Skip to content

Zend\Math\Rand -- improved random number generator #1371

Closed
wants to merge 123 commits into from
@denixport

This PR improves current random number generator (RNG)
and moves it into own Zend\Math\Rand namespace

RNG improves unpredictability by mixing random data
from various sources with hash-based mixing function
makes it suitable for various Zend\Crypt subcomponents

More detailed explanation in RFC
http://framework.zend.com/wiki/display/ZFDEV2/RFC+-+Random+number+generator

@EvanDotPro
Zend Framework member

I tried wrapping my head around RFC 4086 but it seemed to be vague on using hashing algorithms like sha512 (default in this PR) as a mixing strategy so I wasn't able to verify that the mixing implementation in this PR is correct. Perhaps we could get @ezimuel or someone with a better understanding of RFC 4086 to review this?

@denixport

Yes, would be nice if @ezimuel could look into this.
Also forgot to mention that this RNG is basically resembles TrueCrypt RNG

@EvanDotPro
Zend Framework member

@denixport, @ezimuel, Also, perhaps we can remove Zend\Math\Math::randBytes() with the introduction of Zend\Math\Rand.

@denixport

Yes, If/when this is accepted, I plan to remove Math::randBytes() and update all components that require cryptographically strong random numbers, namely Crypt, OpenId, OAuth (probably Ldap).
For now, I think it woud be too many changes for single PR.

@ezimuel
Zend Framework member
ezimuel commented May 29, 2012

Because I need more time to review this PR I suggest to merge the PR #1416 in the mean time (to fix the potential security issue).

@Maks3w Maks3w commented on the diff May 31, 2012
...Zend/Math/Rand/Exception/InvalidArgumentException.php
@@ -0,0 +1,19 @@
+<?php
+
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

There is a extra line here

@Maks3w
Zend Framework member
Maks3w added a note Jun 1, 2012

Because this exception has been superseded by DomainException now is unnecessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
@@ -0,0 +1,343 @@
+<?php
+
+namespace Zend\Math\Rand;
+
+use Zend\Math\Rand\Exception;
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

You don't need import this because you are in a parent namespace

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+
+ // read to buffer
+ $rand ^= $this->readFromPool($length);
+
+ return $rand;
+ }
+
+ /**
+ * Generate random boolean
+ *
+ * @return bool
+ */
+ public function getBoolean()
+ {
+ $byte = $this->getBytes(1);
+ return (ord($byte) + 1) % 2 ? true : false;
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

you don't need the ternary operator here. Just write return (boolean) (ord($byte) + 1) % 2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ }
+
+ /**
+ * Generate random float (0..1)
+ *
+ * @return float
+ */
+ public function getFloat()
+ {
+ /**
+ * PHP uses double precision floating-point format (64-bit)
+ * 52-bits of significand precision, which is 6.5 bytes
+ * we need to gather 7 bytes, and throw the last 4-bits away
+ */
+ $bytes = $this->getBytes(7);
+ $bytes[6] = $bytes[6] & chr(0x0f);
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

Please add a comment with the meaning of 0x0f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on the diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ public function getFloat()
+ {
+ /**
+ * PHP uses double precision floating-point format (64-bit)
+ * 52-bits of significand precision, which is 6.5 bytes
+ * we need to gather 7 bytes, and throw the last 4-bits away
+ */
+ $bytes = $this->getBytes(7);
+ $bytes[6] = $bytes[6] & chr(0x0f);
+ $bytes .= chr(0);
+
+ // unpack two unsigned long (32-bit) = 64-bits = 7 bytes + the NULL byte
+ list(, $a, $b) = unpack('V2', $bytes);
+
+ // The second unsigned long has 20-bits of significant information
+ return (float) ($a / pow(2.0, 52) + $b / pow(2.0, 20));
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

You should use the final values with a comment explaining the origin instaed of use pow()

@denixport
denixport added a note May 31, 2012

pow() result here is machine dependent, will produce different precision results on 32bit and 64bit machines
will add more comments though

