From d6c4b83f13976b19f471ce3a02c5b872c2f79bdc Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 14 Oct 2012 16:14:45 +0200
Subject: [PATCH] Fallback to /dev/random if openssl_random_pseudo_bytes not
 available

---
 lib/util.php | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/lib/util.php b/lib/util.php
index afbea9a00c..748886083d 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -556,12 +556,13 @@ class OC_Util {
 	}
 
 	/*
-	* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
-	* Inspired by gorgo on php.net
-	* @param Int with the length of the random
-	* @return String with the random bytes
+	* @brief Generates a cryptographical secure pseudorandom string
+	* @param Int with the length of the random string
+	* @return String
 	*/
 	public static function generate_random_bytes($length = 30) {
+
+		// Try to use openssl_random_pseudo_bytes
 		if(function_exists('openssl_random_pseudo_bytes')) { 
 			$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
 			if($strong == TRUE) {
@@ -569,9 +570,16 @@ class OC_Util {
 			}
 		}
 
-		// fallback to mt_rand() 
+		// Try to use /dev/random
+		$fp = @file_get_contents('/dev/random', false, null, 0, $length);
+		if ($fp !== FALSE) {
+			$string = substr(bin2hex($fp), 0, $length);  
+			return $string;
+		}
+
+		// Fallback to mt_rand() 
 		$characters = '0123456789';
-		$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 
+		$characters .= 'abcdefghijklmnopqrstuvwxyz'; 
 		$charactersLength = strlen($characters)-1;
 		$pseudo_byte = "";
 
-- 
GitLab