Mirrored_Repos/obs-websocket
1
0
Fork 0
mirror of https://github.com/Palakis/obs-websocket.git synced 2024-08-30 18:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Utils/Crypto: Use QRandomGenerator instead of qrand()

Browse Source 
qrand() is obsolete, and QRandomGenerator produces numbers seeded from
the platform's RNG source. Makes our authentication system way more
secure too.
This commit is contained in:
tt2468 2021-09-17 01:56:42 -07:00
parent 66ff329da4
commit a5a19b9952
3 changed files with 17 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/obs-websocket.cpp
View File

@ -1,7 +1,6 @@
#include <QtCore/QTimer> #include <QtCore/QTimer>
#include <QtWidgets/QAction> #include <QtWidgets/QAction>
#include <QtWidgets/QMainWindow> #include <QtWidgets/QMainWindow>
#include <QTime>
#include <obs-module.h> #include <obs-module.h>
#include <obs-data.h> #include <obs-data.h>
#include <obs-frontend-api.h> #include <obs-frontend-api.h>
@ -35,9 +34,6 @@ bool obs_module_load(void)
blog(LOG_INFO, "[obs_module_load] you can haz websockets (Version: %s | RPC Version: %d)", OBS_WEBSOCKET_VERSION, OBS_WEBSOCKET_RPC_VERSION); blog(LOG_INFO, "[obs_module_load] you can haz websockets (Version: %s | RPC Version: %d)", OBS_WEBSOCKET_VERSION, OBS_WEBSOCKET_RPC_VERSION);
blog(LOG_INFO, "[obs_module_load] Qt version (compile-time): %s | Qt version (run-time): %s", QT_VERSION_STR, qVersion()); blog(LOG_INFO, "[obs_module_load] Qt version (compile-time): %s | Qt version (run-time): %s", QT_VERSION_STR, qVersion());
// Randomize the random number generator
qsrand(QTime::currentTime().msec());
// Create the config object then load the parameters from storage // Create the config object then load the parameters from storage
_config = ConfigPtr(new Config()); _config = ConfigPtr(new Config());
_config->Load(); _config->Load();

33
src/utils/Crypto.cpp
View File

@ -1,17 +1,23 @@
#include <QByteArray> #include <QByteArray>
#include <QCryptographicHash> #include <QCryptographicHash>
#include <QRandomGenerator>
#include "Crypto.h" #include "Crypto.h"
#include "../plugin-macros.generated.h" #include "../plugin-macros.generated.h"
static const char allowedChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
static const int allowedCharsCount = static_cast<int>(sizeof(allowedChars) - 1);
std::string Utils::Crypto::GenerateSalt() std::string Utils::Crypto::GenerateSalt()
{ {
// Get OS seeded random number generator
QRandomGenerator *rng = QRandomGenerator::global();
// Generate 32 random chars // Generate 32 random chars
const size_t randomCount = 32; const size_t randomCount = 32;
QByteArray randomChars; QByteArray randomChars;
for (size_t i = 0; i < randomCount; i++) { for (size_t i = 0; i < randomCount; i++)
randomChars.append((char)qrand()); randomChars.append((char)rng->bounded(255));
}
// Convert the 32 random chars to a base64 string // Convert the 32 random chars to a base64 string
return randomChars.toBase64().toStdString(); return randomChars.toBase64().toStdString();
@ -55,22 +61,13 @@ bool Utils::Crypto::CheckAuthenticationString(std::string secret, std::string ch
QString Utils::Crypto::GeneratePassword(size_t length) QString Utils::Crypto::GeneratePassword(size_t length)
{ {
// Get OS random number generator
QRandomGenerator *rng = QRandomGenerator::system();
// Fill string with random alphanumeric
QString ret; QString ret;
int rand; for (size_t i = 0; i < length; i++)
ret += allowedChars[rng->bounded(0, allowedCharsCount)];
for (size_t i = 0; i < length; i++) {
while (true) {
rand = qrand() % ((0x7a + 1) - 0x30) + 0x30;
if (
(rand >= 0x30 && rand <= 0x39) ||
(rand >= 0x41 && rand <= 0x5A) ||
(rand >= 0x61 && rand <= 0x7A)
)
break;
}
ret += QString(rand);
}
return ret; return ret;
} }

2
src/utils/Obs.cpp
View File

@ -259,6 +259,8 @@ std::vector<json> Utils::Obs::ListHelper::GetSceneItemList(obs_scene_t *scene, b
item["sceneItemId"] = obs_sceneitem_get_id(sceneItem); item["sceneItemId"] = obs_sceneitem_get_id(sceneItem);
// Should be slightly faster than calling obs_sceneitem_get_order_position() // Should be slightly faster than calling obs_sceneitem_get_order_position()
item["sceneItemIndex"] = enumData->first.size(); item["sceneItemIndex"] = enumData->first.size();
//OBSSource itemSourcee = obs_sceneitem_get_source(sceneItem);
//blog(LOG_INFO, "source name: %s | item refs: %lu", obs_source_get_name(itemSourcee), obs_source_get_sceneitem_count(itemSourcee));
if (!enumData->second) { if (!enumData->second) {
OBSSource itemSource = obs_sceneitem_get_source(sceneItem); OBSSource itemSource = obs_sceneitem_get_source(sceneItem);
item["sourceName"] = obs_source_get_name(itemSource); item["sourceName"] = obs_source_get_name(itemSource);