Merge pull request #65 from PrivateBin/prng
Use better random number generator
This commit is contained in:
commit
d12ddd2efc
|
@ -12,7 +12,7 @@ the options and adjust them as you see fit.
|
|||
|
||||
- PHP version 5.3 or above
|
||||
- GD extension
|
||||
- mcrypt extension (optional, but strongly recommended)
|
||||
- [Libsodium](https://download.libsodium.org) or mcrypt extension (optional, but strongly recommended)
|
||||
- some disk space or (optional) a database supported by PDO
|
||||
- ability to create files and folders in the installation directory and the PATH
|
||||
- A web browser with javascript support
|
||||
|
|
|
@ -18,7 +18,8 @@
|
|||
}
|
||||
],
|
||||
"require": {
|
||||
"php": "^5.3 || ^7.0",
|
||||
"php": "^5.2.6 || ^7.0",
|
||||
"paragonie/random_compat": "^2.0",
|
||||
"yzalis/identicon": "^1.1"
|
||||
},
|
||||
"require-dev": {
|
||||
|
|
|
@ -4,9 +4,57 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"hash": "e3520dc72004bd92b2bd0b0febf71c7f",
|
||||
"content-hash": "ac3ea1f44998ea42345107fd21d6a2e0",
|
||||
"hash": "42c2efb0f05581e3d3f5dd3874c2b1ed",
|
||||
"content-hash": "21164495228478cc6cb92e5c78bb490c",
|
||||
"packages": [
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
],
|
||||
"time": "2016-04-03 06:00:07"
|
||||
},
|
||||
{
|
||||
"name": "yzalis/identicon",
|
||||
"version": "1.1.0",
|
||||
|
@ -416,21 +464,21 @@
|
|||
},
|
||||
{
|
||||
"name": "symfony/config",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/config.git",
|
||||
"reference": "a7630397b91be09cdd2fe57fd13612e258700598"
|
||||
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/config/zipball/a7630397b91be09cdd2fe57fd13612e258700598",
|
||||
"reference": "a7630397b91be09cdd2fe57fd13612e258700598",
|
||||
"url": "https://api.github.com/repos/symfony/config/zipball/4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
|
||||
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9",
|
||||
"symfony/filesystem": "~2.8|~3.0"
|
||||
"php": ">=5.3.9",
|
||||
"symfony/filesystem": "~2.3|~3.0.0"
|
||||
},
|
||||
"suggest": {
|
||||
"symfony/yaml": "To use the yaml reference dumper"
|
||||
|
@ -438,7 +486,7 @@
|
|||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -465,30 +513,30 @@
|
|||
],
|
||||
"description": "Symfony Config Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-07-26 08:04:17"
|
||||
"time": "2016-07-26 08:02:44"
|
||||
},
|
||||
{
|
||||
"name": "symfony/console",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/console.git",
|
||||
"reference": "f9e638e8149e9e41b570ff092f8007c477ef0ce5"
|
||||
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/f9e638e8149e9e41b570ff092f8007c477ef0ce5",
|
||||
"reference": "f9e638e8149e9e41b570ff092f8007c477ef0ce5",
|
||||
"url": "https://api.github.com/repos/symfony/console/zipball/36e62335caca8a6e909c5c5bac4a8128149911c9",
|
||||
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9",
|
||||
"php": ">=5.3.9",
|
||||
"symfony/polyfill-mbstring": "~1.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"psr/log": "~1.0",
|
||||
"symfony/event-dispatcher": "~2.8|~3.0",
|
||||
"symfony/process": "~2.8|~3.0"
|
||||
"symfony/event-dispatcher": "~2.1|~3.0.0",
|
||||
"symfony/process": "~2.1|~3.0.0"
|
||||
},
|
||||
"suggest": {
|
||||
"psr/log": "For using the console logger",
|
||||
|
@ -498,7 +546,7 @@
|
|||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -525,7 +573,7 @@
|
|||
],
|
||||
"description": "Symfony Console Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-07-26 08:04:17"
|
||||
"time": "2016-07-30 07:20:35"
|
||||
},
|
||||
{
|
||||
"name": "symfony/event-dispatcher",
|
||||
|
@ -589,25 +637,25 @@
|
|||
},
|
||||
{
|
||||
"name": "symfony/filesystem",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/filesystem.git",
|
||||
"reference": "bb29adceb552d202b6416ede373529338136e84f"
|
||||
"reference": "ab4c3f085c8f5a56536845bf985c4cef30bf75fd"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/bb29adceb552d202b6416ede373529338136e84f",
|
||||
"reference": "bb29adceb552d202b6416ede373529338136e84f",
|
||||
"url": "https://api.github.com/repos/symfony/filesystem/zipball/ab4c3f085c8f5a56536845bf985c4cef30bf75fd",
|
||||
"reference": "ab4c3f085c8f5a56536845bf985c4cef30bf75fd",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9"
|
||||
"php": ">=5.3.9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -634,7 +682,7 @@
|
|||
],
|
||||
