Apache::Session::Generate::SHA256 improvements (#1808)

6 years ago · 4a58de0b92
parent c4d4b482a5
commit 4a58de0b92
1 changed files with 12 additions and 10 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Apache/Session/Generate/SHA256.pm
@ -10,7 +10,7 @@ package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;

 use strict;
 use Crypt::URandom;
-use Digest::SHA qw(sha256 sha256_hex sha256_base64);
+use Digest::SHA qw(sha256_hex);

 our $VERSION = '2.0.2';

@ -22,15 +22,17 @@ sub generate {
        $length = $session->{args}->{IDLength};
    }

-    $session->{data}->{_session_id} = substr(
-        Digest::SHA::sha256_hex(
-            Digest::SHA::sha256_hex(
-                time() . {} . Crypt::URandom::urandom($length) . $$
-            )
-        ),
-        0, $length
-    );
-
+    eval {
+        $session->{data}->{_session_id} =
+          substr( Digest::SHA::sha256_hex( Crypt::URandom::urandom(256) ),
+            0, $length );
+    };
+    if ($@) {
+        print STDERR "Crypt::URandom::urandom failed: $@\n";
+        $session->{data}->{_session_id} =
+          substr( Digest::SHA::sha256_hex( time() . {} . rand() . $$ ),
+            0, $length );
+    }
 }

 sub validate {