use "random_bytes" instead of "openssl_random_pseudo_bytes"
This commit is contained in:
parent
cfb9b73205
commit
74f3c885bf
|
@ -181,7 +181,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
|
||||||
* random key which is encrypted with their site public key.
|
* random key which is encrypted with their site public key.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$src_aes_key = openssl_random_pseudo_bytes(64);
|
$src_aes_key = random_bytes(64);
|
||||||
|
|
||||||
$result = '';
|
$result = '';
|
||||||
openssl_private_encrypt($dfrn_id, $result, $user['prvkey']);
|
openssl_private_encrypt($dfrn_id, $result, $user['prvkey']);
|
||||||
|
|
|
@ -46,8 +46,8 @@ class Apps extends BaseApi
|
||||||
DI::mstdnError()->RecordNotFound();
|
DI::mstdnError()->RecordNotFound();
|
||||||
}
|
}
|
||||||
|
|
||||||
$client_id = bin2hex(openssl_random_pseudo_bytes(32));
|
$client_id = bin2hex(random_bytes(32));
|
||||||
$client_secret = bin2hex(openssl_random_pseudo_bytes(32));
|
$client_secret = bin2hex(random_bytes(32));
|
||||||
|
|
||||||
$fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect];
|
$fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect];
|
||||||
|
|
||||||
|
|
|
@ -216,8 +216,8 @@ class BaseApi extends BaseModule
|
||||||
|
|
||||||
public static function getTokenForUser(array $application, int $uid)
|
public static function getTokenForUser(array $application, int $uid)
|
||||||
{
|
{
|
||||||
$code = bin2hex(openssl_random_pseudo_bytes(32));
|
$code = bin2hex(random_bytes(32));
|
||||||
$access_token = bin2hex(openssl_random_pseudo_bytes(32));
|
$access_token = bin2hex(random_bytes(32));
|
||||||
|
|
||||||
$fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)];
|
$fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)];
|
||||||
if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) {
|
if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) {
|
||||||
|
|
|
@ -1272,7 +1272,7 @@ class DFRN
|
||||||
|
|
||||||
switch ($rino_remote_version) {
|
switch ($rino_remote_version) {
|
||||||
case 1:
|
case 1:
|
||||||
$key = openssl_random_pseudo_bytes(16);
|
$key = random_bytes(16);
|
||||||
$data = self::aesEncrypt($postvars['data'], $key);
|
$data = self::aesEncrypt($postvars['data'], $key);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
@ -2870,9 +2870,9 @@ class Diaspora
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$aes_key = openssl_random_pseudo_bytes(32);
|
$aes_key = random_bytes(32);
|
||||||
$b_aes_key = base64_encode($aes_key);
|
$b_aes_key = base64_encode($aes_key);
|
||||||
$iv = openssl_random_pseudo_bytes(16);
|
$iv = random_bytes(16);
|
||||||
$b_iv = base64_encode($iv);
|
$b_iv = base64_encode($iv);
|
||||||
|
|
||||||
$ciphertext = self::aesEncrypt($aes_key, $iv, $msg);
|
$ciphertext = self::aesEncrypt($aes_key, $iv, $msg);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user