@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

amazing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ * @param int $length
+ * @return string
+ * @throws Exception\InvalidArgumentException
+ */
+ public function getBytes($length)
+ {
+ if ($length < 1 || $length > self::POOL_SIZE) {
+ throw new Exception\InvalidArgumentException(
+ 'Length should be between 1 and ' . self::POOL_SIZE
+ );
+ }
+
+ // collect entropy, and write to pool
+ $size = (int) ceil($length / count($this->sources));
+
+ /* @var $source Closure */
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

In phpDoc the type goes between @varand var name

@Thinkscape
Zend Framework member
Thinkscape added a note May 31, 2012

Not true. It can go either way and is recognised in IDE's in both forms. Docs won't help us here though

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w
Zend Framework member
Maks3w commented May 31, 2012

I recommend you use DomainException instaed of InvalidArgumentException because you are testing if the value is inside of a range of values (domain)

@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ $byte = $this->getBytes(1);
+ return (ord($byte) + 1) % 2 ? true : false;
+ }
+
+ /**
+ * Generate a random integer within given range.
+ * Uses 0..PHP_INT_MAX if no range is given
+ *
+ * @param int $min
+ * @param int $max
+ * @return int
+ * @throws Exception\InvalidArgumentException
+ */
+ public function getInteger($min = 0, $max = PHP_INT_MAX)
+ {
+ $tmp = (int) max($max, $min);
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

Is weird see a max method when one of the arguments is called max too

@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

Maybe you want call one argument $a and the other $b if the order doesn't matter.

@denixport
denixport added a note May 31, 2012

Kinda agree, but min/max is used in PHP rand()/mt_rand() docs. I think we should be as close to PHP docs as possible

@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

I see. I tested using rand(8, 4) and with rand(4, 8) the first only show values between 6-8 and the second show values between 4-8

What I want to say? I want to say that the order matters so, IMHO, you have three options:

  • throw an exception when the values are incorrect
  • Guess the best order for the parameters and then change the docblock indicating the order doest not matter and the arguments are not called max/min
  • Continue without any check and throw unexpected values.

I repeat, is my opinion and maybe I wrong. Anyway I prefer the first choice (throw an exception)

@denixport
denixport added a note May 31, 2012

I agree here, it's better to let user know via exception rather than returning unexpected result

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ return (ord($byte) + 1) % 2 ? true : false;
+ }
+
+ /**
+ * Generate a random integer within given range.
+ * Uses 0..PHP_INT_MAX if no range is given
+ *
+ * @param int $min
+ * @param int $max
+ * @return int
+ * @throws Exception\InvalidArgumentException
+ */
+ public function getInteger($min = 0, $max = PHP_INT_MAX)
+ {
+ $tmp = (int) max($max, $min);
+ $min = (int) min($max, $min);
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

The same here

@denixport
denixport added a note May 31, 2012

Hmm, probably RangeException would be a better fit in both cases

@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

RangeException and DomainException are basically the same except that RangeException is for Runtime (http://www.php.net/manual/en/spl.exceptions.php)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w
Zend Framework member
Maks3w commented May 31, 2012

@denixport Could you provide us a link to a Travis job for this?

@Maks3w Maks3w commented on the diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ /**
+ * PHP uses double precision floating-point format (64-bit)
+ * 52-bits of significand precision, which is 6.5 bytes
+ * we need to gather 7 bytes, and throw the last 4-bits away
+ */
+ $bytes = $this->getBytes(7);
+ $bytes[6] = $bytes[6] & chr(0x0f);
+ $bytes .= chr(0);
+
+ // unpack two unsigned long (32-bit) = 64-bits = 7 bytes + the NULL byte
+ list(, $a, $b) = unpack('V2', $bytes);
+
+ // The second unsigned long has 20-bits of significant information
+ return (float) ($a / pow(2.0, 52) + $b / pow(2.0, 20));
+ }
+
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

