Bug #67224: stream_socket_enable_crypto()

- Allow crypto_method context value in stream_socket_enable_crypto()
- As of 5.6.x stream crypto type may be specified in the SSL context,
  making the $crypto_type parameter to stream_socket_enable_crypto()
  optional. This commit checks for a crypto type in the context prior
  to erroring out.
- Update NEWS/UPGRADING

3 files changed, 26 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 5fe882b1d0..1d100f64f3 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ PHP                                                                        NEWS
     (Nikita)
   . Fixed bug #67198 (php://input regression). (Mike)
 
+- OpenSSL:
+  . Fixed bug #67224 (Fall back to crypto_type from context if not specified
+    explicitly in stream_socket_enable_crypto). (Chris Wright)
+
 01 May 2014, PHP 5.6.0 Beta 2
 
 - CLI server:
diff --git a/UPGRADING b/UPGRADING
index d68bafde57..faf66d1ba4 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -222,6 +222,12 @@ PHP 5.6 UPGRADE NOTES
   The $source parameter of mcrypt_create_iv() now defaults to
   MCRYPT_DEV_URANDOM instead of MCRYPT_DEV_RANDOM.
 
+- OpenSSL:
+  The $crypto_type parameter is now optional in stream_socket_enable_crypto()
+  if the stream's SSL context specifies the new "crypto_type" option. The
+  crypto method from the context is used as a fallback if no crypto method is
+  specified at call-time.
+
 - XMLReader:
   XMLReader::getAttributeNs and XMLReader::getAttributeNo now return NULL if
   the attribute could not be found, just like XMLReader::getAttribute.
diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c
index 8d42a51af6..68b4cceaaa 100644
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@@ -40,6 +40,8 @@ typedef unsigned long long php_timeout_ull;
 typedef unsigned __int64 php_timeout_ull;
 #endif
 
+#define GET_CTX_OPT(stream, wrapper, name, val) (stream->context && SUCCESS == php_stream_context_get_option(stream->context, wrapper, name, &val))
+
 static php_stream_context *decode_context_param(zval *contextresource TSRMLS_DC);
 
 /* Streams based network functions */
@@ -1491,16 +1493,27 @@ PHP_FUNCTION(stream_socket_enable_crypto)
 	long cryptokind = 0;
 	zval *zstream, *zsessstream = NULL;
 	php_stream *stream, *sessstream = NULL;
-	zend_bool enable;
+	zend_bool enable, cryptokindnull;
 	int ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rb|lr", &zstream, &enable, &cryptokind, &zsessstream) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rb|l!r", &zstream, &enable, &cryptokind, &cryptokindnull, &zsessstream) == FAILURE) {
 		RETURN_FALSE;
 	}
 
 	php_stream_from_zval(stream, &zstream);
 
-	if (ZEND_NUM_ARGS() >= 3) {
+	if (enable) {
+		if (ZEND_NUM_ARGS() < 3 || cryptokindnull) {
+			zval **val;
+
+			if (!GET_CTX_OPT(stream, "ssl", "crypto_method", val)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "When enabling encryption you must specify the crypto type");
+				RETURN_FALSE;
+			}
+
+			cryptokind = Z_LVAL_PP(val);
+		}
+
 		if (zsessstream) {
 			php_stream_from_zval(sessstream, &zsessstream);
 		}
@@ -1508,9 +1521,6 @@ PHP_FUNCTION(stream_socket_enable_crypto)
 		if (php_stream_xport_crypto_setup(stream, cryptokind, sessstream TSRMLS_CC) < 0) {
 			RETURN_FALSE;
 		}
-	} else if (enable) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "When enabling encryption you must specify the crypto type");
-		RETURN_FALSE;
 	}
 
 	ret = php_stream_xport_crypto_enable(stream, enable TSRMLS_CC);