diff options
Diffstat (limited to 'lib/vtls/vtls.c')
| -rw-r--r-- | lib/vtls/vtls.c | 185 |
1 files changed, 78 insertions, 107 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 3bd51fd..b8ab749 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -75,17 +75,21 @@ (1<<CURL_LOCK_DATA_SSL_SESSION))) #define CLONE_STRING(var) \ - if(source->var) { \ - dest->var = strdup(source->var); \ - if(!dest->var) \ - return FALSE; \ - } \ - else \ - dest->var = NULL; - -#define CLONE_BLOB(var) \ - if(blobdup(&dest->var, source->var)) \ - return FALSE; + do { \ + if(source->var) { \ + dest->var = strdup(source->var); \ + if(!dest->var) \ + return FALSE; \ + } \ + else \ + dest->var = NULL; \ + } while(0) + +#define CLONE_BLOB(var) \ + do { \ + if(blobdup(&dest->var, source->var)) \ + return FALSE; \ + } while(0) static CURLcode blobdup(struct curl_blob **dest, struct curl_blob *src) @@ -185,13 +189,13 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) } #ifdef USE_SSL -static int multissl_init(const struct Curl_ssl *backend); +static int multissl_setup(const struct Curl_ssl *backend); #endif int Curl_ssl_backend(void) { #ifdef USE_SSL - multissl_init(NULL); + multissl_setup(NULL); return Curl_ssl->info.id; #else return (int)CURLSSLBACKEND_NONE; @@ -287,7 +291,8 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) #endif CURLcode -Curl_ssl_connect(struct connectdata *conn, int sockindex) +Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { CURLcode result; @@ -299,26 +304,27 @@ Curl_ssl_connect(struct connectdata *conn, int sockindex) } #endif - if(!ssl_prefs_check(conn->data)) + if(!ssl_prefs_check(data)) return CURLE_SSL_CONNECT_ERROR; /* mark this is being ssl-enabled from here on. */ conn->ssl[sockindex].use = TRUE; conn->ssl[sockindex].state = ssl_connection_negotiating; - result = Curl_ssl->connect_blocking(conn, sockindex); + result = Curl_ssl->connect_blocking(data, conn, sockindex); if(!result) - Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */ + Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */ return result; } CURLcode -Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, - bool *done) +Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, + int sockindex, bool *done) { CURLcode result; + #ifndef CURL_DISABLE_PROXY if(conn->bits.proxy_ssl_connected[sockindex]) { result = ssl_connect_init_proxy(conn, sockindex); @@ -326,47 +332,46 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex, return result; } #endif - if(!ssl_prefs_check(conn->data)) + if(!ssl_prefs_check(data)) return CURLE_SSL_CONNECT_ERROR; /* mark this is being ssl requested from here on. */ conn->ssl[sockindex].use = TRUE; - result = Curl_ssl->connect_nonblocking(conn, sockindex, done); + result = Curl_ssl->connect_nonblocking(data, conn, sockindex, done); if(!result && *done) - Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */ + Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */ return result; } /* * Lock shared SSL session data */ -void Curl_ssl_sessionid_lock(struct connectdata *conn) +void Curl_ssl_sessionid_lock(struct Curl_easy *data) { - if(SSLSESSION_SHARED(conn->data)) - Curl_share_lock(conn->data, - CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE); + if(SSLSESSION_SHARED(data)) + Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE); } /* * Unlock shared SSL session data */ -void Curl_ssl_sessionid_unlock(struct connectdata *conn) +void Curl_ssl_sessionid_unlock(struct Curl_easy *data) { - if(SSLSESSION_SHARED(conn->data)) - Curl_share_unlock(conn->data, CURL_LOCK_DATA_SSL_SESSION); + if(SSLSESSION_SHARED(data)) + Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION); } /* * Check if there's a session ID for the given connection in the cache, and if * there's one suitable, it is provided. Returns TRUE when no entry matched. */ -bool Curl_ssl_getsessionid(struct