_key_and_inonce,
+        #                                 sizeof new_key_and_inonce,
+        #                                 state->nonce, state->k);
+
+        $st->rekey(ParagonIE_Sodium_Core_ChaCha20::ietfStreamXorIc(
+            $new_key_and_inonce,
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core_Util::store64_le(0)
+        ));
+
+        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
+        #     state->k[i] = new_key_and_inonce[i];
+        # }
+        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
+        #     STATE_INONCE(state)[i] =
+        #          new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
+        # }
+        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
+        $st->counterReset();
+
+        $state = $st->toString();
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Detached Ed25519 signature.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcCrypto32php"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/Crypto32.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/Crypto32.php       2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/Crypto32.php 2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -777,6 +777,53 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * Initialize a hashing context for BLAKE2b.
+     *
+     * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
+     *
+     * @param string $key
+     * @param int $outputLength
+     * @param string $salt
+     * @param string $personal
+     * @return string
+     * @throws RangeException
+     * @throws SodiumException
+     * @throws TypeError
+     */
+    public static function generichash_init_salt_personal(
+        $key = '',
+        $outputLength = 32,
+        $salt = '',
+        $personal = ''
+    ) {
+        // This ensures that ParagonIE_Sodium_Core32_BLAKE2b::$iv is initialized
+        ParagonIE_Sodium_Core32_BLAKE2b::pseudoConstructor();
+
+        $k = null;
+        if (!empty($key)) {
+            $k = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($key);
+            if ($k->count() > ParagonIE_Sodium_Core32_BLAKE2b::KEYBYTES) {
+                throw new RangeException('Invalid key size');
+            }
+        }
+        if (!empty($salt)) {
+            $s = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($salt);
+        } else {
+            $s = null;
+        }
+        if (!empty($salt)) {
+            $p = ParagonIE_Sodium_Core32_BLAKE2b::stringToSplFixedArray($personal);
+        } else {
+            $p = null;
+        }
+
+        /** @var SplFixedArray $ctx */
+        $ctx = ParagonIE_Sodium_Core32_BLAKE2b::init($k, $outputLength, $s, $p);
+
+        return ParagonIE_Sodium_Core32_BLAKE2b::contextToString($ctx);
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Update a hashing context for BLAKE2b with $message
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1185,6 +1232,362 @@
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">     /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+     * @param string $key
+     * @return array<int, string> Returns a state and a header.
+     * @throws Exception
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_init_push($key)
+    {
+        # randombytes_buf(out, crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+        $out = random_bytes(24);
+
+        # crypto_core_hchacha20(state->k, out, k, NULL);
+        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20($out, $key);
+        $state = new ParagonIE_Sodium_Core32_SecretStream_State(
+            $subkey,
+            ParagonIE_Sodium_Core32_Util::substr($out, 16, 8) . str_repeat("\0", 4)
+        );
+
+        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
+        $state->counterReset();
+
+        # memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
+        #        crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        # memset(state->_pad, 0, sizeof state->_pad);
+        return array(
+            $state->toString(),
+            $out
+        );
+    }
+
+    /**
+     * @param string $key
+     * @param string $header
+     * @return string Returns a state.
+     * @throws Exception
+     */
+    public static function secretstream_xchacha20poly1305_init_pull($key, $header)
+    {
+        # crypto_core_hchacha20(state->k, in, k, NULL);
+        $subkey = ParagonIE_Sodium_Core32_HChaCha20::hChaCha20(
+            ParagonIE_Sodium_Core32_Util::substr($header, 0, 16),
+            $key
+        );
+        $state = new ParagonIE_Sodium_Core32_SecretStream_State(
+            $subkey,
+            ParagonIE_Sodium_Core32_Util::substr($header, 16)
+        );
+        $state->counterReset();
+        # memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
+        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        # memset(state->_pad, 0, sizeof state->_pad);
+        # return 0;
+        return $state->toString();
+    }
+
+    /**
+     * @param string $state
+     * @param string $msg
+     * @param string $aad
+     * @param int $tag
+     * @return string
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_push(&$state, $msg, $aad = '', $tag = 0)
+    {
+        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);
+        # crypto_onetimeauth_poly1305_state poly1305_state;
+        # unsigned char                     block[64U];
+        # unsigned char                     slen[8U];
+        # unsigned char                    *c;
