Use better random number generator #29
This commit is contained in:
parent
7dbca9fca6
commit
bea9a577a6
8 changed files with 117 additions and 51 deletions
|
@ -18,7 +18,8 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"require": {
|
"require": {
|
||||||
"php": "^5.2.6 || ^7.0"
|
"php": "^5.2.6 || ^7.0",
|
||||||
|
"paragonie/random_compat": "^2.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"codacy/coverage": "dev-master",
|
"codacy/coverage": "dev-master",
|
||||||
|
|
|
@ -26,6 +26,15 @@ use Exception;
|
||||||
*/
|
*/
|
||||||
class ServerSalt extends AbstractPersistence
|
class ServerSalt extends AbstractPersistence
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* file where salt is saved to
|
||||||
|
*
|
||||||
|
* @access private
|
||||||
|
* @static
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
private static $_file = 'salt.php';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* generated salt
|
* generated salt
|
||||||
*
|
*
|
||||||
|
@ -44,16 +53,7 @@ class ServerSalt extends AbstractPersistence
|
||||||
*/
|
*/
|
||||||
public static function generate()
|
public static function generate()
|
||||||
{
|
{
|
||||||
$randomSalt = '';
|
$randomSalt = bin2hex(random_bytes(256));
|
||||||
if (function_exists('mcrypt_create_iv')) {
|
|
||||||
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
|
|
||||||
} else {
|
|
||||||
// fallback to mt_rand()
|
|
||||||
|
|
||||||
for ($i = 0; $i < 256; ++$i) {
|
|
||||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $randomSalt;
|
return $randomSalt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -71,19 +71,18 @@ class ServerSalt extends AbstractPersistence
|
||||||
return self::$_salt;
|
return self::$_salt;
|
||||||
}
|
}
|
||||||
|
|
||||||
$file = 'salt.php';
|
if (self::_exists(self::$_file)) {
|
||||||
if (self::_exists($file)) {
|
if (is_readable(self::getPath(self::$_file))) {
|
||||||
if (is_readable(self::getPath($file))) {
|
$items = explode('|', file_get_contents(self::getPath(self::$_file)));
|
||||||
$items = explode('|', file_get_contents(self::getPath($file)));
|
|
||||||
}
|
}
|
||||||
if (!isset($items) || !is_array($items) || count($items) != 3) {
|
if (!isset($items) || !is_array($items) || count($items) != 3) {
|
||||||
throw new Exception('unable to read file ' . self::getPath($file), 20);
|
throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
|
||||||
}
|
}
|
||||||
self::$_salt = $items[1];
|
self::$_salt = $items[1];
|
||||||
} else {
|
} else {
|
||||||
self::$_salt = self::generate();
|
self::$_salt = self::generate();
|
||||||
self::_store(
|
self::_store(
|
||||||
$file,
|
self::$_file,
|
||||||
'<?php /* |' . self::$_salt . '| */ ?>'
|
'<?php /* |' . self::$_salt . '| */ ?>'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,26 +43,6 @@ class ServerSaltTest extends PHPUnit_Framework_TestCase
|
||||||
ServerSalt::setPath($this->_path);
|
ServerSalt::setPath($this->_path);
|
||||||
$salt = ServerSalt::get();
|
$salt = ServerSalt::get();
|
||||||
|
|
||||||
// mcrypt mock
|
|
||||||
if (!function_exists('mcrypt_create_iv')) {
|
|
||||||
if (!defined('MCRYPT_DEV_URANDOM')) {
|
|
||||||
define('MCRYPT_DEV_URANDOM', 1);
|
|
||||||
}
|
|
||||||
function mcrypt_create_iv($int, $flag)
|
|
||||||
{
|
|
||||||
$randomSalt = '';
|
|
||||||
for ($i = 0; $i < $int; ++$i) {
|
|
||||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
|
||||||
}
|
|
||||||
// hex2bin requires an even length, pad if necessary
|
|
||||||
if (strlen($randomSalt) % 2) {
|
|
||||||
$randomSalt = '0' . $randomSalt;
|
|
||||||
}
|
|
||||||
return hex2bin($randomSalt);
|
|
||||||
}
|
|
||||||
$this->assertNotEquals($salt, ServerSalt::generate());
|
|
||||||
}
|
|
||||||
|
|
||||||
// try setting a different path and resetting it
|
// try setting a different path and resetting it
|
||||||
ServerSalt::setPath($this->_otherPath);
|
