Make HashContexts serializable.

* Modify php_hash_ops to contain the algorithm name and
  serialize and unserialize methods.

* Implement __serialize and __unserialize magic methods on
  HashContext.

Note that serialized HashContexts are not necessarily portable
between PHP versions or from architecture to architecture.
(Most are, though Keccak and slow SHA3s are not.)

An exception is thrown when an unsupported serialization is
attempted.

Because of security concerns, HASH_HMAC contexts are not
currently serializable; attempting to serialize one throws
an exception.

Serialization exposes the state of HashContext memory, so ensure
that memory is zeroed before use by allocating it with a new
php_hash_alloc_context function. Performance impact is
negligible.

Some hash internal states have logical pointers into a buffer,
or sponge, that absorbs input provided in bytes rather than
chunks. The unserialize functions for these hash functions
must validate that the logical pointers are all within bounds,
lest future hash operations cause out-of-bounds memory accesses.

* Adler32, CRC32, FNV, joaat: simple state, no buffer positions
* Gost, MD2, SHA3, Snefru, Tiger, Whirlpool: buffer positions
  must be validated
* MD4, MD5, SHA1, SHA2, haval, ripemd: buffer positions encoded
  bitwise, forced to within bounds on use; no need to validate

Author: kohler

ext/hash/hash.c

@@ -53,4 +53,8 @@ function mhash(int $hash, string $data, string $key = UNKNOWN): string|false {}
 final class HashContext
 {
     private function __construct() {}
+
+    public function __serialize(): array {}
+
+    public function __unserialize(array $serialized): void {}
 }

ext/hash/hash.stub.php

@@ -59,10 +59,14 @@ PHP_HASH_API int PHP_ADLER32Copy(const php_hash_ops *ops, PHP_ADLER32_CTX *orig_
 }
 
 const php_hash_ops php_hash_adler32_ops = {
+	"adler32",
 	(php_hash_init_func_t) PHP_ADLER32Init,
 	(php_hash_update_func_t) PHP_ADLER32Update,
 	(php_hash_final_func_t) PHP_ADLER32Final,
 	(php_hash_copy_func_t) PHP_ADLER32Copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_ADLER32_SPEC,
 	4, /* what to say here? */
 	4,
 	sizeof(PHP_ADLER32_CTX),

ext/hash/hash_adler32.c

@@ -118,6 +118,12 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_HashContext___construct, 0, 0, 0)
 ZEND_END_ARG_INFO()
 
+#define arginfo_class_HashContext___serialize arginfo_hash_algos
+
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_class_HashContext___unserialize, 0, 1, IS_VOID, 0)
+	ZEND_ARG_TYPE_INFO(0, serialized, IS_ARRAY, 0)
+ZEND_END_ARG_INFO()
+
 
 ZEND_FUNCTION(hash);
 ZEND_FUNCTION(hash_file);
@@ -150,6 +156,8 @@ ZEND_FUNCTION(mhash_count);
 ZEND_FUNCTION(mhash);
 #endif
 ZEND_METHOD(HashContext, __construct);
+ZEND_METHOD(HashContext, __serialize);
+ZEND_METHOD(HashContext, __unserialize);
 
 
 static const zend_function_entry ext_functions[] = {
@@ -189,5 +197,7 @@ static const zend_function_entry ext_functions[] = {
 
 static const zend_function_entry class_HashContext_methods[] = {
 	ZEND_ME(HashContext, __construct, arginfo_class_HashContext___construct, ZEND_ACC_PRIVATE)
+	ZEND_ME(HashContext, __serialize, arginfo_class_HashContext___serialize, ZEND_ACC_PUBLIC)
+	ZEND_ME(HashContext, __unserialize, arginfo_class_HashContext___unserialize, ZEND_ACC_PUBLIC)
 	ZEND_FE_END
 };

ext/hash/hash_arginfo.h

@@ -78,32 +78,44 @@ PHP_HASH_API int PHP_CRC32Copy(const php_hash_ops *ops, PHP_CRC32_CTX *orig_cont
 }
 
 const php_hash_ops php_hash_crc32_ops = {
+	"crc32",
 	(php_hash_init_func_t) PHP_CRC32Init,
 	(php_hash_update_func_t) PHP_CRC32Update,
 	(php_hash_final_func_t) PHP_CRC32LEFinal,
 	(php_hash_copy_func_t) PHP_CRC32Copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_CRC32_SPEC,
 	4, /* what to say here? */
 	4,
 	sizeof(PHP_CRC32_CTX),
 	0
 };
 
 const php_hash_ops php_hash_crc32b_ops = {
+	"crc32b",
 	(php_hash_init_func_t) PHP_CRC32Init,
 	(php_hash_update_func_t) PHP_CRC32BUpdate,
 	(php_hash_final_func_t) PHP_CRC32BEFinal,
 	(php_hash_copy_func_t) PHP_CRC32Copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_CRC32_SPEC,
 	4, /* what to say here? */
 	4,
 	sizeof(PHP_CRC32_CTX),
 	0
 };
 
