From 5afa348b48a93f24957377dc12f86ae64665b944 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Nov 2015 11:48:39 +0200 Subject: Use PHP7's random_bytes() when possible Close #4260 --- system/core/Security.php | 16 ++++++++++++++++ system/libraries/Encryption.php | 5 +++++ 2 files changed, 21 insertions(+) (limited to 'system') diff --git a/system/core/Security.php b/system/core/Security.php index 36dea4cf2..e79bf8aff 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -593,6 +593,22 @@ class CI_Security { return FALSE; } + if (function_exists('random_bytes')) + { + try + { + // The cast is required to avoid TypeError + return random_bytes((int) $length); + } + catch (Exception $e) + { + // If random_bytes() can't do the job, we can't either ... + // There's no point in using fallbacks. + log_message('error', $e->getMessage()); + return FALSE; + } + } + // Unfortunately, none of the following PRNGs is guaranteed to exist ... if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) { diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index f3e039881..151ce8dec 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -337,6 +337,11 @@ class CI_Encryption { */ public function create_key($length) { + if (function_exists('random_bytes')) + { + return random_bytes((int) $length); + } + return ($this->_driver === 'mcrypt') ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM) : openssl_random_pseudo_bytes($length); -- cgit v1.2.3-24-g4f1b