From 4d2628e8aab6d0673ac0a010acbfaa9d76b7d568 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 22 Mar 2016 13:42:03 +0200
Subject: random_bytes()-related improvements

See #4260
---
 system/libraries/Encryption.php | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'system/libraries/Encryption.php')

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index 92c38a0ed..a10a5c20c 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -339,12 +339,26 @@ class CI_Encryption {
 	{
 		if (function_exists('random_bytes'))
 		{
-			return random_bytes((int) $length);
+			try
+			{
+				return random_bytes((int) $length);
+			}
+			catch (Exception $e)
+			{
+				log_message('error', $e->getMessage());
+				return FALSE;
+			}
+		}
+		elseif (defined('MCRYPT_DEV_URANDOM'))
+		{
+			return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
 		}
 
-		return ($this->_driver === 'mcrypt')
-			? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
-			: openssl_random_pseudo_bytes($length);
+		$is_secure = NULL;
+		$key = openssl_random_pseudo_bytes($length, $is_secure);
+		return ($is_secure === TRUE)
+			? $key
+			: FALSE;
 	}
 
 	// --------------------------------------------------------------------
@@ -400,7 +414,7 @@ class CI_Encryption {
 		// The greater-than-1 comparison is mostly a work-around for a bug,
 		// where 1 is returned for ARCFour instead of 0.
 		$iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
-			? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
+			? $this->create_key($iv_size)
 			: NULL;
 
 		if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
@@ -463,7 +477,7 @@ class CI_Encryption {
 		}
 
 		$iv = ($iv_size = openssl_cipher_iv_length($params['handle']))
-			? openssl_random_pseudo_bytes($iv_size)
+			? $this->create_key($iv_size)
 			: NULL;
 
 		$data = openssl_encrypt(
-- 
cgit v1.2.3-24-g4f1b