VirtualBox

source: vbox/trunk/src/libs/curl-7.83.1/lib/vtls/vtls.h@ 97623

Last change on this file since 97623 was 95312, checked in by vboxsync, 3 years ago

libs/{curl,libxml2}: OSE export fixes, bugref:8515
  • Property svn:eol-style set to native
File size: 14.7 KB
Line 
1#ifndef HEADER_CURL_VTLS_H
2#define HEADER_CURL_VTLS_H
3/***************************************************************************
4 * _ _ ____ _
5 * Project ___| | | | _ \| |
6 * / __| | | | |_) | |
7 * | (__| |_| | _ <| |___
8 * \___|\___/|_| \_\_____|
9 *
10 * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
11 *
12 * This software is licensed as described in the file COPYING, which
13 * you should have received as part of this distribution. The terms
14 * are also available at https://curl.se/docs/copyright.html.
15 *
16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17 * copies of the Software, and permit persons to whom the Software is
18 * furnished to do so, under the terms of the COPYING file.
19 *
20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * KIND, either express or implied.
22 *
23 ***************************************************************************/
24#include "curl_setup.h"
25
26struct connectdata;
27struct ssl_connect_data;
28
29#define SSLSUPP_CA_PATH (1<<0) /* supports CAPATH */
30#define SSLSUPP_CERTINFO (1<<1) /* supports CURLOPT_CERTINFO */
31#define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */
32#define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */
33#define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */
34#define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
35#define SSLSUPP_CAINFO_BLOB (1<<6)
36
37#define ALPN_ACCEPTED "ALPN: server accepted "
38
39#define VTLS_INFOF_NO_ALPN \
40 "ALPN: server did not agree on a protocol. Uses default."
41#define VTLS_INFOF_ALPN_OFFER_1STR \
42 "ALPN: offers %s"
43#define VTLS_INFOF_ALPN_ACCEPTED_1STR \
44 ALPN_ACCEPTED "%s"
45#define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \
46 ALPN_ACCEPTED "%.*s"
47
48struct Curl_ssl {
49 /*
50 * This *must* be the first entry to allow returning the list of available
51 * backends in curl_global_sslset().
52 */
53 curl_ssl_backend info;
54 unsigned int supports; /* bitfield, see above */
55 size_t sizeof_ssl_backend_data;
56
57 int (*init)(void);
58 void (*cleanup)(void);
59
60 size_t (*version)(char *buffer, size_t size);
61 int (*check_cxn)(struct connectdata *cxn);
62 int (*shut_down)(struct Curl_easy *data, struct connectdata *conn,
63 int sockindex);
64 bool (*data_pending)(const struct connectdata *conn,
65 int connindex);
66
67 /* return 0 if a find random is filled in */
68 CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
69 size_t length);
70 bool (*cert_status_request)(void);
71
72 CURLcode (*connect_blocking)(struct Curl_easy *data,
73 struct connectdata *conn, int sockindex);
74 CURLcode (*connect_nonblocking)(struct Curl_easy *data,
75 struct connectdata *conn, int sockindex,
76 bool *done);
77
78 /* If the SSL backend wants to read or write on this connection during a
79 handshake, set socks[0] to the connection's FIRSTSOCKET, and return
80 a bitmap indicating read or write with GETSOCK_WRITESOCK(0) or
81 GETSOCK_READSOCK(0). Otherwise return GETSOCK_BLANK.
82 Mandatory. */
83 int (*getsock)(struct connectdata *conn, curl_socket_t *socks);
84
85 void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
86 void (*close_one)(struct Curl_easy *data, struct connectdata *conn,
87 int sockindex);
88 void (*close_all)(struct Curl_easy *data);
89 void (*session_free)(void *ptr);
90
91 CURLcode (*set_engine)(struct Curl_easy *data, const char *engine);
92 CURLcode (*set_engine_default)(struct Curl_easy *data);
93 struct curl_slist *(*engines_list)(struct Curl_easy *data);
94
95 bool (*false_start)(void);
96 CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
97 unsigned char *sha256sum, size_t sha256sumlen);
98
99 bool (*associate_connection)(struct Curl_easy *data,
100 struct connectdata *conn,
101 int sockindex);
102 void (*disassociate_connection)(struct Curl_easy *data, int sockindex);
103};
104
105#ifdef USE_SSL
106extern const struct Curl_ssl *Curl_ssl;
107#endif
108
109int Curl_none_init(void);
110void Curl_none_cleanup(void);
111int Curl_none_shutdown(struct Curl_easy *data, struct connectdata *conn,
112 int sockindex);
113int Curl_none_check_cxn(struct connectdata *conn);
114CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
115 size_t length);
116void Curl_none_close_all(struct Curl_easy *data);
117void Curl_none_session_free(void *ptr);
118bool Curl_none_data_pending(const struct connectdata *conn, int connindex);
119bool Curl_none_cert_status_request(void);
120CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine);
121CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
122struct curl_slist *Curl_none_engines_list(struct Curl_easy *data);
123bool Curl_none_false_start(void);
124bool Curl_ssl_tls13_ciphersuites(void);
125
126#include "openssl.h" /* OpenSSL versions */
127#include "gtls.h" /* GnuTLS versions */
128#include "nssg.h" /* NSS versions */
129#include "gskit.h" /* Global Secure ToolKit versions */
130#include "wolfssl.h" /* wolfSSL versions */
131#include "schannel.h" /* Schannel SSPI version */
132#include "sectransp.h" /* SecureTransport (Darwin) version */
133#include "mbedtls.h" /* mbedTLS versions */
134#include "bearssl.h" /* BearSSL versions */
135#include "rustls.h" /* rustls versions */
136
137#ifndef MAX_PINNED_PUBKEY_SIZE
138#define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
139#endif
140
141#ifndef CURL_SHA256_DIGEST_LENGTH
142#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
143#endif
144
145/* see https://www.iana.org/assignments/tls-extensiontype-values/ */
146#define ALPN_HTTP_1_1_LENGTH 8
147#define ALPN_HTTP_1_1 "http/1.1"
148#define ALPN_H2_LENGTH 2
149#define ALPN_H2 "h2"
150
151/* set of helper macros for the backends to access the correct fields. For the
152 proxy or for the remote host - to properly support HTTPS proxy */
153#ifndef CURL_DISABLE_PROXY
154#define SSL_IS_PROXY() \
155 (CURLPROXY_HTTPS == conn->http_proxy.proxytype && \
156 ssl_connection_complete != \
157 conn->proxy_ssl[conn->sock[SECONDARYSOCKET] == \
158 CURL_SOCKET_BAD ? FIRSTSOCKET : SECONDARYSOCKET].state)
159#define SSL_SET_OPTION(var) \
160 (SSL_IS_PROXY() ? data->set.proxy_ssl.var : data->set.ssl.var)
161#define SSL_SET_OPTION_LVALUE(var) \
162 (*(SSL_IS_PROXY() ? &data->set.proxy_ssl.var : &data->set.ssl.var))
163#define SSL_CONN_CONFIG(var) \
164 (SSL_IS_PROXY() ? conn->proxy_ssl_config.var : conn->ssl_config.var)
165#define SSL_HOST_NAME() \
166 (SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name)
167#define SSL_HOST_DISPNAME() \
168 (SSL_IS_PROXY() ? conn->http_proxy.host.dispname : conn->host.dispname)
169#define SSL_HOST_PORT() \
170 (SSL_IS_PROXY() ? conn->port : conn->remote_port)
171#define SSL_PINNED_PUB_KEY() (SSL_IS_PROXY() \
172 ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] \
173 : data->set.str[STRING_SSL_PINNEDPUBLICKEY])
174#else
175#define SSL_IS_PROXY() FALSE
176#define SSL_SET_OPTION(var) data->set.ssl.var
177#define SSL_SET_OPTION_LVALUE(var) data->set.ssl.var
178#define SSL_CONN_CONFIG(var) conn->ssl_config.var
179#define SSL_HOST_NAME() conn->host.name
180#define SSL_HOST_DISPNAME() conn->host.dispname
181#define SSL_HOST_PORT() conn->remote_port
182#define SSL_PINNED_PUB_KEY() \
183 data->set.str[STRING_SSL_PINNEDPUBLICKEY]
184#endif
185
186char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen);
187bool Curl_ssl_config_matches(struct ssl_primary_config *data,
188 struct ssl_primary_config *needle);
189bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
190 struct ssl_primary_config *dest);
191void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc);
192/* An implementation of the getsock field of Curl_ssl that relies
193 on the ssl_connect_state enum. Asks for read or write depending
194 on whether conn->state is ssl_connect_2_reading or
195 ssl_connect_2_writing. */
196int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks);
197
198int Curl_ssl_backend(void);
199
200#ifdef USE_SSL
201int Curl_ssl_init(void);
202void Curl_ssl_cleanup(void);
203CURLcode Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn,
204 int sockindex);
205CURLcode Curl_ssl_connect_nonblocking(struct Curl_easy *data,
206 struct connectdata *conn,
207 bool isproxy,
208 int sockindex,
209 bool *done);
210/* tell the SSL stuff to close down all open information regarding
211 connections (and thus session ID caching etc) */
212void Curl_ssl_close_all(struct Curl_easy *data);
213void Curl_ssl_close(struct Curl_easy *data, struct connectdata *conn,
214 int sockindex);
215CURLcode Curl_ssl_shutdown(struct Curl_easy *data, struct connectdata *conn,
216 int sockindex);
217CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine);
218/* Sets engine as default for all SSL operations */
219CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
220struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data);
221
222/* init the SSL session ID cache */
223CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
224void Curl_ssl_version(char *buffer, size_t size);
225bool Curl_ssl_data_pending(const struct connectdata *conn,
226 int connindex);
227int Curl_ssl_check_cxn(struct connectdata *conn);
228
229/* Certificate information list handling. */
230
231void Curl_ssl_free_certinfo(struct Curl_easy *data);
232CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num);
233CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, int certnum,
234 const char *label, const char *value,
235 size_t valuelen);
236CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data, int certnum,
237 const char *label, const char *value);
238
239/* Functions to be used by SSL library adaptation functions */
240
241/* Lock session cache mutex.