There is a extra line here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ * @param int $length
+ * @param null|string $charlist
+ * @return string
+ */
+ public function getString($length, $charlist = null)
+ {
+ if ($length == 0) {
+ return '';
+ }
+ $listLen = strlen($charlist);
+ if ($listLen == 1) {
+ return str_repeat($charlist, $length);
+ } else if (empty($charlist)) {
+ $numBytes = ceil($length * 0.75);
+ $bytes = $this->getBytes($numBytes);
+ return substr(rtrim(base64_encode($bytes), '='), 0, $length);
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

I think that you can use here $length - 1 instand of use rtrim

@denixport
denixport added a note May 31, 2012

= here is base 64 padding, so it not always present, depending on byte length

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ $numBytes = ceil($length * 0.75);
+ $bytes = $this->getBytes($numBytes);
+ return substr(rtrim(base64_encode($bytes), '='), 0, $length);
+ }
+
+ $numBytes = ceil($length * ((log($listLen, 2) + 1) / 8));
+ $bytes = $this->getBytes($numBytes);
+
+ // convert to destination base
+ $srcBase = 256;
+ $dstBase = $listLen;
+
+ $src = array_map('ord', str_split($bytes));
+ $count = count($src);
+ $dst = array();
+ while ($count) {
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

This while only will run zero or 1 rounds because you set $count with a zero after the first round.

@denixport
denixport added a note May 31, 2012

$count Is incremented later in code depending on the result of division

@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

You are right

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w and 1 other commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ * Init randomness sources
+ */
+ protected function initSources()
+ {
+ $this->sources = array();
+
+ // openssl extension
+ if (extension_loaded('openssl')) {
+ $this->sources[] = function ($length) {
+ return openssl_random_pseudo_bytes($length);
+ };
+ }
+ // mcrypt extension
+ if (extension_loaded('mcrypt')) {
+ $this->sources[] = function ($length) {
+ return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012
@denixport
denixport added a note May 31, 2012

Yes, will apply recent @ezimuel patch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/Generator.php
+ shuffle($this->sources);
+ }
+
+ /**
+ * Write bytes to pool
+ *
+ * @param string $bytes
+ */
+ protected function writeToPool($bytes)
+ {
+ $length = strlen($bytes);
+ for ($i = 0; $i < $length; $i++) {
+ $this->pool[$this->poolCursorPos] =
+ chr((ord($this->pool[$this->poolCursorPos]) + ord($bytes[$i])) % 256);
+ $this->movePoolCursor();
+ ++$this->poolWriteCount;
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

Only for normalize I think that is better do a post-increment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/StaticGenerator.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Zend\Math\Rand;
+
+use Zend\Math\Rand\Generator;
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

As explained above, this use is unnecessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/StaticGenerator.php
+ * Get the static Random Number Generator
+ *
+ * @return Generator
+ */
+ protected static function getInstance()
+ {
+ if (!isset(self::$generator)) {
+ self::$generator = new Generator();
+ }
+ return self::$generator;
+ }
+
+ /**
+ * Generate random string of bytes of specified length
+ *
+ * @static
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

You don't need use @static please remove all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w Maks3w commented on an outdated diff May 31, 2012
library/Zend/Math/Rand/StaticGenerator.php
+ protected static function getInstance()
+ {
+ if (!isset(self::$generator)) {
+ self::$generator = new Generator();
+ }
+ return self::$generator;
+ }
+
+ /**
+ * Generate random string of bytes of specified length
+ *
+ * @static
+ * @param $length
+ * @return string
+ */
+ public static function getBytes($length)
@Maks3w
Zend Framework member
Maks3w added a note May 31, 2012

Just for consistency add the type for the parameter (int)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@Maks3w
Zend Framework member
Maks3w commented May 31, 2012

Despite the number of the notes, You have done a great job.

