ensure randomness stuff is working (openemr#2271)

library/classes/Totp.class.php

@@ -44,6 +44,10 @@ public function __construct($secret = false, $username = '')
  // Would be nice to use the produceRandomBytes() function and then encode to base32, but does not appear
  // to be a standard way to encode binary to base32 in php.
  $this->_secret = produceRandomString(32, "234567ABCDEFGHIJKLMNOPQRSTUVWXYZ");
+ if (empty($this->_secret)) {
+ error_log('OpenEMR Error : Random String error - exiting');
+ die();
+ }
  }
  }
 

library/crypto.php

@@ -109,6 +109,10 @@ function coreEncrypt($sValue, $customPassword = null, $keySource = 'drive', $key
  } else {
  // customPassword mode, so turn the password into keys
  $sSalt = produceRandomBytes(32);
+ if (empty($sSalt)) {
+ error_log('OpenEMR Error : Random Bytes error - exiting');
+ die();
+ }
  $sPreKey = hash_pbkdf2('sha384', $customPassword, $sSalt, 100000, 32, true);
  $sSecretKey = hash_hkdf('sha384', $sPreKey, 32, 'aes-256-encryption', $sSalt);
  $sSecretKeyHmac = hash_hkdf('sha384', $sPreKey, 32, 'sha-384-authentication', $sSalt);
@@ -119,6 +123,10 @@ function coreEncrypt($sValue, $customPassword = null, $keySource = 'drive', $key
  }
 
  $iv = produceRandomBytes(openssl_cipher_iv_length('aes-256-cbc'));
+ if (empty($iv)) {
+ error_log('OpenEMR Error : Random Bytes error - exiting');
+ die();
+ }
 
  $processedValue = openssl_encrypt(
  $sValue,
@@ -358,13 +366,21 @@ function collectCryptoKey($version = "one", $sub = "", $keySource = 'drive')
  // Create a new key and place in database
  // Produce a 256bit key (32 bytes equals 256 bits)
  $newKey = produceRandomBytes(32);
+ if (empty($newKey)) {
+ error_log('OpenEMR Error : Random Bytes error - exiting');
+ die();
+ }
  sqlInsert("INSERT INTO `keys` (`name`, `value`) VALUES (?, ?)", [$label, base64_encode($newKey)]);
  }
  } else { //$keySource == 'drive'
  if (!file_exists($GLOBALS['OE_SITE_DIR'] . "/documents/logs_and_misc/methods/" . $label)) {
  // Create a key and place in drive
  // Produce a 256bit key (32 bytes equals 256 bits)
  $newKey = produceRandomBytes(32);
+ if (empty($newKey)) {
+ error_log('OpenEMR Error : Random Bytes error - exiting');
+ die();
+ }
  if (($version == "one") || ($version == "two") || ($version == "three") || ($version == "four")) {
  // older key versions that did not encrypt the key on the drive
  file_put_contents($GLOBALS['OE_SITE_DIR'] . "/documents/logs_and_misc/methods/" . $label, base64_encode($newKey));
@@ -402,8 +418,10 @@ function produceRandomBytes($length)
  $randomBytes = random_bytes($length);
  } catch (Error $e) {
  error_log('OpenEMR Error : Encryption is not working because of random_bytes() Error: ' . $e->getMessage());
+ return '';
  } catch (Exception $e) {
  error_log('OpenEMR Error : Encryption is not working because of random_bytes() Exception: ' . $e->getMessage());
+ return '';
  }
 
  return $randomBytes;
@@ -419,10 +437,10 @@ function produceRandomString($length = 26, $alphabet = 'abcdefghijklmnopqrstuvwx
  $str .= $alphabet[random_int(0, $alphamax)];
  } catch (Error $e) {
  error_log('OpenEMR Error : Encryption is not working because of random_int() Error: ' . $e->getMessage());
- return false;
+ return '';
  } catch (Exception $e) {
  error_log('OpenEMR Error : Encryption is not working because of random_int() Exception: ' . $e->getMessage());
- return false;
+ return '';
  }
  }
  return $str;

setup.php

@@ -749,6 +749,10 @@ function cloneClicked() {
  // Would be nice to use the produceRandomBytes() function and then encode to base32, but does not appear
  // to be a standard way to encode binary to base32 in php.
  $randomsecret = produceRandomString(32, "234567ABCDEFGHIJKLMNOPQRSTUVWXYZ");
+ if (empty($randomsecret)) {
+ error_log('OpenEMR Error : Random String error - exiting');
+ die();
+ }
  $disableCheckbox = "";
  if (empty($randomsecret)) {
  $randomsecret = "";