Made SEC_randomBytes a bit safer

Geeklog-Core · Aug 18, 2019 · 6a68441 · 6a68441
1 parent 3018541
commit 6a68441
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/system/lib-security.php b/system/lib-security.php
@@ -2127,9 +2127,14 @@ function SEC_randomBytes($length)
         $retval = random_bytes($length);
     } catch (Exception $e) {
         $retval = false;
+        $isStrong = true;
 
         if (is_callable('openssl_random_pseudo_bytes ')) {
-            $retval = openssl_random_pseudo_bytes($length);
+            $retval = openssl_random_pseudo_bytes($length, $isStrong);
+
+            if ($isStrong === false) {
+                $retval = false;
+            }
         }
 
         if ($retval === false) {