romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 21:31:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

lib/subdirs: fix formatting nits

Browse source 
Closes #19757
This commit is contained in:
Viktor Szakats 2025-11-29 02:16:52 +01:00
parent 0eed8b7330
commit 2253bc330f
No known key found for this signature in database
GPG key ID: B5ABD165E2AEF201
64 changed files with 1218 additions and 1416 deletions
Download patch file Download diff file Expand all files Collapse all files

20
lib/curlx/base64.c
View file

@ -31,12 +31,12 @@
#include "base64.h"
/* ---- Base64 Encoding/Decoding Table --- */
const char Curl_base64encdec[]=
const char Curl_base64encdec[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/* The Base 64 encoding with a URL and filename safe alphabet, RFC 4648
section 5 */
static const char base64url[]=
static const char base64url[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
static const unsigned char decodetable[] =
@ -188,18 +188,18 @@ static CURLcode base64_encode(const char *table64,
return CURLE_OUT_OF_MEMORY;
while(insize >= 3) {
*output++ = table64[ in[0] >> 2 ];
*output++ = table64[ ((in[0] & 0x03) << 4) | (in[1] >> 4) ];
*output++ = table64[ ((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6) ];
*output++ = table64[ in[2] & 0x3F ];
*output++ = table64[in[0] >> 2];
*output++ = table64[((in[0] & 0x03) << 4) | (in[1] >> 4)];
*output++ = table64[((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6)];
*output++ = table64[in[2] & 0x3F];
insize -= 3;
in += 3;
}
if(insize) {
/* this is only one or two bytes now */
*output++ = table64[ in[0] >> 2 ];
*output++ = table64[in[0] >> 2];
if(insize == 1) {
*output++ = table64[ ((in[0] & 0x03) << 4) ];
*output++ = table64[((in[0] & 0x03) << 4)];
if(padbyte) {
*output++ = padbyte;
*output++ = padbyte;
@ -207,8 +207,8 @@ static CURLcode base64_encode(const char *table64,
}
else {
/* insize == 2 */
*output++ = table64[ ((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4) ];
*output++ = table64[ ((in[1] & 0x0F) << 2) ];
*output++ = table64[((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4)];
*output++ = table64[((in[1] & 0x0F) << 2)];
if(padbyte)
*output++ = padbyte;
}

1
lib/curlx/dynbuf.c
View file

@ -156,7 +156,6 @@ CURLcode curlx_dyn_tail(struct dynbuf *s, size_t trail)
s->bufr[s->leng] = 0;
}
return CURLE_OK;
}
/*

22
lib/curlx/dynbuf.h
View file

@ -32,7 +32,7 @@ struct dynbuf {
size_t allc; /* size of the current allocation */
size_t toobig; /* size limit for the buffer */
#ifdef DEBUGBUILD
int init; /* detect API usage mistakes */
int init; /* detect API usage mistakes */
#endif
};
@ -62,24 +62,24 @@ int curlx_dyn_vprintf(struct dynbuf *dyn, const char *format, va_list ap_save);
char *curlx_dyn_take(struct dynbuf *s, size_t *plen);
/* Dynamic buffer max sizes */
#define MAX_DYNBUF_SIZE (SIZE_MAX/2)
#define MAX_DYNBUF_SIZE (SIZE_MAX / 2)
#define DYN_DOH_RESPONSE 3000
#define DYN_DOH_CNAME 256
#define DYN_PAUSE_BUFFER (64 * 1024 * 1024)
#define DYN_HAXPROXY 2048
#define DYN_HTTP_REQUEST (1024*1024)
#define DYN_HTTP_REQUEST (1024 * 1024)
#define DYN_APRINTF 8000000
#define DYN_RTSP_REQ_HEADER (64*1024)
#define DYN_TRAILERS (64*1024)
#define DYN_RTSP_REQ_HEADER (64 * 1024)
#define DYN_TRAILERS (64 * 1024)
#define DYN_PROXY_CONNECT_HEADERS 16384
#define DYN_QLOG_NAME 1024
#define DYN_H1_TRAILER 4096
#define DYN_PINGPPONG_CMD (64*1024)
#define DYN_IMAP_CMD (64*1024)
#define DYN_MQTT_RECV (64*1024)
#define DYN_PINGPPONG_CMD (64 * 1024)
#define DYN_IMAP_CMD (64 * 1024)
#define DYN_MQTT_RECV (64 * 1024)
#define DYN_MQTT_SEND 0xFFFFFFF
#define DYN_CRLFILE_SIZE (400*1024*1024) /* 400mb */
#define DYN_CERTFILE_SIZE (100*1024) /* 100KiB */
#define DYN_KEYFILE_SIZE (100*1024) /* 100KiB */
#define DYN_CRLFILE_SIZE (400 * 1024 * 1024) /* 400MiB */
#define DYN_CERTFILE_SIZE (100 * 1024) /* 100KiB */
#define DYN_KEYFILE_SIZE (100 * 1024) /* 100KiB */
#endif

11
lib/curlx/fopen.h
View file

@ -51,11 +51,12 @@ int curlx_win32_open(const char *filename, int oflag, ...);
#endif
#ifdef CURLDEBUG
#define curlx_fopen(file,mode) curl_dbg_fopen(file,mode,__LINE__,__FILE__)
#define curlx_freopen(file,mode,fh) \
curl_dbg_freopen(file,mode,fh,__LINE__,__FILE__)
#define curlx_fdopen(file,mode) curl_dbg_fdopen(file,mode,__LINE__,__FILE__)
#define curlx_fclose(file) curl_dbg_fclose(file,__LINE__,__FILE__)
#define curlx_fopen(file, mode) curl_dbg_fopen(file, mode, __LINE__, __FILE__)
#define curlx_freopen(file, mode, fh) \
curl_dbg_freopen(file, mode, fh, __LINE__, __FILE__)
#define curlx_fdopen(file, mode) \
curl_dbg_fdopen(file, mode, __LINE__, __FILE__)
#define curlx_fclose(file) curl_dbg_fclose(file, __LINE__, __FILE__)
#else
#define curlx_fopen CURLX_FOPEN_LOW
#define curlx_freopen CURLX_FREOPEN_LOW

11
lib/curlx/inet_ntop.c
View file

@ -109,17 +109,18 @@ static char *inet_ntop6(const unsigned char *src, char *dst, size_t size)
*/
memset(words, '\0', sizeof(words));
for(i = 0; i < IN6ADDRSZ; i++)
words[i/2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3));
words[i / 2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3));
best.base = -1;
cur.base = -1;
cur.base = -1;
best.len = 0;
cur.len = 0;
for(i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
if(words[i] == 0) {
if(cur.base == -1) {
cur.base = i; cur.len = 1;
cur.base = i;
cur.len = 1;
}
else
cur.len++;
@ -152,7 +153,7 @@ static char *inet_ntop6(const unsigned char *src, char *dst, size_t size)
/* Is this address an encapsulated IPv4?
*/
if(i == 6 && best.base == 0 &&
(best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
(best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
if(!inet_ntop4(src + 12, tp, sizeof(tmp) - (tp - tmp))) {
return NULL;
}
@ -219,4 +220,4 @@ char *curlx_inet_ntop(int af, const void *src, char *buf, size_t size)
return NULL;
}
}
#endif /* HAVE_INET_NTOP */
#endif /* HAVE_INET_NTOP */

4
lib/curlx/inet_ntop.h
View file

@ -37,11 +37,11 @@
#include <arpa/inet.h>
#endif
#ifdef __AMIGA__
#define curlx_inet_ntop(af,addr,buf,size) \
#define curlx_inet_ntop(af, addr, buf, size) \
(char *)inet_ntop(af, CURL_UNCONST(addr), (unsigned char *)buf, \
(curl_socklen_t)(size))
#else
#define curlx_inet_ntop(af,addr,buf,size) \
#define curlx_inet_ntop(af, addr, buf, size) \
inet_ntop(af, addr, buf, (curl_socklen_t)(size))
#endif
#else

23
lib/curlx/inet_pton.c
View file

@ -54,8 +54,8 @@
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4(const char *src, unsigned char *dst);
static int inet_pton6(const char *src, unsigned char *dst);
static int inet_pton4(const char *src, unsigned char *dst);
static int inet_pton6(const char *src, unsigned char *dst);
/* int
* inet_pton(af, src, dst)
@ -73,8 +73,7 @@ static int inet_pton6(const char *src, unsigned char *dst);
* author:
* Paul Vixie, 1996.
*/
int
curlx_inet_pton(int af, const char *src, void *dst)
int curlx_inet_pton(int af, const char *src, void *dst)
{
switch(af) {
case AF_INET:
@ -98,8 +97,7 @@ curlx_inet_pton(int af, const char *src, void *dst)
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton4(const char *src, unsigned char *dst)
static int inet_pton4(const char *src, unsigned char *dst)
{
int saw_digit, octets, ch;
unsigned char tmp[INADDRSZ], *tp;
@ -151,8 +149,7 @@ inet_pton4(const char *src, unsigned char *dst)
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton6(const char *src, unsigned char *dst)
static int inet_pton6(const char *src, unsigned char *dst)
{
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *curtok;
@ -187,14 +184,14 @@ inet_pton6(const char *src, unsigned char *dst)
}
if(tp + INT16SZ > endp)
return 0;
*tp++ = (unsigned char) ((val >> 8) & 0xff);
*tp++ = (unsigned char) (val & 0xff);
*tp++ = (unsigned char)((val >> 8) & 0xff);
*tp++ = (unsigned char)(val & 0xff);
saw_xdigit = 0;
val = 0;
continue;
}
if(ch == '.' && ((tp + INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
inet_pton4(curtok, tp) > 0) {
tp += INADDRSZ;
saw_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
@ -204,8 +201,8 @@ inet_pton6(const char *src, unsigned char *dst)
if(saw_xdigit) {
if(tp + INT16SZ > endp)
return 0;
*tp++ = (unsigned char) ((val >> 8) & 0xff);
*tp++ = (unsigned char) (val & 0xff);
*tp++ = (unsigned char)((val >> 8) & 0xff);
*tp++ = (unsigned char)(val & 0xff);
}
if(colonp) {
/*

6
lib/curlx/inet_pton.h
View file

@ -37,9 +37,11 @@
#include <arpa/inet.h>
#endif
#ifdef __AMIGA__
#define curlx_inet_pton(x,y,z) inet_pton(x,(unsigned char *)CURL_UNCONST(y),z)
#define curlx_inet_pton(x, y, z) \
inet_pton(x, (unsigned char *)CURL_UNCONST(y), z)
#else
#define curlx_inet_pton(x,y,z) inet_pton(x,y,z)
#define curlx_inet_pton(x, y, z) \
inet_pton(x, y, z)
#endif
#else
int curlx_inet_pton(int, const char *, void *);

2
lib/curlx/nonblock.c
View file

@ -88,6 +88,6 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */
return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
#else
# error "no non-blocking method was found/used/set"
#error "no non-blocking method was found/used/set"
#endif
}

3
lib/curlx/strerr.c
View file

@ -43,8 +43,7 @@
* codes (WSAGetLastError) to error messages.
* Returns NULL if no error message was found for error code.
*/
static const char *
get_winsock_error(int err, char *buf, size_t len)
static const char *get_winsock_error(int err, char *buf, size_t len)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
const char *p;

8
lib/curlx/strparse.c
View file

@ -66,8 +66,7 @@ int curlx_str_until(const char **linep, struct Curl_str *out,
/* Get a word until the first space or end of string. At least one byte long.
return non-zero on error */
int curlx_str_word(const char **linep, struct Curl_str *out,
const size_t max)
int curlx_str_word(const char **linep, struct Curl_str *out, const size_t max)
{
return curlx_str_until(linep, out, max, ' ');
}
@ -95,7 +94,6 @@ int curlx_str_untilnl(const char **linep, struct Curl_str *out,
return STRE_OK;
}
/* Get a "quoted" word. No escaping possible.
return non-zero on error */
int curlx_str_quotedword(const char **linep, struct Curl_str *out,
@ -141,8 +139,8 @@ int curlx_str_singlespace(const char **linep)
}
/* given an ASCII character and max ascii, return TRUE if valid */
#define valid_digit(x,m) \
(((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x)-'0'])
#define valid_digit(x, m) \
(((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x) - '0'])
/* We use 16 for the zero index (and the necessary bitwise AND in the loop)
to be able to have a non-zero value there to make valid_digit() able to

2
lib/curlx/timediff.c
View file

@ -84,5 +84,5 @@ struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms)
*/
timediff_t curlx_tvtoms(struct timeval *tv)
{
return (tv->tv_sec*1000) + (timediff_t)(tv->tv_usec/1000);
return (tv->tv_sec * 1000) + (timediff_t)(tv->tv_usec / 1000);
}

34
lib/curlx/timeval.c
View file

@ -79,7 +79,7 @@ struct curltime curlx_now(void)
return now;
}
#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \
#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \
defined(HAVE_CLOCK_GETTIME_MONOTONIC_RAW)
struct curltime curlx_now(void)
@ -103,7 +103,7 @@ struct curltime curlx_now(void)
** called on unsupported OS version.
*/
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
(HAVE_BUILTIN_AVAILABLE == 1)
(HAVE_BUILTIN_AVAILABLE == 1)
bool have_clock_gettime = FALSE;
if(__builtin_available(macOS 10.12, iOS 10, tvOS 10, watchOS 3, *))
have_clock_gettime = TRUE;
@ -111,8 +111,8 @@ struct curltime curlx_now(void)
#ifdef HAVE_CLOCK_GETTIME_MONOTONIC_RAW
if(
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
(HAVE_BUILTIN_AVAILABLE == 1)
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
(HAVE_BUILTIN_AVAILABLE == 1)
have_clock_gettime &&
#endif
(clock_gettime(CLOCK_MONOTONIC_RAW, &tsnow) == 0)) {
@ -124,7 +124,7 @@ struct curltime curlx_now(void)
if(
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
(HAVE_BUILTIN_AVAILABLE == 1)
(HAVE_BUILTIN_AVAILABLE == 1)
have_clock_gettime &&
#endif
(clock_gettime(CLOCK_MONOTONIC, &tsnow) == 0)) {
@ -222,12 +222,12 @@ struct curltime curlx_now(void)
*/
timediff_t curlx_timediff_ms(struct curltime newer, struct curltime older)
{
timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX/1000))
timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX / 1000))
return TIMEDIFF_T_MAX;
else if(diff <= (TIMEDIFF_T_MIN/1000))
else if(diff <= (TIMEDIFF_T_MIN / 1000))
return TIMEDIFF_T_MIN;
return diff * 1000 + (newer.tv_usec-older.tv_usec)/1000;
return diff * 1000 + (newer.tv_usec - older.tv_usec) / 1000;
}
/*
@ -237,12 +237,12 @@ timediff_t curlx_timediff_ms(struct curltime newer, struct curltime older)
timediff_t curlx_timediff_ceil_ms(struct curltime newer,
struct curltime older)
{
timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX/1000))
timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX / 1000))
return TIMEDIFF_T_MAX;
else if(diff <= (TIMEDIFF_T_MIN/1000))
else if(diff <= (TIMEDIFF_T_MIN / 1000))
return TIMEDIFF_T_MIN;
return diff * 1000 + (newer.tv_usec - older.tv_usec + 999)/1000;
return diff * 1000 + (newer.tv_usec - older.tv_usec + 999) / 1000;
}
/*
@ -251,10 +251,10 @@ timediff_t curlx_timediff_ceil_ms(struct curltime newer,
*/
timediff_t curlx_timediff_us(struct curltime newer, struct curltime older)
{
timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX/1000000))
timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
if(diff >= (TIMEDIFF_T_MAX / 1000000))
return TIMEDIFF_T_MAX;
else if(diff <= (TIMEDIFF_T_MIN/1000000))
else if(diff <= (TIMEDIFF_T_MIN / 1000000))
return TIMEDIFF_T_MIN;
return diff * 1000000 + newer.tv_usec-older.tv_usec;
return diff * 1000000 + newer.tv_usec - older.tv_usec;
}

2
lib/curlx/wait.c
View file

@ -74,7 +74,7 @@ int curlx_wait_ms(timediff_t timeout_ms)
/* prevent overflow, timeout_ms is typecast to ULONG/DWORD. */
#if TIMEDIFF_T_MAX >= ULONG_MAX
if(timeout_ms >= ULONG_MAX)
timeout_ms = ULONG_MAX-1;
timeout_ms = ULONG_MAX - 1;
/* do not use ULONG_MAX, because that is equal to INFINITE */
#endif
Sleep((DWORD)timeout_ms);

121
lib/curlx/warnless.c
View file

@ -27,10 +27,10 @@
#if defined(__INTEL_COMPILER) && defined(__unix__)
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#include <arpa/inet.h>
#endif
#endif /* __INTEL_COMPILER && __unix__ */
@ -56,15 +56,15 @@
unsigned char curlx_ultouc(unsigned long ulnum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_UCHAR);
return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR);
DEBUGASSERT(ulnum <= (unsigned long)CURL_MASK_UCHAR);
return (unsigned char)(ulnum & (unsigned long)CURL_MASK_UCHAR);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -75,15 +75,15 @@ unsigned char curlx_ultouc(unsigned long ulnum)
int curlx_uztosi(size_t uznum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(uznum <= (size_t) CURL_MASK_SINT);
return (int)(uznum & (size_t) CURL_MASK_SINT);
DEBUGASSERT(uznum <= (size_t)CURL_MASK_SINT);
return (int)(uznum & (size_t)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -94,17 +94,17 @@ int curlx_uztosi(size_t uznum)
unsigned long curlx_uztoul(size_t uznum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
#if ULONG_MAX < SIZE_MAX
DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG);
DEBUGASSERT(uznum <= (size_t)CURL_MASK_ULONG);
#endif
return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG);
return (unsigned long)(uznum & (size_t)CURL_MASK_ULONG);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -115,17 +115,17 @@ unsigned long curlx_uztoul(size_t uznum)
unsigned int curlx_uztoui(size_t uznum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
#if UINT_MAX < SIZE_MAX
DEBUGASSERT(uznum <= (size_t) CURL_MASK_UINT);
DEBUGASSERT(uznum <= (size_t)CURL_MASK_UINT);
#endif
return (unsigned int)(uznum & (size_t) CURL_MASK_UINT);
return (unsigned int)(uznum & (size_t)CURL_MASK_UINT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -136,18 +136,18 @@ unsigned int curlx_uztoui(size_t uznum)
int curlx_sltosi(long slnum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
#if INT_MAX < LONG_MAX
DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT);
DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_SINT);
#endif
return (int)(slnum & (long) CURL_MASK_SINT);
return (int)(slnum & (long)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -158,18 +158,18 @@ int curlx_sltosi(long slnum)
unsigned int curlx_sltoui(long slnum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
#if UINT_MAX < LONG_MAX
DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT);
DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_UINT);
#endif
return (unsigned int)(slnum & (long) CURL_MASK_UINT);
return (unsigned int)(slnum & (long)CURL_MASK_UINT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -180,16 +180,16 @@ unsigned int curlx_sltoui(long slnum)
unsigned short curlx_sltous(long slnum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_USHORT);
return (unsigned short)(slnum & (long) CURL_MASK_USHORT);
DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_USHORT);
return (unsigned short)(slnum & (long)CURL_MASK_USHORT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -200,15 +200,15 @@ unsigned short curlx_sltous(long slnum)
ssize_t curlx_uztosz(size_t uznum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(uznum <= (size_t) CURL_MASK_SSIZE_T);
return (ssize_t)(uznum & (size_t) CURL_MASK_SSIZE_T);
DEBUGASSERT(uznum <= (size_t)CURL_MASK_SSIZE_T);
return (ssize_t)(uznum & (size_t)CURL_MASK_SSIZE_T);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -219,15 +219,15 @@ ssize_t curlx_uztosz(size_t uznum)
size_t curlx_sotouz(curl_off_t sonum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sonum >= 0);
return (size_t)(sonum & (curl_off_t) CURL_MASK_USIZE_T);
return (size_t)(sonum & (curl_off_t)CURL_MASK_USIZE_T);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -238,18 +238,18 @@ size_t curlx_sotouz(curl_off_t sonum)
int curlx_sztosi(ssize_t sznum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sznum >= 0);
#if INT_MAX < SSIZE_MAX
DEBUGASSERT((size_t) sznum <= (size_t) CURL_MASK_SINT);
DEBUGASSERT((size_t)sznum <= (size_t)CURL_MASK_SINT);
#endif
return (int)(sznum & (ssize_t) CURL_MASK_SINT);
return (int)(sznum & (ssize_t)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -260,15 +260,15 @@ int curlx_sztosi(ssize_t sznum)
unsigned short curlx_uitous(unsigned int uinum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_USHORT);
return (unsigned short) (uinum & (unsigned int) CURL_MASK_USHORT);
DEBUGASSERT(uinum <= (unsigned int)CURL_MASK_USHORT);
return (unsigned short)(uinum & (unsigned int)CURL_MASK_USHORT);
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -279,15 +279,15 @@ unsigned short curlx_uitous(unsigned int uinum)
size_t curlx_sitouz(int sinum)
{
#ifdef __INTEL_COMPILER
# pragma warning(push)
# pragma warning(disable:810) /* conversion may lose significant bits */
#pragma warning(push)
#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sinum >= 0);
return (size_t) sinum;
return (size_t)sinum;
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#pragma warning(pop)
#endif
}
@ -333,7 +333,6 @@ bool curlx_sotouz_fits(curl_off_t sonum, size_t *puznum)
return TRUE;
}
bool curlx_sltouz(long slnum, size_t *puznum)
{
if(slnum < 0) {

2
lib/curlx/warnless.h
View file

@ -31,7 +31,7 @@
#endif
#define CURLX_FUNCTION_CAST(target_type, func) \
(target_type)(void (*) (void))(func)
(target_type)(void (*)(void))(func)
unsigned char curlx_ultouc(unsigned long ulnum);

5
lib/curlx/winapi.c
View file

@ -57,8 +57,8 @@ const char *curlx_get_winapi_error(DWORD err, char *buf, size_t buflen)
/* Truncate multiple lines */
p = strchr(buf, '\n');
if(p) {
if(p > buf && *(p-1) == '\r')
*(p-1) = '\0';
if(p > buf && *(p - 1) == '\r')
*(p - 1) = '\0';
else
*p = '\0';
}
@ -89,7 +89,6 @@ const char *curlx_winapi_strerror(DWORD err, char *buf, size_t buflen)
#if defined(__GNUC__) && __GNUC__ >= 7
#pragma GCC diagnostic pop
#endif
}
#else
{

7
lib/vauth/cleartext.c
View file

@ -27,8 +27,8 @@
#include "../curl_setup.h"
#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
!defined(CURL_DISABLE_POP3) || \
#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
!defined(CURL_DISABLE_POP3) || \
(!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
#include <curl/curl.h>
@ -110,8 +110,7 @@ void Curl_auth_create_login_message(const char *valuep, struct bufref *out)
*
* Returns void.
*/
void Curl_auth_create_external_message(const char *user,
struct bufref *out)
void Curl_auth_create_external_message(const char *user, struct bufref *out)
{
/* This is the same formatting as the login message */
Curl_auth_create_login_message(user, out);

2
lib/vauth/cram.c
View file

@ -63,7 +63,7 @@ CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg,
/* Compute the digest using the password as the key */
ctxt = Curl_HMAC_init(&Curl_HMAC_MD5,
(const unsigned char *) passwdp,
(const unsigned char *)passwdp,
curlx_uztoui(strlen(passwdp)));
if(!ctxt)
return CURLE_OUT_OF_MEMORY;

