diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-11-24 10:48:39 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-11-24 10:48:39 +0100 |
| commit | 5afa348b48a93f24957377dc12f86ae64665b944 (patch) | |
| tree | 38feaacb7ee8e7a8afa53e038aa2a13c1e4bb3ae | |
| parent | 422fd592428d6048e9a75868fa3e75527506dbb7 (diff) | |
Use PHP7's random_bytes() when possible
Close #4260
| -rw-r--r-- | system/core/Security.php | 16 | ||||
| -rw-r--r-- | system/libraries/Encryption.php | 5 |
2 files changed, 21 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 36dea4cf2..e79bf8aff 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -593,6 +593,22 @@ class CI_Security { return FALSE; } + if (function_exists('random_bytes')) + { + try + { + // The cast is required to avoid TypeError + return random_bytes((int) $length); + } + catch (Exception $e) + { + // If random_bytes() can't do the job, we can't either ... + // There's no point in using fallbacks. + log_message('error', $e->getMessage()); + return FALSE; + } + } + // Unfortunately, none of the following PRNGs is guaranteed to exist ... if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) { diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index f3e039881..151ce8dec 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -337,6 +337,11 @@ class CI_Encryption { */ public function create_key($length) { + if (function_exists('random_bytes')) + { + return random_bytes((int) $length); + } + return ($this->_driver === 'mcrypt') ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM) : openssl_random_pseudo_bytes($length); |