From e09bb63ed8e7d1a7448c42078d511f44bc4c258c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 22 Jun 2017 16:45:34 +0200 Subject: [PATCH] vtls: declare Curl_ssl structs for every SSL backend The idea of introducing the Curl_ssl struct was to unify how the SSL backends are declared and called. To this end, we now provide an instance of the Curl_ssl struct for each and every SSL backend. Signed-off-by: Johannes Schindelin --- lib/vtls/axtls.c | 22 ++++++++++++ lib/vtls/axtls.h | 2 ++ lib/vtls/cyassl.c | 22 ++++++++++++ lib/vtls/cyassl.h | 2 ++ lib/vtls/darwinssl.c | 22 ++++++++++++ lib/vtls/darwinssl.h | 2 ++ lib/vtls/gskit.c | 23 ++++++++++++ lib/vtls/gskit.h | 2 ++ lib/vtls/gtls.c | 22 ++++++++++++ lib/vtls/gtls.h | 2 ++ lib/vtls/mbedtls.c | 22 ++++++++++++ lib/vtls/mbedtls.h | 2 ++ lib/vtls/nss.c | 24 +++++++++++++ lib/vtls/nssg.h | 2 ++ lib/vtls/openssl.c | 23 ++++++++++++ lib/vtls/openssl.h | 2 ++ lib/vtls/polarssl.c | 25 +++++++++++++ lib/vtls/polarssl.h | 2 ++ lib/vtls/schannel.c | 22 ++++++++++++ lib/vtls/schannel.h | 2 ++ lib/vtls/vtls.c | 84 ++++++++++++++++++++++++++++++++++++++++++++ lib/vtls/vtls.h | 15 ++++++++ 22 files changed, 346 insertions(+) diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c index e063232ea..0430d79a9 100644 --- a/lib/vtls/axtls.c +++ b/lib/vtls/axtls.c @@ -702,4 +702,26 @@ CURLcode Curl_axtls_random(struct Curl_easy *data, return CURLE_OK; } +const struct Curl_ssl Curl_ssl_axtls = { + "axtls", /* name */ + + Curl_axtls_init, /* init */ + Curl_axtls_cleanup, /* cleanup */ + Curl_axtls_version, /* version */ + Curl_axtls_check_cxn, /* check_cxn */ + Curl_axtls_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_axtls_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_axtls_connect, /* connect */ + Curl_axtls_connect_nonblocking, /* connect_nonblocking */ + Curl_axtls_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_axtls_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_AXTLS */ diff --git a/lib/vtls/axtls.h b/lib/vtls/axtls.h index e4c0c1307..71f3c3d1c 100644 --- a/lib/vtls/axtls.h +++ b/lib/vtls/axtls.h @@ -46,6 +46,8 @@ CURLcode Curl_axtls_random(struct Curl_easy *data, unsigned char *entropy, size_t length); +extern const struct Curl_ssl Curl_ssl_axtls; + /* Set the API backend definition to axTLS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_AXTLS diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 01bfdabd1..995cf629c 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -951,4 +951,26 @@ void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ Sha256Final(&SHA256pw, sha256sum); } +const struct Curl_ssl Curl_ssl_cyassl = { + "cyassl", /* name */ + + Curl_cyassl_init, /* init */ + Curl_none_cleanup, /* cleanup */ + Curl_cyassl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_cyassl_shutdown, /* shutdown */ + Curl_cyassl_data_pending, /* data_pending */ + Curl_cyassl_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_cyassl_connect, /* connect */ + Curl_cyassl_connect_nonblocking, /* connect_nonblocking */ + Curl_cyassl_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_cyassl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h index f47719e4e..3e5049c40 100644 --- a/lib/vtls/cyassl.h +++ b/lib/vtls/cyassl.h @@ -59,6 +59,8 @@ void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ unsigned char *sha256sum, /* output */ size_t unused); +extern const struct Curl_ssl Curl_ssl_cyassl; + /* Set the API backend definition to CyaSSL */ #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 25e4bc83f..90618bdce 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -2856,6 +2856,28 @@ static ssize_t darwinssl_recv(struct connectdata *conn, return (ssize_t)processed; } +const struct Curl_ssl Curl_ssl_darwinssl = { + "darwinssl", /* name */ + + Curl_none_init, /* init */ + Curl_none_cleanup, /* cleanup */ + Curl_darwinssl_version, /* version */ + Curl_darwinssl_check_cxn, /* check_cxn */ + Curl_darwinssl_shutdown, /* shutdown */ + Curl_darwinssl_data_pending, /* data_pending */ + Curl_darwinssl_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_darwinssl_connect, /* connect */ + Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */ + Curl_darwinssl_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_darwinssl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_darwinssl_false_start /* false_start */ +}; + #ifdef __clang__ #pragma clang diagnostic pop #endif diff --git a/lib/vtls/darwinssl.h b/lib/vtls/darwinssl.h index 51931ee8f..687ecb13a 100644 --- a/lib/vtls/darwinssl.h +++ b/lib/vtls/darwinssl.h @@ -54,6 +54,8 @@ void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ size_t sha256len); bool Curl_darwinssl_false_start(void); +extern const struct Curl_ssl Curl_ssl_darwinssl; + /* Set the API backend definition to SecureTransport */ #define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index bf75bddc2..3da7bf297 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -1334,4 +1334,27 @@ int Curl_gskit_check_cxn(struct connectdata *cxn) return -1; /* connection status unknown */ } +const struct Curl_ssl Curl_ssl_gskit = { + "gskit", /* name */ + + Curl_gskit_init, /* init */ + Curl_gskit_cleanup, /* cleanup */ + Curl_gskit_version, /* version */ + Curl_gskit_check_cxn, /* check_cxn */ + Curl_gskit_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_none_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_gskit_connect, /* connect */ + Curl_gskit_connect_nonblocking, /* connect_nonblocking */ + Curl_gskit_close, /* close */ + Curl_none_close_all, /* close_all */ + /* No session handling for GSKit */ + Curl_none_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_GSKIT */ diff --git a/lib/vtls/gskit.h b/lib/vtls/gskit.h index 229759217..b329104d5 100644 --- a/lib/vtls/gskit.h +++ b/lib/vtls/gskit.h @@ -44,6 +44,8 @@ int Curl_gskit_check_cxn(struct connectdata *cxn); /* Support HTTPS-proxy */ /* TODO: add '#define HTTPS_PROXY_SUPPORT 1' and fix test #1014 (if need) */ +extern const struct Curl_ssl Curl_ssl_gskit; + /* Set the API backend definition to GSKit */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 3889b8e5f..495c8514d 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -1785,4 +1785,26 @@ bool Curl_gtls_cert_status_request(void) #endif } +const struct Curl_ssl Curl_ssl_gnutls = { + "gnutls", /* name */ + + Curl_gtls_init, /* init */ + Curl_gtls_cleanup, /* cleanup */ + Curl_gtls_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_gtls_shutdown, /* shutdown */ + Curl_gtls_data_pending, /* data_pending */ + Curl_gtls_random, /* random */ + Curl_gtls_cert_status_request, /* cert_status_request */ + Curl_gtls_connect, /* connect */ + Curl_gtls_connect_nonblocking, /* connect_nonblocking */ + Curl_gtls_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_glts_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_GNUTLS */ diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h index 3e5d9e000..24578b06e 100644 --- a/lib/vtls/gtls.h +++ b/lib/vtls/gtls.h @@ -60,6 +60,8 @@ bool Curl_gtls_cert_status_request(void); /* Support HTTPS-proxy */ #define HTTPS_PROXY_SUPPORT 1 +extern const struct Curl_ssl Curl_ssl_gnutls; + /* Set the API backend definition to GnuTLS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 1de4a8783..2d5e87d08 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -1007,4 +1007,26 @@ bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex) return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; } +const struct Curl_ssl Curl_ssl_mbedtls = { + "mbedtls", /* name */ + + Curl_mbedtls_init, /* init */ + Curl_mbedtls_cleanup, /* cleanup */ + Curl_mbedtls_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_none_shutdown, /* shutdown */ + Curl_mbedtls_data_pending, /* data_pending */ + Curl_mbedtls_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_mbedtls_connect, /* connect */ + Curl_mbedtls_connect_nonblocking, /* connect_nonblocking */ + Curl_mbedtls_close, /* close */ + Curl_mbedtls_close_all, /* close_all */ + Curl_mbedtls_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_MBEDTLS */ diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h index a8041bc56..70bbcb58a 100644 --- a/lib/vtls/mbedtls.h +++ b/lib/vtls/mbedtls.h @@ -59,6 +59,8 