76
lib/vauth/digest.c
View file

@ -138,20 +138,20 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content,
#ifndef USE_WINDOWS_SSPI
/* Convert MD5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */
static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
unsigned char *dest) /* 33 bytes */
unsigned char *dest) /* 33 bytes */
{
int i;
for(i = 0; i < 16; i++)
curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]);
}
/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */
static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
unsigned char *dest) /* 65 bytes */
unsigned char *dest) /* 65 bytes */
{
int i;
for(i = 0; i < 32; i++)
curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]);
}
/* Perform quoted-string escaping as described in RFC2616 and its errata */
@ -272,7 +272,7 @@ static CURLcode auth_decode_digest_md5_message(const struct bufref *chlgref,
char *alg, size_t alen,
char *qop, size_t qlen)
{
const char *chlg = (const char *) Curl_bufref_ptr(chlgref);
const char *chlg = (const char *)Curl_bufref_ptr(chlgref);
/* Ensure we have a valid challenge message */
if(!Curl_bufref_len(chlgref))
@ -387,13 +387,13 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) userp,
Curl_MD5_update(ctxt, (const unsigned char *)userp,
curlx_uztoui(strlen(userp)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) realm,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)realm,
curlx_uztoui(strlen(realm)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)passwdp,
curlx_uztoui(strlen(passwdp)));
Curl_MD5_final(ctxt, digest);
@ -401,12 +401,12 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonce,
Curl_MD5_update(ctxt, (const unsigned char *)digest, MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)nonce,
curlx_uztoui(strlen(nonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)cnonce,
curlx_uztoui(strlen(cnonce)));
Curl_MD5_final(ctxt, digest);
@ -427,10 +427,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
Curl_MD5_update(ctxt, (const unsigned char *) method,
Curl_MD5_update(ctxt, (const unsigned char *)method,
curlx_uztoui(strlen(method)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) spn,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)spn,
curlx_uztoui(strlen(spn)));
Curl_MD5_final(ctxt, digest);
@ -445,23 +445,23 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonce,
Curl_MD5_update(ctxt, (const unsigned char *)HA1_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)nonce,
curlx_uztoui(strlen(nonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
Curl_MD5_update(ctxt, (const unsigned char *)nonceCount,
curlx_uztoui(strlen(nonceCount)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)cnonce,
curlx_uztoui(strlen(cnonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) qop,
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)qop,
curlx_uztoui(strlen(qop)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *)HA2_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_final(ctxt, digest);
for(i = 0; i < MD5_DIGEST_LEN; i++)
@ -553,7 +553,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
if(curlx_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH))
foundAuth = TRUE;
else if(curlx_str_casecompare(&out,
DIGEST_QOP_VALUE_STRING_AUTH_INT))
DIGEST_QOP_VALUE_STRING_AUTH_INT))
foundAuthInt = TRUE;
if(curlx_str_single(&token, ','))
break;
@ -720,7 +720,7 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
@ -743,7 +743,7 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
@ -755,7 +755,7 @@ static CURLcode auth_create_digest_http_message(
if(!tmp)
return CURLE_OUT_OF_MEMORY;
result = hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
result = hash(hashbuf, (unsigned char *)tmp, strlen(tmp));
curlx_free(tmp);
if(result)
return result;
@ -799,7 +799,7 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
@ -816,7 +816,7 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
@ -1015,9 +1015,9 @@ void Curl_auth_digest_cleanup(struct digestdata *digest)
digest->nc = 0;
digest->algo = ALGO_MD5; /* default algorithm */
digest->stale = FALSE; /* default means normal, not stale */
digest->stale = FALSE; /* default means normal, not stale */
digest->userhash = FALSE;
}
#endif /* !USE_WINDOWS_SSPI */
#endif /* !USE_WINDOWS_SSPI */
#endif /* !CURL_DISABLE_DIGEST_AUTH */
#endif /* !CURL_DISABLE_DIGEST_AUTH */

16
lib/vauth/digest_sspi.c
View file

@ -42,14 +42,14 @@
#include "../strerror.h"
/*
* Curl_auth_is_digest_supported()
*
* This is used to evaluate if DIGEST is supported.
*
* Parameters: None
*
* Returns TRUE if DIGEST is supported by Windows SSPI.
*/
* Curl_auth_is_digest_supported()
*
* This is used to evaluate if DIGEST is supported.
*
* Parameters: None
*
* Returns TRUE if DIGEST is supported by Windows SSPI.
*/
bool Curl_auth_is_digest_supported(void)
{
PSecPkgInfo SecurityPackage;

2
lib/vauth/gsasl.c
View file

@ -100,7 +100,7 @@ CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
size_t outlen;
res = gsasl_step(gsasl->client,
(const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
(const char *)Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
&response, &outlen);
if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
failf(data, "GSASL step: %s", gsasl_strerror(res));

2
lib/vauth/krb5_gssapi.c
View file

@ -159,7 +159,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
gss_release_buffer(&unused_status, &output_token);
}
else
Curl_bufref_set(out, mutual_auth ? "": NULL, 0, NULL);
Curl_bufref_set(out, mutual_auth ? "" : NULL, 0, NULL);
return result;
}

3
lib/vauth/krb5_sspi.c
View file

@ -278,8 +278,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
/* Get our response size information */
status = Curl_pSecFn->QueryContextAttributes(krb5->context,
SECPKG_ATTR_SIZES,
&sizes);
SECPKG_ATTR_SIZES, &sizes);
if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;

5
lib/vauth/ntlm.c
View file

@ -48,7 +48,6 @@
#include "vauth.h"
#include "../curl_endian.h"
/* NTLM buffer fixed size, large enough for long user + host + domain */
#define NTLM_BUFSIZE 1024
@ -158,7 +157,7 @@
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
#if DEBUG_ME
# define DEBUG_OUT(x) x
#define DEBUG_OUT(x) x
static void ntlm_print_flags(FILE *handle, unsigned long flags)
{
if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
@ -236,7 +235,7 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
curl_mfprintf(stderr, "%02.2x", (unsigned int)*p++);
}
#else
# define DEBUG_OUT(x) Curl_nop_stmt
#define DEBUG_OUT(x) Curl_nop_stmt
#endif
/*

13
lib/vauth/ntlm_sspi.c
View file

@ -221,7 +221,6 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
}
/*
* Curl_auth_create_ntlm_type3_message()
* Curl_auth_create_ntlm_type3_message()
*
* This is used to generate an already encoded NTLM type-3 message ready for
@ -267,12 +266,12 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
/* ssl context comes from schannel.
* When extended protection is used in IIS server,
* we have to pass a second SecBuffer to the SecBufferDesc
* otherwise IIS will not pass the authentication (401 response).
* Minimum supported version is Windows 7.
* https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
*/
* When extended protection is used in IIS server,
* we have to pass a second SecBuffer to the SecBufferDesc
* otherwise IIS will not pass the authentication (401 response).
* Minimum supported version is Windows 7.
* https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
*/
if(ntlm->sslContext) {
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;

2
lib/vauth/oauth2.c
View file

@ -27,7 +27,7 @@
#include "../curl_setup.h"
#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
!defined(CURL_DISABLE_POP3) || \
!defined(CURL_DISABLE_POP3) || \
(!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
#include <curl/curl.h>

14
lib/vauth/spnego_sspi.c
View file

@ -139,7 +139,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
nego->output_token = curlx_malloc(nego->token_max);
if(!nego->output_token)
return CURLE_OUT_OF_MEMORY;
}
}
if(!nego->credentials) {
/* Do we have credentials to use or are we using single sign-on? */
@ -200,12 +200,12 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
/* ssl context comes from Schannel.
* When extended protection is used in IIS server,
* we have to pass a second SecBuffer to the SecBufferDesc
* otherwise IIS will not pass the authentication (401 response).
* Minimum supported version is Windows 7.
* https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
*/
* When extended protection is used in IIS server,
* we have to pass a second SecBuffer to the SecBufferDesc
* otherwise IIS will not pass the authentication (401 response).
* Minimum supported version is Windows 7.
* https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
*/
if(nego->sslContext) {
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;

16
lib/vauth/vauth.c
View file

@ -171,13 +171,11 @@ static void ntlm_conn_dtor(void *key, size_t klen, void *entry)
struct ntlmdata *Curl_auth_ntlm_get(struct connectdata *conn, bool proxy)
{
const char *key = proxy ? CURL_META_NTLM_PROXY_CONN :
CURL_META_NTLM_CONN;
const char *key = proxy ? CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN;
struct ntlmdata *ntlm = Curl_conn_meta_get(conn, key);
if(!ntlm) {
ntlm = curlx_calloc(1, sizeof(*ntlm));
if(!ntlm ||
Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor))
if(!ntlm || Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor))
return NULL;
}
return ntlm;
@ -185,8 +183,8 @@ struct ntlmdata *Curl_auth_ntlm_get(struct connectdata *conn, bool proxy)
void Curl_auth_ntlm_remove(struct connectdata *conn, bool proxy)
{
Curl_conn_meta_remove(conn, proxy ?
CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN);
Curl_conn_meta_remove(conn, proxy ? CURL_META_NTLM_PROXY_CONN
: CURL_META_NTLM_CONN);
}
#endif /* USE_NTLM */
@ -257,13 +255,11 @@ static void nego_conn_dtor(void *key, size_t klen, void *entry)
struct negotiatedata *Curl_auth_nego_get(struct connectdata *conn, bool proxy)
{
const char *key = proxy ? CURL_META_NEGO_PROXY_CONN :
CURL_META_NEGO_CONN;
const char *key = proxy ? CURL_META_NEGO_PROXY_CONN : CURL_META_NEGO_CONN;
struct negotiatedata *nego = Curl_conn_meta_get(conn, key);
if(!nego) {
nego = curlx_calloc(1, sizeof(*nego));
if(!nego ||
Curl_conn_meta_set(conn, key, nego, nego_conn_dtor))
if(!nego || Curl_conn_meta_set(conn, key, nego, nego_conn_dtor))
return NULL;
}
return nego;

128
lib/vquic/curl_ngtcp2.c
View file

@ -72,14 +72,14 @@
#include "../curlx/warnless.h"
#define QUIC_MAX_STREAMS (256*1024)
#define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS)
#define QUIC_MAX_STREAMS (256 * 1024)
#define QUIC_HANDSHAKE_TIMEOUT (10 * NGTCP2_SECONDS)
/* A stream window is the maximum amount we need to buffer for
* each active transfer.
* Chunk size is large enough to take a full DATA frame */
#define H3_STREAM_WINDOW_SIZE (64 * 1024)
#define H3_STREAM_CHUNK_SIZE (16 * 1024)
#define H3_STREAM_CHUNK_SIZE (16 * 1024)
#if H3_STREAM_CHUNK_SIZE < NGTCP2_MAX_UDP_PAYLOAD_SIZE
#error H3_STREAM_CHUNK_SIZE smaller than NGTCP2_MAX_UDP_PAYLOAD_SIZE
#endif
@ -150,8 +150,7 @@ struct cf_ngtcp2_ctx {
/* How to access `call_data` from a cf_ngtcp2 filter */
#undef CF_CTX_CALL_DATA
#define CF_CTX_CALL_DATA(cf) \
((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
#define CF_CTX_CALL_DATA(cf) ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
static void h3_stream_hash_free(unsigned int id, void *stream);
@ -187,14 +186,14 @@ static void cf_ngtcp2_setup_keep_alive(struct Curl_cfilter *cf,
struct cf_ngtcp2_ctx *ctx = cf->ctx;
const ngtcp2_transport_params *rp;
/* Peer should have sent us its transport parameters. If it
* announces a positive `max_idle_timeout` it will close the
* connection when it does not hear from us for that time.
*
* Some servers use this as a keep-alive timer at a rather low
* value. We are doing HTTP/3 here and waiting for the response
* to a request may take a considerable amount of time. We need
* to prevent the peer's QUIC stack from closing in this case.
*/
* announces a positive `max_idle_timeout` it will close the
* connection when it does not hear from us for that time.
*
* Some servers use this as a keep-alive timer at a rather low
* value. We are doing HTTP/3 here and waiting for the response
* to a request may take a considerable amount of time. We need
* to prevent the peer's QUIC stack from closing in this case.
*/
if(!ctx->qconn)
return;
@ -218,7 +217,6 @@ static void cf_ngtcp2_setup_keep_alive(struct Curl_cfilter *cf,
}
}
struct pkt_io_ctx;
static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
struct Curl_easy *data,
@ -231,20 +229,20 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
* All about the H3 internals of a stream
*/
struct h3_stream_ctx {
int64_t id; /* HTTP/3 protocol identifier */
struct bufq sendbuf; /* h3 request body */
struct h1_req_parser h1; /* h1 request parsing */
int64_t id; /* HTTP/3 protocol identifier */
struct bufq sendbuf; /* h3 request body */
struct h1_req_parser h1; /* h1 request parsing */
size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
uint64_t error3; /* HTTP/3 stream error code */
curl_off_t upload_left; /* number of request bytes left to upload */
uint64_t download_unacked; /* bytes not acknowledged yet */
int status_code; /* HTTP status code */
CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
BIT(resp_hds_complete); /* we have a complete, final response */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is local closed */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
uint64_t error3; /* HTTP/3 stream error code */
curl_off_t upload_left; /* number of request bytes left to upload */
uint64_t download_unacked; /* bytes not acknowledged yet */
int status_code; /* HTTP status code */
CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
BIT(resp_hds_complete); /* we have a complete, final response */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is local closed */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
@ -315,8 +313,8 @@ static bool cf_ngtcp2_sfind(uint32_t mid, void *value, void *user_data)
return TRUE; /* continue */
}
static struct h3_stream_ctx *
cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx, int64_t stream_id)
static struct h3_stream_ctx *cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx,
int64_t stream_id)
{
struct cf_ngtcp2_sfind_ctx fctx;
fctx.stream_id = stream_id;
@ -367,8 +365,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
(void)cf;
if(stream) {
CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done",
stream->id);
CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done", stream->id);
cf_ngtcp2_stream_close(cf, data, stream);
Curl_uint32_hash_remove(&ctx->streams, data->mid);
if(!Curl_uint32_hash_count(&ctx->streams))
@ -640,10 +637,9 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags,
return 0;
}
static int
cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
uint64_t offset, uint64_t datalen, void *user_data,
void *stream_user_data)
static int cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
uint64_t offset, uint64_t datalen,
void *user_data, void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_ngtcp2_ctx *ctx = cf->ctx;
@ -830,8 +826,8 @@ static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_encryption_level level,
}
#if defined(_MSC_VER) && defined(_DLL)
# pragma warning(push)
# pragma warning(disable:4232) /* MSVC extension, dllimport identity */
#pragma warning(push)
#pragma warning(disable:4232) /* MSVC extension, dllimport identity */
#endif
static ngtcp2_callbacks ng_callbacks = {
@ -881,7 +877,7 @@ static ngtcp2_callbacks ng_callbacks = {
};
#if defined(_MSC_VER) && defined(_DLL)
# pragma warning(pop)
#pragma warning(pop)
#endif
/**
@ -1337,9 +1333,9 @@ static CURLcode init_ngh3_conn(struct Curl_cfilter *cf,
}
static CURLcode recv_closed_stream(struct Curl_cfilter *cf,
struct Curl_easy *data,
struct h3_stream_ctx *stream,
size_t *pnread)
struct Curl_easy *data,
struct h3_stream_ctx *stream,
size_t *pnread)
{
(void)cf;
*pnread = 0;
@ -1452,11 +1448,10 @@ static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id,
return 0;
}
static nghttp3_ssize
cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
nghttp3_vec *vec, size_t veccnt,
uint32_t *pflags, void *user_data,
void *stream_user_data)
static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
nghttp3_vec *vec, size_t veccnt,
uint32_t *pflags, void *user_data,
void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_ngtcp2_ctx *ctx = cf->ctx;
@ -1504,8 +1499,7 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
}
else if(!nwritten) {
/* Not EOF, and nothing to give, we signal WOULDBLOCK. */
CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN",
stream->id);
CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN", stream->id);
return NGHTTP3_ERR_WOULDBLOCK;
}
@ -1961,7 +1955,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
*/
max_payload_size = ngtcp2_conn_get_max_tx_udp_payload_size(ctx->qconn);
path_max_payload_size =
ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
send_quantum = ngtcp2_conn_get_send_quantum(ctx->qconn);
CURL_TRC_CF(data, cf, "egress, collect and send packets, quantum=%zu",
send_quantum);
@ -1977,7 +1971,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf,
size_t buflen = Curl_bufq_len(&ctx->q.sendbuf);
if((buflen >= send_quantum) ||
((buflen + gsolen) >= ctx->q.sendbuf.chunk_size))
break;
break;
DEBUGASSERT(nread > 0);
++pktcnt;
if(pktcnt == 1) {
@ -2283,16 +2277,26 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
static const char *gtls_hs_msg_name(int mtype)
{
switch(mtype) {
case 1: return "ClientHello";
case 2: return "ServerHello";
case 4: return "SessionTicket";
case 8: return "EncryptedExtensions";
case 11: return "Certificate";
case 13: return "CertificateRequest";
case 15: return "CertificateVerify";
case 20: return "Finished";
case 24: return "KeyUpdate";
case 254: return "MessageHash";
case 1:
return "ClientHello";
case 2:
return "ServerHello";
case 4:
return "SessionTicket";
case 8:
return "EncryptedExtensions";
case 11:
return "Certificate";
case 13:
return "CertificateRequest";
case 15:
return "CertificateVerify";
case 20:
return "Finished";
case 24:
return "KeyUpdate";
case 254:
return "MessageHash";
}
return "Unknown";
}
@ -2458,7 +2462,7 @@ static CURLcode cf_ngtcp2_on_session_reuse(struct Curl_cfilter *cf,
#endif /* WOLFSSL_EARLY_DATA */
#endif
#if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \
(defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA))
(defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA))
if((!ctx->earlydata_max)) {
CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
}
@ -2668,7 +2672,7 @@ out:
CURL_TRC_CF(data, cf, "connection refused by server");
/* When a QUIC server instance is shutting down, it may send us a
* CONNECTION_CLOSE with this code right away. We want
* to keep on trying in this case. */
* to keep on trying in this case. */
result = CURLE_WEIRD_SERVER_REPLY;
}
}

99
lib/vquic/curl_osslq.c
View file

@ -453,29 +453,29 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
* BUT OpenSSL does not offer this information to us. So, we silently
* ignore all such streams we do not expect. */
switch(stype) {
case SSL_STREAM_TYPE_READ: {
struct cf_osslq_stream *nstream;
if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) {
/* rejected, we are full */
CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream",
stream_id);
SSL_free(stream_ssl);
return CURLE_OK;
}
nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
nstream->id = stream_id;
nstream->ssl = stream_ssl;
Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream",
case SSL_STREAM_TYPE_READ: {
struct cf_osslq_stream *nstream;
if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) {
/* rejected, we are full */
CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream",
stream_id);
return CURLE_OK;
}
default:
CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s"
" stream, type=%x", stream_id,
(stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype);
SSL_free(stream_ssl);
return CURLE_OK;
}
nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
nstream->id = stream_id;
nstream->ssl = stream_ssl;
Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream",
stream_id);
return CURLE_OK;
}
default:
CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s"
" stream, type=%x", stream_id,
(stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype);
SSL_free(stream_ssl);
return CURLE_OK;
}
}
@ -505,8 +505,7 @@ static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf,
lerr = SSL_get_verify_result(ctx->tls.ossl.ssl);
if(lerr != X509_V_OK) {
ssl_config->certverifyresult = lerr;
curl_msnprintf(ebuf, sizeof(ebuf),
"SSL certificate problem: %s",
curl_msnprintf(ebuf, sizeof(ebuf), "SSL certificate problem: %s",
X509_verify_cert_error_string(lerr));
}
else
@ -540,7 +539,7 @@ static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf,
* the SO_ERROR is also lost.
*/
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
char extramsg[80]="";
char extramsg[80] = "";
int sockerr = SOCKERRNO;
struct ip_quadruple ip;
@ -570,20 +569,21 @@ static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf,
*/
struct h3_stream_ctx {
struct cf_osslq_stream s;
struct bufq sendbuf; /* h3 request body */
struct bufq recvbuf; /* h3 response body */
struct h1_req_parser h1; /* h1 request parsing */
struct bufq sendbuf; /* h3 request body */
struct bufq recvbuf; /* h3 response body */
struct h1_req_parser h1; /* h1 request parsing */
size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
uint64_t error3; /* HTTP/3 stream error code */
curl_off_t upload_left; /* number of request bytes left to upload */
curl_off_t download_recvd; /* number of response DATA bytes received */
int status_code; /* HTTP status code */
BIT(resp_hds_complete); /* we have a complete, final response */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is local closed */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
size_t recv_buf_nonflow; /* buffered bytes,
not counting for flow control */
uint64_t error3; /* HTTP/3 stream error code */
curl_off_t upload_left; /* number of request bytes left to upload */
curl_off_t download_recvd; /* number of response DATA bytes received */
int status_code; /* HTTP status code */
BIT(resp_hds_complete); /* we have a complete, final response */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is local closed */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
@ -645,8 +645,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data)
(void)cf;
if(stream) {
CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done",
stream->s.id);
CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done", stream->s.id);
if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) {
nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
@ -965,11 +964,10 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id,
return 0;
}
static nghttp3_ssize
cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
nghttp3_vec *vec, size_t veccnt,
uint32_t *pflags, void *user_data,
void *stream_user_data)
static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
nghttp3_vec *vec, size_t veccnt,
uint32_t *pflags, void *user_data,
void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_osslq_ctx *ctx = cf->ctx;
@ -1106,21 +1104,21 @@ static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn,
}
result = cf_osslq_stream_open(&h3->s_ctrl, conn,
SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
goto out;
}
result = cf_osslq_stream_open(&h3->s_qpack_enc, conn,
SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
goto out;
}
result = cf_osslq_stream_open(&h3->s_qpack_dec, conn,
SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
@ -1221,7 +1219,8 @@ static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf,
SSL_INCOMING_STREAM_POLICY_ACCEPT, 0);
/* from our side, there is no idle timeout */
SSL_set_value_uint(ctx->tls.ossl.ssl,
SSL_VALUE_CLASS_FEATURE_REQUEST, SSL_VALUE_QUIC_IDLE_TIMEOUT, 0);
SSL_VALUE_CLASS_FEATURE_REQUEST,
SSL_VALUE_QUIC_IDLE_TIMEOUT, 0);
/* setup the H3 things on top of the QUIC connection */
result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf);
@ -1532,7 +1531,7 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf,
fill_ctx.multi = data->multi;
fill_ctx.n = 0;
Curl_uint32_hash_visit(&ctx->streams, cf_osslq_collect_block_send,
&fill_ctx);
&fill_ctx);
poll_count = fill_ctx.n;
if(poll_count) {
CURL_TRC_CF(data, cf, "polling %zu blocked streams", poll_count);
@ -1541,7 +1540,7 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf,
res = CURLE_UNRECOVERABLE_POLL;
if(!SSL_poll(ctx->poll_items, poll_count, sizeof(SSL_POLL_ITEM),
&timeout, 0, &result_count))
goto out;
goto out;
res = CURLE_OK;
@ -1617,7 +1616,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf,
uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0;
written = vec[i].len;
ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
&written);
&written);
if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
eos_written = TRUE;
if(ok) {

31
lib/vquic/curl_quiche.c
View file

@ -167,17 +167,17 @@ static CURLcode cf_flush_egress(struct Curl_cfilter *cf,
* All about the H3 internals of a stream
*/
struct h3_stream_ctx {
uint64_t id; /* HTTP/3 protocol stream identifier */
struct bufq recvbuf; /* h3 response */
uint64_t id; /* HTTP/3 protocol stream identifier */
struct bufq recvbuf; /* h3 response */
struct h1_req_parser h1; /* h1 request parsing */
uint64_t error3; /* HTTP/3 stream error code */
BIT(opened); /* TRUE after stream has been opened */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is locally closed */
uint64_t error3; /* HTTP/3 stream error code */
BIT(opened); /* TRUE after stream has been opened */
BIT(closed); /* TRUE on stream close */
BIT(reset); /* TRUE on stream reset */
BIT(send_closed); /* stream is locally closed */
BIT(resp_hds_complete); /* final response has been received */
BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */
BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
@ -318,7 +318,7 @@ static void cf_quiche_expire_conn_closed(struct Curl_cfilter *cf,
/*
* write_resp_raw() copies response data in raw format to the `data`'s
* receive buffer. If not enough space is available, it appends to the
* receive buffer. If not enough space is available, it appends to the
* `data`'s overflow buffer.
*/
static CURLcode write_resp_raw(struct Curl_cfilter *cf,
@ -813,7 +813,7 @@ out:
timeout_ns = quiche_conn_timeout_as_nanos(ctx->qconn);
if(timeout_ns % 1000000)
timeout_ns += 1000000;
/* expire resolution is milliseconds */
/* expire resolution is milliseconds */
Curl_expire(data, (timeout_ns / 1000000), EXPIRE_QUIC);
return result;
}
@ -977,9 +977,9 @@ static CURLcode h3_open_stream(struct Curl_cfilter *cf,
DEBUGASSERT(stream);
result = Curl_h1_req_parse_read(&stream->h1, buf, blen, NULL,
!data->state.http_ignorecustom ?
data->set.str[STRING_CUSTOMREQUEST] : NULL,
0, pnwritten);
!data->state.http_ignorecustom ?
data->set.str[STRING_CUSTOMREQUEST] : NULL,
0, pnwritten);
if(result)
goto out;
if(!stream->h1.done) {
@ -1313,8 +1313,7 @@ static CURLcode cf_quiche_ctx_open(struct Curl_cfilter *cf,
int qfd;
(void)Curl_qlogdir(data, ctx->scid, sizeof(ctx->scid), &qfd);
if(qfd != -1)
quiche_conn_set_qlog_fd(ctx->qconn, qfd,
"qlog title", "curl qlog");
quiche_conn_set_qlog_fd(ctx->qconn, qfd, "qlog title", "curl qlog");
}
#endif

7
lib/vquic/vquic-tls.c
View file

@ -143,7 +143,9 @@ CURLcode Curl_vquic_tls_before_recv(struct curl_tls_ctx *ctx,
return result;
}
#else
(void)ctx; (void)cf; (void)data;
(void)ctx;
(void)cf;
(void)data;
#endif
return CURLE_OK;
}
@ -172,7 +174,7 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx,
#elif defined(USE_WOLFSSL)
(void)data;
if(conn_config->verifyhost) {
WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl);
WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl);
if(!cert)
result = CURLE_OUT_OF_MEMORY;
else if(peer->sni &&
@ -194,7 +196,6 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx,
return result;
}
bool Curl_vquic_tls_get_ssl_info(struct curl_tls_ctx *ctx,
bool give_ssl_ctx,
struct curl_tlssessioninfo *info)

