/dev/urandom warning seems unnecessary

[dchest]

Hello,

I've noticed there's a check for existence of /dev/urandom (pointed out by this article):

• server/core/js/setupchecks.js

  Line 107 in 69b6504

  if(!data.isUrandomAvailable) {

• server/settings/Controller/CheckSetupController.php

  Line 147 in e9b00f8

  private function isUrandomAvailable() {

It outputs "/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our documentation".

However in PHP 7 on most recent platforms /dev/urandom is not used, and this check is confusing, especially in OpenBSD, as its web server is always chrooted, so there's no /dev/urandom. PHP 7 random_bytes and random_int use:

• getrandom on recent Linux
• CryptGenRandom on Windows
• arc4random on OpenBSD and NetBSD

On platforms that read randomness from /dev/urandom (like older Linux versions), the inability to open it by random_bytes will throw an exception: https://github.com/php/php-src/blob/696bd37e6757d77dc7ed44f3ea6451944ebaba96/ext/standard/random.c#L150

Since Nextcloud's SecureRandom uses random_int, it will throw if it fails to generate random bytes.

Proposal: instead of checking for existence of /dev/urandom, check if SecureRandom can successfully generate random bytes. This should be a setup error, not just a warning.

[binarious]

getrandom uses /dev/urandom by default:

By default, getrandom() draws entropy from the urandom source (i.e.,
the same source as the /dev/urandom device).

[dchest]

@binarious it uses the same source of entropy as /dev/urandom, it doesn't actually open the file.