 const php_hash_ops php_hash_crc32c_ops = {
+	"crc32c",
 	(php_hash_init_func_t) PHP_CRC32Init,
 	(php_hash_update_func_t) PHP_CRC32CUpdate,
 	(php_hash_final_func_t) PHP_CRC32BEFinal,
 	(php_hash_copy_func_t) PHP_CRC32Copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_CRC32_SPEC,
 	4, /* what to say here? */
 	4,
 	sizeof(PHP_CRC32_CTX),

ext/hash/hash_crc32.c

@@ -21,43 +21,59 @@
 #include "php_hash_fnv.h"
 
 const php_hash_ops php_hash_fnv132_ops = {
+	"fnv132",
 	(php_hash_init_func_t) PHP_FNV132Init,
 	(php_hash_update_func_t) PHP_FNV132Update,
 	(php_hash_final_func_t) PHP_FNV132Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_FNV132_SPEC,
 	4,
 	4,
 	sizeof(PHP_FNV132_CTX),
 	0
 };
 
 const php_hash_ops php_hash_fnv1a32_ops = {
+	"fnv1a32",
 	(php_hash_init_func_t) PHP_FNV132Init,
 	(php_hash_update_func_t) PHP_FNV1a32Update,
- 	(php_hash_final_func_t) PHP_FNV132Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	(php_hash_final_func_t) PHP_FNV132Final,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_FNV132_SPEC,
 	4,
 	4,
 	sizeof(PHP_FNV132_CTX),
 	0
 };
 
 const php_hash_ops php_hash_fnv164_ops = {
+	"fnv164",
 	(php_hash_init_func_t) PHP_FNV164Init,
 	(php_hash_update_func_t) PHP_FNV164Update,
 	(php_hash_final_func_t) PHP_FNV164Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_FNV164_SPEC,
 	8,
 	4,
 	sizeof(PHP_FNV164_CTX),
 	0
 };
 
 const php_hash_ops php_hash_fnv1a64_ops = {
+	"fnv1a64",
 	(php_hash_init_func_t) PHP_FNV164Init,
 	(php_hash_update_func_t) PHP_FNV1a64Update,
- 	(php_hash_final_func_t) PHP_FNV164Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	(php_hash_final_func_t) PHP_FNV164Final,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_FNV164_SPEC,
 	8,
 	4,
 	sizeof(PHP_FNV164_CTX),

ext/hash/hash_fnv.c

@@ -304,22 +304,43 @@ PHP_HASH_API void PHP_GOSTFinal(unsigned char digest[32], PHP_GOST_CTX *context)
 	ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
+static int php_gost_unserialize(php_hashcontext_object *hash, zend_long magic, const zval *zv)
+{
+	PHP_GOST_CTX *ctx = (PHP_GOST_CTX *) hash->context;
+	int r = FAILURE;
+	if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
+		&& (r = php_hash_unserialize_spec(hash, zv, PHP_GOST_SPEC)) == SUCCESS
+		&& ctx->length < sizeof(ctx->buffer)) {
+		return SUCCESS;
+	} else {
+		return r != SUCCESS ? r : -2000;
+	}
+}
+
 const php_hash_ops php_hash_gost_ops = {
+	"gost",
 	(php_hash_init_func_t) PHP_GOSTInit,
 	(php_hash_update_func_t) PHP_GOSTUpdate,
 	(php_hash_final_func_t) PHP_GOSTFinal,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_gost_unserialize,
+	PHP_GOST_SPEC,
 	32,
 	32,
 	sizeof(PHP_GOST_CTX),
 	1
 };
 
 const php_hash_ops php_hash_gost_crypto_ops = {
+	"gost-crypto",
 	(php_hash_init_func_t) PHP_GOSTInitCrypto,
 	(php_hash_update_func_t) PHP_GOSTUpdate,
 	(php_hash_final_func_t) PHP_GOSTFinal,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_gost_unserialize,
+	PHP_GOST_SPEC,
 	32,
 	32,
 	sizeof(PHP_GOST_CTX),

ext/hash/hash_gost.c

@@ -247,10 +247,14 @@ static void PHP_5HAVALTransform(uint32_t state[8], const unsigned char block[128
 