16
lib/vquic/vquic-tls.h
View file

@ -69,14 +69,14 @@ typedef CURLcode Curl_vquic_session_reuse_cb(struct Curl_cfilter *cf,
/**
* Initialize the QUIC TLS instances based of the SSL configurations
* for the connection filter, transfer and peer.
* @param ctx the TLS context to initialize
* @param cf the connection filter involved
* @param data the transfer involved
* @param peer the peer that will be connected to
* @param alpns the ALPN specifications to negotiate, may be NULL
* @param cb_setup optional callback for early TLS config
* @param cb_user_data user_data param for callback
* @param ssl_user_data optional pointer to set in TLS application context
* @param ctx the TLS context to initialize
* @param cf the connection filter involved
* @param data the transfer involved
* @param peer the peer that will be connected to
* @param alpns the ALPN specifications to negotiate, may be NULL
* @param cb_setup optional callback for early TLS config
* @param cb_user_data user_data param for callback
* @param ssl_user_data optional pointer to set in TLS application context
* @param session_reuse_cb callback to handle session reuse, signal early data
*/
CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx,

9
lib/vquic/vquic.c
View file

@ -266,7 +266,7 @@ static CURLcode vquic_send_packets(struct Curl_cfilter *cf,
unsigned char c;
*psent = 0;
Curl_rand(data, &c, 1);
if(c >= ((100-qctx->wblock_percent)*256/100)) {
if(c >= ((100 - qctx->wblock_percent) * 256 / 100)) {
CURL_TRC_CF(data, cf, "vquic_flush() simulate EWOULDBLOCK");
return CURLE_AGAIN;
}
@ -334,8 +334,7 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data,
qctx->split_gsolen = gsolen;
qctx->gsolen = tail_gsolen;
CURL_TRC_CF(data, cf, "vquic_send_tail_split: [%zu gso=%zu][%zu gso=%zu]",
qctx->split_len, qctx->split_gsolen,
tail_len, qctx->gsolen);
qctx->split_len, qctx->split_gsolen, tail_len, qctx->gsolen);
return vquic_flush(cf, data, qctx);
}
@ -476,7 +475,7 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf,
{
struct iovec msg_iov;
struct msghdr msg;
uint8_t buf[64*1024];
uint8_t buf[64 * 1024];
struct sockaddr_storage remote_addr;
size_t total_nread, pkts, calls;
ssize_t rc;
@ -551,7 +550,7 @@ static CURLcode recvfrom_packets(struct Curl_cfilter *cf,
size_t max_pkts,
vquic_recv_pkts_cb *recv_cb, void *userp)
{
uint8_t buf[64*1024];
uint8_t buf[64 * 1024];
int bufsize = (int)sizeof(buf);
struct sockaddr_storage remote_addr;
socklen_t remote_addrlen = sizeof(remote_addr);

23
lib/vquic/vquic_int.h
View file

@ -33,25 +33,25 @@
#define MAX_UDP_PAYLOAD_SIZE 1452
struct cf_quic_ctx {
curl_socket_t sockfd; /* connected UDP socket */
curl_socket_t sockfd; /* connected UDP socket */
struct sockaddr_storage local_addr; /* address socket is bound to */
socklen_t local_addrlen; /* length of local address */
socklen_t local_addrlen; /* length of local address */
struct bufq sendbuf; /* buffer for sending one or more packets */
struct curltime first_byte_at; /* when first byte was recvd */
struct curltime last_op; /* last (attempted) send/recv operation */
struct curltime last_io; /* last successful socket IO */
size_t gsolen; /* length of individual packets in send buf */
size_t split_len; /* if != 0, buffer length after which GSO differs */
struct bufq sendbuf; /* buffer for sending one or more packets */
struct curltime first_byte_at; /* when first byte was recvd */
struct curltime last_op; /* last (attempted) send/recv operation */
struct curltime last_io; /* last successful socket IO */
size_t gsolen; /* length of individual packets in send buf */
size_t split_len; /* if != 0, buffer length after which GSO differs */
size_t split_gsolen; /* length of individual packets after split_len */
#ifdef DEBUGBUILD
int wblock_percent; /* percent of writes doing EAGAIN */
int wblock_percent; /* percent of writes doing EAGAIN */
#endif
BIT(got_first_byte); /* if first byte was received */
BIT(no_gso); /* do not use gso on sending */
BIT(no_gso); /* do not use gso on sending */
};
#define H3_STREAM_CTX(ctx,data) \
#define H3_STREAM_CTX(ctx, data) \
(data ? Curl_uint32_hash_get(&(ctx)->streams, (data)->mid) : NULL)
CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx);
@ -77,7 +77,6 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data,
CURLcode vquic_flush(struct Curl_cfilter *cf, struct Curl_easy *data,
struct cf_quic_ctx *qctx);
typedef CURLcode vquic_recv_pkts_cb(const unsigned char *buf, size_t buflen,
size_t gso_size,
struct sockaddr_storage *remote_addr,

373
lib/vssh/libssh.c
View file

@ -74,12 +74,12 @@
/* A recent macro provided by libssh. Or make our own. */
#ifndef SSH_STRING_FREE_CHAR
#define SSH_STRING_FREE_CHAR(x) \
do { \
if(x) { \
ssh_string_free_char(x); \
x = NULL; \
} \
#define SSH_STRING_FREE_CHAR(x) \
do { \
if(x) { \
ssh_string_free_char(x); \
x = NULL; \
} \
} while(0)
#endif
@ -111,10 +111,9 @@ static CURLcode sftp_doing(struct Curl_easy *data,
static CURLcode sftp_disconnect(struct Curl_easy *data,
struct connectdata *conn,
bool dead);
static
CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done);
static CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done);
static CURLcode myssh_pollset(struct Curl_easy *data,
struct easy_pollset *ps);
@ -189,22 +188,22 @@ const struct Curl_handler Curl_handler_sftp = {
static CURLcode sftp_error_to_CURLE(int err)
{
switch(err) {
case SSH_FX_OK:
return CURLE_OK;
case SSH_FX_OK:
return CURLE_OK;
case SSH_FX_NO_SUCH_FILE:
case SSH_FX_NO_SUCH_PATH:
return CURLE_REMOTE_FILE_NOT_FOUND;
case SSH_FX_NO_SUCH_FILE:
case SSH_FX_NO_SUCH_PATH:
return CURLE_REMOTE_FILE_NOT_FOUND;
case SSH_FX_PERMISSION_DENIED:
case SSH_FX_WRITE_PROTECT:
return CURLE_REMOTE_ACCESS_DENIED;
case SSH_FX_PERMISSION_DENIED:
case SSH_FX_WRITE_PROTECT:
return CURLE_REMOTE_ACCESS_DENIED;
case SSH_FX_FILE_ALREADY_EXISTS:
return CURLE_REMOTE_FILE_EXISTS;
case SSH_FX_FILE_ALREADY_EXISTS:
return CURLE_REMOTE_FILE_EXISTS;
default:
break;
default:
break;
}
return CURLE_SSH;
@ -213,7 +212,7 @@ static CURLcode sftp_error_to_CURLE(int err)
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
static const char *myssh_statename(sshstate state)
{
static const char *const names[] = {
static const char * const names[] = {
"SSH_STOP",
"SSH_INIT",
"SSH_S_STARTUP",
@ -284,7 +283,7 @@ static const char *myssh_statename(sshstate state)
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#define myssh_to(x,y,z) myssh_set_state(x,y,z)
#define myssh_to(x, y, z) myssh_set_state(x, y, z)
/*
* SSH State machine related code
@ -328,8 +327,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc)
enum curl_khmatch keymatch;
struct curl_khkey foundkey;
struct curl_khkey *knownkeyp = NULL;
curl_sshkeycallback func =
data->set.ssh_keyfunc;
curl_sshkeycallback func = data->set.ssh_keyfunc;
struct ssh_knownhosts_entry *knownhostsentry = NULL;
struct curl_khkey knownkey;
@ -343,8 +341,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc)
char md5buffer[33];
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5,
&hash, &hlen);
rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen);
if(rc != SSH_OK || hlen != 16) {
failf(data,
"Denied establishing ssh session: md5 fingerprint not available");
@ -352,7 +349,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc)
}
for(i = 0; i < 16; i++)
curl_msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char)hash[i]);
curl_msnprintf(&md5buffer[i * 2], 3, "%02x", (unsigned char)hash[i]);
infof(data, "SSH MD5 fingerprint: %s", md5buffer);
@ -461,7 +458,7 @@ static int myssh_is_known(struct Curl_easy *data, struct ssh_conn *sshc)
Curl_set_in_callback(data, TRUE);
rc = func(data, knownkeyp, /* from the knownhosts file */
&foundkey, /* from the remote host */
&foundkey, /* from the remote host */
keymatch, data->set.ssh_keyfunc_userp);
Curl_set_in_callback(data, FALSE);
@ -519,8 +516,7 @@ static int myssh_to_SFTP_CLOSE(struct Curl_easy *data,
struct ssh_conn *sshc)
{
myssh_to(data, sshc, SSH_SFTP_CLOSE);
sshc->actualcode =
sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session));
sshc->actualcode = sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session));
return SSH_ERROR;
}
@ -613,7 +609,6 @@ static int myssh_in_SFTP_READDIR(struct Curl_easy *data,
sshc->actualcode = result;
return SSH_NO_ERROR;
}
}
else {
if(curlx_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) {
@ -684,8 +679,7 @@ static int myssh_in_SFTP_READDIR_LINK(struct Curl_easy *data,
Curl_safefree(sshc->readdir_linkPath);
if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s",
sshc->readdir_filename)) {
if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s", sshc->readdir_filename)) {
/* Not using:
* return myssh_to_SFTP_CLOSE(data, sshc);
*
@ -808,56 +802,56 @@ static int myssh_auth_interactive(struct connectdata *conn,
restart:
switch(sshc->kbd_state) {
case 0:
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
case 0:
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
if(rc != SSH_AUTH_INFO)
return SSH_ERROR;
nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
if(nprompts != 1)
return SSH_ERROR;
rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd);
if(rc < 0)
return SSH_ERROR;
FALLTHROUGH();
case 1:
sshc->kbd_state = 1;
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
else if(rc == SSH_AUTH_SUCCESS)
rc = SSH_OK;
else if(rc == SSH_AUTH_INFO) {
nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
if(nprompts)
return SSH_ERROR;
sshc->kbd_state = 2;
goto restart;
}
else
rc = SSH_ERROR;
break;
case 2:
sshc->kbd_state = 2;
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
else if(rc == SSH_AUTH_SUCCESS)
rc = SSH_OK;
else
rc = SSH_ERROR;
break;
default:
if(rc != SSH_AUTH_INFO)
return SSH_ERROR;
nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
if(nprompts != 1)
return SSH_ERROR;
rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd);
if(rc < 0)
return SSH_ERROR;
FALLTHROUGH();
case 1:
sshc->kbd_state = 1;
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
else if(rc == SSH_AUTH_SUCCESS)
rc = SSH_OK;
else if(rc == SSH_AUTH_INFO) {
nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
if(nprompts)
return SSH_ERROR;
sshc->kbd_state = 2;
goto restart;
}
else
rc = SSH_ERROR;
break;
case 2:
sshc->kbd_state = 2;
rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
else if(rc == SSH_AUTH_SUCCESS)
rc = SSH_OK;
else
rc = SSH_ERROR;
break;
default:
return SSH_ERROR;
}
sshc->kbd_state = 0;
@ -967,8 +961,7 @@ static int myssh_in_AUTH_PKEY_INIT(struct Curl_easy *data,
* (2) use the "default" keys. */
if(data->set.str[STRING_SSH_PRIVATE_KEY]) {
if(sshc->pubkey && !data->set.ssl.key_passwd) {
rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL,
sshc->pubkey);
rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL, sshc->pubkey);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
@ -993,7 +986,7 @@ static int myssh_in_AUTH_PKEY_INIT(struct Curl_easy *data,
}
else {
rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL,
data->set.ssl.key_passwd);
data->set.ssl.key_passwd);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
@ -1166,7 +1159,7 @@ static int myssh_in_UPLOAD_INIT(struct Curl_easy *data,
}
else
/* Clear file before writing (normal behavior) */
flags = O_WRONLY|O_CREAT|O_TRUNC;
flags = O_WRONLY | O_CREAT | O_TRUNC;
if(sshc->sftp_file)
sftp_close(sshc->sftp_file);
@ -1214,7 +1207,7 @@ static int myssh_in_UPLOAD_INIT(struct Curl_easy *data,
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */
do {
char scratch[4*1024];
char scratch[4 * 1024];
size_t readthisamountnow =
(data->state.resume_from - passed >
(curl_off_t)sizeof(scratch)) ?
@ -1363,8 +1356,7 @@ static int myssh_in_SFTP_DOWNLOAD_STAT(struct Curl_easy *data,
/* Now store the number of bytes we are expected to download */
data->req.size = size - data->state.resume_from;
data->req.maxdownload = size - data->state.resume_from;
Curl_pgrsSetDownloadSize(data,
size - data->state.resume_from);
Curl_pgrsSetDownloadSize(data, size - data->state.resume_from);
rc = sftp_seek64(sshc->sftp_file, data->state.resume_from);
if(rc)
@ -1877,8 +1869,7 @@ static void conn_forget_socket(struct Curl_easy *data, int sockindex)
if(conn && CONN_SOCK_IDX_VALID(sockindex)) {
struct Curl_cfilter *cf = conn->cfilter[sockindex];
if(cf)
(void)Curl_conn_cf_cntrl(cf, data, TRUE,
CF_CTRL_FORGET_SOCKET, 0, NULL);
(void)Curl_conn_cf_cntrl(cf, data, TRUE, CF_CTRL_FORGET_SOCKET, 0, NULL);
fake_sclose(conn->sock[sockindex]);
conn->sock[sockindex] = CURL_SOCKET_BAD;
}
@ -2067,8 +2058,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data,
break;
if(rc && !sshc->acceptfail) {
Curl_safefree(sshc->quote_path1);
failf(data, "rm command failed: %s",
ssh_get_error(sshc->ssh_session));
failf(data, "rm command failed: %s", ssh_get_error(sshc->ssh_session));
myssh_to(data, sshc, SSH_SFTP_CLOSE);
sshc->nextstate = SSH_NO_STATE;
sshc->actualcode = CURLE_QUOTE_ERROR;
@ -2110,7 +2100,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data,
if(data->state.upload)
myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT);
else if(sshp) {
if(sshp->path[strlen(sshp->path)-1] == '/')
if(sshp->path[strlen(sshp->path) - 1] == '/')
myssh_to(data, sshc, SSH_SFTP_READDIR_INIT);
else
myssh_to(data, sshc, SSH_SFTP_DOWNLOAD_INIT);
@ -2301,26 +2291,26 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data,
FALLTHROUGH();
case SSH_SCP_DOWNLOAD: {
curl_off_t bytecount;
curl_off_t bytecount;
rc = ssh_scp_pull_request(sshc->scp_session);
if(rc != SSH_SCP_REQUEST_NEWFILE) {
err_msg = ssh_get_error(sshc->ssh_session);
failf(data, "%s", err_msg);
rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND);
break;
}
/* download data */
bytecount = ssh_scp_request_get_size(sshc->scp_session);
data->req.maxdownload = (curl_off_t) bytecount;
Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount);
/* not set by Curl_xfer_setup to preserve keepon bits */
conn->send_idx = 0;
myssh_to(data, sshc, SSH_STOP);
rc = ssh_scp_pull_request(sshc->scp_session);
if(rc != SSH_SCP_REQUEST_NEWFILE) {
err_msg = ssh_get_error(sshc->ssh_session);
failf(data, "%s", err_msg);
rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND);
break;
}
/* download data */
bytecount = ssh_scp_request_get_size(sshc->scp_session);
data->req.maxdownload = (curl_off_t)bytecount;
Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount);
/* not set by Curl_xfer_setup to preserve keepon bits */
conn->send_idx = 0;
myssh_to(data, sshc, SSH_STOP);
break;
}
case SSH_SCP_DONE:
if(data->state.upload)
@ -2406,7 +2396,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data,
sshc->nextstate = SSH_NO_STATE;
myssh_to(data, sshc, SSH_STOP);
break;
}
/* break the loop only on STOP or SSH_AGAIN. If `rc` is some
* other error code, we will have progressed the state accordingly. */
@ -2424,7 +2413,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data,
return result;
}
/* called by the multi interface to figure out what socket(s) to wait for and
for what actions in the DO_DONE, PERFORM and WAITPERFORM states */
static CURLcode myssh_pollset(struct Curl_easy *data,
@ -2525,7 +2513,6 @@ static CURLcode myssh_block_statemach(struct Curl_easy *data,
(void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, CURL_SOCKET_BAD,
left_ms > 1000 ? 1000 : left_ms);
}
}
return result;
@ -2717,9 +2704,8 @@ static CURLcode scp_doing(struct Curl_easy *data, bool *dophase_done)
* the options previously setup.
*/
static
CURLcode scp_perform(struct Curl_easy *data,
bool *connected, bool *dophase_done)
static CURLcode scp_perform(struct Curl_easy *data,
bool *connected, bool *dophase_done)
{
CURLcode result = CURLE_OK;
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
@ -2871,7 +2857,6 @@ static CURLcode myssh_done(struct Curl_easy *data,
return result;
}
static CURLcode scp_done(struct Curl_easy *data, CURLcode status,
bool premature)
{
@ -2963,10 +2948,9 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex,
* the options previously setup.
*/
static
CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
static CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
@ -3064,34 +3048,34 @@ static CURLcode sftp_send(struct Curl_easy *data, int sockindex,
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
switch(sshc->sftp_send_state) {
case 0:
sftp_file_set_nonblocking(sshc->sftp_file);
if(sftp_aio_begin_write(sshc->sftp_file, mem, len,
&sshc->sftp_send_aio) == SSH_ERROR) {
return CURLE_SEND_ERROR;
}
sshc->sftp_send_state = 1;
FALLTHROUGH();
case 1:
nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio);
myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE);
if(nwrite == SSH_AGAIN)
return CURLE_AGAIN;
else if(nwrite < 0)
return CURLE_SEND_ERROR;
/*
* sftp_aio_wait_write() would free sftp_send_aio and
* assign it NULL in all cases except when it returns
* SSH_AGAIN.
*/
sshc->sftp_send_state = 0;
*pnwritten = (size_t)nwrite;
return CURLE_OK;
default:
/* we never reach here */
case 0:
sftp_file_set_nonblocking(sshc->sftp_file);
if(sftp_aio_begin_write(sshc->sftp_file, mem, len,
&sshc->sftp_send_aio) == SSH_ERROR) {
return CURLE_SEND_ERROR;
}
sshc->sftp_send_state = 1;
FALLTHROUGH();
case 1:
nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio);
myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE);
if(nwrite == SSH_AGAIN)
return CURLE_AGAIN;
else if(nwrite < 0)
return CURLE_SEND_ERROR;
/*
* sftp_aio_wait_write() would free sftp_send_aio and
* assign it NULL in all cases except when it returns
* SSH_AGAIN.
*/
sshc->sftp_send_state = 0;
*pnwritten = (size_t)nwrite;
return CURLE_OK;
default:
/* we never reach here */
return CURLE_SEND_ERROR;
}
#else
/*
@ -3143,54 +3127,53 @@ static CURLcode sftp_recv(struct Curl_easy *data, int sockindex,
return CURLE_FAILED_INIT;
switch(sshc->sftp_recv_state) {
case 0:
case 0:
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
if(sftp_aio_begin_read(sshc->sftp_file, len,
&sshc->sftp_recv_aio) == SSH_ERROR) {
return CURLE_RECV_ERROR;
}
#else
sshc->sftp_file_index =
sftp_async_read_begin(sshc->sftp_file, (uint32_t)len);
if(sshc->sftp_file_index < 0)
return CURLE_RECV_ERROR;
#endif
FALLTHROUGH();
case 1:
sshc->sftp_recv_state = 1;
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len);
#else
nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len,
(uint32_t)sshc->sftp_file_index);
#endif
myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN));
if(nread == SSH_AGAIN)
return CURLE_AGAIN;
else if(nread < 0)
return CURLE_RECV_ERROR;
/*
* sftp_aio_wait_read() would free sftp_recv_aio and
* assign it NULL in all cases except when it returns
* SSH_AGAIN.
*/
sshc->sftp_recv_state = 0;
*pnread = (size_t)nread;
return CURLE_OK;
default:
/* we never reach here */
if(sftp_aio_begin_read(sshc->sftp_file, len,
&sshc->sftp_recv_aio) == SSH_ERROR) {
return CURLE_RECV_ERROR;
}
#else
sshc->sftp_file_index =
sftp_async_read_begin(sshc->sftp_file, (uint32_t)len);
if(sshc->sftp_file_index < 0)
return CURLE_RECV_ERROR;
#endif
FALLTHROUGH();
case 1:
sshc->sftp_recv_state = 1;
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len);
#else
nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len,
(uint32_t)sshc->sftp_file_index);
#endif
myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN));
if(nread == SSH_AGAIN)
return CURLE_AGAIN;
else if(nread < 0)
return CURLE_RECV_ERROR;
/*
* sftp_aio_wait_read() would free sftp_recv_aio and
* assign it NULL in all cases except when it returns
* SSH_AGAIN.
*/
sshc->sftp_recv_state = 0;
*pnread = (size_t)nread;
return CURLE_OK;
default:
/* we never reach here */
return CURLE_RECV_ERROR;
}
}
CURLcode Curl_ssh_init(void)
{
if(ssh_init()) {
@ -3210,4 +3193,4 @@ void Curl_ssh_version(char *buffer, size_t buflen)
(void)curl_msnprintf(buffer, buflen, "libssh/%s", ssh_version(0));
}
#endif /* USE_LIBSSH */
#endif /* USE_LIBSSH */

