Add timing safe comparison, compares chars by word size. It could be faster than simple byte by byte comparison

Author: Yasuo Ohgaki

ext/standard/basic_functions.c

@@ -2778,11 +2778,12 @@ const zend_function_entry basic_functions[] = { /* {{{ */
 	PHP_FE(str_split,														arginfo_str_split)
 	PHP_FE(strpbrk,															arginfo_strpbrk)
 	PHP_FE(substr_compare,													arginfo_substr_compare)
-	PHP_FE(str_siphash_compare,														arginfo_str_compare)
-	PHP_FE(str_xxhash32_compare,														arginfo_str_compare)
-	PHP_FE(str_md5_compare,														arginfo_str_compare)
-	PHP_FE(str_byte_compare,														arginfo_str_compare)
-	PHP_FE(str_byte_compare2,														arginfo_str_compare)
+	PHP_FE(str_siphash_compare,												arginfo_str_compare)
+	PHP_FE(str_xxhash32_compare,											arginfo_str_compare)
+	PHP_FE(str_md5_compare,													arginfo_str_compare)
+	PHP_FE(str_byte_compare,												arginfo_str_compare)
+	PHP_FE(str_byte_compare2,												arginfo_str_compare)
+	PHP_FE(str_word_compare,												arginfo_str_compare)
 	PHP_FE(str_compare,														arginfo_str_compare)
 
 #ifdef HAVE_STRCOLL

ext/standard/php_string.h

@@ -98,6 +98,7 @@ PHP_FUNCTION(str_xxhash32_compare);
 PHP_FUNCTION(str_md5_compare);
 PHP_FUNCTION(str_byte_compare);
 PHP_FUNCTION(str_byte_compare2);
+PHP_FUNCTION(str_word_compare);
 PHP_FUNCTION(str_compare);
 #ifdef HAVE_STRCOLL
 PHP_FUNCTION(strcoll);

ext/standard/string.c

@@ -5754,6 +5754,7 @@ PHP_FUNCTION(str_byte_compare)
 }
 /* }}} */
 
+
 /* {{{ proto bool str_compare2(string str1, string str2)
    Timing safe string compare */
 PHP_FUNCTION(str_byte_compare2)
@@ -5776,6 +5777,51 @@ PHP_FUNCTION(str_byte_compare2)
 /* }}} */
 
 
+/* Timing safe compare */
+ PHPAPI int php_word_compare(const void *b1, size_t b1_len, const void *b2, size_t b2_len) /* {{{ */
+{
+	const unsigned char *p1 = b1, *p2 = b2;
+	long ret = b1_len - b2_len;
+	int mod_len = MAX(b1_len, 1);
+	int min_len = MIN(b1_len, b2_len);
+	int n, sz=sizeof(long);
+
+	/* Optimize by using word size comparison */
+	for (n = 0; n+sz < min_len ; n += sz) {
+		ret |= (long)p1 ^ (long)p2;
+	}
+	/* Comparet the rest, byte by byte */
+	for (; n < b2_len ; n++) {
+		ret |= p1[n % mod_len] ^ p2[n];
+	}
+	return (ret == 0);
+}
+/* }}} */
+
+
+/* {{{ proto bool str_word_compare(string str1, string str2)
+   Timing safe string compare. Word size optimized. */
+PHP_FUNCTION(str_word_compare)
+{
+	zval *s1, *s2;
+	size_t mod_len;
+	long buf;
+
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &s1, &s2) == FAILURE) {
+		RETURN_FALSE;
+	}
+
+	if (Z_TYPE_P(s1) != IS_STRING || Z_TYPE_P(s2) != IS_STRING) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Paremeters must be string");
+		RETURN_FALSE;
+	}
+
+	RETURN_BOOL(php_word_compare(Z_STRVAL_P(s1), Z_STRLEN_P(s1),
+								  Z_STRVAL_P(s2), Z_STRLEN_P(s2)));
+}
+/* }}} */
+
+
 /* {{{ proto bool str_compare(string str1, string str2)
    strncmp string compare */
 PHP_FUNCTION(str_compare)