diff options
| author | Nikita Popov <nikic@php.net> | 2014-03-12 14:09:34 +0100 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2014-03-12 14:16:18 +0100 |
| commit | 06bbb657ad8ae4660051da1ad698370f0c06bdc4 (patch) | |
| tree | db01abced13a05bc3d5e61c40abbecd72b2e85fb | |
| parent | 68f318a422f7149a4e73915f13127fb704c8c67f (diff) | |
| download | php-git-06bbb657ad8ae4660051da1ad698370f0c06bdc4.tar.gz | |
Fix hash_pbkdf2() with missing $length argument
Also change the type of some string length variables to ensure
that the zpp call works correctly on platforms where sizeof(int)
!= sizeof(long).
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/hash/hash.c | 11 | ||||
| -rw-r--r-- | ext/hash/tests/hash_pbkdf2_basic.phpt | 6 |
3 files changed, 14 insertions, 7 deletions
@@ -19,6 +19,10 @@ PHP NEWS . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre) . Fixed bug #66890 (imagescale segfault). (Remi) +- Hash: + . hash_pbkdf2() now works correctly if the $length argument is not specified. + (Nikita) + - Mail: . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 5222a395e6..28e70dcd2d 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -609,16 +609,15 @@ Generate a PBKDF2 hash of the given password and salt Returns lowercase hexits by default */ PHP_FUNCTION(hash_pbkdf2) { - char *returnval, *algo, *salt, *pass = NULL; - unsigned char *computed_salt, *digest, *temp, *result, *K1, *K2 = NULL; - long loops, i, j, algo_len, pass_len, iterations, length, digest_length = 0; - int argc, salt_len = 0; + char *returnval, *algo, *salt, *pass; + unsigned char *computed_salt, *digest, *temp, *result, *K1, *K2; + long loops, i, j, iterations, length = 0, digest_length; + int algo_len, pass_len, salt_len; zend_bool raw_output = 0; const php_hash_ops *ops; void *context; - argc = ZEND_NUM_ARGS(); - if (zend_parse_parameters(argc TSRMLS_CC, "sssl|lb", &algo, &algo_len, &pass, &pass_len, &salt, &salt_len, &iterations, &length, &raw_output) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sssl|lb", &algo, &algo_len, &pass, &pass_len, &salt, &salt_len, &iterations, &length, &raw_output) == FAILURE) { return; } diff --git a/ext/hash/tests/hash_pbkdf2_basic.phpt b/ext/hash/tests/hash_pbkdf2_basic.phpt index fdccc4b6ea..17610dfedc 100644 --- a/ext/hash/tests/hash_pbkdf2_basic.phpt +++ b/ext/hash/tests/hash_pbkdf2_basic.phpt @@ -5,7 +5,7 @@ Test hash_pbkdf2() function : basic functionality --FILE-- <?php -/* Prototype : string hash_hmac ( string $algo , string $data , string $key [, bool $raw_output ] ) +/* Prototype : string hash_hmac(string $algo, string $data, string $key [, int $length = 0 [, bool $raw_output = false]]) * Description: Generate a keyed hash value using the HMAC method * Source code: ext/hash/hash.c * Alias to functions: @@ -14,10 +14,12 @@ Test hash_pbkdf2() function : basic functionality echo "*** Testing hash_pbkdf2() : basic functionality ***\n"; echo "sha1: " . hash_pbkdf2('sha1', 'password', 'salt', 1, 20)."\n"; +echo "sha1(no length): " . hash_pbkdf2('sha1', 'password', 'salt', 1)."\n"; echo "sha1(raw): " . bin2hex(hash_pbkdf2('sha1', 'password', 'salt', 1, 20, TRUE))."\n"; echo "sha1(rounds): " . hash_pbkdf2('sha1', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 25)."\n"; echo "sha1(rounds)(raw): " . bin2hex(hash_pbkdf2('sha1', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 25, TRUE))."\n"; echo "sha256: " . hash_pbkdf2('sha256', 'password', 'salt', 1, 20)."\n"; +echo "sha256(no length): " . hash_pbkdf2('sha256', 'password', 'salt', 1)."\n"; echo "sha256(raw): " . bin2hex(hash_pbkdf2('sha256', 'password', 'salt', 1, 20, TRUE))."\n"; echo "sha256(rounds): " . hash_pbkdf2('sha256', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 40)."\n"; echo "sha256(rounds)(raw): " . bin2hex(hash_pbkdf2('sha256', 'passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt', 4096, 40, TRUE))."\n"; @@ -27,10 +29,12 @@ echo "sha256(rounds)(raw): " . bin2hex(hash_pbkdf2('sha256', 'passwordPASSWORDpa --EXPECT-- *** Testing hash_pbkdf2() : basic functionality *** sha1: 0c60c80f961f0e71f3a9 +sha1(no length): 0c60c80f961f0e71f3a9b524af6012062fe037a6 sha1(raw): 0c60c80f961f0e71f3a9b524af6012062fe037a6 sha1(rounds): 3d2eec4fe41c849b80c8d8366 sha1(rounds)(raw): 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 sha256: 120fb6cffcf8b32c43e7 +sha256(no length): 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b sha256(raw): 120fb6cffcf8b32c43e7225256c4f837a86548c9 sha256(rounds): 348c89dbcbd32b2f32d814b8116e84cf2b17347e sha256(rounds)(raw): 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9 |