Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 4d2628e8aab6d0673ac0a010acbfaa9d76b7d568^! / . / system / libraries / Encryption.php
commit4d2628e8aab6d0673ac0a010acbfaa9d76b7d568[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Tue Mar 22 13:42:03 2016 +0200
committerAndrey Andreev <narf@devilix.net>Tue Mar 22 13:42:03 2016 +0200
treeb3cac7e3e06b8ac4c56d771cc83b5df53eca1231
parent86758e1003e6ce44b205d2eb104318a309fd92ab [diff] [blame]
random_bytes()-related improvements

See #4260

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index 92c38a0..a10a5c2 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php

@@ -339,12 +339,26 @@
 	{
 		if (function_exists('random_bytes'))
 		{
-			return random_bytes((int) $length);
+			try
+			{
+				return random_bytes((int) $length);
+			}
+			catch (Exception $e)
+			{
+				log_message('error', $e->getMessage());
+				return FALSE;
+			}
+		}
+		elseif (defined('MCRYPT_DEV_URANDOM'))
+		{
+			return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
 		}
 
-		return ($this->_driver === 'mcrypt')
-			? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
-			: openssl_random_pseudo_bytes($length);
+		$is_secure = NULL;
+		$key = openssl_random_pseudo_bytes($length, $is_secure);
+		return ($is_secure === TRUE)
+			? $key
+			: FALSE;
 	}
 
 	// --------------------------------------------------------------------
@@ -400,7 +414,7 @@
 		// The greater-than-1 comparison is mostly a work-around for a bug,
 		// where 1 is returned for ARCFour instead of 0.
 		$iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1)
-			? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM)
+			? $this->create_key($iv_size)
 			: NULL;
 
 		if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0)
@@ -463,7 +477,7 @@
 		}
 
 		$iv = ($iv_size = openssl_cipher_iv_length($params['handle']))
-			? openssl_random_pseudo_bytes($iv_size)
+			? $this->create_key($iv_size)
 			: NULL;
 
 		$data = openssl_encrypt(