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, /* this backend supports CURLOPT_SSL_CTX_* */ #define have_curlssl_ssl_ctx 1 +extern const struct Curl_ssl Curl_ssl_mbedtls; + /* API setup for mbedTLS */ #define curlssl_init() Curl_mbedtls_init() #define curlssl_cleanup() Curl_mbedtls_cleanup() diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index d1711d6a1..d6797eedf 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -2322,4 +2322,28 @@ bool Curl_nss_false_start(void) #endif } +const struct Curl_ssl Curl_ssl_nss = { + "nss", /* name */ + + Curl_nss_init, /* init */ + Curl_nss_cleanup, /* cleanup */ + Curl_nss_version, /* version */ + Curl_nss_check_cxn, /* check_cxn */ + /* NSS has no shutdown function provided and thus always fail */ + Curl_none_shutdown, /* shutdown */ + Curl_none_data_pending, /* data_pending */ + Curl_nss_random, /* random */ + Curl_nss_cert_status_request, /* cert_status_request */ + Curl_nss_connect, /* connect */ + Curl_nss_connect_nonblocking, /* connect_nonblocking */ + Curl_nss_close, /* close */ + Curl_none_close_all, /* close_all */ + /* NSS has its own session ID cache */ + Curl_none_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_nss_false_start /* false_start */ +}; + #endif /* USE_NSS */ diff --git a/lib/vtls/nssg.h b/lib/vtls/nssg.h index 8c46929ff..6117486e2 100644 --- a/lib/vtls/nssg.h +++ b/lib/vtls/nssg.h @@ -68,6 +68,8 @@ bool Curl_nss_false_start(void); /* Support HTTPS-proxy */ #define HTTPS_PROXY_SUPPORT 1 +extern const struct Curl_ssl Curl_ssl_nss; + /* Set the API backend definition to NSS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_NSS diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 8c1d5a8e5..28e31baea 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3385,4 +3385,27 @@ bool Curl_ossl_cert_status_request(void) return FALSE; #endif } + +const struct Curl_ssl Curl_ssl_openssl = { + "openssl", /* name */ + + Curl_ossl_init, /* init */ + Curl_ossl_cleanup, /* cleanup */ + Curl_ossl_version, /* version */ + Curl_ossl_check_cxn, /* check_cxn */ + Curl_ossl_shutdown, /* shutdown */ + Curl_ossl_data_pending, /* data_pending */ + Curl_ossl_random, /* random */ + Curl_ossl_cert_status_request, /* cert_status_request */ + Curl_ossl_connect, /* connect */ + Curl_ossl_connect_nonblocking, /* connect_nonblocking */ + Curl_ossl_close, /* close */ + Curl_ossl_close_all, /* close_all */ + Curl_ossl_session_free, /* session_free */ + Curl_ossl_set_engine, /* set_engine */ + Curl_ossl_set_engine_default, /* set_engine_default */ + Curl_ossl_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_OPENSSL */ diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index b9648d514..92d418f84 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -82,6 +82,8 @@ bool Curl_ossl_cert_status_request(void); /* Support HTTPS-proxy */ #define HTTPS_PROXY_SUPPORT 1 +extern const struct Curl_ssl Curl_ssl_openssl; + /* Set the API backend definition to OpenSSL */ #define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 8b66a247d..8cfbce9bf 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -870,4 +870,29 @@ bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; } +const struct Curl_ssl Curl_ssl_polarssl = { + "polarssl", /* name */ + + Curl_polarssl_init, /* init */ + Curl_polarssl_cleanup, /* cleanup */ + Curl_polarssl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_none_shutdown, /* shutdown */ + Curl_polarssl_data_pending, /* data_pending */ + /* This might cause libcurl to use a weeker random! + * TODO: use Polarssl's CTR-DRBG or HMAC-DRBG + */ + Curl_none_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_polarssl_connect, /* connect */ + Curl_polarssl_connect_nonblocking, /* connect_nonblocking */ + Curl_polarssl_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_polarssl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_POLARSSL */ diff --git a/lib/vtls/polarssl.h b/lib/vtls/polarssl.h index c7b184941..632377a16 100644 --- a/lib/vtls/polarssl.h +++ b/lib/vtls/polarssl.h @@ -47,6 +47,8 @@ void Curl_polarssl_session_free(void *ptr); size_t Curl_polarssl_version(char *buffer, size_t size); int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); +extern const struct Curl_ssl Curl_ssl_polarssl; + /* Set the API backend definition to PolarSSL */ #define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 988612cd2..3e148efad 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -1726,4 +1726,26 @@ static CURLcode verify_certificate(struct connectdata *conn, int sockindex) } #endif /* _WIN32_WCE */ +const struct Curl_ssl Curl_ssl_schannel = { + "schannel", /* name */ + + Curl_schannel_init, /* init */ + Curl_schannel_cleanup, /* cleanup */ + Curl_schannel_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_schannel_shutdown, /* shutdown */ + Curl_schannel_data_pending, /* data_pending */ + Curl_schannel_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_schannel_connect, /* connect */ + Curl_schannel_connect_nonblocking, /* connect_nonblocking */ + Curl_schannel_close, /* close */ + Curl_none_close_all, /* close_all */ + Curl_schannel_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start /* false_start */ +}; + #endif /* USE_SCHANNEL */ diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h index bd12b952d..0ea30c209 100644 --- a/lib/vtls/schannel.h +++ b/lib/vtls/schannel.h @@ -95,6 +95,8 @@ size_t Curl_schannel_version(char *buffer, size_t size); CURLcode Curl_schannel_random(struct Curl_easy *data, unsigned char *entropy, size_t length); +extern const struct Curl_ssl Curl_ssl_schannel; + /* Set the API backend definition to Schannel */ #define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d5d0971c4..9c166d25d 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -984,4 +984,88 @@ bool Curl_ssl_false_start(void) #endif } +/* + * Default implementations for unsupported functions. + */ + +int Curl_none_init(void) +{ + return 1; +} + +void Curl_none_cleanup(void) +{ } + +int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM, + int sockindex UNUSED_PARAM) +{ + (void)conn; + (void)sockindex; + return 0; +} + +int Curl_none_check_cxn(struct connectdata *conn UNUSED_PARAM) +{ + (void)conn; + return -1; +} + +CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy UNUSED_PARAM, + size_t length UNUSED_PARAM) +{ + (void)data; + (void)entropy; + (void)length; + return CURLE_NOT_BUILT_IN; +} + +void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; +} + +void Curl_none_session_free(void *ptr UNUSED_PARAM) +{ + (void)ptr; +} + +bool Curl_none_data_pending(const struct connectdata *conn UNUSED_PARAM, + int connindex UNUSED_PARAM) +{ + (void)conn; + (void)connindex; + return 0; +} + +bool Curl_none_cert_status_request(void) +{ + return FALSE; +} + +CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM, + const char *engine UNUSED_PARAM) +{ + (void)data; + (void)engine; + return CURLE_NOT_BUILT_IN; +} + +CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; + return CURLE_NOT_BUILT_IN; +} + +struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM) +{ + (void)data; + return (struct curl_slist *)NULL; +} + +bool Curl_none_false_start(void) +{ + return FALSE; +} + #endif /* USE_SSL */ diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index b4df04771..9093462da 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -56,6 +56,21 @@ struct Curl_ssl { bool (*false_start)(void); }; +int Curl_none_init(void); +void Curl_none_cleanup(void); +int Curl_none_shutdown(struct connectdata *conn, int sockindex); +int Curl_none_check_cxn(struct connectdata *conn); +CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy, + size_t length); +void Curl_none_close_all(struct Curl_easy *data); +void Curl_none_session_free(void *ptr); +bool Curl_none_data_pending(const struct connectdata *conn, int connindex); +bool Curl_none_cert_status_request(void); +CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine); +CURLcode Curl_none_set_engine_default(struct Curl_easy *data); +struct curl_slist *Curl_none_engines_list(struct Curl_easy *data); +bool Curl_none_false_start(void); + #include "openssl.h" /* OpenSSL versions */ #include "gtls.h" /* GnuTLS versions */ #include "nssg.h" /* NSS versions */ -- 2.40.0