1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Wez Furlong <wez@thebrainroom.com> |
14 | Daniel Lowrey <rdlowrey@php.net> |
15 | Chris Wright <daverandom@php.net> |
16 | Jakub Zelenka <bukka@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include "php.h"
25 #include "ext/standard/file.h"
26 #include "ext/standard/url.h"
27 #include "streams/php_streams_int.h"
28 #include "zend_smart_str.h"
29 #include "php_openssl.h"
30 #include "php_network.h"
31 #include <openssl/ssl.h>
32 #include <openssl/rsa.h>
33 #include <openssl/x509.h>
34 #include <openssl/x509v3.h>
35 #include <openssl/err.h>
36 #include <openssl/bn.h>
37 #include <openssl/dh.h>
38
39 #ifdef PHP_WIN32
40 #include "win32/winutil.h"
41 #include "win32/time.h"
42 #include <Ws2tcpip.h>
43 #include <Wincrypt.h>
44 /* These are from Wincrypt.h, they conflict with OpenSSL */
45 #undef X509_NAME
46 #undef X509_CERT_PAIR
47 #undef X509_EXTENSIONS
48 #endif
49
50 #ifndef MSG_DONTWAIT
51 # define MSG_DONTWAIT 0
52 #endif
53
54 #ifdef HAVE_ARPA_INET_H
55 #include <arpa/inet.h>
56 #endif
57
58 /* Flags for determining allowed stream crypto methods */
59 #define STREAM_CRYPTO_IS_CLIENT (1<<0)
60 #define STREAM_CRYPTO_METHOD_SSLv2 (1<<1)
61 #define STREAM_CRYPTO_METHOD_SSLv3 (1<<2)
62 #define STREAM_CRYPTO_METHOD_TLSv1_0 (1<<3)
63 #define STREAM_CRYPTO_METHOD_TLSv1_1 (1<<4)
64 #define STREAM_CRYPTO_METHOD_TLSv1_2 (1<<5)
65 #define STREAM_CRYPTO_METHOD_TLSv1_3 (1<<6)
66
67 #ifndef OPENSSL_NO_TLS1_METHOD
68 #define HAVE_TLS1 1
69 #endif
70
71 #ifndef OPENSSL_NO_TLS1_1_METHOD
72 #define HAVE_TLS11 1
73 #endif
74
75 #ifndef OPENSSL_NO_TLS1_2_METHOD
76 #define HAVE_TLS12 1
77 #endif
78
79 #ifndef OPENSSL_NO_TLS1_3
80 #define HAVE_TLS13 1
81 #endif
82
83 #ifndef OPENSSL_NO_ECDH
84 #define HAVE_ECDH 1
85 #endif
86
87 #ifndef OPENSSL_NO_TLSEXT
88 #define HAVE_TLS_SNI 1
89 #define HAVE_TLS_ALPN 1
90 #endif
91
92 #ifndef LIBRESSL_VERSION_NUMBER
93 #define HAVE_SEC_LEVEL 1
94 #endif
95
96 #ifndef OPENSSL_NO_SSL3
97 #define HAVE_SSL3 1
98 #define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_SSLv3
99 #else
100 #define PHP_OPENSSL_MIN_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_0
101 #endif
102 #ifdef HAVE_TLS13
103 #define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_3
104 #else
105 #define PHP_OPENSSL_MAX_PROTO_VERSION STREAM_CRYPTO_METHOD_TLSv1_2
106 #endif
107
108 /* Simplify ssl context option retrieval */
109 #define GET_VER_OPT(_name) \
110 (PHP_STREAM_CONTEXT(stream) && (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", _name)) != NULL)
111 #define GET_VER_OPT_STRING(_name, _str) \
112 do { \
113 if (GET_VER_OPT(_name)) { \
114 if (try_convert_to_string(val)) _str = Z_STRVAL_P(val); \
115 } \
116 } while (0)
117 #define GET_VER_OPT_STRINGL(_name, _str, _len) \
118 do { \
119 if (GET_VER_OPT(_name)) { \
120 if (try_convert_to_string(val)) { \
121 _str = Z_STRVAL_P(val); \
122 _len = Z_STRLEN_P(val); \
123 } \
124 } \
125 } while (0)
126 #define GET_VER_OPT_LONG(_name, _num) \
127 if (GET_VER_OPT(_name)) _num = zval_get_long(val)
128
129 /* Used for peer verification in windows */
130 #define PHP_X509_NAME_ENTRY_TO_UTF8(ne, i, out) \
131 ASN1_STRING_to_UTF8(&out, X509_NAME_ENTRY_get_data(X509_NAME_get_entry(ne, i)))
132
133 #ifdef HAVE_IPV6
134 /* Used for IPv6 Address peer verification */
135 #define EXPAND_IPV6_ADDRESS(_str, _bytes) \
136 do { \
137 snprintf(_str, 40, "%X:%X:%X:%X:%X:%X:%X:%X", \
138 _bytes[0] << 8 | _bytes[1], \
139 _bytes[2] << 8 | _bytes[3], \
140 _bytes[4] << 8 | _bytes[5], \
141 _bytes[6] << 8 | _bytes[7], \
142 _bytes[8] << 8 | _bytes[9], \
143 _bytes[10] << 8 | _bytes[11], \
144 _bytes[12] << 8 | _bytes[13], \
145 _bytes[14] << 8 | _bytes[15] \
146 ); \
147 } while(0)
148 #define HAVE_IPV6_SAN 1
149 #endif
150
151 #if PHP_OPENSSL_API_VERSION < 0x10100
152 static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength);
153 #endif
154
155 extern php_stream* php_openssl_get_stream_from_ssl_handle(const SSL *ssl);
156 extern zend_string* php_openssl_x509_fingerprint(X509 *peer, const char *method, bool raw);
157 extern int php_openssl_get_ssl_stream_data_index(void);
158 static struct timeval php_openssl_subtract_timeval(struct timeval a, struct timeval b);
159 static int php_openssl_compare_timeval(struct timeval a, struct timeval b);
160 static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, size_t count);
161
162 static const php_stream_ops php_openssl_socket_ops;
163
164 /* Certificate contexts used for server-side SNI selection */
165 typedef struct _php_openssl_sni_cert_t {
166 char *name;
167 SSL_CTX *ctx;
168 } php_openssl_sni_cert_t;
169
170 /* Provides leaky bucket handhsake renegotiation rate-limiting */
171 typedef struct _php_openssl_handshake_bucket_t {
172 zend_long prev_handshake;
173 zend_long limit;
174 zend_long window;
175 float tokens;
176 unsigned should_close;
177 } php_openssl_handshake_bucket_t;
178
179 #ifdef HAVE_TLS_ALPN
180 /* Holds the available server ALPN protocols for negotiation */
181 typedef struct _php_openssl_alpn_ctx_t {
182 unsigned char *data;
183 unsigned short len;
184 } php_openssl_alpn_ctx;
185 #endif
186
187 /* This implementation is very closely tied to the that of the native
188 * sockets implemented in the core.
189 * Don't try this technique in other extensions!
190 * */
191 typedef struct _php_openssl_netstream_data_t {
192 php_netstream_data_t s;
193 SSL *ssl_handle;
194 SSL_CTX *ctx;
195 struct timeval connect_timeout;
196 int enable_on_connect;
197 int is_client;
198 int ssl_active;
199 php_stream_xport_crypt_method_t method;
200 php_openssl_handshake_bucket_t *reneg;
201 php_openssl_sni_cert_t *sni_certs;
202 unsigned sni_cert_count;
203 #ifdef HAVE_TLS_ALPN
204 php_openssl_alpn_ctx alpn_ctx;
205 #endif
206 char *url_name;
207 unsigned state_set:1;
208 unsigned _spare:31;
209 } php_openssl_netstream_data_t;
210
211 /* it doesn't matter that we do some hash traversal here, since it is done only
212 * in an error condition arising from a network connection problem */
php_openssl_is_http_stream_talking_to_iis(php_stream * stream)213 static int php_openssl_is_http_stream_talking_to_iis(php_stream *stream) /* {{{ */
214 {
215 if (Z_TYPE(stream->wrapperdata) == IS_ARRAY &&
216 stream->wrapper &&
217 strcasecmp(stream->wrapper->wops->label, "HTTP") == 0
218 ) {
219 /* the wrapperdata is an array zval containing the headers */
220 zval *tmp;
221
222 #define SERVER_MICROSOFT_IIS "Server: Microsoft-IIS"
223 #define SERVER_GOOGLE "Server: GFE/"
224
225 ZEND_HASH_FOREACH_VAL(Z_ARRVAL(stream->wrapperdata), tmp) {
226 if (zend_string_equals_literal_ci(Z_STR_P(tmp), SERVER_MICROSOFT_IIS)) {
227 return 1;
228 } else if (zend_string_equals_literal_ci(Z_STR_P(tmp), SERVER_GOOGLE)) {
229 return 1;
230 }
231 } ZEND_HASH_FOREACH_END();
232 }
233 return 0;
234 }
235 /* }}} */
236
php_openssl_handle_ssl_error(php_stream * stream,int nr_bytes,bool is_init)237 static int php_openssl_handle_ssl_error(php_stream *stream, int nr_bytes, bool is_init) /* {{{ */
238 {
239 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
240 int err = SSL_get_error(sslsock->ssl_handle, nr_bytes);
241 char esbuf[512];
242 smart_str ebuf = {0};
243 unsigned long ecode;
244 int retry = 1;
245
246 switch(err) {
247 case SSL_ERROR_ZERO_RETURN:
248 /* SSL terminated (but socket may still be active) */
249 retry = 0;
250 break;
251 case SSL_ERROR_WANT_READ:
252 case SSL_ERROR_WANT_WRITE:
253 /* re-negotiation, or perhaps the SSL layer needs more
254 * packets: retry in next iteration */
255 errno = EAGAIN;
256 retry = is_init ? 1 : sslsock->s.is_blocked;
257 break;
258 case SSL_ERROR_SYSCALL:
259 if (ERR_peek_error() == 0) {
260 if (nr_bytes == 0) {
261 if (!php_openssl_is_http_stream_talking_to_iis(stream) && ERR_get_error() != 0) {
262 php_error_docref(NULL, E_WARNING, "SSL: fatal protocol error");
263 }
264 SSL_set_shutdown(sslsock->ssl_handle, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
265 stream->eof = 1;
266 retry = 0;
267 } else {
268 char *estr = php_socket_strerror(php_socket_errno(), NULL, 0);
269
270 php_error_docref(NULL, E_WARNING,
271 "SSL: %s", estr);
272
273 efree(estr);
274 retry = 0;
275 }
276 break;
277 }
278
279 ZEND_FALLTHROUGH;
280 default:
281 /* some other error */
282 ecode = ERR_get_error();
283
284 switch (ERR_GET_REASON(ecode)) {
285 case SSL_R_NO_SHARED_CIPHER:
286 php_error_docref(NULL, E_WARNING,
287 "SSL_R_NO_SHARED_CIPHER: no suitable shared cipher could be used. "
288 "This could be because the server is missing an SSL certificate "
289 "(local_cert context option)");
290 retry = 0;
291 break;
292
293 default:
294 do {
295 /* NULL is automatically added */
296 ERR_error_string_n(ecode, esbuf, sizeof(esbuf));
297 if (ebuf.s) {
298 smart_str_appendc(&ebuf, '\n');
299 }
300 smart_str_appends(&ebuf, esbuf);
301 } while ((ecode = ERR_get_error()) != 0);
302
303 smart_str_0(&ebuf);
304
305 php_error_docref(NULL, E_WARNING,
306 "SSL operation failed with code %d. %s%s",
307 err,
308 ebuf.s ? "OpenSSL Error messages:\n" : "",
309 ebuf.s ? ZSTR_VAL(ebuf.s) : "");
310 if (ebuf.s) {
311 smart_str_free(&ebuf);
312 }
313 }
314
315 retry = 0;
316 errno = 0;
317 }
318 return retry;
319 }
320 /* }}} */
321
verify_callback(int preverify_ok,X509_STORE_CTX * ctx)322 static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) /* {{{ */
323 {
324 php_stream *stream;
325 SSL *ssl;
326 int err, depth, ret;
327 zval *val;
328 zend_ulong allowed_depth = OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH;
329
330
331 ret = preverify_ok;
332
333 /* determine the status for the current cert */
334 err = X509_STORE_CTX_get_error(ctx);
335 depth = X509_STORE_CTX_get_error_depth(ctx);
336
337 /* conjure the stream & context to use */
338 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
339 stream = (php_stream*)SSL_get_ex_data(ssl, php_openssl_get_ssl_stream_data_index());
340
341 /* if allow_self_signed is set, make sure that verification succeeds */
342 if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT &&
343 GET_VER_OPT("allow_self_signed") &&
344 zend_is_true(val)
345 ) {
346 ret = 1;
347 }
348
349 /* check the depth */
350 GET_VER_OPT_LONG("verify_depth", allowed_depth);
351 if ((zend_ulong)depth > allowed_depth) {
352 ret = 0;
353 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_CHAIN_TOO_LONG);
354 }
355
356 return ret;
357 }
358 /* }}} */
359
php_openssl_x509_fingerprint_cmp(X509 * peer,const char * method,const char * expected)360 static int php_openssl_x509_fingerprint_cmp(X509 *peer, const char *method, const char *expected)
361 {
362 zend_string *fingerprint;
363 int result = -1;
364
365 fingerprint = php_openssl_x509_fingerprint(peer, method, 0);
366 if (fingerprint) {
367 result = strcasecmp(expected, ZSTR_VAL(fingerprint));
368 zend_string_release_ex(fingerprint, 0);
369 }
370
371 return result;
372 }
373
php_openssl_x509_fingerprint_match(X509 * peer,zval * val)374 static bool php_openssl_x509_fingerprint_match(X509 *peer, zval *val)
375 {
376 if (Z_TYPE_P(val) == IS_STRING) {
377 const char *method = NULL;
378
379 switch (Z_STRLEN_P(val)) {
380 case 32:
381 method = "md5";
382 break;
383
384 case 40:
385 method = "sha1";
386 break;
387 }
388
389 return method && php_openssl_x509_fingerprint_cmp(peer, method, Z_STRVAL_P(val)) == 0;
390 } else if (Z_TYPE_P(val) == IS_ARRAY) {
391 zval *current;
392 zend_string *key;
393
394 if (!zend_hash_num_elements(Z_ARRVAL_P(val))) {
395 php_error_docref(NULL, E_WARNING, "Invalid peer_fingerprint array; [algo => fingerprint] form required");
396 return 0;
397 }
398
399 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(val), key, current) {
400 if (key == NULL || Z_TYPE_P(current) != IS_STRING) {
