dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fix-urandom-fatal-1808' into 'master'

Browse Source 
Crypt::URandom failing is now fatal (#1808)

See merge request lemonldap-ng/lemonldap-ng!233
This commit is contained in:
Yadd 2021-10-16 06:04:15 +00:00
commit 79bb915716
2 changed files with 14 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
View File

@ -21,17 +21,8 @@ sub generate {
$length = $session->{args}->{IDLength}; $length = $session->{args}->{IDLength};
} }
eval { $session->{data}->{_session_id} =
$session->{data}->{_session_id} = unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
};
if ($@) {
print STDERR "Crypt::URandom::urandom failed: $@\n";
require Digest::SHA;
$session->{data}->{_session_id} =
substr( Digest::SHA::sha256_hex( time() . {} . rand() . $$ ),
0, $length );
}
} }
sub validate { sub validate {

34
lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
View File

@ -12,32 +12,22 @@ use strict;
use Crypt::Rijndael; use Crypt::Rijndael;
use MIME::Base64; use MIME::Base64;
use Digest::SHA; use Digest::SHA;
use Crypt::URandom;
use bytes; use bytes;
our $VERSION = '2.1.0'; our $VERSION = '2.1.0';
my ( $newIv, $randG, $hash ); my $hash = \&Digest::SHA::sha256;
$hash = \&Digest::SHA::sha256;
use constant HMAC_LENGTH => 32; use constant HMAC_LENGTH => 32;
use constant IV_LENGTH => 16; use constant IV_LENGTH => 16;
# Build initialization vector subroutine sub newIv {
BEGIN { return Crypt::URandom::urandom(IV_LENGTH);
eval { require Crypt::URandom; Crypt::URandom::urandom(IV_LENGTH) }; }
if ($@) {
$newIv = sub { sub randG {
return bytes::substr( Digest::SHA::sha1( rand() . time . {} ), my ($max) = @_;
0, IV_LENGTH ); return int( unpack( "C", Crypt::URandom::urandom(1) ) * $max / 256 );
};
$randG = sub { return int( rand( $_[0] ) ) };
}
else {
$newIv = sub { return Crypt::URandom::urandom(IV_LENGTH) };
$randG = sub {
return
int( unpack( "C", Crypt::URandom::urandom(1) ) * $_[0] / 256 );
};
}
} }
our $msg; our $msg;
@ -87,7 +77,7 @@ sub encrypt {
my $iv = my $iv =
$low $low
? bytes::substr( Digest::SHA::sha1( rand() . time . {} ), 0, IV_LENGTH ) ? bytes::substr( Digest::SHA::sha1( rand() . time . {} ), 0, IV_LENGTH )
: $newIv->(); : newIv();
my $hmac = $hash->($data); my $hmac = $hash->($data);
eval { eval {
$data = $data =
@ -190,7 +180,7 @@ sub _cryptHex {
} }
my $iv; my $iv;
if ( $sub eq 'encrypt' ) { if ( $sub eq 'encrypt' ) {
$iv = $newIv->(); $iv = newIv();
} }
$data = pack "H*", $data; $data = pack "H*", $data;
if ( $sub eq 'decrypt' ) { if ( $sub eq 'decrypt' ) {
@ -215,7 +205,7 @@ sub srandom {
if ($@) { if ($@) {
die 'Missing recommended dependency to String::Random'; die 'Missing recommended dependency to String::Random';
} }
return String::Random->new( rand_gen => $randG ); return String::Random->new( rand_gen => \&randG );
} }
1; 1;