Merge pull request #15 from NicolaeIotu/random-bytes-improvements

Error fix and improved usage of function random_bytes

Framework/Libraries/CSRF/CSRF.php

@@ -72,7 +72,7 @@ private static function getCSRFCookieName(): string
             try {
                 $csrf_cookie_suffix = \bin2hex(\random_bytes(4));
             } catch (\Exception $exception) {
-                \syslog(LOG_ERR, 'Error with PHP random_bytes: ' . $exception->getMessage());
+                \syslog(LOG_ERR, 'Randomness error: ' . $exception->getMessage());
                 $csrf_cookie_suffix = '';
             }
             $csrf_cookie_name = \env('cleandeck.cookie.prefix', '') . CSRFConstants::CSRF_COOKIE_BASE_NAME .
@@ -93,7 +93,7 @@ public static function init(): string|false
         try {
             $random_sequence = \bin2hex(random_bytes(12));
         } catch (\Exception $exception) {
-            \syslog(LOG_ERR, 'Error with PHP random_bytes: ' . $exception->getMessage());
+            \syslog(LOG_ERR, 'Randomness error: ' . $exception->getMessage());
             $random_sequence = \time() . (\env('cleandeck.app_key', ''));
         }
 

Framework/Libraries/Captcha/CustomCaptcha.php

@@ -93,7 +93,7 @@ private function getCaptchaCookieName(string $captcha_cookie_suffix = null): str
             try {
                 $captcha_cookie_suffix = \bin2hex(\random_bytes(4));
             } catch (\Exception $e) {
-                \syslog(LOG_ERR, 'Error with PHP random_bytes: ' . $e->getMessage());
+                \syslog(LOG_ERR, 'Randomness error: ' . $e->getMessage());
                 $captcha_cookie_suffix = '';
             }
             $captcha_cookie_name = \env('cleandeck.cookie.prefix', '') . CustomCaptchaConstants::CAPTCHA_COOKIE_BASE_NAME .

Framework/Support/Scripts/ComposerScripts.php

@@ -48,13 +48,11 @@ public static function keygen(): void
         }
 
         try {
-            $app_key = \password_hash(\random_bytes(60), PASSWORD_DEFAULT);
-        } catch (\ValueError $valueError) {
-            throw new \Exception('Invalid hashing algorithm: ' . $valueError->getMessage(),
-                $valueError->getCode(), $valueError);
-        } catch (\Error $error) {
-            throw new \Exception('Failed to generate a new app_key: ' . $error->getMessage(),
-                $error->getCode(), $error);
+            $app_key_source = \bin2hex(\random_bytes(60));
+            $app_key = \password_hash($app_key_source, PASSWORD_DEFAULT);
+        } catch (\Exception $exception) {
+            throw new \Exception('Failed to generate a new app_key: ' . $exception->getMessage(),
+                $exception->getCode(), $exception);
         }
 
         $replacement = 'app_key = ' . $app_key;
@@ -134,20 +132,13 @@ public static function generateSslPassword(mixed $op_type = null): void
             }
             $ssl_password = $ssl_settings_ini['certificate-settings']['password'];
         } else {
-            try {
-                $ssl_password = \password_hash(\random_bytes(18), PASSWORD_DEFAULT);
-                $ssl_password = \preg_replace('/[^a-zA-Z0-9]/', '', $ssl_password);
-                if (!is_string($ssl_password)) {
-                    throw new \Exception('Error when replacing invalid password characters. Try again.');
-                }
-                $ssl_password = \substr($ssl_password, 4);
-            } catch (\ValueError $valueError) {
-                throw new \Exception('Invalid hashing algorithm: ' . $valueError->getMessage(),
-                    $valueError->getCode(), $valueError);
-            } catch (\Error $error) {
-                throw new \Exception('Failed to generate a new ssl password: ' . $error->getMessage(),
-                    $error->getCode(), $error);
+            $ssl_password_source = \bin2hex(\random_bytes(18));
+            $ssl_password = \password_hash($ssl_password_source, PASSWORD_DEFAULT);
+            $ssl_password = \preg_replace('/[^a-zA-Z0-9]/', '', $ssl_password);
+            if (!is_string($ssl_password)) {
+                throw new \Exception('Error when replacing invalid password characters. Try again.');
             }
+            $ssl_password = \substr($ssl_password, 4);
         }
 
         $replacement = 'password = ' . $ssl_password;