vtls.h@ 86643

Last change on this file since 86643 was 85671, checked in by vboxsync, 4 years ago
Export out internal curl copy to make it a lot simpler to build VBox (OSE) on Windows. bugref:9814
Property svn:eol-style set to `native`
File size: 11.6 KB

Line
1	#ifndef HEADER_CURL_VTLS_H
2	#define HEADER_CURL_VTLS_H
3	/***************************************************************************
4	* _ _ ____ _
5	* Project ___\| \| \| \| _ \\| \|
6	* / __\| \| \| \| \|_) \| \|
7	* \| (__\| \|_\| \| _ <\| \|___
8	* \___\|\___/\|_\| \_\_____\|
9	*
10	* Copyright (C) 1998 - 2018, Daniel Stenberg, <[email protected]>, et al.
11	*
12	* This software is licensed as described in the file COPYING, which
13	* you should have received as part of this distribution. The terms
14	* are also available at https://curl.haxx.se/docs/copyright.html.
15	*
16	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
17	* copies of the Software, and permit persons to whom the Software is
18	* furnished to do so, under the terms of the COPYING file.
19	*
20	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21	* KIND, either express or implied.
22	*
23	***************************************************************************/
24	#include "curl_setup.h"
25
26	struct connectdata;
27	struct ssl_connect_data;
28
29	#define SSLSUPP_CA_PATH (1<<0) /* supports CAPATH */
30	#define SSLSUPP_CERTINFO (1<<1) /* supports CURLOPT_CERTINFO */
31	#define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */
32	#define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */
33	#define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */
34	#define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
35
36	struct Curl_ssl {
37	/*
38	* This must be the first entry to allow returning the list of available
39	* backends in curl_global_sslset().
40	*/
41	curl_ssl_backend info;
42	unsigned int supports; /* bitfield, see above */
43	size_t sizeof_ssl_backend_data;
44
45	int (*init)(void);
46	void (*cleanup)(void);
47
48	size_t (version)(char buffer, size_t size);
49	int (check_cxn)(struct connectdata cxn);
50	int (shutdown)(struct connectdata conn, int sockindex);
51	bool (data_pending)(const struct connectdata conn,
52	int connindex);
53
54	/* return 0 if a find random is filled in */
55	CURLcode (random)(struct Curl_easy data, unsigned char *entropy,
56	size_t length);
57	bool (*cert_status_request)(void);
58
59	CURLcode (connect)(struct connectdata conn, int sockindex);
60	CURLcode (connect_nonblocking)(struct connectdata conn, int sockindex,
61	bool *done);
62	void (get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
63	void (close_one)(struct connectdata conn, int sockindex);
64	void (close_all)(struct Curl_easy data);
65	void (session_free)(void ptr);
66
67	CURLcode (set_engine)(struct Curl_easy data, const char *engine);
68	CURLcode (set_engine_default)(struct Curl_easy data);
69	struct curl_slist (engines_list)(struct Curl_easy *data);
70
71	bool (*false_start)(void);
72
73	CURLcode (md5sum)(unsigned char input, size_t inputlen,
74	unsigned char *md5sum, size_t md5sumlen);
75	CURLcode (sha256sum)(const unsigned char input, size_t inputlen,
76	unsigned char *sha256sum, size_t sha256sumlen);
77	};
78
79	#ifdef USE_SSL
80	extern const struct Curl_ssl *Curl_ssl;
81	#endif
82
83	int Curl_none_init(void);
84	void Curl_none_cleanup(void);
85	int Curl_none_shutdown(struct connectdata *conn, int sockindex);
86	int Curl_none_check_cxn(struct connectdata *conn);
87	CURLcode Curl_none_random(struct Curl_easy data, unsigned char entropy,
88	size_t length);
89	void Curl_none_close_all(struct Curl_easy *data);
90	void Curl_none_session_free(void *ptr);
91	bool Curl_none_data_pending(const struct connectdata *conn, int connindex);
92	bool Curl_none_cert_status_request(void);
93	CURLcode Curl_none_set_engine(struct Curl_easy data, const char engine);
94	CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
