Introduction of timing attack safe bcmp implementation.

Nothing new but to refactor usage b/w hash and password
extensions but using volatile pointers to be a bit safer,
allowing to expand its usage eventually.

Author: devnexen

configure.ac

@@ -1610,7 +1610,7 @@ PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c \
        fopen_wrappers.c alloca.c  php_scandir.c \
        php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
        strlcat.c explicit_bzero.c reentrancy.c php_variables.c php_ticks.c \
-       network.c php_open_temporary_file.c \
+       network.c php_open_temporary_file.c safe_bcmp.c \
        output.c getopt.c php_syslog.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)
 
 PHP_ADD_SOURCES_X(main, fastcgi.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1, PHP_FASTCGI_OBJS, no)

ext/hash/hash.c

@@ -1109,7 +1109,6 @@ PHP_FUNCTION(hash_equals)
 	zval *known_zval, *user_zval;
 	char *known_str, *user_str;
 	int result = 0;
-	size_t j;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "zz", &known_zval, &user_zval) == FAILURE) {
 		RETURN_THROWS();
@@ -1134,9 +1133,7 @@ PHP_FUNCTION(hash_equals)
 	user_str = Z_STRVAL_P(user_zval);
 
 	/* This is security sensitive code. Do not optimize this for speed. */
-	for (j = 0; j < Z_STRLEN_P(known_zval); j++) {
-		result |= known_str[j] ^ user_str[j];
-	}
+	result = php_safe_bcmp(known_str, user_str, Z_STRLEN_P(known_zval));
 
 	RETURN_BOOL(0 == result);
 }

ext/standard/password.c

@@ -169,9 +169,7 @@ static bool php_password_bcrypt_verify(const zend_string *password, const zend_s
 	 * resistance towards timing attacks. This is a constant time
 	 * equality check that will always check every byte of both
 	 * values. */
-	for (i = 0; i < ZSTR_LEN(hash); i++) {
-		status |= (ZSTR_VAL(ret)[i] ^ ZSTR_VAL(hash)[i]);
-	}
+	status = php_safe_bcmp(ZSTR_VAL(ret), ZSTR_VAL(hash), ZSTR_LEN(hash));
 
 	zend_string_free(ret);
 	return status == 0;

main/php.h

@@ -179,6 +179,10 @@ END_EXTERN_C()
 #define explicit_bzero php_explicit_bzero
 #endif
 
+BEGIN_EXTERN_C()
+PHPAPI int php_safe_bcmp(const void *a, const void *b, size_t siz);
+END_EXTERN_C()
+
 #ifndef HAVE_STRTOK_R
 BEGIN_EXTERN_C()
 char *strtok_r(char *s, const char *delim, char **last);

main/safe_bcmp.c

@@ -0,0 +1,36 @@
+/*
+  +----------------------------------------------------------------------+
+  | PHP Version 8                                                        |
+  +----------------------------------------------------------------------+
+  | Copyright (c) The PHP Group                                          |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | [email protected] so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author:                                                              |
+  +----------------------------------------------------------------------+
+*/
+
+#include "php.h"
+
+#include <string.h>
+
+PHPAPI int php_safe_bcmp(const void *a, const void *b, size_t siz)
+{
+	const volatile unsigned char *ua = (const volatile unsigned char *)a;
+	const volatile unsigned char *ub = (const volatile unsigned char *)b;
+	size_t i = 0;
+	int r = 0;
+
+	while (i < siz) {
+		r |= ua[i] ^ ub[i];
+		++i;
+	}
+
+	return r;
+}