[FEATURE] Add a CSPRNG 07/46507/7
authorChristian Futterlieb <christian@futterlieb.ch>
Sun, 31 Jan 2016 20:09:20 +0000 (21:09 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Sat, 5 Mar 2016 16:53:15 +0000 (17:53 +0100)
* Add a simple API for generation of random bytes, integers and
  hex-strings: Crypto\Random
* Deprecate the methods GeneralUtility::generateRandomBytes() and
  GeneralUtility::getRandomHexString()
* Replace occurrences of the deprecated methods

Change-Id: If4d6daa00138eac791954a4fd9a4fc26a79ddf07
Resolves: #73050
Releases: master
Reviewed-on: https://review.typo3.org/46507
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
21 files changed:
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Crypto/Random.php [new file with mode: 0644]
typo3/sysext/core/Classes/Database/PreparedStatement.php
typo3/sysext/core/Classes/FormProtection/AbstractFormProtection.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Documentation/Changelog/master/Deprecation-73050-DeprecatedRandomGeneratorMethodsInGeneralUtility.rst [new file with mode: 0644]
typo3/sysext/core/Documentation/Changelog/master/Feature-73050-AddACSPRNGAPI.rst [new file with mode: 0644]
typo3/sysext/core/Tests/Unit/Crypto/RandomTest.php [new file with mode: 0644]
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/frontend/Classes/ContentObject/Exception/ProductionExceptionHandler.php
typo3/sysext/install/Classes/Controller/Action/Tool/ImportantActions.php
typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/BlowfishSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Md5SaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Pbkdf2SaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/PhpassSaltTest.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php

index 11ad38e..6087aa0 100644 (file)
@@ -19,6 +19,7 @@ use TYPO3\CMS\Core\Database\DatabaseConnection;
 use TYPO3\CMS\Core\Exception;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Utility\MathUtility;
+use TYPO3\CMS\Core\Crypto\Random;
 
 /**
  * Authentication of users in TYPO3
@@ -800,7 +801,7 @@ abstract class AbstractUserAuthentication
      */
     public function createSessionId()
     {
-        return GeneralUtility::getRandomHexString($this->hash_length);
+        return GeneralUtility::makeInstance(Random::class)->generateRandomHexString($this->hash_length);
     }
 
     /**
diff --git a/typo3/sysext/core/Classes/Crypto/Random.php b/typo3/sysext/core/Classes/Crypto/Random.php
new file mode 100644 (file)
index 0000000..8d8c9e2
--- /dev/null
@@ -0,0 +1,54 @@
+<?php
+declare(strict_types=1);
+namespace TYPO3\CMS\Core\Crypto;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+/**
+ * Crypto safe pseudo-random value generation
+ */
+class Random
+{
+    /**
+     * Generates cryptographic secure pseudo-random bytes
+     *
+     * @param int $length
+     * @return string
+     */
+    public function generateRandomBytes(int $length): string {
+        return random_bytes($length);
+    }
+
+    /**
+     * Generates cryptographic secure pseudo-random integers
+     *
+     * @param int $min
+     * @param int $max
+     * @return int
+     */
+    public function generateRandomInteger(int $min, int $max): int {
+        return random_int($min, $max);
+    }
+
+    /**
+     * Generates cryptographic secure pseudo-random hex string
+     *
+     * @param int $length
+     * @return string
+     */
+    public function generateRandomHexString(int $length): string {
+        return substr(bin2hex($this->generateRandomBytes((int)(($length + 1) / 2))), 0, $length);
+    }
+
+}
index 7e51e8d..c7c62ff 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Core\Database;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * TYPO3 prepared statement for DatabaseConnection
  *
@@ -677,6 +680,6 @@ class PreparedStatement
      */
     protected function generateParameterWrapToken()
     {
-        return '__' . \TYPO3\CMS\Core\Utility\GeneralUtility::getRandomHexString(16) . '__';
+        return '__' . GeneralUtility::makeInstance(Random::class)->generateRandomHexString(16) . '__';
     }
 }
index a879371..870096c 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\FormProtection;
  */
 