@denixport

Thanks for the review @Maks3w, will update PR today

@Maks3w Maks3w commented on an outdated diff Jun 1, 2012
library/Zend/Math/Rand/Generator.php
+ */
+ protected function initSources()
+ {
+ $this->sources = array();
+
+ // openssl extension
+ if (extension_loaded('openssl')) {
+ $this->sources[] = function ($length) {
+ return openssl_random_pseudo_bytes($length);
+ };
+ }
+ // mcrypt extension
+ if (extension_loaded('mcrypt')) {
+ // PHP bug #55169
+ // @link https://bugs.php.net/bug.php?id=55169
+ if (strtoupper(substr(\PHP_OS, 0, 3)) !== 'WIN' || version_compare(\PHP_VERSION, '5.3.7') >= 0) {
@Maks3w
Zend Framework member
Maks3w added a note Jun 1, 2012

We are not using the global prefix for constants,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Maks3w and others added some commits May 23, 2012
@Maks3w Maks3w Add hyperlinks 36ea460
@Maks3w Maks3w Add link to contributors page 56d0508
@sasezaki sasezaki Log - renaming about LoggerInterface 054ffd2
@sasezaki sasezaki remove redundant instance check in ServiceManager f235106
@sasezaki sasezaki remove unused $_logger member in Zend\Queue\Queue 026e10b
@jpospychala jpospychala update bootstrap event registering in samples ae705ff
@sasezaki sasezaki [ZF-8898] Handling xmlrpc i8 Tags - realted svn r23363 f4eefab
@SocalNick SocalNick This allows compiled definitions to be specified in configuration as …
…filenames and added to Di as ArrayDefinitions
f57c8d1
@SocalNick SocalNick This allows RuntimeDefinitions to be disabled by removing them from Di 4897c0e
@SocalNick SocalNick Allow setting RuntimeDefinition to use annotations through configuration feefd71
@SocalNick SocalNick Tests for runtime enable/disable 1ca689d
@SocalNick SocalNick Testing for RuntimeDefinition use_annotations from configuration 3c9691c
@SocalNick SocalNick Adding tests for compiled definitions through configuration 8bd7fea
@prolic prolic fixed phpdoc in Zend\Auth dd97c35
@prolic prolic fixed phpdoc and some Exceptions in Zend\Mvc b90cfc4
@prolic prolic replaced "get_class()" with "get_called_class()" because it's faster 1906e82
@prolic prolic Zend\View\Helper replaced "get_class()" with "get_called_class()" bec…
…ause it's faster
f2828d6
@prolic prolic Zend\Uri replaced "get_class()" with "get_called_class()" because it'…
…s faster
5f17994
@prolic prolic Zend\Service\WindowsAzure replaced "get_class()" with "get_called_cla…
…ss()" because it's faster
1e73d61
@prolic prolic Zend\Serializer replaced "get_class()" with "get_called_class()" beca…
…use it's faster
a18e042
@prolic prolic Zend\Queue replaced "get_class()" with "get_called_class()" because i…
…t's faster
9bb8e3b
@prolic prolic Zend\Pdf replaced "get_class()" with "get_called_class()" because it'…
…s faster
0720f1c
@prolic prolic Zend\Navigation replaced "get_class()" with "get_called_class()" beca…
…use it's faster
2458942
@prolic prolic Zend\GData replaced "get_class()" with "get_called_class()" because i…
…t's faster
d5317cb
@prolic prolic Zend\Form replaced "get_class()" with "get_called_class()" because it…
…'s faster, fixed some phpdoc
8423a78
@prolic prolic Zend\Filter replaced "get_class()" with "get_called_class()" because …
…it's faster, fixed some phpdoc
52ab0ce
@prolic prolic Zend\Feed replaced "get_class()" with "get_called_class()" because it…
…'s faster, fixed some phpdoc
6155572
@prolic prolic Zend\Code replaced "get_class()" with "get_called_class()" because it…
…'s faster, fixed some phpdoc
37267c6
@prolic prolic Zend\BarCode replaced "get_class()" with "get_called_class()" because…
… it's faster, fixed some phpdoc
f2f583d
@prolic prolic replaced "get_class()" with "get_called_class()" because it's faster da2d5f6
@SocalNick SocalNick The ControllerLoader does not set the event on the controller.
Note: In regular MVC, the DispatchListener injects the event, so I believe it is appropriate to do here.
8dd08e5
@SocalNick SocalNick Cloning the event protects the original event from changes that happe…
…n when we dispatch to the forward controller, namely the target of the event being changed to the forward controller.

