Merge branch 'fix-urandom-fatal-1808' into 'master'
Crypt::URandom failing is now fatal (#1808) See merge request lemonldap-ng/lemonldap-ng!233
This commit is contained in:
commit
79bb915716
|
@ -21,17 +21,8 @@ sub generate {
|
||||||
$length = $session->{args}->{IDLength};
|
$length = $session->{args}->{IDLength};
|
||||||
}
|
}
|
||||||
|
|
||||||
eval {
|
$session->{data}->{_session_id} =
|
||||||
$session->{data}->{_session_id} =
|
unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
|
||||||
unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
|
|
||||||
};
|
|
||||||
if ($@) {
|
|
||||||
print STDERR "Crypt::URandom::urandom failed: $@\n";
|
|
||||||
require Digest::SHA;
|
|
||||||
$session->{data}->{_session_id} =
|
|
||||||
substr( Digest::SHA::sha256_hex( time() . {} . rand() . $$ ),
|
|
||||||
0, $length );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub validate {
|
sub validate {
|
||||||
|
|
|
@ -12,32 +12,22 @@ use strict;
|
||||||
use Crypt::Rijndael;
|
use Crypt::Rijndael;
|
||||||
use MIME::Base64;
|
use MIME::Base64;
|
||||||
use Digest::SHA;
|
use Digest::SHA;
|
||||||
|
use Crypt::URandom;
|
||||||
use bytes;
|
use bytes;
|
||||||
|
|
||||||
our $VERSION = '2.1.0';
|
our $VERSION = '2.1.0';
|
||||||
my ( $newIv, $randG, $hash );
|
my $hash = \&Digest::SHA::sha256;
|
||||||
$hash = \&Digest::SHA::sha256;
|
|
||||||
|
|
||||||
use constant HMAC_LENGTH => 32;
|
use constant HMAC_LENGTH => 32;
|
||||||
use constant IV_LENGTH => 16;
|
use constant IV_LENGTH => 16;
|
||||||
|
|
||||||
# Build initialization vector subroutine
|
sub newIv {
|
||||||
BEGIN {
|
return Crypt::URandom::urandom(IV_LENGTH);
|
||||||
eval { require Crypt::URandom; Crypt::URandom::urandom(IV_LENGTH) };
|
}
|
||||||
if ($@) {
|
|
||||||
$newIv = sub {
|
sub randG {
|
||||||
return bytes::substr( Digest::SHA::sha1( rand() . time . {} ),
|
my ($max) = @_;
|
||||||
0, IV_LENGTH );
|
return int( unpack( "C", Crypt::URandom::urandom(1) ) * $max / 256 );
|
||||||
};
|
|
||||||
$randG = sub { return int( rand( $_[0] ) ) };
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$newIv = sub { return Crypt::URandom::urandom(IV_LENGTH) };
|
|
||||||
$randG = sub {
|
|
||||||
return
|
|
||||||
int( unpack( "C", Crypt::URandom::urandom(1) ) * $_[0] / 256 );
|
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
our $msg;
|
our $msg;
|
||||||
|
@ -87,7 +77,7 @@ sub encrypt {
|
||||||
my $iv =
|
my $iv =
|
||||||
$low
|
$low
|
||||||
? bytes::substr( Digest::SHA::sha1( rand() . time . {} ), 0, IV_LENGTH )
|
? bytes::substr( Digest::SHA::sha1( rand() . time . {} ), 0, IV_LENGTH )
|
||||||
: $newIv->();
|
: newIv();
|
||||||
my $hmac = $hash->($data);
|
my $hmac = $hash->($data);
|
||||||
eval {
|
eval {
|
||||||
$data =
|
$data =
|
||||||
|
@ -190,7 +180,7 @@ sub _cryptHex {
|
||||||
}
|
}
|
||||||
my $iv;
|
my $iv;
|
||||||
if ( $sub eq 'encrypt' ) {
|
if ( $sub eq 'encrypt' ) {
|
||||||
$iv = $newIv->();
|
$iv = newIv();
|
||||||
}
|
}
|
||||||
$data = pack "H*", $data;
|
$data = pack "H*", $data;
|
||||||
if ( $sub eq 'decrypt' ) {
|
if ( $sub eq 'decrypt' ) {
|
||||||
|
@ -215,7 +205,7 @@ sub srandom {
|
||||||
if ($@) {
|
if ($@) {
|
||||||
die 'Missing recommended dependency to String::Random';
|
die 'Missing recommended dependency to String::Random';
|
||||||
}
|
}
|
||||||
return String::Random->new( rand_gen => $randG );
|
return String::Random->new( rand_gen => \&randG );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user