347
lib/vssh/libssh2.c
View file

@ -154,12 +154,12 @@ const struct Curl_handler Curl_handler_sftp = {
PROTOPT_NOURLQUERY | PROTOPT_CONN_REUSE
};
static void
kbd_callback(const char *name, int name_len, const char *instruction,
int instruction_len, int num_prompts,
const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
void **abstract)
static void kbd_callback(const char *name, int name_len,
const char *instruction, int instruction_len,
int num_prompts,
const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
void **abstract)
{
struct Curl_easy *data = (struct Curl_easy *)*abstract;
@ -187,30 +187,30 @@ kbd_callback(const char *name, int name_len, const char *instruction,
static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err)
{
switch(err) {
case LIBSSH2_FX_OK:
return CURLE_OK;
case LIBSSH2_FX_OK:
return CURLE_OK;
case LIBSSH2_FX_NO_SUCH_FILE:
case LIBSSH2_FX_NO_SUCH_PATH:
return CURLE_REMOTE_FILE_NOT_FOUND;
case LIBSSH2_FX_NO_SUCH_FILE:
case LIBSSH2_FX_NO_SUCH_PATH:
return CURLE_REMOTE_FILE_NOT_FOUND;
case LIBSSH2_FX_PERMISSION_DENIED:
case LIBSSH2_FX_WRITE_PROTECT:
case LIBSSH2_FX_LOCK_CONFlICT:
return CURLE_REMOTE_ACCESS_DENIED;
case LIBSSH2_FX_PERMISSION_DENIED:
case LIBSSH2_FX_WRITE_PROTECT:
case LIBSSH2_FX_LOCK_CONFlICT:
return CURLE_REMOTE_ACCESS_DENIED;
case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
case LIBSSH2_FX_QUOTA_EXCEEDED:
return CURLE_REMOTE_DISK_FULL;
case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
case LIBSSH2_FX_QUOTA_EXCEEDED:
return CURLE_REMOTE_DISK_FULL;
case LIBSSH2_FX_FILE_ALREADY_EXISTS:
return CURLE_REMOTE_FILE_EXISTS;
case LIBSSH2_FX_FILE_ALREADY_EXISTS:
return CURLE_REMOTE_FILE_EXISTS;
case LIBSSH2_FX_DIR_NOT_EMPTY:
return CURLE_QUOTE_ERROR;
case LIBSSH2_FX_DIR_NOT_EMPTY:
return CURLE_QUOTE_ERROR;
default:
break;
default:
break;
}
return CURLE_SSH;
@ -219,39 +219,39 @@ static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err)
static CURLcode libssh2_session_error_to_CURLE(int err)
{
switch(err) {
/* Ordered by order of appearance in libssh2.h */
case LIBSSH2_ERROR_NONE:
return CURLE_OK;
/* Ordered by order of appearance in libssh2.h */
case LIBSSH2_ERROR_NONE:
return CURLE_OK;
/* This is the error returned by libssh2_scp_recv2
* on unknown file */
case LIBSSH2_ERROR_SCP_PROTOCOL:
return CURLE_REMOTE_FILE_NOT_FOUND;
/* This is the error returned by libssh2_scp_recv2
* on unknown file */
case LIBSSH2_ERROR_SCP_PROTOCOL:
return CURLE_REMOTE_FILE_NOT_FOUND;
case LIBSSH2_ERROR_SOCKET_NONE:
return CURLE_COULDNT_CONNECT;
case LIBSSH2_ERROR_SOCKET_NONE:
return CURLE_COULDNT_CONNECT;
case LIBSSH2_ERROR_ALLOC:
return CURLE_OUT_OF_MEMORY;
case LIBSSH2_ERROR_ALLOC:
return CURLE_OUT_OF_MEMORY;
case LIBSSH2_ERROR_SOCKET_SEND:
return CURLE_SEND_ERROR;
case LIBSSH2_ERROR_SOCKET_SEND:
return CURLE_SEND_ERROR;
case LIBSSH2_ERROR_HOSTKEY_INIT:
case LIBSSH2_ERROR_HOSTKEY_SIGN:
case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
return CURLE_PEER_FAILED_VERIFICATION;
case LIBSSH2_ERROR_HOSTKEY_INIT:
case LIBSSH2_ERROR_HOSTKEY_SIGN:
case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
return CURLE_PEER_FAILED_VERIFICATION;
case LIBSSH2_ERROR_PASSWORD_EXPIRED:
return CURLE_LOGIN_DENIED;
case LIBSSH2_ERROR_PASSWORD_EXPIRED:
return CURLE_LOGIN_DENIED;
case LIBSSH2_ERROR_SOCKET_TIMEOUT:
case LIBSSH2_ERROR_TIMEOUT:
return CURLE_OPERATION_TIMEDOUT;
case LIBSSH2_ERROR_SOCKET_TIMEOUT:
case LIBSSH2_ERROR_TIMEOUT:
return CURLE_OPERATION_TIMEDOUT;
case LIBSSH2_ERROR_EAGAIN:
return CURLE_AGAIN;
case LIBSSH2_ERROR_EAGAIN:
return CURLE_AGAIN;
}
return CURLE_SSH;
@ -283,7 +283,7 @@ static LIBSSH2_FREE_FUNC(my_libssh2_free)
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
static const char *myssh_statename(sshstate state)
{
static const char *const names[] = {
static const char * const names[] = {
"SSH_STOP",
"SSH_INIT",
"SSH_S_STARTUP",
@ -354,7 +354,7 @@ static const char *myssh_statename(sshstate state)
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#define myssh_state(x,y,z) myssh_set_state(x,y,z)
#define myssh_state(x, y, z) myssh_set_state(x, y, z)
/*
* SSH State machine related code
@ -663,7 +663,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data,
/* The fingerprint points to static storage (!), do not free() it. */
int i;
for(i = 0; i < 16; i++) {
curl_msnprintf(&md5buffer[i*2], 3, "%02x",
curl_msnprintf(&md5buffer[i * 2], 3, "%02x",
(unsigned char)fingerprint[i]);
}
@ -703,7 +703,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data,
rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp,
(int)keytype, remotekey, keylen);
Curl_set_in_callback(data, FALSE);
if(rc!= CURLKHMATCH_OK) {
if(rc != CURLKHMATCH_OK) {
myssh_state(data, sshc, SSH_SESSION_FREE);
return CURLE_PEER_FAILED_VERIFICATION;
}
@ -1009,11 +1009,10 @@ static CURLcode sftp_quote(struct Curl_easy *data,
return CURLE_QUOTE_ERROR;
}
static CURLcode
sftp_upload_init(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
static CURLcode sftp_upload_init(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
{
unsigned long flags;
@ -1140,7 +1139,7 @@ sftp_upload_init(struct Curl_easy *data,
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */
do {
char scratch[4*1024];
char scratch[4 * 1024];
size_t readthisamountnow =
(data->state.resume_from - passed >
(curl_off_t)sizeof(scratch)) ?
@ -1283,11 +1282,10 @@ static CURLcode ssh_state_pkey_init(struct Curl_easy *data,
return 0;
}
static CURLcode
sftp_quote_stat(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
static CURLcode sftp_quote_stat(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
{
char *cmd = sshc->quote_item->data;
sshc->acceptfail = FALSE;
@ -1395,11 +1393,10 @@ fail:
return CURLE_QUOTE_ERROR;
}
static CURLcode
sftp_download_stat(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
static CURLcode sftp_download_stat(struct Curl_easy *data,
struct ssh_conn *sshc,
struct SSHPROTO *sshp,
bool *blockp)
{
LIBSSH2_SFTP_ATTRIBUTES attrs;
int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path,
@ -1468,8 +1465,7 @@ sftp_download_stat(struct Curl_easy *data,
/* Now store the number of bytes we are expected to download */
data->req.size = attrs.filesize - data->state.resume_from;
data->req.maxdownload = attrs.filesize - data->state.resume_from;
Curl_pgrsSetDownloadSize(data,
attrs.filesize - data->state.resume_from);
Curl_pgrsSetDownloadSize(data, attrs.filesize - data->state.resume_from);
libssh2_sftp_seek64(sshc->sftp_handle,
(libssh2_uint64_t)data->state.resume_from);
}
@ -1507,7 +1503,7 @@ static CURLcode sftp_readdir(struct Curl_easy *data,
return result;
}
if(rc > 0) {
size_t readdir_len = (size_t) rc;
size_t readdir_len = (size_t)rc;
sshp->readdir_filename[readdir_len] = '\0';
if(data->set.list_only) {
@ -1639,8 +1635,7 @@ static CURLcode ssh_state_authlist(struct Curl_easy *data,
myssh_state(data, sshc, SSH_SESSION_FREE);
return libssh2_session_error_to_CURLE(rc);
}
infof(data, "SSH authentication methods available: %s",
sshc->authlist);
infof(data, "SSH authentication methods available: %s", sshc->authlist);
myssh_state(data, sshc, SSH_AUTH_PKEY_INIT);
return CURLE_OK;
@ -1679,8 +1674,7 @@ static CURLcode ssh_state_auth_pkey(struct Curl_easy *data,
err_msg = unknown;
}
else {
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
}
infof(data, "SSH public key authentication failed: %s", err_msg);
myssh_state(data, sshc, SSH_AUTH_PASS_INIT);
@ -1742,8 +1736,8 @@ static CURLcode ssh_state_auth_agent_init(struct Curl_easy *data,
struct ssh_conn *sshc)
{
int rc = 0;
if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT)
&& (strstr(sshc->authlist, "publickey") != NULL)) {
if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT) &&
(strstr(sshc->authlist, "publickey") != NULL)) {
/* Connect to the ssh-agent */
/* The agent could be shared by a curl thread i believe
@ -1838,8 +1832,8 @@ static CURLcode ssh_state_auth_agent(struct Curl_easy *data,
static CURLcode ssh_state_auth_key_init(struct Curl_easy *data,
struct ssh_conn *sshc)
{
if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
&& (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD) &&
(strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
myssh_state(data, sshc, SSH_AUTH_KEY);
}
else {
@ -1913,8 +1907,7 @@ static CURLcode ssh_state_sftp_init(struct Curl_easy *data,
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "Failure initializing sftp session: %s", err_msg);
myssh_state(data, sshc, SSH_SESSION_FREE);
return CURLE_FAILED_INIT;
@ -2384,8 +2377,7 @@ static CURLcode ssh_state_scp_download_init(struct Curl_easy *data,
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0));
ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "%s", err_msg);
myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE);
return libssh2_session_error_to_CURLE(ssh_err);
@ -2415,8 +2407,7 @@ static CURLcode ssh_state_sftp_close(struct Curl_easy *data,
if(rc < 0) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
sshc->sftp_handle = NULL;
@ -2454,8 +2445,7 @@ static CURLcode ssh_state_sftp_shutdown(struct Curl_easy *data,
if(rc < 0) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg,
NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
sshc->sftp_handle = NULL;
@ -2527,8 +2517,7 @@ static CURLcode ssh_state_scp_upload_init(struct Curl_easy *data,
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0));
ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "%s", err_msg);
myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE);
result = libssh2_session_error_to_CURLE(ssh_err);
@ -2567,10 +2556,8 @@ static CURLcode ssh_state_session_disconnect(struct Curl_easy *data,
if(rc < 0) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
infof(data, "Failed to free libssh2 scp subsystem: %d %s",
rc, err_msg);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
}
sshc->ssh_channel = NULL;
}
@ -2582,10 +2569,8 @@ static CURLcode ssh_state_session_disconnect(struct Curl_easy *data,
if(rc < 0) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
infof(data, "Failed to disconnect libssh2 session: %d %s",
rc, err_msg);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to disconnect libssh2 session: %d %s", rc, err_msg);
}
}
@ -2750,8 +2735,7 @@ static CURLcode ssh_statemachine(struct Curl_easy *data,
}
break;
case SSH_SFTP_FILETIME:
{
case SSH_SFTP_FILETIME: {
LIBSSH2_SFTP_ATTRIBUTES attrs;
int rc;
@ -2778,7 +2762,7 @@ static CURLcode ssh_statemachine(struct Curl_easy *data,
if(data->state.upload)
myssh_state(data, sshc, SSH_SFTP_UPLOAD_INIT);
else if(sshp) {
if(sshp->path[strlen(sshp->path)-1] == '/')
if(sshp->path[strlen(sshp->path) - 1] == '/')
myssh_state(data, sshc, SSH_SFTP_READDIR_INIT);
else
myssh_state(data, sshc, SSH_SFTP_DOWNLOAD_INIT);
@ -3097,8 +3081,8 @@ static void ssh_block2waitfor(struct Curl_easy *data,
dir = libssh2_session_block_directions(sshc->ssh_session);
if(dir) {
/* translate the libssh2 define bits into our own bit defines */
sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) |
((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0);
sshc->waitfor = ((dir & LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) |
((dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0);
}
}
if(!dir)
@ -3308,24 +3292,24 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
{
const char *crypto_str;
switch(libssh2_crypto_engine()) {
case libssh2_gcrypt:
crypto_str = "libgcrypt";
break;
case libssh2_mbedtls:
crypto_str = "mbedTLS";
break;
case libssh2_openssl:
crypto_str = "openssl compatible";
break;
case libssh2_os400qc3:
crypto_str = "OS400QC3";
break;
case libssh2_wincng:
crypto_str = "WinCNG";
break;
default:
crypto_str = NULL;
break;
case libssh2_gcrypt:
crypto_str = "libgcrypt";
break;
case libssh2_mbedtls:
crypto_str = "mbedTLS";
break;
case libssh2_openssl:
crypto_str = "openssl compatible";
break;
case libssh2_os400qc3:
crypto_str = "OS400QC3";
break;
case libssh2_wincng:
crypto_str = "WinCNG";
break;
default:
crypto_str = NULL;
break;
}
if(crypto_str)
infof(data, "libssh2 cryptography backend: %s", crypto_str);
@ -3476,10 +3460,9 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
* the options previously setup.
*/
static
CURLcode scp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
static CURLcode scp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
@ -3562,8 +3545,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
rc = libssh2_agent_disconnect(sshc->ssh_agent);
if((rc < 0) && data) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to disconnect from libssh2 agent: %d %s",
rc, err_msg);
}
@ -3583,8 +3565,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
rc = libssh2_sftp_close(sshc->sftp_handle);
if((rc < 0) && data) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg,
NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
@ -3597,10 +3578,8 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
rc = libssh2_channel_free(sshc->ssh_channel);
if((rc < 0) && data) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
infof(data, "Failed to free libssh2 scp subsystem: %d %s",
rc, err_msg);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
return CURLE_AGAIN;
@ -3612,8 +3591,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
rc = libssh2_sftp_shutdown(sshc->sftp_session);
if((rc < 0) && data) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to stop libssh2 sftp subsystem: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
@ -3626,8 +3604,7 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
rc = libssh2_session_free(sshc->ssh_session);
if((rc < 0) && data) {
char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
(void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to free libssh2 session: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
@ -3653,7 +3630,6 @@ static CURLcode sshc_cleanup(struct ssh_conn *sshc, struct Curl_easy *data,
return CURLE_OK;
}
/* BLOCKING, but the function is using the state machine so the only reason
this is still blocking is that the multi interface code has no support for
disconnecting operations that takes a while */
@ -3701,7 +3677,6 @@ static CURLcode ssh_done(struct Curl_easy *data, CURLcode status)
return result;
}
static CURLcode scp_done(struct Curl_easy *data, CURLcode status,
bool premature)
{
@ -3731,8 +3706,8 @@ static CURLcode scp_send(struct Curl_easy *data, int sockindex,
return CURLE_FAILED_INIT;
/* libssh2_channel_write() returns int! */
nwritten = (ssize_t) libssh2_channel_write(sshc->ssh_channel,
(const char *)mem, len);
nwritten = (ssize_t)libssh2_channel_write(sshc->ssh_channel,
(const char *)mem, len);
ssh_block2waitfor(data, sshc, (nwritten == LIBSSH2_ERROR_EAGAIN));
@ -3761,7 +3736,7 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex,
return CURLE_FAILED_INIT;
/* libssh2_channel_read() returns int */
nread = (ssize_t) libssh2_channel_read(sshc->ssh_channel, mem, len);
nread = (ssize_t)libssh2_channel_read(sshc->ssh_channel, mem, len);
ssh_block2waitfor(data, sshc, (nread == LIBSSH2_ERROR_EAGAIN));
if(nread == LIBSSH2_ERROR_EAGAIN)
@ -3787,10 +3762,9 @@ static CURLcode scp_recv(struct Curl_easy *data, int sockindex,
* the options previously setup.
*/
static
CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
static CURLcode sftp_perform(struct Curl_easy *data,
bool *connected,
bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
@ -3850,7 +3824,6 @@ static CURLcode sftp_disconnect(struct Curl_easy *data,
sshc_cleanup(sshc, data, TRUE);
}
return result;
}
static CURLcode sftp_done(struct Curl_easy *data, CURLcode status,
@ -3934,65 +3907,65 @@ static CURLcode sftp_recv(struct Curl_easy *data, int sockindex,
static const char *sftp_libssh2_strerror(unsigned long err)
{
switch(err) {
case LIBSSH2_FX_NO_SUCH_FILE:
return "No such file or directory";
case LIBSSH2_FX_NO_SUCH_FILE:
return "No such file or directory";
case LIBSSH2_FX_PERMISSION_DENIED:
return "Permission denied";
case LIBSSH2_FX_PERMISSION_DENIED:
return "Permission denied";
case LIBSSH2_FX_FAILURE:
return "Operation failed";
case LIBSSH2_FX_FAILURE:
return "Operation failed";
case LIBSSH2_FX_BAD_MESSAGE:
return "Bad message from SFTP server";
case LIBSSH2_FX_BAD_MESSAGE:
return "Bad message from SFTP server";
case LIBSSH2_FX_NO_CONNECTION:
return "Not connected to SFTP server";
case LIBSSH2_FX_NO_CONNECTION:
return "Not connected to SFTP server";
case LIBSSH2_FX_CONNECTION_LOST:
return "Connection to SFTP server lost";
case LIBSSH2_FX_CONNECTION_LOST:
return "Connection to SFTP server lost";
case LIBSSH2_FX_OP_UNSUPPORTED:
return "Operation not supported by SFTP server";
case LIBSSH2_FX_OP_UNSUPPORTED:
return "Operation not supported by SFTP server";
case LIBSSH2_FX_INVALID_HANDLE:
return "Invalid handle";
case LIBSSH2_FX_INVALID_HANDLE:
return "Invalid handle";
case LIBSSH2_FX_NO_SUCH_PATH:
return "No such file or directory";
case LIBSSH2_FX_NO_SUCH_PATH:
return "No such file or directory";
case LIBSSH2_FX_FILE_ALREADY_EXISTS:
return "File already exists";
case LIBSSH2_FX_FILE_ALREADY_EXISTS:
return "File already exists";
case LIBSSH2_FX_WRITE_PROTECT:
return "File is write protected";
case LIBSSH2_FX_WRITE_PROTECT:
return "File is write protected";
case LIBSSH2_FX_NO_MEDIA:
return "No media";
case LIBSSH2_FX_NO_MEDIA:
return "No media";
case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
return "Disk full";
case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
return "Disk full";
case LIBSSH2_FX_QUOTA_EXCEEDED:
return "User quota exceeded";
case LIBSSH2_FX_QUOTA_EXCEEDED:
return "User quota exceeded";
case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
return "Unknown principle";
case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
return "Unknown principle";
case LIBSSH2_FX_LOCK_CONFlICT:
return "File lock conflict";
case LIBSSH2_FX_LOCK_CONFlICT:
return "File lock conflict";
case LIBSSH2_FX_DIR_NOT_EMPTY:
return "Directory not empty";
case LIBSSH2_FX_DIR_NOT_EMPTY:
return "Directory not empty";
case LIBSSH2_FX_NOT_A_DIRECTORY:
return "Not a directory";
case LIBSSH2_FX_NOT_A_DIRECTORY:
return "Not a directory";
case LIBSSH2_FX_INVALID_FILENAME:
return "Invalid filename";
case LIBSSH2_FX_INVALID_FILENAME:
return "Invalid filename";
case LIBSSH2_FX_LINK_LOOP:
return "Link points to itself";
case LIBSSH2_FX_LINK_LOOP:
return "Link points to itself";
}
return "Unknown error in libssh2";
}

6
lib/vssh/ssh.h
View file

@ -217,7 +217,7 @@ struct ssh_conn {
#ifdef USE_LIBSSH
#if LIBSSH_VERSION_INT < SSH_VERSION_INT(0, 9, 0)
# error "SCP/SFTP protocols require libssh 0.9.0 or later"
#error "SCP/SFTP protocols require libssh 0.9.0 or later"
#endif
#endif
@ -227,7 +227,7 @@ struct ssh_conn {
non-configure platforms */
#if !defined(LIBSSH2_VERSION_NUM) || (LIBSSH2_VERSION_NUM < 0x010208)
# error "SCP/SFTP protocols require libssh2 1.2.8 or later"
#error "SCP/SFTP protocols require libssh2 1.2.8 or later"
/* 1.2.8 was released on April 5 2011 */
#endif
@ -247,7 +247,7 @@ void Curl_ssh_attach(struct Curl_easy *data,
#else
/* for non-SSH builds */
#define Curl_ssh_cleanup()
#define Curl_ssh_attach(x,y)
#define Curl_ssh_attach(x, y)
#define Curl_ssh_init() 0
#endif

3
lib/vssh/vssh.c
View file

@ -75,7 +75,7 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
/* Copy a separating '/' if homedir does not end with one */
len = curlx_dyn_len(&npath);
p = curlx_dyn_ptr(&npath);
if(len && (p[len-1] != '/'))
if(len && (p[len - 1] != '/'))
copyfrom = 2;
if(curlx_dyn_addn(&npath, &working_path[copyfrom],
@ -147,7 +147,6 @@ CURLcode Curl_get_pathname(const char **cpp, char **path, const char *homedir)
if(!curlx_dyn_len(&out))
goto fail;
}
else {
struct Curl_str word;

5
lib/vtls/apple.c
View file

@ -207,8 +207,7 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf,
#if defined(HAVE_BUILTIN_AVAILABLE) && defined(SUPPORTS_SecOCSP)
if(ocsp_len > 0) {
if(__builtin_available(macOS 10.9, iOS 7, tvOS 9, watchOS 2, *)) {
CFDataRef ocspdata =
CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len);
CFDataRef ocspdata = CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len);
status = SecTrustSetOCSPResponse(trust, ocspdata);
CFRelease(ocspdata);
@ -243,7 +242,7 @@ CURLcode Curl_vtls_apple_verify(struct Curl_cfilter *cf,
err_desc = curlx_malloc(size + 1);
if(err_desc) {
if(!CFStringGetCString(error_ref, err_desc, size,
kCFStringEncodingUTF8)) {
kCFStringEncodingUTF8)) {
curlx_free(err_desc);
err_desc = NULL;
}

42
lib/vtls/cipher_suite.c
View file

@ -547,8 +547,7 @@ static const struct cs_entry cs_list [] = {
};
#define CS_LIST_LEN CURL_ARRAYSIZE(cs_list)
static int cs_str_to_zip(const char *cs_str, size_t cs_len,
uint8_t zip[6])
static int cs_str_to_zip(const char *cs_str, size_t cs_len, uint8_t zip[6])
{
uint8_t indexes[8] = {0};
const char *entry, *cur;
@ -568,7 +567,8 @@ static int cs_str_to_zip(const char *cs_str, size_t cs_len,
/* determine the length of the part */
cur = nxt;
for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++);
for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++)
;
len = nxt - cur;
/* lookup index for the part (skip empty string at 0) */
@ -581,22 +581,21 @@ static int cs_str_to_zip(const char *cs_str, size_t cs_len,
if(idx == CS_TXT_LEN)
return -1;
indexes[i++] = (uint8_t) idx;
indexes[i++] = (uint8_t)idx;
} while(nxt < end && *(nxt++) != '\0');
/* zip the 8 indexes into 48 bits */
zip[0] = (uint8_t) (indexes[0] << 2 | (indexes[1] & 0x3F) >> 4);
zip[1] = (uint8_t) (indexes[1] << 4 | (indexes[2] & 0x3F) >> 2);
zip[2] = (uint8_t) (indexes[2] << 6 | (indexes[3] & 0x3F));
zip[3] = (uint8_t) (indexes[4] << 2 | (indexes[5] & 0x3F) >> 4);
zip[4] = (uint8_t) (indexes[5] << 4 | (indexes[6] & 0x3F) >> 2);
zip[5] = (uint8_t) (indexes[6] << 6 | (indexes[7] & 0x3F));
zip[0] = (uint8_t)(indexes[0] << 2 | (indexes[1] & 0x3F) >> 4);
zip[1] = (uint8_t)(indexes[1] << 4 | (indexes[2] & 0x3F) >> 2);
zip[2] = (uint8_t)(indexes[2] << 6 | (indexes[3] & 0x3F));
zip[3] = (uint8_t)(indexes[4] << 2 | (indexes[5] & 0x3F) >> 4);
zip[4] = (uint8_t)(indexes[5] << 4 | (indexes[6] & 0x3F) >> 2);
zip[5] = (uint8_t)(indexes[6] << 6 | (indexes[7] & 0x3F));
return 0;
}
static int cs_zip_to_str(const uint8_t zip[6],
char *buf, size_t buf_size)
static int cs_zip_to_str(const uint8_t zip[6], char *buf, size_t buf_size)
{
uint8_t indexes[8] = {0};
const char *entry;
@ -659,13 +658,12 @@ uint16_t Curl_cipher_suite_lookup_id(const char *cs_str, size_t cs_len)
static bool cs_is_separator(char c)
{
switch(c) {
case ' ':
case '\t':
case ':':
case ',':
case ';':
return TRUE;
default:;
case ' ':
case '\t':
case ':':
case ',':
case ';':
return TRUE;
}
return FALSE;
}
@ -673,10 +671,12 @@ static bool cs_is_separator(char c)
uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end)
{
/* move string pointer to first non-separator or end of string */
for(; cs_is_separator(*str[0]); (*str)++);
for(; cs_is_separator(*str[0]); (*str)++)
;
/* move end pointer to next separator or end of string */
for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++);
for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++)
;
return Curl_cipher_suite_lookup_id(*str, *end - *str);
}

