2 files changed, 10 insertions, 49 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index 51e390c91..fe177fce3 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -135,7 +135,7 @@ class CI_Encryption {
 	public function __construct(array $params = array())
 	{
 		$this->_drivers = array(
-			'mcrypt' => extension_loaded('mcrypt'),
+			'mcrypt' => defined('MCRYPT_DEV_URANDOM'),
 			// While OpenSSL is available for PHP 5.3.0, an IV parameter
 			// for the encrypt/decrypt functions is only available since 5.3.3
 			'openssl' => (is_php('5.3.3') && extension_loaded('openssl'))
@@ -188,9 +188,9 @@ class CI_Encryption {
 
 		if (empty($this->_driver))
 		{
-			$this->_driver = ($this->_drivers['mcrypt'] === TRUE)
-				? 'mcrypt'
-				: 'openssl';
+			$this->_driver = ($this->_drivers['openssl'] === TRUE)
+				? 'openssl'
+				: 'mcrypt';
 
 			log_message('debug', "Encryption: Auto-configured driver '".$this->_driver."'.");
 		}
@@ -372,7 +372,7 @@ class CI_Encryption {
 		elseif ( ! isset($params['iv']))
 		{
 			$params['iv'] = ($iv_size = mcrypt_enc_get_iv_size($params['handle']))
-				? $this->_mcrypt_get_iv($iv_size)
+				? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
 				: NULL;
 		}
 
@@ -438,7 +438,7 @@ class CI_Encryption {
 		elseif ( ! isset($params['iv']))
 		{
 			$params['iv'] = ($iv_size = openssl_cipher_iv_length($params['handle']))
-				? $this->_openssl_get_iv($iv_size)
+				? openssl_random_pseudo_bytes($iv_size)
 				: NULL;
 		}
 
@@ -614,46 +614,6 @@ class CI_Encryption {
 	// --------------------------------------------------------------------
 
 	/**
-	 * Get IV via MCrypt
-	 *
-	 * @param	int	$size
-	 * @return	int
-	 */
-	protected function _mcrypt_get_iv($size)
-	{
-		// If /dev/urandom is available - use it, otherwise there's
-		// also /dev/random, but it is highly unlikely that it would
-		// be available while /dev/urandom is not and it is known to be
-		// blocking anyway.
-		if (defined(MCRYPT_DEV_URANDOM))
-		{
-			$source = MCRYPT_DEV_URANDOM;
-		}
-		else
-		{
-			$source = MCRYPT_RAND;
-			is_php('5.3') OR srand(microtime(TRUE));
-		}
-
-		return mcrypt_create_iv($size, $source);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Get IV via OpenSSL
-	 *
-	 * @param	int	$size	IV size
-	 * @return	int
-	 */
-	protected function _openssl_get_iv($size)
-	{
-		return openssl_random_pseudo_bytes($size);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
 	 * Get params
 	 *
 	 * @param	array	$params	Input parameters
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index 94385978e..a88d34e39 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -340,9 +340,10 @@ Following numerous vulnerability reports, the :doc:`Encrypt Library <../librarie
 been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take
 its place.
 
-The new library requires either the `MCrypt extension <http://php.net/mcrypt>`_ or PHP 5.3.3 and
-the `OpenSSL extension <http://php.net/openssl>`_. While this might be rather inconvenient, it is
-a requirement that allows us to have properly implemented cryptographic functions.
+The new library requires either the `MCrypt extension <http://php.net/mcrypt>`_ (and /dev/urandom
+availability) or PHP 5.3.3 and the `OpenSSL extension <http://php.net/openssl>`_.
+While this might be rather inconvenient, it is a requirement that allows us to have properly
+implemented cryptographic functions.
 
 .. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose
 	of keeping backwards compatibility.