connectdata *conn, +bool Curl_ssl_getsessionid(struct Curl_easy *data, + struct connectdata *conn, void **ssl_sessionid, size_t *idsize, /* set 0 if unknown */ int sockindex) { struct Curl_ssl_session *check; - struct Curl_easy *data = conn->data; size_t i; long *general_age; bool no_match = TRUE; @@ -453,10 +458,9 @@ void Curl_ssl_kill_session(struct Curl_ssl_session *session) /* * Delete the given session ID from the cache. */ -void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid) +void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid) { size_t i; - struct Curl_easy *data = conn->data; for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) { struct Curl_ssl_session *check = &data->state.session[i]; @@ -474,13 +478,13 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid) * layer. Curl_XXXX_session_free() will be called to free/kill the session ID * later on. */ -CURLcode Curl_ssl_addsessionid(struct connectdata *conn, +CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, + struct connectdata *conn, void *ssl_sessionid, size_t idsize, int sockindex) { size_t i; - struct Curl_easy *data = conn->data; /* the mother of all structs */ struct Curl_ssl_session *store = &data->state.session[0]; long oldest_age = data->state.session[0].age; /* zero if unused */ char *clone_host; @@ -620,16 +624,18 @@ int Curl_ssl_getsock(struct connectdata *conn, /* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_SECTRANSP || USE_NSS */ #endif -void Curl_ssl_close(struct connectdata *conn, int sockindex) +void Curl_ssl_close(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { DEBUGASSERT((sockindex <= 1) && (sockindex >= -1)); - Curl_ssl->close_one(conn, sockindex); + Curl_ssl->close_one(data, conn, sockindex); conn->ssl[sockindex].state = ssl_connection_none; } -CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex) +CURLcode Curl_ssl_shutdown(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { - if(Curl_ssl->shut_down(conn, sockindex)) + if(Curl_ssl->shut_down(data, conn, sockindex)) return CURLE_SSL_SHUTDOWN_FAILED; conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */ @@ -684,12 +690,12 @@ CURLcode Curl_ssl_initsessions(struct Curl_easy *data, size_t amount) return CURLE_OK; } -static size_t Curl_multissl_version(char *buffer, size_t size); +static size_t multissl_version(char *buffer, size_t size); size_t Curl_ssl_version(char *buffer, size_t size) { #ifdef CURL_WITH_MULTI_SSL - return Curl_multissl_version(buffer, size); + return multissl_version(buffer, size); #else return Curl_ssl->version(buffer, size); #endif @@ -1030,16 +1036,6 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, return result; } -#ifndef CURL_DISABLE_CRYPTO_AUTH -CURLcode Curl_ssl_md5sum(unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *md5sum, /* output */ - size_t md5len) -{ - return Curl_ssl->md5sum(tmp, tmplen, md5sum, md5len); -} -#endif - /* * Check whether the SSL backend supports the status_request extension. */ @@ -1076,9 +1072,11 @@ int Curl_none_init(void) void Curl_none_cleanup(void) { } -int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM, +int Curl_none_shutdown(struct Curl_easy *data UNUSED_PARAM, + struct connectdata *conn UNUSED_PARAM, int sockindex UNUSED_PARAM) { + (void)data; (void)conn; (void)sockindex; return 0; @@ -1148,70 +1146,44 @@ bool Curl_none_false_start(void) return FALSE; } -#ifndef CURL_DISABLE_CRYPTO_AUTH -CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, - unsigned char *md5sum, size_t md5len UNUSED_PARAM) +static int multissl_init(void) { - struct MD5_context *MD5pw; - - (void)md5len; - - MD5pw = Curl_MD5_init(Curl_DIGEST_MD5); - if(!MD5pw) - return CURLE_OUT_OF_MEMORY; - Curl_MD5_update(MD5pw, input, curlx_uztoui(inputlen)); - Curl_MD5_final(MD5pw, md5sum); - return CURLE_OK; -} -#else -CURLcode Curl_none_md5sum(unsigned char *input UNUSED_PARAM, - size_t inputlen UNUSED_PARAM, - unsigned char *md5sum UNUSED_PARAM, - size_t md5len UNUSED_PARAM) -{ - (void)input; - (void)inputlen; - (void)md5sum; - (void)md5len; - return CURLE_NOT_BUILT_IN; -} -#endif - -static int Curl_multissl_init(void) -{ - if(multissl_init(NULL)) + if(multissl_setup(NULL)) return 1; return Curl_ssl->init(); } -static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex) +static CURLcode multissl_connect(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { - if(multissl_init(NULL)) + if(multissl_setup(NULL)) return CURLE_FAILED_INIT; - return Curl_ssl->connect_blocking(conn, sockindex); + return Curl_ssl->connect_blocking(data, conn, sockindex); } -static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done) +static CURLcode multissl_connect_nonblocking(struct Curl_easy *data, + struct connectdata *conn, + int sockindex, bool *done) { - if(multissl_init(NULL)) + if(multissl_setup(NULL)) return CURLE_FAILED_INIT; - return Curl_ssl->connect_nonblocking(conn, sockindex, done); + return Curl_ssl->connect_nonblocking(data, conn, sockindex, done); } -static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl, - CURLINFO info) +static void *multissl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info) { - if(multissl_init(NULL)) + if(multissl_setup(NULL)) return NULL; return Curl_ssl->get_internals(connssl, info); } -static void Curl_multissl_close(struct connectdata *conn, int sockindex) +static void multissl_close(struct Curl_easy *data, struct connectdata *conn, + int sockindex) { - if(multissl_init(NULL)) + if(multissl_setup(NULL)) return; - Curl_ssl->close_one(conn, sockindex); + Curl_ssl->close_one(data, conn, sockindex); } static const struct Curl_ssl Curl_ssl_multi = { @@ -1219,25 +1191,24 @@ static const struct Curl_ssl Curl_ssl_multi = { 0, /* supports nothing */ (size_t)-1, /* something insanely large to be on the safe side */ - Curl_multissl_init, /* init */ + multissl_init, /* init */ Curl_none_cleanup, /* cleanup */ - Curl_multissl_version, /* version */ + multissl_version, /* version */ Curl_none_check_cxn, /* check_cxn */ Curl_none_shutdown, /* shutdown */ Curl_none_data_pending, /* data_pending */ Curl_none_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ - Curl_multissl_connect, /* connect */ - Curl_multissl_connect_nonblocking, /* connect_nonblocking */ - Curl_multissl_get_internals, /* get_internals */ - Curl_multissl_close, /* close_one */ + multissl_connect, /* connect */ + multissl_connect_nonblocking, /* connect_nonblocking */ + multissl_get_internals, /* get_internals */ + multissl_close, /* close_one */ Curl_none_close_all, /* close_all */ Curl_none_session_free, /* session_free */ Curl_none_set_engine, /* set_engine */ Curl_none_set_engine_default, /* set_engine_default */ Curl_none_engines_list, /* engines_list */ Curl_none_false_start, /* false_start */ - Curl_none_md5sum, /* md5sum */ NULL /* sha256sum */ }; @@ -1302,7 +1273,7 @@ static const struct Curl_ssl *available_backends[] = { NULL }; -static size_t Curl_multissl_version(char *buffer, size_t size) +static size_t multissl_version(char *buffer, size_t size) { static const struct Curl_ssl *selected; static char backends[200]; @@ -1346,7 +1317,7 @@ static size_t Curl_multissl_version(char *buffer, size_t size) return backends_len; } -static int multissl_init(const struct Curl_ssl *backend) +static int multissl_setup(const struct Curl_ssl *backend) { const char *env; char *env_tmp; @@ -1405,7 +1376,7 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, for(i = 0; available_backends[i]; i++) { if(available_backends[i]->info.id == id || (name && strcasecompare(available_backends[i]->info.name, name))) { - multissl_init(available_backends[i]); + multissl_setup(available_backends[i]); return CURLSSLSET_OK; } } |