401 php_error_docref(NULL, E_WARNING, "Invalid peer_fingerprint array; [algo => fingerprint] form required");
402 return 0;
403 }
404 if (php_openssl_x509_fingerprint_cmp(peer, ZSTR_VAL(key), Z_STRVAL_P(current)) != 0) {
405 return 0;
406 }
407 } ZEND_HASH_FOREACH_END();
408
409 return 1;
410 } else {
411 php_error_docref(NULL, E_WARNING,
412 "Invalid peer_fingerprint value; fingerprint string or array of the form [algo => fingerprint] required");
413 }
414
415 return 0;
416 }
417
php_openssl_matches_wildcard_name(const char * subjectname,const char * certname)418 static bool php_openssl_matches_wildcard_name(const char *subjectname, const char *certname) /* {{{ */
419 {
420 char *wildcard = NULL;
421 ptrdiff_t prefix_len;
422 size_t suffix_len, subject_len;
423
424 if (strcasecmp(subjectname, certname) == 0) {
425 return 1;
426 }
427
428 /* wildcard, if present, must only be present in the left-most component */
429 if (!(wildcard = strchr(certname, '*')) || memchr(certname, '.', wildcard - certname)) {
430 return 0;
431 }
432
433 /* 1) prefix, if not empty, must match subject */
434 prefix_len = wildcard - certname;
435 if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
436 return 0;
437 }
438
439 suffix_len = strlen(wildcard + 1);
440 subject_len = strlen(subjectname);
441 if (suffix_len <= subject_len) {
442 /* 2) suffix must match
443 * 3) no . between prefix and suffix
444 **/
445 return strcasecmp(wildcard + 1, subjectname + subject_len - suffix_len) == 0 &&
446 memchr(subjectname + prefix_len, '.', subject_len - suffix_len - prefix_len) == NULL;
447 }
448
449 return 0;
450 }
451 /* }}} */
452
php_openssl_matches_san_list(X509 * peer,const char * subject_name)453 static bool php_openssl_matches_san_list(X509 *peer, const char *subject_name) /* {{{ */
454 {
455 int i, len;
456 unsigned char *cert_name = NULL;
457 char ipbuffer[64];
458
459 GENERAL_NAMES *alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, 0, 0);
460 int alt_name_count = sk_GENERAL_NAME_num(alt_names);
461
462 #ifdef HAVE_IPV6_SAN
463 /* detect if subject name is an IPv6 address and expand once if required */
464 char subject_name_ipv6_expanded[40];
465 unsigned char ipv6[16];
466 bool subject_name_is_ipv6 = false;
467 subject_name_ipv6_expanded[0] = 0;
468
469 if (inet_pton(AF_INET6, subject_name, &ipv6)) {
470 EXPAND_IPV6_ADDRESS(subject_name_ipv6_expanded, ipv6);
471 subject_name_is_ipv6 = true;
472 }
473 #endif
474
475 for (i = 0; i < alt_name_count; i++) {
476 GENERAL_NAME *san = sk_GENERAL_NAME_value(alt_names, i);
477
478 if (san->type == GEN_DNS) {
479 ASN1_STRING_to_UTF8(&cert_name, san->d.dNSName);
480 if ((size_t)ASN1_STRING_length(san->d.dNSName) != strlen((const char*)cert_name)) {
481 OPENSSL_free(cert_name);
482 /* prevent null-byte poisoning*/
483 continue;
484 }
485
486 /* accommodate valid FQDN entries ending in "." */
487 len = strlen((const char*)cert_name);
488 if (len && strcmp((const char *)&cert_name[len-1], ".") == 0) {
489 cert_name[len-1] = '\0';
490 }
491
492 if (php_openssl_matches_wildcard_name(subject_name, (const char *)cert_name)) {
493 OPENSSL_free(cert_name);
494 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
495
496 return 1;
497 }
498 OPENSSL_free(cert_name);
499 } else if (san->type == GEN_IPADD) {
500 if (san->d.iPAddress->length == 4) {
501 snprintf(ipbuffer, sizeof(ipbuffer), "%d.%d.%d.%d",
502 san->d.iPAddress->data[0],
503 san->d.iPAddress->data[1],
504 san->d.iPAddress->data[2],
505 san->d.iPAddress->data[3]
506 );
507 if (strcasecmp(subject_name, (const char*)ipbuffer) == 0) {
508 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
509
510 return 1;
511 }
512 }
513 #ifdef HAVE_IPV6_SAN
514 else if (san->d.ip->length == 16 && subject_name_is_ipv6) {
515 ipbuffer[0] = 0;
516 EXPAND_IPV6_ADDRESS(ipbuffer, san->d.iPAddress->data);
517 if (strcasecmp((const char*)subject_name_ipv6_expanded, (const char*)ipbuffer) == 0) {
518 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
519
520 return 1;
521 }
522 }
523 #endif
524 }
525 }
526
527 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
528
529 return 0;
530 }
531 /* }}} */
532
php_openssl_matches_common_name(X509 * peer,const char * subject_name)533 static bool php_openssl_matches_common_name(X509 *peer, const char *subject_name) /* {{{ */
534 {
535 char buf[1024];
536 X509_NAME *cert_name;
537 bool is_match = 0;
538 int cert_name_len;
539
540 cert_name = X509_get_subject_name(peer);
541 cert_name_len = X509_NAME_get_text_by_NID(cert_name, NID_commonName, buf, sizeof(buf));
542
543 if (cert_name_len == -1) {
544 php_error_docref(NULL, E_WARNING, "Unable to locate peer certificate CN");
545 } else if ((size_t)cert_name_len != strlen(buf)) {
546 php_error_docref(NULL, E_WARNING, "Peer certificate CN=`%.*s' is malformed", cert_name_len, buf);
547 } else if (php_openssl_matches_wildcard_name(subject_name, buf)) {
548 is_match = 1;
549 } else {
550 php_error_docref(NULL, E_WARNING,
551 "Peer certificate CN=`%.*s' did not match expected CN=`%s'",
552 cert_name_len, buf, subject_name);
553 }
554
555 return is_match;
556 }
557 /* }}} */
558
php_openssl_apply_peer_verification_policy(SSL * ssl,X509 * peer,php_stream * stream)559 static zend_result php_openssl_apply_peer_verification_policy(SSL *ssl, X509 *peer, php_stream *stream) /* {{{ */
560 {
561 zval *val = NULL;
562 zval *peer_fingerprint;
563 char *peer_name = NULL;
564 int err,
565 must_verify_peer,
566 must_verify_peer_name,
567 must_verify_fingerprint;
568
569 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
570
571 must_verify_peer = GET_VER_OPT("verify_peer")
572 ? zend_is_true(val)
573 : sslsock->is_client;
574
575 must_verify_peer_name = GET_VER_OPT("verify_peer_name")
576 ? zend_is_true(val)
577 : sslsock->is_client;
578
579 must_verify_fingerprint = GET_VER_OPT("peer_fingerprint");
580 peer_fingerprint = val;
581
582 if ((must_verify_peer || must_verify_peer_name || must_verify_fingerprint) && peer == NULL) {
583 php_error_docref(NULL, E_WARNING, "Could not get peer certificate");
584 return FAILURE;
585 }
586
587 /* Verify the peer against using CA file/path settings */
588 if (must_verify_peer) {
589 err = SSL_get_verify_result(ssl);
590 switch (err) {
591 case X509_V_OK:
592 /* fine */
593 break;
594 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
595 if (GET_VER_OPT("allow_self_signed") && zend_is_true(val)) {
596 /* allowed */
597 break;
598 }
599 /* not allowed, so fall through */
600 ZEND_FALLTHROUGH;
601 default:
602 php_error_docref(NULL, E_WARNING,
603 "Could not verify peer: code:%d %s",
604 err,
605 X509_verify_cert_error_string(err)
606 );
607 return FAILURE;
608 }
609 }
610
611 /* If a peer_fingerprint match is required this trumps peer and peer_name verification */
612 if (must_verify_fingerprint) {
613 if (Z_TYPE_P(peer_fingerprint) == IS_STRING || Z_TYPE_P(peer_fingerprint) == IS_ARRAY) {
614 if (!php_openssl_x509_fingerprint_match(peer, peer_fingerprint)) {
615 php_error_docref(NULL, E_WARNING,
616 "peer_fingerprint match failure"
617 );
618 return FAILURE;
619 }
620 } else {
621 php_error_docref(NULL, E_WARNING,
622 "Expected peer fingerprint must be a string or an array"
623 );
624 return FAILURE;
625 }
626 }
627
628 /* verify the host name presented in the peer certificate */
629 if (must_verify_peer_name) {
630 GET_VER_OPT_STRING("peer_name", peer_name);
631
632 /* If no peer name was specified we use the autodetected url name in client environments */
633 if (peer_name == NULL && sslsock->is_client) {
634 peer_name = sslsock->url_name;
635 }
636
637 if (peer_name) {
638 if (php_openssl_matches_san_list(peer, peer_name)) {
639 return SUCCESS;
640 } else if (php_openssl_matches_common_name(peer, peer_name)) {
641 return SUCCESS;
642 } else {
643 return FAILURE;
644 }
645 } else {
646 return FAILURE;
647 }
648 }
649
650 return SUCCESS;
651 }
652 /* }}} */
653
php_openssl_passwd_callback(char * buf,int num,int verify,void * data)654 static int php_openssl_passwd_callback(char *buf, int num, int verify, void *data) /* {{{ */
655 {
656 php_stream *stream = (php_stream *)data;
657 zval *val = NULL;
658 char *passphrase = NULL;
659 /* TODO: could expand this to make a callback into PHP user-space */
660
661 GET_VER_OPT_STRING("passphrase", passphrase);
662
663 if (passphrase) {
664 if (Z_STRLEN_P(val) < (size_t)num - 1) {
665 memcpy(buf, Z_STRVAL_P(val), Z_STRLEN_P(val)+1);
666 return (int)Z_STRLEN_P(val);
667 }
668 }
669 return 0;
670 }
671 /* }}} */
672
673 #ifdef PHP_WIN32
674 #define RETURN_CERT_VERIFY_FAILURE(code) X509_STORE_CTX_set_error(x509_store_ctx, code); return 0;
php_openssl_win_cert_verify_callback(X509_STORE_CTX * x509_store_ctx,void * arg)675 static int php_openssl_win_cert_verify_callback(X509_STORE_CTX *x509_store_ctx, void *arg) /* {{{ */
676 {
677 PCCERT_CONTEXT cert_ctx = NULL;
678 PCCERT_CHAIN_CONTEXT cert_chain_ctx = NULL;
679 X509 *cert = X509_STORE_CTX_get0_cert(x509_store_ctx);
680
681 php_stream *stream;
682 php_openssl_netstream_data_t *sslsock;
683 zval *val;
684 bool is_self_signed = 0;
685
686
687 stream = (php_stream*)arg;
688 sslsock = (php_openssl_netstream_data_t*)stream->abstract;
689
690 { /* First convert the x509 struct back to a DER encoded buffer and let Windows decode it into a form it can work with */
691 unsigned char *der_buf = NULL;
692 int der_len;
693
694 der_len = i2d_X509(cert, &der_buf);
695 if (der_len < 0) {
696 unsigned long err_code, e;
697 char err_buf[512];
698
699 while ((e = ERR_get_error()) != 0) {
700 err_code = e;
701 }
702
703 php_error_docref(NULL, E_WARNING, "Error encoding X509 certificate: %d: %s", err_code, ERR_error_string(err_code, err_buf));
704 RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
705 }
706
707 cert_ctx = CertCreateCertificateContext(X509_ASN_ENCODING, der_buf, der_len);
708 OPENSSL_free(der_buf);
709
710 if (cert_ctx == NULL) {
711 char *err = php_win_err();
712 php_error_docref(NULL, E_WARNING, "Error creating certificate context: %s", err);
713 php_win_err_free(err);
714 RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
715 }
716 }
717
718 { /* Next fetch the relevant cert chain from the store */
719 CERT_ENHKEY_USAGE enhkey_usage = {0};
720 CERT_USAGE_MATCH cert_usage = {0};
721 CERT_CHAIN_PARA chain_params = {sizeof(CERT_CHAIN_PARA)};
722 LPSTR usages[] = {szOID_PKIX_KP_SERVER_AUTH, szOID_SERVER_GATED_CRYPTO, szOID_SGC_NETSCAPE};
723 DWORD chain_flags = 0;
724 unsigned long allowed_depth = OPENSSL_DEFAULT_STREAM_VERIFY_DEPTH;
725 unsigned int i;
726
727 enhkey_usage.cUsageIdentifier = 3;
728 enhkey_usage.rgpszUsageIdentifier = usages;
729 cert_usage.dwType = USAGE_MATCH_TYPE_OR;
730 cert_usage.Usage = enhkey_usage;
731 chain_params.RequestedUsage = cert_usage;
732 chain_flags = CERT_CHAIN_CACHE_END_CERT | CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT;
733
734 if (!CertGetCertificateChain(NULL, cert_ctx, NULL, NULL, &chain_params, chain_flags, NULL, &cert_chain_ctx)) {
735 char *err = php_win_err();
736 php_error_docref(NULL, E_WARNING, "Error getting certificate chain: %s", err);
737 php_win_err_free(err);
738 CertFreeCertificateContext(cert_ctx);
739 RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
740 }
741
742 /* check if the cert is self-signed */
743 if (cert_chain_ctx->cChain > 0 && cert_chain_ctx->rgpChain[0]->cElement > 0
744 && (cert_chain_ctx->rgpChain[0]->rgpElement[0]->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED) != 0) {
745 is_self_signed = 1;
746 }
747
748 /* check the depth */
749 GET_VER_OPT_LONG("verify_depth", allowed_depth);
750
751 for (i = 0; i < cert_chain_ctx->cChain; i++) {
752 if (cert_chain_ctx->rgpChain[i]->cElement > allowed_depth) {
753 CertFreeCertificateChain(cert_chain_ctx);
