summaryrefslogtreecommitdiff
path: root/Utilities/cmcurl/lib/vtls/gtls.c
diff options
context:
space:
mode:
Diffstat (limited to 'Utilities/cmcurl/lib/vtls/gtls.c')
-rw-r--r--Utilities/cmcurl/lib/vtls/gtls.c181
1 files changed, 84 insertions, 97 deletions
diff --git a/Utilities/cmcurl/lib/vtls/gtls.c b/Utilities/cmcurl/lib/vtls/gtls.c
index e848c3f05a..3ddee19742 100644
--- a/Utilities/cmcurl/lib/vtls/gtls.c
+++ b/Utilities/cmcurl/lib/vtls/gtls.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -86,38 +86,38 @@ struct ssl_backend_data {
#endif
};
-static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
+static ssize_t gtls_push(void *s, const void *buf, size_t len)
{
curl_socket_t sock = *(curl_socket_t *)s;
ssize_t ret = swrite(sock, buf, len);
return ret;
}
-static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
+static ssize_t gtls_pull(void *s, void *buf, size_t len)
{
curl_socket_t sock = *(curl_socket_t *)s;
ssize_t ret = sread(sock, buf, len);
return ret;
}
-static ssize_t Curl_gtls_push_ssl(void *s, const void *buf, size_t len)
+static ssize_t gtls_push_ssl(void *s, const void *buf, size_t len)
{
return gnutls_record_send((gnutls_session_t) s, buf, len);
}
-static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len)
+static ssize_t gtls_pull_ssl(void *s, void *buf, size_t len)
{
return gnutls_record_recv((gnutls_session_t) s, buf, len);
}
-/* Curl_gtls_init()
+/* gtls_init()
*
* Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
* are not thread-safe and thus this function itself is not thread-safe and
* must only be called from within curl_global_init() to keep the thread
* situation under control!
*/
-static int Curl_gtls_init(void)
+static int gtls_init(void)
{
int ret = 1;
if(!gtls_inited) {
@@ -131,7 +131,7 @@ static int Curl_gtls_init(void)
return ret;
}
-static void Curl_gtls_cleanup(void)
+static void gtls_cleanup(void)
{
if(gtls_inited) {
gnutls_global_deinit();
@@ -200,12 +200,12 @@ static void unload_file(gnutls_datum_t data)
/* this function does a SSL/TLS (re-)handshake */
-static CURLcode handshake(struct connectdata *conn,
+static CURLcode handshake(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool duringconnect,
bool nonblocking)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
@@ -314,9 +314,9 @@ static gnutls_x509_crt_fmt_t do_file_type(const char *type)
#define GNUTLS_SRP "+SRP"
static CURLcode
-set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
+set_ssl_version_min_max(const char **prioritylist, struct Curl_easy *data)
{
- struct Curl_easy *data = conn->data;
+ struct connectdata *conn = data->conn;
long ssl_version = SSL_CONN_CONFIG(version);
long ssl_version_max = SSL_CONN_CONFIG(version_max);
@@ -379,10 +379,10 @@ set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
}
static CURLcode
-gtls_connect_step1(struct connectdata *conn,
+gtls_connect_step1(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned int init_flags;
@@ -408,7 +408,7 @@ gtls_connect_step1(struct connectdata *conn,
return CURLE_OK;
if(!gtls_inited)
- Curl_gtls_init();
+ gtls_init();
/* Initialize certverifyresult to OK */
*certverifyresult = 0;
@@ -568,7 +568,7 @@ gtls_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(&prioritylist, conn);
+ CURLcode result = set_ssl_version_min_max(&prioritylist, data);
if(result != CURLE_OK)
return result;
break;
@@ -698,16 +698,16 @@ gtls_connect_step1(struct connectdata *conn,
#ifndef CURL_DISABLE_PROXY
if(conn->proxy_ssl[sockindex].use) {
transport_ptr = conn->proxy_ssl[sockindex].backend->session;
- gnutls_transport_push = Curl_gtls_push_ssl;
- gnutls_transport_pull = Curl_gtls_pull_ssl;
+ gnutls_transport_push = gtls_push_ssl;
+ gnutls_transport_pull = gtls_pull_ssl;
}
else
#endif
{
/* file descriptor for the socket */
transport_ptr = &conn->sock[sockindex];
- gnutls_transport_push = Curl_gtls_push;
- gnutls_transport_pull = Curl_gtls_pull;
+ gnutls_transport_push = gtls_push;
+ gnutls_transport_pull = gtls_pull;
}
/* set the connection handle */
@@ -731,15 +731,16 @@ gtls_connect_step1(struct connectdata *conn,
void *ssl_sessionid;
size_t ssl_idsize;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
+ &ssl_sessionid, &ssl_idsize, sockindex)) {
/* we got a session id, use it! */
gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
/* Informational message */
infof(data, "SSL re-using session ID\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
return CURLE_OK;
@@ -807,7 +808,8 @@ static Curl_recv gtls_recv;
static Curl_send gtls_send;
static CURLcode
-gtls_connect_step3(struct connectdata *conn,
+gtls_connect_step3(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex)