84
lib/vtls/gtls.c
View file

@ -66,7 +66,7 @@
#ifdef GTLSDEBUG
static void tls_log_func(int level, const char *str)
{
curl_mfprintf(stderr, "|<%d>| %s", level, str);
curl_mfprintf(stderr, "|<%d>| %s", level, str);
}
#endif
@ -131,8 +131,7 @@ static ssize_t gtls_pull(void *s, void *buf, size_t blen)
}
result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd",
blen, result, nread);
CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd", blen, result, nread);
backend->gtls.io_result = result;
if(result) {
/* !checksrc! disable ERRNOVAR 1 */
@ -173,9 +172,7 @@ static void gtls_cleanup(void)
}
#ifndef CURL_DISABLE_VERBOSE_STRINGS
static void showtime(struct Curl_easy *data,
const char *text,
time_t stamp)
static void showtime(struct Curl_easy *data, const char *text, time_t stamp)
{
struct tm buffer;
const struct tm *tm = &buffer;
@ -209,10 +206,10 @@ static gnutls_datum_t load_file(const char *file)
f = curlx_fopen(file, "rb");
if(!f)
return loaded_file;
if(fseek(f, 0, SEEK_END) != 0
|| (filelen = ftell(f)) < 0
|| fseek(f, 0, SEEK_SET) != 0
|| !(ptr = curlx_malloc((size_t)filelen)))
if(fseek(f, 0, SEEK_END) != 0 ||
(filelen = ftell(f)) < 0 ||
fseek(f, 0, SEEK_SET) != 0 ||
!(ptr = curlx_malloc((size_t)filelen)))
goto out;
if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
curlx_free(ptr);
@ -231,7 +228,6 @@ static void unload_file(gnutls_datum_t data)
curlx_free(data.data);
}
/* this function does an SSL/TLS (re-)handshake */
static CURLcode cf_gtls_handshake(struct Curl_cfilter *cf,
struct Curl_easy *data)
@ -584,20 +580,20 @@ static bool gtls_shared_creds_different(struct Curl_cfilter *cf,
return strcmp(sc->CAfile, conn_config->CAfile);
}
static struct gtls_shared_creds*
gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data)
static struct gtls_shared_creds *gtls_get_cached_creds(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct gtls_shared_creds *shared_creds;
if(data->multi) {
shared_creds = Curl_hash_pick(&data->multi->proto_hash,
CURL_UNCONST(MPROTO_GTLS_X509_KEY),
sizeof(MPROTO_GTLS_X509_KEY)-1);
if(shared_creds && shared_creds->creds &&
!gtls_shared_creds_expired(data, shared_creds) &&
!gtls_shared_creds_different(cf, shared_creds)) {
return shared_creds;
}
sizeof(MPROTO_GTLS_X509_KEY) - 1);
if(shared_creds && shared_creds->creds &&
!gtls_shared_creds_expired(data, shared_creds) &&
!gtls_shared_creds_different(cf, shared_creds)) {
return shared_creds;
}
}
return NULL;
}
@ -605,7 +601,7 @@ gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data)
static void gtls_shared_creds_hash_free(void *key, size_t key_len, void *p)
{
struct gtls_shared_creds *sc = p;
DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY)-1));
DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_GTLS_X509_KEY, key, key_len));
(void)key;
(void)key_len;
@ -635,9 +631,9 @@ static void gtls_set_cached_creds(struct Curl_cfilter *cf,
return;
if(!Curl_hash_add2(&data->multi->proto_hash,
CURL_UNCONST(MPROTO_GTLS_X509_KEY),
sizeof(MPROTO_GTLS_X509_KEY)-1,
sc, gtls_shared_creds_hash_free)) {
CURL_UNCONST(MPROTO_GTLS_X509_KEY),
sizeof(MPROTO_GTLS_X509_KEY) - 1,
sc, gtls_shared_creds_hash_free)) {
Curl_gtls_shared_creds_free(&sc); /* down reference again */
return;
}
@ -839,7 +835,7 @@ static CURLcode gtls_set_priority(struct Curl_cfilter *cf,
if((conn_config->cipher_list[0] == '+') ||
(conn_config->cipher_list[0] == '-') ||
(conn_config->cipher_list[0] == '!')) {
/* add it to out own */
/* add it to out own */
if(!curlx_dyn_len(&buf)) { /* not added yet */
result = curlx_dyn_add(&buf, priority);
if(result)
@ -1106,8 +1102,8 @@ static CURLcode gtls_on_session_reuse(struct Curl_cfilter *cf,
connssl->earlydata_state = ssl_earlydata_await;
connssl->state = ssl_connection_deferred;
result = Curl_alpn_set_negotiated(cf, data, connssl,
(const unsigned char *)scs->alpn,
scs->alpn ? strlen(scs->alpn) : 0);
(const unsigned char *)scs->alpn,
scs->alpn ? strlen(scs->alpn) : 0);
*do_early_data = !result;
}
return result;
@ -1225,8 +1221,8 @@ out:
return result;
}
static CURLcode
gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode gtls_connect_step1(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
@ -1333,8 +1329,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
return result;
}
void Curl_gtls_report_handshake(struct Curl_easy *data,
struct gtls_ctx *gctx)
void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(Curl_trc_is_verbose(data)) {
@ -1580,8 +1575,7 @@ static CURLcode glts_apple_verify(struct Curl_cfilter *cf,
CURLcode result;
result = Curl_vtls_apple_verify(cf, data, peer, chain->num_certs,
gtls_chain_get_der, chain,
NULL, 0);
gtls_chain_get_der, chain, NULL, 0);
*pverified = !result;
if(*pverified)
infof(data, " SSL certificate verified by Apple SecTrust.");
@ -1589,14 +1583,13 @@ static CURLcode glts_apple_verify(struct Curl_cfilter *cf,
}
#endif /* USE_APPLE_SECTRUST */
CURLcode
Curl_gtls_verifyserver(struct Curl_cfilter *cf,
struct Curl_easy *data,
gnutls_session_t session,
struct ssl_primary_config *config,
struct ssl_config_data *ssl_config,
struct ssl_peer *peer,
const char *pinned_key)
CURLcode Curl_gtls_verifyserver(struct Curl_cfilter *cf,
struct Curl_easy *data,
gnutls_session_t session,
struct ssl_primary_config *config,
struct ssl_config_data *ssl_config,
struct ssl_peer *peer,
const char *pinned_key)
{
struct gtls_cert_chain chain;
gnutls_x509_crt_t x509_cert = NULL, x509_issuer = NULL;
@ -1651,7 +1644,7 @@ Curl_gtls_verifyserver(struct Curl_cfilter *cf,
goto out;
for(i = 0; i < chain.num_certs; i++) {
const char *beg = (const char *) chain.certs[i].data;
const char *beg = (const char *)chain.certs[i].data;
const char *end = beg + chain.certs[i].size;
result = Curl_extract_certinfo(data, (int)i, beg, end);
@ -1897,7 +1890,7 @@ static CURLcode gtls_send_earlydata(struct Curl_cfilter *cf,
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
(struct gtls_ssl_backend_data *)connssl->backend;
(struct gtls_ssl_backend_data *)connssl->backend;
CURLcode result = CURLE_OK;
const unsigned char *buf;
size_t blen;
@ -1907,8 +1900,7 @@ static CURLcode gtls_send_earlydata(struct Curl_cfilter *cf,
backend->gtls.io_result = CURLE_OK;
while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) {
n = gnutls_record_send_early_data(backend->gtls.session, buf, blen);
CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd",
blen, n);
CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd", blen, n);
if(n < 0) {
if(n == GNUTLS_E_AGAIN)
result = CURLE_AGAIN;
@ -1947,7 +1939,7 @@ static CURLcode gtls_connect_common(struct Curl_cfilter *cf,
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
(struct gtls_ssl_backend_data *)connssl->backend;
(struct gtls_ssl_backend_data *)connssl->backend;
CURLcode result = CURLE_OK;
DEBUGASSERT(backend);
@ -2131,7 +2123,7 @@ static CURLcode gtls_shutdown(struct Curl_cfilter *cf,
size_t i;
DEBUGASSERT(backend);
/* If we have no handshaked connection or already shut down */
/* If we have no handshaked connection or already shut down */
if(!backend->gtls.session || cf->shutdown ||
connssl->state != ssl_connection_complete) {
*done = TRUE;

3
lib/vtls/gtls.h
View file

@ -119,8 +119,7 @@ CURLcode Curl_gtls_cache_session(struct Curl_cfilter *cf,
size_t quic_tp_len);
/* Report properties of a successful handshake */
void Curl_gtls_report_handshake(struct Curl_easy *data,
struct gtls_ctx *gctx);
void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx);
extern const struct Curl_ssl Curl_ssl_gnutls;

4
lib/vtls/hostcheck.c
View file

@ -84,9 +84,9 @@ static bool hostmatch(const char *hostname,
DEBUGASSERT(hostlen);
/* normalize pattern and hostname by stripping off trailing dots */
if(hostname[hostlen-1]=='.')
if(hostname[hostlen - 1] == '.')
hostlen--;
if(pattern[patternlen-1]=='.')
if(pattern[patternlen - 1] == '.')
patternlen--;
if(strncmp(pattern, "*.", 2))

19
lib/vtls/keylog.c
View file

@ -38,8 +38,7 @@
/* The fp for the open SSLKEYLOGFILE, or NULL if not open */
static FILE *keylog_file_fp;
void
Curl_tls_keylog_open(void)
void Curl_tls_keylog_open(void)
{
char *keylog_file_name;
@ -63,8 +62,7 @@ Curl_tls_keylog_open(void)
}
}
void
Curl_tls_keylog_close(void)
void Curl_tls_keylog_close(void)
{
if(keylog_file_fp) {
curlx_fclose(keylog_file_fp);
@ -72,14 +70,12 @@ Curl_tls_keylog_close(void)
}
}
bool
Curl_tls_keylog_enabled(void)
bool Curl_tls_keylog_enabled(void)
{
return keylog_file_fp != NULL;
}
bool
Curl_tls_keylog_write_line(const char *line)
bool Curl_tls_keylog_write_line(const char *line)
{
/* The current maximum valid keylog line length LF and NUL is 195. */
size_t linelen;
@ -107,10 +103,9 @@ Curl_tls_keylog_write_line(const char *line)
return TRUE;
}
bool
Curl_tls_keylog_write(const char *label,
const unsigned char client_random[CLIENT_RANDOM_SIZE],
const unsigned char *secret, size_t secretlen)
bool Curl_tls_keylog_write(const char *label,
const unsigned char client_random[CLIENT_RANDOM_SIZE],
const unsigned char *secret, size_t secretlen)
{
size_t pos, i;
unsigned char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +

73
lib/vtls/mbedtls.c
View file

@ -38,7 +38,7 @@
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER < 0x03020000
#error "mbedTLS 3.2.0 or later required"
#error "mbedTLS 3.2.0 or later required"
#endif
#include <psa/crypto_config.h>
#include <mbedtls/net_sockets.h>
@ -77,7 +77,7 @@
/* ALPN for http2 */
#if defined(USE_HTTP2) && defined(MBEDTLS_SSL_ALPN)
# define HAS_ALPN_MBEDTLS
#define HAS_ALPN_MBEDTLS
#endif
struct mbed_ssl_backend_data {
@ -109,7 +109,7 @@ struct mbed_ssl_backend_data {
#endif
#ifndef MBEDTLS_ERROR_C
#define mbedtls_strerror(a,b,c) b[0] = 0
#define mbedtls_strerror(a, b, c) b[0] = 0
#endif
#if defined(CURL_MBEDTLS_DRBG) && defined(HAS_THREADING_SUPPORT)
@ -217,8 +217,7 @@ static int mbedtls_bio_cf_read(void *bio, unsigned char *buf, size_t blen)
/*
* profile
*/
static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr =
{
static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = {
/* Hashes from SHA-1 and above */
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
@ -307,9 +306,8 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data,
cipher suite present in other SSL implementations. Provide
provisional support for specifying the cipher suite here. */
#ifdef MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
static int
mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
bool prefer_rfc)
static int mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
bool prefer_rfc)
{
if(id == MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8)
curl_msnprintf(buf, buf_size, "%s", "TLS_ECJPAKE_WITH_AES_128_CCM_8");
@ -318,8 +316,7 @@ mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
return 0;
}
static uint16_t
mbed_cipher_suite_walk_str(const char **str, const char **end)
static uint16_t mbed_cipher_suite_walk_str(const char **str, const char **end)
{
uint16_t id = Curl_cipher_suite_walk_str(str, end);
size_t len = *end - *str;
@ -348,7 +345,8 @@ mbed_set_selected_ciphers(struct Curl_easy *data,
const char *ptr, *end;
supported = mbedtls_ssl_list_ciphersuites();
for(i = 0; supported[i] != 0; i++);
for(i = 0; supported[i] != 0; i++)
;
supported_len = i;
selected = curlx_malloc(sizeof(int) * (supported_len + 1));
@ -361,7 +359,7 @@ mbed_set_selected_ciphers(struct Curl_easy *data,
if(!ciphers13) {
/* Add default TLSv1.3 ciphers to selection */
for(j = 0; j < supported_len; j++) {
uint16_t id = (uint16_t) supported[j];
uint16_t id = (uint16_t)supported[j];
if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) != 0)
continue;
@ -380,23 +378,25 @@ add_ciphers:
/* Check if cipher is supported */
if(id) {
for(i = 0; i < supported_len && supported[i] != id; i++);
for(i = 0; i < supported_len && supported[i] != id; i++)
;
if(i == supported_len)
id = 0;
}
if(!id) {
if(ptr[0] != '\0')
infof(data, "mbedTLS: unknown cipher in list: \"%.*s\"",
(int) (end - ptr), ptr);
(int)(end - ptr), ptr);
continue;
}
/* No duplicates allowed (so selected cannot overflow) */
for(i = 0; i < count && selected[i] != id; i++);
for(i = 0; i < count && selected[i] != id; i++)
;
if(i < count) {
if(i >= default13_count)
infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"",
(int) (end - ptr), ptr);
(int)(end - ptr), ptr);
continue;
}
@ -412,12 +412,13 @@ add_ciphers:
if(!ciphers12) {
/* Add default TLSv1.2 ciphers to selection */
for(j = 0; j < supported_len; j++) {
uint16_t id = (uint16_t) supported[j];
uint16_t id = (uint16_t)supported[j];
if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) == 0)
continue;
/* No duplicates allowed (so selected cannot overflow) */
for(i = 0; i < count && selected[i] != id; i++);
for(i = 0; i < count && selected[i] != id; i++)
;
if(i < count)
continue;
@ -441,8 +442,8 @@ add_ciphers:
return CURLE_OK;
}
static void
mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt)
static void mbed_dump_cert_info(struct Curl_easy *data,
const mbedtls_x509_crt *crt)
{
#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(MBEDTLS_X509_REMOVE_INFO)
(void)data, (void)crt;
@ -454,7 +455,7 @@ mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt)
infof(data, "Server certificate:");
for(p = buffer; *p; p += *p != '\0') {
size_t s = strcspn(p, "\n");
infof(data, "%.*s", (int) s, p);
infof(data, "%.*s", (int)s, p);
p += s;
}
}
@ -465,8 +466,8 @@ mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt)
#endif
}
static void
mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt)
static void mbed_extract_certinfo(struct Curl_easy *data,
const mbedtls_x509_crt *crt)
{
CURLcode result;
const mbedtls_x509_crt *cur;
@ -485,7 +486,7 @@ mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt)
result = Curl_ssl_init_certinfo(data, cert_count);
for(i = 0, cur = crt; result == CURLE_OK && cur; ++i, cur = cur->next) {
const char *beg = (const char *) cur->raw.p;
const char *beg = (const char *)cur->raw.p;
const char *end = beg + cur->raw.len;
result = Curl_extract_certinfo(data, i, beg, end);
}
@ -494,7 +495,7 @@ mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt)
static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt,
int depth, uint32_t *flags)
{
struct Curl_cfilter *cf = (struct Curl_cfilter *) ptr;
struct Curl_cfilter *cf = (struct Curl_cfilter *)ptr;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
struct Curl_easy *data = CF_DATA_CURRENT(cf);
@ -523,8 +524,8 @@ static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt,
return 0;
}
static CURLcode
mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode mbed_connect_step1(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
@ -959,8 +960,8 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
return CURLE_OK;
}
static CURLcode
mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode mbed_connect_step2(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
CURLcode result;
int ret;
@ -1004,8 +1005,8 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
{
char cipher_str[64];
uint16_t cipher_id;
cipher_id = (uint16_t)
mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
cipher_id =
(uint16_t)mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), TRUE);
infof(data, "mbedTLS: %s Handshake complete, cipher is %s",
mbedtls_ssl_get_version(&backend->ssl), cipher_str);
@ -1084,8 +1085,8 @@ pinnedpubkey_error:
return CURLE_OK;
}
static CURLcode
mbed_new_session(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode mbed_new_session(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
@ -1148,8 +1149,7 @@ out:
}
static CURLcode mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data,
const void *mem, size_t len,
size_t *pnwritten)
const void *mem, size_t len, size_t *pnwritten)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
@ -1327,8 +1327,7 @@ static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data)
}
static CURLcode mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
char *buf, size_t buffersize,
size_t *pnread)
char *buf, size_t buffersize, size_t *pnread)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =

5
lib/vtls/mbedtls_threadlock.c
View file

@ -24,9 +24,8 @@
***************************************************************************/
#include "../curl_setup.h"
#if defined(USE_MBEDTLS) && \
((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
defined(_WIN32))
#if defined(USE_MBEDTLS) && \
((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32))
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
# include <pthread.h>

3
lib/vtls/mbedtls_threadlock.h
View file

@ -28,8 +28,7 @@
#ifdef USE_MBEDTLS
#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
defined(_WIN32)
#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32)
int Curl_mbedtlsthreadlock_thread_setup(void);
int Curl_mbedtlsthreadlock_thread_cleanup(void);

148
lib/vtls/openssl.c
View file

@ -179,7 +179,7 @@ static void ossl_provider_cleanup(struct Curl_easy *data);
#define OSSL_PACKAGE "BoringSSL"
#elif defined(OPENSSL_IS_AWSLC)
#define OSSL_PACKAGE "AWS-LC"
#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
!defined(OPENSSL_QUIC_API2)
#define OSSL_PACKAGE "quictls"
#else
@ -234,7 +234,7 @@ static CURLcode pubkey_show(struct Curl_easy *data,
return push_certinfo(data, mem, namebuf, num);
}
#define print_pubkey_BN(_type, _name, _num) \
#define print_pubkey_BN(_type, _name, _num) \
pubkey_show(data, mem, _num, #_type, #_name, _name)
static int asn1_object_dump(const ASN1_OBJECT *a, char *buf, size_t len)
@ -685,8 +685,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line)
* ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
* OpenSSL being used does not have native support for doing that.
*/
static void
ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
static void ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
{
const SSL_SESSION *session;
unsigned char client_random[SSL3_RANDOM_SIZE];
@ -791,8 +790,7 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size)
return buf;
}
static int passwd_callback(char *buf, int num, int encrypting,
void *password)
static int passwd_callback(char *buf, int num, int encrypting, void *password)
{
DEBUGASSERT(encrypting == 0);
@ -932,8 +930,7 @@ static int use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
}
else if(type == SSL_FILETYPE_PEM) {
/* ERR_R_PEM_LIB; */
x = PEM_read_bio_X509(in, NULL,
passwd_callback, CURL_UNCONST(key_passwd));
x = PEM_read_bio_X509(in, NULL, passwd_callback, CURL_UNCONST(key_passwd));
}
else {
ret = 0;
@ -979,9 +976,9 @@ end:
return ret;
}
static int
use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
const char *key_passwd)
static int use_certificate_chain_blob(SSL_CTX *ctx,
const struct curl_blob *blob,
const char *key_passwd)
{
int ret = 0;
X509 *x = NULL;
@ -1011,8 +1008,7 @@ use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
}
while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
CURL_UNCONST(key_passwd)))
!= NULL) {
CURL_UNCONST(key_passwd))) != NULL) {
if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
X509_free(ca);
@ -1054,8 +1050,7 @@ static int enginecheck(struct Curl_easy *data,
}
if(data->state.engine) {
UI_METHOD *ui_method =
UI_create_method("curl user interface");
UI_METHOD *ui_method = UI_create_method("curl user interface");
if(!ui_method) {
failf(data, "unable to create " OSSL_PACKAGE " user-interface method");
return 0;
@ -1116,8 +1111,7 @@ static int providercheck(struct Curl_easy *data,
EVP_PKEY *priv_key = NULL;
OSSL_STORE_CTX *store = NULL;
OSSL_STORE_INFO *info = NULL;
UI_METHOD *ui_method =
UI_create_method("curl user interface");
UI_METHOD *ui_method = UI_create_method("curl user interface");
if(!ui_method) {
failf(data, "unable to create " OSSL_PACKAGE " user-interface method");
return 0;
@ -1221,16 +1215,15 @@ static int engineload(struct Curl_easy *data,
/* Load the certificate from the engine */
if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
0, &params, NULL, 1)) {
failf(data, "ssl engine cannot load client cert with id"
" '%s' [%s]", cert_file,
failf(data, "ssl engine cannot load client cert with id '%s' [%s]",
cert_file,
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)));
return 0;
}
if(!params.cert) {
failf(data, "ssl engine did not initialized the certificate "
"properly.");
failf(data, "ssl engine did not initialized the certificate properly.");
return 0;
}
@ -1352,8 +1345,7 @@ static int pkcs12load(struct Curl_easy *data,
if(cert_blob) {
cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
if(!cert_bio) {
failf(data,
"BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
failf(data, "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
@ -1362,8 +1354,7 @@ static int pkcs12load(struct Curl_easy *data,
else {
cert_bio = BIO_new(BIO_s_file());
if(!cert_bio) {
failf(data,
"BIO_new return NULL, " OSSL_PACKAGE " error %s",
failf(data, "BIO_new return NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
@ -1386,11 +1377,9 @@ static int pkcs12load(struct Curl_easy *data,
}
if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) {
failf(data,
"could not parse PKCS12 file, check password, " OSSL_PACKAGE
failf(data, "could not parse PKCS12 file, check password, " OSSL_PACKAGE
" error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
PKCS12_free(p12);
return 0;
}
@ -1398,17 +1387,14 @@ static int pkcs12load(struct Curl_easy *data,
PKCS12_free(p12);
if(SSL_CTX_use_certificate(ctx, x509) != 1) {
failf(data,
"could not load PKCS12 client certificate, " OSSL_PACKAGE
failf(data, "could not load PKCS12 client certificate, " OSSL_PACKAGE
" error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
goto fail;
}
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
failf(data, "unable to use private key from PKCS12 file '%s'",
cert_file);
failf(data, "unable to use private key from PKCS12 file '%s'", cert_file);
goto fail;
}
@ -1500,7 +1486,7 @@ static CURLcode client_cert(struct Curl_easy *data,
"(no key found, wrong passphrase, or wrong file format?)",
(cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
sizeof(error_buffer)));
return CURLE_SSL_CERTPROBLEM;
}
break;
@ -1520,7 +1506,7 @@ static CURLcode client_cert(struct Curl_easy *data,
"(no key found, wrong passphrase, or wrong file format?)",
(cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
sizeof(error_buffer)));
return CURLE_SSL_CERTPROBLEM;
}
break;
@ -1850,20 +1836,17 @@ static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname)
return CURLE_OK;
}
data->state.provider =
OSSL_PROVIDER_try_load(data->state.libctx, name, 1);
data->state.provider = OSSL_PROVIDER_try_load(data->state.libctx, name, 1);
if(!data->state.provider) {
char error_buffer[256];
failf(data, "Failed to initialize provider: %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)));
ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
ossl_provider_cleanup(data);
return CURLE_SSL_ENGINE_NOTFOUND;
}
/* load the base provider as well */
data->state.baseprov =
OSSL_PROVIDER_try_load(data->state.libctx, "base", 1);
data->state.baseprov = OSSL_PROVIDER_try_load(data->state.libctx, "base", 1);
if(!data->state.baseprov) {
ossl_provider_cleanup(data);
failf(data, "Failed to load base");
@ -1875,7 +1858,6 @@ static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname)
}
#endif
static CURLcode ossl_shutdown(struct Curl_cfilter *cf,
struct Curl_easy *data,
bool send_shutdown, bool *done)
@ -2138,7 +2120,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data,
if(check->type == target) {
/* get data and length */
const char *altptr = (const char *)ASN1_STRING_get0_data(check->d.ia5);
size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
size_t altlen = (size_t)ASN1_STRING_length(check->d.ia5);
switch(target) {
case GEN_DNS: /* name/pattern comparison */
@ -2166,8 +2148,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data,
our server IP address is */
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
matched = TRUE;
infof(data,
" subjectAltName: \"%s\" matches cert's IP address!",
infof(data, " subjectAltName: \"%s\" matches cert's IP address!",
peer->dispname);
}
break;
@ -2242,8 +2223,7 @@ static CURLcode ossl_verifyhost(struct Curl_easy *data,
/* error already detected, pass through */
;
else if(!cn) {
failf(data,
"SSL: unable to obtain common name from peer certificate");
failf(data, "SSL: unable to obtain common name from peer certificate");
result = CURLE_PEER_FAILED_VERIFICATION;
}
else if(!Curl_cert_hostcheck((const char *)cn, cnlen,
@ -2780,7 +2760,7 @@ out:
*/
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
{
struct Curl_cfilter *cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);
struct Curl_cfilter *cf = (struct Curl_cfilter *)SSL_get_app_data(ssl);
if(cf) {
struct Curl_easy *data = CF_DATA_CURRENT(cf);
struct ssl_connect_data *connssl = cf->ctx;
@ -3181,7 +3161,7 @@ static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf,
failf(data, "error loading CRL file: %s", ssl_crlfile);
return CURLE_SSL_CRL_BADFILE;
}
x509flags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
x509flags = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
infof(data, " CRLfile: %s", ssl_crlfile);
}
@ -3210,7 +3190,7 @@ static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf,
}
/* key to use at `multi->proto_hash` */
#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share"
#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share"
struct ossl_x509_share {
char *CAfile; /* CAfile path used to generate X509 store */
@ -3222,7 +3202,7 @@ struct ossl_x509_share {
static void oss_x509_share_free(void *key, size_t key_len, void *p)
{
struct ossl_x509_share *share = p;
DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1));
DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len));
(void)key;
(void)key_len;
@ -3233,9 +3213,8 @@ static void oss_x509_share_free(void *key, size_t key_len, void *p)
curlx_free(share);
}
static bool
ossl_cached_x509_store_expired(const struct Curl_easy *data,
const struct ossl_x509_share *mb)
static bool ossl_cached_x509_store_expired(const struct Curl_easy *data,
const struct ossl_x509_share *mb)
{
const struct ssl_general_config *cfg = &data->set.general_ssl;
if(cfg->ca_cache_timeout < 0)
@ -3249,9 +3228,8 @@ ossl_cached_x509_store_expired(const struct Curl_easy *data,
}
}
static bool
ossl_cached_x509_store_different(struct Curl_cfilter *cf,
const struct ossl_x509_share *mb)
static bool ossl_cached_x509_store_different(struct Curl_cfilter *cf,
const struct ossl_x509_share *mb)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
if(!mb->CAfile || !conn_config->CAfile)
@ -3272,7 +3250,7 @@ static X509_STORE *ossl_get_cached_x509_store(struct Curl_cfilter *cf,
*pempty = TRUE;
share = multi ? Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL;
sizeof(MPROTO_OSSL_X509_KEY) - 1) : NULL;
if(share && share->store &&
!ossl_cached_x509_store_expired(data, share) &&
!ossl_cached_x509_store_different(cf, share)) {
@ -3297,7 +3275,7 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf,
return;
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
sizeof(MPROTO_OSSL_X509_KEY)-1);
sizeof(MPROTO_OSSL_X509_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
@ -3305,7 +3283,7 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf,
return;
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
sizeof(MPROTO_OSSL_X509_KEY)-1,
sizeof(MPROTO_OSSL_X509_KEY) - 1,
share, oss_x509_share_free)) {
curlx_free(share);
return;
@ -3508,8 +3486,7 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
if(data->set.tls_ech & CURLECH_HARD)
return result;
}
if(SSL_set1_ech_config_list(octx->ssl, ech_config,
ech_config_len) != 1) {
if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) {
infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
if(data->set.tls_ech & CURLECH_HARD) {
curlx_free(ech_config);
@ -3519,14 +3496,13 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
curlx_free(ech_config);
trying_ech_now = 1;
# else
ech_config = (unsigned char *) data->set.str[STRING_ECH_CONFIG];
ech_config = (unsigned char *)data->set.str[STRING_ECH_CONFIG];
if(!ech_config) {
infof(data, "ECH: ECHConfig from command line empty");
return CURLE_SSL_CONNECT_ERROR;
}
ech_config_len = strlen(data->set.str[STRING_ECH_CONFIG]);
if(SSL_set1_ech_config_list(octx->ssl, ech_config,
ech_config_len) != 1) {
if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) {
infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
if(data->set.tls_ech & CURLECH_HARD)
return CURLE_SSL_CONNECT_ERROR;
@ -3584,16 +3560,16 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
infof(data, "ECH: inner: '%s', outer: '%s'",
peer->hostname ? peer->hostname : "NULL", outername);
result = SSL_ech_set1_server_names(octx->ssl,
peer->hostname, outername,
0 /* do send outer */);
peer->hostname, outername,
0 /* do send outer */);
if(result != 1) {
infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result);
return CURLE_SSL_CONNECT_ERROR;
}
}
# endif /* HAVE_BORINGSSL_LIKE */
if(trying_ech_now
&& SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
if(trying_ech_now &&
SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
return CURLE_SSL_CONNECT_ERROR;
}
@ -3602,7 +3578,6 @@ static CURLcode ossl_init_ech(struct ossl_ctx *octx,
}
#endif /* USE_ECH_OPENSSL */
static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
struct Curl_cfilter *cf,
struct Curl_easy *data,
@ -3706,7 +3681,6 @@ static CURLcode ossl_init_method(struct Curl_cfilter *cf,
return *pmethod ? CURLE_OK : CURLE_SSL_CONNECT_ERROR;
}
CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
struct Curl_cfilter *cf,
struct Curl_easy *data,
@ -3821,7 +3795,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
/* "--tlsv<x.y>" options mean TLS >= version <x.y> */
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
@ -4036,8 +4010,7 @@ static CURLcode ossl_on_session_reuse(struct Curl_cfilter *cf,
return result;
}
void Curl_ossl_report_handshake(struct Curl_easy *data,
struct ossl_ctx *octx)
void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(Curl_trc_is_verbose(data)) {
@ -4065,7 +4038,6 @@ void Curl_ossl_report_handshake(struct Curl_easy *data,
(void)data;
(void)octx;
#endif /* CURL_DISABLE_VERBOSE_STRINGS */
}
static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
@ -4121,7 +4093,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
#ifdef USE_ECH_OPENSSL
/* If we have retry configs, then trace those out */
static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl,
static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL *ssl,
int reason)
{
CURLcode result = CURLE_OK;
@ -4247,7 +4219,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
else {
/* untreated error */
sslerr_t errdetail;
char error_buffer[256]="";
char error_buffer[256] = "";
CURLcode result;
long lerr;
int lib;
@ -4319,7 +4291,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
* the SO_ERROR is also lost.
*/
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
char extramsg[80]="";
char extramsg[80] = "";
int sockerr = SOCKERRNO;
if(sockerr && detail == SSL_ERROR_SYSCALL)
@ -4374,7 +4346,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
break;
default:
status = "unexpected status";
infof(data, "ECH: unexpected status %d",rv);
infof(data, "ECH: unexpected status %d", rv);
}
infof(data, "ECH: result: status is %s, inner is %s, outer is %s",
(status ? status : "NULL"),
@ -4418,7 +4390,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
* Heavily modified from:
* https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
*/
static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509 *cert,
const char *pinnedpubkey)
{
/* Scratch */
@ -4534,8 +4506,7 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
type_name = NULL;
#endif
infof(data,
" Certificate level %d: "
infof(data, " Certificate level %d: "
"Public key type %s%s (%d/%d Bits/secBits), signed using %s",
cert_level, type_name ? type_name : "?",
get_group_name == 0 ? "" : group_name_final,
@ -4553,7 +4524,7 @@ static CURLcode ossl_check_issuer(struct Curl_cfilter *cf,
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
X509 *issuer = NULL;
BIO *fp = NULL;
char err_buf[256]="";
char err_buf[256] = "";
bool verify_enabled = (conn_config->verifypeer || conn_config->verifyhost);
CURLcode result = CURLE_OK;
@ -4671,12 +4642,12 @@ static CURLcode ossl_infof_cert(struct Curl_cfilter *cf,
infof(data, " subject: %s", result ? "[NONE]" : curlx_dyn_ptr(&dname));
ASN1_TIME_print(mem, X509_get0_notBefore(server_cert));
len = BIO_get_mem_data(mem, (char **) &buf);
len = BIO_get_mem_data(mem, (char **)&buf);
infof(data, " start date: %.*s", (int)len, buf);
(void)BIO_reset(mem);
ASN1_TIME_print(mem, X509_get0_notAfter(server_cert));
len = BIO_get_mem_data(mem, (char **) &buf);
len = BIO_get_mem_data(mem, (char **)&buf);
infof(data, " expire date: %.*s", (int)len, buf);
(void)BIO_reset(mem);
@ -5118,8 +5089,7 @@ static CURLcode ossl_send(struct Curl_cfilter *cf,
result = CURLE_AGAIN;
octx->blocked_ssl_write_len = memlen;
goto out;
case SSL_ERROR_SYSCALL:
{
case SSL_ERROR_SYSCALL: {
int sockerr = SOCKERRNO;
if(octx->io_result == CURLE_AGAIN) {

