Merge branch 'security/zf2016-01'

Patch for ZF2016-01

library/Zend/Crypt/Math.php

@@ -77,11 +77,8 @@ class Zend_Crypt_Math extends Zend_Crypt_Math_BigInteger
         if ($length <= 0) {
             return false;
         }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $bytes = openssl_random_pseudo_bytes($length, $usable);
-            if ($strong === $usable) {
-                return $bytes;
-            }
+        if (function_exists('random_bytes')) { // available in PHP 7
+            return random_bytes($length);
         }
         if (function_exists('mcrypt_create_iv')) {
             $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
@@ -134,6 +131,9 @@ class Zend_Crypt_Math extends Zend_Crypt_Math_BigInteger
                 'The supplied range is too great to generate'
             );
         }
+        if (function_exists('random_int')) { // available in PHP 7
+            return random_int($min, $max);
+        }
         // calculate number of bits required to store range on this machine
         $r = $range;
         $bits = 0;

library/Zend/Filter/Encrypt/Mcrypt.php

@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Filter/Encrypt/Interface.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Encryption adapter for mcrypt
  *
@@ -355,9 +358,8 @@ class Zend_Filter_Encrypt_Mcrypt implements Zend_Filter_Encrypt_Interface
         if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
             return;
         }
-
         if (!self::$_srandCalled) {
-            srand((double) microtime() * 1000000);
+            srand(Zend_Crypt_Math::randInteger(0, PHP_INT_MAX));
             self::$_srandCalled = true;
         }
     }

library/Zend/Form/Element/Hash.php

@@ -22,6 +22,9 @@
 /** Zend_Form_Element_Xhtml */
 require_once 'Zend/Form/Element/Xhtml.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * CSRF form protection
  *
@@ -249,10 +252,7 @@ class Zend_Form_Element_Hash extends Zend_Form_Element_Xhtml
     protected function _generateHash()
     {
         $this->_hash = md5(
-            mt_rand(1,1000000)
-            .  $this->getSalt()
-            .  $this->getName()
-            .  mt_rand(1,1000000)
+            Zend_Crypt_Math::randBytes(32)
         );
         $this->setValue($this->_hash);
     }

library/Zend/Gdata/HttpClient.php

@@ -25,6 +25,9 @@
  */
 require_once 'Zend/Http/Client.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Gdata Http Client object.
  *
@@ -210,7 +213,7 @@ class Zend_Gdata_HttpClient extends Zend_Http_Client
             if ($this->getAuthSubPrivateKeyId() != null) {
                 // secure AuthSub
                 $time = time();
-                $nonce = mt_rand(0, 999999999);
+                $nonce = Zend_Crypt_Math::randInteger(0, 999999999);
                 $dataToSign = $method . ' ' . $url . ' ' . $time . ' ' . $nonce;
 
                 // compute signature

library/Zend/Ldap/Attribute.php

@@ -24,6 +24,9 @@
  */
 require_once 'Zend/Ldap/Converter.php';
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Zend_Ldap_Attribute is a collection of LDAP attribute related functions.
  *
@@ -311,7 +314,7 @@ class Zend_Ldap_Attribute
                 }
                 return $password;
             case self::PASSWORD_HASH_SSHA:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = sha1($password . $salt, true) . $salt;
                 $method  = '{SSHA}';
                 break;
@@ -320,7 +323,7 @@ class Zend_Ldap_Attribute
                 $method  = '{SHA}';
                 break;
             case self::PASSWORD_HASH_SMD5:
-                $salt    = substr(sha1(uniqid(mt_rand(), true), true), 0, 4);
+                $salt    = Zend_Crypt_Math::randBytes(4);
                 $rawHash = md5($password . $salt, true) . $salt;
                 $method  = '{SMD5}';
                 break;

library/Zend/OpenId.php

@@ -25,6 +25,9 @@
  */
 require_once "Zend/Controller/Response/Abstract.php";
 
+/** @see Zend_Crypt_Math */
+require_once 'Zend/Crypt/Math.php';
+
 /**
  * Static class that contains common utility functions for
  * {@link Zend_OpenId_Consumer} and {@link Zend_OpenId_Provider}.
@@ -474,11 +477,7 @@ class Zend_OpenId
      */
     static public function randomBytes($len)
     {
-        $key = '';
-        for($i=0; $i < $len; $i++) {
-            $key .= chr(mt_rand(0, 255));
-        }
-        return $key;
+        return (string) Zend_Crypt_Math::randBytes($len);
     }
 
     /**