Crypt::URandom failing is now fatal (#1808)

2021-10-15 20:01:18 +02:00 · 2021-10-15 20:01:18 +02:00 · 8bce426477
parent 781c9b0a8b
commit 8bce426477
2 changed files with 14 additions and 33 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
@ -21,17 +21,8 @@ sub generate {
        $length = $session->{args}->{IDLength};
    }

-    eval {
-        $session->{data}->{_session_id} =
-          unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
-    };
-    if ($@) {
-        print STDERR "Crypt::URandom::urandom failed: $@\n";
-        require Digest::SHA;
-        $session->{data}->{_session_id} =
-          substr( Digest::SHA::sha256_hex( time() . {} . rand() . $$ ),
-            0, $length );
-    }
+    $session->{data}->{_session_id} =
+      unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
 }

 sub validate {
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Crypto.pm
@ -12,32 +12,22 @@ use strict;
 use Crypt::Rijndael;
 use MIME::Base64;
 use Digest::SHA;
+use Crypt::URandom;
 use bytes;

 our $VERSION = '2.1.0';
-my ( $newIv, $randG, $hash );
-$hash = \&Digest::SHA::sha256;
+my $hash = \&Digest::SHA::sha256;

 use constant HMAC_LENGTH => 32;
 use constant IV_LENGTH   => 16;

-# Build initialization vector subroutine
-BEGIN {
-    eval { require Crypt::URandom; Crypt::URandom::urandom(IV_LENGTH) };
-    if ($@) {
-        $newIv = sub {
-            return bytes::substr( Digest::SHA::sha1( rand() . time . {} ),
-                0, IV_LENGTH );
-        };
-        $randG = sub { return int( rand( $_[0] ) ) };
-    }
-    else {
-        $newIv = sub { return Crypt::URandom::urandom(IV_LENGTH) };
-        $randG = sub {
-            return
-              int( unpack( "C", Crypt::URandom::urandom(1) ) * $_[0] / 256 );
-        };
-    }
+sub newIv {
+    return Crypt::URandom::urandom(IV_LENGTH);
+}
+
+sub randG {
+    my ($max) = @_;
+    return int( unpack( "C", Crypt::URandom::urandom(1) ) * $max / 256 );
 }

 our $msg;
@ -87,7 +77,7 @@ sub encrypt {
    my $iv =
      $low
      ? bytes::substr( Digest::SHA::sha1( rand() . time . {} ), 0, IV_LENGTH )
-      : $newIv->();
+      : newIv();
    my $hmac = $hash->($data);
    eval {
        $data =
@ -190,7 +180,7 @@ sub _cryptHex {
    }
    my $iv;
    if ( $sub eq 'encrypt' ) {
-        $iv = $newIv->();
+        $iv = newIv();
    }
    $data = pack "H*", $data;
    if ( $sub eq 'decrypt' ) {
@ -215,7 +205,7 @@ sub srandom {
    if ($@) {
        die 'Missing recommended dependency to String::Random';
    }
-    return String::Random->new( rand_gen => $randG );
+    return String::Random->new( rand_gen => \&randG );
 }

 1;