diff options
-rw-r--r-- | ext/openssl/xp_ssl.c | 88 | ||||
-rw-r--r-- | ext/standard/basic_functions.c | 6 | ||||
-rw-r--r-- | ext/standard/file.c | 5 | ||||
-rw-r--r-- | ext/standard/streamsfuncs.c | 39 | ||||
-rw-r--r-- | ext/standard/streamsfuncs.h | 1 | ||||
-rw-r--r-- | main/streams/php_stream_transport.h | 16 | ||||
-rw-r--r-- | main/streams/transports.c | 19 |
7 files changed, 173 insertions, 1 deletions
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 539a042967..3afdb3c409 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1603,6 +1603,89 @@ static zend_array *capture_session_meta(SSL *ssl_handle) /* {{{ */ } /* }}} */ +static int php_openssl_crypto_info(php_stream *stream, + php_openssl_netstream_data_t *sslsock, + php_stream_xport_crypto_param *cparam + ) /* {{{ */ +{ + zval *zresult; + const SSL_CIPHER *cipher; + char *cipher_name, *cipher_version, *crypto_protocol; + int cipher_bits; + int needs_array_return; + + if (!sslsock->ssl_active) { + php_error_docref(NULL, E_WARNING, "SSL/TLS not currently enabled for this stream"); + return FAILURE; + } + + zresult = cparam->inputs.zresult; + needs_array_return = (cparam->inputs.infotype == STREAM_CRYPTO_INFO_ALL) ? 1 : 0; + + if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER) { + cipher = SSL_get_current_cipher(sslsock->ssl_handle); + + if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_NAME) { + cipher_name = (char *)SSL_CIPHER_get_name(cipher); + if (!needs_array_return) { + ZVAL_STRING(zresult, cipher_name); + return SUCCESS; + } + } + + if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_BITS) { + cipher_bits = SSL_CIPHER_get_bits(cipher, NULL); + if (!needs_array_return) { + ZVAL_LONG(zresult, cipher_bits); + return SUCCESS; + } + } + + if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_CIPHER_VERSION) { + cipher_version = (char *)SSL_CIPHER_get_version(cipher); + if (!needs_array_return) { + ZVAL_STRING(zresult, cipher_version); + return SUCCESS; + } + } + } + + if (cparam->inputs.infotype & STREAM_CRYPTO_INFO_PROTOCOL) { + switch (SSL_version(sslsock->ssl_handle)) { +#ifdef HAVE_TLS12 + case TLS1_2_VERSION: crypto_protocol = "TLSv1.2"; break; +#endif +#ifdef HAVE_TLS11 + case TLS1_1_VERSION: crypto_protocol = "TLSv1.1"; break; +#endif + case TLS1_VERSION: crypto_protocol = "TLSv1"; break; +#ifdef HAVE_SSL3 + case SSL3_VERSION: crypto_protocol = "SSLv3"; break; +#endif +#ifdef HAVE_SSL2 + case SSL2_VERSION: crypto_protocol = "SSLv2"; break; +#endif + default: crypto_protocol = "UNKNOWN"; + } + + if (!needs_array_return) { + ZVAL_STRING(zresult, crypto_protocol); + return SUCCESS; + } + } + + /* If we're still here we need to return an array with everything */ + array_init(zresult); + add_assoc_string(zresult, "protocol", crypto_protocol); + add_assoc_string(zresult, "cipher_name", cipher_name); + add_assoc_long(zresult, "cipher_bits", cipher_bits); + add_assoc_string(zresult, "cipher_version", cipher_version); + Z_ARR_P(zresult); + + return SUCCESS; +} +/* }}} */ + static int capture_peer_certs(php_stream *stream, php_openssl_netstream_data_t *sslsock, X509 *peer_cert) /* {{{ */ { zval *val, zcert; @@ -2207,6 +2290,11 @@ static int php_openssl_sockop_set_option(php_stream *stream, int option, int val cparam->outputs.returncode = php_openssl_enable_crypto(stream, sslsock, cparam); return PHP_STREAM_OPTION_RETURN_OK; break; + case