diff --git a/phpBB/includes/crypto/driver/bcrypt.php b/phpBB/includes/crypto/driver/bcrypt.php index 82ff2fb844..d98bf8c940 100644 --- a/phpBB/includes/crypto/driver/bcrypt.php +++ b/phpBB/includes/crypto/driver/bcrypt.php @@ -81,6 +81,6 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base */ protected function get_random_salt() { - return substr(str_replace('+', '.', bin2hex(openssl_random_pseudo_bytes(22))), 0, 22); + return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22); } } diff --git a/phpBB/includes/crypto/driver/helper.php b/phpBB/includes/crypto/driver/helper.php index 2931058629..3eafdf1ecc 100644 --- a/phpBB/includes/crypto/driver/helper.php +++ b/phpBB/includes/crypto/driver/helper.php @@ -23,6 +23,12 @@ class phpbb_crypto_driver_helper /** @var phpbb_config */ protected $driver; + /** + * base64 alphabet + * @var string + */ + public $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + /** * Constructor of crypto driver helper object */ @@ -36,11 +42,10 @@ class phpbb_crypto_driver_helper * * @param string $input Input string * @param int $count Input string length - * @param string $itoa64 Allowed characters string * * @return string base64 encoded string */ - public function hash_encode64($input, $count, &$itoa64) + public function hash_encode64($input, $count) { $output = ''; $i = 0; @@ -48,14 +53,14 @@ class phpbb_crypto_driver_helper do { $value = ord($input[$i++]); - $output .= $itoa64[$value & 0x3f]; + $output .= $this->itoa64[$value & 0x3f]; if ($i < $count) { $value |= ord($input[$i]) << 8; } - $output .= $itoa64[($value >> 6) & 0x3f]; + $output .= $this->itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) { @@ -67,14 +72,14 @@ class phpbb_crypto_driver_helper $value |= ord($input[$i]) << 16; } - $output .= $itoa64[($value >> 12) & 0x3f]; + $output .= $this->itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) { break; } - $output .= $itoa64[($value >> 18) & 0x3f]; + $output .= $this->itoa64[($value >> 18) & 0x3f]; } while ($i < $count); @@ -105,4 +110,34 @@ class phpbb_crypto_driver_helper return substr($val, 4, 16); } + + /** + * Get random salt with specified length + * + * @param int $length Salt length + */ + public function get_random_salt($length) + { + $random = ''; + + if (($fh = @fopen('/dev/urandom', 'rb'))) + { + $random = fread($fh, $length); + fclose($fh); + } + + if (strlen($random) < $length) + { + $random = ''; + $random_state = $this->helper->unique_id(); + + for ($i = 0; $i < $length; $i += 16) + { + $random_state = md5($this->helper->unique_id() . $random_state); + $random .= pack('H*', md5($random_state)); + } + $random = substr($random, 0, $length); + } + return $random; + } } diff --git a/phpBB/includes/crypto/driver/salted_md5.php b/phpBB/includes/crypto/driver/salted_md5.php index 8e1c8a0d05..1bb7a17afc 100644 --- a/phpBB/includes/crypto/driver/salted_md5.php +++ b/phpBB/includes/crypto/driver/salted_md5.php @@ -20,8 +20,6 @@ if (!defined('IN_PHPBB')) */ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base { - protected $itoa = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - const PREFIX = '$H$'; /** @@ -68,7 +66,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base while (--$settings['count']); $output = $settings['full']; - $output .= $this->helper->hash_encode64($hash, 16, $this->itoa); + $output .= $this->helper->hash_encode64($hash, 16); if (strlen($output) == 34) { @@ -108,28 +106,11 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base $random = ''; $count = 6; - if (($fh = @fopen('/dev/urandom', 'rb'))) - { - $random = fread($fh, $count); - fclose($fh); - } - - if (strlen($random) < $count) - { - $random = ''; - $random_state = $this->helper->unique_id(); - - for ($i = 0; $i < $count; $i += 16) - { - $random_state = md5($this->helper->unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); - } - $random = substr($random, 0, $count); - } + $random = $this->helper->get_random_salt($count); $salt = '$H$'; - $salt .= $this->itoa[min($count + 5, 30)]; - $salt .= $this->helper->hash_encode64($random, 6, $this->itoa); + $salt .= $this->helper->itoa64[min($count + 5, 30)]; + $salt .= $this->helper->hash_encode64($random, $count); return $salt; } @@ -146,7 +127,7 @@ class phpbb_crypto_driver_salted_md5 extends phpbb_crypto_driver_base { return false; } - $count_log2 = strpos($this->itoa, $hash[3]); + $count_log2 = strpos($this->helper->itoa64, $hash[3]); $salt = substr($hash, 4, 8); if ($count_log2 < 7 || $count_log2 > 30 || strlen($salt) != 8)