3
lib/vtls/openssl.h
View file

@ -150,8 +150,7 @@ CURLcode Curl_ossl_check_peer_cert(struct Curl_cfilter *cf,
struct ssl_peer *peer);
/* Report properties of a successful handshake */
void Curl_ossl_report_handshake(struct Curl_easy *data,
struct ossl_ctx *octx);
void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx);
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */

176
lib/vtls/rustls.c
View file

@ -42,8 +42,7 @@
#include "cipher_suite.h"
#include "x509asn1.h"
struct rustls_ssl_backend_data
{
struct rustls_ssl_backend_data {
const struct rustls_client_config *config;
struct rustls_connection *conn;
size_t plain_out_buffered;
@ -58,17 +57,17 @@ static CURLcode map_error(const rustls_result r)
return CURLE_PEER_FAILED_VERIFICATION;
}
switch(r) {
case RUSTLS_RESULT_OK:
return CURLE_OK;
case RUSTLS_RESULT_NULL_PARAMETER:
return CURLE_BAD_FUNCTION_ARGUMENT;
default:
return CURLE_RECV_ERROR;
case RUSTLS_RESULT_OK:
return CURLE_OK;
case RUSTLS_RESULT_NULL_PARAMETER:
return CURLE_BAD_FUNCTION_ARGUMENT;
default:
return CURLE_RECV_ERROR;
}
}
static void
rustls_failf(struct Curl_easy *data, const rustls_result rr, const char *msg)
static void rustls_failf(struct Curl_easy *data, const rustls_result rr,
const char *msg)
{
char errorbuf[STRERROR_LEN];
size_t errorlen;
@ -76,8 +75,8 @@ rustls_failf(struct Curl_easy *data, const rustls_result rr, const char *msg)
failf(data, "%s: %.*s", msg, (int)errorlen, errorbuf);
}
static bool
cr_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data)
static bool cr_data_pending(struct Curl_cfilter *cf,
const struct Curl_easy *data)
{
const struct ssl_connect_data *ctx = cf->ctx;
struct rustls_ssl_backend_data *backend;
@ -93,11 +92,11 @@ struct io_ctx {
struct Curl_easy *data;
};
static int
read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n)
static int read_cb(void *userdata, uint8_t *buf, uintptr_t len,
uintptr_t *out_n)
{
const struct io_ctx *io_ctx = userdata;
struct ssl_connect_data *const connssl = io_ctx->cf->ctx;
struct ssl_connect_data * const connssl = io_ctx->cf->ctx;
CURLcode result;
int ret = 0;
size_t nread;
@ -120,8 +119,8 @@ read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n)
return ret;
}
static int
write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n)
static int write_cb(void *userdata, const uint8_t *buf, uintptr_t len,
uintptr_t *out_n)
{
const struct io_ctx *io_ctx = userdata;
CURLcode result;
@ -146,8 +145,8 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n)
static ssize_t tls_recv_more(struct Curl_cfilter *cf,
struct Curl_easy *data, CURLcode *err)
{
const struct ssl_connect_data *const connssl = cf->ctx;
struct rustls_ssl_backend_data *const backend =
const struct ssl_connect_data * const connssl = cf->ctx;
struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct io_ctx io_ctx;
size_t tls_bytes_read = 0;
@ -186,12 +185,11 @@ static ssize_t tls_recv_more(struct Curl_cfilter *cf,
* Filter receive method implementation. `plainbuf` and `plainlen`
* are always not NULL/0.
*/
static CURLcode
cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
char *plainbuf, size_t plainlen, size_t *pnread)
static CURLcode cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
char *plainbuf, size_t plainlen, size_t *pnread)
{
const struct ssl_connect_data *const connssl = cf->ctx;
struct rustls_ssl_backend_data *const backend =
const struct ssl_connect_data * const connssl = cf->ctx;
struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct rustls_connection *rconn = NULL;
CURLcode result = CURLE_OK;
@ -300,12 +298,12 @@ static CURLcode cr_flush_out(struct Curl_cfilter *cf, struct Curl_easy *data,
* In that case, it will not read anything into Rustls' plaintext input buffer.
* It will only drain Rustls' plaintext output buffer into the socket.
*/
static CURLcode
cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
const void *plainbuf, size_t plainlen, size_t *pnwritten)
static CURLcode cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
const void *plainbuf, size_t plainlen,
size_t *pnwritten)
{
const struct ssl_connect_data *const connssl = cf->ctx;
struct rustls_ssl_backend_data *const backend =
const struct ssl_connect_data * const connssl = cf->ctx;
struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct rustls_connection *rconn = NULL;
size_t plainwritten = 0;
@ -379,18 +377,15 @@ out:
/* A server certificate verify callback for Rustls that always returns
RUSTLS_RESULT_OK, or in other words disable certificate verification. */
static uint32_t
cr_verify_none(void *userdata,
const rustls_verify_server_cert_params *params)
static uint32_t cr_verify_none(void *userdata,
const rustls_verify_server_cert_params *params)
{
(void)userdata;
(void)params;
return RUSTLS_RESULT_OK;
}
static int
read_file_into(const char *filename,
struct dynbuf *out)
static int read_file_into(const char *filename, struct dynbuf *out)
{
FILE *f = curlx_fopen(filename, FOPEN_READTEXT);
if(!f) {
@ -464,16 +459,17 @@ add_ciphers:
if(!id) {
if(ptr[0] != '\0')
infof(data, "rustls: unknown cipher in list: \"%.*s\"",
(int) (end - ptr), ptr);
(int)(end - ptr), ptr);
continue;
}
/* No duplicates allowed (so selected cannot overflow) */
for(i = 0; i < count && selected[i] != entry; i++);
for(i = 0; i < count && selected[i] != entry; i++)
;
if(i < count) {
if(i >= default13_count)
infof(data, "rustls: duplicate cipher in list: \"%.*s\"",
(int) (end - ptr), ptr);
(int)(end - ptr), ptr);
continue;
}
@ -494,7 +490,8 @@ add_ciphers:
continue;
/* No duplicates allowed (so selected cannot overflow) */
for(i = 0; i < count && selected[i] != entry; i++);
for(i = 0; i < count && selected[i] != entry; i++)
;
if(i < count)
continue;
@ -505,10 +502,10 @@ add_ciphers:
*selected_size = count;
}
static void
cr_keylog_log_cb(struct rustls_str label,
const uint8_t *client_random, size_t client_random_len,
const uint8_t *secret, size_t secret_len)
static void cr_keylog_log_cb(struct rustls_str label,
const uint8_t *client_random,
size_t client_random_len, const uint8_t *secret,
size_t secret_len)
{
char clabel[KEYLOG_LABEL_MAXLEN];
(void)client_random_len;
@ -528,12 +525,11 @@ init_config_builder(struct Curl_easy *data,
const struct rustls_crypto_provider *custom_provider = NULL;
uint16_t tls_versions[2] = {
RUSTLS_TLS_VERSION_TLSV1_2,
RUSTLS_TLS_VERSION_TLSV1_3,
RUSTLS_TLS_VERSION_TLSV1_2,
RUSTLS_TLS_VERSION_TLSV1_3,
};
size_t tls_versions_len = 2;
size_t cipher_suites_len =
rustls_default_crypto_provider_ciphersuites_len();
size_t cipher_suites_len = rustls_default_crypto_provider_ciphersuites_len();
CURLcode result = CURLE_OK;
rustls_result rr;
@ -602,7 +598,7 @@ init_config_builder(struct Curl_easy *data,
&custom_provider_builder);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr,
"failed to create crypto provider builder from default");
"failed to create crypto provider builder from default");
result = CURLE_SSL_CIPHER;
goto cleanup;
}
@ -614,13 +610,13 @@ init_config_builder(struct Curl_easy *data,
cipher_suites_len);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr,
"failed to set ciphersuites for crypto provider builder");
"failed to set ciphersuites for crypto provider builder");
result = CURLE_SSL_CIPHER;
goto cleanup;
}
rr = rustls_crypto_provider_builder_build(
custom_provider_builder, &custom_provider);
rr = rustls_crypto_provider_builder_build(custom_provider_builder,
&custom_provider);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to build custom crypto provider");
result = CURLE_SSL_CIPHER;
@ -628,9 +624,9 @@ init_config_builder(struct Curl_easy *data,
}
rr = rustls_client_config_builder_new_custom(custom_provider,
tls_versions,
tls_versions_len,
config_builder);
tls_versions,
tls_versions_len,
config_builder);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to create client config builder");
result = CURLE_SSL_CIPHER;
@ -669,8 +665,7 @@ init_config_builder_alpn(struct Curl_easy *data,
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
}
static CURLcode
init_config_builder_verifier_crl(
static CURLcode init_config_builder_verifier_crl(
struct Curl_easy *data,
const struct ssl_primary_config *conn_config,
struct rustls_web_pki_server_cert_verifier_builder *builder)
@ -723,7 +718,6 @@ init_config_builder_verifier(struct Curl_easy *data,
1);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to parse trusted certificates from blob");
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
@ -734,7 +728,6 @@ init_config_builder_verifier(struct Curl_easy *data,
1);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to load trusted certificates");
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
@ -755,8 +748,8 @@ init_config_builder_verifier(struct Curl_easy *data,
if(conn_config->CRLfile) {
result = init_config_builder_verifier_crl(data,
conn_config,
verifier_builder);
conn_config,
verifier_builder);
if(result) {
goto cleanup;
}
@ -789,8 +782,7 @@ cleanup:
return result;
}
static CURLcode
init_config_builder_platform_verifier(
static CURLcode init_config_builder_platform_verifier(
struct Curl_easy *data,
struct rustls_client_config_builder *builder)
{
@ -890,10 +882,8 @@ init_config_builder_client_auth(struct Curl_easy *data,
rr = rustls_certified_key_keys_match(certified_key);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data,
rr,
rustls_failf(data, rr,
"rustls: client certificate and keypair files do not match:");
result = CURLE_SSL_CERTPROBLEM;
goto cleanup;
}
@ -1011,9 +1001,9 @@ cleanup:
}
#endif /* USE_ECH */
static CURLcode
cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
struct rustls_ssl_backend_data *const backend)
static CURLcode cr_init_backend(struct Curl_cfilter *cf,
struct Curl_easy *data,
struct rustls_ssl_backend_data * const backend)
{
const struct ssl_connect_data *connssl = cf->ctx;
const struct ssl_primary_config *conn_config =
@ -1091,9 +1081,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
return result;
}
rr = rustls_client_config_builder_build(
config_builder,
&backend->config);
rr = rustls_client_config_builder_build(config_builder, &backend->config);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to build client config");
return CURLE_SSL_CONNECT_ERROR;
@ -1116,11 +1104,11 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
return result;
}
static void
cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data,
const struct rustls_connection *rconn)
static void cr_set_negotiated_alpn(struct Curl_cfilter *cf,
struct Curl_easy *data,
const struct rustls_connection *rconn)
{
struct ssl_connect_data *const connssl = cf->ctx;
struct ssl_connect_data * const connssl = cf->ctx;
const uint8_t *protocol = NULL;
size_t len = 0;
@ -1133,12 +1121,11 @@ cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data,
* This function will set `*done` to true once the handshake is complete.
* This function never reads the value of `*done*`.
*/
static CURLcode
cr_connect(struct Curl_cfilter *cf,
struct Curl_easy *data, bool *done)
static CURLcode cr_connect(struct Curl_cfilter *cf, struct Curl_easy *data,
bool *done)
{
struct ssl_connect_data *const connssl = cf->ctx;
const struct rustls_ssl_backend_data *const backend =
struct ssl_connect_data * const connssl = cf->ctx;
const struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
const struct rustls_connection *rconn = NULL;
CURLcode tmperr = CURLE_OK;
@ -1165,9 +1152,9 @@ cr_connect(struct Curl_cfilter *cf,
/* Read/write data until the handshake is done or the socket would block. */
for(;;) {
/*
* Connection has been established according to Rustls. Set send/recv
* handlers, and update the state machine.
*/
* Connection has been established according to Rustls. Set send/recv
* handlers, and update the state machine.
*/
connssl->io_need = CURL_SSL_IO_NEED_NONE;
if(!rustls_connection_is_handshaking(rconn)) {
/* Rustls claims it is no longer handshaking *before* it has
@ -1186,8 +1173,7 @@ cr_connect(struct Curl_cfilter *cf,
}
/* REALLY Done with the handshake. */
{
const uint16_t proto =
rustls_connection_get_protocol_version(rconn);
const uint16_t proto = rustls_connection_get_protocol_version(rconn);
const rustls_str ciphersuite_name =
rustls_connection_get_negotiated_ciphersuite_name(rconn);
const rustls_str kex_group_name =
@ -1297,9 +1283,7 @@ cr_connect(struct Curl_cfilter *cf,
DEBUGASSERT(FALSE);
}
static void *
cr_get_internals(struct ssl_connect_data *connssl,
CURLINFO info)
static void *cr_get_internals(struct ssl_connect_data *connssl, CURLINFO info)
{
struct rustls_ssl_backend_data *backend =
(struct rustls_ssl_backend_data *)connssl->backend;
@ -1308,10 +1292,8 @@ cr_get_internals(struct ssl_connect_data *connssl,
return backend->conn;
}
static CURLcode
cr_shutdown(struct Curl_cfilter *cf,
struct Curl_easy *data,
const bool send_shutdown, bool *done)
static CURLcode cr_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data,
const bool send_shutdown, bool *done)
{
struct ssl_connect_data *connssl = cf->ctx;
struct rustls_ssl_backend_data *backend =
@ -1373,8 +1355,7 @@ out:
return result;
}
static void
cr_close(struct Curl_cfilter *cf, struct Curl_easy *data)
static void cr_close(struct Curl_cfilter *cf, struct Curl_easy *data)
{
const struct ssl_connect_data *connssl = cf->ctx;
struct rustls_ssl_backend_data *backend =
@ -1398,13 +1379,12 @@ static size_t cr_version(char *buffer, size_t size)
return curl_msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data);
}
static CURLcode
cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length)
static CURLcode cr_random(struct Curl_easy *data, unsigned char *entropy,
size_t length)
{
rustls_result rresult = 0;
(void)data;
rresult =
rustls_default_crypto_provider_random(entropy, length);
rresult = rustls_default_crypto_provider_random(entropy, length);
return map_error(rresult);
}

