[Security] Use hash_equals for constant-time string comparison

dunglas · dunglas · commit f8b5ef625766 · 2014-09-02T00:40:13.000+02:00
diff --git a/src/Symfony/Component/Security/Core/Util/StringUtils.php b/src/Symfony/Component/Security/Core/Util/StringUtils.php
@@ -27,6 +27,7 @@ private function __construct() {}
      * Compares two strings.
      *
      * This method implements a constant-time algorithm to compare strings.
+     * Regardless of the used implementation, it will leak length information.
      *
      * @param string $knownString The string of known length to compare against
      * @param string $userInput   The string that the user can control
@@ -35,6 +36,10 @@ private function __construct() {}
      */
     public static function equals($knownString, $userInput)
     {
+        if (function_exists('hash_equals')) {
+            return hash_equals((string) $knownString, (string) $userInput);
+        }
+
         $knownLen = strlen($knownString);
         $userLen = strlen($userInput);
 
@@ -45,7 +50,7 @@ public static function equals($knownString, $userInput)
         $result = $knownLen - $userLen;
 
         // Note that we ALWAYS iterate over the user-supplied length
-        // This is to prevent leaking length information
+        // This is to mitigate leaking length information
         for ($i = 0; $i < $userLen; $i++) {
             $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
         }

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ private function __construct() {}`
`27`	`27`	`* Compares two strings.`
`28`	`28`	`*`
`29`	`29`	`* This method implements a constant-time algorithm to compare strings.`
	`30`	`+ * Regardless of the used implementation, it will leak length information.`
`30`	`31`	`*`
`31`	`32`	`* @param string $knownString The string of known length to compare against`
`32`	`33`	`* @param string $userInput The string that the user can control`
`@@ -35,6 +36,10 @@ private function __construct() {}`
`35`	`36`	`*/`
`36`	`37`	`public static function equals($knownString, $userInput)`
`37`	`38`	`{`
	`39`	`+ if (function_exists('hash_equals')) {`
	`40`	`+ return hash_equals((string) $knownString, (string) $userInput);`
	`41`	`+ }`
	`42`	`+`
`38`	`43`	`$knownLen = strlen($knownString);`
`39`	`44`	`$userLen = strlen($userInput);`
`40`	`45`
`@@ -45,7 +50,7 @@ public static function equals($knownString, $userInput)`
`45`	`50`	`$result = $knownLen - $userLen;`
`46`	`51`
`47`	`52`	`// Note that we ALWAYS iterate over the user-supplied length`
`48`		`- // This is to prevent leaking length information`
	`53`	`+ // This is to mitigate leaking length information`
`49`	`54`	`for ($i = 0; $i < $userLen; $i++) {`
`50`	`55`	`$result \|= (ord($knownString[$i]) ^ ord($userInput[$i]));`
`51`	`56`	`}`