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Crypto\Random;
 
 /**
  * This class provides protection against cross-site request forgery (XSRF/CSRF)
@@ -122,7 +123,7 @@ abstract class AbstractFormProtection
      */
     protected function generateSessionToken()
     {
-        return bin2hex(GeneralUtility::generateRandomBytes(32));
+        return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(64);
     }
 
     /**
index cceb541..6e77838 100755 (executable)
@@ -17,6 +17,7 @@ namespace TYPO3\CMS\Core\Utility;
 use TYPO3\CMS\Core\Charset\CharsetConverter;
 use TYPO3\CMS\Core\Core\ApplicationContext;
 use TYPO3\CMS\Core\Core\ClassLoadingInformation;
+use TYPO3\CMS\Core\Crypto\Random;
 use TYPO3\CMS\Core\Service\OpcodeCacheService;
 use TYPO3\CMS\Core\SingletonInterface;
 use TYPO3\CMS\Frontend\Page\PageRepository;
@@ -1042,111 +1043,14 @@ class GeneralUtility
     /**
      * Returns a string of highly randomized bytes (over the full 8-bit range).
      *
-     * Note: Returned values are not guaranteed to be crypto-safe,
-     * most likely they are not, depending on the used retrieval method.
-     *
-     * @param int $bytesToReturn Number of characters (bytes) to return
+     * @param int $bytesToReturn Number of bytes to return
      * @return string Random Bytes
-     * @see http://bugs.php.net/bug.php?id=52523
-     * @see http://www.php-security.org/2010/05/09/mops-submission-04-generating-unpredictable-session-ids-and-hashes/index.html
+     * @deprecated since TYPO3 CMS 8, this method will be removed in TYPO3 CMS 9. Use \TYPO3\CMS\Core\Crypto\Random->generateRandomBytes() instead
      */
     public static function generateRandomBytes($bytesToReturn)
     {
-        // Cache 4k of the generated bytestream.
-        static $bytes = '';
-        $bytesToGenerate = max(4096, $bytesToReturn);
-        // if we have not enough random bytes cached, we generate new ones
-        if (!isset($bytes[$bytesToReturn - 1])) {
-            if (TYPO3_OS === 'WIN') {
-                // Openssl seems to be deadly slow on Windows, so try to use mcrypt
-                $bytes .= self::generateRandomBytesMcrypt($bytesToGenerate);
-            } else {
-                // Try to use native PHP functions first, precedence has openssl
-                $bytes .= self::generateRandomBytesOpenSsl($bytesToGenerate);
-                if (!isset($bytes[$bytesToReturn - 1])) {
-                    $bytes .= self::generateRandomBytesMcrypt($bytesToGenerate);
-                }
-                // If openssl and mcrypt failed, try /dev/urandom
-                if (!isset($bytes[$bytesToReturn - 1])) {
-                    $bytes .= self::generateRandomBytesUrandom($bytesToGenerate);
-                }
-            }
-            // Fall back if other random byte generation failed until now
-            if (!isset($bytes[$bytesToReturn - 1])) {
-                $bytes .= self::generateRandomBytesFallback($bytesToReturn);
-            }
-        }
-        // get first $bytesToReturn and remove it from the byte cache
-        $output = substr($bytes, 0, $bytesToReturn);
-        $bytes = substr($bytes, $bytesToReturn);
-        return $output;
-    }
-
-    /**
-     * Generate random bytes using openssl if available
-     *
-     * @param string $bytesToGenerate
-     * @return string
-     */
-    protected static function generateRandomBytesOpenSsl($bytesToGenerate)
-    {
-        if (!function_exists('openssl_random_pseudo_bytes')) {
-            return '';
-        }
-        $isStrong = null;
-        return (string)openssl_random_pseudo_bytes($bytesToGenerate, $isStrong);
-    }
-
-    /**
-     * Generate random bytes using mcrypt if available
-     *
-     * @param $bytesToGenerate
-     * @return string
-     */
-    protected static function generateRandomBytesMcrypt($bytesToGenerate)
-    {
-        if (!function_exists('mcrypt_create_iv')) {
-            return '';
-        }
-        return (string)(@mcrypt_create_iv($bytesToGenerate, MCRYPT_DEV_URANDOM));
-    }
-
-    /**
-     * Read random bytes from /dev/urandom if it is accessible
-     *
-     * @param $bytesToGenerate
-     * @return string
-     */
-    protected static function generateRandomBytesUrandom($bytesToGenerate)
-    {
-        $bytes = '';
-        $fh = @fopen('/dev/urandom', 'rb');
-        if ($fh) {
-            // PHP only performs buffered reads, so in reality it will always read
-            // at least 4096 bytes. Thus, it costs nothing extra to read and store
-            // that much so as to speed any additional invocations.
-            $bytes = fread($fh, $bytesToGenerate);
-            fclose($fh);
-        }
-        return $bytes;
-    }
-
-    /**
-     * Generate pseudo random bytes as last resort
-     *
-     * @param $bytesToReturn
-     * @return string
-     */
-    protected static function generateRandomBytesFallback($bytesToReturn)
-    {
-        $bytes = '';
-        // We initialize with somewhat random.
-        $randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . base_convert(memory_get_usage() % pow(10, 6), 10, 2) . microtime() . StringUtility::getUniqueId() . getmypid();
-        while (!isset($bytes[$bytesToReturn - 1])) {
-            $randomState = sha1(microtime() . mt_rand() . $randomState);
-            $bytes .= sha1(mt_rand() . $randomState, true);
-        }
-        return $bytes;
+        self::logDeprecatedFunction();
+        return self::makeInstance(Random::class)->generateRandomBytes($bytesToReturn);
     }
 
