summaryrefslogtreecommitdiff
path: root/Utilities/cmcurl/lib/vtls/mbedtls.c
diff options
context:
space:
mode:
Diffstat (limited to 'Utilities/cmcurl/lib/vtls/mbedtls.c')
-rw-r--r--Utilities/cmcurl/lib/vtls/mbedtls.c154
1 files changed, 81 insertions, 73 deletions
diff --git a/Utilities/cmcurl/lib/vtls/mbedtls.c b/Utilities/cmcurl/lib/vtls/mbedtls.c
index 545f824c62..fc3a948d1e 100644
--- a/Utilities/cmcurl/lib/vtls/mbedtls.c
+++ b/Utilities/cmcurl/lib/vtls/mbedtls.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
+ * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2012 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -31,6 +31,9 @@
#ifdef USE_MBEDTLS
+/* Define this to enable lots of debugging for mbedTLS */
+/* #define MBEDTLS_DEBUG */
+
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x02040000
#include <mbedtls/net_sockets.h>
@@ -46,6 +49,12 @@
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/sha256.h>
+#if MBEDTLS_VERSION_MAJOR >= 2
+# ifdef MBEDTLS_DEBUG
+# include <mbedtls/debug.h>
+# endif
+#endif
+
#include "urldata.h"
#include "sendf.h"
#include "inet_pton.h"
@@ -113,9 +122,6 @@ static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
#endif /* THREADING_SUPPORT */
-/* Define this to enable lots of debugging for mbedTLS */
-#undef MBEDTLS_DEBUG
-
#ifdef MBEDTLS_DEBUG
static void mbed_debug(void *context, int level, const char *f_name,
int line_nb, const char *line)
@@ -190,9 +196,9 @@ static CURLcode mbedtls_version_from_curl(int *mbedver, long version)
}
static CURLcode
-set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1;
@@ -235,16 +241,15 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex)
}
static CURLcode
-mbed_connect_step1(struct connectdata *conn,
+mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
- char * const ssl_cert = SSL_SET_OPTION(cert);
+ char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
#ifndef CURL_DISABLE_PROXY
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@@ -274,7 +279,7 @@ mbed_connect_step1(struct connectdata *conn,
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
- failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
-ret, errorbuf);
}
#else
@@ -287,7 +292,7 @@ mbed_connect_step1(struct connectdata *conn,
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
- failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
-ret, errorbuf);
}
#endif /* THREADING_SUPPORT */
@@ -421,7 +426,7 @@ mbed_connect_step1(struct connectdata *conn,
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
- CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
if(result != CURLE_OK)
return result;
break;
@@ -457,17 +462,17 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(primary.sessionid)) {
void *old_session = NULL;
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &old_session, NULL, sockindex)) {
ret = mbedtls_ssl_set_session(&backend->ssl, old_session);
if(ret) {
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret);
return CURLE_SSL_CONNECT_ERROR;
}
infof(data, "mbedTLS re-using session\n");
}
- Curl_ssl_sessionid_unlock(conn);
+ Curl_ssl_sessionid_unlock(data);
}
mbedtls_ssl_conf_ca_chain(&backend->config,
@@ -535,11 +540,10 @@ mbed_connect_step1(struct connectdata *conn,
}
static CURLcode
-mbed_connect_step2(struct connectdata *conn,
+mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
int ret;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const mbedtls_x509_crt *peercert;
@@ -695,7 +699,7 @@ mbed_connect_step2(struct connectdata *conn,
else {
infof(data, "ALPN, server did not agree to a protocol\n");
}
- Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
@@ -707,13 +711,12 @@ mbed_connect_step2(struct connectdata *conn,
}
static CURLcode
-mbed_connect_step3(struct connectdata *conn,
+mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
CURLcode retcode = CURLE_OK;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
- struct Curl_easy *data = conn->data;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
@@ -738,12 +741,13 @@ mbed_connect_step3(struct connectdata *conn,
}
/* If there's already a matching session in the cache, delete it */
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, sockindex))
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
- Curl_ssl_sessionid_unlock(conn);
+ retcode = Curl_ssl_addsessionid(data, conn,
+ our_ssl_sessionid, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
if(retcode) {
mbedtls_ssl_session_free(our_ssl_sessionid);
free(our_ssl_sessionid);
@@ -757,16 +761,16 @@ mbed_connect_step3(struct connectdata *conn,
return CURLE_OK;
}
-static ssize_t mbed_send(struct connectdata *conn, int sockindex,
+static ssize_t mbed_send(struct Curl_easy *data, int sockindex,
const void *mem, size_t len,
CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
int ret = -1;
- ret = mbedtls_ssl_write(&backend->ssl,
- (unsigned char *)mem, len);
+ ret = mbedtls_ssl_write(&backend->ssl, (unsigned char *)mem, len);
if(ret < 0) {
*curlcode = (ret == MBEDTLS_ERR_SSL_WANT_WRITE) ?