ServerSalt::setPath($this->_otherPath);
|
||||||
$this->assertNotEquals($salt, ServerSalt::get());
|
$this->assertNotEquals($salt, ServerSalt::get());
|
||||||
|
|
22
vendor/composer/autoload_classmap.php
vendored
22
vendor/composer/autoload_classmap.php
vendored
|
@ -5,4 +5,24 @@
|
||||||
$vendorDir = dirname(dirname(__FILE__));
|
$vendorDir = dirname(dirname(__FILE__));
|
||||||
$baseDir = dirname($vendorDir);
|
$baseDir = dirname($vendorDir);
|
||||||
|
|
||||||
return array();
|
return array(
|
||||||
|
'PrivateBin\\Configuration' => $baseDir . '/lib/Configuration.php',
|
||||||
|
'PrivateBin\\Data\\AbstractData' => $baseDir . '/lib/Data/AbstractData.php',
|
||||||
|
'PrivateBin\\Data\\Database' => $baseDir . '/lib/Data/Database.php',
|
||||||
|
'PrivateBin\\Data\\Filesystem' => $baseDir . '/lib/Data/Filesystem.php',
|
||||||
|
'PrivateBin\\Filter' => $baseDir . '/lib/Filter.php',
|
||||||
|
'PrivateBin\\I18n' => $baseDir . '/lib/I18n.php',
|
||||||
|
'PrivateBin\\Model' => $baseDir . '/lib/Model.php',
|
||||||
|
'PrivateBin\\Model\\AbstractModel' => $baseDir . '/lib/Model/AbstractModel.php',
|
||||||
|
'PrivateBin\\Model\\Paste' => $baseDir . '/lib/Model/Paste.php',
|
||||||
|
'PrivateBin\\Persistence\\AbstractPersistence' => $baseDir . '/lib/Persistence/AbstractPersistence.php',
|
||||||
|
'PrivateBin\\Persistence\\PurgeLimiter' => $baseDir . '/lib/Persistence/PurgeLimiter.php',
|
||||||
|
'PrivateBin\\Persistence\\ServerSalt' => $baseDir . '/lib/Persistence/ServerSalt.php',
|
||||||
|
'PrivateBin\\Persistence\\TrafficLimiter' => $baseDir . '/lib/Persistence/TrafficLimiter.php',
|
||||||
|
'PrivateBin\\PrivateBin' => $baseDir . '/lib/PrivateBin.php',
|
||||||
|
'PrivateBin\\Request' => $baseDir . '/lib/Request.php',
|
||||||
|
'PrivateBin\\Sjcl' => $baseDir . '/lib/Sjcl.php',
|
||||||
|
'PrivateBin\\View' => $baseDir . '/lib/View.php',
|
||||||
|
'PrivateBin\\Vizhash16x16' => $baseDir . '/lib/Vizhash16x16.php',
|
||||||
|
'PrivateBin\\model\\Comment' => $baseDir . '/lib/Model/Comment.php',
|
||||||
|
);
|
||||||
|
|
4
vendor/composer/autoload_files.php
vendored
4
vendor/composer/autoload_files.php
vendored
|
@ -5,4 +5,6 @@
|
||||||
$vendorDir = dirname(dirname(__FILE__));
|
$vendorDir = dirname(dirname(__FILE__));
|
||||||
$baseDir = dirname($vendorDir);
|
$baseDir = dirname($vendorDir);
|
||||||
|
|
||||||
return array();
|
return array(
|
||||||
|
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
|
||||||
|
);
|
||||||
|
|
6
vendor/composer/autoload_namespaces.php
vendored
6
vendor/composer/autoload_namespaces.php
vendored
|
@ -6,10 +6,4 @@ $vendorDir = dirname(dirname(__FILE__));
|
||||||
$baseDir = dirname($vendorDir);
|
$baseDir = dirname($vendorDir);
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'Psr\\Log\\' => array($vendorDir . '/psr/log'),
|
|
||||||
'Prophecy\\' => array($vendorDir . '/phpspec/prophecy/src'),
|
|
||||||
'Guzzle\\Tests' => array($vendorDir . '/guzzle/guzzle/tests'),
|
|
||||||
'Guzzle' => array($vendorDir . '/guzzle/guzzle/src'),
|
|
||||||
'CodeClimate\\Component' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
|
|
||||||
'CodeClimate\\Bundle' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
|
|
||||||
);
|
);
|
||||||
|
|
29
vendor/composer/autoload_static.php
vendored
29
vendor/composer/autoload_static.php
vendored
|
@ -6,7 +6,9 @@ namespace Composer\Autoload;
|
||||||
|
|
||||||
class ComposerStaticInitDontChange
|
class ComposerStaticInitDontChange
|
||||||
{
|
{
|
||||||
public static $files = array ();
|
public static $files = array (
|
||||||
|
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
|
||||||
|
);
|
||||||
|
|
||||||
public static $prefixLengthsPsr4 = array (
|
public static $prefixLengthsPsr4 = array (
|
||||||
'P' =>
|
'P' =>
|
||||||
|
@ -22,16 +24,33 @@ class ComposerStaticInitDontChange
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
