Skip to content

Commit

Permalink
Random: rejects openssl_random_pseudo_bytes result when is not crypto…
Browse files Browse the repository at this point in the history 
…graphically strong
  • Loading branch information
@dg
dg committed Sep 3, 2015
1 parent 6c3218e commit 359e681
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/Utils/Random.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,10 @@ public static function generate($length = 10, $charlist = '0-9a-z')
$bytes = (string) random_bytes($length);
}
if (strlen($bytes) < $length && function_exists('openssl_random_pseudo_bytes')) {
$bytes = (string) openssl_random_pseudo_bytes($length);
$bytes = (string) openssl_random_pseudo_bytes($length, $secure);
if (!$secure) {
$bytes = '';
}
}
if (strlen($bytes) < $length && function_exists('mcrypt_create_iv')) {
$bytes = (string) mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
Expand Down

0 comments on commit 359e681

Please sign in to comment.