160
lib/vtls/schannel.c
View file

@ -34,7 +34,7 @@
#ifdef USE_SCHANNEL
#ifndef USE_WINDOWS_SSPI
# error "cannot compile SCHANNEL support without SSPI."
#error "cannot compile SCHANNEL support without SSPI."
#endif
#include "schannel.h"
@ -67,7 +67,7 @@
*/
#ifdef CURL_SCHANNEL_DEV_DEBUG
#define SCH_DEV(x) x
#define SCH_DEV_SHOWBOOL(x) \
#define SCH_DEV_SHOWBOOL(x) \
infof(data, "schannel: " #x " %s", (x) ? "TRUE" : "FALSE");
#else
#define SCH_DEV(x) do { } while(0)
@ -159,10 +159,9 @@ static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr,
desc->cBuffers = NumArrElem;
}
static CURLcode
schannel_set_ssl_version_min_max(DWORD *enabled_protocols,
struct Curl_cfilter *cf,
struct Curl_easy *data)
static CURLcode schannel_set_ssl_version_min_max(DWORD *enabled_protocols,
struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
long ssl_version = conn_config->version;
@ -222,7 +221,7 @@ struct algo {
int id;
};
static const struct algo algs[]= {
static const struct algo algs[] = {
CIPHEROPTION(CALG_MD2),
CIPHEROPTION(CALG_MD4),
CIPHEROPTION(CALG_MD5),
@ -330,8 +329,7 @@ static const struct algo algs[]= {
{NULL, 0},
};
static int
get_alg_id_by_name(const char *name)
static int get_alg_id_by_name(const char *name)
{
const char *nameEnd = strchr(name, ':');
size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
@ -346,9 +344,8 @@ get_alg_id_by_name(const char *name)
#define NUM_CIPHERS 47 /* There are 47 options listed above */
static CURLcode
set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
ALG_ID *algIds)
static CURLcode set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
ALG_ID *algIds)
{
const char *startCur = ciphers;
int algCount = 0;
@ -376,9 +373,8 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
}
/* Function allocates memory for store_path only if CURLE_OK is returned */
static CURLcode
get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
TCHAR **thumbprint)
static CURLcode get_cert_location(TCHAR *path, DWORD *store_name,
TCHAR **store_path, TCHAR **thumbprint)
{
TCHAR *sep;
TCHAR *store_path_start;
@ -400,14 +396,11 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
*store_name = CERT_SYSTEM_STORE_SERVICES;
else if(_tcsncmp(path, TEXT("Users"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_USERS;
else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"),
store_name_len) == 0)
else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"),
store_name_len) == 0)
else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"),
store_name_len) == 0)
else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE;
else
return CURLE_SSL_CERTPROBLEM;
@ -431,9 +424,8 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
return CURLE_OK;
}
static CURLcode
schannel_acquire_credential_handle(struct Curl_cfilter *cf,
struct Curl_easy *data)
static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
@ -461,37 +453,36 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
if(ssl_config->no_revoke) {
flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
DEBUGF(infof(data, "schannel: disabled server certificate revocation "
"checks"));
"checks"));
}
else if(ssl_config->revoke_best_effort) {
flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_REVOCATION_CHECK_CHAIN;
SCH_CRED_IGNORE_REVOCATION_OFFLINE |
SCH_CRED_REVOCATION_CHECK_CHAIN;
DEBUGF(infof(data, "schannel: ignore revocation offline errors"));
}
else {
flags |= SCH_CRED_REVOCATION_CHECK_CHAIN;
DEBUGF(infof(data,
"schannel: checking server certificate revocation"));
DEBUGF(infof(data, "schannel: checking server certificate revocation"));
}
}
else {
flags = SCH_CRED_MANUAL_CRED_VALIDATION |
SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
DEBUGF(infof(data,
"schannel: disabled server cert revocation checks"));
SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
DEBUGF(infof(data, "schannel: disabled server cert revocation checks"));
}
if(!conn_config->verifyhost) {
flags |= SCH_CRED_NO_SERVERNAME_CHECK;
DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from "
"comparing the supplied target name with the subject "
"names in server certificates."));
"comparing the supplied target name with the subject "
"names in server certificates."));
}
if(!ssl_config->auto_client_cert) {
@ -508,8 +499,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
{
case CURL_SSLVERSION_TLSv1_3: {
result = schannel_set_ssl_version_min_max(&enabled_protocols, cf, data);
if(result)
return result;
@ -550,7 +540,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
result = get_cert_location(cert_path, &cert_store_name,
&cert_store_path, &cert_thumbprint_str);
if(result && (data->set.ssl.primary.clientcert[0]!='\0'))
if(result && (data->set.ssl.primary.clientcert[0] != '\0'))
fInCert = curlx_fopen(data->set.ssl.primary.clientcert, "rb");
if(result && !fInCert) {
@ -579,7 +569,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
https://learn.microsoft.com/archive/msdn-technet-forums/3e7bc95f-b21a-4bcd-bd2c-7f996718cae5
*/
CRYPT_DATA_BLOB datablob;
WCHAR* pszPassword;
WCHAR *pszPassword;
size_t pwd_len = 0;
int str_w_len = 0;
int cert_find_flags;
@ -613,12 +603,12 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
}
/* Convert key-pair data to the in-memory certificate store */
datablob.pbData = (BYTE*)certdata;
datablob.pbData = (BYTE *)certdata;
datablob.cbData = (DWORD)certsize;
if(data->set.ssl.key_passwd)
pwd_len = strlen(data->set.ssl.key_passwd);
pszPassword = (WCHAR*)curlx_malloc(sizeof(WCHAR)*(pwd_len + 1));
pszPassword = (WCHAR *)curlx_malloc(sizeof(WCHAR) * (pwd_len + 1));
if(pszPassword) {
if(pwd_len > 0)
str_w_len = MultiByteToWideChar(CP_UTF8,
@ -854,8 +844,8 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
return CURLE_OK;
}
static CURLcode
schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode schannel_connect_step1(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
size_t written = 0;
struct ssl_connect_data *connssl = cf->ctx;
@ -874,8 +864,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
CURLcode result;
DEBUGASSERT(backend);
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %d (step 1/3)",
DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 1/3)",
connssl->peer.hostname, connssl->peer.port));
if(curlx_verify_windows_version(5, 1, 0, PLATFORM_WINNT,
@ -899,7 +888,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
}
else {
failf(data, "schannel: this version of Windows is too old to support "
"certificate verification via CA bundle file.");
"certificate verification via CA bundle file.");
return CURLE_SSL_CACERT_BADFILE;
}
}
@ -952,7 +941,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
int cur = 0;
int list_start_index = 0;
unsigned int *extension_len = NULL;
unsigned short* list_len = NULL;
unsigned short *list_len = NULL;
struct alpn_proto_buf proto;
/* The first four bytes will be an unsigned int indicating number
@ -968,7 +957,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
/* The next two bytes will be an unsigned short indicating the number
of bytes used to list the preferred protocols. */
list_len = (unsigned short*)(void *)(&alpn_buffer[cur]);
list_len = (unsigned short *)(void *)(&alpn_buffer[cur]);
cur += (int)sizeof(unsigned short);
list_start_index = cur;
@ -1006,8 +995,8 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
/* security request flags */
backend->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_STREAM;
ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_STREAM;
if(!ssl_config->auto_client_cert) {
backend->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
@ -1131,8 +1120,8 @@ static CURLcode schannel_error(struct Curl_easy *data,
}
}
static CURLcode
schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode schannel_connect_step2(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct schannel_ssl_backend_data *backend =
@ -1155,8 +1144,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? FALSE : TRUE;
connssl->io_need = CURL_SSL_IO_NEED_NONE;
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %d (step 2/3)",
DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 2/3)",
connssl->peer.hostname, connssl->peer.port));
if(!backend->cred || !backend->ctxt)
@ -1361,7 +1349,8 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
if(backend->encdata_offset > inbuf[1].cbBuffer) {
memmove(backend->encdata_buffer,
(backend->encdata_buffer + backend->encdata_offset) -
inbuf[1].cbBuffer, inbuf[1].cbBuffer);
inbuf[1].cbBuffer,
inbuf[1].cbBuffer);
backend->encdata_offset = inbuf[1].cbBuffer;
if(sspi_status == SEC_I_CONTINUE_NEEDED) {
doread = FALSE;
@ -1415,8 +1404,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
return CURLE_OK;
}
static bool
valid_cert_encoding(const CERT_CONTEXT *cert_context)
static bool valid_cert_encoding(const CERT_CONTEXT *cert_context)
{
return (cert_context != NULL) &&
((cert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) &&
@ -1424,12 +1412,11 @@ valid_cert_encoding(const CERT_CONTEXT *cert_context)
(cert_context->cbCertEncoded > 0);
}
typedef bool(*Read_crt_func)(const CERT_CONTEXT *ccert_context,
bool reverse_order, void *arg);
typedef bool (*Read_crt_func)(const CERT_CONTEXT *ccert_context,
bool reverse_order, void *arg);
static void
traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func,
void *arg)
static void traverse_cert_store(const CERT_CONTEXT *context,
Read_crt_func func, void *arg)
{
const CERT_CONTEXT *current_context = NULL;
bool should_continue = TRUE;
@ -1454,9 +1441,8 @@ traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func,
CertFreeCertificateContext(current_context);
}
static bool
cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order,
void *certs_count)
static bool cert_counter_callback(const CERT_CONTEXT *ccert_context,
bool reverse_order, void *certs_count)
{
(void)reverse_order;
if(valid_cert_encoding(ccert_context))
@ -1466,22 +1452,20 @@ cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order,
return TRUE;
}
struct Adder_args
{
struct Adder_args {
struct Curl_easy *data;
CURLcode result;
int idx;
int certs_count;
};
static bool
add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, bool reverse_order,
void *raw_arg)
static bool add_cert_to_certinfo(const CERT_CONTEXT *ccert_context,
bool reverse_order, void *raw_arg)
{
struct Adder_args *args = (struct Adder_args*)raw_arg;
struct Adder_args *args = (struct Adder_args *)raw_arg;
args->result = CURLE_OK;
if(valid_cert_encoding(ccert_context)) {
const char *beg = (const char *) ccert_context->pbCertEncoded;
const char *beg = (const char *)ccert_context->pbCertEncoded;
const char *end = beg + ccert_context->cbCertEncoded;
int insert_index = reverse_order ? (args->certs_count - 1) - args->idx :
args->idx;
@ -1511,8 +1495,8 @@ static void schannel_session_free(void *sessionid)
}
}
static CURLcode
schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode schannel_connect_step3(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct schannel_ssl_backend_data *backend =
@ -1527,8 +1511,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
DEBUGASSERT(backend);
DEBUGF(infof(data,
"schannel: SSL/TLS connection with %s port %d (step 3/3)",
DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 3/3)",
connssl->peer.hostname, connssl->peer.port));
if(!backend->cred)
@ -1886,9 +1869,8 @@ schannel_recv_renegotiate(struct Curl_cfilter *cf, struct Curl_easy *data,
return result;
}
static CURLcode
schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
const void *buf, size_t len, size_t *pnwritten)
static CURLcode schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
const void *buf, size_t len, size_t *pnwritten)
{
size_t data_len = 0;
unsigned char *ptr = NULL;
@ -2018,7 +2000,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
result = CURLE_OUT_OF_MEMORY;
}
else{
else {
result = CURLE_SEND_ERROR;
}
@ -2032,9 +2014,8 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
return result;
}
static CURLcode
schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
char *buf, size_t len, size_t *pnread)
static CURLcode schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
char *buf, size_t len, size_t *pnread)
{
size_t size = 0;
size_t nread = 0;
@ -2170,7 +2151,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
/* https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-decryptmessage
*/
sspi_status = Curl_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle,
&inbuf_desc, 0, NULL);
&inbuf_desc, 0, NULL);
/* check if everything went fine (server may want to renegotiate
or shutdown the connection context) */
@ -2231,7 +2212,8 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
buffer */
memmove(backend->encdata_buffer,
(backend->encdata_buffer + backend->encdata_offset) -
inbuf[3].cbBuffer, inbuf[3].cbBuffer);
inbuf[3].cbBuffer,
inbuf[3].cbBuffer);
backend->encdata_offset = inbuf[3].cbBuffer;
}
@ -2761,7 +2743,7 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf,
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1);
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1);
if(!share || !share->cert_store) {
return NULL;
}
@ -2809,7 +2791,7 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf,
static void schannel_cert_share_free(void *key, size_t key_len, void *p)
{
struct schannel_cert_share *share = p;
DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1));
DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_SCHANNEL_CERT_SHARE_KEY, key, key_len));
(void)key;
(void)key_len;
@ -2839,7 +2821,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1);
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
if(!share) {
@ -2847,7 +2829,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
}
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1,
sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1,
share, schannel_cert_share_free)) {
curlx_free(share);
return FALSE;

9
lib/vtls/schannel.h
View file

@ -69,15 +69,14 @@
* (and only here).
*/
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
# undef X509_NAME
# undef X509_CERT_PAIR
# undef X509_EXTENSIONS
#undef X509_NAME
#undef X509_CERT_PAIR
#undef X509_EXTENSIONS
#endif
extern const struct Curl_ssl Curl_ssl_schannel;
CURLcode Curl_verify_host(struct Curl_cfilter *cf,
struct Curl_easy *data);
CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data);
CURLcode Curl_verify_certificate(struct Curl_cfilter *cf,
struct Curl_easy *data);

51
lib/vtls/schannel_verify.c
View file

@ -33,7 +33,7 @@
#ifdef USE_SCHANNEL
#ifndef USE_WINDOWS_SSPI
# error "cannot compile SCHANNEL support without SSPI."
#error "cannot compile SCHANNEL support without SSPI."
#endif
#include "schannel.h"
@ -157,8 +157,8 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
const CERT_CONTEXT *cert_context = NULL;
BOOL add_cert_result = FALSE;
DWORD actual_content_type = 0;
DWORD cert_size = (DWORD)
((end_cert_ptr + end_cert_len) - begin_cert_ptr);
DWORD cert_size =
(DWORD)((end_cert_ptr + end_cert_len) - begin_cert_ptr);
cert_blob.pbData = (BYTE *)CURL_UNCONST(begin_cert_ptr);
cert_blob.cbData = cert_size;
@ -238,13 +238,11 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
if(result == CURLE_OK) {
if(!num_certs) {
infof(data,
"schannel: did not add any certificates from CA file '%s'",
infof(data, "schannel: did not add any certificates from CA file '%s'",
ca_file_text);
}
else {
infof(data,
"schannel: added %d certificate(s) from CA file '%s'",
infof(data, "schannel: added %d certificate(s) from CA file '%s'",
num_certs, ca_file_text);
}
}
@ -266,9 +264,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
ca_file_tstr = curlx_convert_UTF8_to_tchar(ca_file);
if(!ca_file_tstr) {
char buffer[WINAPI_ERROR_LEN];
failf(data,
"schannel: invalid path name for CA file '%s': %s",
ca_file,
failf(data, "schannel: invalid path name for CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
@ -288,9 +284,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
NULL);
if(ca_file_handle == INVALID_HANDLE_VALUE) {
char buffer[WINAPI_ERROR_LEN];
failf(data,
"schannel: failed to open CA file '%s': %s",
ca_file,
failf(data, "schannel: failed to open CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
@ -298,8 +292,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
if(!GetFileSizeEx(ca_file_handle, &file_size)) {
char buffer[WINAPI_ERROR_LEN];
failf(data,
"schannel: failed to determine size of CA file '%s': %s",
failf(data, "schannel: failed to determine size of CA file '%s': %s",
ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
@ -307,8 +300,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
}
if(file_size.QuadPart > MAX_CAFILE_SIZE) {
failf(data,
"schannel: CA file exceeds max size of %u bytes",
failf(data, "schannel: CA file exceeds max size of %u bytes",
MAX_CAFILE_SIZE);
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
@ -328,9 +320,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store,
if(!ReadFile(ca_file_handle, ca_file_buffer + total_bytes_read,
bytes_to_read, &bytes_read, NULL)) {
char buffer[WINAPI_ERROR_LEN];
failf(data,
"schannel: failed to read from CA file '%s': %s",
ca_file,
failf(data, "schannel: failed to read from CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
@ -455,12 +445,11 @@ static DWORD cert_get_name_string(struct Curl_easy *data,
}
/*
* Returns TRUE if the hostname is a numeric IPv4/IPv6 Address,
* and populates the buffer with IPv4/IPv6 info.
*/
* Returns TRUE if the hostname is a numeric IPv4/IPv6 Address,
* and populates the buffer with IPv4/IPv6 info.
*/
static bool get_num_host_info(struct num_ip_data *ip_blob,
LPCSTR hostname)
static bool get_num_host_info(struct num_ip_data *ip_blob, LPCSTR hostname)
{
struct in_addr ia;
struct in6_addr ia6;
@ -520,9 +509,8 @@ static bool get_alt_name_info(struct Curl_easy *data,
&decode_para,
alt_name_info,
alt_name_info_size)) {
failf(data,
"schannel: CryptDecodeObjectEx() returned no alternate name "
"information.");
failf(data, "schannel: CryptDecodeObjectEx() returned no alternate name "
"information.");
return result;
}
result = TRUE;
@ -530,8 +518,7 @@ static bool get_alt_name_info(struct Curl_easy *data,
}
/* Verify the server's hostname */
CURLcode Curl_verify_host(struct Curl_cfilter *cf,
struct Curl_easy *data)
CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data)
{
CURLcode result = CURLE_PEER_FAILED_VERIFICATION;
struct ssl_connect_data *connssl = cf->ctx;
@ -545,7 +532,7 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf,
DWORD actual_len = 0;
PCERT_ALT_NAME_INFO alt_name_info = NULL;
DWORD alt_name_info_size = 0;
struct num_ip_data ip_blob = { 0 };
struct num_ip_data ip_blob = {0};
bool Win8_compat;
struct num_ip_data *p = &ip_blob;
DWORD i;
@ -840,7 +827,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf,
* list URL, or when the list could not be downloaded because the
* server is currently unreachable. */
dwTrustErrorMask &= ~(DWORD)(CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
CERT_TRUST_IS_OFFLINE_REVOCATION);
CERT_TRUST_IS_OFFLINE_REVOCATION);
}
if(dwTrustErrorMask) {

53
lib/vtls/vtls.c
View file

@ -93,14 +93,13 @@
dest->var = NULL; \
} while(0)
#define CLONE_BLOB(var) \
do { \
if(blobdup(&dest->var, source->var)) \
return FALSE; \
#define CLONE_BLOB(var) \
do { \
if(blobdup(&dest->var, source->var)) \
return FALSE; \
} while(0)
static CURLcode blobdup(struct curl_blob **dest,
struct curl_blob *src)
static CURLcode blobdup(struct curl_blob **dest, struct curl_blob *src)
{
DEBUGASSERT(dest);
DEBUGASSERT(!*dest);
@ -149,8 +148,8 @@ static const struct alpn_spec ALPN_SPEC_H2_H11 = {
#endif
#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_PROXY)
static const struct alpn_spec *
alpn_get_spec(http_majors allowed, bool use_alpn)
static const struct alpn_spec *alpn_get_spec(http_majors allowed,
bool use_alpn)
{
if(!use_alpn)
return NULL;
@ -170,7 +169,6 @@ alpn_get_spec(http_majors allowed, bool use_alpn)
#endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_PROXY */
#endif /* USE_SSL */
void Curl_ssl_easy_config_init(struct Curl_easy *data)
{
/*
@ -185,10 +183,9 @@ void Curl_ssl_easy_config_init(struct Curl_easy *data)
#endif
}
static bool
match_ssl_primary_config(struct Curl_easy *data,
struct ssl_primary_config *c1,
struct ssl_primary_config *c2)
static bool match_ssl_primary_config(struct Curl_easy *data,
struct ssl_primary_config *c1,
struct ssl_primary_config *c2)
{
(void)data;
if((c1->version == c2->version) &&
@ -324,8 +321,7 @@ CURLcode Curl_ssl_easy_config_complete(struct Curl_easy *data)
sslc->primary.cipher_list13 = data->set.str[STRING_SSL_CIPHER13_LIST];
sslc->primary.signature_algorithms =
data->set.str[STRING_SSL_SIGNATURE_ALGORITHMS];
sslc->primary.pinned_key =
data->set.str[STRING_SSL_PINNEDPUBLICKEY];
sslc->primary.pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
sslc->primary.cert_blob = data->set.blobs[BLOB_CERT];
sslc->primary.ca_info_blob = data->set.blobs[BLOB_CAINFO];
sslc->primary.curves = data->set.str[STRING_SSL_EC_CURVES];
@ -538,9 +534,9 @@ void Curl_ssl_close_all(struct Curl_easy *data)
Curl_ssl->close_all(data);
}
CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf,
struct Curl_easy *data,
struct easy_pollset *ps)
CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf,
struct Curl_easy *data,
struct easy_pollset *ps)
{
struct ssl_connect_data *connssl = cf->ctx;
@ -628,7 +624,7 @@ CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num)
Curl_ssl_free_certinfo(data);
/* Allocate the required certificate information structures */
table = curlx_calloc((size_t) num, sizeof(struct curl_slist *));
table = curlx_calloc((size_t)num, sizeof(struct curl_slist *));
if(!table)
return CURLE_OUT_OF_MEMORY;
@ -661,8 +657,7 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data,
curlx_dyn_addn(&build, value, valuelen))
return CURLE_OUT_OF_MEMORY;
nl = Curl_slist_append_nodup(ci->certinfo[certnum],
curlx_dyn_ptr(&build));
nl = Curl_slist_append_nodup(ci->certinfo[certnum], curlx_dyn_ptr(&build));
if(!nl) {
curlx_dyn_free(&build);
curl_slist_free_all(ci->certinfo[certnum]);
@ -798,8 +793,8 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
pinned_hash = pinnedpubkey;
while(pinned_hash &&
!strncmp(pinned_hash, "sha256//", (sizeof("sha256//")-1))) {
pinned_hash = pinned_hash + (sizeof("sha256//")-1);
!strncmp(pinned_hash, "sha256//", (sizeof("sha256//") - 1))) {
pinned_hash = pinned_hash + (sizeof("sha256//") - 1);
end_pos = strchr(pinned_hash, ';');
pinned_hash_len = end_pos ?
(size_t)(end_pos - pinned_hash) : strlen(pinned_hash);
@ -845,7 +840,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
* if the size of our certificate is bigger than the file
* size then it cannot match
*/
size = curlx_sotouz((curl_off_t) filesize);
size = curlx_sotouz((curl_off_t)filesize);
if(pubkeylen > size)
goto end;
@ -1277,7 +1272,7 @@ CURLcode Curl_ssl_peer_init(struct ssl_peer *peer,
/* not an IP address, normalize according to RCC 6066 ch. 3,
* max len of SNI is 2^16-1, no trailing dot */
size_t len = strlen(peer->hostname);
if(len && (peer->hostname[len-1] == '.'))
if(len && (peer->hostname[len - 1] == '.'))
len--;
if(len < USHRT_MAX) {
peer->sni = curlx_calloc(1, len + 1);
@ -1563,7 +1558,7 @@ static CURLcode ssl_cf_shutdown(struct Curl_cfilter *cf,
*done = TRUE;
/* If we have done the SSL handshake, shut down the connection cleanly */
if(cf->connected && (connssl->state == ssl_connection_complete) &&
!cf->shutdown && Curl_ssl->shut_down) {
!cf->shutdown && Curl_ssl->shut_down) {
struct cf_call_data save;
CF_DATA_SAVE(save, cf, data);
@ -1781,7 +1776,7 @@ static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf,
#ifdef USE_HTTP2
if(conn->http_proxy.proxytype == CURLPROXY_HTTPS2) {
use_alpn = TRUE;
allowed = (CURL_HTTP_V1x|CURL_HTTP_V2x);
allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x);
}
#endif
@ -1847,7 +1842,7 @@ static CURLcode vtls_shutdown_blocking(struct Curl_cfilter *cf,
}
result = connssl->ssl_impl->shut_down(cf, data, send_shutdown, done);
if(result ||*done)
if(result || *done)
goto out;
if(connssl->io_need) {
@ -2042,7 +2037,7 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
if(proto && proto_len) {
if(memchr(proto, '\0', proto_len)) {
failf(data, "ALPN: server selected protocol contains NUL. "
"Refusing to continue.");
"Refusing to continue.");
result = CURLE_SSL_CONNECT_ERROR;
goto out;
}

12
lib/vtls/vtls.h
View file

@ -253,16 +253,16 @@ extern struct Curl_cftype Curl_cft_ssl_proxy;
#define Curl_ssl_init() 1
#define Curl_ssl_cleanup() Curl_nop_stmt
#define Curl_ssl_close_all(x) Curl_nop_stmt
#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
#define Curl_ssl_set_engine(x, y) CURLE_NOT_BUILT_IN
#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
#define Curl_ssl_engines_list(x) NULL
#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_random(x, y, z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_cert_status_request() FALSE
#define Curl_ssl_supports(a,b) FALSE
#define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN
#define Curl_ssl_cfilter_remove(a,b,c) CURLE_OK
#define Curl_ssl_cf_get_config(a,b) NULL
#define Curl_ssl_supports(a, b) FALSE
#define Curl_ssl_cfilter_add(a, b, c) CURLE_NOT_BUILT_IN
#define Curl_ssl_cfilter_remove(a, b, c) CURLE_OK
#define Curl_ssl_cf_get_config(a, b) NULL
#define Curl_ssl_cf_get_primary_config(a) NULL
#endif

20
lib/vtls/vtls_int.h
View file

@ -71,8 +71,7 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
const unsigned char *proto,
size_t proto_len);
bool Curl_alpn_contains_proto(const struct alpn_spec *spec,
const char *proto);
bool Curl_alpn_contains_proto(const struct alpn_spec *spec, const char *proto);
/* enum for the nonblocking SSL connection state machine */
typedef enum {
@ -99,11 +98,11 @@ typedef enum {
} ssl_earlydata_state;
#define CURL_SSL_IO_NEED_NONE (0)
#define CURL_SSL_IO_NEED_RECV (1<<0)
#define CURL_SSL_IO_NEED_SEND (1<<1)
#define CURL_SSL_IO_NEED_RECV (1 << 0)
#define CURL_SSL_IO_NEED_SEND (1 << 1)
/* Max earlydata payload we want to send */
#define CURL_SSL_EARLY_MAX (64*1024)
#define CURL_SSL_EARLY_MAX (64 * 1024)
/* Information in each SSL cfilter context: cf->ctx */
struct ssl_connect_data {
@ -130,11 +129,8 @@ struct ssl_connect_data {
BIT(input_pending); /* data for SSL_read() may be available */
};
#undef CF_CTX_CALL_DATA
#define CF_CTX_CALL_DATA(cf) \
((struct ssl_connect_data *)(cf)->ctx)->call_data
#define CF_CTX_CALL_DATA(cf) ((struct ssl_connect_data *)(cf)->ctx)->call_data
/* Definitions for SSL Implementations */
@ -157,8 +153,7 @@ struct Curl_ssl {
/* data_pending() shall return TRUE when it wants to get called again to
drain internal buffers and deliver data instead of waiting for the socket
to get readable */
bool (*data_pending)(struct Curl_cfilter *cf,
const struct Curl_easy *data);
bool (*data_pending)(struct Curl_cfilter *cf, const struct Curl_easy *data);
/* return 0 if a find random is filled in */
CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
@ -181,7 +176,7 @@ struct Curl_ssl {
struct curl_slist *(*engines_list)(struct Curl_easy *data);
CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
unsigned char *sha256sum, size_t sha256sumlen);
unsigned char *sha256sum, size_t sha256sumlen);
CURLcode (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
char *buf, size_t len, size_t *pnread);
CURLcode (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
@ -189,7 +184,6 @@ struct Curl_ssl {
CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex,
struct dynbuf *binding);
};
extern const struct Curl_ssl *Curl_ssl;

