1.2.1638. openssl_random_pseudo_byte() Second Argument¶
openssl_random_pseudo_byte() uses exceptions to signal an error. Since PHP 7.4, there is no need to use the second argument.
On the other hand, it is important to catch the exception that openssl_random_pseudo_byte() may emit.
<?php
// PHP 7.4 way to check on random number generation
try {
$bytes = openssl_random_pseudo_bytes($i);
} catch(\Exception $e) {
die("Error while loading random number");
}
// Old way to check on random number generation
$bytes = openssl_random_pseudo_bytes($i, $cstrong);
if ($cstrong === false) {
die("Error while loading random number");
}
?>
See also openssl_random_pseudo_byte and PHP RFC: Improve openssl_random_pseudo_bytes().
1.2.1638.1. Suggestions¶
Skip the second argument, add a try/catch around the call to openssl_random_pseudo_bytes()
1.2.1638.2. Specs¶
Short name |
Structures/OpensslRandomPseudoByteSecondArg |
Rulesets |
|
Exakat since |
1.9.3 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
Very high |
Features |
openssl |
Available in |