{
unsigned int cert_list_size;
@@ -820,7 +822,6 @@ gtls_connect_step3(struct connectdata *conn,
size_t size;
time_t certclock;
const char *ptr;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
gnutls_session_t session = backend->session;
@@ -885,7 +886,7 @@ gtls_connect_step3(struct connectdata *conn,
const char *beg = (const char *) chainp[i].data;
const char *end = beg + chainp[i].size;
- result = Curl_extract_certinfo(conn, i, beg, end);
+ result = Curl_extract_certinfo(data, i, beg, end);
if(result)
return result;
}
@@ -1263,7 +1264,7 @@ gtls_connect_step3(struct connectdata *conn,
else
infof(data, "ALPN, server did not agree to a protocol\n");
- Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
@@ -1290,19 +1291,19 @@ gtls_connect_step3(struct connectdata *conn,
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
- Curl_ssl_sessionid_lock(conn);
- incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL,
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL,
sockindex));
if(incache) {
/* there was one before in the cache, so instead of risking that the
previous one was rejected, we just kill that and store the new */
- Curl_ssl_delsessionid(conn, ssl_sessionid);
+ Curl_ssl_delsessionid(data, ssl_sessionid);
}
/* store this session id */
- result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize,
- sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+ connect_idsize, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(result) {
free(connect_sessionid);
result = CURLE_OUT_OF_MEMORY;
@@ -1326,7 +1327,8 @@ gtls_connect_step3(struct connectdata *conn,
'ssl_connect_2_writing' (waiting to be able to write).
*/
static CURLcode
-gtls_connect_common(struct connectdata *conn,
+gtls_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
@@ -1336,19 +1338,19 @@ gtls_connect_common(struct connectdata *conn,
/* Initiate the connection, if not already done */
if(ssl_connect_1 == connssl->connecting_state) {
- rc = gtls_connect_step1(conn, sockindex);
+ rc = gtls_connect_step1(data, conn, sockindex);
if(rc)
return rc;
}
- rc = handshake(conn, sockindex, TRUE, nonblocking);
+ rc = handshake(data, conn, sockindex, TRUE, nonblocking);
if(rc)
/* handshake() sets its own error message with failf() */
return rc;
/* Finish connecting once the handshake is done */
if(ssl_connect_1 == connssl->connecting_state) {
- rc = gtls_connect_step3(conn, sockindex);
+ rc = gtls_connect_step3(data, conn, sockindex);
if(rc)
return rc;
}
@@ -1358,18 +1360,20 @@ gtls_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
- int sockindex, bool *done)
+static CURLcode gtls_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex, bool *done)
{
- return gtls_connect_common(conn, sockindex, TRUE, done);
+ return gtls_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
+static CURLcode gtls_connect(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
CURLcode result;
bool done = FALSE;
- result = gtls_connect_common(conn, sockindex, FALSE, &done);
+ result = gtls_connect_common(data, conn, sockindex, FALSE, &done);
if(result)
return result;
@@ -1378,8 +1382,8 @@ static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
-static bool Curl_gtls_data_pending(const struct connectdata *conn,
- int connindex)
+static bool gtls_data_pending(const struct connectdata *conn,
+ int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
bool res = FALSE;
@@ -1399,12 +1403,13 @@ static bool Curl_gtls_data_pending(const struct connectdata *conn,
return res;
}
-static ssize_t gtls_send(struct connectdata *conn,
+static ssize_t gtls_send(struct Curl_easy *data,
int sockindex,
const void *mem,
size_t len,
CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
ssize_t rc = gnutls_record_send(backend->session, mem, len);
@@ -1440,8 +1445,10 @@ static void close_one(struct ssl_connect_data *connssl)
#endif
}
-static void Curl_gtls_close(struct connectdata *conn, int sockindex)
+static void gtls_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
+ (void) data;
close_one(&conn->ssl[sockindex]);
#ifndef CURL_DISABLE_PROXY
close_one(&conn->proxy_ssl[sockindex]);
@@ -1452,12 +1459,12 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
-static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
+static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int retval = 0;
- struct Curl_easy *data = conn->data;
#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
@@ -1526,12 +1533,13 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
return retval;
}
-static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
+static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */
int num, /* socketindex */
char *buf, /* store read data here */
size_t buffersize, /* max amount to read */
CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[num];
struct ssl_backend_data *backend = connssl->backend;
ssize_t ret;
@@ -1545,7 +1553,7 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
if(ret == GNUTLS_E_REHANDSHAKE) {
/* BLOCKING call, this is bad but a work-around for now. Fixing this "the
proper way" takes a whole lot of work. */
- CURLcode result = handshake(conn, num, FALSE, FALSE);
+ CURLcode result = handshake(data, conn, num, FALSE, FALSE);
if(result)
/* handshake() writes error message on its own */
*curlcode = result;
@@ -1555,7 +1563,7 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
}
if(ret < 0) {
- failf(conn->data, "GnuTLS recv error (%d): %s",
+ failf(data, "GnuTLS recv error (%d): %s",
(int)ret, gnutls_strerror((int)ret));
*curlcode = CURLE_RECV_ERROR;
@@ -1565,18 +1573,18 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
return ret;
}
-static void Curl_gtls_session_free(void *ptr)
+static void gtls_session_free(void *ptr)
{
free(ptr);
}
-static size_t Curl_gtls_version(char *buffer, size_t size)
+static size_t gtls_version(char *buffer, size_t size)
{
return msnprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
}
#ifndef USE_GNUTLS_NETTLE
-static int Curl_gtls_seed(struct Curl_easy *data)
+static int gtls_seed(struct Curl_easy *data)
{
/* we have the "SSL is seeded" boolean static to prevent multiple
time-consuming seedings in vain */
@@ -1594,8 +1602,8 @@ static int Curl_gtls_seed(struct Curl_easy *data)
#endif
/* data might be NULL! */
-static CURLcode Curl_gtls_random(struct Curl_easy *data,
- unsigned char *entropy, size_t length)
+static CURLcode gtls_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
{
#if defined(USE_GNUTLS_NETTLE)
int rc;
@@ -1604,36 +1612,16 @@ static CURLcode Curl_gtls_random(struct Curl_easy *data,
return rc?CURLE_FAILED_INIT:CURLE_OK;
#elif defined(USE_GNUTLS)
if(data)
- Curl_gtls_seed(data); /* Initiate the seed if not already done */
+ gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
#endif
return CURLE_OK;
}
-static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
-{
-#if defined(USE_GNUTLS_NETTLE)
- struct md5_ctx MD5pw;
- md5_init(&MD5pw);
- md5_update(&MD5pw, (unsigned int)tmplen, tmp);
- md5_digest(&MD5pw, (unsigned int)md5len, md5sum);
-#elif defined(USE_GNUTLS)
- gcry_md_hd_t MD5pw;
- gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
- gcry_md_write(MD5pw, tmp, tmplen);
- memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len);
- gcry_md_close(MD5pw);
-#endif
- return CURLE_OK;
-}
-
-static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len)
+static CURLcode gtls_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
{
#if defined(USE_GNUTLS_NETTLE)
struct sha256_ctx SHA256pw;
@@ -1650,12 +1638,12 @@ static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
return CURLE_OK;
}
-static bool Curl_gtls_cert_status_request(void)
+static bool gtls_cert_status_request(void)
{
return TRUE;
}
-static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
+static void *gtls_get_internals(struct ssl_connect_data *connssl,
CURLINFO info UNUSED_PARAM)
{
struct ssl_backend_data *backend = connssl->backend;
@@ -1673,26 +1661,25 @@ const struct Curl_ssl Curl_ssl_gnutls = {
sizeof(struct ssl_backend_data),
- Curl_gtls_init, /* init */
- Curl_gtls_cleanup, /* cleanup */
- Curl_gtls_version, /* version */
+ gtls_init, /* init */
+ gtls_cleanup, /* cleanup */
+ gtls_version, /* version */
Curl_none_check_cxn, /* check_cxn */
- Curl_gtls_shutdown, /* shutdown */
- Curl_gtls_data_pending, /* data_pending */
- Curl_gtls_random, /* random */
- Curl_gtls_cert_status_request, /* cert_status_request */
- Curl_gtls_connect, /* connect */
- Curl_gtls_connect_nonblocking, /* connect_nonblocking */
- Curl_gtls_get_internals, /* get_internals */
- Curl_gtls_close, /* close_one */
+ gtls_shutdown, /* shutdown */
+ gtls_data_pending, /* data_pending */
+ gtls_random, /* random */
+ gtls_cert_status_request, /* cert_status_request */
+ gtls_connect, /* connect */
+ gtls_connect_nonblocking, /* connect_nonblocking */
+ gtls_get_internals, /* get_internals */
+ gtls_close, /* close_one */
Curl_none_close_all, /* close_all */
- Curl_gtls_session_free, /* session_free */
+ gtls_session_free, /* session_free */
Curl_none_set_engine, /* set_engine */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_gtls_md5sum, /* md5sum */
- Curl_gtls_sha256sum /* sha256sum */
+ gtls_sha256sum /* sha256sum */
};
#endif /* USE_GNUTLS */
View Lorry Controller Status