[wp-trac] [WordPress Trac] #10284: hash_hmac implementation does
not match PHP hash_hmac
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 26 23:19:22 GMT 2009
#10284: hash_hmac implementation does not match PHP hash_hmac
--------------------------+-------------------------------------------------
Reporter: jrush_aplus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
The hash_hmac implementation output does not match the native PHP
hash_hmac output when using a key longer than 64 characters.
If the key is longer than 64 characters, it is packed. The output of pack
may be less than 64 characters, so the key needs to be padded. The
current implementation does not pad the key because the key was packed.
The attached patch removes the else that keeps a packed key from being
padded. By removing the else, the length of the key is recalculated and
will be padded if it is less than 64 characters.
If the key is padded after being packed, the output matches the output of
the native PHP hash_hmac function.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10284>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list