Fallback to /dev/random if openssl_random_pseudo_bytes not available

This commit is contained in:
Lukas Reschke 2012-10-14 16:14:45 +02:00
parent 99cd922b82
commit d6c4b83f13
1 changed files with 14 additions and 6 deletions

View File

@ -556,12 +556,13 @@ class OC_Util {
}
/*
* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
* Inspired by gorgo on php.net
* @param Int with the length of the random
* @return String with the random bytes
* @brief Generates a cryptographical secure pseudorandom string
* @param Int with the length of the random string
* @return String
*/
public static function generate_random_bytes($length = 30) {
// Try to use openssl_random_pseudo_bytes
if(function_exists('openssl_random_pseudo_bytes')) {
$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
if($strong == TRUE) {
@ -569,9 +570,16 @@ class OC_Util {
}
}
// fallback to mt_rand()
// Try to use /dev/random
$fp = @file_get_contents('/dev/random', false, null, 0, $length);
if ($fp !== FALSE) {
$string = substr(bin2hex($fp), 0, $length);
return $string;
}
// Fallback to mt_rand()
$characters = '0123456789';
$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$characters .= 'abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters)-1;
$pseudo_byte = "";