projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 68f318a)
Fix hash_pbkdf2() with missing $length argument
authorNikita Popov <nikic@php.net>
Wed, 12 Mar 2014 13:09:34 +0000 (14:09 +0100)
committerNikita Popov <nikic@php.net>
Wed, 12 Mar 2014 13:16:18 +0000 (14:16 +0100)
Also change the type of some string length variables to ensure
that the zpp call works correctly on platforms where sizeof(int)
!= sizeof(long).

NEWS patch | blob | history
ext/hash/hash.c patch | blob | history
ext/hash/tests/hash_pbkdf2_basic.phpt patch | blob | history

diff --git a/NEWS b/NEWS
index d1b2e5f5ea57985344af598f27d53bd54d91cb50..a84d4193dff8ee4a3365747bad409b77348645da 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ PHP                                                                        NEWS
   . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
   . Fixed bug #66890 (imagescale segfault). (Remi)
 
+- Hash:
+  . hash_pbkdf2() now works correctly if the $length argument is not specified.
+    (Nikita)
+
 - Mail:
   . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
 
diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 5222a395e6fbbdf04e2a8df45425e5e50b28e6c0..28e70dcd2d9c2dee7468ff4b2ef3296683463bd9 100644 (file)
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -609,16 +609,15 @@ Generate a PBKDF2 hash of the given password and salt
 Returns lowercase hexits by default */
 PHP_FUNCTION(hash_pbkdf2)
 {
-       char *returnval, *algo, *salt, *pass = NULL;
-       unsigned char *computed_salt, *digest, *temp, *result, *K1, *K2 = NULL;
-       long loops, i, j, algo_len, pass_len, iterations, length, digest_length = 0;
-       int argc, salt_len = 0;
+       char *returnval, *algo, *salt, *pass;
+       unsigned char *computed_salt, *digest, *temp, *result, *K1, *K2;
+       long loops, i, j, iterations, length = 0, digest_length;
+       int algo_len, pass_len, salt_len;
        zend_bool raw_output = 0;
        const php_hash_ops *ops;
        void *context;
 
-       argc = ZEND_NUM_ARGS();
-       if (zend_parse_parameters(argc TSRMLS_CC, "sssl|lb", &algo, &algo_len, &pass, &pass_len, &salt, &salt_len, &iterations, &length, &raw_output) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sssl|lb", &algo, &algo_len, &pass, &pass_len, &salt, &salt_len, &iterations, &length, &raw_output) == FAILURE) {
                return;
        }
 
diff --git a/ext/hash/tests/hash_pbkdf2_basic.phpt b/ext/hash/tests/hash_pbkdf2_basic.phpt
index fdccc4b6ea460c8bf76ab1035db6a1cd718ac4f3..17610dfedc5688d7789258fecb85aa6d75839a0e 100644 (file)
--- a/ext/hash/tests/hash_pbkdf2_basic.phpt
+++ b/ext/hash/tests/hash_pbkdf2_basic.phpt
@@ -5,7 +5,7 @@ Test hash_pbkdf2() function : basic functionality
 --FILE--
 <?php
 
-/* Prototype  : string hash_hmac  ( string $algo  , string $data  , string $key  [, bool $raw_output  ] )
+/* Prototype  : string hash_hmac(string $algo, string $data, string $key [, int $length = 0 [, bool $raw_output = false]])
  * Description: Generate a keyed hash value using the HMAC method
  * Source code: ext/hash/hash.c
  * Alias to functions:
@@ -14,10 +14,12 @@ Test hash_pbkdf2() function : basic functionality
 echo "*** Testing hash_pbkdf2() : basic functionality ***\n";
 
 echo "sha1: " . hash_pbkdf2('sha1', 'password', 'salt', 1, 20)."\n";
+echo "sha1(no length): " . hash_pbkdf2('sha1', 'password', 'salt', 1)."\n";
 echo "sha1(raw): " . bin2hex(hash_pbkdf2('sha1', 'password', 'salt', 1, 20, TRUE))."\n";
 echo "sha1(rounds): " . hash_pbkdf2('sha1', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 25)."\n";
 echo "sha1(rounds)(raw): " . bin2hex(hash_pbkdf2('sha1', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 25, TRUE))."\n";
 echo "sha256: " . hash_pbkdf2('sha256', 'password', 'salt', 1, 20)."\n";
+echo "sha256(no length): " . hash_pbkdf2('sha256', 'password', 'salt', 1)."\n";
 echo "sha256(raw): " . bin2hex(hash_pbkdf2('sha256', 'password', 'salt', 1, 20, TRUE))."\n";
 echo "sha256(rounds): " . hash_pbkdf2('sha256', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 40)."\n";
 echo "sha256(rounds)(raw): " . bin2hex(hash_pbkdf2('sha256', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 40, TRUE))."\n";
@@ -27,10 +29,12 @@ echo "sha256(rounds)(raw): " . bin2hex(hash_pbkdf2('sha256', 'passwordPASSWORDpa
 --EXPECT--
 *** Testing hash_pbkdf2() : basic functionality ***
 sha1: 0c60c80f961f0e71f3a9
+sha1(no length): 0c60c80f961f0e71f3a9b524af6012062fe037a6
 sha1(raw): 0c60c80f961f0e71f3a9b524af6012062fe037a6
 sha1(rounds): 3d2eec4fe41c849b80c8d8366
 sha1(rounds)(raw): 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
 sha256: 120fb6cffcf8b32c43e7
+sha256(no length): 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b
 sha256(raw): 120fb6cffcf8b32c43e7225256c4f837a86548c9
 sha256(rounds): 348c89dbcbd32b2f32d814b8116e84cf2b17347e
 sha256(rounds)(raw): 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9
Unnamed repository; edit this file 'description' to name the repository.