xref: /php-src/ext/openssl/php_openssl.h (revision 3de3e137) 
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Stig Venaas <venaas@php.net>                                |
14    |          Wez Furlong <wez@thebrainroom.com                           |
15    +----------------------------------------------------------------------+
16  */
17 
18 #ifndef PHP_OPENSSL_H
19 #define PHP_OPENSSL_H
20 /* HAVE_OPENSSL would include SSL MySQL stuff */
21 #ifdef HAVE_OPENSSL_EXT
22 extern zend_module_entry openssl_module_entry;
23 #define phpext_openssl_ptr &openssl_module_entry
24 
25 #include "php_version.h"
26 #define PHP_OPENSSL_VERSION PHP_VERSION
27 
28 #include <openssl/opensslv.h>
29 #ifdef LIBRESSL_VERSION_NUMBER
30 /* LibreSSL version check */
31 #if LIBRESSL_VERSION_NUMBER < 0x20700000L
32 #define PHP_OPENSSL_API_VERSION 0x10001
33 #else
34 #define PHP_OPENSSL_API_VERSION 0x10100
35 #endif
36 #else
37 /* OpenSSL version check */
38 #if OPENSSL_VERSION_NUMBER < 0x30000000L
39 #define PHP_OPENSSL_API_VERSION 0x10100
40 #else
41 #define PHP_OPENSSL_API_VERSION 0x30000
42 #endif
43 #endif
44 
45 #define OPENSSL_RAW_DATA 1
46 #define OPENSSL_ZERO_PADDING 2
47 #define OPENSSL_DONT_ZERO_PAD_KEY 4
48 
49 #define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
50 
51 /* Used for client-initiated handshake renegotiation DoS protection*/
52 #define OPENSSL_DEFAULT_RENEG_LIMIT 2
53 #define OPENSSL_DEFAULT_RENEG_WINDOW 300
54 #define OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
55 #define OPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
56 	"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
57 	"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
58 	"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:" \
59 	"ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:" \
60 	"DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:" \
61 	"AES256-GCM-SHA384:AES128:AES256:HIGH:!SSLv2:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!RC4:!ADH"
62 
63 #include <openssl/err.h>
64 
65 #ifdef PHP_WIN32
66 #	define PHP_OPENSSL_API __declspec(dllexport)
67 #elif defined(__GNUC__) && __GNUC__ >= 4
68 #	define PHP_OPENSSL_API __attribute__((visibility("default")))
69 #else
70 #	define PHP_OPENSSL_API
71 #endif
72 
73 struct php_openssl_errors {
74 	int buffer[ERR_NUM_ERRORS];
75 	int top;
76 	int bottom;
77 };
78 
79 ZEND_BEGIN_MODULE_GLOBALS(openssl)
80 	struct php_openssl_errors *errors;
81 	struct php_openssl_errors *errors_mark;
82 ZEND_END_MODULE_GLOBALS(openssl)
83 
84 #define OPENSSL_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(openssl, v)
85 
86 #if defined(ZTS) && defined(COMPILE_DL_OPENSSL)
87 ZEND_TSRMLS_CACHE_EXTERN();
88 #endif
89 
90 php_stream_transport_factory_func php_openssl_ssl_socket_factory;
91 
92 void php_openssl_store_errors(void);
93 
94 /* openssl file path extra */
95 bool php_openssl_check_path_ex(
96 		const char *file_path, size_t file_path_len, char *real_path, uint32_t arg_num,
97 		bool contains_file_protocol, bool is_from_array, const char *option_name);
98 
99 /* openssl file path check */
php_openssl_check_path(const char * file_path,size_t file_path_len,char * real_path,uint32_t arg_num)100 static inline bool php_openssl_check_path(
101 		const char *file_path, size_t file_path_len, char *real_path, uint32_t arg_num)
102 {
103 	return php_openssl_check_path_ex(
104 			file_path, file_path_len, real_path, arg_num, false, false, NULL);
105 }
106 
107 /* openssl file path extra check with zend string */
php_openssl_check_path_str_ex(zend_string * file_path,char * real_path,uint32_t arg_num,bool contains_file_protocol,bool is_from_array,const char * option_name)108 static inline bool php_openssl_check_path_str_ex(
109 		zend_string *file_path, char *real_path, uint32_t arg_num,
110 		bool contains_file_protocol, bool is_from_array, const char *option_name)
111 {
112 	return php_openssl_check_path_ex(
113 			ZSTR_VAL(file_path), ZSTR_LEN(file_path), real_path, arg_num, contains_file_protocol,
114 			is_from_array, option_name);
115 }
116 
117 /* openssl file path check with zend string */
php_openssl_check_path_str(zend_string * file_path,char * real_path,uint32_t arg_num)118 static inline bool php_openssl_check_path_str(
119 		zend_string *file_path, char *real_path, uint32_t arg_num)
120 {
121 	return php_openssl_check_path_str_ex(file_path, real_path, arg_num, true, false, NULL);
122 }
123 
124 PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method);
125 PHP_OPENSSL_API zend_long php_openssl_cipher_key_length(const char *method);
126 PHP_OPENSSL_API zend_string* php_openssl_random_pseudo_bytes(zend_long length);
127 PHP_OPENSSL_API zend_string* php_openssl_encrypt(
128 	const char *data, size_t data_len,
129 	const char *method, size_t method_len,
130 	const char *password, size_t password_len,
131 	zend_long options,
132 	const char *iv, size_t iv_len,
133 	zval *tag, zend_long tag_len,
134 	const char *aad, size_t aad_len);
135 PHP_OPENSSL_API zend_string* php_openssl_decrypt(
136 	const char *data, size_t data_len,
137 	const char *method, size_t method_len,
138 	const char *password, size_t password_len,
139 	zend_long options,
140 	const char *iv, size_t iv_len,
141 	const char *tag, zend_long tag_len,
142 	const char *aad, size_t aad_len);
143 
144 /* OpenSSLCertificate class */
145 
146 typedef struct _php_openssl_certificate_object {
147 	X509 *x509;
148 	zend_object std;
149 } php_openssl_certificate_object;
150 
151 extern zend_class_entry *php_openssl_certificate_ce;
152 
php_openssl_certificate_from_obj(zend_object * obj)153 static inline php_openssl_certificate_object *php_openssl_certificate_from_obj(zend_object *obj) {
154 	return (php_openssl_certificate_object *)((char *)(obj) - XtOffsetOf(php_openssl_certificate_object, std));
155 }
156 
157 #define Z_OPENSSL_CERTIFICATE_P(zv) php_openssl_certificate_from_obj(Z_OBJ_P(zv))
158 
159 PHP_MINIT_FUNCTION(openssl);
160 PHP_MSHUTDOWN_FUNCTION(openssl);
161 PHP_MINFO_FUNCTION(openssl);
162 PHP_GINIT_FUNCTION(openssl);
163 PHP_GSHUTDOWN_FUNCTION(openssl);
164 
165 #ifdef PHP_WIN32
166 #define PHP_OPENSSL_BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")
167 #define PHP_OPENSSL_BIO_MODE_W(flags) (((flags) & PKCS7_BINARY) ? "wb" : "w")
168 #else
169 #define PHP_OPENSSL_BIO_MODE_R(flags) "r"
170 #define PHP_OPENSSL_BIO_MODE_W(flags) "w"
171 #endif
172 
173 #else
174 
175 #define phpext_openssl_ptr NULL
176 
177 #endif
178 
179 
180 #endif
181