"description": "Symfony Filesystem Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-07-20 05:44:26"
|
||||
"time": "2016-07-20 05:41:28"
|
||||
},
|
||||
{
|
||||
"name": "symfony/polyfill-mbstring",
|
||||
|
@ -697,25 +745,25 @@
|
|||
},
|
||||
{
|
||||
"name": "symfony/process",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/process.git",
|
||||
"reference": "04c2dfaae4ec56a5c677b0c69fac34637d815758"
|
||||
"reference": "d20332e43e8774ff8870b394f3dd6020cc7f8e0c"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/process/zipball/04c2dfaae4ec56a5c677b0c69fac34637d815758",
|
||||
"reference": "04c2dfaae4ec56a5c677b0c69fac34637d815758",
|
||||
"url": "https://api.github.com/repos/symfony/process/zipball/d20332e43e8774ff8870b394f3dd6020cc7f8e0c",
|
||||
"reference": "d20332e43e8774ff8870b394f3dd6020cc7f8e0c",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9"
|
||||
"php": ">=5.3.9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -742,29 +790,29 @@
|
|||
],
|
||||
"description": "Symfony Process Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-07-28 11:13:48"
|
||||
"time": "2016-07-28 11:13:19"
|
||||
},
|
||||
{
|
||||
"name": "symfony/stopwatch",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/stopwatch.git",
|
||||
"reference": "bb42806b12c5f89db4ebf64af6741afe6d8457e1"
|
||||
"reference": "35bae476693150728b0eb51647faac82faf9aaca"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/stopwatch/zipball/bb42806b12c5f89db4ebf64af6741afe6d8457e1",
|
||||
"reference": "bb42806b12c5f89db4ebf64af6741afe6d8457e1",
|
||||
"url": "https://api.github.com/repos/symfony/stopwatch/zipball/35bae476693150728b0eb51647faac82faf9aaca",
|
||||
"reference": "35bae476693150728b0eb51647faac82faf9aaca",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9"
|
||||
"php": ">=5.3.9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -791,29 +839,29 @@
|
|||
],
|
||||
"description": "Symfony Stopwatch Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-06-29 05:41:56"
|
||||
"time": "2016-06-29 05:29:29"
|
||||
},
|
||||
{
|
||||
"name": "symfony/yaml",
|
||||
"version": "v3.1.3",
|
||||
"version": "v2.8.9",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/yaml.git",
|
||||
"reference": "1819adf2066880c7967df7180f4f662b6f0567ac"
|
||||
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/yaml/zipball/1819adf2066880c7967df7180f4f662b6f0567ac",
|
||||
"reference": "1819adf2066880c7967df7180f4f662b6f0567ac",
|
||||
"url": "https://api.github.com/repos/symfony/yaml/zipball/0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
|
||||
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.5.9"
|
||||
"php": ">=5.3.9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.1-dev"
|
||||
"dev-master": "2.8-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -840,7 +888,7 @@
|
|||
],
|
||||
"description": "Symfony Yaml Component",
|
||||
"homepage": "https://symfony.com",
|
||||
"time": "2016-07-17 14:02:08"
|
||||
"time": "2016-07-17 09:06:15"
|
||||
}
|
||||
],
|
||||
"aliases": [],
|
||||
|
@ -852,7 +900,7 @@
|
|||
"prefer-stable": false,
|
||||
"prefer-lowest": false,
|
||||
"platform": {
|
||||
"php": "^5.3 || ^7.0"
|
||||
"php": "^5.2.6 || ^7.0"
|
||||
},
|
||||
"platform-dev": []
|
||||
}
|
||||
|
|
|
@ -26,6 +26,15 @@ use Exception;
|
|||
*/
|
||||
class ServerSalt extends AbstractPersistence
|
||||
{
|
||||
/**
|
||||
* file where salt is saved to
|
||||
*
|
||||
* @access private
|
||||
* @static
|
||||
* @var string
|
||||
*/
|
||||
private static $_file = 'salt.php';
|
||||
|
||||
/**
|
||||
* generated salt
|
||||
*
|
||||
|
@ -44,15 +53,7 @@ class ServerSalt extends AbstractPersistence
|
|||
*/
|
||||
public static function generate()
|
||||
{
|
||||
$randomSalt = '';
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
|
||||
} else {
|
||||
// fallback to mt_rand()
|
||||
for ($i = 0; $i < 256; ++$i) {
|
||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
||||
}
|
||||
}
|
||||
$randomSalt = bin2hex(random_bytes(256));
|
||||
return $randomSalt;
|
||||
}
|
||||
|
||||
|
@ -70,19 +71,18 @@ class ServerSalt extends AbstractPersistence
|
|||
return self::$_salt;
|
||||
}
|
||||
|
||||
$file = 'salt.php';
|
||||
if (self::_exists($file)) {
|
||||
if (is_readable(self::getPath($file))) {
|
||||
$items = explode('|', file_get_contents(self::getPath($file)));
|
||||
if (self::_exists(self::$_file)) {
|
||||
if (is_readable(self::getPath(self::$_file))) {
|
||||
$items = explode('|', file_get_contents(self::getPath(self::$_file)));