     /**
@@ -1173,10 +1077,12 @@ class GeneralUtility
      *
      * @param int $count Number of hex characters to return
      * @return string Random Bytes
+     * @deprecated since TYPO3 CMS 8, this method will be removed in TYPO3 CMS 9. Use \TYPO3\CMS\Core\Crypto\Random::generateRandomHexString() instead
      */
     public static function getRandomHexString($count)
     {
-        return substr(bin2hex(self::generateRandomBytes((int)(($count + 1) / 2))), 0, $count);
+        self::logDeprecatedFunction();
+        return self::makeInstance(Random::class)->generateRandomHexString($count);
     }
 
     /**
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-73050-DeprecatedRandomGeneratorMethodsInGeneralUtility.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-73050-DeprecatedRandomGeneratorMethodsInGeneralUtility.rst
new file mode 100644 (file)
index 0000000..194792f
--- /dev/null
@@ -0,0 +1,30 @@
+===========================================================================
+Deprecation: #73050 - Deprecated random generator methods in GeneralUtility
+===========================================================================
+
+Description
+===========
+
+The method :php:`\TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes()` has been marked as deprecated in favor of :php:`\TYPO3\CMS\Core\Crypto\Random->generateRandomBytes()`.
+
+Also the method :php:`\TYPO3\CMS\Core\Utility\GeneralUtility::getRandomHexString()` has been marked as deprecated in favor of :php:`\TYPO3\CMS\Core\Crypto\Random->generateRandomHexString()`.
+
+
+Impact
+======
+
+Calling this methods directly will trigger a deprecation log entry.
+
+
+Affected Installations
+======================
+
+Any TYPO3 instance that use :php:`GeneralUtility::generateRandomBytes()` or :php:`GeneralUtility::getRandomHexString()` directly within an extension or third-party code.
+
+
+Migration
+=========
+
+Replace calls to :php:`GeneralUtility::generateRandomBytes()` with :php:`GeneralUtility::makeInstance(Random::class)->generateRandomBytes()`.
+
+Also replace calls to :php:`GeneralUtility::getRandomHexString()` with :php:`GeneralUtility::makeInstance(Random::class)->generateRandomHexString()`.
\ No newline at end of file
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Feature-73050-AddACSPRNGAPI.rst b/typo3/sysext/core/Documentation/Changelog/master/Feature-73050-AddACSPRNGAPI.rst
new file mode 100644 (file)
index 0000000..2ceb41a
--- /dev/null
@@ -0,0 +1,54 @@
+==================================
+Feature: #73050 - Add a CSPRNG API
+==================================
+
+Description
+===========
+
+A new cryptographically secure pseudo-random number generator (CSPRNG) is introduced in TYPO3 core. It takes advantage of the new CSPRNG functions in PHP 7.
+
+
+API overview
+============
+
+The API resides in the class :php:`\TYPO3\CMS\Core\Crypto\Random`. It provides several methods. Here is a brief overview of the interface:
