Permalink
Browse files

Add mcrypt_create_iv() to get_random_bytes()

  • Loading branch information...
1 parent 5baaf67 commit 0e58d65b340b782f2ffe5bb64e87cd6ce3524121 @haraldpdl haraldpdl committed with Mar 15, 2012
Showing with 9 additions and 2 deletions.
  1. +9 −2 catalog/includes/classes/passwordhash.php
@@ -6,7 +6,8 @@
# Version 0.3 / osCommerce:
# * Silenced @is_readable('/dev/urandom'))
# * Added stream_set_read_buffer() when reading from /dev/urandom
-# * Added openssl_random_pseudo_bytes() to get_random_bytes()
+# * Added openssl_random_pseudo_bytes() and mcrypt_create_iv() to
+# get_random_bytes()
#
# Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
# the public domain. Revised in subsequent years, still public domain.
@@ -60,7 +61,13 @@ function get_random_bytes($count)
$output = fread($fh, $count);
fclose($fh);
} elseif ( function_exists('openssl_random_pseudo_bytes') ) {
- $output = openssl_random_pseudo_bytes($count);
+ $output = openssl_random_pseudo_bytes($count, $orpb_secure);
+
+ if ( $orpb_secure != true ) {
+ $output = '';
+ }
+ } elseif (defined('MCRYPT_DEV_URANDOM')) {
+ $output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
}
if (strlen($output) < $count) {

0 comments on commit 0e58d65

Please sign in to comment.