@@ -777,15 +781,18 @@ static ssize_t mbed_send(struct connectdata *conn, int sockindex,
return ret;
}
-static void Curl_mbedtls_close_all(struct Curl_easy *data)
+static void mbedtls_close_all(struct Curl_easy *data)
{
(void)data;
}
-static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
+static void mbedtls_close(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
+
+ (void) data;
mbedtls_pk_free(&backend->pk);
mbedtls_x509_crt_free(&backend->clicert);
mbedtls_x509_crt_free(&backend->cacert);
@@ -798,16 +805,16 @@ static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
#endif /* THREADING_SUPPORT */
}
-static ssize_t mbed_recv(struct connectdata *conn, int num,
+static ssize_t mbed_recv(struct Curl_easy *data, int num,
char *buf, size_t buffersize,
CURLcode *curlcode)
{
+ struct connectdata *conn = data->conn;
struct ssl_connect_data *connssl = &conn->ssl[num];
struct ssl_backend_data *backend = connssl->backend;
int ret = -1;
ssize_t len = -1;
- memset(buf, 0, buffersize);
ret = mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf,
buffersize);
@@ -825,13 +832,13 @@ static ssize_t mbed_recv(struct connectdata *conn, int num,
return len;
}
-static void Curl_mbedtls_session_free(void *ptr)
+static void mbedtls_session_free(void *ptr)
{
mbedtls_ssl_session_free(ptr);
free(ptr);
}
-static size_t Curl_mbedtls_version(char *buffer, size_t size)
+static size_t mbedtls_version(char *buffer, size_t size)
{
#ifdef MBEDTLS_VERSION_C
/* if mbedtls_version_get_number() is available it is better */
@@ -843,8 +850,8 @@ static size_t Curl_mbedtls_version(char *buffer, size_t size)
#endif
}
-static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
- unsigned char *entropy, size_t length)
+static CURLcode mbedtls_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
{
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = -1;
@@ -862,7 +869,7 @@ static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
- failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n",
+ failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s",
-ret, errorbuf);
}
else {
@@ -872,7 +879,7 @@ static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
- failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s",
-ret, errorbuf);
}
}
@@ -893,13 +900,13 @@ static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
}
static CURLcode
-mbed_connect_common(struct connectdata *conn,
+mbed_connect_common(struct Curl_easy *data,
+ struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode retcode;
- struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
timediff_t timeout_ms;
@@ -920,7 +927,7 @@ mbed_connect_common(struct connectdata *conn,
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
- retcode = mbed_connect_step1(conn, sockindex);
+ retcode = mbed_connect_step1(data, conn, sockindex);
if(retcode)
return retcode;
}
@@ -975,7 +982,7 @@ mbed_connect_common(struct connectdata *conn,
* ensuring that a client using select() or epoll() will always
* have a valid fdset to wait on.