+
+.. code-block:: php
+
+    class Random {
+        /**
+         * Generates cryptographic secure pseudo-random bytes
+         */
+        public function generateRandomBytes($length);
+
+        /**
+         * Generates cryptographic secure pseudo-random integers
+         */
+        public function generateRandomInteger($min, $max);
+
+        /**
+         * Generates cryptographic secure pseudo-random hex string
+         */
+        public function generateRandomHexString($length);
+    }
+
+
+Example
+-------
+
+.. code-block:: php
+
+    use \TYPO3\CMS\Core\Crypto\Random;
+    use \TYPO3\CMS\Core\Utility\GeneralUtility;
+
+    // Retrieving random bytes
+    $someRandomString = GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64);
+
+    // Rolling the dice..
+    $tossedValue = GeneralUtility::makeInstance(Random::class)->generateRandomInteger(1, 6);
+
+
+Impact
+======
+
+None, you can start to use the CSPRNG in your code by now.
diff --git a/typo3/sysext/core/Tests/Unit/Crypto/RandomTest.php b/typo3/sysext/core/Tests/Unit/Crypto/RandomTest.php
new file mode 100644 (file)
index 0000000..7ecf595
--- /dev/null
@@ -0,0 +1,71 @@
+<?php
+declare(strict_types=1);
+namespace TYPO3\CMS\Core\Tests\Unit\Crypto;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Core\Tests\UnitTestCase;
+use TYPO3\CMS\Core\Crypto\Random;
+
+/**
+ * Test case
+ */
+class RandomTest extends UnitTestCase
+{
+    /**
+     * @test
+     */
+    public function generateRandomBytesReturnsExpectedAmountOfBytes()
+    {
+        $subject = new Random();
+        $this->assertEquals(4, strlen($subject->generateRandomBytes(4)));
+    }
+
+    /**
+     * Data provider for generateRandomHexStringReturnsExpectedAmountOfChars
+     *
+     * @return array
+     */
+    public function generateRandomHexStringReturnsExpectedAmountOfCharsDataProvider()
+    {
+        return [
+            [1],
+            [2],
+            [3],
+            [4],
+            [7],
+            [8],
+            [31],
+            [32],
+            [100],
+            [102],
+            [4000],
+            [4095],
+            [4096],
+            [4097],
+            [8000]
+        ];
+    }
+
+    /**
+     * @test
+     * @dataProvider generateRandomHexStringReturnsExpectedAmountOfCharsDataProvider
+     * @param int $numberOfChars Number of Chars to generate
+     */
+    public function generateRandomHexStringReturnsExpectedAmountOfChars($numberOfChars)
+    {
+        $subject = new Random();
+        $this->assertEquals($numberOfChars, strlen($subject->generateRandomHexString($numberOfChars)));
+    }
+}
index b0b6dca..e15ebdd 100644 (file)
@@ -4526,66 +4526,6 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
         $this->assertEquals('Worked fine', GeneralUtility::callUserFunction($closure, $inputData, $this));
     }
 