95	struct curl_slist Curl_none_engines_list(struct Curl_easy data);
96	bool Curl_none_false_start(void);
97	bool Curl_ssl_tls13_ciphersuites(void);
98	CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
99	unsigned char *md5sum, size_t md5len);
100
101	#include "openssl.h" /* OpenSSL versions */
102	#include "gtls.h" /* GnuTLS versions */
103	#include "nssg.h" /* NSS versions */
104	#include "gskit.h" /* Global Secure ToolKit versions */
105	#include "polarssl.h" /* PolarSSL versions */
106	#include "cyassl.h" /* CyaSSL versions */
107	#include "schannel.h" /* Schannel SSPI version */
108	#include "darwinssl.h" /* SecureTransport (Darwin) version */
109	#include "mbedtls.h" /* mbedTLS versions */
110	#include "mesalink.h" /* MesaLink versions */
111
112	#ifndef MAX_PINNED_PUBKEY_SIZE
113	#define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
114	#endif
115
116	#ifndef MD5_DIGEST_LENGTH
117	#ifndef LIBWOLFSSL_VERSION_HEX /* because WolfSSL borks this */
118	#define MD5_DIGEST_LENGTH 16 /* fixed size */
119	#endif
120	#endif
121
122	#ifndef CURL_SHA256_DIGEST_LENGTH
123	#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
124	#endif
125
126	/* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */
127	#define ALPN_HTTP_1_1_LENGTH 8
128	#define ALPN_HTTP_1_1 "http/1.1"
129
130	/* set of helper macros for the backends to access the correct fields. For the
131	proxy or for the remote host - to properly support HTTPS proxy */
132
133	#define SSL_IS_PROXY() (CURLPROXY_HTTPS == conn->http_proxy.proxytype && \
134	ssl_connection_complete != conn->proxy_ssl[conn->sock[SECONDARYSOCKET] == \
135	CURL_SOCKET_BAD ? FIRSTSOCKET : SECONDARYSOCKET].state)
136	#define SSL_SET_OPTION(var) (SSL_IS_PROXY() ? data->set.proxy_ssl.var : \
137	data->set.ssl.var)
138	#define SSL_CONN_CONFIG(var) (SSL_IS_PROXY() ? \
139	conn->proxy_ssl_config.var : conn->ssl_config.var)
140
141	bool Curl_ssl_config_matches(struct ssl_primary_config* data,
142	struct ssl_primary_config* needle);
143	bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
144	struct ssl_primary_config *dest);
145	void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc);
146	int Curl_ssl_getsock(struct connectdata conn, curl_socket_t socks,
147	int numsocks);
148
149	int Curl_ssl_backend(void);
150
151	#ifdef USE_SSL
152	int Curl_ssl_init(void);
153	void Curl_ssl_cleanup(void);
154	CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
155	CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
156	int sockindex,
157	bool *done);
158	/* tell the SSL stuff to close down all open information regarding
159	connections (and thus session ID caching etc) */
160	void Curl_ssl_close_all(struct Curl_easy *data);
161	void Curl_ssl_close(struct connectdata *conn, int sockindex);
162	CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
163	CURLcode Curl_ssl_set_engine(struct Curl_easy data, const char engine);
164	/* Sets engine as default for all SSL operations */
165	CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
166	struct curl_slist Curl_ssl_engines_list(struct Curl_easy data);
167
168	/* init the SSL session ID cache */
169	CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
170	size_t Curl_ssl_version(char *buffer, size_t size);
171	bool Curl_ssl_data_pending(const struct connectdata *conn,
172	int connindex);
173	int Curl_ssl_check_cxn(struct connectdata *conn);
174
175	/* Certificate information list handling. */
176
177	void Curl_ssl_free_certinfo(struct Curl_easy *data);
178	CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num);
179	CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, int certnum,
180	const char label, const char value,
181	size_t valuelen);
182	CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data, int certnum,
183	const char label, const char value);
184
185	/* Functions to be used by SSL library adaptation functions */
186
187	/* Lock session cache mutex.