public static $prefixesPsr0 = array ();
|
public static $classMap = array (
|
||||||
|
'PrivateBin\\Configuration' => __DIR__ . '/../..' . '/lib/Configuration.php',
|
||||||
public static $classMap = array ();
|
'PrivateBin\\Data\\AbstractData' => __DIR__ . '/../..' . '/lib/Data/AbstractData.php',
|
||||||
|
'PrivateBin\\Data\\Database' => __DIR__ . '/../..' . '/lib/Data/Database.php',
|
||||||
|
'PrivateBin\\Data\\Filesystem' => __DIR__ . '/../..' . '/lib/Data/Filesystem.php',
|
||||||
|
'PrivateBin\\Filter' => __DIR__ . '/../..' . '/lib/Filter.php',
|
||||||
|
'PrivateBin\\I18n' => __DIR__ . '/../..' . '/lib/I18n.php',
|
||||||
|
'PrivateBin\\Model' => __DIR__ . '/../..' . '/lib/Model.php',
|
||||||
|
'PrivateBin\\Model\\AbstractModel' => __DIR__ . '/../..' . '/lib/Model/AbstractModel.php',
|
||||||
|
'PrivateBin\\Model\\Paste' => __DIR__ . '/../..' . '/lib/Model/Paste.php',
|
||||||
|
'PrivateBin\\Persistence\\AbstractPersistence' => __DIR__ . '/../..' . '/lib/Persistence/AbstractPersistence.php',
|
||||||
|
'PrivateBin\\Persistence\\PurgeLimiter' => __DIR__ . '/../..' . '/lib/Persistence/PurgeLimiter.php',
|
||||||
|
'PrivateBin\\Persistence\\ServerSalt' => __DIR__ . '/../..' . '/lib/Persistence/ServerSalt.php',
|
||||||
|
'PrivateBin\\Persistence\\TrafficLimiter' => __DIR__ . '/../..' . '/lib/Persistence/TrafficLimiter.php',
|
||||||
|
'PrivateBin\\PrivateBin' => __DIR__ . '/../..' . '/lib/PrivateBin.php',
|
||||||
|
'PrivateBin\\Request' => __DIR__ . '/../..' . '/lib/Request.php',
|
||||||
|
'PrivateBin\\Sjcl' => __DIR__ . '/../..' . '/lib/Sjcl.php',
|
||||||
|
'PrivateBin\\View' => __DIR__ . '/../..' . '/lib/View.php',
|
||||||
|
'PrivateBin\\Vizhash16x16' => __DIR__ . '/../..' . '/lib/Vizhash16x16.php',
|
||||||
|
'PrivateBin\\model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php',
|
||||||
|
);
|
||||||
|
|
||||||
public static function getInitializer(ClassLoader $loader)
|
public static function getInitializer(ClassLoader $loader)
|
||||||
{
|
{
|
||||||
return \Closure::bind(function () use ($loader) {
|
return \Closure::bind(function () use ($loader) {
|
||||||
$loader->prefixLengthsPsr4 = ComposerStaticInitDontChange::$prefixLengthsPsr4;
|
$loader->prefixLengthsPsr4 = ComposerStaticInitDontChange::$prefixLengthsPsr4;
|
||||||
$loader->prefixDirsPsr4 = ComposerStaticInitDontChange::$prefixDirsPsr4;
|
$loader->prefixDirsPsr4 = ComposerStaticInitDontChange::$prefixDirsPsr4;
|
||||||
$loader->prefixesPsr0 = ComposerStaticInitDontChange::$prefixesPsr0;
|
|
||||||
$loader->classMap = ComposerStaticInitDontChange::$classMap;
|
$loader->classMap = ComposerStaticInitDontChange::$classMap;
|
||||||
|
|
||||||
}, null, ClassLoader::class);
|
}, null, ClassLoader::class);
|
||||||
|
|
53
vendor/composer/installed.json
vendored
53
vendor/composer/installed.json
vendored
|
@ -1 +1,52 @@
|
||||||
[]
|
[
|
||||||
|
{
|
||||||
|
"name": "paragonie/random_compat",
|
||||||
|
"version": "v2.0.2",
|
||||||
|
"version_normalized": "2.0.2.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/paragonie/random_compat.git",
|
||||||
|
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||||
|
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.2.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "4.*|5.*"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||||
|
},
|
||||||
|
"time": "2016-04-03 06:00:07",
|
||||||
|
"type": "library",
|
||||||
|
"installation-source": "dist",
|
||||||
|
"autoload": {
|
||||||
|
"files": [
|
||||||
|
"lib/random.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Paragon Initiative Enterprises",
|
||||||
|
"email": "security@paragonie.com",
|
||||||
|
"homepage": "https://paragonie.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||||
|
"keywords": [
|
||||||
|
"csprng",
|
||||||
|
"pseudorandom",
|
||||||
|
"random"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
Loading…
Reference in a new issue