-    ///////////////////////////////////////////////////
-    // Tests concerning generateRandomBytes
-    ///////////////////////////////////////////////////
-    /**
-     * @test
-     * @dataProvider generateRandomBytesReturnsExpectedAmountOfBytesDataProvider
-     * @param int $numberOfBytes Number of Bytes to generate
-     */
-    public function generateRandomBytesReturnsExpectedAmountOfBytes($numberOfBytes)
-    {
-        $this->assertEquals(strlen(GeneralUtility::generateRandomBytes($numberOfBytes)), $numberOfBytes);
-    }
-
-    public function generateRandomBytesReturnsExpectedAmountOfBytesDataProvider()
-    {
-        return array(
-            array(1),
-            array(2),
-            array(3),
-            array(4),
-            array(7),
-            array(8),
-            array(31),
-            array(32),
-            array(100),
-            array(102),
-            array(4000),
-            array(4095),
-            array(4096),
-            array(4097),
-            array(8000)
-        );
-    }
-
-    /**
-     * @test
-     * @dataProvider generateRandomBytesReturnsDifferentBytesDuringDifferentCallsDataProvider
-     * @param int $numberOfBytes  Number of Bytes to generate
-     */
-    public function generateRandomBytesReturnsDifferentBytesDuringDifferentCalls($numberOfBytes)
-    {
-        $results = array();
-        $numberOfTests = 5;
-        // generate a few random numbers
-        for ($i = 0; $i < $numberOfTests; $i++) {
-            $results[$i] = GeneralUtility::generateRandomBytes($numberOfBytes);
-        }
-        // array_unique would filter out duplicates
-        $this->assertEquals($results, array_unique($results));
-    }
-
-    public function generateRandomBytesReturnsDifferentBytesDuringDifferentCallsDataProvider()
-    {
-        return array(
-            array(32),
-            array(128),
-            array(4096)
-        );
-    }
-
     /**
      * @return array
      */
index 7a20842..df2977f 100644 (file)
@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Felogin\Controller;
 
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Utility\StringUtility;
+use TYPO3\CMS\Core\Crypto\Random;
 
 /**
  * Plugin 'Website User Login' for the 'felogin' extension.
@@ -397,7 +398,7 @@ class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
         $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
         $validEnd = time() + 3600 * $hours;
         $validEndString = date($this->conf['dateFormat'], $validEnd);
-        $hash = md5(GeneralUtility::generateRandomBytes(64));
+        $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
         $randHash = $validEnd . '|' . $hash;
         $randHashDB = $validEnd . '|' . md5($hash);
         // Write hash to DB
index c020a14..562eee8 100644 (file)
@@ -18,6 +18,7 @@ use Psr\Log\LoggerInterface;
 use TYPO3\CMS\Core\Log\LogManager;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Frontend\ContentObject\AbstractContentObject;
+use TYPO3\CMS\Core\Crypto\Random;
 
 /**
  * Exception handler class for content object rendering
@@ -56,7 +57,7 @@ class ProductionExceptionHandler implements ExceptionHandlerInterface
             }
         }
         $errorMessage = isset($this->configuration['errorMessage']) ? $this->configuration['errorMessage'] : 'Oops, an error occurred! Code: %s';
-        $code = date('YmdHis', $_SERVER['REQUEST_TIME']) . GeneralUtility::getRandomHexString(8);
+        $code = date('YmdHis', $_SERVER['REQUEST_TIME']) . GeneralUtility::makeInstance(Random::class)->generateRandomHexString(8);
 
         $this->logException($exception, $errorMessage, $code);
 
index 9078a84..20b7d45 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Install\Controller\Action\Tool;
  */
 
 use TYPO3\CMS\Core\Core\Bootstrap;
+use TYPO3\CMS\Core\Crypto\Random;
 use TYPO3\CMS\Core\Service\OpcodeCacheService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Install\Controller\Action;
@@ -184,7 +185,7 @@ class ImportantActions extends Action\AbstractAction
      */
     protected function setNewEncryptionKeyAndLogOut()
     {
-        $newKey = \TYPO3\CMS\Core\Utility\GeneralUtility::getRandomHexString(96);
+        $newKey = $this->objectManager->get(Random::class)->generateRandomHexString(96);
         /** @var \TYPO3\CMS\Core\Configuration\ConfigurationManager $configurationManager */
         $configurationManager = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class);
         $configurationManager->setLocalConfigurationValueByPath('SYS/encryptionKey', $newKey);
index cbf1b94..9e1ff85 100755 (executable)
@@ -18,6 +18,7 @@ use TYPO3\CMS\Core\Configuration\ConfigurationManager;
 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Install\Controller\Exception\RedirectException;
+use TYPO3\CMS\Core\Crypto\Random;
 
