| 1 | #ifndef HEADER_CURL_VTLS_INT_H
|
|---|
| 2 | #define HEADER_CURL_VTLS_INT_H
|
|---|
| 3 | /***************************************************************************
|
|---|
| 4 | * _ _ ____ _
|
|---|
| 5 | * Project ___| | | | _ \| |
|
|---|
| 6 | * / __| | | | |_) | |
|
|---|
| 7 | * | (__| |_| | _ <| |___
|
|---|
| 8 | * \___|\___/|_| \_\_____|
|
|---|
| 9 | *
|
|---|
| 10 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|---|
| 11 | *
|
|---|
| 12 | * This software is licensed as described in the file COPYING, which
|
|---|
| 13 | * you should have received as part of this distribution. The terms
|
|---|
| 14 | * are also available at https://curl.se/docs/copyright.html.
|
|---|
| 15 | *
|
|---|
| 16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|---|
| 17 | * copies of the Software, and permit persons to whom the Software is
|
|---|
| 18 | * furnished to do so, under the terms of the COPYING file.
|
|---|
| 19 | *
|
|---|
| 20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|---|
| 21 | * KIND, either express or implied.
|
|---|
| 22 | *
|
|---|
| 23 | * SPDX-License-Identifier: curl
|
|---|
| 24 | *
|
|---|
| 25 | ***************************************************************************/
|
|---|
| 26 | #include "curl_setup.h"
|
|---|
| 27 | #include "cfilters.h"
|
|---|
| 28 | #include "urldata.h"
|
|---|
| 29 |
|
|---|
| 30 | #ifdef USE_SSL
|
|---|
| 31 |
|
|---|
| 32 | /* Information in each SSL cfilter context: cf->ctx */
|
|---|
| 33 | struct ssl_connect_data {
|
|---|
| 34 | ssl_connection_state state;
|
|---|
| 35 | ssl_connect_state connecting_state;
|
|---|
| 36 | const char *hostname; /* hostnaem for verification */
|
|---|
| 37 | const char *dispname; /* display version of hostname */
|
|---|
| 38 | int port; /* remote port at origin */
|
|---|
| 39 | struct ssl_backend_data *backend; /* vtls backend specific props */
|
|---|
| 40 | struct Curl_easy *call_data; /* data handle used in current call,
|
|---|
| 41 | * same as parameter passed, but available
|
|---|
| 42 | * here for backend internal callbacks
|
|---|
| 43 | * that need it. NULLed after at the
|
|---|
| 44 | * end of each vtls filter invcocation. */
|
|---|
| 45 | };
|
|---|
| 46 |
|
|---|
| 47 |
|
|---|
| 48 | /* Definitions for SSL Implementations */
|
|---|
| 49 |
|
|---|
| 50 | struct Curl_ssl {
|
|---|
| 51 | /*
|
|---|
| 52 | * This *must* be the first entry to allow returning the list of available
|
|---|
| 53 | * backends in curl_global_sslset().
|
|---|
| 54 | */
|
|---|
| 55 | curl_ssl_backend info;
|
|---|
| 56 | unsigned int supports; /* bitfield, see above */
|
|---|
| 57 | size_t sizeof_ssl_backend_data;
|
|---|
| 58 |
|
|---|
| 59 | int (*init)(void);
|
|---|
| 60 | void (*cleanup)(void);
|
|---|
| 61 |
|
|---|
| 62 | size_t (*version)(char *buffer, size_t size);
|
|---|
| 63 | int (*check_cxn)(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 64 | int (*shut_down)(struct Curl_cfilter *cf,
|
|---|
| 65 | struct Curl_easy *data);
|
|---|
| 66 | bool (*data_pending)(struct Curl_cfilter *cf,
|
|---|
| 67 | const struct Curl_easy *data);
|
|---|
| 68 |
|
|---|
| 69 | /* return 0 if a find random is filled in */
|
|---|
| 70 | CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
|
|---|
| 71 | size_t length);
|
|---|
| 72 | bool (*cert_status_request)(void);
|
|---|
| 73 |
|
|---|
| 74 | CURLcode (*connect_blocking)(struct Curl_cfilter *cf,
|
|---|
| 75 | struct Curl_easy *data);
|
|---|
| 76 | CURLcode (*connect_nonblocking)(struct Curl_cfilter *cf,
|
|---|
| 77 | struct Curl_easy *data,
|
|---|
| 78 | bool *done);
|
|---|
| 79 |
|
|---|
| 80 | /* If the SSL backend wants to read or write on this connection during a
|
|---|
| 81 | handshake, set socks[0] to the connection's FIRSTSOCKET, and return
|
|---|
| 82 | a bitmap indicating read or write with GETSOCK_WRITESOCK(0) or
|
|---|
| 83 | GETSOCK_READSOCK(0). Otherwise return GETSOCK_BLANK.
|
|---|
| 84 | Mandatory. */
|
|---|
| 85 | int (*get_select_socks)(struct Curl_cfilter *cf, struct Curl_easy *data,
|
|---|
| 86 | curl_socket_t *socks);
|
|---|
| 87 |
|
|---|
| 88 | void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
|
|---|
| 89 | void (*close)(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 90 | void (*close_all)(struct Curl_easy *data);
|
|---|
| 91 | void (*session_free)(void *ptr);
|
|---|
| 92 |
|
|---|
| 93 | CURLcode (*set_engine)(struct Curl_easy *data, const char *engine);
|
|---|
| 94 | CURLcode (*set_engine_default)(struct Curl_easy *data);
|
|---|
| 95 | struct curl_slist *(*engines_list)(struct Curl_easy *data);
|
|---|
| 96 |
|
|---|
| 97 | bool (*false_start)(void);
|
|---|
| 98 | CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
|
|---|
| 99 | unsigned char *sha256sum, size_t sha256sumlen);
|
|---|
| 100 |
|
|---|
| 101 | bool (*attach_data)(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 102 | void (*detach_data)(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 103 |
|
|---|
| 104 | void (*free_multi_ssl_backend_data)(struct multi_ssl_backend_data *mbackend);
|
|---|
| 105 |
|
|---|
| 106 | ssize_t (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
|
|---|
| 107 | char *buf, size_t len, CURLcode *code);
|
|---|
| 108 | ssize_t (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
|
|---|
| 109 | const void *mem, size_t len, CURLcode *code);
|
|---|
| 110 |
|
|---|
| 111 | };
|
|---|
| 112 |
|
|---|
| 113 | extern const struct Curl_ssl *Curl_ssl;
|
|---|
| 114 |
|
|---|
| 115 |
|
|---|
| 116 | int Curl_none_init(void);
|
|---|
| 117 | void Curl_none_cleanup(void);
|
|---|
| 118 | int Curl_none_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 119 | int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data);
|
|---|
| 120 | CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
|
|---|
| 121 | size_t length);
|
|---|
| 122 | void Curl_none_close_all(struct Curl_easy *data);
|
|---|
| 123 | void Curl_none_session_free(void *ptr);
|
|---|
| 124 | bool Curl_none_data_pending(struct Curl_cfilter *cf,
|
|---|
| 125 | const struct Curl_easy *data);
|
|---|
| 126 | bool Curl_none_cert_status_request(void);
|
|---|
| 127 | CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine);
|
|---|
| 128 | CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
|
|---|
| 129 | struct curl_slist *Curl_none_engines_list(struct Curl_easy *data);
|
|---|
| 130 | bool Curl_none_false_start(void);
|
|---|
| 131 | int Curl_ssl_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data,
|
|---|
| 132 | curl_socket_t *socks);
|
|---|
| 133 |
|
|---|
| 134 | /**
|
|---|
| 135 | * Get the ssl_config_data in `data` that is relevant for cfilter `cf`.
|
|---|
| 136 | */
|
|---|
| 137 | struct ssl_config_data *Curl_ssl_cf_get_config(struct Curl_cfilter *cf,
|
|---|
| 138 | struct Curl_easy *data);
|
|---|
| 139 |
|
|---|
| 140 | /**
|
|---|
| 141 | * Get the primary config relevant for the filter from its connection.
|
|---|
| 142 | */
|
|---|
| 143 | struct ssl_primary_config *
|
|---|
| 144 | Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf);
|
|---|
| 145 |
|
|---|
| 146 | /**
|
|---|
| 147 | * Get the first SSL filter in the chain starting with `cf`, or NULL.
|
|---|
| 148 | */
|
|---|
| 149 | struct Curl_cfilter *Curl_ssl_cf_get_ssl(struct Curl_cfilter *cf);
|
|---|
| 150 |
|
|---|
| 151 | /**
|
|---|
| 152 | * Get the SSL filter below the given one or NULL if there is none.
|
|---|
| 153 | */
|
|---|
| 154 | bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf);
|
|---|
| 155 |
|
|---|
| 156 | /* extract a session ID
|
|---|
| 157 | * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
|
|---|
| 158 | * Caller must make sure that the ownership of returned sessionid object
|
|---|
| 159 | * is properly taken (e.g. its refcount is incremented
|
|---|
| 160 | * under sessionid mutex).
|
|---|
| 161 | */
|
|---|
| 162 | bool Curl_ssl_getsessionid(struct Curl_cfilter *cf,
|
|---|
| 163 | struct Curl_easy *data,
|
|---|
| 164 | void **ssl_sessionid,
|
|---|
| 165 | size_t *idsize); /* set 0 if unknown */
|
|---|
| 166 | /* add a new session ID
|
|---|
| 167 | * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
|
|---|
| 168 | * Caller must ensure that it has properly shared ownership of this sessionid
|
|---|
| 169 | * object with cache (e.g. incrementing refcount on success)
|
|---|
| 170 | */
|
|---|
| 171 | CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf,
|
|---|
| 172 | struct Curl_easy *data,
|
|---|
| 173 | void *ssl_sessionid,
|
|---|
| 174 | size_t idsize,
|
|---|
| 175 | bool *added);
|
|---|
| 176 |
|
|---|
| 177 | #include "openssl.h" /* OpenSSL versions */
|
|---|
| 178 | #include "gtls.h" /* GnuTLS versions */
|
|---|
| 179 | #include "nssg.h" /* NSS versions */
|
|---|
| 180 | #include "gskit.h" /* Global Secure ToolKit versions */
|
|---|
| 181 | #include "wolfssl.h" /* wolfSSL versions */
|
|---|
| 182 | #include "schannel.h" /* Schannel SSPI version */
|
|---|
| 183 | #include "sectransp.h" /* SecureTransport (Darwin) version */
|
|---|
| 184 | #include "mbedtls.h" /* mbedTLS versions */
|
|---|
| 185 | #include "bearssl.h" /* BearSSL versions */
|
|---|
| 186 | #include "rustls.h" /* rustls versions */
|
|---|
| 187 |
|
|---|
| 188 | #endif /* USE_SSL */
|
|---|
| 189 |
|
|---|
| 190 | #endif /* HEADER_CURL_VTLS_INT_H */
|
|---|