Add php_byte_compare2() which uses https://github.com/realityking/php-src/compare/timing_attack algorithm

Author: Yasuo Ohgaki

ext/standard/basic_functions.c

@@ -2782,6 +2782,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */
 	PHP_FE(str_xxhash32_compare,														arginfo_str_compare)
 	PHP_FE(str_md5_compare,														arginfo_str_compare)
 	PHP_FE(str_byte_compare,														arginfo_str_compare)
+	PHP_FE(str_byte_compare2,														arginfo_str_compare)
 	PHP_FE(str_compare,														arginfo_str_compare)
 
 #ifdef HAVE_STRCOLL

ext/standard/config.m4

@@ -603,7 +603,7 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32.
                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
                             var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \
-                            filters.c proc_open.c streamsfuncs.c http.c password.c)
+                            filters.c proc_open.c streamsfuncs.c http.c password.c xxhash.c siphash.c)
 
 PHP_ADD_MAKEFILE_FRAGMENT
 PHP_INSTALL_HEADERS([ext/standard/])

ext/standard/php_string.h

@@ -97,6 +97,7 @@ PHP_FUNCTION(str_siphash_compare);
 PHP_FUNCTION(str_xxhash32_compare);
 PHP_FUNCTION(str_md5_compare);
 PHP_FUNCTION(str_byte_compare);
+PHP_FUNCTION(str_byte_compare2);
 PHP_FUNCTION(str_compare);
 #ifdef HAVE_STRCOLL
 PHP_FUNCTION(strcoll);

ext/standard/string.c

@@ -5714,6 +5714,7 @@ PHPAPI int php_byte_compare(const void *b1, const void *b2, size_t n) /* {{{ */
 }
 /* }}} */
 
+
 /* {{{ proto bool str_compare(string str1, string str2)
    Timing safe string compare */
 PHP_FUNCTION(str_byte_compare)
@@ -5737,6 +5738,44 @@ PHP_FUNCTION(str_byte_compare)
 }
 /* }}} */
 
+
+/* Timing safe compare */
+ PHPAPI int php_byte_compare2(const void *b1, size_t b1_len, const void *b2, size_t b2_len) /* {{{ */
+{
+	const unsigned char *p1 = b1, *p2 = b2;
+	int ret = b1_len - b2_len;
+	int mod_len = MAX(b1_len, 1);
+	int n;
+
+	for (n = 0; n < b2_len ; n++) {
+		ret |= p1[n % mod_len] ^ p2[n];
+	}
+	return (ret == 0);
+}
+/* }}} */
+
+/* {{{ proto bool str_compare2(string str1, string str2)
+   Timing safe string compare */
+PHP_FUNCTION(str_byte_compare2)
+{
+	zval *s1, *s2;
+	size_t mod_len;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &s1, &s2) == FAILURE) {
+		RETURN_FALSE;
+	}
+
+	if (Z_TYPE_P(s1) != IS_STRING || Z_TYPE_P(s2) != IS_STRING) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Paremeters must be string");
+		RETURN_FALSE;
+	}
+
+	RETURN_BOOL(php_byte_compare2(Z_STRVAL_P(s1), Z_STRLEN_P(s1),
+								  Z_STRVAL_P(s2), Z_STRLEN_P(s2)));
+}
+/* }}} */
+
+
 /* {{{ proto bool str_compare(string str1, string str2)
    strncmp string compare */
 PHP_FUNCTION(str_compare)