Fixes #15332: Always check for availability of openssl_pseudo_random_bytes, even if LibreSSL is available

2025-08-26 06:15:19 +08:00 · 2017-12-12 09:25:12 +01:00
parent d44d5540b1
commit 05f197825b
2 changed files with 10 additions and 3 deletions
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@ -478,12 +478,12 @@ class Security extends Component

        // Since 5.4.0, openssl_random_pseudo_bytes() reads from CryptGenRandom on Windows instead
        // of using OpenSSL library. LibreSSL is OK everywhere but don't use OpenSSL on non-Windows.
-        if ($this->_useLibreSSL
+        if (function_exists('openssl_random_pseudo_bytes')
+            && ($this->_useLibreSSL
            || (
                DIRECTORY_SEPARATOR !== '/'
                && substr_compare(PHP_OS, 'win', 0, 3, true) === 0
-                && function_exists('openssl_random_pseudo_bytes')
-            )
+            ))
        ) {
            $key = openssl_random_pseudo_bytes($length, $cryptoStrong);
            if ($cryptoStrong === false) {