- Notifications
You must be signed in to change notification settings - Fork 7.8k
/
Copy pathphp_openssl.h
211 lines (176 loc) · 7.11 KB
/
php_openssl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
/*
+----------------------------------------------------------------------+
| Copyright (c) The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| https://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Stig Venaas <venaas@php.net> |
| Wez Furlong <wez@thebrainroom.com |
+----------------------------------------------------------------------+
*/
#ifndefPHP_OPENSSL_H
#definePHP_OPENSSL_H
#ifdefHAVE_OPENSSL_EXT
externzend_module_entryopenssl_module_entry;
#definephpext_openssl_ptr &openssl_module_entry
#include"php_version.h"
#definePHP_OPENSSL_VERSION PHP_VERSION
#include<openssl/opensslv.h>
#ifdefLIBRESSL_VERSION_NUMBER
/* LibreSSL version check */
#ifLIBRESSL_VERSION_NUMBER<0x20700000L
#definePHP_OPENSSL_API_VERSION 0x10001
#else
#definePHP_OPENSSL_API_VERSION 0x10100
#endif
#else
/* OpenSSL version check */
#ifOPENSSL_VERSION_NUMBER<0x30000000L
#definePHP_OPENSSL_API_VERSION 0x10100
#elifOPENSSL_VERSION_NUMBER<0x30200000L
#definePHP_OPENSSL_API_VERSION 0x30000
#else
#definePHP_OPENSSL_API_VERSION 0x30200
#endif
#endif
#defineOPENSSL_RAW_DATA 1
#defineOPENSSL_ZERO_PADDING 2
#defineOPENSSL_DONT_ZERO_PAD_KEY 4
#defineOPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
/* Used for client-initiated handshake renegotiation DoS protection*/
#defineOPENSSL_DEFAULT_RENEG_LIMIT 2
#defineOPENSSL_DEFAULT_RENEG_WINDOW 300
#defineOPENSSL_DEFAULT_STREAM_VERIFY_DEPTH 9
#defineOPENSSL_DEFAULT_STREAM_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
"DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:" \
"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:" \
"ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:" \
"DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:" \
"AES256-GCM-SHA384:AES128:AES256:HIGH:!SSLv2:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!RC4:!ADH"
#include<openssl/err.h>
#ifdefPHP_WIN32
# definePHP_OPENSSL_API __declspec(dllexport)
#elif defined(__GNUC__) &&__GNUC__ >= 4
# definePHP_OPENSSL_API __attribute__((visibility("default")))
#else
# definePHP_OPENSSL_API
#endif
structphp_openssl_errors {
intbuffer[ERR_NUM_ERRORS];
inttop;
intbottom;
};
ZEND_BEGIN_MODULE_GLOBALS(openssl)
structphp_openssl_errors*errors;
structphp_openssl_errors*errors_mark;
ZEND_END_MODULE_GLOBALS(openssl)
#defineOPENSSL_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(openssl, v)
#if defined(ZTS) && defined(COMPILE_DL_OPENSSL)
ZEND_TSRMLS_CACHE_EXTERN();
#endif
php_stream_transport_factory_funcphp_openssl_ssl_socket_factory;
voidphp_openssl_store_errors(void);
/* openssl file path extra */
boolphp_openssl_check_path_ex(
constchar*file_path, size_tfile_path_len, char*real_path, uint32_targ_num,
boolcontains_file_protocol, boolis_from_array, constchar*option_name);
/* openssl file path check */
staticinlineboolphp_openssl_check_path(
constchar*file_path, size_tfile_path_len, char*real_path, uint32_targ_num)
{
returnphp_openssl_check_path_ex(
