summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-11-24 10:48:39 +0100
committerAndrey Andreev <narf@devilix.net>2015-11-24 10:48:39 +0100
commit5afa348b48a93f24957377dc12f86ae64665b944 (patch)
tree38feaacb7ee8e7a8afa53e038aa2a13c1e4bb3ae
parent422fd592428d6048e9a75868fa3e75527506dbb7 (diff)
Use PHP7's random_bytes() when possible
Close #4260
-rw-r--r--system/core/Security.php16
-rw-r--r--system/libraries/Encryption.php5
2 files changed, 21 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 36dea4cf2..e79bf8aff 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -593,6 +593,22 @@ class CI_Security {
return FALSE;
}
+ if (function_exists('random_bytes'))
+ {
+ try
+ {
+ // The cast is required to avoid TypeError
+ return random_bytes((int) $length);
+ }
+ catch (Exception $e)
+ {
+ // If random_bytes() can't do the job, we can't either ...
+ // There's no point in using fallbacks.
+ log_message('error', $e->getMessage());
+ return FALSE;
+ }
+ }
+
// Unfortunately, none of the following PRNGs is guaranteed to exist ...
if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE)
{
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index f3e039881..151ce8dec 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -337,6 +337,11 @@ class CI_Encryption {
*/
public function create_key($length)
{
+ if (function_exists('random_bytes'))
+ {
+ return random_bytes((int) $length);
+ }
+
return ($this->_driver === 'mcrypt')
? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
: openssl_random_pseudo_bytes($length);