+        # unsigned char                    *mac;
+
+        $msglen = ParagonIE_Sodium_Core32_Util::strlen($msg);
+        $aadlen = ParagonIE_Sodium_Core32_Util::strlen($aad);
+
+        if ((($msglen + 63) >> 6) > 0xfffffffe) {
+            throw new SodiumException(
+                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
+            );
+        }
+
+        # if (outlen_p != NULL) {
+        #     *outlen_p = 0U;
+        # }
+        # if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
+        #     sodium_misuse();
+        # }
+
+        # crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
+        # crypto_onetimeauth_poly1305_init(&poly1305_state, block);
+        # sodium_memzero(block, sizeof block);
+        $auth = new ParagonIE_Sodium_Core32_Poly1305_State(
+            ParagonIE_Sodium_Core32_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
+        $auth->update($aad);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
+        #     (0x10 - adlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));
+
+        # memset(block, 0, sizeof block);
+        # block[0] = tag;
+        # crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
+        #                                    state->nonce, 1U, state->k);
+        $block = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
+            ParagonIE_Sodium_Core32_Util::intToChr($tag) . str_repeat("\0", 63),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core32_Util::store64_le(1)
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
+        $auth->update($block);
+
+        # out[0] = block[0];
+        $out = $block[0];
+        # c = out + (sizeof tag);
+        # crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k);
+        $cipher = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
+            $msg,
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core32_Util::store64_le(2)
+        );
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
+        $auth->update($cipher);
+
+        $out .= $cipher;
+        unset($cipher);
+
+        # crypto_onetimeauth_poly1305_update
+        # (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));
+
+        # STORE64_LE(slen, (uint64_t) adlen);
+        $slen = ParagonIE_Sodium_Core32_Util::store64_le($aadlen);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $auth->update($slen);
+
+        # STORE64_LE(slen, (sizeof block) + mlen);
+        $slen = ParagonIE_Sodium_Core32_Util::store64_le(64 + $msglen);
+
+        # crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $auth->update($slen);
+
+        # mac = c + mlen;
+        # crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
+        $mac = $auth->finish();
+        $out .= $mac;
+
+        # sodium_memzero(&poly1305_state, sizeof poly1305_state);
+        unset($auth);
+
+
+        # XOR_BUF(STATE_INONCE(state), mac,
+        #     crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        $st->xorNonce($mac);
+
+        # sodium_increment(STATE_COUNTER(state),
+        #     crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+        $st->incrementCounter();
+        // Overwrite by reference:
+        $state = $st->toString();
+
+        /** @var bool $rekey */
+        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
+        # if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
+        #     sodium_is_zero(STATE_COUNTER(state),
+        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
+        #     crypto_secretstream_xchacha20poly1305_rekey(state);
+        # }
+        if ($rekey || $st->needsRekey()) {
+            // DO REKEY
+            self::secretstream_xchacha20poly1305_rekey($state);
+        }
+        # if (outlen_p != NULL) {
+        #     *outlen_p = crypto_secretstream_xchacha20poly1305_ABYTES + mlen;
+        # }
+        return $out;
+    }
+
+    /**
+     * @param string $state
+     * @param string $cipher
+     * @param string $aad
+     * @return bool|array{0: string, 1: int}
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_pull(&$state, $cipher, $aad = '')
+    {
+        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);
+
+        $cipherlen = ParagonIE_Sodium_Core32_Util::strlen($cipher);
+        #     mlen = inlen - crypto_secretstream_xchacha20poly1305_ABYTES;
+        $msglen = $cipherlen - ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES;
+        $aadlen = ParagonIE_Sodium_Core32_Util::strlen($aad);
+
+        #     if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
+        #         sodium_misuse();
+        #     }
+        if ((($msglen + 63) >> 6) > 0xfffffffe) {
+            throw new SodiumException(
+                'message cannot be larger than SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_MESSAGEBYTES_MAX bytes'
+            );
+        }
+
+        #     crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
+        #     crypto_onetimeauth_poly1305_init(&poly1305_state, block);
+        #     sodium_memzero(block, sizeof block);
+        $auth = new ParagonIE_Sodium_Core32_Poly1305_State(
+            ParagonIE_Sodium_Core32_ChaCha20::ietfStream(32, $st->getCombinedNonce(), $st->getKey())
+        );
+
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
+        $auth->update($aad);
+
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
+        #         (0x10 - adlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - $aadlen) & 0xf)));
+
+
+        #     memset(block, 0, sizeof block);