 /**
  * Execute "silent" LocalConfiguration upgrades if needed.
@@ -212,7 +213,7 @@ class SilentConfigurationUpgradeService
         }
 
         if (empty($currentValue)) {
-            $randomKey = GeneralUtility::getRandomHexString(96);
+            $randomKey = GeneralUtility::makeInstance(Random::class)->generateRandomHexString(96);
             $this->configurationManager->setLocalConfigurationValueByPath('SYS/encryptionKey', $randomKey);
             $this->throwRedirectException();
         }
index a02a729..b02a536 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Class that implements MD5 salted hashing based on PHP's
  * crypt() function.
@@ -97,7 +100,7 @@ class Md5Salt extends AbstractSalt implements SaltInterface
      */
     protected function getGeneratedSalt()
     {
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->getSaltLength());
         return $this->base64Encode($randomBytes, $this->getSaltLength());
     }
 
index f3e2a63..3f965c0 100644 (file)
@@ -13,6 +13,8 @@ namespace TYPO3\CMS\Saltedpasswords\Salt;
  *
  * The TYPO3 project - inspiring people to share!
  */
+
+use TYPO3\CMS\Core\Crypto\Random;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
@@ -143,7 +145,7 @@ class Pbkdf2Salt extends AbstractSalt implements SaltInterface
      */
     protected function getGeneratedSalt()
     {
-        return GeneralUtility::generateRandomBytes($this->getSaltLength());
+        return GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->getSaltLength());
     }
 
     /**
index 5a7abdf..294af8b 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Class that implements PHPass salted hashing based on Drupal's
  * modified Openwall implementation.
@@ -198,7 +201,7 @@ class PhpassSalt extends AbstractSalt implements SaltInterface
      */
     protected function getGeneratedSalt()
     {
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->getSaltLength());
         return $this->base64Encode($randomBytes, $this->getSaltLength());
     }
 
index ee1e486..e087895 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Testcase for BlowfishSalt
  */
@@ -107,7 +110,7 @@ class BlowfishSaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
         $this->skipTestIfBlowfishIsNotAvailable();
         $password = 'password';
         // custom salt without setting
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->objectInstance->getSaltLength());
         $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
         $this->assertTrue($this->objectInstance->isValidSalt($salt));
         $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
index 50c8523..7a76cf6 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Testcases for Md5Salt
  */
@@ -106,7 +109,7 @@ class Md5SaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
     {
         $password = 'password';
         // custom salt without setting
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->objectInstance->getSaltLength());
         $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
         $this->assertTrue($this->objectInstance->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
         $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
index 0d24e7b..d5b4555 100644 (file)
@@ -14,6 +14,8 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt;
 
 /**
@@ -99,7 +101,7 @@ class Pbkdf2SaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
     {
         $password = 'password';
         // custom salt without setting
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->objectInstance->getSaltLength());
         $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
         $this->assertTrue($this->objectInstance->isValidSalt($salt));
         $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
index 0e2611d..06da5b5 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Testcase for PhpassSalt
  */
@@ -92,7 +95,7 @@ class PhpassSaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
     {
         $password = 'password';
         // custom salt without setting
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->objectInstance->getSaltLength());
         $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
         $this->assertTrue($this->objectInstance->isValidSalt($salt));
         $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
index 64cd55b..52f0657 100644 (file)
@@ -14,6 +14,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Crypto\Random;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+
 /**
  * Testcase for SaltFactory
  */
@@ -74,13 +77,13 @@ class SaltFactoryTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
         // used for MD5 and PHPass salted hashing
         $byteLength = 3;
         $reqLengthBase64 = (int)ceil($byteLength * 8 / 6);
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($byteLength);
         $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
         // 16 Bytes should result in a 22 char length base64 encoded string
         // used for Blowfish salted hashing
         $byteLength = 16;
         $reqLengthBase64 = (int)ceil($byteLength * 8 / 6);
-        $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
+        $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($byteLength);
         $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
     }