188	* Call this before calling other Curl_ssl_session functions
189	* Caller should unlock this mutex as soon as possible, as it may block
190	* other SSL connection from making progress.
191	* The purpose of explicitly locking SSL session cache data is to allow
192	* individual SSL engines to manage session lifetime in their specific way.
193	*/
194	void Curl_ssl_sessionid_lock(struct connectdata *conn);
195
196	/* Unlock session cache mutex */
197	void Curl_ssl_sessionid_unlock(struct connectdata *conn);
198
199	/* extract a session ID
200	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
201	* Caller must make sure that the ownership of returned sessionid object
202	* is properly taken (e.g. its refcount is incremented
203	* under sessionid mutex).
204	*/
205	bool Curl_ssl_getsessionid(struct connectdata *conn,
206	void **ssl_sessionid,
207	size_t idsize, / set 0 if unknown */
208	int sockindex);
209	/* add a new session ID
210	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
211	* Caller must ensure that it has properly shared ownership of this sessionid
212	* object with cache (e.g. incrementing refcount on success)
213	*/
214	CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
215	void *ssl_sessionid,
216	size_t idsize,
217	int sockindex);
218	/* Kill a single session ID entry in the cache
219	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
220	* This will call engine-specific curlssl_session_free function, which must
221	* take sessionid object ownership from sessionid cache
222	* (e.g. decrement refcount).
223	*/
224	void Curl_ssl_kill_session(struct curl_ssl_session *session);
225	/* delete a session from the cache
226	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
227	* This will call engine-specific curlssl_session_free function, which must
228	* take sessionid object ownership from sessionid cache
229	* (e.g. decrement refcount).
230	*/
231	void Curl_ssl_delsessionid(struct connectdata conn, void ssl_sessionid);
232
233	/* get N random bytes into the buffer */
234	CURLcode Curl_ssl_random(struct Curl_easy data, unsigned char buffer,
235	size_t length);
236	CURLcode Curl_ssl_md5sum(unsigned char tmp, / input */
237	size_t tmplen,
238	unsigned char md5sum, / output */
239	size_t md5len);
240	/* Check pinned public key. */
241	CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
242	const char *pinnedpubkey,
243	const unsigned char *pubkey, size_t pubkeylen);
244
245	bool Curl_ssl_cert_status_request(void);
246
247	bool Curl_ssl_false_start(void);
248
249	#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
250
251	#else /* if not USE_SSL */
252
253	/* When SSL support is not present, just define away these function calls */
254	#define Curl_ssl_init() 1
255	#define Curl_ssl_cleanup() Curl_nop_stmt
256	#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
257	#define Curl_ssl_close_all(x) Curl_nop_stmt
258	#define Curl_ssl_close(x,y) Curl_nop_stmt
259	#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
260	#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
261	#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
262	#define Curl_ssl_engines_list(x) NULL
263	#define Curl_ssl_send(a,b,c,d,e) -1
264	#define Curl_ssl_recv(a,b,c,d,e) -1
265	#define Curl_ssl_initsessions(x,y) CURLE_OK
266	#define Curl_ssl_version(x,y) 0
267	#define Curl_ssl_data_pending(x,y) 0
268	#define Curl_ssl_check_cxn(x) 0
269	#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
270	#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
271	#define Curl_ssl_kill_session(x) Curl_nop_stmt
272	#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
273	#define Curl_ssl_cert_status_request() FALSE
274	#define Curl_ssl_false_start() FALSE
275	#define Curl_ssl_tls13_ciphersuites() FALSE
276	#endif
277
278	#endif /* HEADER_CURL_VTLS_H */

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/curl-7.64.0/lib/vtls/vtls.h@ 86643

Download in other formats: