diff options
Diffstat (limited to 'system/libraries/Encryption.php')
| -rw-r--r-- | system/libraries/Encryption.php | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index 92c38a0ed..6799d0fef 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 @@ -152,10 +152,8 @@ class CI_Encryption { public function __construct(array $params = array()) { $this->_drivers = array( - 'mcrypt' => defined('MCRYPT_DEV_URANDOM'), - // While OpenSSL is available for PHP 5.3.0, an IV parameter - // for the encrypt/decrypt functions is only available since 5.3.3 - 'openssl' => (is_php('5.3.3') && extension_loaded('openssl')) + 'mcrypt' => defined('MCRYPT_DEV_URANDOM'), + 'openssl' => extension_loaded('openssl') ); if ( ! $this->_drivers['mcrypt'] && ! $this->_drivers['openssl']) @@ -339,12 +337,26 @@ class CI_Encryption { { if (function_exists('random_bytes')) { - return random_bytes((int) $length); + try + { + return random_bytes((int) $length); + } + catch (Exception $e) + { + log_message('error', $e->getMessage()); + return FALSE; + } + } + elseif (defined('MCRYPT_DEV_URANDOM')) + { + return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); } - return ($this->_driver === 'mcrypt') - ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM) - : openssl_random_pseudo_bytes($length); + $is_secure = NULL; + $key = openssl_random_pseudo_bytes($length, $is_secure); + return ($is_secure === TRUE) + ? $key + : FALSE; } // -------------------------------------------------------------------- @@ -400,7 +412,7 @@ class CI_Encryption { // The greater-than-1 comparison is mostly a work-around for a bug, // where 1 is returned for ARCFour instead of 0. $iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) - ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM) + ? $this->create_key($iv_size) : NULL; if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0) @@ -463,14 +475,14 @@ class CI_Encryption { } $iv = ($iv_size = openssl_cipher_iv_length($params['handle'])) - ? openssl_random_pseudo_bytes($iv_size) + ? $this->create_key($iv_size) : NULL; $data = openssl_encrypt( $data, $params['handle'], $params['key'], - 1, // DO NOT TOUCH! + OPENSSL_RAW_DATA, $iv ); @@ -629,7 +641,7 @@ class CI_Encryption { $data, $params['handle'], $params['key'], - 1, // DO NOT TOUCH! + OPENSSL_RAW_DATA, $iv ); } @@ -895,7 +907,7 @@ class CI_Encryption { * Byte-safe strlen() * * @param string $str - * @return integer + * @return int */ protected static function strlen($str) { @@ -918,9 +930,6 @@ class CI_Encryption { { if (self::$func_override) { - // mb_substr($str, $start, null, '8bit') returns an empty - // string on PHP 5.3 - isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start); return mb_substr($str, $start, $length, '8bit'); } |