[Pkg-owncloud-commits] [owncloud] 56/73: Fallback to /dev/random if openssl_random_pseudo_bytes not available

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.

commit e99cf5cf4948d568c43a0386244cefd7e27b6052
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Sun Oct 14 16:14:45 2012 +0200

    Fallback to /dev/random if openssl_random_pseudo_bytes not available
---
 lib/util.php |   20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/lib/util.php b/lib/util.php
index 251aaf1..127570e 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -460,12 +460,13 @@ class OC_Util {
  	}
 	
 	/*
-	* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
-	* Inspired by gorgo on php.net
-	* @param Int with the length of the random
-	* @return String with the random bytes
+	* @brief Generates a cryptographical secure pseudorandom string
+	* @param Int with the length of the random string
+	* @return String
 	*/
 	public static function generate_random_bytes($length = 30) {
+
+		// Try to use openssl_random_pseudo_bytes
 		if(function_exists('openssl_random_pseudo_bytes')) { 
 			$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
 			if($strong == TRUE) {
@@ -473,9 +474,16 @@ class OC_Util {
 			}
 		}
 
-		// fallback to mt_rand() 
+		// Try to use /dev/random
+		$fp = @file_get_contents('/dev/random', false, null, 0, $length);
+		if ($fp !== FALSE) {
+			$string = substr(bin2hex($fp), 0, $length);  
+			return $string;
+		}
+
+		// Fallback to mt_rand() 
 		$characters = '0123456789';
-		$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 
+		$characters .= 'abcdefghijklmnopqrstuvwxyz'; 
 		$charactersLength = strlen($characters)-1;
 		$pseudo_byte = "";
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git