[wp-trac] [WordPress Trac] #47186: At least one function in /wp-includes/sodium_compat/src/Core32 times out on 32 bit servers

WordPress Trac noreply at wordpress.org
Thu May 9 20:23:16 UTC 2019 

#47186: At least one function in /wp-includes/sodium_compat/src/Core32 times out on
32 bit servers
-------------------------------+-------------------------------------------
 Reporter:  lovingboth         |       Owner:  paragoninitiativeenterprises
     Type:  defect (bug)       |      Status:  reviewing
 Priority:  normal             |   Milestone:  5.2.1
Component:  Upgrade/Install    |     Version:  5.2
 Severity:  normal             |  Resolution:
 Keywords:  needs-testing      |     Focuses:
  has-patch                    |
-------------------------------+-------------------------------------------

Comment (by lovingboth):

 Replying to [comment:15 paragoninitiativeenterprises]:

 > I understand your frustration. You're not the only one expending hours
 on this problem. It took me a month and a half of almost non-stop
 development to get Curve25519 field arithmetic to work on 32-bit ''at
 all', and that was just the up-front development time.
 >
 > I had been taking great efforts over the past year to make it faster,
 but it clearly wasn't adequate.

 Thank you, especially as I am old enough to have had to develop 32-bit and
 floating point maths code on 8-bit CPUs... without having to try to make
 it have constant runtime as well.

 > @lovingboth:
 >
 > > Ah, so it's a known problem with the library that was added to
 WordPress core without, as far as I can see, ever seeing how many WP users
 are running on 32-bit systems.
 >
 > It's a known problem that's ''extremely'' challenging to solve, and
 ''almost nobody'' runs PHP in general in production on 32-bit systems
 where they can't ''also'' install PHP extensions via PECL

 How does anyone know?

 If any of the more than one in seven running WP in May 2019 with PHP
 earlier than 5.5 are on Windows, they are very unlikely to be running
 64-bit. Or have the ability to install extensions themselves.

 My use case for staying on 32-bit is that with a VPS with 1GiB RAM or
 less, running 64-bit Linux isn't noticeably faster but does use
 considerably more memory = you can do considerably less on it before
 hitting the real speed difference of spending lots of time swapping
 virtual memory about. Given I am working with organisations that struggle
 for every penny, doing it for half the monthly price makes a difference.
 (From trying it on a netbook, it also makes a significant difference with
 2GiB RAM, so the saving is probably even larger.)

 Other people are running it on Raspberry Pis, where the same thing applies
 and there either isn't a 64-bit CPU or isn't a widely used 64-bit OS for
 the newer models.

 > Most people who run 32-bit PHP have been perfectly content with `pecl
 install sodium` as a solution, to date.

 How does anyone know?

 > Anyway! Misunderstandings aside, I'm releasing a new version of
 sodium_compat this evening, which introduces a 9x to 10x speedup when you
 set `ParagonIE_Sodium_Compat::$fastMult = true;` on 32-bit systems.
 >
 > https://github.com/paragonie/sodium_compat/pull/86
 >
 > For Ed25519 signature verification, we automatically set this
 (temporarily) to `true` since there are no cryptographic secrets that can
 be leaked from integer multiplication in this context.
 >
 > In other words: You can anticipate a significant speed-up that won't, in
 this specific context, even theoretically harm security.
 >
 > A patch for WordPress will be provided as soon as I'm confident the
 changes are non-breaking and `v1.9.2` is tagged. This will be safe to
 release in `5.2.1`.
 >
 > If you'd like to help test this in the meantime, simply copy
 `src/Core32/Int64.php` from the official `v1.9.2` release over the one
 WordPress provides and see if the runtime is acceptable on your machine.

 "Never be the first kid on your block to try.." :)

 Having said that, doing that cuts down the time to update Twenty Seventeen
 on that VPS from over thirty seconds to about seven.

 Result!

 Thank you. (And again, sorry!)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47186#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list