754 CertFreeCertificateContext(cert_ctx);
755 RETURN_CERT_VERIFY_FAILURE(X509_V_ERR_CERT_CHAIN_TOO_LONG);
756 }
757 }
758 }
759
760 { /* Then verify it against a policy */
761 SSL_EXTRA_CERT_CHAIN_POLICY_PARA ssl_policy_params = {sizeof(SSL_EXTRA_CERT_CHAIN_POLICY_PARA)};
762 CERT_CHAIN_POLICY_PARA chain_policy_params = {sizeof(CERT_CHAIN_POLICY_PARA)};
763 CERT_CHAIN_POLICY_STATUS chain_policy_status = {sizeof(CERT_CHAIN_POLICY_STATUS)};
764 BOOL verify_result;
765
766 ssl_policy_params.dwAuthType = (sslsock->is_client) ? AUTHTYPE_SERVER : AUTHTYPE_CLIENT;
767 /* we validate the name ourselves using the peer_name
768 ctx option, so no need to use a server name here */
769 ssl_policy_params.pwszServerName = NULL;
770 chain_policy_params.pvExtraPolicyPara = &ssl_policy_params;
771
772 verify_result = CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, cert_chain_ctx, &chain_policy_params, &chain_policy_status);
773
774 CertFreeCertificateChain(cert_chain_ctx);
775 CertFreeCertificateContext(cert_ctx);
776
777 if (!verify_result) {
778 char *err = php_win_err();
779 php_error_docref(NULL, E_WARNING, "Error verifying certificate chain policy: %s", err);
780 php_win_err_free(err);
781 RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
782 }
783
784 if (chain_policy_status.dwError != 0) {
785 /* The chain does not match the policy */
786 if (is_self_signed && chain_policy_status.dwError == CERT_E_UNTRUSTEDROOT
787 && GET_VER_OPT("allow_self_signed") && zend_is_true(val)) {
788 /* allow self-signed certs */
789 X509_STORE_CTX_set_error(x509_store_ctx, X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
790 } else {
791 RETURN_CERT_VERIFY_FAILURE(SSL_R_CERTIFICATE_VERIFY_FAILED);
792 }
793 }
794 }
795
796 return 1;
797 }
798 /* }}} */
799 #endif
800
php_openssl_load_stream_cafile(X509_STORE * cert_store,const char * cafile)801 static long php_openssl_load_stream_cafile(X509_STORE *cert_store, const char *cafile) /* {{{ */
802 {
803 php_stream *stream;
804 X509 *cert;
805 BIO *buffer;
806 int buffer_active = 0;
807 char *line = NULL;
808 size_t line_len;
809 long certs_added = 0;
810
811 stream = php_stream_open_wrapper(cafile, "rb", 0, NULL);
812
813 if (stream == NULL) {
814 php_error(E_WARNING, "failed loading cafile stream: `%s'", cafile);
815 return 0;
816 } else if (stream->wrapper->is_url) {
817 php_stream_close(stream);
818 php_error(E_WARNING, "remote cafile streams are disabled for security purposes");
819 return 0;
820 }
821
822 cert_start: {
823 line = php_stream_get_line(stream, NULL, 0, &line_len);
824 if (line == NULL) {
825 goto stream_complete;
826 } else if (!strcmp(line, "-----BEGIN CERTIFICATE-----\n") ||
827 !strcmp(line, "-----BEGIN CERTIFICATE-----\r\n")
828 ) {
829 buffer = BIO_new(BIO_s_mem());
830 buffer_active = 1;
831 goto cert_line;
832 } else {
833 efree(line);
834 goto cert_start;
835 }
836 }
837
838 cert_line: {
839 BIO_puts(buffer, line);
840 efree(line);
841 line = php_stream_get_line(stream, NULL, 0, &line_len);
842 if (line == NULL) {
843 goto stream_complete;
844 } else if (!strcmp(line, "-----END CERTIFICATE-----") ||
845 !strcmp(line, "-----END CERTIFICATE-----\n") ||
846 !strcmp(line, "-----END CERTIFICATE-----\r\n")
847 ) {
848 goto add_cert;
849 } else {
850 goto cert_line;
851 }
852 }
853
854 add_cert: {
855 BIO_puts(buffer, line);
856 efree(line);
857 cert = PEM_read_bio_X509(buffer, NULL, 0, NULL);
858 BIO_free(buffer);
859 buffer_active = 0;
860 if (cert && X509_STORE_add_cert(cert_store, cert)) {
861 ++certs_added;
862 X509_free(cert);
863 }
864 goto cert_start;
865 }
866
867 stream_complete: {
868 php_stream_close(stream);
869 if (buffer_active == 1) {
870 BIO_free(buffer);
871 }
872 }
873
874 if (certs_added == 0) {
875 php_error(E_WARNING, "no valid certs found cafile stream: `%s'", cafile);
876 }
877
878 return certs_added;
879 }
880 /* }}} */
881
php_openssl_enable_peer_verification(SSL_CTX * ctx,php_stream * stream)882 static zend_result php_openssl_enable_peer_verification(SSL_CTX *ctx, php_stream *stream) /* {{{ */
883 {
884 zval *val = NULL;
885 char *cafile = NULL;
886 char *capath = NULL;
887 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
888
889 GET_VER_OPT_STRING("cafile", cafile);
890 GET_VER_OPT_STRING("capath", capath);
891
892 if (cafile == NULL) {
893 cafile = zend_ini_string("openssl.cafile", sizeof("openssl.cafile")-1, 0);
894 cafile = strlen(cafile) ? cafile : NULL;
895 } else if (!sslsock->is_client) {
896 /* Servers need to load and assign CA names from the cafile */
897 STACK_OF(X509_NAME) *cert_names = SSL_load_client_CA_file(cafile);
898 if (cert_names != NULL) {
899 SSL_CTX_set_client_CA_list(ctx, cert_names);
900 } else {
901 php_error(E_WARNING, "SSL: failed loading CA names from cafile");
902 return FAILURE;
903 }
904 }
905
906 if (capath == NULL) {
907 capath = zend_ini_string("openssl.capath", sizeof("openssl.capath")-1, 0);
908 capath = strlen(capath) ? capath : NULL;
909 }
910
911 if (cafile || capath) {
912 if (!SSL_CTX_load_verify_locations(ctx, cafile, capath)) {
913 ERR_clear_error();
914 if (cafile && !php_openssl_load_stream_cafile(SSL_CTX_get_cert_store(ctx), cafile)) {
915 return FAILURE;
916 }
917 }
918 } else {
919 #ifdef PHP_WIN32
920 SSL_CTX_set_cert_verify_callback(ctx, php_openssl_win_cert_verify_callback, (void *)stream);
921 #else
922 if (sslsock->is_client && !SSL_CTX_set_default_verify_paths(ctx)) {
923 php_error_docref(NULL, E_WARNING,
924 "Unable to set default verify locations and no CA settings specified");
925 return FAILURE;
926 }
927 #endif
928 }
929
930 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
931
932 return SUCCESS;
933 }
934 /* }}} */
935
php_openssl_disable_peer_verification(SSL_CTX * ctx,php_stream * stream)936 static void php_openssl_disable_peer_verification(SSL_CTX *ctx, php_stream *stream) /* {{{ */
937 {
938 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
939 }
940 /* }}} */
941
php_openssl_set_local_cert(SSL_CTX * ctx,php_stream * stream)942 static zend_result php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ */
943 {
944 zval *val = NULL;
945 char *certfile = NULL;
946 size_t certfile_len;
947
948 GET_VER_OPT_STRINGL("local_cert", certfile, certfile_len);
949
950 if (certfile) {
951 char resolved_path_buff[MAXPATHLEN];
952 const char *private_key = NULL;
953 size_t private_key_len;
954
955 if (!php_openssl_check_path_ex(
956 certfile, certfile_len, resolved_path_buff, 0, false, false,
957 "local_cert in ssl stream context")) {
958 php_error_docref(NULL, E_WARNING, "Unable to get real path of certificate file `%s'", certfile);
959 return FAILURE;
960 }
961 /* a certificate to use for authentication */
962 if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) {
963 php_error_docref(NULL, E_WARNING,
964 "Unable to set local cert chain file `%s'; Check that your cafile/capath "
965 "settings include details of your certificate and its issuer",
966 certfile);
967 return FAILURE;
968 }
969
970 GET_VER_OPT_STRINGL("local_pk", private_key, private_key_len);
971 if (private_key && !php_openssl_check_path_ex(
972 private_key, private_key_len, resolved_path_buff, 0, false, false,
973 "local_pk in ssl stream context")) {
974 php_error_docref(NULL, E_WARNING, "Unable to get real path of private key file `%s'", private_key);
975 return FAILURE;
976 }
977 if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {
978 php_error_docref(NULL, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff);
979 return FAILURE;
980 }
981 if (!SSL_CTX_check_private_key(ctx)) {
982 php_error_docref(NULL, E_WARNING, "Private key does not match certificate!");
983 }
984 }
985
986 return SUCCESS;
987 }
988 /* }}} */
989
990 #if PHP_OPENSSL_API_VERSION < 0x10100
php_openssl_get_crypto_method_ctx_flags(int method_flags)991 static int php_openssl_get_crypto_method_ctx_flags(int method_flags) /* {{{ */
992 {
993 int ssl_ctx_options = SSL_OP_ALL;
994
995 #ifdef SSL_OP_NO_SSLv2
996 ssl_ctx_options |= SSL_OP_NO_SSLv2;
997 #endif
998 #ifdef HAVE_SSL3
999 if (!(method_flags & STREAM_CRYPTO_METHOD_SSLv3)) {
1000 ssl_ctx_options |= SSL_OP_NO_SSLv3;
1001 }
1002 #endif
1003 #ifdef HAVE_TLS1
1004 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_0)) {
1005 ssl_ctx_options |= SSL_OP_NO_TLSv1;
1006 }
1007 #endif
1008 #ifdef HAVE_TLS11
1009 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_1)) {
1010 ssl_ctx_options |= SSL_OP_NO_TLSv1_1;
1011 }
1012 #endif
1013 #ifdef HAVE_TLS12
1014 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_2)) {
1015 ssl_ctx_options |= SSL_OP_NO_TLSv1_2;
1016 }
1017 #endif
1018 #ifdef HAVE_TLS13
1019 if (!(method_flags & STREAM_CRYPTO_METHOD_TLSv1_3)) {
1020 ssl_ctx_options |= SSL_OP_NO_TLSv1_3;
1021 }
1022 #endif
1023
1024 return ssl_ctx_options;
1025 }
1026 /* }}} */
1027 #endif
1028
php_openssl_get_min_proto_version_flag(int flags)1029 static inline int php_openssl_get_min_proto_version_flag(int flags) /* {{{ */
1030 {
1031 int ver;
1032 for (ver = PHP_OPENSSL_MIN_PROTO_VERSION; ver <= PHP_OPENSSL_MAX_PROTO_VERSION; ver <<= 1) {
1033 if (flags & ver) {
1034 return ver;
1035 }
1036 }
1037 return PHP_OPENSSL_MAX_PROTO_VERSION;
1038 }
1039 /* }}} */
1040
php_openssl_get_max_proto_version_flag(int flags)1041 static inline int php_openssl_get_max_proto_version_flag(int flags) /* {{{ */
1042 {
1043 int ver;
1044 for (ver = PHP_OPENSSL_MAX_PROTO_VERSION; ver >= PHP_OPENSSL_MIN_PROTO_VERSION; ver >>= 1) {
1045 if (flags & ver) {
1046 return ver;
1047 }
1048 }
1049 return STREAM_CRYPTO_METHOD_TLSv1_3;
1050 }
1051 /* }}} */
1052
1053 #if PHP_OPENSSL_API_VERSION >= 0x10100
php_openssl_map_proto_version(int flag)1054 static inline int php_openssl_map_proto_version(int flag) /* {{{ */
1055 {
1056 switch (flag) {
1057 #ifdef HAVE_TLS13
1058 case STREAM_CRYPTO_METHOD_TLSv1_3:
1059 return TLS1_3_VERSION;
1060 #endif
1061 case STREAM_CRYPTO_METHOD_TLSv1_2:
1062 return TLS1_2_VERSION;
1063 case STREAM_CRYPTO_METHOD_TLSv1_1:
1064 return TLS1_1_VERSION;
1065 case STREAM_CRYPTO_METHOD_TLSv1_0:
1066 return TLS1_VERSION;
1067 #ifdef HAVE_SSL3
1068 case STREAM_CRYPTO_METHOD_SSLv3:
1069 return SSL3_VERSION;
1070 #endif
1071 default:
1072 return TLS1_2_VERSION;
1073 }
1074 }
1075 /* }}} */
1076
php_openssl_get_min_proto_version(int flags)1077 static int php_openssl_get_min_proto_version(int flags) /* {{{ */
1078 {
1079 return php_openssl_map_proto_version(php_openssl_get_min_proto_version_flag(flags));
1080 }
1081 /* }}} */
1082
php_openssl_get_max_proto_version(int flags)1083 static int php_openssl_get_max_proto_version(int flags) /* {{{ */
1084 {
1085 return php_openssl_map_proto_version(php_openssl_get_max_proto_version_flag(flags));
1086 }
1087 /* }}} */
1088 #endif
1089
php_openssl_get_proto_version_flags(int flags,int min,int max)1090 static int php_openssl_get_proto_version_flags(int flags, int min, int max) /* {{{ */
1091 {
1092 int ver;
1093
1094 if (!min) {
1095 min = php_openssl_get_min_proto_version_flag(flags);
1096 }
1097 if (!max) {
1098 max = php_openssl_get_max_proto_version_flag(flags);
1099 }
1100
1101 for (ver = PHP_OPENSSL_MIN_PROTO_VERSION; ver <= PHP_OPENSSL_MAX_PROTO_VERSION; ver <<= 1) {
1102 if (ver >= min && ver <= max) {
1103 if (!(flags & ver)) {
1104 flags |= ver;
1105 }
1106 } else if (flags & ver) {
1107 flags &= ~ver;
1108 }
1109 }
1110
1111 return flags;
1112 }
1113 /* }}} */
1114
php_openssl_limit_handshake_reneg(const SSL * ssl)1115 static void php_openssl_limit_handshake_reneg(const SSL *ssl) /* {{{ */
1116 {
1117 php_stream *stream;
1118 php_openssl_netstream_data_t *sslsock;
1119 struct timeval now;
1120 zend_long elapsed_time;
1121
1122 stream = php_openssl_get_stream_from_ssl_handle(ssl);
1123 sslsock = (php_openssl_netstream_data_t*)stream->abstract;
1124 gettimeofday(&now, NULL);