Also, since we are cloning, there's no need to cache the routeMatch.
d0c093a
@SocalNick SocalNick The reason for the clone is so that each controller gets it's own plu…
…gin broker. In the case where the Forward plugin is being used, a shared plugin broker would get it's internal controller variable overwritten by each Forward.
3888957
@JaepilCyan JaepilCyan Removed 3rd parameter from is_subclass_of functions to support php 5.…
…3.8 or below
1b1df08
@denixport denixport DH and RSA hotfix and tests c80df9a
@ezimuel ezimuel Added the Salted2SK algorithm to Zend\Crypt\Key\Derivation ffbd33f
@ezimuel ezimuel Fixed spaces in SaltedS2k 1a56a14
@necromant2005 necromant2005 Rename isSuccessful to isSuccess due to new Zend\Http\Client interface 7eceb9f
@neeckeloo neeckeloo Update library/Zend/Code/Generator/DocBlock/Tag.php 69fb11e
@ezimuel ezimuel Minor fixes for SaltedS2k 9144fe4
@neeckeloo neeckeloo Update tests/Zend/Code/Generator/DocBlockTagGeneratorTest.php 56ceb0b
@Gamblt Gamblt Add Csrf to Validator Loader 6363190
@blanchonvincent blanchonvincent add options for static paths
add options for static paths
1521ba8
@SocalNick SocalNick Support JSONP callback in JsonStrategy c3ffe05
@blanchonvincent blanchonvincent update unit tests
update unit tests
60eafb4
@blanchonvincent blanchonvincent update unit tests for lucene mutlisearch
update unit tests for access document on mutlisearch
78e9fdf
@EvanDotPro EvanDotPro s/setServiceManager($instance)/setServiceManager($serviceManager)/ bc83198
@blanchonvincent blanchonvincent fix ZF2-319 & id document
multiindex have problems with access document. Id (which is the
document id) has change, so access document is broken.
8ffd8ab
@EvanDotPro EvanDotPro Remove hard dependency on DI 57dc13c
@EvanDotPro EvanDotPro Lazily instantiate and attach router to url view helper 3dedd26
@EvanDotPro EvanDotPro Lazy-load basepath and doctype view helpers 03612f9
@EvanDotPro EvanDotPro Fix for failing test in Tar filter.
Return value should be the target dir with a trailing slash.
fef7669
@denixport denixport more RSA fixes, default key size is 2048 b5c636b
@EvanDotPro EvanDotPro Add more information to 'service/alias' already exists exception 5484b25
@denixport denixport and tests bc85d62
@EvanDotPro EvanDotPro Fixed a few additional issues in the view quick start e2d46da
Fritz Gerneth Added type to parameter in setOptions 431f66b
@EvanDotPro EvanDotPro Remove executable bit from AbstractListener 128aa22
@EvanDotPro EvanDotPro Update docblock to match return value of Tar::decompress() 3deaa2c
@EvanDotPro EvanDotPro s/setLayout/setTemplate/ in view quick start 6777f8b
@EvanDotPro EvanDotPro Utilize getter/setter in Subscription model for now() to prevent test…
… failure

