From 5a5edc7798b749c503a873953ef7cbf98796433f Mon Sep 17 00:00:00 2001
From: Cameron Eagans <me@cweagans.net>
Date: Tue, 1 Sep 2015 14:48:45 -0400
Subject: [PATCH] Use random_bytes() when appropriate.

---
 phpseclib/Crypt/Random.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php
index 9fb1d15b..0c053d76 100644
--- a/phpseclib/Crypt/Random.php
+++ b/phpseclib/Crypt/Random.php
@@ -53,6 +53,20 @@ class Random
      */
     public static function string($length)
     {
+        if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
+            try {
+                $string = random_bytes($length);
+                return $string;
+            }
+            catch (\EngineException $e) {
+                // If a sufficient source of randomness is unavailable, random_bytes() will emit a warning.
+                // We don't actually need to do anything here. The string() method should just continue
+                // as normal. Note, however, that if we don't have a sufficient source of randomness for
+                // random_bytes(), most of the other calls here will fail too, so we'll end up using
+                // the PHP implementation.
+            }
+        }
+
         if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
             // method 1. prior to PHP 5.3 this would call rand() on windows hence the function_exists('class_alias') call.
             // ie. class_alias is a function that was introduced in PHP 5.3