 #define PHP_HASH_HAVAL_INIT(p,b) \
 const php_hash_ops php_hash_##p##haval##b##_ops = { \
+	"haval" #b "," #p, \
 	(php_hash_init_func_t) PHP_##p##HAVAL##b##Init, \
 	(php_hash_update_func_t) PHP_HAVALUpdate, \
 	(php_hash_final_func_t) PHP_HAVAL##b##Final, \
-	(php_hash_copy_func_t) php_hash_copy, \
+	php_hash_copy, \
+	php_hash_serialize, \
+	php_hash_unserialize, \
+	PHP_HAVAL_SPEC, \
 	((b) / 8), 128, sizeof(PHP_HAVAL_CTX), 1 }; \
 PHP_HASH_API void PHP_##p##HAVAL##b##Init(PHP_HAVAL_CTX *context) \
 {	int i; context->count[0] = 	context->count[1] = 	0; \

ext/hash/hash_haval.c

@@ -22,10 +22,14 @@
 #include "php_hash_joaat.h"
 
 const php_hash_ops php_hash_joaat_ops = {
+	"joaat",
 	(php_hash_init_func_t) PHP_JOAATInit,
 	(php_hash_update_func_t) PHP_JOAATUpdate,
 	(php_hash_final_func_t) PHP_JOAATFinal,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_JOAAT_SPEC,
 	4,
 	4,
 	sizeof(PHP_JOAAT_CTX),

ext/hash/hash_joaat.c

@@ -18,32 +18,46 @@
 #include "php_hash_md.h"
 
 const php_hash_ops php_hash_md5_ops = {
+	"md5",
 	(php_hash_init_func_t) PHP_MD5Init,
 	(php_hash_update_func_t) PHP_MD5Update,
 	(php_hash_final_func_t) PHP_MD5Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_MD5_SPEC,
 	16,
 	64,
 	sizeof(PHP_MD5_CTX),
 	1
 };
 
 const php_hash_ops php_hash_md4_ops = {
+	"md4",
 	(php_hash_init_func_t) PHP_MD4Init,
 	(php_hash_update_func_t) PHP_MD4Update,
 	(php_hash_final_func_t) PHP_MD4Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_MD4_SPEC,
 	16,
 	64,
 	sizeof(PHP_MD4_CTX),
 	1
 };
 
+static int php_md2_unserialize(php_hashcontext_object *hash, zend_long magic, const zval *zv);
+
 const php_hash_ops php_hash_md2_ops = {
+	"md2",
 	(php_hash_init_func_t) PHP_MD2Init,
 	(php_hash_update_func_t) PHP_MD2Update,
 	(php_hash_final_func_t) PHP_MD2Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_md2_unserialize,
+	PHP_MD2_SPEC,
 	16,
 	16,
 	sizeof(PHP_MD2_CTX),
@@ -340,3 +354,16 @@ PHP_HASH_API void PHP_MD2Final(unsigned char output[16], PHP_MD2_CTX *context)
 
 	memcpy(output, context->state, 16);
 }
+
+static int php_md2_unserialize(php_hashcontext_object *hash, zend_long magic, const zval *zv)
+{
+	PHP_MD2_CTX *ctx = (PHP_MD2_CTX *) hash->context;
+	int r = FAILURE;
+	if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
+		&& (r = php_hash_unserialize_spec(hash, zv, PHP_MD2_SPEC)) == SUCCESS
+		&& (unsigned char) ctx->in_buffer < sizeof(ctx->buffer)) {
+		return SUCCESS;
+	} else {
+		return r != SUCCESS ? r : -2000;
+	}
+}

ext/hash/hash_md.c

@@ -22,43 +22,59 @@
 #include "php_hash_ripemd.h"
 
 const php_hash_ops php_hash_ripemd128_ops = {
+	"ripemd128",
 	(php_hash_init_func_t) PHP_RIPEMD128Init,
 	(php_hash_update_func_t) PHP_RIPEMD128Update,
 	(php_hash_final_func_t) PHP_RIPEMD128Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_RIPEMD128_SPEC,
 	16,
 	64,
 	sizeof(PHP_RIPEMD128_CTX),
 	1
 };
 
 const php_hash_ops php_hash_ripemd160_ops = {
+	"ripemd160",
 	(php_hash_init_func_t) PHP_RIPEMD160Init,
 	(php_hash_update_func_t) PHP_RIPEMD160Update,
 	(php_hash_final_func_t) PHP_RIPEMD160Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_RIPEMD160_SPEC,
 	20,
 	64,
 	sizeof(PHP_RIPEMD160_CTX),
 	1
 };
 
 const php_hash_ops php_hash_ripemd256_ops = {
+	"ripemd256",
 	(php_hash_init_func_t) PHP_RIPEMD256Init,
 	(php_hash_update_func_t) PHP_RIPEMD256Update,
 	(php_hash_final_func_t) PHP_RIPEMD256Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_RIPEMD256_SPEC,
 	32,
 	64,
 	sizeof(PHP_RIPEMD256_CTX),
 	1
 };
 
 const php_hash_ops php_hash_ripemd320_ops = {
+	"ripemd320",
 	(php_hash_init_func_t) PHP_RIPEMD320Init,
 	(php_hash_update_func_t) PHP_RIPEMD320Update,
 	(php_hash_final_func_t) PHP_RIPEMD320Final,
-	(php_hash_copy_func_t) php_hash_copy,
+	php_hash_copy,
+	php_hash_serialize,
+	php_hash_unserialize,
+	PHP_RIPEMD320_SPEC,
 	40,
 	64,
 	sizeof(PHP_RIPEMD320_CTX),