|
||||
}
|
||||
if (!isset($items) || !is_array($items) || count($items) != 3) {
|
||||
throw new Exception('unable to read file ' . self::getPath($file), 20);
|
||||
throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
|
||||
}
|
||||
self::$_salt = $items[1];
|
||||
} else {
|
||||
self::$_salt = self::generate();
|
||||
self::_store(
|
||||
$file,
|
||||
self::$_file,
|
||||
'<?php /* |' . self::$_salt . '| */ ?>'
|
||||
);
|
||||
}
|
||||
|
|
|
@ -43,26 +43,6 @@ class ServerSaltTest extends PHPUnit_Framework_TestCase
|
|||
ServerSalt::setPath($this->_path);
|
||||
$salt = ServerSalt::get();
|
||||
|
||||
// mcrypt mock
|
||||
if (!function_exists('mcrypt_create_iv')) {
|
||||
if (!defined('MCRYPT_DEV_URANDOM')) {
|
||||
define('MCRYPT_DEV_URANDOM', 1);
|
||||
}
|
||||
function mcrypt_create_iv($int, $flag)
|
||||
{
|
||||
$randomSalt = '';
|
||||
for ($i = 0; $i < $int; ++$i) {
|
||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
||||
}
|
||||
// hex2bin requires an even length, pad if necessary
|
||||
if (strlen($randomSalt) % 2) {
|
||||
$randomSalt = '0' . $randomSalt;
|
||||
}
|
||||
return hex2bin($randomSalt);
|
||||
}
|
||||
$this->assertNotEquals($salt, ServerSalt::generate());
|
||||
}
|
||||
|
||||
// try setting a different path and resetting it
|
||||
ServerSalt::setPath($this->_otherPath);
|
||||
$this->assertNotEquals($salt, ServerSalt::get());
|
||||
|
|
|
@ -17,6 +17,7 @@ return array(
|
|||
'PrivateBin\\Data\\Filesystem' => $baseDir . '/lib/Data/Filesystem.php',
|
||||
'PrivateBin\\Filter' => $baseDir . '/lib/Filter.php',
|
||||
'PrivateBin\\I18n' => $baseDir . '/lib/I18n.php',
|
||||
'PrivateBin\\Json' => $baseDir . '/lib/Json.php',
|
||||
'PrivateBin\\Model' => $baseDir . '/lib/Model.php',
|
||||
'PrivateBin\\Model\\AbstractModel' => $baseDir . '/lib/Model/AbstractModel.php',
|
||||
'PrivateBin\\Model\\Comment' => $baseDir . '/lib/Model/Comment.php',
|
||||
|
|
|
@ -47,6 +47,24 @@ class ComposerAutoloaderInitDontChange
|
|||
|
||||
$loader->register(true);
|
||||
|
||||
if ($useStaticLoader) {
|
||||
$includeFiles = Composer\Autoload\ComposerStaticInitDontChange::$files;
|
||||
} else {
|
||||
$includeFiles = require __DIR__ . '/autoload_files.php';
|
||||
}
|
||||
foreach ($includeFiles as $fileIdentifier => $file) {
|
||||
composerRequireDontChange($fileIdentifier, $file);
|
||||
}
|
||||
|
||||
return $loader;
|
||||
}
|
||||
}
|
||||
|
||||
function composerRequireDontChange($fileIdentifier, $file)
|
||||
{
|
||||
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
|
||||
require $file;
|
||||
|
||||
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,10 @@ namespace Composer\Autoload;
|
|||
|
||||
class ComposerStaticInitDontChange
|
||||
{
|
||||
public static $files = array (
|
||||
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
|
||||
);
|
||||
|
||||
public static $prefixLengthsPsr4 = array (
|
||||
'P' =>
|
||||
array (
|
||||
|
@ -42,6 +46,7 @@ class ComposerStaticInitDontChange
|
|||
'PrivateBin\\Data\\Filesystem' => __DIR__ . '/../..' . '/lib/Data/Filesystem.php',
|
||||
'PrivateBin\\Filter' => __DIR__ . '/../..' . '/lib/Filter.php',
|
||||
'PrivateBin\\I18n' => __DIR__ . '/../..' . '/lib/I18n.php',
|
||||
'PrivateBin\\Json' => __DIR__ . '/../..' . '/lib/Json.php',
|
||||
'PrivateBin\\Model' => __DIR__ . '/../..' . '/lib/Model.php',
|
||||
'PrivateBin\\Model\\AbstractModel' => __DIR__ . '/../..' . '/lib/Model/AbstractModel.php',
|
||||
'PrivateBin\\Model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php',
|
||||
|
|
|
@ -50,5 +50,55 @@
|
|||
"identicon",
|
||||
"image"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "paragonie/random_compat",
|
||||
"version": "v2.0.2",
|
||||
"version_normalized": "2.0.2.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/paragonie/random_compat.git",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "4.*|5.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||
},
|
||||
"time": "2016-04-03 06:00:07",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"lib/random.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paragon Initiative Enterprises",
|
||||
"email": "security@paragonie.com",
|
||||
"homepage": "https://paragonie.com"
|
||||
}
|
||||
],
|
||||
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||
"keywords": [
|
||||
"csprng",
|
||||
"pseudorandom",
|
||||
"random"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue