Refine HMAC-MD5 generator; use native PHP Hash extension if available

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14083 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/auth.php b/functions/auth.php
index fbc28e06ba0d98dc0327196844d8ab2f06d3605b..17d4d62530088d3e717b8961e9e3104c9b0a2cce 100644 (file)
--- a/functions/auth.php
+++ b/functions/auth.php
@@ -270,37 +270,70 @@ function digest_md5_parse_challenge($challenge) {
 }
 
 /**
- * Creates a HMAC digest that can be used for auth purposes
- * See RFCs 2104, 2617, 2831
- * Uses mhash() extension if available
- *
- * @param string $data Data to apply hash function to.
- * @param string $key Optional key, which, if supplied, will be used to
- * calculate data's HMAC.
- * @return string HMAC Digest string
- * @since 1.4.0
- */
+  * Creates a HMAC digest that can be used for authentication purposes
+  * See RFCs 2104, 2617, 2831
+  *
+  * Uses PHP's Hash extension if available (enabled by default in PHP
+  * 5.1.2+ - see http://www.php.net/manual/en/hash.requirements.php
+  * or, if installed on earlier PHP versions, the PECL hash module -
+  * see http://pecl.php.net/package/hash
+  *
+  * Otherwise, will attempt to use the Mhash extension - see
+  * http://www.php.net/manual/en/mhash.requirements.php
+  *
+  * Finally, a fall-back custom implementation is used if none of
+  * the above are available.
+  *
+  * @param string $data The data to be encoded/hashed
+  * @param string $key The (shared) secret key that will be used
+  *                    to build the keyed hash.  This argument is
+  *                    technically optional, but only for internal
+  *                    use (when the custom hash implementation is
+  *                    being used) - external callers should always
+  *                    specify a value for this argument.
+  *
+  * @return string The HMAC-MD5 digest string
+  * @since 1.4.0
+  *
+  */
 function hmac_md5($data, $key='') {
+
+    // use PHP's native Hash extension if possible
+    //
+    if (function_exists('hash_hmac'))
+        return pack('H*', hash_hmac('md5', $data, $key));
+
+
+    // otherwise, use (obsolete) mhash extension if available
+    //
     if (extension_loaded('mhash')) {
-        if ($key== '') {
-            $mhash=mhash(MHASH_MD5,$data);
-        } else {
-            $mhash=mhash(MHASH_MD5,$data,$key);
-        }
+
+        if ($key == '')
+            $mhash = mhash(MHASH_MD5, $data);
+        else
+            $mhash = mhash(MHASH_MD5, $data, $key);
+
         return $mhash;
     }
-    if (!$key) {
-        return pack('H*',md5($data));
-    }
-    $key = str_pad($key,64,chr(0x00));
-    if (strlen($key) > 64) {
-        $key = pack("H*",md5($key));
-    }
-    $k_ipad =  $key ^ str_repeat(chr(0x36), 64) ;
-    $k_opad =  $key ^ str_repeat(chr(0x5c), 64) ;
-    /* Heh, let's get recursive. */
-    $hmac=hmac_md5($k_opad . pack("H*",md5($k_ipad . $data)) );
+
+
+    // or, our own implementation...
+    //
+    if (!$key)
+        return pack('H*', md5($data));
+
+    $key = str_pad($key, 64, chr(0x00));
+
+    if (strlen($key) > 64)
+        $key = pack("H*", md5($key));
+
+    $k_ipad = $key ^ str_repeat(chr(0x36), 64);
+    $k_opad = $key ^ str_repeat(chr(0x5c), 64);
+
+    $hmac = hmac_md5($k_opad . pack('H*', md5($k_ipad . $data)));
+
     return $hmac;
+
 }
 
 /**