Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)

pull/278/head
Aleksander Machniak 10 years ago
parent 71aa41e162
commit 3994b3a26c

@ -10,6 +10,7 @@ CHANGELOG Roundcube Webmail
- Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization)
- Implemented UI element to jump to specified page of the messages list (#1485235)
- Fix so unrecognized TNEF attachments are displayed on the list of attachments (#1490351)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
RELEASE 1.1.2
-------------

@ -163,7 +163,7 @@ class rcmail_install
$value = $this->config[$name];
if ($name == 'des_key' && !$this->configured && !isset($_REQUEST["_$name"]))
$value = self::random_key(24);
$value = rcube_utils::random_bytes(24);
return $value !== null && $value !== '' ? $value : $default;
}
@ -193,7 +193,7 @@ class rcmail_install
// generate new encryption key, never use the default value
if ($prop == 'des_key' && $value == $this->defaults[$prop])
$value = $this->random_key(24);
$value = rcube_utils::random_bytes(24);
// convert some form data
if ($prop == 'debug_level' && !$is_default) {
@ -785,25 +785,4 @@ class rcmail_install
{
$this->last_error = $p;
}
/**
* Generarte a ramdom string to be used as encryption key
*
* @param int Key length
* @return string The generated random string
* @static
*/
function random_key($length)
{
$alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_=';
$out = '';
for ($i=0; $i < $length; $i++)
$out .= $alpha{rand(0, strlen($alpha)-1)};
return $out;
}
}

@ -999,8 +999,7 @@ class rcube
if (empty($_SESSION['secure_token']) && $generate) {
// generate x characters long token
$length = $len > 1 ? $len : 16;
$token = openssl_random_pseudo_bytes($length / 2);
$token = bin2hex($token);
$token = rcube_utils::random_bytes($length);
$plugin = $this->plugins->exec_hook('secure_token',
array('value' => $token, 'length' => $length));

@ -1138,4 +1138,34 @@ class rcube_utils
return $url;
}
/**
* Generate a ramdom string
*
* @param int String length
*
* @return string The generated random string
*/
public static function random_bytes($length)
{
if (function_exists('openssl_random_pseudo_bytes')) {
$random = openssl_random_pseudo_bytes(ceil($length / 2));
$random = bin2hex($random);
// if the length wasn't even...
if ($length < strlen($random)) {
$random = substr($random, 0, $length);
}
}
else {
$alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_=';
$random = '';
for ($i = 0; $i < $length; $i++) {
$random .= $alpha[rand(0, strlen($alpha)-1)];
}
}
return $random;
}
}

@ -419,4 +419,15 @@ class Framework_Utils extends PHPUnit_Framework_TestCase
$this->assertSame($output, $result);
}
}
/**
* rcube:utils::random_bytes()
*/
function test_random_bytes()
{
$this->assertSame(15, strlen(rcube_utils::random_bytes(15)));
$this->assertSame(1, strlen(rcube_utils::random_bytes(1)));
$this->assertSame(0, strlen(rcube_utils::random_bytes(0)));
$this->assertSame(0, strlen(rcube_utils::random_bytes(-1)));
}
}

Loading…
Cancel
Save