242 * Call this before calling other Curl_ssl_*session* functions
243 * Caller should unlock this mutex as soon as possible, as it may block
244 * other SSL connection from making progress.
245 * The purpose of explicitly locking SSL session cache data is to allow
246 * individual SSL engines to manage session lifetime in their specific way.
247 */
248void Curl_ssl_sessionid_lock(struct Curl_easy *data);
249
250/* Unlock session cache mutex */
251void Curl_ssl_sessionid_unlock(struct Curl_easy *data);
252
253/* extract a session ID
254 * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
255 * Caller must make sure that the ownership of returned sessionid object
256 * is properly taken (e.g. its refcount is incremented
257 * under sessionid mutex).
258 */
259bool Curl_ssl_getsessionid(struct Curl_easy *data,
260 struct connectdata *conn,
261 const bool isProxy,
262 void **ssl_sessionid,
263 size_t *idsize, /* set 0 if unknown */
264 int sockindex);
265/* add a new session ID
266 * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
267 * Caller must ensure that it has properly shared ownership of this sessionid
268 * object with cache (e.g. incrementing refcount on success)
269 */
270CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
271 struct connectdata *conn,
272 const bool isProxy,
273 void *ssl_sessionid,
274 size_t idsize,
275 int sockindex,
276 bool *added);
277/* Kill a single session ID entry in the cache
278 * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
279 * This will call engine-specific curlssl_session_free function, which must
280 * take sessionid object ownership from sessionid cache
281 * (e.g. decrement refcount).
282 */
283void Curl_ssl_kill_session(struct Curl_ssl_session *session);
284/* delete a session from the cache
285 * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
286 * This will call engine-specific curlssl_session_free function, which must
287 * take sessionid object ownership from sessionid cache
288 * (e.g. decrement refcount).
289 */
290void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid);
291
292/* get N random bytes into the buffer */
293CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *buffer,
294 size_t length);
295/* Check pinned public key. */
296CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
297 const char *pinnedpubkey,
298 const unsigned char *pubkey, size_t pubkeylen);
299
300bool Curl_ssl_cert_status_request(void);
301
302bool Curl_ssl_false_start(void);
303
304void Curl_ssl_associate_conn(struct Curl_easy *data,
305 struct connectdata *conn);
306void Curl_ssl_detach_conn(struct Curl_easy *data,
307 struct connectdata *conn);
308
309#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
310
311#else /* if not USE_SSL */
312
313/* When SSL support is not present, just define away these function calls */
314#define Curl_ssl_init() 1
315#define Curl_ssl_cleanup() Curl_nop_stmt
316#define Curl_ssl_connect(x,y,z) CURLE_NOT_BUILT_IN
317#define Curl_ssl_close_all(x) Curl_nop_stmt
318#define Curl_ssl_close(x,y,z) Curl_nop_stmt
319#define Curl_ssl_shutdown(x,y,z) CURLE_NOT_BUILT_IN
320#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
321#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
322#define Curl_ssl_engines_list(x) NULL
323#define Curl_ssl_send(a,b,c,d,e) -1
324#define Curl_ssl_recv(a,b,c,d,e) -1
325#define Curl_ssl_initsessions(x,y) CURLE_OK
326#define Curl_ssl_data_pending(x,y) 0
327#define Curl_ssl_check_cxn(x) 0
328#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
329#define Curl_ssl_connect_nonblocking(x,y,z,w,a) CURLE_NOT_BUILT_IN
330#define Curl_ssl_kill_session(x) Curl_nop_stmt
331#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
332#define Curl_ssl_cert_status_request() FALSE
333#define Curl_ssl_false_start() FALSE
334#define Curl_ssl_tls13_ciphersuites() FALSE
335#define Curl_ssl_associate_conn(a,b) Curl_nop_stmt
336#define Curl_ssl_detach_conn(a,b) Curl_nop_stmt
337#endif
338
339#endif /* HEADER_CURL_VTLS_H */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette