diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-11-10 10:10:23 +0100 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-11-10 10:10:23 +0100 |
commit | 422d29ae48fe0646b1b5b633b205ea146d9ed69f (patch) | |
tree | 116c5b59f799231b7b07f5f6b6ba72e139de8bd7 | |
parent | 960c8cb5bce4449834cf6373601e7555743cb89f (diff) | |
parent | 045ea4eb2b3bfb9eb6b7c27324aec66b4233d34c (diff) | |
download | nextcloud-server-422d29ae48fe0646b1b5b633b205ea146d9ed69f.tar.gz nextcloud-server-422d29ae48fe0646b1b5b633b205ea146d9ed69f.zip |
Merge pull request #20373 from owncloud/use-random-int-if-it-exists
Use native CSPRNG if available
-rw-r--r-- | lib/private/security/securerandom.php | 19 | ||||
-rw-r--r-- | lib/public/security/isecurerandom.php | 8 |
2 files changed, 21 insertions, 6 deletions
diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php index 409285fd098..87dca68985e 100644 --- a/lib/private/security/securerandom.php +++ b/lib/private/security/securerandom.php @@ -28,7 +28,7 @@ use OCP\Security\ISecureRandom; /** * Class SecureRandom provides a layer around RandomLib to generate - * secure random strings. + * secure random strings. For PHP 7 the native CSPRNG is used. * * Usage: * \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10); @@ -77,16 +77,29 @@ class SecureRandom implements ISecureRandom { /** * Generate a random string of specified length. * @param int $length The length of the generated string - * @param string $characters An optional list of characters to use if no characterlist is + * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string * @throws \Exception If the generator is not initialized. */ - public function generate($length, $characters = '') { + public function generate($length, + $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/') { if(is_null($this->generator)) { throw new \Exception('Generator is not initialized.'); } + if(function_exists('random_int')) { + $maxCharIndex = strlen($characters) - 1; + $randomString = ''; + + while($length > 0) { + $randomNumber = random_int(0, $maxCharIndex); + $randomString .= $characters[$randomNumber]; + $length--; + } + return $randomString; + } + return $this->generator->generateString($length, $characters); } } diff --git a/lib/public/security/isecurerandom.php b/lib/public/security/isecurerandom.php index cbe2d4e0d56..1b72e4f4377 100644 --- a/lib/public/security/isecurerandom.php +++ b/lib/public/security/isecurerandom.php @@ -24,7 +24,7 @@ namespace OCP\Security; /** * Class SecureRandom provides a layer around RandomLib to generate - * secure random numbers. + * secure random strings. For PHP 7 the native CSPRNG is used. * * Usage: * $rng = new \OC\Security\SecureRandom(); @@ -70,11 +70,13 @@ interface ISecureRandom { /** * Generate a random string of specified length. * @param int $length The length of the generated string - * @param string $characters An optional list of characters to use if no characterlist is + * @param string $characters An optional list of characters to use if no character list is * specified all valid base64 characters are used. * @return string * @throws \Exception If the generator is not initialized. * @since 8.0.0 */ - public function generate($length, $characters = ''); + public function generate($length, + $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'); + } |