summaryrefslogtreecommitdiffstats
path: root/system/libraries/Encryption.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Encryption.php')
-rw-r--r--system/libraries/Encryption.php54
1 files changed, 34 insertions, 20 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index f3e039881..6799d0fef 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -6,7 +6,7 @@
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -28,10 +28,10 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
+ * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
- * @link http://codeigniter.com
+ * @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
*/
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author Andrey Andreev
- * @link http://codeigniter.com/user_guide/libraries/encryption.html
+ * @link https://codeigniter.com/user_guide/libraries/encryption.html
*/
class CI_Encryption {
@@ -152,10 +152,8 @@ class CI_Encryption {
public function __construct(array $params = array())
{
$this->_drivers = array(
- 'mcrypt' => defined('MCRYPT_DEV_URANDOM'),
- // While OpenSSL is available for PHP 5.3.0, an IV parameter
- // for the encrypt/decrypt functions is only available since 5.3.3
- 'openssl' => (is_php('5.3.3') && extension_loaded('openssl'))
+ 'mcrypt' => defined('MCRYPT_DEV_URANDOM'),
+ 'openssl' => extension_loaded('openssl')
);
if ( ! $this->_drivers['mcrypt'] && ! $this->_drivers['openssl'])
@@ -337,9 +335,28 @@ class CI_Encryption {
*/
public function create_key($length)
{
- return ($this->_driver === 'mcrypt')
- ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
- : openssl_random_pseudo_bytes($length);
+ if (function_exists('random_bytes'))
+ {
+ try
+ {
+ return random_bytes((int) $length);
+ }
+ catch (Exception $e)
+ {
+ log_message('error', $e->getMessage());
+ return FALSE;
+ }
+ }
+ elseif (defined('MCRYPT_DEV_URANDOM'))
+ {
+ return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+ }
+
+ $is_secure = NULL;
+ $key = openssl_random_pseudo_bytes($length, $is_secure);
+ return ($is_secure === TRUE)
+ ? $key
+ : FALSE;
}
// --------------------------------------------------------------------
@@ -395,7 +412,7 @@ class CI_Encryption {
// The greater-than-1 comparison is mostly a work-around for a bug,
// where 1 is returned for ARCFour instead of 0.
$iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
- ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
+ ? $this->create_key($iv_size)
: NULL;
if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
@@ -458,14 +475,14 @@ class CI_Encryption {
}
$iv = ($iv_size = openssl_cipher_iv_length($params['handle']))
- ? openssl_random_pseudo_bytes($iv_size)
+ ? $this->create_key($iv_size)
: NULL;
$data = openssl_encrypt(
$data,
$params['handle'],
$params['key'],
- 1, // DO NOT TOUCH!
+ OPENSSL_RAW_DATA,
$iv
);
@@ -624,7 +641,7 @@ class CI_Encryption {
$data,
$params['handle'],
$params['key'],
- 1, // DO NOT TOUCH!
+ OPENSSL_RAW_DATA,
$iv
);
}
@@ -890,7 +907,7 @@ class CI_Encryption {
* Byte-safe strlen()
*
* @param string $str
- * @return integer
+ * @return int
*/
protected static function strlen($str)
{
@@ -913,9 +930,6 @@ class CI_Encryption {
{
if (self::$func_override)
{
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
return mb_substr($str, $start, $length, '8bit');
}