STREAM_XPORT_CRYPTO_OP_INFO: + return (php_openssl_crypto_info(stream, sslsock, cparam) == SUCCESS) + ? PHP_STREAM_OPTION_RETURN_OK + : PHP_STREAM_OPTION_RETURN_ERR; + break; default: /* fall through */ break; diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 26f72098bf..0249d617df 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -2103,6 +2103,11 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_stream_socket_enable_crypto, 0, 0, 2) ZEND_ARG_INFO(0, sessionstream) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO(arginfo_stream_socket_crypto_info, 0) + ZEND_ARG_INFO(0, stream) + ZEND_ARG_INFO(0, infotype) +ZEND_END_ARG_INFO() + #ifdef HAVE_SHUTDOWN ZEND_BEGIN_ARG_INFO(arginfo_stream_socket_shutdown, 0) ZEND_ARG_INFO(0, stream) @@ -3086,6 +3091,7 @@ const zend_function_entry basic_functions[] = { /* {{{ */ PHP_FE(stream_socket_recvfrom, arginfo_stream_socket_recvfrom) PHP_FE(stream_socket_sendto, arginfo_stream_socket_sendto) PHP_FE(stream_socket_enable_crypto, arginfo_stream_socket_enable_crypto) + PHP_FE(stream_socket_crypto_info, arginfo_stream_socket_crypto_info) #ifdef HAVE_SHUTDOWN PHP_FE(stream_socket_shutdown, arginfo_stream_socket_shutdown) #endif diff --git a/ext/standard/file.c b/ext/standard/file.c index 3599313a71..b001fdd79b 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -231,6 +231,11 @@ PHP_MINIT_FUNCTION(file) REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_1_SERVER", STREAM_CRYPTO_METHOD_TLSv1_1_SERVER, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_CRYPTO_METHOD_TLSv1_2_SERVER", STREAM_CRYPTO_METHOD_TLSv1_2_SERVER, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_PROTOCOL", STREAM_CRYPTO_INFO_PROTOCOL, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_NAME", STREAM_CRYPTO_INFO_CIPHER_NAME, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_BITS", STREAM_CRYPTO_INFO_CIPHER_BITS, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_CRYPTO_INFO_CIPHER_VERSION", STREAM_CRYPTO_INFO_CIPHER_VERSION, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("STREAM_SHUT_RD", STREAM_SHUT_RD, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_SHUT_WR", STREAM_SHUT_WR, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("STREAM_SHUT_RDWR", STREAM_SHUT_RDWR, CONST_CS|CONST_PERSISTENT); diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c index 46c2aaa9a1..a344ed69db 100644 --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c @@ -1485,6 +1485,45 @@ PHP_FUNCTION(stream_socket_enable_crypto) } /* }}} */ +/* {{{ proto int stream_socket_crypto_info(resource stream [, int infotype]) + Retrieve information about the stream's crypto session */ +PHP_FUNCTION(stream_socket_crypto_info) +{ + zval *zstream = NULL; + php_stream *stream = NULL; + zend_long infotype = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "r|l", &zstream, &infotype) == FAILURE) { + RETURN_FALSE; + } + + php_stream_from_zval(stream, zstream); + + if (infotype == 0) { + infotype = STREAM_CRYPTO_INFO_ALL; + } else { + switch (infotype) { + case STREAM_CRYPTO_INFO_CIPHER_NAME: + case STREAM_CRYPTO_INFO_CIPHER_BITS: + case STREAM_CRYPTO_INFO_CIPHER_VERSION: + case STREAM_CRYPTO_INFO_CIPHER: + case STREAM_CRYPTO_INFO_PROTOCOL: + case STREAM_CRYPTO_INFO_ALL: + break; + default: + php_error_docref(NULL, E_WARNING, "unknown crypto info type"); + RETURN_FALSE; + } + } + + if (php_stream_xport_crypto_info(stream, infotype, return_value) != PHP_STREAM_OPTION_RETURN_OK) { + RETURN_FALSE; + } + + /* return_value populated by php_stream_xport_crypto_info() upon success */ +} +/* }}} */ + /* {{{ proto string stream_resolve_include_path(string filename) Determine what file will be opened by calls to fopen() with a relative path */ PHP_FUNCTION(stream_resolve_include_path) diff --git a/ext/standard/streamsfuncs.h b/ext/standard/streamsfuncs.h index 37c6594dd2..07fe5fa572 100644 --- a/ext/standard/streamsfuncs.h +++ b/ext/standard/streamsfuncs.h @@ -57,6 +57,7 @@ PHP_FUNCTION(stream_filter_prepend); PHP_FUNCTION(stream_filter_append); PHP_FUNCTION(stream_filter_remove); PHP_FUNCTION(stream_socket_enable_crypto); +PHP_FUNCTION(stream_socket_crypto_info); PHP_FUNCTION(stream_socket_shutdown); PHP_FUNCTION(stream_resolve_include_path); PHP_FUNCTION(stream_is_local); diff --git a/main/streams/php_stream_transport.h b/main/streams/php_stream_transport.h index fc070ce74d..a47f669f98 100644 --- a/main/streams/php_stream_transport.h +++ b/main/streams/php_stream_transport.h @@ -183,15 +183,28 @@ typedef enum { STREAM_CRYPTO_METHOD_ANY_SERVER = ((1 << 1) | (1 << 2) | (1 << 3) | (1 << 4) | (1 << 5)) } php_stream_xport_crypt_method_t; +typedef enum { + STREAM_CRYPTO_INFO_CIPHER_NAME = 1, + STREAM_CRYPTO_INFO_CIPHER_BITS = 2, + STREAM_CRYPTO_INFO_CIPHER_VERSION = 4, + STREAM_CRYPTO_INFO_CIPHER = 5, + STREAM_CRYPTO_INFO_PROTOCOL = 8, + STREAM_CRYPTO_INFO_ALPN_PROTOCOL = 16, + STREAM_CRYPTO_INFO_ALL = 63 +} php_stream_xport_crypt_info_t; + /* These functions provide crypto support on the underlying transport */ BEGIN_EXTERN_C() PHPAPI int php_stream_xport_crypto_setup(php_stream *stream, php_stream_xport_crypt_method_t crypto_method, php_stream *session_stream); PHPAPI int php_stream_xport_crypto_enable(php_stream *stream, int activate); +PHPAPI int php_stream_xport_crypto_info(php_stream *stream, zend_long infotype, zval *zresult); END_EXTERN_C() typedef struct _php_stream_xport_crypto_param { struct { + zval *zresult; + int infotype; php_stream *session; int activate; php_stream_xport_crypt_method_t method; @@ -201,7 +214,8 @@ typedef struct _php_stream_xport_crypto_param { } outputs; enum { STREAM_XPORT_CRYPTO_OP_SETUP, - STREAM_XPORT_CRYPTO_OP_ENABLE + STREAM_XPORT_CRYPTO_OP_ENABLE, + STREAM_XPORT_CRYPTO_OP_INFO } op; } php_stream_xport_crypto_param; diff --git a/main/streams/transports.c b/main/streams/transports.c index b86019bf5d..edc142853e 100644 --- a/main/streams/transports.c +++ b/main/streams/transports.c @@ -390,6 +390,25 @@ PHPAPI int php_stream_xport_crypto_enable(php_stream *stream, int activate) return ret; } +PHPAPI int php_stream_xport_crypto_info(php_stream *stream, zend_long infotype, zval *zresult) +{ + php_stream_xport_crypto_param param; + int ret; + + memset(¶m, 0, sizeof(param)); + param.op = STREAM_XPORT_CRYPTO_OP_INFO; + param.inputs.zresult = zresult; + param.inputs.infotype = infotype; + + ret = php_stream_set_option(stream, PHP_STREAM_OPTION_CRYPTO_API, 0, ¶m); + + if (ret != PHP_STREAM_OPTION_RETURN_OK) { + php_error_docref("streams.crypto", E_WARNING, "this stream does not support SSL/crypto"); + } + + return ret; +} + /* Similar to recv() system call; read data from the stream, optionally * peeking, optionally retrieving OOB data */ PHPAPI int php_stream_xport_recvfrom(php_stream *stream, char *buf, size_t buflen, |