Prevent exception on servers with flaky random_bytes() implementation

카페24 PHP 7.0 웹호스팅 상품에서 random_bytes() 함수가 작동하지 않음

common/framework/security.php

@@ -166,15 +166,26 @@ class Security
 		
 		// Cap entropy to 256 bits from any one source, because anything more is meaningless.
 		$entropy_capped_bytes = min(32, $entropy_required_bytes);
+		$entropy = false;
 		
 		// Find and use the most secure way to generate a random string.
-		$entropy = false;
-		$is_windows = (defined('\PHP_OS') && strtoupper(substr(\PHP_OS, 0, 3)) === 'WIN');
-		if(function_exists('random_bytes'))  // PHP 7
+		if(function_exists('random_bytes'))
+		{
+			try
 			{
 				$entropy = random_bytes($entropy_capped_bytes);
 			}
-		elseif(function_exists('openssl_random_pseudo_bytes'))
+			catch (\Exception $e)
+			{
+				$entropy = false;
+			}
+		}
+		
+		// Use other good sources of entropy if random_bytes() is not available.
+		if ($entropy === false)
+		{
+			$is_windows = (defined('\PHP_OS') && strtoupper(substr(\PHP_OS, 0, 3)) === 'WIN');
+			if(function_exists('openssl_random_pseudo_bytes'))
 			{
 				$entropy = openssl_random_pseudo_bytes($entropy_capped_bytes);
 			}
@@ -196,6 +207,7 @@ class Security
 				$entropy = fread($fp, $entropy_capped_bytes);
 				fclose($fp);
 			}
+		}
 		
 		// Use built-in source of entropy if an error occurs while using other functions.
 		if($entropy === false || strlen($entropy) < $entropy_capped_bytes)