1125
1126 /* The initial handshake is never rate-limited */
1127 if (sslsock->reneg->prev_handshake == 0) {
1128 sslsock->reneg->prev_handshake = now.tv_sec;
1129 return;
1130 }
1131
1132 elapsed_time = (now.tv_sec - sslsock->reneg->prev_handshake);
1133 sslsock->reneg->prev_handshake = now.tv_sec;
1134 sslsock->reneg->tokens -= (elapsed_time * (sslsock->reneg->limit / sslsock->reneg->window));
1135
1136 if (sslsock->reneg->tokens < 0) {
1137 sslsock->reneg->tokens = 0;
1138 }
1139 ++sslsock->reneg->tokens;
1140
1141 /* The token level exceeds our allowed limit */
1142 if (sslsock->reneg->tokens > sslsock->reneg->limit) {
1143 zval *val;
1144
1145
1146 sslsock->reneg->should_close = 1;
1147
1148 if (PHP_STREAM_CONTEXT(stream) && (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream),
1149 "ssl", "reneg_limit_callback")) != NULL
1150 ) {
1151 zval param, retval;
1152
1153 php_stream_to_zval(stream, ¶m);
1154
1155 /* Closing the stream inside this callback would segfault! */
1156 stream->flags |= PHP_STREAM_FLAG_NO_FCLOSE;
1157 if (FAILURE == call_user_function(NULL, NULL, val, &retval, 1, ¶m)) {
1158 php_error(E_WARNING, "SSL: failed invoking reneg limit notification callback");
1159 }
1160 stream->flags ^= PHP_STREAM_FLAG_NO_FCLOSE;
1161
1162 /* If the reneg_limit_callback returned true don't auto-close */
1163 if (Z_TYPE(retval) == IS_TRUE) {
1164 sslsock->reneg->should_close = 0;
1165 }
1166
1167 zval_ptr_dtor(&retval);
1168 } else {
1169 php_error_docref(NULL, E_WARNING,
1170 "SSL: client-initiated handshake rate limit exceeded by peer");
1171 }
1172 }
1173 }
1174 /* }}} */
1175
php_openssl_info_callback(const SSL * ssl,int where,int ret)1176 static void php_openssl_info_callback(const SSL *ssl, int where, int ret) /* {{{ */
1177 {
1178 /* Rate-limit client-initiated handshake renegotiation to prevent DoS */
1179 if (where & SSL_CB_HANDSHAKE_START) {
1180 php_openssl_limit_handshake_reneg(ssl);
1181 }
1182 }
1183 /* }}} */
1184
php_openssl_init_server_reneg_limit(php_stream * stream,php_openssl_netstream_data_t * sslsock)1185 static void php_openssl_init_server_reneg_limit(php_stream *stream, php_openssl_netstream_data_t *sslsock) /* {{{ */
1186 {
1187 zval *val;
1188 zend_long limit = OPENSSL_DEFAULT_RENEG_LIMIT;
1189 zend_long window = OPENSSL_DEFAULT_RENEG_WINDOW;
1190
1191 if (PHP_STREAM_CONTEXT(stream) &&
1192 NULL != (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "reneg_limit"))
1193 ) {
1194 limit = zval_get_long(val);
1195 }
1196
1197 /* No renegotiation rate-limiting */
1198 if (limit < 0) {
1199 return;
1200 }
1201
1202 if (PHP_STREAM_CONTEXT(stream) &&
1203 NULL != (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "reneg_window"))
1204 ) {
1205 window = zval_get_long(val);
1206 }
1207
1208 sslsock->reneg = (void*)pemalloc(sizeof(php_openssl_handshake_bucket_t),
1209 php_stream_is_persistent(stream)
1210 );
1211
1212 sslsock->reneg->limit = limit;
1213 sslsock->reneg->window = window;
1214 sslsock->reneg->prev_handshake = 0;
1215 sslsock->reneg->tokens = 0;
1216 sslsock->reneg->should_close = 0;
1217
1218 SSL_set_info_callback(sslsock->ssl_handle, php_openssl_info_callback);
1219 }
1220 /* }}} */
1221
1222 #if PHP_OPENSSL_API_VERSION < 0x10100
php_openssl_tmp_rsa_cb(SSL * s,int is_export,int keylength)1223 static RSA *php_openssl_tmp_rsa_cb(SSL *s, int is_export, int keylength)
1224 {
1225 BIGNUM *bn = NULL;
1226 static RSA *rsa_tmp = NULL;
1227
1228 if (!rsa_tmp && ((bn = BN_new()) == NULL)) {
1229 php_error_docref(NULL, E_WARNING, "allocation error generating RSA key");
1230 }
1231 if (!rsa_tmp && bn) {
1232 if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
1233 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
1234 if (rsa_tmp) {
1235 RSA_free(rsa_tmp);
1236 }
1237 rsa_tmp = NULL;
1238 }
1239 BN_free(bn);
1240 }
1241
1242 return (rsa_tmp);
1243 }
1244 #endif
1245
php_openssl_set_server_dh_param(php_stream * stream,SSL_CTX * ctx)1246 static zend_result php_openssl_set_server_dh_param(php_stream * stream, SSL_CTX *ctx) /* {{{ */
1247 {
1248 zval *zdhpath = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "dh_param");
1249 if (zdhpath == NULL) {
1250 #if 0
1251 /* Coming in OpenSSL 1.1 ... eventually we'll want to enable this
1252 * in the absence of an explicit dh_param.
1253 */
1254 SSL_CTX_set_dh_auto(ctx, 1);
1255 #endif
1256 return SUCCESS;
1257 }
1258
1259 if (!try_convert_to_string(zdhpath)) {
1260 return FAILURE;
1261 }
1262
1263 BIO *bio = BIO_new_file(Z_STRVAL_P(zdhpath), PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
1264
1265 if (bio == NULL) {
1266 php_error_docref(NULL, E_WARNING, "Invalid dh_param");
1267 return FAILURE;
1268 }
1269
1270 #if PHP_OPENSSL_API_VERSION >= 0x30000
1271 EVP_PKEY *pkey = PEM_read_bio_Parameters(bio, NULL);
1272 BIO_free(bio);
1273
1274 if (pkey == NULL) {
1275 php_error_docref(NULL, E_WARNING, "Failed reading DH params");
1276 return FAILURE;
1277 }
1278
1279 if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey) == 0) {
1280 php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
1281 EVP_PKEY_free(pkey);
1282 return FAILURE;
1283 }
1284 #else
1285 DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1286 BIO_free(bio);
1287
1288 if (dh == NULL) {
1289 php_error_docref(NULL, E_WARNING, "Failed reading DH params");
1290 return FAILURE;
1291 }
1292
1293 if (SSL_CTX_set_tmp_dh(ctx, dh) == 0) {
1294 php_error_docref(NULL, E_WARNING, "Failed assigning DH params");
1295 DH_free(dh);
1296 return FAILURE;
1297 }
1298
1299 DH_free(dh);
1300 #endif
1301
1302 return SUCCESS;
1303 }
1304 /* }}} */
1305
1306 #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
php_openssl_set_server_ecdh_curve(php_stream * stream,SSL_CTX * ctx)1307 static zend_result php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /* {{{ */
1308 {
1309 zval *zvcurve;
1310 int curve_nid;
1311 EC_KEY *ecdh;
1312
1313 zvcurve = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "ecdh_curve");
1314 if (zvcurve == NULL) {
1315 SSL_CTX_set_ecdh_auto(ctx, 1);
1316 return SUCCESS;
1317 } else {
1318 if (!try_convert_to_string(zvcurve)) {
1319 return FAILURE;
1320 }
1321
1322 curve_nid = OBJ_sn2nid(Z_STRVAL_P(zvcurve));
1323 if (curve_nid == NID_undef) {
1324 php_error_docref(NULL, E_WARNING, "Invalid ecdh_curve specified");
1325 return FAILURE;
1326 }
1327 }
1328
1329 ecdh = EC_KEY_new_by_curve_name(curve_nid);
1330 if (ecdh == NULL) {
1331 php_error_docref(NULL, E_WARNING, "Failed generating ECDH curve");
1332 return FAILURE;
1333 }
1334
1335 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1336 EC_KEY_free(ecdh);
1337
1338 return SUCCESS;
1339 }
1340 /* }}} */
1341 #endif
1342
php_openssl_set_server_specific_opts(php_stream * stream,SSL_CTX * ctx)1343 static zend_result php_openssl_set_server_specific_opts(php_stream *stream, SSL_CTX *ctx) /* {{{ */
1344 {
1345 zval *zv;
1346 long ssl_ctx_options = SSL_CTX_get_options(ctx);
1347
1348 #if defined(HAVE_ECDH) && PHP_OPENSSL_API_VERSION < 0x10100
1349 if (php_openssl_set_server_ecdh_curve(stream, ctx) == FAILURE) {
1350 return FAILURE;
1351 }
1352 #endif
1353
1354 #if PHP_OPENSSL_API_VERSION < 0x10100
1355 SSL_CTX_set_tmp_rsa_callback(ctx, php_openssl_tmp_rsa_cb);
1356 #endif
1357 /* We now use php_openssl_tmp_rsa_cb to generate a key of appropriate size whenever necessary */
1358 if (php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "rsa_key_size") != NULL) {
1359 php_error_docref(NULL, E_WARNING, "rsa_key_size context option has been removed");
1360 }
1361
1362 if (php_openssl_set_server_dh_param(stream, ctx) == FAILURE) {
1363 return FAILURE;
1364 }
1365
1366 zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "single_dh_use");
1367 if (zv == NULL || zend_is_true(zv)) {
1368 ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
1369 }
1370
1371 zv = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "honor_cipher_order");
1372 if (zv == NULL || zend_is_true(zv)) {
1373 ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
1374 }
1375
1376 SSL_CTX_set_options(ctx, ssl_ctx_options);
1377
1378 return SUCCESS;
1379 }
1380 /* }}} */
1381
1382 #ifdef HAVE_TLS_SNI
php_openssl_server_sni_callback(SSL * ssl_handle,int * al,void * arg)1383 static int php_openssl_server_sni_callback(SSL *ssl_handle, int *al, void *arg) /* {{{ */
1384 {
1385 php_stream *stream;
1386 php_openssl_netstream_data_t *sslsock;
1387 unsigned i;
1388 const char *server_name;
1389
1390 server_name = SSL_get_servername(ssl_handle, TLSEXT_NAMETYPE_host_name);
1391
1392 if (!server_name) {
1393 return SSL_TLSEXT_ERR_NOACK;
1394 }
1395
1396 stream = (php_stream*)SSL_get_ex_data(ssl_handle, php_openssl_get_ssl_stream_data_index());
1397 sslsock = (php_openssl_netstream_data_t*)stream->abstract;
1398
1399 if (!(sslsock->sni_cert_count && sslsock->sni_certs)) {
1400 return SSL_TLSEXT_ERR_NOACK;
1401 }
1402
1403 for (i=0; i < sslsock->sni_cert_count; i++) {
1404 if (php_openssl_matches_wildcard_name(server_name, sslsock->sni_certs[i].name)) {
1405 SSL_set_SSL_CTX(ssl_handle, sslsock->sni_certs[i].ctx);
1406 return SSL_TLSEXT_ERR_OK;
1407 }
1408 }
1409
1410 return SSL_TLSEXT_ERR_NOACK;
1411 }
1412 /* }}} */
1413
php_openssl_create_sni_server_ctx(char * cert_path,char * key_path)1414 static SSL_CTX *php_openssl_create_sni_server_ctx(char *cert_path, char *key_path) /* {{{ */
1415 {
1416 /* The hello method is not inherited by SSL structs when assigning a new context
1417 * inside the SNI callback, so the just use SSLv23 */
1418 SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
1419
1420 if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) != 1) {
1421 php_error_docref(NULL, E_WARNING,
1422 "Failed setting local cert chain file `%s'; " \
1423 "check that your cafile/capath settings include " \
1424 "details of your certificate and its issuer",
1425 cert_path
1426 );
1427 SSL_CTX_free(ctx);
1428 return NULL;
1429 } else if (SSL_CTX_use_PrivateKey_file(ctx, key_path, SSL_FILETYPE_PEM) != 1) {
1430 php_error_docref(NULL, E_WARNING,
1431 "Failed setting private key from file `%s'",
1432 key_path
1433 );
1434 SSL_CTX_free(ctx);
1435 return NULL;
1436 }
1437
1438 return ctx;
1439 }
1440 /* }}} */
1441
php_openssl_enable_server_sni(php_stream * stream,php_openssl_netstream_data_t * sslsock)1442 static zend_result php_openssl_enable_server_sni(php_stream *stream, php_openssl_netstream_data_t *sslsock) /* {{{ */
1443 {
1444 zval *val;
1445 zval *current;
1446 zend_string *key;
1447 zend_ulong key_index;
1448 int i = 0;
1449 char resolved_path_buff[MAXPATHLEN];
1450 SSL_CTX *ctx;
1451
1452 /* If the stream ctx disables SNI we're finished here */
1453 if (GET_VER_OPT("SNI_enabled") && !zend_is_true(val)) {
1454 return SUCCESS;
1455 }
1456
1457 /* If no SNI cert array is specified we're finished here */
1458 if (!GET_VER_OPT("SNI_server_certs")) {
1459 return SUCCESS;
1460 }
1461
1462 if (Z_TYPE_P(val) != IS_ARRAY) {
1463 php_error_docref(NULL, E_WARNING,
1464 "SNI_server_certs requires an array mapping host names to cert paths"
1465 );
1466 return FAILURE;
1467 }
1468
1469 sslsock->sni_cert_count = zend_hash_num_elements(Z_ARRVAL_P(val));
1470 if (sslsock->sni_cert_count == 0) {
1471 php_error_docref(NULL, E_WARNING,
1472 "SNI_server_certs host cert array must not be empty"
1473 );
1474 return FAILURE;
1475 }
1476
1477 sslsock->sni_certs = (php_openssl_sni_cert_t*)safe_pemalloc(sslsock->sni_cert_count,
1478 sizeof(php_openssl_sni_cert_t), 0, php_stream_is_persistent(stream)
1479 );
1480 memset(sslsock->sni_certs, 0, sslsock->sni_cert_count * sizeof(php_openssl_sni_cert_t));
1481
1482 ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(val), key_index, key, current) {
1483 (void) key_index;
1484
1485 if (!key) {
