How to securely generate an IV for AES CBC Encryption?

Question

I work on some crypto stuff.

• I use AES 256 with CBC mode
• I use OPENSSL

I am aware of the following things (source = wikipedia):

Answer 1

Use openssl_random_pseudo_bytes (most preferably with the second parameter set to an existing variable, which you should then test that it was set to TRUE). This will generate IVs with appropriate randomness characteristics.

$wasItSecure = false;
$iv = openssl_random_pseudo_bytes(16, $wasItSecure);
if ($wasItSecure) {
    // We're good to go!
} else {
    // Insecure result. Fail closed, do not proceed.
}

Alternatively, PHP 7 offers random_bytes() which is much simpler.