file_path, file_path_len, real_path, arg_num, false, false, NULL);
}
/* openssl file path extra check with zend string */
staticinlineboolphp_openssl_check_path_str_ex(
zend_string*file_path, char*real_path, uint32_targ_num,
boolcontains_file_protocol, boolis_from_array, constchar*option_name)
{
returnphp_openssl_check_path_ex(
ZSTR_VAL(file_path), ZSTR_LEN(file_path), real_path, arg_num, contains_file_protocol,
is_from_array, option_name);
}
/* openssl file path check with zend string */
staticinlineboolphp_openssl_check_path_str(
zend_string*file_path, char*real_path, uint32_targ_num)
{
returnphp_openssl_check_path_str_ex(file_path, real_path, arg_num, true, false, NULL);
}
PHP_OPENSSL_APIzend_longphp_openssl_cipher_iv_length(constchar*method);
PHP_OPENSSL_APIzend_longphp_openssl_cipher_key_length(constchar*method);
PHP_OPENSSL_APIzend_string*php_openssl_random_pseudo_bytes(zend_longlength);
PHP_OPENSSL_APIzend_string*php_openssl_encrypt(
constchar*data, size_tdata_len,
constchar*method, size_tmethod_len,
constchar*password, size_tpassword_len,
zend_longoptions,
constchar*iv, size_tiv_len,
zval*tag, zend_longtag_len,
constchar*aad, size_taad_len);
PHP_OPENSSL_APIzend_string*php_openssl_decrypt(
constchar*data, size_tdata_len,
constchar*method, size_tmethod_len,
constchar*password, size_tpassword_len,
zend_longoptions,
constchar*iv, size_tiv_len,
constchar*tag, zend_longtag_len,
constchar*aad, size_taad_len);
/* OpenSSLCertificate class */
typedefstruct_php_openssl_certificate_object {
X509*x509;
zend_objectstd;
} php_openssl_certificate_object;
externzend_class_entry*php_openssl_certificate_ce;
staticinlinephp_openssl_certificate_object*php_openssl_certificate_from_obj(zend_object*obj) {
return (php_openssl_certificate_object*)((char*)(obj) -XtOffsetOf(php_openssl_certificate_object, std));
}
#defineZ_OPENSSL_CERTIFICATE_P(zv) php_openssl_certificate_from_obj(Z_OBJ_P(zv))
#if defined(HAVE_OPENSSL_ARGON2)
/**
* MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
* present a consistent user-facing API.
*
* When updating these values, synchronize ext/standard/php_password.h values.
*/
#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST)
#definePHP_OPENSSL_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST
#else
#definePHP_OPENSSL_PWHASH_MEMLIMIT (64 << 10)
#endif
#if defined(PHP_PASSWORD_ARGON2_TIME_COST)
#definePHP_OPENSSL_PWHASH_ITERLIMIT PHP_PASSWORD_ARGON2_TIME_COST
#else
#definePHP_OPENSSL_PWHASH_ITERLIMIT 4
#endif
#if defined(PHP_PASSWORD_ARGON2_THREADS)
#definePHP_OPENSSL_PWHASH_THREADS PHP_PASSWORD_ARGON2_THREADS
#else
#definePHP_OPENSSL_PWHASH_THREADS 1
#endif
#endif
PHP_MINIT_FUNCTION(openssl);
PHP_MSHUTDOWN_FUNCTION(openssl);
PHP_MINFO_FUNCTION(openssl);
PHP_GINIT_FUNCTION(openssl);
PHP_GSHUTDOWN_FUNCTION(openssl);
#if defined(HAVE_OPENSSL_ARGON2)
PHP_MINIT_FUNCTION(openssl_pwhash);
#endif
#ifdefPHP_WIN32
#definePHP_OPENSSL_BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")
#definePHP_OPENSSL_BIO_MODE_W(flags) (((flags) & PKCS7_BINARY) ? "wb" : "w")
#else
#definePHP_OPENSSL_BIO_MODE_R(flags) "r"
#definePHP_OPENSSL_BIO_MODE_W(flags) "w"
#endif
#else
#definephpext_openssl_ptr NULL
#endif
#endif