1486 php_error_docref(NULL, E_WARNING,
1487 "SNI_server_certs array requires string host name keys"
1488 );
1489 return FAILURE;
1490 }
1491
1492 if (Z_TYPE_P(current) == IS_ARRAY) {
1493 zval *local_pk, *local_cert;
1494 zend_string *local_pk_str, *local_cert_str;
1495 char resolved_cert_path_buff[MAXPATHLEN], resolved_pk_path_buff[MAXPATHLEN];
1496
1497 local_cert = zend_hash_str_find(Z_ARRVAL_P(current), "local_cert", sizeof("local_cert")-1);
1498 if (local_cert == NULL) {
1499 php_error_docref(NULL, E_WARNING,
1500 "local_cert not present in the array"
1501 );
1502 return FAILURE;
1503 }
1504
1505 local_cert_str = zval_try_get_string(local_cert);
1506 if (UNEXPECTED(!local_cert_str)) {
1507 return FAILURE;
1508 }
1509 if (!php_openssl_check_path_str_ex(
1510 local_cert_str, resolved_cert_path_buff, 0, false, false,
1511 "SNI_server_certs local_cert in ssl stream context")) {
1512 php_error_docref(NULL, E_WARNING,
1513 "Failed setting local cert chain file `%s'; could not open file",
1514 ZSTR_VAL(local_cert_str)
1515 );
1516 zend_string_release(local_cert_str);
1517 return FAILURE;
1518 }
1519 zend_string_release(local_cert_str);
1520
1521 local_pk = zend_hash_str_find(Z_ARRVAL_P(current), "local_pk", sizeof("local_pk")-1);
1522 if (local_pk == NULL) {
1523 php_error_docref(NULL, E_WARNING,
1524 "local_pk not present in the array"
1525 );
1526 return FAILURE;
1527 }
1528
1529 local_pk_str = zval_try_get_string(local_pk);
1530 if (UNEXPECTED(!local_pk_str)) {
1531 return FAILURE;
1532 }
1533 if (!php_openssl_check_path_str_ex(
1534 local_pk_str, resolved_pk_path_buff, 0, false, false,
1535 "SNI_server_certs local_pk in ssl stream context")) {
1536 php_error_docref(NULL, E_WARNING,
1537 "Failed setting local private key file `%s'; could not open file",
1538 ZSTR_VAL(local_pk_str)
1539 );
1540 zend_string_release(local_pk_str);
1541 return FAILURE;
1542 }
1543 zend_string_release(local_pk_str);
1544
1545 ctx = php_openssl_create_sni_server_ctx(resolved_cert_path_buff, resolved_pk_path_buff);
1546
1547 } else if (php_openssl_check_path_str_ex(
1548 Z_STR_P(current), resolved_path_buff, 0, false, false,
1549 "SNI_server_certs in ssl stream context")) {
1550 ctx = php_openssl_create_sni_server_ctx(resolved_path_buff, resolved_path_buff);
1551 } else {
1552 php_error_docref(NULL, E_WARNING,
1553 "Failed setting local cert chain file `%s'; file not found",
1554 Z_STRVAL_P(current)
1555 );
1556 return FAILURE;
1557 }
1558
1559 if (ctx == NULL) {
1560 return FAILURE;
1561 }
1562
1563 sslsock->sni_certs[i].name = pestrdup(ZSTR_VAL(key), php_stream_is_persistent(stream));
1564 sslsock->sni_certs[i].ctx = ctx;
1565 ++i;
1566
1567 } ZEND_HASH_FOREACH_END();
1568
1569 SSL_CTX_set_tlsext_servername_callback(sslsock->ctx, php_openssl_server_sni_callback);
1570
1571 return SUCCESS;
1572 }
1573 /* }}} */
1574
php_openssl_enable_client_sni(php_stream * stream,php_openssl_netstream_data_t * sslsock)1575 static void php_openssl_enable_client_sni(php_stream *stream, php_openssl_netstream_data_t *sslsock) /* {{{ */
1576 {
1577 zval *val;
1578 char *sni_server_name;
1579
1580 /* If SNI is explicitly disabled we're finished here */
1581 if (GET_VER_OPT("SNI_enabled") && !zend_is_true(val)) {
1582 return;
1583 }
1584
1585 sni_server_name = sslsock->url_name;
1586
1587 GET_VER_OPT_STRING("peer_name", sni_server_name);
1588
1589 if (sni_server_name) {
1590 SSL_set_tlsext_host_name(sslsock->ssl_handle, sni_server_name);
1591 }
1592 }
1593 /* }}} */
1594 #endif
1595
1596 #ifdef HAVE_TLS_ALPN
1597 /**
1598 * Parses a comma-separated list of strings into a string suitable for SSL_CTX_set_next_protos_advertised
1599 * outlen: (output) set to the length of the resulting buffer on success.
1600 * err: (maybe NULL) on failure, an error message line is written to this BIO.
1601 * in: a NULL terminated string like "abc,def,ghi"
1602 *
1603 * returns: an emalloced buffer or NULL on failure.
1604 */
php_openssl_alpn_protos_parse(unsigned short * outlen,const char * in)1605 static unsigned char *php_openssl_alpn_protos_parse(unsigned short *outlen, const char *in) /* {{{ */
1606 {
1607 size_t len;
1608 unsigned char *out;
1609 size_t i, start = 0;
1610
1611 len = strlen(in);
1612 if (len >= 65535) {
1613 return NULL;
1614 }
1615
1616 out = emalloc(strlen(in) + 1);
1617
1618 for (i = 0; i <= len; ++i) {
1619 if (i == len || in[i] == ',') {
1620 if (i - start > 255) {
1621 efree(out);
1622 return NULL;
1623 }
1624 out[start] = i - start;
1625 start = i + 1;
1626 } else {
1627 out[i + 1] = in[i];
1628 }
1629 }
1630
1631 *outlen = len + 1;
1632
1633 return out;
1634 }
1635 /* }}} */
1636
php_openssl_server_alpn_callback(SSL * ssl_handle,const unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)1637 static int php_openssl_server_alpn_callback(SSL *ssl_handle,
1638 const unsigned char **out, unsigned char *outlen,
1639 const unsigned char *in, unsigned int inlen, void *arg) /* {{{ */
1640 {
1641 php_openssl_netstream_data_t *sslsock = arg;
1642
1643 if (SSL_select_next_proto((unsigned char **)out, outlen, sslsock->alpn_ctx.data, sslsock->alpn_ctx.len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
1644 return SSL_TLSEXT_ERR_NOACK;
1645 }
1646
1647 return SSL_TLSEXT_ERR_OK;
1648 }
1649 /* }}} */
1650
1651 #endif
1652
php_openssl_setup_crypto(php_stream * stream,php_openssl_netstream_data_t * sslsock,php_stream_xport_crypto_param * cparam)1653 static zend_result php_openssl_setup_crypto(php_stream *stream,
1654 php_openssl_netstream_data_t *sslsock,
1655 php_stream_xport_crypto_param *cparam) /* {{{ */
1656 {
1657 const SSL_METHOD *method;
1658 int ssl_ctx_options;
1659 int method_flags;
1660 zend_long min_version = 0;
1661 zend_long max_version = 0;
1662 char *cipherlist = NULL;
1663 char *alpn_protocols = NULL;
1664 zval *val;
1665
1666 if (sslsock->ssl_handle) {
1667 if (sslsock->s.is_blocked) {
1668 php_error_docref(NULL, E_WARNING, "SSL/TLS already set-up for this stream");
1669 return FAILURE;
1670 } else {
1671 return SUCCESS;
1672 }
1673 }
1674
1675 ERR_clear_error();
1676
1677 /* We need to do slightly different things based on client/server method
1678 * so let's remember which method was selected */
1679 sslsock->is_client = cparam->inputs.method & STREAM_CRYPTO_IS_CLIENT;
1680 method_flags = cparam->inputs.method & ~STREAM_CRYPTO_IS_CLIENT;
1681
1682 method = sslsock->is_client ? SSLv23_client_method() : SSLv23_server_method();
1683 sslsock->ctx = SSL_CTX_new(method);
1684
1685 if (sslsock->ctx == NULL) {
1686 php_error_docref(NULL, E_WARNING, "SSL context creation failure");
1687 return FAILURE;
1688 }
1689
1690 GET_VER_OPT_LONG("min_proto_version", min_version);
1691 GET_VER_OPT_LONG("max_proto_version", max_version);
1692 method_flags = php_openssl_get_proto_version_flags(method_flags, min_version, max_version);
1693 #if PHP_OPENSSL_API_VERSION < 0x10100
1694 ssl_ctx_options = php_openssl_get_crypto_method_ctx_flags(method_flags);
1695 #else
1696 ssl_ctx_options = SSL_OP_ALL;
1697 #endif
1698
1699 if (GET_VER_OPT("no_ticket") && zend_is_true(val)) {
1700 ssl_ctx_options |= SSL_OP_NO_TICKET;
1701 }
1702
1703 ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1704
1705 #ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
1706 /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */
1707 ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
1708 #endif
1709
1710 if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) {
1711 ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
1712 }
1713
1714 if (GET_VER_OPT("verify_peer") && !zend_is_true(val)) {
1715 php_openssl_disable_peer_verification(sslsock->ctx, stream);
1716 } else if (FAILURE == php_openssl_enable_peer_verification(sslsock->ctx, stream)) {
1717 return FAILURE;
1718 }
1719
1720 /* callback for the passphrase (for localcert) */
1721 if (GET_VER_OPT("passphrase")) {
1722 SSL_CTX_set_default_passwd_cb_userdata(sslsock->ctx, stream);
1723 SSL_CTX_set_default_passwd_cb(sslsock->ctx, php_openssl_passwd_callback);
1724 }
1725
1726 GET_VER_OPT_STRING("ciphers", cipherlist);
1727 #ifndef USE_OPENSSL_SYSTEM_CIPHERS
1728 if (!cipherlist) {
1729 cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS;
1730 }
1731 #endif
1732 if (cipherlist) {
1733 if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
1734 return FAILURE;
1735 }
1736 }
1737
1738 if (GET_VER_OPT("security_level")) {
1739 zend_long lval = zval_get_long(val);
1740 if (lval < 0 || lval > 5) {
1741 php_error_docref(NULL, E_WARNING, "Security level must be between 0 and 5");
1742 }
1743 #ifdef HAVE_SEC_LEVEL
1744 SSL_CTX_set_security_level(sslsock->ctx, lval);
1745 #endif
1746 }
1747
1748 GET_VER_OPT_STRING("alpn_protocols", alpn_protocols);
1749 if (alpn_protocols) {
1750 #ifdef HAVE_TLS_ALPN
1751 {
1752 unsigned short alpn_len;
1753 unsigned char *alpn = php_openssl_alpn_protos_parse(&alpn_len, alpn_protocols);
1754
1755 if (alpn == NULL) {
1756 php_error_docref(NULL, E_WARNING, "Failed parsing comma-separated TLS ALPN protocol string");
1757 SSL_CTX_free(sslsock->ctx);
1758 sslsock->ctx = NULL;
1759 return FAILURE;
1760 }
1761 if (sslsock->is_client) {
1762 SSL_CTX_set_alpn_protos(sslsock->ctx, alpn, alpn_len);
1763 } else {
1764 sslsock->alpn_ctx.data = (unsigned char *) pestrndup((const char*)alpn, alpn_len, php_stream_is_persistent(stream));
1765 sslsock->alpn_ctx.len = alpn_len;
1766 SSL_CTX_set_alpn_select_cb(sslsock->ctx, php_openssl_server_alpn_callback, sslsock);
1767 }
1768
1769 efree(alpn);
1770 }
1771 #else
1772 php_error_docref(NULL, E_WARNING,
1773 "alpn_protocols support is not compiled into the OpenSSL library against which PHP is linked");
1774 #endif
1775 }
1776
1777 if (FAILURE == php_openssl_set_local_cert(sslsock->ctx, stream)) {
1778 return FAILURE;
1779 }
1780
1781 SSL_CTX_set_options(sslsock->ctx, ssl_ctx_options);
1782
1783 #if PHP_OPENSSL_API_VERSION >= 0x10100
1784 SSL_CTX_set_min_proto_version(sslsock->ctx, php_openssl_get_min_proto_version(method_flags));
1785 SSL_CTX_set_max_proto_version(sslsock->ctx, php_openssl_get_max_proto_version(method_flags));
1786 #endif
1787
1788 if (sslsock->is_client == 0 &&
1789 PHP_STREAM_CONTEXT(stream) &&
1790 FAILURE == php_openssl_set_server_specific_opts(stream, sslsock->ctx)
1791 ) {
1792 return FAILURE;
1793 }
1794
1795 sslsock->ssl_handle = SSL_new(sslsock->ctx);
1796
1797 if (sslsock->ssl_handle == NULL) {
1798 php_error_docref(NULL, E_WARNING, "SSL handle creation failure");
1799 SSL_CTX_free(sslsock->ctx);
1800 sslsock->ctx = NULL;
1801 #ifdef HAVE_TLS_ALPN
1802 if (sslsock->alpn_ctx.data) {
1803 pefree(sslsock->alpn_ctx.data, php_stream_is_persistent(stream));
1804 sslsock->alpn_ctx.data = NULL;
1805 }
1806 #endif
1807 return FAILURE;
1808 } else {
1809 SSL_set_ex_data(sslsock->ssl_handle, php_openssl_get_ssl_stream_data_index(), stream);
1810 }
1811
1812 if (!SSL_set_fd(sslsock->ssl_handle, sslsock->s.socket)) {
1813 php_openssl_handle_ssl_error(stream, 0, 1);
1814 }
1815
1816 #ifdef HAVE_TLS_SNI
1817 /* Enable server-side SNI */
1818 if (!sslsock->is_client && php_openssl_enable_server_sni(stream, sslsock) == FAILURE) {
1819 return FAILURE;
1820 }
1821 #endif
1822
1823 /* Enable server-side handshake renegotiation rate-limiting */
1824 if (!sslsock->is_client) {
1825 php_openssl_init_server_reneg_limit(stream, sslsock);
1826 }
1827
1828 #ifdef SSL_MODE_RELEASE_BUFFERS
1829 SSL_set_mode(sslsock->ssl_handle, SSL_MODE_RELEASE_BUFFERS);
1830 #endif
1831
1832 if (cparam->inputs.session) {
1833 if (cparam->inputs.session->ops != &php_openssl_socket_ops) {
1834 php_error_docref(NULL, E_WARNING, "Supplied session stream must be an SSL enabled stream");
1835 } else if (((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle == NULL) {