The way the tests were set up, depending on when exactly during a particular
second that the test was ran, it could produce a failure, as two separate
Zend\Date\Date instances were being instantiated at different times. _Most_ of
the time they were both instantiated during the same second, but not always.
6923110
@EvanDotPro EvanDotPro s/%/%s/ for sprintf() calls in ListenerOptions 7c69700
@EvanDotPro EvanDotPro Skip SaltedS2k tests if mhash extension is not loaded
Also small tab/whitespace fix.
4996648
@blanchonvincent blanchonvincent fix doc type for EventManagerInterface
fix doc type for EventManagerInterface instead EventCollection
c788c37
@prolic prolic fixed Zend\Form\Factory
is_subclass_of does not work with interfaces, at least in PHP 5.3.6
the checks are also not need, because there are done again in createElement()
edae771
@sasezaki sasezaki [ZF-10284] Zend_View - Added support fluent interface.
sync svn r22879
63ff111
@sasezaki sasezaki ZF-10345: allow specifying id attribute in headLink helper
synv svn r23242
6c734a5
@sasezaki sasezaki ZF-9919: extended serverUrl helper to correctly identify scheme
sync svn r23370
41d8224
@sasezaki sasezaki [ZF-9324] Zend_View Fixed docblock
sync svn r23386
8b11ab6
@prolic prolic Zend\Stdlib\Hydator\HydratorInterface::hydrate() returns object
Currently for the implementations we provide, it's not needed, but in case you want a doctrine\hydrator (f.e. https://github.com/prolic/HumusDoctrineHydrator), the object must be returned by that method, because it could be, that a new object instance will be created by doctrine, because it get's loaded from database, so finally it's a needed changed and the api is also cleaner, imo
c9eca28
@sasezaki sasezaki [CS] Zend_View - Fixed ajust in docblock, missing '*'
sync svn r23387
5388885
@prolic prolic adjusted api usage in unit tests 4eba4bc
@ezimuel ezimuel Fixed the binary output 6698fbf
@sasezaki sasezaki [ZF-10793] Zend_View - Fixed allow set value to class of container.
sync svn r23544
4a3f820
@sasezaki sasezaki ZF-10843 removing unnecessary call to _isValid in Zend_View_Helper_He…
…adScript

sync svn r23548
4cdc493
@sasezaki sasezaki ZF-11013 Zend_View_Helper: headTitle helper minor code readability im…
…provement

sync svn r23722
dad6348
@sasezaki sasezaki ZF-12174: Fixed incorrect docblock in Zend_View_Helper_Currency
sync svn r24768
a8a3bc8
@blanchonvincent blanchonvincent add pretty name in module manager identifiers
add pretty name in module manager identifiers & add cs
60906c7
@blanchonvincent blanchonvincent update unit tests
update unit tests
e93abeb
@sasezaki sasezaki update demos Feeds 6f3ddc2
@blanchonvincent blanchonvincent remove useless helper view action
remove useless helper view action
a27e6d0
Duccio Gasparri Bug solved in Http\Response\Stream 8e9729f
Duccio Gasparri Corrected the input stream overwriting the actual body, and added the…
… unit test
8d62069
@shieldo shieldo removed dependency on deprecated \Zend\Loader class from Zend Validat…
…or package
70f0b56
@blanchonvincent blanchonvincent fix usage config for more consistency in view manager
fix usage config for more consistency in view manager, config is always
an array with PR-1331
25d229d
@prolic prolic fix in Hydrator\ArraySerializable 30ea604
@ezimuel ezimuel Added the CTR and NCFB mode to Mcrypt adapter ab678b7
Duccio Gasparri \Http\Response\Stream honoring the Content-Length header 1ad0828
@SocalNick SocalNick Allow additional Mvc Rendering Strategies to be registered via config…
…uration.
0fe6195
@weierophinney weierophinney Fix passing options to Captcha factory
- Factory was resetting options array, making it impossible to seed
  captcha adapters with options during instantiation.
121af91
@SocalNick SocalNick Registering additional MVC rendering strategies at 100 instead of all…
…owing them to register at their own priority. This is for consistency with registerViewStrategies.
830aa00
@jeremiahsmall jeremiahsmall Added a provision for graceful return if tokens is empty, and deleted…
… spurious assignment of startLine, both per suggestions in JMSBot/test-repository#49
a2f48bb
@Maks3w Maks3w [Di] Fix Generator Code dependency 12df3c0
@Maks3w Maks3w [Di] Minor changes 9fa5228
@sasezaki sasezaki [ZF-8580] SystemLookup in Zend_Xmlrpc_Client selects wrong signature
sync svn r23385
656e725
@sasezaki sasezaki ZF-10776 - Fixed datetime the format past to object Zend_Date was wrong.
sync svn r23550
c2275a2
@EvanDotPro EvanDotPro Removed completed todo item from ModuleManager service factory 08152db
@sasezaki sasezaki ZF-1897 XmlRpc Resolved issue with leading/trailing whitespace in chu…
…nked HTTP response

