Fallback to /dev/random if openssl_random_pseudo_bytes not available

d6c4b83f · Lukas Reschke · 99cd922b · d6c4b83f
Commit d6c4b83f authored 12 years ago by Lukas Reschke
--- a/lib/util.php
+++ b/lib/util.php
@@ -556,12 +556,13 @@ class OC_Util {
 	}

 	/*
-	* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
-	* Inspired by gorgo on php.net
-	* @param Int with the length of the random
-	* @return String with the random bytes
+	* @brief Generates a cryptographical secure pseudorandom string
+	* @param Int with the length of the random string
+	* @return String
 	*/
 	public static function generate_random_bytes($length = 30) {
+
+		// Try to use openssl_random_pseudo_bytes
 		if(function_exists('openssl_random_pseudo_bytes')) { 
 			$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
 			if($strong == TRUE) {
@@ -569,9 +570,16 @@ class OC_Util {
 			}
 		}

-		// fallback to mt_rand() 
+		// Try to use /dev/random
+		$fp = @file_get_contents('/dev/random', false, null, 0, $length);
+		if ($fp !== FALSE) {
+			$string = substr(bin2hex($fp), 0, $length);  
+			return $string;
+		}
+
+		// Fallback to mt_rand() 
 		$characters = '0123456789';
-		$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 
+		$characters .= 'abcdefghijklmnopqrstuvwxyz'; 
 		$charactersLength = strlen($characters)-1;
 		$pseudo_byte = "";