Don't use Crypt::URandom inside jail: this import file access libraries
This commit is contained in:
parent
0b1643c294
commit
9d5d1f6cd5
|
@ -64,13 +64,13 @@ sub _getCipher {
|
||||||
# @param data data to encrypt
|
# @param data data to encrypt
|
||||||
# @return encrypted data in Base64 format
|
# @return encrypted data in Base64 format
|
||||||
sub encrypt {
|
sub encrypt {
|
||||||
my ( $self, $data ) = @_;
|
my ( $self, $data, $low ) = @_;
|
||||||
|
|
||||||
# pad $data so that its length be multiple of 16 bytes
|
# pad $data so that its length be multiple of 16 bytes
|
||||||
my $l = bytes::length($data) % 16;
|
my $l = bytes::length($data) % 16;
|
||||||
$data .= "\0" x ( 16 - $l ) unless ( $l == 0 );
|
$data .= "\0" x ( 16 - $l ) unless ( $l == 0 );
|
||||||
|
|
||||||
my $iv = $newIv->();
|
my $iv = $low ? md5( rand() . time . {} ) : $newIv->();
|
||||||
eval {
|
eval {
|
||||||
$data =
|
$data =
|
||||||
encode_base64( $iv . $self->_getCipher->set_iv($iv)->encrypt($data),
|
encode_base64( $iv . $self->_getCipher->set_iv($iv)->encrypt($data),
|
||||||
|
@ -102,6 +102,7 @@ sub decrypt {
|
||||||
$iv = bytes::substr( $data, 0, 16 );
|
$iv = bytes::substr( $data, 0, 16 );
|
||||||
$data = bytes::substr( $data, 16 );
|
$data = bytes::substr( $data, 16 );
|
||||||
eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); };
|
eval { $data = $self->_getCipher->set_iv($iv)->decrypt($data); };
|
||||||
|
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$msg = "Crypt::Rijndael error : $@";
|
$msg = "Crypt::Rijndael error : $@";
|
||||||
return undef;
|
return undef;
|
||||||
|
|
|
@ -103,7 +103,7 @@ sub build_jail {
|
||||||
|
|
||||||
# Import crypto methods for jail
|
# Import crypto methods for jail
|
||||||
sub encrypt {
|
sub encrypt {
|
||||||
return &Lemonldap::NG::Handler::Main::tsv->{cipher}->encrypt(@_);
|
return &Lemonldap::NG::Handler::Main::tsv->{cipher}->encrypt( $_[0], 1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub token {
|
sub token {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user