1836 php_error_docref(NULL, E_WARNING, "Supplied SSL session stream is not initialized");
1837 } else {
1838 SSL_copy_session_id(sslsock->ssl_handle, ((php_openssl_netstream_data_t*)cparam->inputs.session->abstract)->ssl_handle);
1839 }
1840 }
1841
1842 return SUCCESS;
1843 }
1844 /* }}} */
1845
php_openssl_capture_peer_certs(php_stream * stream,php_openssl_netstream_data_t * sslsock,X509 * peer_cert)1846 static int php_openssl_capture_peer_certs(php_stream *stream,
1847 php_openssl_netstream_data_t *sslsock, X509 *peer_cert) /* {{{ */
1848 {
1849 zval *val, zcert;
1850 php_openssl_certificate_object *cert_object;
1851 int cert_captured = 0;
1852
1853 if (NULL != (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream),
1854 "ssl", "capture_peer_cert")) &&
1855 zend_is_true(val)
1856 ) {
1857 object_init_ex(&zcert, php_openssl_certificate_ce);
1858 cert_object = Z_OPENSSL_CERTIFICATE_P(&zcert);
1859 cert_object->x509 = peer_cert;
1860
1861 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_certificate", &zcert);
1862 zval_ptr_dtor(&zcert);
1863 cert_captured = 1;
1864 }
1865
1866 if (NULL != (val = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream),
1867 "ssl", "capture_peer_cert_chain")) &&
1868 zend_is_true(val)
1869 ) {
1870 zval arr;
1871 STACK_OF(X509) *chain;
1872
1873 chain = SSL_get_peer_cert_chain(sslsock->ssl_handle);
1874
1875 if (chain && sk_X509_num(chain) > 0) {
1876 int i;
1877 array_init(&arr);
1878
1879 for (i = 0; i < sk_X509_num(chain); i++) {
1880 X509 *mycert = X509_dup(sk_X509_value(chain, i));
1881
1882 object_init_ex(&zcert, php_openssl_certificate_ce);
1883 cert_object = Z_OPENSSL_CERTIFICATE_P(&zcert);
1884 cert_object->x509 = mycert;
1885 add_next_index_zval(&arr, &zcert);
1886 }
1887
1888 } else {
1889 ZVAL_NULL(&arr);
1890 }
1891
1892 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_certificate_chain", &arr);
1893 zval_ptr_dtor(&arr);
1894 }
1895
1896 return cert_captured;
1897 }
1898 /* }}} */
1899
php_openssl_enable_crypto(php_stream * stream,php_openssl_netstream_data_t * sslsock,php_stream_xport_crypto_param * cparam)1900 static int php_openssl_enable_crypto(php_stream *stream,
1901 php_openssl_netstream_data_t *sslsock,
1902 php_stream_xport_crypto_param *cparam) /* {{{ */
1903 {
1904 int n;
1905 int retry = 1;
1906 int cert_captured = 0;
1907 X509 *peer_cert;
1908
1909 if (cparam->inputs.activate && !sslsock->ssl_active) {
1910 struct timeval start_time, *timeout;
1911 int blocked = sslsock->s.is_blocked, has_timeout = 0;
1912
1913 #ifdef HAVE_TLS_SNI
1914 if (sslsock->is_client) {
1915 php_openssl_enable_client_sni(stream, sslsock);
1916 }
1917 #endif
1918
1919 if (!sslsock->state_set) {
1920 if (sslsock->is_client) {
1921 SSL_set_connect_state(sslsock->ssl_handle);
1922 } else {
1923 SSL_set_accept_state(sslsock->ssl_handle);
1924 }
1925 sslsock->state_set = 1;
1926 }
1927
1928 if (SUCCESS == php_set_sock_blocking(sslsock->s.socket, 0)) {
1929 sslsock->s.is_blocked = 0;
1930 /* The following mode are added only if we are able to change socket
1931 * to non blocking mode which is also used for read and write */
1932 SSL_set_mode(sslsock->ssl_handle, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1933 }
1934
1935 timeout = sslsock->is_client ? &sslsock->connect_timeout : &sslsock->s.timeout;
1936 has_timeout = !sslsock->s.is_blocked && (timeout->tv_sec > 0 || (timeout->tv_sec == 0 && timeout->tv_usec));
1937 /* gettimeofday is not monotonic; using it here is not strictly correct */
1938 if (has_timeout) {
1939 gettimeofday(&start_time, NULL);
1940 }
1941
1942 do {
1943 struct timeval cur_time, elapsed_time;
1944
1945 ERR_clear_error();
1946 if (sslsock->is_client) {
1947 n = SSL_connect(sslsock->ssl_handle);
1948 } else {
1949 n = SSL_accept(sslsock->ssl_handle);
1950 }
1951
1952 if (has_timeout) {
1953 gettimeofday(&cur_time, NULL);
1954 elapsed_time = php_openssl_subtract_timeval(cur_time, start_time);
1955
1956 if (php_openssl_compare_timeval( elapsed_time, *timeout) > 0) {
1957 php_error_docref(NULL, E_WARNING, "SSL: Handshake timed out");
1958 return -1;
1959 }
1960 }
1961
1962 if (n <= 0) {
1963 /* in case of SSL_ERROR_WANT_READ/WRITE, do not retry in non-blocking mode */
1964 retry = php_openssl_handle_ssl_error(stream, n, blocked);
1965 if (retry) {
1966 /* wait until something interesting happens in the socket. It may be a
1967 * timeout. Also consider the unlikely of possibility of a write block */
1968 int err = SSL_get_error(sslsock->ssl_handle, n);
1969 struct timeval left_time;
1970
1971 if (has_timeout) {
1972 left_time = php_openssl_subtract_timeval(*timeout, elapsed_time);
1973 }
1974 php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_READ) ?
1975 (POLLIN|POLLPRI) : POLLOUT, has_timeout ? &left_time : NULL);
1976 }
1977 } else {
1978 retry = 0;
1979 }
1980 } while (retry);
1981
1982 if (sslsock->s.is_blocked != blocked && SUCCESS == php_set_sock_blocking(sslsock->s.socket, blocked)) {
1983 sslsock->s.is_blocked = blocked;
1984 }
1985
1986 if (n == 1) {
1987 peer_cert = SSL_get_peer_certificate(sslsock->ssl_handle);
1988 if (peer_cert && PHP_STREAM_CONTEXT(stream)) {
1989 cert_captured = php_openssl_capture_peer_certs(stream, sslsock, peer_cert);
1990 }
1991
1992 if (FAILURE == php_openssl_apply_peer_verification_policy(sslsock->ssl_handle, peer_cert, stream)) {
1993 SSL_shutdown(sslsock->ssl_handle);
1994 n = -1;
1995 } else {
1996 sslsock->ssl_active = 1;
1997 }
1998 } else if (errno == EAGAIN) {
1999 n = 0;
2000 } else {
2001 n = -1;
2002 /* We want to capture the peer cert even if verification fails*/
2003 peer_cert = SSL_get_peer_certificate(sslsock->ssl_handle);
2004 if (peer_cert && PHP_STREAM_CONTEXT(stream)) {
2005 cert_captured = php_openssl_capture_peer_certs(stream, sslsock, peer_cert);
2006 }
2007 }
2008
2009 if (n && peer_cert && cert_captured == 0) {
2010 X509_free(peer_cert);
2011 }
2012
2013 return n;
2014
2015 } else if (!cparam->inputs.activate && sslsock->ssl_active) {
2016 /* deactivate - common for server/client */
2017 SSL_shutdown(sslsock->ssl_handle);
2018 sslsock->ssl_active = 0;
2019 }
2020
2021 return -1;
2022 }
2023 /* }}} */
2024
php_openssl_sockop_read(php_stream * stream,char * buf,size_t count)2025 static ssize_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t count) /* {{{ */
2026 {
2027 return php_openssl_sockop_io( 1, stream, buf, count );
2028 }
2029 /* }}} */
2030
php_openssl_sockop_write(php_stream * stream,const char * buf,size_t count)2031 static ssize_t php_openssl_sockop_write(php_stream *stream, const char *buf, size_t count) /* {{{ */
2032 {
2033 return php_openssl_sockop_io( 0, stream, (char*)buf, count );
2034 }
2035 /* }}} */
2036
2037 /**
2038 * Factored out common functionality (blocking, timeout, loop management) for read and write.
2039 * Perform IO (read or write) to an SSL socket. If we have a timeout, we switch to non-blocking mode
2040 * for the duration of the operation, using select to do our waits. If we time out, or we have an error
2041 * report that back to PHP
2042 */
php_openssl_sockop_io(int read,php_stream * stream,char * buf,size_t count)2043 static ssize_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, size_t count) /* {{{ */
2044 {
2045 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
2046
2047 /* Only do this if SSL is active. */
2048 if (sslsock->ssl_active) {
2049 int retry = 1;
2050 struct timeval start_time;
2051 struct timeval *timeout = NULL;
2052 int began_blocked = sslsock->s.is_blocked;
2053 int has_timeout = 0;
2054 int nr_bytes = 0;
2055
2056 /* prevent overflow in openssl */
2057 if (count > INT_MAX) {
2058 count = INT_MAX;
2059 }
2060
2061 /* never use a timeout with non-blocking sockets */
2062 if (began_blocked) {
2063 timeout = &sslsock->s.timeout;
2064 }
2065
2066 if (timeout && php_set_sock_blocking(sslsock->s.socket, 0) == SUCCESS) {
2067 sslsock->s.is_blocked = 0;
2068 }
2069
2070 if (!sslsock->s.is_blocked && timeout && (timeout->tv_sec > 0 || (timeout->tv_sec == 0 && timeout->tv_usec))) {
2071 has_timeout = 1;
2072 /* gettimeofday is not monotonic; using it here is not strictly correct */
2073 gettimeofday(&start_time, NULL);
2074 }
2075
2076 /* Main IO loop. */
2077 do {
2078 struct timeval cur_time, elapsed_time, left_time;
2079
2080 /* If we have a timeout to check, figure out how much time has elapsed since we started. */
2081 if (has_timeout) {
2082 gettimeofday(&cur_time, NULL);
2083
2084 /* Determine how much time we've taken so far. */
2085 elapsed_time = php_openssl_subtract_timeval(cur_time, start_time);
2086
2087 /* and return an error if we've taken too long. */
2088 if (php_openssl_compare_timeval(elapsed_time, *timeout) > 0 ) {
2089 /* If the socket was originally blocking, set it back. */
2090 if (began_blocked) {
2091 php_set_sock_blocking(sslsock->s.socket, 1);
2092 sslsock->s.is_blocked = 1;
2093 }
2094 sslsock->s.timeout_event = 1;
2095 return -1;
2096 }
2097 }
2098
2099 /* Now, do the IO operation. Don't block if we can't complete... */
2100 ERR_clear_error();
2101 if (read) {
2102 nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count);
2103
2104 if (sslsock->reneg && sslsock->reneg->should_close) {
2105 /* renegotiation rate limiting triggered */
2106 php_stream_xport_shutdown(stream, (stream_shutdown_t)SHUT_RDWR);
2107 nr_bytes = 0;
2108 stream->eof = 1;
2109 break;
2110 }
2111 } else {
2112 nr_bytes = SSL_write(sslsock->ssl_handle, buf, (int)count);
2113 }
2114
2115 /* Now, how much time until we time out? */
2116 if (has_timeout) {
2117 left_time = php_openssl_subtract_timeval( *timeout, elapsed_time );
2118 }
2119
2120 /* If we didn't do anything on the last loop (or an error) check to see if we should retry or exit. */
2121 if (nr_bytes <= 0) {
2122
2123 /* Get the error code from SSL, and check to see if it's an error or not. */
2124 int err = SSL_get_error(sslsock->ssl_handle, nr_bytes );
2125 retry = php_openssl_handle_ssl_error(stream, nr_bytes, 0);
2126
2127 /* If we get this (the above doesn't check) then we'll retry as well. */
2128 if (errno == EAGAIN && err == SSL_ERROR_WANT_READ && read) {
2129 retry = 1;
2130 }
2131 if (errno == EAGAIN && err == SSL_ERROR_WANT_WRITE && read == 0) {
2132 retry = 1;
2133 }
2134
2135 /* Also, on reads, we may get this condition on an EOF. We should check properly. */
2136 if (read) {
2137 stream->eof = (retry == 0 && errno != EAGAIN && !SSL_pending(sslsock->ssl_handle));
2138 }
2139
2140 /* Don't loop indefinitely in non-blocking mode if no data is available */
2141 if (began_blocked == 0) {
2142 break;
2143 }
2144
2145 /* Now, if we have to wait some time, and we're supposed to be blocking, wait for the socket to become
2146 * available. Now, php_pollfd_for uses select to wait up to our time_left value only...
2147 */
2148 if (retry) {
2149 if (read) {
2150 php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_WRITE) ?
2151 (POLLOUT|POLLPRI) : (POLLIN|POLLPRI), has_timeout ? &left_time : NULL);
2152 } else {
2153 php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_READ) ?
2154 (POLLIN|POLLPRI) : (POLLOUT|POLLPRI), has_timeout ? &left_time : NULL);
2155 }
2156 }
2157 } else {
2158 /* Else, if we got bytes back, check for possible errors. */
2159 int err = SSL_get_error(sslsock->ssl_handle, nr_bytes);
2160
2161 /* If we didn't get any error, then let's return it to PHP. */
2162 if (err == SSL_ERROR_NONE) {
2163 break;
2164 }
2165
2166 /* Otherwise, we need to wait again (up to time_left or we get an error) */
2167 if (began_blocked) {
2168 if (read) {
2169 php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_WRITE) ?
2170 (POLLOUT|POLLPRI) : (POLLIN|POLLPRI), has_timeout ? &left_time : NULL);
2171 } else {
2172 php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_READ) ?
