summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php16
-rw-r--r--system/libraries/Encryption.php5
2 files changed, 21 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 36dea4cf2..e79bf8aff 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -593,6 +593,22 @@ class CI_Security {
return FALSE;
}
+ if (function_exists('random_bytes'))
+ {
+ try
+ {
+ // The cast is required to avoid TypeError
+ return random_bytes((int) $length);
+ }
+ catch (Exception $e)
+ {
+ // If random_bytes() can't do the job, we can't either ...
+ // There's no point in using fallbacks.
+ log_message('error', $e->getMessage());
+ return FALSE;
+ }
+ }
+
// Unfortunately, none of the following PRNGs is guaranteed to exist ...
if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE)
{
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index f3e039881..151ce8dec 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -337,6 +337,11 @@ class CI_Encryption {
*/
public function create_key($length)
{
+ if (function_exists('random_bytes'))
+ {
+ return random_bytes((int) $length);
+ }
+
return ($this->_driver === 'mcrypt')
? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
: openssl_random_pseudo_bytes($length);