Use native CSPRNG if available

Unfortunately only PHP 7…

Use native CSPRNG if available
045ea4eb · Lukas Reschke · 37c5edc2 · 045ea4eb · 045ea4eb
Commit 045ea4eb authored 9 years ago by Lukas Reschke
--- a/lib/private/security/securerandom.php
+++ b/lib/private/security/securerandom.php
@@ -28,7 +28,7 @@ use OCP\Security\ISecureRandom;

 /**
 * Class SecureRandom provides a layer around RandomLib to generate
- * secure random strings.
+ * secure random strings. For PHP 7 the native CSPRNG is used.
 *
 * Usage:
 * \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
@@ -77,16 +77,29 @@ class SecureRandom implements ISecureRandom {
 	/**
 	 * Generate a random string of specified length.
 	 * @param int $length The length of the generated string
-	 * @param string $characters An optional list of characters to use if no characterlist is
+	 * @param string $characters An optional list of characters to use if no character list is
 	 * 							specified all valid base64 characters are used.
 	 * @return string
 	 * @throws \Exception If the generator is not initialized.
 	 */
-	public function generate($length, $characters = '') {
+	public function generate($length,
+							 $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/') {
 		if(is_null($this->generator)) {
 			throw new \Exception('Generator is not initialized.');
 		}

+		if(function_exists('random_int')) {
+			$maxCharIndex = strlen($characters) - 1;
+			$randomString = '';
+
+			while($length > 0) {
+				$randomNumber = random_int(0, $maxCharIndex);
+				$randomString .= $characters[$randomNumber];
+				$length--;
+			}
+			return $randomString;
+		}
+
 		return $this->generator->generateString($length, $characters);
 	}
 }
--- a/lib/public/security/isecurerandom.php
+++ b/lib/public/security/isecurerandom.php
@@ -24,7 +24,7 @@ namespace OCP\Security;

 /**
 * Class SecureRandom provides a layer around RandomLib to generate
- * secure random numbers.
+ * secure random strings. For PHP 7 the native CSPRNG is used.
 *
 * Usage:
 * $rng = new \OC\Security\SecureRandom();
@@ -70,11 +70,13 @@ interface ISecureRandom {
 	/**
 	 * Generate a random string of specified length.
 	 * @param int $length The length of the generated string
-	 * @param string $characters An optional list of characters to use if no characterlist is
+	 * @param string $characters An optional list of characters to use if no character list is
 	 * 							specified all valid base64 characters are used.
 	 * @return string
 	 * @throws \Exception If the generator is not initialized.
 	 * @since 8.0.0
 	 */
-	public function generate($length, $characters = '');
+	public function generate($length,
+							 $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/');
+
 }