+        #     block[0] = in[0];
+        #     crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
+        #                                        state->nonce, 1U, state->k);
+        $block = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
+            $cipher[0] . str_repeat("\0", 63),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core32_Util::store64_le(1)
+        );
+        #     tag = block[0];
+        #     block[0] = in[0];
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
+        $tag = ParagonIE_Sodium_Core32_Util::chrToInt($block[0]);
+        $block[0] = $cipher[0];
+        $auth->update($block);
+
+
+        #     c = in + (sizeof tag);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
+        $auth->update(ParagonIE_Sodium_Core32_Util::substr($cipher, 1, $msglen));
+
+        #     crypto_onetimeauth_poly1305_update
+        #     (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
+        $auth->update(str_repeat("\0", ((0x10 - 64 + $msglen) & 0xf)));
+
+        #     STORE64_LE(slen, (uint64_t) adlen);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $slen = ParagonIE_Sodium_Core32_Util::store64_le($aadlen);
+        $auth->update($slen);
+
+        #     STORE64_LE(slen, (sizeof block) + mlen);
+        #     crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
+        $slen = ParagonIE_Sodium_Core32_Util::store64_le(64 + $msglen);
+        $auth->update($slen);
+
+        #     crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
+        #     sodium_memzero(&poly1305_state, sizeof poly1305_state);
+        $mac = $auth->finish();
+
+        #     stored_mac = c + mlen;
+        #     if (sodium_memcmp(mac, stored_mac, sizeof mac) != 0) {
+        #     sodium_memzero(mac, sizeof mac);
+        #         return -1;
+        #     }
+
+        $stored = ParagonIE_Sodium_Core32_Util::substr($cipher, $msglen + 1, 16);
+        if (!ParagonIE_Sodium_Core32_Util::hashEquals($mac, $stored)) {
+            return false;
+        }
+
+        #     crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k);
+        $out = ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
+            ParagonIE_Sodium_Core32_Util::substr($cipher, 1, $msglen),
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core32_Util::store64_le(2)
+        );
+
+        #     XOR_BUF(STATE_INONCE(state), mac,
+        #         crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+        $st->xorNonce($mac);
+
+        #     sodium_increment(STATE_COUNTER(state),
+        #         crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+        $st->incrementCounter();
+
+        #     if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
+        #         sodium_is_zero(STATE_COUNTER(state),
+        #             crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
+        #         crypto_secretstream_xchacha20poly1305_rekey(state);
+        #     }
+
+        // Overwrite by reference:
+        $state = $st->toString();
+
+        /** @var bool $rekey */
+        $rekey = ($tag & ParagonIE_Sodium_Compat::CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_REKEY) !== 0;
+        if ($rekey || $st->needsRekey()) {
+            // DO REKEY
+            self::secretstream_xchacha20poly1305_rekey($state);
+        }
+        return array($out, $tag);
+    }
+
+    /**
+     * @param string $state
+     * @return void
+     * @throws SodiumException
+     */
+    public static function secretstream_xchacha20poly1305_rekey(&$state)
+    {
+        $st = ParagonIE_Sodium_Core32_SecretStream_State::fromString($state);
+        # unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
+        # crypto_secretstream_xchacha20poly1305_INONCEBYTES];
+        # size_t        i;
+        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
+        #     new_key_and_inonce[i] = state->k[i];
+        # }
+        $new_key_and_inonce = $st->getKey();
+
+        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
+        #     new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i] =
+        #         STATE_INONCE(state)[i];
+        # }
+        $new_key_and_inonce .= ParagonIE_Sodium_Core32_Util::substR($st->getNonce(), 0, 8);
+
+        # crypto_stream_chacha20_ietf_xor(new_key_and_inonce, new_key_and_inonce,
+        #                                 sizeof new_key_and_inonce,
+        #                                 state->nonce, state->k);
+
+        $st->rekey(ParagonIE_Sodium_Core32_ChaCha20::ietfStreamXorIc(
+            $new_key_and_inonce,
+            $st->getCombinedNonce(),
+            $st->getKey(),
+            ParagonIE_Sodium_Core32_Util::store64_le(0)
+        ));
+
+        # for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
+        #     state->k[i] = new_key_and_inonce[i];
+        # }
+        # for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
+        #     STATE_INONCE(state)[i] =
+        #          new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
+        # }
+        # _crypto_secretstream_xchacha20poly1305_counter_reset(state);
+        $st->counterReset();
+
+        $state = $st->toString();
+    }
+
+    /**
</ins><span class="cx" style="display: block; padding: 0 10px">      * Detached Ed25519 signature.
</span><span class="cx" style="display: block; padding: 0 10px">      *
</span><span class="cx" style="display: block; padding: 0 10px">      * @internal Do not use this directly. Use ParagonIE_Sodium_Compat.
