Mirrors/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2024-07-24 13:24:51 +02:00
Code Issues Actions 34 Packages Projects Releases Wiki Activity

Use native CSPRNG if available

Browse Source 
Unfortunately only PHP 7…
This commit is contained in:
Lukas Reschke 2015-11-06 16:24:26 +01:00
parent 37c5edc202
commit 045ea4eb2b
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/private/security/securerandom.php
View File

@ -28,7 +28,7 @@ use OCP\Security\ISecureRandom;
/** /**
* Class SecureRandom provides a layer around RandomLib to generate * Class SecureRandom provides a layer around RandomLib to generate
* secure random strings. * secure random strings. For PHP 7 the native CSPRNG is used.
* *
* Usage: * Usage:
* \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10); * \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
@ -77,16 +77,29 @@ class SecureRandom implements ISecureRandom {
/** /**
* Generate a random string of specified length. * Generate a random string of specified length.
* @param int $length The length of the generated string * @param int $length The length of the generated string
* @param string $characters An optional list of characters to use if no characterlist is * @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used. * specified all valid base64 characters are used.
* @return string * @return string
* @throws \Exception If the generator is not initialized. * @throws \Exception If the generator is not initialized.
*/ */
public function generate($length, $characters = '') { public function generate($length,
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/') {
if(is_null($this->generator)) { if(is_null($this->generator)) {
throw new \Exception('Generator is not initialized.'); throw new \Exception('Generator is not initialized.');
} }
if(function_exists('random_int')) {
$maxCharIndex = strlen($characters) - 1;
$randomString = '';
while($length > 0) {
$randomNumber = random_int(0, $maxCharIndex);
$randomString .= $characters[$randomNumber];
$length--;
}
return $randomString;
}
return $this->generator->generateString($length, $characters); return $this->generator->generateString($length, $characters);
} }
} }

8
lib/public/security/isecurerandom.php
View File

@ -24,7 +24,7 @@ namespace OCP\Security;
/** /**
* Class SecureRandom provides a layer around RandomLib to generate * Class SecureRandom provides a layer around RandomLib to generate
* secure random numbers. * secure random strings. For PHP 7 the native CSPRNG is used.
* *
* Usage: * Usage:
* $rng = new \OC\Security\SecureRandom(); * $rng = new \OC\Security\SecureRandom();
@ -70,11 +70,13 @@ interface ISecureRandom {
/** /**
* Generate a random string of specified length. * Generate a random string of specified length.
* @param int $length The length of the generated string * @param int $length The length of the generated string
* @param string $characters An optional list of characters to use if no characterlist is * @param string $characters An optional list of characters to use if no character list is
* specified all valid base64 characters are used. * specified all valid base64 characters are used.
* @return string * @return string
* @throws \Exception If the generator is not initialized. * @throws \Exception If the generator is not initialized.
* @since 8.0.0 * @since 8.0.0
*/ */
public function generate($length, $characters = ''); public function generate($length,
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/');
} }