Fix hkdf() with (length % digestSize) > 0

narfbg · narfbg · commit 9f3e4c6a3fbf · 2017-01-11T19:39:51.000+02:00
diff --git a/ext/hash/hash.c b/ext/hash/hash.c
@@ -682,7 +682,11 @@ PHP_FUNCTION(hkdf)
 		ops->hash_final(digest, context);
 		php_hash_string_xor_char(K, K, 0x6A, ops->block_size);
 		php_hash_hmac_round(digest, ops, context, K, digest, ops->digest_size);
-		memcpy(returnval->val + ((i - 1) * ops->digest_size), digest, ops->digest_size);
+		memcpy(
+			returnval->val + ((i - 1) * ops->digest_size),
+			digest,
+			(i == rounds ? length - ((i - 1) * ops->digest_size) : ops->digest_size)
+		);
 	}
 
 	ZEND_SECURE_ZERO(K, ops->block_size);
diff --git a/ext/hash/tests/hkdf_edges.phpt b/ext/hash/tests/hkdf_edges.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Test hkdf() function: edge cases
+--SKIPIF--
+<?php extension_loaded('hash') or die('skip: hash extension not loaded.'); ?>
+--FILE--
+<?php
+
+/* Prototype  : string hkdf  ( string $algo  , string $ikm  [, int $length  , string $info = '' , string $salt = ''  ] )
+ * Description: HMAC-based Key Derivation Function
+ * Source code: ext/hash/hash.c
+*/
+
+echo "*** Testing hkdf(): edge cases ***\n";
+
+$ikm = 'input key material';
+
+echo 'Length < digestSize: ', bin2hex(hkdf('md5', $ikm, 7)), "\n";
+echo 'Length % digestSize != 0: ', bin2hex(hkdf('md5', $ikm, 17)), "\n";
+
+?>
+--EXPECTF--
+*** Testing hkdf(): edge cases ***
+Length < digestSize: 98b16391063ece
+Length % digestSize != 0: 98b16391063ecee006a3ca8ee5776b1e5f
