1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 08:42:41 +01:00

Use Filesystem::readRandomBytes() instead of copy/pasting reads of /dev/urandom

everywhere.

Summary:

Test Plan: Logged out and in a few times, verified I got reasonable session
keys assigned.

Reviewers:

CC:
This commit is contained in:
epriestley 2011-02-11 16:12:34 -08:00
parent 3671f88a52
commit bacf622178
4 changed files with 5 additions and 24 deletions

View file

@ -68,26 +68,12 @@ class PhabricatorUser extends PhabricatorUserDAO {
} }
private function generateConduitCertificate() { private function generateConduitCertificate() {
$entropy = $this->generateEntropy($bytes = 256); $entropy = Filesystem::readRandomBytes(256);
$entropy = base64_encode($entropy); $entropy = base64_encode($entropy);
$entropy = substr($entropy, 0, 255); $entropy = substr($entropy, 0, 255);
return $entropy; return $entropy;
} }
private function generateEntropy($bytes) {
$urandom = fopen('/dev/urandom', 'r');
if (!$urandom) {
throw new Exception("Failed to open /dev/urandom!");
}
$entropy = fread($urandom, $bytes);
if (strlen($entropy) != $bytes) {
throw new Exception("Failed to read /dev/urandom!");
}
return $entropy;
}
public function comparePassword($password) { public function comparePassword($password) {
$password = $this->hashPassword($password); $password = $this->hashPassword($password);
return ($password === $this->getPasswordHash()); return ($password === $this->getPasswordHash());
@ -137,7 +123,7 @@ class PhabricatorUser extends PhabricatorUserDAO {
public function establishSession($session_type) { public function establishSession($session_type) {
$conn_w = $this->establishConnection('w'); $conn_w = $this->establishConnection('w');
$entropy = $this->generateEntropy($bytes = 20); $entropy = Filesystem::readRandomBytes(20);
$session_key = sha1($entropy); $session_key = sha1($entropy);
queryfx( queryfx(

View file

@ -11,6 +11,7 @@ phutil_require_module('phabricator', 'applications/phid/storage/phid');
phutil_require_module('phabricator', 'infrastructure/env'); phutil_require_module('phabricator', 'infrastructure/env');
phutil_require_module('phabricator', 'storage/queryfx'); phutil_require_module('phabricator', 'storage/queryfx');
phutil_require_module('phutil', 'filesystem');
phutil_require_module('phutil', 'utils'); phutil_require_module('phutil', 'utils');

View file

@ -31,14 +31,7 @@ class PhabricatorPHID extends PhabricatorPHIDDAO {
throw new Exception("Can not generate PHID with no type."); throw new Exception("Can not generate PHID with no type.");
} }
$urandom = @fopen('/dev/urandom', 'r'); $entropy = Filesystem::readRandomBytes(20);
if (!$urandom) {
throw new Exception("Failed to open /dev/urandom!");
}
$entropy = fread($urandom, 20);
if (strlen($entropy) != 20) {
throw new Exception("Failed to read from /dev/urandom!");
}
$uniq = sha1($entropy); $uniq = sha1($entropy);
$uniq = substr($uniq, 0, 20); $uniq = substr($uniq, 0, 20);

View file

@ -8,6 +8,7 @@
phutil_require_module('phabricator', 'applications/phid/storage/base'); phutil_require_module('phabricator', 'applications/phid/storage/base');
phutil_require_module('phutil', 'filesystem');
phutil_require_module('phutil', 'utils'); phutil_require_module('phutil', 'utils');