octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-12-28 12:10:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use random_bytes() when appropriate.

Browse Source
This commit is contained in:
Cameron Eagans 2015-09-01 14:48:45 -04:00
parent 0f1d043428
commit 5a5edc7798
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
phpseclib/Crypt/Random.php
View File

@ -53,6 +53,20 @@ class Random
*/
public static function string($length)
{
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
try {
$string = random_bytes($length);
return $string;
}
catch (\EngineException $e) {
// If a sufficient source of randomness is unavailable, random_bytes() will emit a warning.
// We don't actually need to do anything here. The string() method should just continue
// as normal. Note, however, that if we don't have a sufficient source of randomness for
// random_bytes(), most of the other calls here will fail too, so we'll end up using
// the PHP implementation.
}
}
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
// method 1. prior to PHP 5.3 this would call rand() on windows hence the function_exists('class_alias') call.
// ie. class_alias is a function that was introduced in PHP 5.3