diff options
author | Andrey Andreev <narf@devilix.net> | 2016-03-22 12:42:03 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-03-22 12:42:03 +0100 |
commit | 4d2628e8aab6d0673ac0a010acbfaa9d76b7d568 (patch) | |
tree | b3cac7e3e06b8ac4c56d771cc83b5df53eca1231 /system/libraries/Encryption.php | |
parent | 86758e1003e6ce44b205d2eb104318a309fd92ab (diff) |
random_bytes()-related improvements
See #4260
Diffstat (limited to 'system/libraries/Encryption.php')
-rw-r--r-- | system/libraries/Encryption.php | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index 92c38a0ed..a10a5c20c 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -339,12 +339,26 @@ class CI_Encryption { { if (function_exists('random_bytes')) { - return random_bytes((int) $length); + try + { + return random_bytes((int) $length); + } + catch (Exception $e) + { + log_message('error', $e->getMessage()); + return FALSE; + } + } + elseif (defined('MCRYPT_DEV_URANDOM')) + { + return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); } - return ($this->_driver === 'mcrypt') - ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM) - : openssl_random_pseudo_bytes($length); + $is_secure = NULL; + $key = openssl_random_pseudo_bytes($length, $is_secure); + return ($is_secure === TRUE) + ? $key + : FALSE; } // -------------------------------------------------------------------- @@ -400,7 +414,7 @@ class CI_Encryption { // The greater-than-1 comparison is mostly a work-around for a bug, // where 1 is returned for ARCFour instead of 0. $iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) - ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM) + ? $this->create_key($iv_size) : NULL; if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0) @@ -463,7 +477,7 @@ class CI_Encryption { } $iv = ($iv_size = openssl_cipher_iv_length($params['handle'])) - ? openssl_random_pseudo_bytes($iv_size) + ? $this->create_key($iv_size) : NULL; $data = openssl_encrypt( |