diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-12 09:12:13 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-12 09:12:13 +0100 |
| commit | 3ec8789c7708aea2f8b4335af7d496a957a16011 (patch) | |
| tree | 669088ff58bb1f727f769e3456af1f4c96bc4fd4 /lib | |
| parent | d11d9407cea94ebe430e50b81e01a671ec60f642 (diff) | |
| parent | 07fd3889b1e7752131dc0bc746abec7646c89d01 (diff) | |
| download | nextcloud-server-3ec8789c7708aea2f8b4335af7d496a957a16011.tar.gz nextcloud-server-3ec8789c7708aea2f8b4335af7d496a957a16011.zip | |
Merge pull request #21628 from owncloud/deprecated_secure_random_funcions
Replace deprecated function calls to SecureRandom
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 2 | ||||
| -rw-r--r-- | lib/private/appframework/http/request.php | 2 | ||||
| -rw-r--r-- | lib/private/cache/file.php | 2 | ||||
| -rw-r--r-- | lib/private/db/mdb2schemamanager.php | 2 | ||||
| -rw-r--r-- | lib/private/security/crypto.php | 2 | ||||
| -rw-r--r-- | lib/private/session/cryptowrapper.php | 2 | ||||
| -rw-r--r-- | lib/private/setup.php | 4 | ||||
| -rw-r--r-- | lib/private/setup/mysql.php | 2 | ||||
| -rw-r--r-- | lib/private/share/share.php | 4 | ||||
| -rw-r--r-- | lib/private/user.php | 2 | ||||
| -rw-r--r-- | lib/private/user/session.php | 2 | ||||
| -rw-r--r-- | lib/private/util.php | 6 |
12 files changed, 16 insertions, 16 deletions
diff --git a/lib/base.php b/lib/base.php index 80b1a2bafcd..6f0cd14b5b4 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1076,7 +1076,7 @@ class OC { if ($config->getSystemValue('debug', false)) { self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core')); } - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); + $token = \OC::$server->getSecureRandom()->generate(32); $config->setUserValue($userId, 'login_token', $token, time()); OC_User::setMagicInCookie($userId, $token); } else { diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php index 6ba1d8f644d..94e58cfc679 100644 --- a/lib/private/appframework/http/request.php +++ b/lib/private/appframework/http/request.php @@ -465,7 +465,7 @@ class Request implements \ArrayAccess, \Countable, IRequest { } if(empty($this->requestId)) { - $this->requestId = $this->secureRandom->getLowStrengthGenerator()->generate(20); + $this->requestId = $this->secureRandom->generate(20); } return $this->requestId; diff --git a/lib/private/cache/file.php b/lib/private/cache/file.php index 31d4718d18a..c531f8c610b 100644 --- a/lib/private/cache/file.php +++ b/lib/private/cache/file.php @@ -99,7 +99,7 @@ class File implements ICache { $storage = $this->getStorage(); $result = false; // unique id to avoid chunk collision, just in case - $uniqueId = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate( + $uniqueId = \OC::$server->getSecureRandom()->generate( 16, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER ); diff --git a/lib/private/db/mdb2schemamanager.php b/lib/private/db/mdb2schemamanager.php index 6fa9a63ec00..5cf1172e64f 100644 --- a/lib/private/db/mdb2schemamanager.php +++ b/lib/private/db/mdb2schemamanager.php @@ -75,7 +75,7 @@ class MDB2SchemaManager { * @return \OC\DB\Migrator */ public function getMigrator() { - $random = \OC::$server->getSecureRandom()->getMediumStrengthGenerator(); + $random = \OC::$server->getSecureRandom(); $platform = $this->conn->getDatabasePlatform(); $config = \OC::$server->getConfig(); if ($platform instanceof SqlitePlatform) { diff --git a/lib/private/security/crypto.php b/lib/private/security/crypto.php index 46d0c750b2f..6737902640f 100644 --- a/lib/private/security/crypto.php +++ b/lib/private/security/crypto.php @@ -90,7 +90,7 @@ class Crypto implements ICrypto { } $this->cipher->setPassword($password); - $iv = $this->random->getLowStrengthGenerator()->generate($this->ivLength); + $iv = $this->random->generate($this->ivLength); $this->cipher->setIV($iv); $ciphertext = bin2hex($this->cipher->encrypt($plaintext)); diff --git a/lib/private/session/cryptowrapper.php b/lib/private/session/cryptowrapper.php index 177f11ffb70..4875788530a 100644 --- a/lib/private/session/cryptowrapper.php +++ b/lib/private/session/cryptowrapper.php @@ -74,7 +74,7 @@ class CryptoWrapper { if (!is_null($request->getCookie(self::COOKIE_NAME))) { $this->passphrase = $request->getCookie(self::COOKIE_NAME); } else { - $this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128); + $this->passphrase = $this->random->generate(128); $secureCookie = $request->getServerProtocol() === 'https'; // FIXME: Required for CI if (!defined('PHPUNIT_RUN')) { diff --git a/lib/private/setup.php b/lib/private/setup.php index 770f5cdab52..d318e5f0575 100644 --- a/lib/private/setup.php +++ b/lib/private/setup.php @@ -310,9 +310,9 @@ class Setup { } //generate a random salt that is used to salt the local user passwords - $salt = $this->random->getLowStrengthGenerator()->generate(30); + $salt = $this->random->generate(30); // generate a secret - $secret = $this->random->getMediumStrengthGenerator()->generate(48); + $secret = $this->random->generate(48); //write the config file $this->config->setSystemValues([ diff --git a/lib/private/setup/mysql.php b/lib/private/setup/mysql.php index e8b88eb3489..63ded13ede7 100644 --- a/lib/private/setup/mysql.php +++ b/lib/private/setup/mysql.php @@ -143,7 +143,7 @@ class MySQL extends AbstractDatabase { $this->dbUser = $adminUser; //create a random password so we don't need to store the admin password in the config file - $this->dbPassword = $this->random->getMediumStrengthGenerator()->generate(30); + $this->dbPassword = $this->random->generate(30); $this->createDBUser($connection); diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 63639461f0a..960ed539847 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -819,7 +819,7 @@ class Share extends Constants { if (isset($oldToken)) { $token = $oldToken; } else { - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, + $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER. \OCP\Security\ISecureRandom::CHAR_DIGITS ); @@ -860,7 +860,7 @@ class Share extends Constants { throw new \Exception($message_t); } - $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . + $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); $shareWith = $user . '@' . $remote; diff --git a/lib/private/user.php b/lib/private/user.php index fa1cea9072f..9595ec5f123 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -393,7 +393,7 @@ class OC_User { * generates a password */ public static function generatePassword() { - return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30); + return \OC::$server->getSecureRandom()->generate(30); } /** diff --git a/lib/private/user/session.php b/lib/private/user/session.php index be38b1b1d8e..7030f3ddbc9 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -260,7 +260,7 @@ class Session implements IUserSession, Emitter { } // replace successfully used token with a new one \OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken); - $newToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32); + $newToken = \OC::$server->getSecureRandom()->generate(32); \OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time()); $this->setMagicInCookie($user->getUID(), $newToken); diff --git a/lib/private/util.php b/lib/private/util.php index 4bcde68c355..ff28f782382 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1097,7 +1097,7 @@ class OC_Util { $id = \OC::$server->getSystemConfig()->getValue('instanceid', null); if (is_null($id)) { // We need to guarantee at least one letter in instanceid so it can be used as the session_name - $id = 'oc' . \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(10, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS); + $id = 'oc' . \OC::$server->getSecureRandom()->generate(10, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS); \OC::$server->getSystemConfig()->setValue('instanceid', $id); } return $id; @@ -1125,7 +1125,7 @@ class OC_Util { // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. - $requestToken = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength); + $requestToken = \OC::$server->getSecureRandom()->generate($tokenLength); \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it @@ -1133,7 +1133,7 @@ class OC_Util { } // XOR the token to mitigate breach-like attacks - $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength); + $sharedSecret = \OC::$server->getSecureRandom()->generate($tokenLength); self::$obfuscatedToken = base64_encode($requestToken ^ $sharedSecret) .':'.$sharedSecret; return self::$obfuscatedToken; |