From a5a19b99525a4ea277472984cfeb8d729c4ff386 Mon Sep 17 00:00:00 2001 From: tt2468 Date: Fri, 17 Sep 2021 01:56:42 -0700 Subject: [PATCH] Utils/Crypto: Use QRandomGenerator instead of qrand() qrand() is obsolete, and QRandomGenerator produces numbers seeded from the platform's RNG source. Makes our authentication system way more secure too. --- src/obs-websocket.cpp | 4 ---- src/utils/Crypto.cpp | 33 +++++++++++++++------------------ src/utils/Obs.cpp | 2 ++ 3 files changed, 17 insertions(+), 22 deletions(-) diff --git a/src/obs-websocket.cpp b/src/obs-websocket.cpp index 36dec19d..14220b28 100644 --- a/src/obs-websocket.cpp +++ b/src/obs-websocket.cpp @@ -1,7 +1,6 @@ #include #include #include -#include #include #include #include @@ -35,9 +34,6 @@ bool obs_module_load(void) blog(LOG_INFO, "[obs_module_load] you can haz websockets (Version: %s | RPC Version: %d)", OBS_WEBSOCKET_VERSION, OBS_WEBSOCKET_RPC_VERSION); blog(LOG_INFO, "[obs_module_load] Qt version (compile-time): %s | Qt version (run-time): %s", QT_VERSION_STR, qVersion()); - // Randomize the random number generator - qsrand(QTime::currentTime().msec()); - // Create the config object then load the parameters from storage _config = ConfigPtr(new Config()); _config->Load(); diff --git a/src/utils/Crypto.cpp b/src/utils/Crypto.cpp index 284d98a0..944b9603 100644 --- a/src/utils/Crypto.cpp +++ b/src/utils/Crypto.cpp @@ -1,17 +1,23 @@ #include #include +#include #include "Crypto.h" #include "../plugin-macros.generated.h" +static const char allowedChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; +static const int allowedCharsCount = static_cast(sizeof(allowedChars) - 1); + std::string Utils::Crypto::GenerateSalt() { + // Get OS seeded random number generator + QRandomGenerator *rng = QRandomGenerator::global(); + // Generate 32 random chars const size_t randomCount = 32; QByteArray randomChars; - for (size_t i = 0; i < randomCount; i++) { - randomChars.append((char)qrand()); - } + for (size_t i = 0; i < randomCount; i++) + randomChars.append((char)rng->bounded(255)); // Convert the 32 random chars to a base64 string return randomChars.toBase64().toStdString(); @@ -55,22 +61,13 @@ bool Utils::Crypto::CheckAuthenticationString(std::string secret, std::string ch QString Utils::Crypto::GeneratePassword(size_t length) { + // Get OS random number generator + QRandomGenerator *rng = QRandomGenerator::system(); + + // Fill string with random alphanumeric QString ret; - int rand; - - for (size_t i = 0; i < length; i++) { - while (true) { - rand = qrand() % ((0x7a + 1) - 0x30) + 0x30; - if ( - (rand >= 0x30 && rand <= 0x39) || - (rand >= 0x41 && rand <= 0x5A) || - (rand >= 0x61 && rand <= 0x7A) - ) - break; - } - - ret += QString(rand); - } + for (size_t i = 0; i < length; i++) + ret += allowedChars[rng->bounded(0, allowedCharsCount)]; return ret; } diff --git a/src/utils/Obs.cpp b/src/utils/Obs.cpp index bac71403..e86484ca 100644 --- a/src/utils/Obs.cpp +++ b/src/utils/Obs.cpp @@ -259,6 +259,8 @@ std::vector Utils::Obs::ListHelper::GetSceneItemList(obs_scene_t *scene, b item["sceneItemId"] = obs_sceneitem_get_id(sceneItem); // Should be slightly faster than calling obs_sceneitem_get_order_position() item["sceneItemIndex"] = enumData->first.size(); + //OBSSource itemSourcee = obs_sceneitem_get_source(sceneItem); + //blog(LOG_INFO, "source name: %s | item refs: %lu", obs_source_get_name(itemSourcee), obs_source_get_sceneitem_count(itemSourcee)); if (!enumData->second) { OBSSource itemSource = obs_sceneitem_get_source(sceneItem); item["sourceName"] = obs_source_get_name(itemSource);