From c6ee2c461cf7f9a57548fcf9fe6477e213eba414 Mon Sep 17 00:00:00 2001
From: Art4 <art4@wlabs.de>
Date: Thu, 6 Feb 2025 08:29:14 +0000
Subject: [PATCH 1/3] Revert "Refactor Crypto::randomDigits()"

This reverts commit 940884e4bd0c1f68757e464f46b4e76c1f4da5b1.
---
 src/Util/Crypto.php            | 9 ++++++++-
 tests/Unit/Util/CryptoTest.php | 5 +++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php
index 4c0e9b72dc..588be8f932 100644
--- a/src/Util/Crypto.php
+++ b/src/Util/Crypto.php
@@ -305,6 +305,13 @@ class Crypto
 	 */
 	public static function randomDigits($digits)
 	{
-		return random_int(0, 10 ** $digits - 1);
+		$rn = '';
+
+		// generating cryptographically secure pseudo-random integers
+		for ($i = 0; $i < $digits; $i++) {
+			$rn .= random_int(0, 9);
+		}
+
+		return (int) $rn;
 	}
 }
diff --git a/tests/Unit/Util/CryptoTest.php b/tests/Unit/Util/CryptoTest.php
index 41fb1e2826..55d24562a9 100644
--- a/tests/Unit/Util/CryptoTest.php
+++ b/tests/Unit/Util/CryptoTest.php
@@ -21,10 +21,11 @@ class CryptoTest extends TestCase
 	{
 		$random_int = $this->getFunctionMock('Friendica\Util', 'random_int');
 		$random_int->expects($this->any())->willReturnCallback(function ($min, $max) {
-			return 12345678;
+			return 1;
 		});
 
-		self::assertSame(12345678, Crypto::randomDigits(8));
+		self::assertSame(1, Crypto::randomDigits(1));
+		self::assertSame(11111111, Crypto::randomDigits(8));
 	}
 
 	public function testDiasporaPubRsaToMe()

From c7b1961d02deb873439c694ea1cba8f7406c666c Mon Sep 17 00:00:00 2001
From: Art4 <art4@wlabs.de>
Date: Thu, 6 Feb 2025 08:30:05 +0000
Subject: [PATCH 2/3] Fix return type of randomDigits

---
 src/Util/Crypto.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Util/Crypto.php b/src/Util/Crypto.php
index 588be8f932..084ae567ea 100644
--- a/src/Util/Crypto.php
+++ b/src/Util/Crypto.php
@@ -299,11 +299,11 @@ class Crypto
 	 * Creates cryptographic secure random digits
 	 *
 	 * @param string $digits The count of digits
-	 * @return int The random Digits
+	 * @return string The random Digits
 	 *
 	 * @throws \Exception In case 'random_int' isn't usable
 	 */
-	public static function randomDigits($digits)
+	public static function randomDigits($digits): string
 	{
 		$rn = '';
 
@@ -312,6 +312,6 @@ class Crypto
 			$rn .= random_int(0, 9);
 		}
 
-		return (int) $rn;
+		return $rn;
 	}
 }

From 006ff7be8f13e0ee2893de854e4b3965d108e090 Mon Sep 17 00:00:00 2001
From: Art4 <art4@wlabs.de>
Date: Thu, 6 Feb 2025 08:33:18 +0000
Subject: [PATCH 3/3] Fix tests

---
 tests/Unit/Util/CryptoTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Unit/Util/CryptoTest.php b/tests/Unit/Util/CryptoTest.php
index 55d24562a9..d04e0323c3 100644
--- a/tests/Unit/Util/CryptoTest.php
+++ b/tests/Unit/Util/CryptoTest.php
@@ -24,8 +24,8 @@ class CryptoTest extends TestCase
 			return 1;
 		});
 
-		self::assertSame(1, Crypto::randomDigits(1));
-		self::assertSame(11111111, Crypto::randomDigits(8));
+		self::assertSame('1', Crypto::randomDigits(1));
+		self::assertSame('11111111', Crypto::randomDigits(8));
 	}
 
 	public function testDiasporaPubRsaToMe()