}
}
- if ( strlen( $buffer ) < $bytes ) {
+ if ( strlen( $buffer ) < $bytes && function_exists( 'mcrypt_create_iv' ) ) {
// If available make use of mcrypt_create_iv URANDOM source to generate randomness
// On unix-like systems this reads from /dev/urandom but does it without any buffering
// and bypasses openbasedir restrictions, so it's preferable to reading directly
// On Windows starting in PHP 5.3.0 Windows' native CryptGenRandom is used to generate
// entropy so this is also preferable to just trying to read urandom because it may work
// on Windows systems as well.
- if ( function_exists( 'mcrypt_create_iv' ) ) {
- $rem = $bytes - strlen( $buffer );
- $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
- if ( $iv === false ) {
- $this->logger->debug( "mcrypt_create_iv returned false." );
- } else {
- $buffer .= $iv;
- $this->logger->debug( "mcrypt_create_iv generated " . strlen( $iv ) .
- " bytes of randomness." );
- }
+ $rem = $bytes - strlen( $buffer );
+ $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
+ if ( $iv === false ) {
+ $this->logger->debug( "mcrypt_create_iv returned false." );
+ } else {
+ $buffer .= $iv;
+ $this->logger->debug( "mcrypt_create_iv generated " . strlen( $iv ) .
+ " bytes of randomness." );
}
}
- if ( strlen( $buffer ) < $bytes ) {
- if ( function_exists( 'openssl_random_pseudo_bytes' ) ) {
- $rem = $bytes - strlen( $buffer );
- $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
- if ( $openssl_bytes === false ) {
- $this->logger->debug( "openssl_random_pseudo_bytes returned false." );
- } else {
- $buffer .= $openssl_bytes;
- $this->logger->debug( "openssl_random_pseudo_bytes generated " .
- strlen( $openssl_bytes ) . " bytes of " .
- ( $openssl_strong ? "strong" : "weak" ) . " randomness." );
- }
- if ( strlen( $buffer ) >= $bytes ) {
- // openssl tells us if the random source was strong, if some of our data was generated
- // using it use it's say on whether the randomness is strong
- $this->strong = !!$openssl_strong;
- }
+ if ( strlen( $buffer ) < $bytes && function_exists( 'openssl_random_pseudo_bytes' ) ) {
+ $rem = $bytes - strlen( $buffer );
+ $openssl_strong = false;
+ $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong );
+ if ( $openssl_bytes === false ) {
+ $this->logger->debug( "openssl_random_pseudo_bytes returned false." );
+ } else {
+ $buffer .= $openssl_bytes;
+ $this->logger->debug( "openssl_random_pseudo_bytes generated " .
+ strlen( $openssl_bytes ) . " bytes of " .
+ ( $openssl_strong ? "strong" : "weak" ) . " randomness." );
+ }
+ if ( strlen( $buffer ) >= $bytes ) {
+ // openssl tells us if the random source was strong, if some of our data was generated
+ // using it use it's say on whether the randomness is strong
+ $this->strong = !!$openssl_strong;
}
}