diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-14 16:14:45 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-14 16:14:45 +0200 |
| commit | d6c4b83f13976b19f471ce3a02c5b872c2f79bdc (patch) | |
| tree | 2309c2031f31642c9b5226842b4e6dc66ab25ae8 | |
| parent | 99cd922b82ca7684967ec3533fcdd5af32c0edc7 (diff) | |
| download | nextcloud-server-d6c4b83f13976b19f471ce3a02c5b872c2f79bdc.tar.gz nextcloud-server-d6c4b83f13976b19f471ce3a02c5b872c2f79bdc.zip | |
Fallback to /dev/random if openssl_random_pseudo_bytes not available
| -rwxr-xr-x | lib/util.php | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/lib/util.php b/lib/util.php index afbea9a00cb..748886083dd 100755 --- a/lib/util.php +++ b/lib/util.php @@ -556,12 +556,13 @@ class OC_Util { } /* - * @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl - * Inspired by gorgo on php.net - * @param Int with the length of the random - * @return String with the random bytes + * @brief Generates a cryptographical secure pseudorandom string + * @param Int with the length of the random string + * @return String */ public static function generate_random_bytes($length = 30) { + + // Try to use openssl_random_pseudo_bytes if(function_exists('openssl_random_pseudo_bytes')) { $pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong)); if($strong == TRUE) { @@ -569,9 +570,16 @@ class OC_Util { } } - // fallback to mt_rand() + // Try to use /dev/random + $fp = @file_get_contents('/dev/random', false, null, 0, $length); + if ($fp !== FALSE) { + $string = substr(bin2hex($fp), 0, $length); + return $string; + } + + // Fallback to mt_rand() $characters = '0123456789'; - $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; + $characters .= 'abcdefghijklmnopqrstuvwxyz'; $charactersLength = strlen($characters)-1; $pseudo_byte = ""; |