*/
- retcode = mbed_connect_step2(conn, sockindex);
+ retcode = mbed_connect_step2(data, conn, sockindex);
if(retcode || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
@@ -985,7 +992,7 @@ mbed_connect_common(struct connectdata *conn,
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3 == connssl->connecting_state) {
- retcode = mbed_connect_step3(conn, sockindex);
+ retcode = mbed_connect_step3(data, conn, sockindex);
if(retcode)
return retcode;
}
@@ -1005,19 +1012,21 @@ mbed_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
- int sockindex, bool *done)
+static CURLcode mbedtls_connect_nonblocking(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex, bool *done)
{
- return mbed_connect_common(conn, sockindex, TRUE, done);
+ return mbed_connect_common(data, conn, sockindex, TRUE, done);
}
-static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex)
+static CURLcode mbedtls_connect(struct Curl_easy *data,
+ struct connectdata *conn, int sockindex)
{
CURLcode retcode;
bool done = FALSE;
- retcode = mbed_connect_common(conn, sockindex, FALSE, &done);
+ retcode = mbed_connect_common(data, conn, sockindex, FALSE, &done);
if(retcode)
return retcode;
@@ -1030,28 +1039,28 @@ static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex)
* return 0 error initializing SSL
* return 1 SSL initialized successfully
*/
-static int Curl_mbedtls_init(void)
+static int mbedtls_init(void)
{
return Curl_mbedtlsthreadlock_thread_setup();
}
-static void Curl_mbedtls_cleanup(void)
+static void mbedtls_cleanup(void)
{
(void)Curl_mbedtlsthreadlock_thread_cleanup();
}
-static bool Curl_mbedtls_data_pending(const struct connectdata *conn,
- int sockindex)
+static bool mbedtls_data_pending(const struct connectdata *conn,
+ int sockindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
return mbedtls_ssl_get_bytes_avail(&backend->ssl) != 0;
}
-static CURLcode Curl_mbedtls_sha256sum(const unsigned char *input,
- size_t inputlen,
- unsigned char *sha256sum,
- size_t sha256len UNUSED_PARAM)
+static CURLcode mbedtls_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len UNUSED_PARAM)
{
(void)sha256len;
#if MBEDTLS_VERSION_NUMBER < 0x02070000
@@ -1064,8 +1073,8 @@ static CURLcode Curl_mbedtls_sha256sum(const unsigned char *input,
return CURLE_OK;
}
-static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
- CURLINFO info UNUSED_PARAM)
+static void *mbedtls_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
{
struct ssl_backend_data *backend = connssl->backend;
(void)info;
@@ -1081,26 +1090,25 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
sizeof(struct ssl_backend_data),
- Curl_mbedtls_init, /* init */
- Curl_mbedtls_cleanup, /* cleanup */
- Curl_mbedtls_version, /* version */
+ mbedtls_init, /* init */
+ mbedtls_cleanup, /* cleanup */
+ mbedtls_version, /* version */
Curl_none_check_cxn, /* check_cxn */
Curl_none_shutdown, /* shutdown */
- Curl_mbedtls_data_pending, /* data_pending */
- Curl_mbedtls_random, /* random */
+ mbedtls_data_pending, /* data_pending */
+ mbedtls_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
- Curl_mbedtls_connect, /* connect */
- Curl_mbedtls_connect_nonblocking, /* connect_nonblocking */
- Curl_mbedtls_get_internals, /* get_internals */
- Curl_mbedtls_close, /* close_one */
- Curl_mbedtls_close_all, /* close_all */
- Curl_mbedtls_session_free, /* session_free */
+ mbedtls_connect, /* connect */
+ mbedtls_connect_nonblocking, /* connect_nonblocking */
+ mbedtls_get_internals, /* get_internals */
+ mbedtls_close, /* close_one */
+ mbedtls_close_all, /* close_all */
+ mbedtls_session_free, /* session_free */
Curl_none_set_engine, /* set_engine */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum, /* md5sum */
- Curl_mbedtls_sha256sum /* sha256sum */
+ mbedtls_sha256sum /* sha256sum */
};
#endif /* USE_MBEDTLS */
View Lorry Controller Status