From 4d2628e8aab6d0673ac0a010acbfaa9d76b7d568 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 22 Mar 2016 13:42:03 +0200
Subject: random_bytes()-related improvements

See #4260
---
 system/core/compat/password.php | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

(limited to 'system/core')

diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index f0c22c780..76dd2cf0a 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -116,13 +116,21 @@ if ( ! function_exists('password_hash'))
 		}
 		elseif ( ! isset($options['salt']))
 		{
-			if (defined('MCRYPT_DEV_URANDOM'))
+			if (function_exists('random_bytes'))
 			{
-				$options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
+				try
+				{
+					$options['salt'] = random_bytes(16);
+				}
+				catch (Exception $e)
+				{
+					log_message('error', 'compat/password: Error while trying to use random_bytes(): '.$e->getMessage());
+					return FALSE;
+				}
 			}
-			elseif (function_exists('openssl_random_pseudo_bytes'))
+			elseif (defined('MCRYPT_DEV_URANDOM'))
 			{
-				$options['salt'] = openssl_random_pseudo_bytes(16);
+				$options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 			}
 			elseif (DIRECTORY_SEPARATOR === '/' && (is_readable($dev = '/dev/arandom') OR is_readable($dev = '/dev/urandom')))
 			{
@@ -148,6 +156,16 @@ if ( ! function_exists('password_hash'))
 
 				fclose($fp);
 			}
+			elseif (function_exists('openssl_random_pseudo_bytes'))
+			{
+				$is_secure = NULL;
+				$options['salt'] = openssl_random_pseudo_bytes(16, $is_secure);
+				if ($is_secure !== TRUE)
+				{
+					log_message('error', 'compat/password: openssl_random_pseudo_bytes() set the $cryto_strong flag to FALSE');
+					return FALSE;
+				}
+			}
 			else
 			{
 				log_message('error', 'compat/password: No CSPRNG available.');
-- 
cgit v1.2.3-24-g4f1b