2173 (POLLIN|POLLPRI) : (POLLOUT|POLLPRI), has_timeout ? &left_time : NULL);
2174 }
2175 }
2176 }
2177
2178 /* Finally, we keep going until we got data, and an SSL_ERROR_NONE, unless we had an error. */
2179 } while (retry);
2180
2181 /* Tell PHP if we read / wrote bytes. */
2182 if (nr_bytes > 0) {
2183 php_stream_notify_progress_increment(PHP_STREAM_CONTEXT(stream), nr_bytes, 0);
2184 }
2185
2186 /* And if we were originally supposed to be blocking, let's reset the socket to that. */
2187 if (began_blocked && php_set_sock_blocking(sslsock->s.socket, 1) == SUCCESS) {
2188 sslsock->s.is_blocked = 1;
2189 }
2190
2191 return 0 > nr_bytes ? 0 : nr_bytes;
2192 } else {
2193 size_t nr_bytes = 0;
2194
2195 /* This block is if we had no timeout... We will just sit and wait forever on the IO operation. */
2196 if (read) {
2197 nr_bytes = php_stream_socket_ops.read(stream, buf, count);
2198 } else {
2199 nr_bytes = php_stream_socket_ops.write(stream, buf, count);
2200 }
2201
2202 return nr_bytes;
2203 }
2204 }
2205 /* }}} */
2206
php_openssl_subtract_timeval(struct timeval a,struct timeval b)2207 static struct timeval php_openssl_subtract_timeval(struct timeval a, struct timeval b) /* {{{ */
2208 {
2209 struct timeval difference;
2210
2211 difference.tv_sec = a.tv_sec - b.tv_sec;
2212 difference.tv_usec = a.tv_usec - b.tv_usec;
2213
2214 if (a.tv_usec < b.tv_usec) {
2215 difference.tv_sec -= 1L;
2216 difference.tv_usec += 1000000L;
2217 }
2218
2219 return difference;
2220 }
2221 /* }}} */
2222
php_openssl_compare_timeval(struct timeval a,struct timeval b)2223 static int php_openssl_compare_timeval( struct timeval a, struct timeval b )
2224 {
2225 if (a.tv_sec > b.tv_sec || (a.tv_sec == b.tv_sec && a.tv_usec > b.tv_usec) ) {
2226 return 1;
2227 } else if( a.tv_sec == b.tv_sec && a.tv_usec == b.tv_usec ) {
2228 return 0;
2229 } else {
2230 return -1;
2231 }
2232 }
2233
php_openssl_sockop_close(php_stream * stream,int close_handle)2234 static int php_openssl_sockop_close(php_stream *stream, int close_handle) /* {{{ */
2235 {
2236 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
2237 #ifdef PHP_WIN32
2238 int n;
2239 #endif
2240 unsigned i;
2241
2242 if (close_handle) {
2243 if (sslsock->ssl_active) {
2244 SSL_shutdown(sslsock->ssl_handle);
2245 sslsock->ssl_active = 0;
2246 }
2247 if (sslsock->ssl_handle) {
2248 SSL_free(sslsock->ssl_handle);
2249 sslsock->ssl_handle = NULL;
2250 }
2251 if (sslsock->ctx) {
2252 SSL_CTX_free(sslsock->ctx);
2253 sslsock->ctx = NULL;
2254 }
2255 #ifdef HAVE_TLS_ALPN
2256 if (sslsock->alpn_ctx.data) {
2257 pefree(sslsock->alpn_ctx.data, php_stream_is_persistent(stream));
2258 }
2259 #endif
2260 #ifdef PHP_WIN32
2261 if (sslsock->s.socket == -1)
2262 sslsock->s.socket = SOCK_ERR;
2263 #endif
2264 if (sslsock->s.socket != SOCK_ERR) {
2265 #ifdef PHP_WIN32
2266 /* prevent more data from coming in */
2267 shutdown(sslsock->s.socket, SHUT_RD);
2268
2269 /* try to make sure that the OS sends all data before we close the connection.
2270 * Essentially, we are waiting for the socket to become writeable, which means
2271 * that all pending data has been sent.
2272 * We use a small timeout which should encourage the OS to send the data,
2273 * but at the same time avoid hanging indefinitely.
2274 * */
2275 do {
2276 n = php_pollfd_for_ms(sslsock->s.socket, POLLOUT, 500);
2277 } while (n == -1 && php_socket_errno() == EINTR);
2278 #endif
2279 closesocket(sslsock->s.socket);
2280 sslsock->s.socket = SOCK_ERR;
2281 }
2282 }
2283
2284 if (sslsock->sni_certs) {
2285 for (i = 0; i < sslsock->sni_cert_count; i++) {
2286 if (sslsock->sni_certs[i].ctx) {
2287 SSL_CTX_free(sslsock->sni_certs[i].ctx);
2288 pefree(sslsock->sni_certs[i].name, php_stream_is_persistent(stream));
2289 }
2290 }
2291 pefree(sslsock->sni_certs, php_stream_is_persistent(stream));
2292 sslsock->sni_certs = NULL;
2293 }
2294
2295 if (sslsock->url_name) {
2296 pefree(sslsock->url_name, php_stream_is_persistent(stream));
2297 }
2298
2299 if (sslsock->reneg) {
2300 pefree(sslsock->reneg, php_stream_is_persistent(stream));
2301 }
2302
2303 pefree(sslsock, php_stream_is_persistent(stream));
2304
2305 return 0;
2306 }
2307 /* }}} */
2308
php_openssl_sockop_flush(php_stream * stream)2309 static int php_openssl_sockop_flush(php_stream *stream) /* {{{ */
2310 {
2311 return php_stream_socket_ops.flush(stream);
2312 }
2313 /* }}} */
2314
php_openssl_sockop_stat(php_stream * stream,php_stream_statbuf * ssb)2315 static int php_openssl_sockop_stat(php_stream *stream, php_stream_statbuf *ssb) /* {{{ */
2316 {
2317 return php_stream_socket_ops.stat(stream, ssb);
2318 }
2319 /* }}} */
2320
php_openssl_tcp_sockop_accept(php_stream * stream,php_openssl_netstream_data_t * sock,php_stream_xport_param * xparam STREAMS_DC)2321 static inline int php_openssl_tcp_sockop_accept(php_stream *stream, php_openssl_netstream_data_t *sock,
2322 php_stream_xport_param *xparam STREAMS_DC) /* {{{ */
2323 {
2324 int clisock;
2325 bool nodelay = 0;
2326 zval *tmpzval = NULL;
2327
2328 xparam->outputs.client = NULL;
2329
2330 if (PHP_STREAM_CONTEXT(stream) &&
2331 (tmpzval = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "socket", "tcp_nodelay")) != NULL &&
2332 zend_is_true(tmpzval)) {
2333 nodelay = 1;
2334 }
2335
2336 clisock = php_network_accept_incoming(sock->s.socket,
2337 xparam->want_textaddr ? &xparam->outputs.textaddr : NULL,
2338 xparam->want_addr ? &xparam->outputs.addr : NULL,
2339 xparam->want_addr ? &xparam->outputs.addrlen : NULL,
2340 xparam->inputs.timeout,
2341 xparam->want_errortext ? &xparam->outputs.error_text : NULL,
2342 &xparam->outputs.error_code,
2343 nodelay);
2344
2345 if (clisock >= 0) {
2346 php_openssl_netstream_data_t *clisockdata = (php_openssl_netstream_data_t*) emalloc(sizeof(*clisockdata));
2347
2348 /* copy underlying tcp fields */
2349 memset(clisockdata, 0, sizeof(*clisockdata));
2350 memcpy(clisockdata, sock, sizeof(clisockdata->s));
2351
2352 clisockdata->s.socket = clisock;
2353 #ifdef __linux__
2354 /* O_NONBLOCK is not inherited on Linux */
2355 clisockdata->s.is_blocked = 1;
2356 #endif
2357
2358 xparam->outputs.client = php_stream_alloc_rel(stream->ops, clisockdata, NULL, "r+");
2359 if (xparam->outputs.client) {
2360 xparam->outputs.client->ctx = stream->ctx;
2361 if (stream->ctx) {
2362 GC_ADDREF(stream->ctx);
2363 }
2364 }
2365
2366 if (xparam->outputs.client && sock->enable_on_connect) {
2367 /* remove the client bit */
2368 sock->method &= ~STREAM_CRYPTO_IS_CLIENT;
2369
2370 clisockdata->method = sock->method;
2371
2372 if (php_stream_xport_crypto_setup(xparam->outputs.client, clisockdata->method,
2373 NULL) < 0 || php_stream_xport_crypto_enable(
2374 xparam->outputs.client, 1) < 0) {
2375 php_error_docref(NULL, E_WARNING, "Failed to enable crypto");
2376
2377 php_stream_close(xparam->outputs.client);
2378 xparam->outputs.client = NULL;
2379 xparam->outputs.returncode = -1;
2380 }
2381 }
2382 }
2383
2384 return xparam->outputs.client == NULL ? -1 : 0;
2385 }
2386 /* }}} */
2387
php_openssl_sockop_set_option(php_stream * stream,int option,int value,void * ptrparam)2388 static int php_openssl_sockop_set_option(php_stream *stream, int option, int value, void *ptrparam) /* {{{ */
2389 {
2390 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
2391 php_stream_xport_crypto_param *cparam = (php_stream_xport_crypto_param *)ptrparam;
2392 php_stream_xport_param *xparam = (php_stream_xport_param *)ptrparam;
2393
2394 switch (option) {
2395 case PHP_STREAM_OPTION_META_DATA_API:
2396 if (sslsock->ssl_active) {
2397 zval tmp;
2398 char *proto_str;
2399 const SSL_CIPHER *cipher;
2400
2401 array_init(&tmp);
2402
2403 switch (SSL_version(sslsock->ssl_handle)) {
2404 #ifdef HAVE_TLS13
2405 case TLS1_3_VERSION: proto_str = "TLSv1.3"; break;
2406 #endif
2407 #ifdef HAVE_TLS12
2408 case TLS1_2_VERSION: proto_str = "TLSv1.2"; break;
2409 #endif
2410 #ifdef HAVE_TLS11
2411 case TLS1_1_VERSION: proto_str = "TLSv1.1"; break;
2412 #endif
2413 case TLS1_VERSION: proto_str = "TLSv1"; break;
2414 #ifdef HAVE_SSL3
2415 case SSL3_VERSION: proto_str = "SSLv3"; break;
2416 #endif
2417 default: proto_str = "UNKNOWN";
2418 }
2419
2420 cipher = SSL_get_current_cipher(sslsock->ssl_handle);
2421
2422 add_assoc_string(&tmp, "protocol", proto_str);
2423 add_assoc_string(&tmp, "cipher_name", (char *) SSL_CIPHER_get_name(cipher));
2424 add_assoc_long(&tmp, "cipher_bits", SSL_CIPHER_get_bits(cipher, NULL));
2425 add_assoc_string(&tmp, "cipher_version", SSL_CIPHER_get_version(cipher));
2426
2427 #ifdef HAVE_TLS_ALPN
2428 {
2429 const unsigned char *alpn_proto = NULL;
2430 unsigned int alpn_proto_len = 0;
2431
2432 SSL_get0_alpn_selected(sslsock->ssl_handle, &alpn_proto, &alpn_proto_len);
2433 if (alpn_proto) {
2434 add_assoc_stringl(&tmp, "alpn_protocol", (char *)alpn_proto, alpn_proto_len);
2435 }
2436 }
2437 #endif
2438 add_assoc_zval((zval *)ptrparam, "crypto", &tmp);
2439 }
2440
2441 add_assoc_bool((zval *)ptrparam, "timed_out", sslsock->s.timeout_event);
2442 add_assoc_bool((zval *)ptrparam, "blocked", sslsock->s.is_blocked);
2443 add_assoc_bool((zval *)ptrparam, "eof", stream->eof);
2444
2445 return PHP_STREAM_OPTION_RETURN_OK;
2446
2447 case PHP_STREAM_OPTION_CHECK_LIVENESS:
2448 {
2449 struct timeval tv;
2450 char buf;
2451 int alive = 1;
2452
2453 if (value == -1) {
2454 if (sslsock->s.timeout.tv_sec == -1) {
2455 #ifdef _WIN32
2456 tv.tv_sec = (long)FG(default_socket_timeout);
2457 #else
2458 tv.tv_sec = (time_t)FG(default_socket_timeout);
2459 #endif
2460 tv.tv_usec = 0;
2461 } else {
2462 tv = sslsock->connect_timeout;
2463 }
2464 } else {
2465 tv.tv_sec = value;
2466 tv.tv_usec = 0;
2467 }
2468
2469 if (sslsock->s.socket == -1) {
2470 alive = 0;
2471 } else if (
2472 (
2473 !sslsock->ssl_active &&
2474 value == 0 &&
2475 !(stream->flags & PHP_STREAM_FLAG_NO_IO) &&
2476 ((MSG_DONTWAIT != 0) || !sslsock->s.is_blocked)
2477 ) ||
2478 php_pollfd_for(sslsock->s.socket, PHP_POLLREADABLE|POLLPRI, &tv) > 0
2479 ) {
2480 /* the poll() call was skipped if the socket is non-blocking (or MSG_DONTWAIT is available) and if the timeout is zero */
2481 /* additionally, we don't use this optimization if SSL is active because in that case, we're not using MSG_DONTWAIT */
2482 if (sslsock->ssl_active) {
2483 int retry = 1;
2484 struct timeval start_time;
2485 struct timeval *timeout = NULL;
2486 int began_blocked = sslsock->s.is_blocked;
2487 int has_timeout = 0;
2488
2489 /* never use a timeout with non-blocking sockets */
2490 if (began_blocked) {
2491 timeout = &tv;
2492 }
2493
2494 if (timeout && php_set_sock_blocking(sslsock->s.socket, 0) == SUCCESS) {
2495 sslsock->s.is_blocked = 0;
2496 }
2497
2498 if (!sslsock->s.is_blocked && timeout && (timeout->tv_sec > 0 || (timeout->tv_sec == 0 && timeout->tv_usec))) {
2499 has_timeout = 1;
2500 /* gettimeofday is not monotonic; using it here is not strictly correct */
2501 gettimeofday(&start_time, NULL);
2502 }
2503
2504 /* Main IO loop. */
2505 do {
2506 struct timeval cur_time, elapsed_time, left_time;
2507
2508 /* If we have a timeout to check, figure out how much time has elapsed since we started. */
2509 if (has_timeout) {
2510 gettimeofday(&cur_time, NULL);
2511
2512 /* Determine how much time we've taken so far. */
2513 elapsed_time = php_openssl_subtract_timeval(cur_time, start_time);
2514
2515 /* and return an error if we've taken too long. */
2516 if (php_openssl_compare_timeval(elapsed_time, *timeout) > 0 ) {
2517 /* If the socket was originally blocking, set it back. */
2518 if (began_blocked) {
2519 php_set_sock_blocking(sslsock->s.socket, 1);
2520 sslsock->s.is_blocked = 1;
2521 }
2522 sslsock->s.timeout_event = 1;
2523 return PHP_STREAM_OPTION_RETURN_ERR;
2524 }
2525 }
2526
2527 int n = SSL_peek(sslsock->ssl_handle, &buf, sizeof(buf));
2528 /* If we didn't do anything on the last loop (or an error) check to see if we should retry or exit. */
2529 if (n <= 0) {
2530 /* Now, do the IO operation. Don't block if we can't complete... */
2531 int err = SSL_get_error(sslsock->ssl_handle, n);
2532 switch (err) {
2533 case SSL_ERROR_SYSCALL:
2534 retry = php_socket_errno() == EAGAIN;
2535 break;
2536 case SSL_ERROR_WANT_READ:
2537 case SSL_ERROR_WANT_WRITE:
2538 retry = 1;
2539 break;
2540 default:
2541 /* any other problem is a fatal error */
2542 retry = 0;
2543 }
2544
2545 /* Don't loop indefinitely in non-blocking mode if no data is available */
2546 if (began_blocked == 0 || !has_timeout) {
2547 alive = retry;
2548 break;
2549 }
2550
2551 /* Now, if we have to wait some time, and we're supposed to be blocking, wait for the socket to become
2552 * available. Now, php_pollfd_for uses select to wait up to our time_left value only...
