Merge branch 'security/zf2016-01'

weierophinney · weierophinney · commit 94c13a2c63db · 2016-04-13T10:25:31.000-05:00
Patch for ZF2016-01
diff --git a/library/Zend/Crypt/Math.php b/library/Zend/Crypt/Math.php
@@ -77,11 +77,8 @@ public static function randBytes($length, $strong = false)
         if ($length <= 0) {
             return false;
         }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $bytes = openssl_random_pseudo_bytes($length, $usable);
-            if ($strong === $usable) {
-                return $bytes;
-            }
+        if (function_exists('random_bytes')) { // available in PHP 7
+            return random_bytes($length);
         }
         if (function_exists('mcrypt_create_iv')) {
             $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
@@ -134,6 +131,9 @@ public static function randInteger($min, $max, $strong = false)
                 'The supplied range is too great to generate'
             );
         }
+        if (function_exists('random_int')) { // available in PHP 7
+            return random_int($min, $max);
+        }
         // calculate number of bits required to store range on this machine
         $r = $range;
         $bits = 0;
diff --git a/library/Zend/Filter/Encrypt/Mcrypt.php b/library/Zend/Filter/Encrypt/Mcrypt.php
@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Filter/Encrypt/Interface.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Encryption adapter for mcrypt
  *
@@ -355,9 +358,8 @@ protected function _srand()
         if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
             return;
         }
-
         if (!self::$_srandCalled) {
-            srand((double) microtime() * 1000000);
+            srand(Zend_Crypt_Math::randInteger(0, PHP_INT_MAX));
             self::$_srandCalled = true;
         }
     }
diff --git a/library/Zend/Form/Element/Hash.php b/library/Zend/Form/Element/Hash.php
@@ -22,6 +22,9 @@
 /** Zend_Form_Element_Xhtml */
 require_once 'Zend/Form/Element/Xhtml.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * CSRF form protection
  *
@@ -249,10 +252,7 @@ public function render(Zend_View_Interface $view = null)
     protected function _generateHash()
     {
         $this->_hash = md5(
-            mt_rand(1,1000000)
-            .  $this->getSalt()
-            .  $this->getName()
-            .  mt_rand(1,1000000)
+            Zend_Crypt_Math::randBytes(32)
         );
         $this->setValue($this->_hash);
     }
diff --git a/library/Zend/Gdata/HttpClient.php b/library/Zend/Gdata/HttpClient.php
@@ -25,6 +25,9 @@
  */
 require_once 'Zend/Http/Client.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Gdata Http Client object.
  *
@@ -210,7 +213,7 @@ public function filterHttpRequest($method, $url, $headers = array(), $body = nul
             if ($this->getAuthSubPrivateKeyId() != null) {
                 // secure AuthSub
                 $time = time();
-                $nonce = mt_rand(0, 999999999);
+                $nonce = Zend_Crypt_Math::randInteger(0, 999999999);
                 $dataToSign = $method . ' ' . $url . ' ' . $time . ' ' . $nonce;
 
                 // compute signature
diff --git a/library/Zend/Ldap/Attribute.php b/library/Zend/Ldap/Attribute.php
@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Ldap/Converter.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Zend_Ldap_Attribute is a collection of LDAP attribute related functions.
  *
@@ -311,7 +314,7 @@ public static function createPassword($password, $hashType = self::PASSWORD_HASH
                 }
                 return $password;
             case self::PASSWORD_HASH_SSHA:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = sha1($password . $salt, true) . $salt;
                 $method  = '{SSHA}';
                 break;
@@ -320,7 +323,7 @@ public static function createPassword($password, $hashType = self::PASSWORD_HASH
                 $method  = '{SHA}';
                 break;
             case self::PASSWORD_HASH_SMD5:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = md5($password . $salt, true) . $salt;
                 $method  = '{SMD5}';
                 break;
diff --git a/library/Zend/OpenId.php b/library/Zend/OpenId.php
@@ -25,6 +25,9 @@
  */
 require_once "Zend/Controller/Response/Abstract.php";
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Static class that contains common utility functions for
  * {@link Zend_OpenId_Consumer} and {@link Zend_OpenId_Provider}.
@@ -474,11 +477,7 @@ static public function redirect($url, $params = null,
      */
     static public function randomBytes($len)
     {
-        $key = '';
-        for($i=0; $i < $len; $i++) {
-            $key .= chr(mt_rand(0, 255));
-        }
-        return $key;
+        return (string) Zend_Crypt_Math::randBytes($len);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@`
`24`	`24`	`*/`
`25`	`25`	`require_once 'Zend/Filter/Encrypt/Interface.php';`
`26`	`26`
	`27`	`+/** @see Zend_Crypt_Math */`
	`28`	`+require_once 'Zend/Crypt/Math.php';`
	`29`	`+`
`27`	`30`	`/**`
`28`	`31`	`* Encryption adapter for mcrypt`
`29`	`32`	`*`
`@@ -355,9 +358,8 @@ protected function _srand()`
`355`	`358`	`if (version_compare(PHP_VERSION, '5.3.0', '>=')) {`
`356`	`359`	`return;`
`357`	`360`	`}`
`358`		`-`
`359`	`361`	`if (!self::$_srandCalled) {`
`360`		`- srand((double) microtime() * 1000000);`
	`362`	`+ srand(Zend_Crypt_Math::randInteger(0, PHP_INT_MAX));`
`361`	`363`	`self::$_srandCalled = true;`
`362`	`364`	`}`
`363`	`365`	`}`