</span></span></pre></div>
<a id="branches53srcwpincludessodium_compatsrcFilephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/5.3/src/wp-includes/sodium_compat/src/File.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/5.3/src/wp-includes/sodium_compat/src/File.php   2019-12-09 16:40:11 UTC (rev 46858)
+++ branches/5.3/src/wp-includes/sodium_compat/src/File.php     2019-12-09 16:44:58 UTC (rev 46859)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -679,7 +679,11 @@
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /* Security checks */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        if (ParagonIE_Sodium_Core_Ed25519::check_S_lt_L(self::substr($sig, 32, 32))) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        if (
+            (ParagonIE_Sodium_Core_Ed25519::chrToInt($sig[63]) & 240)
+                &&
+            ParagonIE_Sodium_Core_Ed25519::check_S_lt_L(self::substr($sig, 32, 32))
+        ) {
</ins><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('S < L - Invalid signature');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px">         if (ParagonIE_Sodium_Core_Ed25519::small_order($sig)) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -841,7 +845,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         if (!is_string($plaintext)) {
</span><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('Could not read input file');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $first32 = ftell($ifp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $first32 = self::ftell($ifp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var string $subkey */
</span><span class="cx" style="display: block; padding: 0 10px">         $subkey = ParagonIE_Sodium_Core_HSalsa20::hsalsa20($nonce, $key);
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -875,7 +879,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         // Pre-write 16 blank bytes for the Poly1305 tag
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $start = ftell($ofp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $start = self::ftell($ofp);
</ins><span class="cx" style="display: block; padding: 0 10px">         fwrite($ofp, str_repeat("\x00", 16));
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var string $c */
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -926,7 +930,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $block0 = null;
</span><span class="cx" style="display: block; padding: 0 10px">             $subkey = null;
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $end = ftell($ofp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $end = self::ftell($ofp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /*
</span><span class="cx" style="display: block; padding: 0 10px">          * Write the Poly1305 authentication tag that provides integrity
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1043,7 +1047,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $mlen = 0
</span><span class="cx" style="display: block; padding: 0 10px">     ) {
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var int $pos */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $pos = ftell($ifp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $pos = self::ftell($ifp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var int $iter */
</span><span class="cx" style="display: block; padding: 0 10px">         $iter = 1;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1106,7 +1110,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var int $originalPosition */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $originalPosition = ftell($fp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $originalPosition = self::ftell($fp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         // Move file pointer to beginning of file
</span><span class="cx" style="display: block; padding: 0 10px">         fseek($fp, 0, SEEK_SET);
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1314,7 +1318,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         if (!is_string($plaintext)) {
</span><span class="cx" style="display: block; padding: 0 10px">             throw new SodiumException('Could not read input file');
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $first32 = ftell($ifp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $first32 = self::ftell($ifp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var string $subkey */
</span><span class="cx" style="display: block; padding: 0 10px">         $subkey = ParagonIE_Sodium_Core32_HSalsa20::hsalsa20($nonce, $key);
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1348,7 +1352,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         );
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         // Pre-write 16 blank bytes for the Poly1305 tag
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $start = ftell($ofp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $start = self::ftell($ofp);
</ins><span class="cx" style="display: block; padding: 0 10px">         fwrite($ofp, str_repeat("\x00", 16));
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var string $c */
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1399,7 +1403,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">             $block0 = null;
</span><span class="cx" style="display: block; padding: 0 10px">             $subkey = null;
</span><span class="cx" style="display: block; padding: 0 10px">         }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $end = ftell($ofp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $end = self::ftell($ofp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /*
</span><span class="cx" style="display: block; padding: 0 10px">          * Write the Poly1305 authentication tag that provides integrity
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1515,7 +1519,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">         $mlen = 0
</span><span class="cx" style="display: block; padding: 0 10px">     ) {
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var int $pos */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-        $pos = ftell($ifp);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        $pos = self::ftell($ifp);
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">         /** @var int $iter */
</span><span class="cx" style="display: block; padding: 0 10px">         $iter = 1;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1540,4 +1544,18 @@
</span><span class="cx" style="display: block; padding: 0 10px">         fseek($ifp, $pos, SEEK_SET);
</span><span class="cx" style="display: block; padding: 0 10px">         return $res;
</span><span class="cx" style="display: block; padding: 0 10px">     }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+    /**
+     * @param resource $resource
+     * @return int
+     * @throws SodiumException
+     */
+    private static function ftell($resource)
+    {
+        $return = ftell($resource);
+        if (!is_int($return)) {
+            throw new SodiumException('ftell() returned false');
+        }
+        return (int) $return;
+    }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre>
</div>
</div>

</body>
</html>