2553 */
2554 if (retry) {
2555 /* Now, how much time until we time out? */
2556 left_time = php_openssl_subtract_timeval(*timeout, elapsed_time);
2557 if (php_pollfd_for(sslsock->s.socket, PHP_POLLREADABLE|POLLPRI|POLLOUT, has_timeout ? &left_time : NULL) <= 0) {
2558 retry = 0;
2559 alive = 0;
2560 };
2561 }
2562 } else {
2563 retry = 0;
2564 alive = 1;
2565 }
2566 /* Finally, we keep going until there are any data or there is no time to wait. */
2567 } while (retry);
2568
2569 if (began_blocked && !sslsock->s.is_blocked) {
2570 // Set it back to blocking
2571 php_set_sock_blocking(sslsock->s.socket, 1);
2572 sslsock->s.is_blocked = 1;
2573 }
2574 } else {
2575 #ifdef PHP_WIN32
2576 int ret;
2577 #else
2578 ssize_t ret;
2579 #endif
2580
2581 ret = recv(sslsock->s.socket, &buf, sizeof(buf), MSG_PEEK|MSG_DONTWAIT);
2582 if (0 == ret) {
2583 /* the counterpart did properly shutdown */
2584 alive = 0;
2585 } else if (0 > ret) {
2586 int err = php_socket_errno();
2587 if (err != EWOULDBLOCK && err != EMSGSIZE && err != EAGAIN) {
2588 /* there was an unrecoverable error */
2589 alive = 0;
2590 }
2591 }
2592 }
2593 }
2594 return alive ? PHP_STREAM_OPTION_RETURN_OK : PHP_STREAM_OPTION_RETURN_ERR;
2595 }
2596
2597 case PHP_STREAM_OPTION_CRYPTO_API:
2598
2599 switch(cparam->op) {
2600
2601 case STREAM_XPORT_CRYPTO_OP_SETUP:
2602 cparam->outputs.returncode = php_openssl_setup_crypto(stream, sslsock, cparam);
2603 return PHP_STREAM_OPTION_RETURN_OK;
2604 break;
2605 case STREAM_XPORT_CRYPTO_OP_ENABLE:
2606 cparam->outputs.returncode = php_openssl_enable_crypto(stream, sslsock, cparam);
2607 return PHP_STREAM_OPTION_RETURN_OK;
2608 break;
2609 default:
2610 /* fall through */
2611 break;
2612 }
2613
2614 break;
2615
2616 case PHP_STREAM_OPTION_XPORT_API:
2617 switch(xparam->op) {
2618
2619 case STREAM_XPORT_OP_CONNECT:
2620 case STREAM_XPORT_OP_CONNECT_ASYNC:
2621 /* TODO: Async connects need to check the enable_on_connect option when
2622 * we notice that the connect has actually been established */
2623 php_stream_socket_ops.set_option(stream, option, value, ptrparam);
2624
2625 if ((sslsock->enable_on_connect) &&
2626 ((xparam->outputs.returncode == 0) ||
2627 (xparam->op == STREAM_XPORT_OP_CONNECT_ASYNC &&
2628 xparam->outputs.returncode == 1 && xparam->outputs.error_code == EINPROGRESS)))
2629 {
2630 if (php_stream_xport_crypto_setup(stream, sslsock->method, NULL) < 0 ||
2631 php_stream_xport_crypto_enable(stream, 1) < 0) {
2632 php_error_docref(NULL, E_WARNING, "Failed to enable crypto");
2633 xparam->outputs.returncode = -1;
2634 }
2635 }
2636 return PHP_STREAM_OPTION_RETURN_OK;
2637
2638 case STREAM_XPORT_OP_ACCEPT:
2639 /* we need to copy the additional fields that the underlying tcp transport
2640 * doesn't know about */
2641 xparam->outputs.returncode = php_openssl_tcp_sockop_accept(stream, sslsock, xparam STREAMS_CC);
2642
2643
2644 return PHP_STREAM_OPTION_RETURN_OK;
2645
2646 default:
2647 /* fall through */
2648 break;
2649 }
2650 }
2651
2652 return php_stream_socket_ops.set_option(stream, option, value, ptrparam);
2653 }
2654 /* }}} */
2655
php_openssl_sockop_cast(php_stream * stream,int castas,void ** ret)2656 static int php_openssl_sockop_cast(php_stream *stream, int castas, void **ret) /* {{{ */
2657 {
2658 php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract;
2659
2660 switch(castas) {
2661 case PHP_STREAM_AS_STDIO:
2662 if (sslsock->ssl_active) {
2663 return FAILURE;
2664 }
2665 if (ret) {
2666 *ret = fdopen(sslsock->s.socket, stream->mode);
2667 if (*ret) {
2668 return SUCCESS;
2669 }
2670 return FAILURE;
2671 }
2672 return SUCCESS;
2673
2674 case PHP_STREAM_AS_FD_FOR_SELECT:
2675 if (ret) {
2676 size_t pending;
2677 if (stream->writepos == stream->readpos
2678 && sslsock->ssl_active
2679 && (pending = (size_t)SSL_pending(sslsock->ssl_handle)) > 0) {
2680 php_stream_fill_read_buffer(stream, pending < stream->chunk_size
2681 ? pending
2682 : stream->chunk_size);
2683 }
2684
2685 *(php_socket_t *)ret = sslsock->s.socket;
2686 }
2687 return SUCCESS;
2688
2689 case PHP_STREAM_AS_FD:
2690 case PHP_STREAM_AS_SOCKETD:
2691 if (sslsock->ssl_active) {
2692 return FAILURE;
2693 }
2694 if (ret) {
2695 *(php_socket_t *)ret = sslsock->s.socket;
2696 }
2697 return SUCCESS;
2698 default:
2699 return FAILURE;
2700 }
2701 }
2702 /* }}} */
2703
2704 static const php_stream_ops php_openssl_socket_ops = {
2705 php_openssl_sockop_write, php_openssl_sockop_read,
2706 php_openssl_sockop_close, php_openssl_sockop_flush,
2707 "tcp_socket/ssl",
2708 NULL, /* seek */
2709 php_openssl_sockop_cast,
2710 php_openssl_sockop_stat,
2711 php_openssl_sockop_set_option,
2712 };
2713
php_openssl_get_crypto_method(php_stream_context * ctx,zend_long crypto_method)2714 static zend_long php_openssl_get_crypto_method(
2715 php_stream_context *ctx, zend_long crypto_method) /* {{{ */
2716 {
2717 zval *val;
2718
2719 if (ctx && (val = php_stream_context_get_option(ctx, "ssl", "crypto_method")) != NULL) {
2720 crypto_method = zval_get_long(val);
2721 crypto_method |= STREAM_CRYPTO_IS_CLIENT;
2722 }
2723
2724 return crypto_method;
2725 }
2726 /* }}} */
2727
php_openssl_get_url_name(const char * resourcename,size_t resourcenamelen,int is_persistent)2728 static char *php_openssl_get_url_name(const char *resourcename,
2729 size_t resourcenamelen, int is_persistent) /* {{{ */
2730 {
2731 php_url *url;
2732
2733 if (!resourcename) {
2734 return NULL;
2735 }
2736
2737 url = php_url_parse_ex(resourcename, resourcenamelen);
2738 if (!url) {
2739 return NULL;
2740 }
2741
2742 if (url->host) {
2743 const char * host = ZSTR_VAL(url->host);
2744 char * url_name = NULL;
2745 size_t len = ZSTR_LEN(url->host);
2746
2747 /* skip trailing dots */
2748 while (len && host[len-1] == '.') {
2749 --len;
2750 }
2751
2752 if (len) {
2753 url_name = pestrndup(host, len, is_persistent);
2754 }
2755
2756 php_url_free(url);
2757 return url_name;
2758 }
2759
2760 php_url_free(url);
2761 return NULL;
2762 }
2763 /* }}} */
2764
php_openssl_ssl_socket_factory(const char * proto,size_t protolen,const char * resourcename,size_t resourcenamelen,const char * persistent_id,int options,int flags,struct timeval * timeout,php_stream_context * context STREAMS_DC)2765 php_stream *php_openssl_ssl_socket_factory(const char *proto, size_t protolen,
2766 const char *resourcename, size_t resourcenamelen,
2767 const char *persistent_id, int options, int flags,
2768 struct timeval *timeout,
2769 php_stream_context *context STREAMS_DC) /* {{{ */
2770 {
2771 php_stream *stream = NULL;
2772 php_openssl_netstream_data_t *sslsock = NULL;
2773
2774 sslsock = pemalloc(sizeof(php_openssl_netstream_data_t), persistent_id ? 1 : 0);
2775 memset(sslsock, 0, sizeof(*sslsock));
2776
2777 sslsock->s.is_blocked = 1;
2778 /* this timeout is used by standard stream funcs, therefore it should use the default value */
2779 #ifdef _WIN32
2780 sslsock->s.timeout.tv_sec = (long)FG(default_socket_timeout);
2781 #else
2782 sslsock->s.timeout.tv_sec = (time_t)FG(default_socket_timeout);
2783 #endif
2784 sslsock->s.timeout.tv_usec = 0;
2785
2786 /* use separate timeout for our private funcs */
2787 sslsock->connect_timeout.tv_sec = timeout->tv_sec;
2788 sslsock->connect_timeout.tv_usec = timeout->tv_usec;
2789
2790 /* we don't know the socket until we have determined if we are binding or
2791 * connecting */
2792 sslsock->s.socket = -1;
2793
2794 /* Initialize context as NULL */
2795 sslsock->ctx = NULL;
2796
2797 stream = php_stream_alloc_rel(&php_openssl_socket_ops, sslsock, persistent_id, "r+");
2798
2799 if (stream == NULL) {
2800 pefree(sslsock, persistent_id ? 1 : 0);
2801 return NULL;
2802 }
2803
2804 if (strncmp(proto, "ssl", protolen) == 0) {
2805 sslsock->enable_on_connect = 1;
2806 sslsock->method = php_openssl_get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
2807 } else if (strncmp(proto, "sslv2", protolen) == 0) {
2808 php_error_docref(NULL, E_WARNING, "SSLv2 unavailable in this PHP version");
2809 php_stream_close(stream);
2810 return NULL;
2811 } else if (strncmp(proto, "sslv3", protolen) == 0) {
2812 #ifdef HAVE_SSL3
2813 sslsock->enable_on_connect = 1;
2814 sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
2815 #else
2816 php_error_docref(NULL, E_WARNING,
2817 "SSLv3 support is not compiled into the OpenSSL library against which PHP is linked");
2818 php_stream_close(stream);
2819 return NULL;
2820 #endif
2821 } else if (strncmp(proto, "tls", protolen) == 0) {
2822 sslsock->enable_on_connect = 1;
2823 sslsock->method = php_openssl_get_crypto_method(context, STREAM_CRYPTO_METHOD_TLS_ANY_CLIENT);
2824 } else if (strncmp(proto, "tlsv1.0", protolen) == 0) {
2825 sslsock->enable_on_connect = 1;
2826 sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT;
2827 } else if (strncmp(proto, "tlsv1.1", protolen) == 0) {
2828 #ifdef HAVE_TLS11
2829 sslsock->enable_on_connect = 1;
2830 sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
2831 #else
2832 php_error_docref(NULL, E_WARNING,
2833 "TLSv1.1 support is not compiled into the OpenSSL library against which PHP is linked");
2834 php_stream_close(stream);
2835 return NULL;
2836 #endif
2837 } else if (strncmp(proto, "tlsv1.2", protolen) == 0) {
2838 #ifdef HAVE_TLS12
2839 sslsock->enable_on_connect = 1;
2840 sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
2841 #else
2842 php_error_docref(NULL, E_WARNING,
2843 "TLSv1.2 support is not compiled into the OpenSSL library against which PHP is linked");
2844 php_stream_close(stream);
2845 return NULL;
2846 #endif
2847 } else if (strncmp(proto, "tlsv1.3", protolen) == 0) {
2848 #ifdef HAVE_TLS13
2849 sslsock->enable_on_connect = 1;
2850 sslsock->method = STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
2851 #else
2852 php_error_docref(NULL, E_WARNING,
2853 "TLSv1.3 support is not compiled into the OpenSSL library against which PHP is linked");
2854 php_stream_close(stream);
2855 return NULL;
2856 #endif
2857 }
2858
2859 sslsock->url_name = php_openssl_get_url_name(resourcename, resourcenamelen, !!persistent_id);
2860
2861 return stream;
2862 }
2863 /* }}} */
2864
