From 5afa348b48a93f24957377dc12f86ae64665b944 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 24 Nov 2015 11:48:39 +0200
Subject: Use PHP7's random_bytes() when possible

Close #4260
---
 system/core/Security.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'system/core/Security.php')

diff --git a/system/core/Security.php b/system/core/Security.php
index 36dea4cf2..e79bf8aff 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -593,6 +593,22 @@ class CI_Security {
 			return FALSE;
 		}
 
+		if (function_exists('random_bytes'))
+		{
+			try
+			{
+				// The cast is required to avoid TypeError
+				return random_bytes((int) $length);
+			}
+			catch (Exception $e)
+			{
+				// If random_bytes() can't do the job, we can't either ...
+				// There's no point in using fallbacks.
+				log_message('error', $e->getMessage());
+				return FALSE;
+			}
+		}
+
 		// Unfortunately, none of the following PRNGs is guaranteed to exist ...
 		if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE)
 		{
-- 
cgit v1.2.3-24-g4f1b