sync svn r24150
b7d6eaa
@jeremiahsmall jeremiahsmall Revised per @Maks3w suggestion that testing for empty before doing fo…
…reach is redundant.
7831fb6
@sasezaki sasezaki ZF-11588: handle string dates and dates beyond unix epoch
reference svn r24291
14cba2d
@weierophinney weierophinney [#1388] Added assertSame assertions
- Capture results of hydrate() to local variable
- Assert local variable is same as hydrated object
- Do further assertions against local variable
f5a3b84
@blanchonvincent blanchonvincent discard change and commit good version
discard change and commit good version - discard id increment value and
keep orginal instructions incrementation
46ffc92
@Maks3w Maks3w [TimeSync] Add option to disable online tests e54aa59
@ezimuel ezimuel Hotfix for a potential security problem in randBytes() 26346d7
@ezimuel ezimuel Fixed a doc block 2d8bfd8
@Maks3w Maks3w [Code] setDefaultValue refactor a3d9b84
@Maks3w Maks3w [Loader] Move legacy ZendTest\LoaderTest to the correct place c36ff7a
@Maks3w Maks3w [Loader] Delete legacy Zend\Loader and related resources. 9a228e5
@Maks3w Maks3w [Filter] Remove dependency with legacy Zend\Loader 792e528
@EvanDotPro EvanDotPro Removed Zend\Date\Date use statement in TimeSync test re PR #1412 935ebe9
@EvanDotPro EvanDotPro Utilize Zend\Stdlib\Glob in Zend\ModuleManager for fallback GLOB_BRAC…
…E functionality
11b7c4e
@prolic prolic ClassMethods Hydrator ignores invalid values 1a88a6c
@sasezaki sasezaki commented Zend_Loader documentaion manual.xml.in 1ae1897
@weierophinney weierophinney [ZF2-321] Fix docs for FormLabel
- When doing implicit association, openTag() should be called with no arguments,
  or an array of attributes. Updated all examples to remove element as argument
  to openTag().
db1b76d
@spiffyjr spiffyjr Fixed ServiceManager->get() throwing an exception on empty arrays. 0ddad2d
@ralphschindler ralphschindler Zend\Db: Fixed issue with iterating Mysqli Result objects when using …
…with libmysql and unbuffered statements.
e0a750e
@AldemarBernal AldemarBernal Applied changes for ZF-9743 c1f62f6
@denixport denixport rebase to fix travis tests c14fc74
@ezimuel
Zend Framework member
ezimuel commented Jun 4, 2012

Some of the code in this PR was copy/pasted from the project PHP-CryptLib (https://github.com/ircmaxell/PHP-CryptLib). I'm in contact with the author to understand if we can reuse it. PLEASE DON'T MERGE THIS PR UNTIL MY APPROVAL.

@ezimuel ezimuel closed this Jun 4, 2012
@denixport

@ezimuel, I did study PHP-CryptLib (and RFC 4086) after you mentioned it in wiki comments. This PR goes different route so it doesn't resamble CryptLib RNG in any way.
The only piece of code I find similar is base conversion while loop in getString() method. Yes, I probably took it
from CryptLib, but it's very common algo that could be found in many projects.
Current Math::rand() is a "copy/paste" of CryptLib\Random\Generator::generateInt() Why this is not a problem?
Anyway, I can rewrite that "copy/pasted" piece of code easely and re-submit.
Please, let me know your decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.