@cname currently refers to the constant name in C. However, it is not always a (constant) name, but sometimes a function invocation, so naming it as @cvalue would be more appropriate.
Like `hash_file()`, `hash_hmac_file()` expects a filename, and not some
string data. Fixing this now, constitutes a (hopefully small) BC break
though.
Closes GH-7828.
`hash()` and `hash_hmac()` never return `false`; only `hash_file()` and
`hash_hmac_file()` return `false` in case the data cannot be read.
Closes GH-7760.
Deprecate mhash(), mhash_keygen_s2k(), mhash_count(),
mhash_get_block_size() and mhash_get_hash_name() in favor of the
normal hash_*() functions.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
The concrete need on this change is to support passing an initial seed
to the murmur hash. Passing a custom seed is important in terms of
randomizing the hash function.
The suggested implementation adds a HashTable parameter to all the
init callbacks. Further on, an array with custom arguments is accepted
from `hash` or `hash_init` from the user land. Currently several things
like `hash_hkdf` are not touched, as they don't need passing custom
args.
Some convenience macros have been added to the SHA/MD families of
functions, so the consuming code doesn't have to be changed widely.
Another way to implement this is to add another type of the init that
would accept a HT with arguments. However, that would still require
touching all the context structs in all the algos. That would also
increase the size of those structs. As an init function is called just
once, the way of modifying the existing init callback has been seen
as more preferrable.
Closes GH-6400.
Signed-off-by: Anatol Belski <ab@php.net>
Co-Developed-by: Nikita Popov <nikita.ppv@googlemail.com>
Signed-off-by: Nikita Popov <nikita.ppv@googlemail.com>
Acked-by: Michael Wallner <mike@php.net>
Reviewed-by: Máté Kocsis <kocsismate@woohoolabs.com>
Reviewed-by: Eddie Kohler <ekohler@gmail.com>
* Modify php_hash_ops to contain the algorithm name and
serialize and unserialize methods.
* Implement __serialize and __unserialize magic methods on
HashContext.
Note that serialized HashContexts are not necessarily portable
between PHP versions or from architecture to architecture.
(Most are, though Keccak and slow SHA3s are not.)
An exception is thrown when an unsupported serialization is
attempted.
Because of security concerns, HASH_HMAC contexts are not
currently serializable; attempting to serialize one throws
an exception.
Serialization exposes the state of HashContext memory, so ensure
that memory is zeroed before use by allocating it with a new
php_hash_alloc_context function. Performance impact is
negligible.
Some hash internal states have logical pointers into a buffer,
or sponge, that absorbs input provided in bytes rather than
chunks. The unserialize functions for these hash functions
must validate that the logical pointers are all within bounds,
lest future hash operations cause out-of-bounds memory accesses.
* Adler32, CRC32, FNV, joaat: simple state, no buffer positions
* Gost, MD2, SHA3, Snefru, Tiger, Whirlpool: buffer positions
must be validated
* MD4, MD5, SHA1, SHA2, haval, ripemd: buffer positions encoded
bitwise, forced to within bounds on use; no need to validate
* get_parent_class() argument is optional
* Mark array_filter() $callback as optional
* The $base of gmp_strval() is optional
* DateTime constructor also accepts zero arguments
* hash_update_file() stream context is optional
* xmlwriter_write_dtd_entity() $isparam argument is optional
