Fix hash_hkdf() empty salt handling

Author: narfbg

ext/hash/hash.c

@@ -610,7 +610,7 @@ PHP_FUNCTION(hash_algos)
 RFC5869 HMAC-based key derivation function */
 PHP_FUNCTION(hash_hkdf)
 {
-	zend_string *returnval, *ikm, *algo, *info = NULL, *salt;
+	zend_string *returnval, *ikm, *algo, *info = NULL, *salt = NULL;
 	zend_long length = 0;
 	char *prk, *computed_salt;
 	unsigned char *digest, *K;
@@ -645,25 +645,24 @@ PHP_FUNCTION(hash_hkdf)
 		RETURN_FALSE;
 	}
 
-	if (salt->len == 0)
-	{
+	if (salt != NULL && salt->len > 0) {
+		computed_salt = safe_emalloc(salt->len, salt->len, 0);
+		memcpy(computed_salt, salt->val, salt->len);
+	}
+	else {
 		computed_salt = safe_emalloc(ops->digest_size, ops->digest_size, 0);
 		for (i = 0; i < ops->digest_size; i++)
 		{
 			computed_salt[i] = 0x00;
 		}
 	}
-	else {
-		computed_salt = safe_emalloc(salt->len, salt->len, 0);
-		memcpy(computed_salt, salt->val, salt->len);
-	}
 
 	context = emalloc(ops->context_size);
 
 	// Extract
 	ops->hash_init(context);
 	K = emalloc(ops->block_size);
-	php_hash_hmac_prep_key(K, ops, context, computed_salt, salt->len ? salt->len : ops->digest_size);
+	php_hash_hmac_prep_key(K, ops, context, computed_salt, (salt != NULL && salt->len ? salt->len : ops->digest_size));
 	prk = safe_emalloc(ops->digest_size, ops->digest_size, 0);
 	php_hash_hmac_round(prk, ops, context, K, ikm->val, ikm->len);
 	php_hash_string_xor_char(K, K, 0x6A, ops->block_size);