54
lib/vtls/vtls_scache.c
View file

@ -106,23 +106,21 @@ static void cf_ssl_scache_session_ldestroy(void *udata, void *obj)
curlx_free(s);
}
CURLcode
Curl_ssl_session_create(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
struct Curl_ssl_session **psession)
CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
struct Curl_ssl_session **psession)
{
return Curl_ssl_session_create2(sdata, sdata_len, ietf_tls_id, alpn,
valid_until, earlydata_max,
NULL, 0, psession);
}
CURLcode
Curl_ssl_session_create2(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
unsigned char *quic_tp, size_t quic_tp_len,
struct Curl_ssl_session **psession)
CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
unsigned char *quic_tp, size_t quic_tp_len,
struct Curl_ssl_session **psession)
{
struct Curl_ssl_session *s;
@ -322,7 +320,7 @@ CURLcode Curl_ssl_scache_create(size_t max_peers,
}
scache->magic = CURL_SCACHE_MAGIC;
scache->default_lifetime_secs = (24*60*60); /* 1 day */
scache->default_lifetime_secs = (24 * 60 * 60); /* 1 day */
scache->peer_count = max_peers;
scache->peers = peers;
scache->age = 1;
@ -507,7 +505,7 @@ CURLcode Curl_ssl_peer_key_make(struct Curl_cfilter *cf,
if(ssl->version || ssl->version_max) {
r = curlx_dyn_addf(&buf, ":TLSVER-%d-%d", ssl->version,
(ssl->version_max >> 16));
(ssl->version_max >> 16));
if(r)
goto out;
}
@ -616,19 +614,18 @@ static bool cf_ssl_scache_match_auth(struct Curl_ssl_scache_peer *peer,
else if(!Curl_safecmp(peer->clientcert, conn_config->clientcert))
return FALSE;
#ifdef USE_TLS_SRP
if(Curl_timestrcmp(peer->srp_username, conn_config->username) ||
Curl_timestrcmp(peer->srp_password, conn_config->password))
return FALSE;
if(Curl_timestrcmp(peer->srp_username, conn_config->username) ||
Curl_timestrcmp(peer->srp_password, conn_config->password))
return FALSE;
#endif
return TRUE;
}
static CURLcode
cf_ssl_find_peer_by_key(struct Curl_easy *data,
struct Curl_ssl_scache *scache,
const char *ssl_peer_key,
struct ssl_primary_config *conn_config,
struct Curl_ssl_scache_peer **ppeer)
static CURLcode cf_ssl_find_peer_by_key(struct Curl_easy *data,
struct Curl_ssl_scache *scache,
const char *ssl_peer_key,
struct ssl_primary_config *conn_config,
struct Curl_ssl_scache_peer **ppeer)
{
size_t i, peer_key_len = 0;
CURLcode result = CURLE_OK;
@ -718,12 +715,11 @@ cf_ssl_get_free_peer(struct Curl_ssl_scache *scache)
return peer;
}
static CURLcode
cf_ssl_add_peer(struct Curl_easy *data,
struct Curl_ssl_scache *scache,
const char *ssl_peer_key,
struct ssl_primary_config *conn_config,
struct Curl_ssl_scache_peer **ppeer)
static CURLcode cf_ssl_add_peer(struct Curl_easy *data,
struct Curl_ssl_scache *scache,
const char *ssl_peer_key,
struct ssl_primary_config *conn_config,
struct Curl_ssl_scache_peer **ppeer)
{
struct Curl_ssl_scache_peer *peer = NULL;
CURLcode result = CURLE_OK;
@ -1000,7 +996,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf,
#ifdef USE_SSLS_EXPORT
#define CURL_SSL_TICKET_MAX (16*1024)
#define CURL_SSL_TICKET_MAX (16 * 1024)
static CURLcode cf_ssl_scache_peer_set_hmac(struct Curl_ssl_scache_peer *peer)
{

26
lib/vtls/vtls_scache.h
View file

@ -37,8 +37,8 @@ struct ssl_peer;
/* RFC 8446 (TLSv1.3) restrict lifetime to one week max, for
* other, less secure versions, we restrict it to a day */
#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60*60*24*7)
#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60*60*24)
#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60 * 60 * 24 * 7)
#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60 * 60 * 24)
/* Create a session cache for up to max_peers endpoints with a total
* of up to max_sessions SSL sessions per peer */
@ -142,22 +142,18 @@ struct Curl_ssl_session {
* in case this is not known.
* @param psession on return the scached session instance created
*/
CURLcode
Curl_ssl_session_create(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until,
size_t earlydata_max,
struct Curl_ssl_session **psession);
CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
struct Curl_ssl_session **psession);
/* Variation of session creation with quic transport parameter bytes,
* Takes ownership of `quic_tp` regardless of return code. */
CURLcode
Curl_ssl_session_create2(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until,
size_t earlydata_max,
unsigned char *quic_tp, size_t quic_tp_len,
struct Curl_ssl_session **psession);
CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len,
int ietf_tls_id, const char *alpn,
curl_off_t valid_until, size_t earlydata_max,
unsigned char *quic_tp, size_t quic_tp_len,
struct Curl_ssl_session **psession);
/* Destroy a `session` instance. Can be called with NULL.
* Does NOT need locking. */

31
lib/vtls/vtls_spack.c
View file

@ -52,8 +52,8 @@ static CURLcode spack_enc8(struct dynbuf *buf, uint8_t b)
return curlx_dyn_addn(buf, &b, 1);
}
static CURLcode
spack_dec8(uint8_t *val, const uint8_t **src, const uint8_t *end)
static CURLcode spack_dec8(uint8_t *val, const uint8_t **src,
const uint8_t *end)
{
if(end - *src < 1)
return CURLE_READ_ERROR;
@ -70,8 +70,8 @@ static CURLcode spack_enc16(struct dynbuf *buf, uint16_t val)
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
static CURLcode
spack_dec16(uint16_t *val, const uint8_t **src, const uint8_t *end)
static CURLcode spack_dec16(uint16_t *val, const uint8_t **src,
const uint8_t *end)
{
if(end - *src < 2)
return CURLE_READ_ERROR;
@ -90,8 +90,8 @@ static CURLcode spack_enc32(struct dynbuf *buf, uint32_t val)
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
static CURLcode
spack_dec32(uint32_t *val, const uint8_t **src, const uint8_t *end)
static CURLcode spack_dec32(uint32_t *val, const uint8_t **src,
const uint8_t *end)
{
if(end - *src < 4)
return CURLE_READ_ERROR;
@ -107,7 +107,7 @@ static CURLcode spack_enc64(struct dynbuf *buf, uint64_t val)
nval[0] = (uint8_t)(val >> 56);
nval[1] = (uint8_t)(val >> 48);
nval[2] = (uint8_t)(val >> 40);
nval[3] = (uint8_t)(val >> 32); \
nval[3] = (uint8_t)(val >> 32);
nval[4] = (uint8_t)(val >> 24);
nval[5] = (uint8_t)(val >> 16);
nval[6] = (uint8_t)(val >> 8);
@ -115,8 +115,8 @@ static CURLcode spack_enc64(struct dynbuf *buf, uint64_t val)
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
static CURLcode
spack_dec64(uint64_t *val, const uint8_t **src, const uint8_t *end)
static CURLcode spack_dec64(uint64_t *val, const uint8_t **src,
const uint8_t *end)
{
if(end - *src < 8)
return CURLE_READ_ERROR;
@ -141,8 +141,8 @@ static CURLcode spack_encstr16(struct dynbuf *buf, const char *s)
return r;
}
static CURLcode
spack_decstr16(char **val, const uint8_t **src, const uint8_t *end)
static CURLcode spack_decstr16(char **val, const uint8_t **src,
const uint8_t *end)
{
uint16_t slen;
CURLcode r;
@ -158,8 +158,8 @@ spack_decstr16(char **val, const uint8_t **src, const uint8_t *end)
return *val ? CURLE_OK : CURLE_OUT_OF_MEMORY;
}
static CURLcode spack_encdata16(struct dynbuf *buf,
const uint8_t *data, size_t data_len)
static CURLcode spack_encdata16(struct dynbuf *buf, const uint8_t *data,
size_t data_len)
{
CURLcode r;
if(data_len > UINT16_MAX)
@ -171,9 +171,8 @@ static CURLcode spack_encdata16(struct dynbuf *buf,
return r;
}
static CURLcode
spack_decdata16(uint8_t **val, size_t *val_len,
const uint8_t **src, const uint8_t *end)
static CURLcode spack_decdata16(uint8_t **val, size_t *val_len,
const uint8_t **src, const uint8_t *end)
{
uint16_t data_len;
CURLcode r;

113
lib/vtls/wolfssl.c
View file

@ -127,9 +127,9 @@ static CURLcode wssl_connect(struct Curl_cfilter *cf,
* (--enable-opensslextra or --enable-all).
*/
#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
static int
wssl_tls13_secret_callback(SSL *ssl, int id, const unsigned char *secret,
int secretSz, void *ctx)
static int wssl_tls13_secret_callback(SSL *ssl, int id,
const unsigned char *secret,
int secretSz, void *ctx)
{
const char *label;
unsigned char client_random[SSL3_RANDOM_SIZE];
@ -309,8 +309,7 @@ static long wssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr)
return ret;
}
static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio,
const char *buf, int blen)
static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
{
struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
struct ssl_connect_data *connssl = cf->ctx;
@ -487,7 +486,7 @@ static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
{
struct Curl_cfilter *cf;
cf = (struct Curl_cfilter*)wolfSSL_get_app_data(ssl);
cf = (struct Curl_cfilter *)wolfSSL_get_app_data(ssl);
DEBUGASSERT(cf != NULL);
if(cf && session) {
struct ssl_connect_data *connssl = cf->ctx;
@ -535,8 +534,8 @@ static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf,
connssl->earlydata_state = ssl_earlydata_await;
connssl->state = ssl_connection_deferred;
result = Curl_alpn_set_negotiated(cf, data, connssl,
(const unsigned char *)scs->alpn,
scs->alpn ? strlen(scs->alpn) : 0);
(const unsigned char *)scs->alpn,
scs->alpn ? strlen(scs->alpn) : 0);
*do_early_data = !result;
}
return result;
@ -640,7 +639,7 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
}
#else
infof(data, "ignoring native CA option because wolfSSL was built without "
"native CA support");
"native CA support");
#endif
}
#endif /* !NO_FILESYSTEM */
@ -688,7 +687,7 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
/* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "error setting certificate verify locations,"
" continuing anyway:");
" continuing anyway:");
}
}
else {
@ -707,15 +706,15 @@ static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
#define MPROTO_WSSL_X509_KEY "tls:wssl:x509:share"
struct wssl_x509_share {
char *CAfile; /* CAfile path used to generate X509 store */
char *CAfile; /* CAfile path used to generate X509 store */
WOLFSSL_X509_STORE *store; /* cached X509 store or NULL if none */
struct curltime time; /* when the cached store was created */
struct curltime time; /* when the cached store was created */
};
static void wssl_x509_share_free(void *key, size_t key_len, void *p)
{
struct wssl_x509_share *share = p;
DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY)-1));
DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_WSSL_X509_KEY, key, key_len));
(void)key;
(void)key_len;
@ -726,9 +725,8 @@ static void wssl_x509_share_free(void *key, size_t key_len, void *p)
curlx_free(share);
}
static bool
wssl_cached_x509_store_expired(const struct Curl_easy *data,
const struct wssl_x509_share *mb)
static bool wssl_cached_x509_store_expired(const struct Curl_easy *data,
const struct wssl_x509_share *mb)
{
const struct ssl_general_config *cfg = &data->set.general_ssl;
struct curltime now = curlx_now();
@ -741,9 +739,8 @@ wssl_cached_x509_store_expired(const struct Curl_easy *data,
return elapsed_ms >= timeout_ms;
}
static bool
wssl_cached_x509_store_different(struct Curl_cfilter *cf,
const struct wssl_x509_share *mb)
static bool wssl_cached_x509_store_different(struct Curl_cfilter *cf,
const struct wssl_x509_share *mb)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
if(!mb->CAfile || !conn_config->CAfile)
@ -762,7 +759,7 @@ static WOLFSSL_X509_STORE *wssl_get_cached_x509_store(struct Curl_cfilter *cf,
DEBUGASSERT(multi);
share = multi ? Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL;
sizeof(MPROTO_WSSL_X509_KEY) - 1) : NULL;
if(share && share->store &&
!wssl_cached_x509_store_expired(data, share) &&
!wssl_cached_x509_store_different(cf, share)) {
@ -785,7 +782,7 @@ static void wssl_set_cached_x509_store(struct Curl_cfilter *cf,
return;
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
sizeof(MPROTO_WSSL_X509_KEY)-1);
sizeof(MPROTO_WSSL_X509_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
@ -793,7 +790,7 @@ static void wssl_set_cached_x509_store(struct Curl_cfilter *cf,
return;
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
sizeof(MPROTO_WSSL_X509_KEY)-1,
sizeof(MPROTO_WSSL_X509_KEY) - 1,
share, wssl_x509_share_free)) {
curlx_free(share);
return;
@ -876,8 +873,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
}
#ifdef WOLFSSL_TLS13
static CURLcode
wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
static CURLcode wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
{
int i;
char *str;
@ -905,8 +901,7 @@ wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
/* 4.2.0 (2019) */
#if LIBWOLFSSL_VERSION_HEX < 0x04002000 || !defined(OPENSSL_EXTRA)
static int
wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
static int wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX *ctx, int version)
{
int res;
switch(version) {
@ -933,8 +928,8 @@ wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
}
return res;
}
static int
wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
static int wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX *ctx, int version)
{
(void)ctx, (void)version;
return WOLFSSL_NOT_IMPLEMENTED;
@ -1106,7 +1101,6 @@ static CURLcode ssl_version(struct Curl_easy *data,
return CURLE_OK;
}
#define QUIC_GROUPS "P-256:P-384:P-521"
CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
@ -1121,7 +1115,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
{
struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
struct ssl_primary_config *conn_config;
WOLFSSL_METHOD* req_method = NULL;
WOLFSSL_METHOD *req_method = NULL;
struct alpn_spec alpns;
char *curves;
#ifdef WOLFSSL_HAVE_KYBER
@ -1357,8 +1351,7 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
/* Ensure the Client Random is preserved. */
wolfSSL_KeepArrays(wctx->ssl);
#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
wolfSSL_set_tls13_secret_cb(wctx->ssl,
wssl_tls13_secret_callback, NULL);
wolfSSL_set_tls13_secret_cb(wctx->ssl, wssl_tls13_secret_callback, NULL);
#endif
}
#endif /* OPENSSL_EXTRA */
@ -1383,15 +1376,15 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
if(data->set.tls_ech == CURLECH_GREASE) {
infof(data, "ECH: GREASE is done by default by wolfSSL: no need to ask");
}
if(data->set.tls_ech & CURLECH_CLA_CFG
&& data->set.str[STRING_ECH_CONFIG]) {
if(data->set.tls_ech & CURLECH_CLA_CFG &&
data->set.str[STRING_ECH_CONFIG]) {
char *b64val = data->set.str[STRING_ECH_CONFIG];
word32 b64len = 0;
b64len = (word32) strlen(b64val);
if(b64len
&& wolfSSL_SetEchConfigsBase64(wctx->ssl, b64val, b64len)
!= WOLFSSL_SUCCESS) {
b64len = (word32)strlen(b64val);
if(b64len &&
wolfSSL_SetEchConfigsBase64(wctx->ssl,
b64val, b64len) != WOLFSSL_SUCCESS) {
if(data->set.tls_ech & CURLECH_HARD) {
result = CURLE_SSL_CONNECT_ERROR;
goto out;
@ -1424,8 +1417,8 @@ CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
size_t elen = rinfo->echconfiglist_len;
infof(data, "ECH: ECHConfig from DoH HTTPS RR");
if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32) elen) !=
WOLFSSL_SUCCESS) {
if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32)elen) !=
WOLFSSL_SUCCESS) {
infof(data, "ECH: wolfSSL_SetEchConfigs failed");
if(data->set.tls_ech & CURLECH_HARD) {
result = CURLE_SSL_CONNECT_ERROR;
@ -1476,8 +1469,8 @@ out:
* This function loads all the client/CA certificates and CRLs. Setup the TLS
* layer and do all necessary magic.
*/
static CURLcode
wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
static CURLcode wssl_connect_step1(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
@ -1542,9 +1535,7 @@ wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
return CURLE_OK;
}
static char *wssl_strerror(unsigned long error, char *buf,
unsigned long size)
static char *wssl_strerror(unsigned long error, char *buf, unsigned long size)
{
DEBUGASSERT(size > 40);
*buf = '\0';
@ -1665,8 +1656,7 @@ static CURLcode wssl_send_earlydata(struct Curl_cfilter *cf,
}
#endif /* WOLFSSL_EARLY_DATA */
static CURLcode wssl_handshake(struct Curl_cfilter *cf,
struct Curl_easy *data)
static CURLcode wssl_handshake(struct Curl_cfilter *cf, struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
@ -1735,7 +1725,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf,
conn_config->verifyhost &&
!connssl->peer.sni) {
/* we have an IP address as hostname. */
WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(wssl->ssl);
WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(wssl->ssl);
if(!cert) {
failf(data, "unable to get peer certificate");
return CURLE_PEER_FAILED_VERIFICATION;
@ -1789,11 +1779,11 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf,
}
else if(wssl->io_result) {
switch(wssl->io_result) {
case CURLE_SEND_ERROR:
case CURLE_RECV_ERROR:
return CURLE_SSL_CONNECT_ERROR;
default:
return wssl->io_result;
case CURLE_SEND_ERROR:
case CURLE_RECV_ERROR:
return CURLE_SSL_CONNECT_ERROR;
default:
return wssl->io_result;
}
}
#ifdef USE_ECH_WOLFSSL
@ -1804,8 +1794,7 @@ static CURLcode wssl_handshake(struct Curl_cfilter *cf,
int rv = 0;
/* this currently does not produce the retry_configs */
rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs,
&echConfigsLen);
rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs, &echConfigsLen);
if(rv != WOLFSSL_SUCCESS) {
infof(data, "Failed to get ECHConfigs");
}
@ -2087,7 +2076,6 @@ size_t Curl_wssl_version(char *buffer, size_t size)
#endif
}
static int wssl_init(void)
{
int ret;
@ -2101,7 +2089,6 @@ static int wssl_init(void)
return ret;
}
static void wssl_cleanup(void)
{
wssl_bio_cf_free_methods();
@ -2111,7 +2098,6 @@ static void wssl_cleanup(void)
#endif
}
static bool wssl_data_pending(struct Curl_cfilter *cf,
const struct Curl_easy *data)
{
@ -2128,15 +2114,14 @@ static bool wssl_data_pending(struct Curl_cfilter *cf,
return FALSE;
}
void Curl_wssl_report_handshake(struct Curl_easy *data,
struct wssl_ctx *wssl)
void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl)
{
#if (LIBWOLFSSL_VERSION_HEX >= 0x03009010)
infof(data, "SSL connection using %s / %s",
wolfSSL_get_version(wssl->ssl),
wolfSSL_get_cipher_name(wssl->ssl));
infof(data, "SSL connection using %s / %s",
wolfSSL_get_version(wssl->ssl),
wolfSSL_get_cipher_name(wssl->ssl));
#else
infof(data, "SSL connected");
infof(data, "SSL connected");
#endif
}

9
lib/vtls/wolfssl.h
View file

@ -41,9 +41,9 @@ extern const struct Curl_ssl Curl_ssl_wolfssl;
struct wssl_ctx {
struct WOLFSSL_CTX *ssl_ctx;
struct WOLFSSL *ssl;
CURLcode io_result; /* result of last BIO cfilter operation */
CURLcode hs_result; /* result of handshake */
struct WOLFSSL *ssl;
CURLcode io_result; /* result of last BIO cfilter operation */
CURLcode hs_result; /* result of handshake */
int io_send_blocked_len; /* length of last BIO write that EAGAIN-ed */
BIT(x509_store_setup); /* x509 store has been set up */
BIT(shutting_down); /* TLS is being shut down */
@ -88,8 +88,7 @@ CURLcode Curl_wssl_verify_pinned(struct Curl_cfilter *cf,
struct Curl_easy *data,
struct wssl_ctx *wssl);
void Curl_wssl_report_handshake(struct Curl_easy *data,
struct wssl_ctx *wssl);
void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl);
#endif /* USE_WOLFSSL */
#endif /* HEADER_CURL_WOLFSSL_H */

54
lib/vtls/x509asn1.c
View file

@ -192,7 +192,7 @@ static const char *getASN1Element_(struct Curl_asn1Element *elem,
/* Process header byte. */
elem->header = beg;
b = (unsigned char) *beg++;
b = (unsigned char)*beg++;
elem->constructed = (b & 0x20) != 0;
elem->eclass = (b >> 6) & 3;
b &= 0x1F;
@ -203,7 +203,7 @@ static const char *getASN1Element_(struct Curl_asn1Element *elem,
/* Process length. */
if(beg >= end)
return NULL;
b = (unsigned char) *beg++;
b = (unsigned char)*beg++;
if(!(b & 0x80))
len = b;
else if(!(b &= 0x7F)) {
@ -284,7 +284,7 @@ static CURLcode bool2str(struct dynbuf *store,
{
if(end - beg != 1)
return CURLE_BAD_FUNCTION_ARGUMENT;
return curlx_dyn_add(store, *beg ? "TRUE": "FALSE");
return curlx_dyn_add(store, *beg ? "TRUE" : "FALSE");
}
/*
@ -298,13 +298,12 @@ static CURLcode octet2str(struct dynbuf *store,
CURLcode result = CURLE_OK;
while(!result && beg < end)
result = curlx_dyn_addf(store, "%02x:", (unsigned char) *beg++);
result = curlx_dyn_addf(store, "%02x:", (unsigned char)*beg++);
return result;
}
static CURLcode bit2str(struct dynbuf *store,
const char *beg, const char *end)
static CURLcode bit2str(struct dynbuf *store, const char *beg, const char *end)
{
/* Convert an ASN.1 bit string to a printable string. */
@ -318,8 +317,7 @@ static CURLcode bit2str(struct dynbuf *store,
*
* Returns error.
*/
static CURLcode int2str(struct dynbuf *store,
const char *beg, const char *end)
static CURLcode int2str(struct dynbuf *store, const char *beg, const char *end)
{
unsigned int val = 0;
size_t n = end - beg;
@ -335,7 +333,7 @@ static CURLcode int2str(struct dynbuf *store,
val = ~val;
do
val = (val << 8) | *(const unsigned char *) beg++;
val = (val << 8) | *(const unsigned char *)beg++;
while(beg < end);
return curlx_dyn_addf(store, "%s%x", val >= 10 ? "0x" : "", val);
}
@ -348,8 +346,8 @@ static CURLcode int2str(struct dynbuf *store,
*
* Returns error.
*/
static CURLcode
utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
static CURLcode utf8asn1str(struct dynbuf *to, int type, const char *from,
const char *end)
{
size_t inlength = end - from;
int size = 1;
@ -390,14 +388,14 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
switch(size) {
case 4:
wc = (wc << 8) | *(const unsigned char *) from++;
wc = (wc << 8) | *(const unsigned char *) from++;
wc = (wc << 8) | *(const unsigned char *)from++;
wc = (wc << 8) | *(const unsigned char *)from++;
FALLTHROUGH();
case 2:
wc = (wc << 8) | *(const unsigned char *) from++;
wc = (wc << 8) | *(const unsigned char *)from++;
FALLTHROUGH();
default: /* case 1: */
wc = (wc << 8) | *(const unsigned char *) from++;
wc = (wc << 8) | *(const unsigned char *)from++;
}
if(wc >= 0x00000080) {
if(wc >= 0x00000800) {
@ -406,19 +404,19 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
/* Invalid char. size for target encoding. */
return CURLE_WEIRD_SERVER_REPLY;
}
buf[3] = (char) (0x80 | (wc & 0x3F));
buf[3] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00010000;
charsize++;
}
buf[2] = (char) (0x80 | (wc & 0x3F));
buf[2] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00000800;
charsize++;
}
buf[1] = (char) (0x80 | (wc & 0x3F));
buf[1] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x000000C0;
charsize++;
}
buf[0] = (char) wc;
buf[0] = (char)wc;
result = curlx_dyn_addn(to, buf, charsize);
}
}
@ -438,7 +436,7 @@ static CURLcode encodeOID(struct dynbuf *store,
CURLcode result = CURLE_OK;
/* Process the first two numbers. */
y = *(const unsigned char *) beg++;
y = *(const unsigned char *)beg++;
x = y / 40;
y -= x * 40;
@ -452,7 +450,7 @@ static CURLcode encodeOID(struct dynbuf *store,
do {
if(x & 0xFF000000)
return CURLE_OK;
y = *(const unsigned char *) beg++;
y = *(const unsigned char *)beg++;
x = (x << 7) | (y & 0x7F);
} while(y & 0x80);
result = curlx_dyn_addf(store, ".%u", x);
@ -973,8 +971,8 @@ static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum,
}
/* return 0 on success, 1 on error */
static int do_pubkey(struct Curl_easy *data, int certnum,
const char *algo, struct Curl_asn1Element *param,
static int do_pubkey(struct Curl_easy *data, int certnum, const char *algo,
struct Curl_asn1Element *param,
struct Curl_asn1Element *pubkey)
{
struct Curl_asn1Element elem;
@ -1019,7 +1017,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
len = ((elem.end - q) * 8);
if(len) {
unsigned int i;
for(i = *(const unsigned char *) q; !(i & 0x80); i <<= 1)
for(i = *(const unsigned char *)q; !(i & 0x80); i <<= 1)
len--;
}
if(len > 32)
@ -1078,8 +1076,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
* Convert an ASN.1 distinguished name into a printable string.
* Return error.
*/
static CURLcode DNtostr(struct dynbuf *store,
struct Curl_asn1Element *dn)
static CURLcode DNtostr(struct dynbuf *store, struct Curl_asn1Element *dn)
{
return encodeDN(store, dn);
}
@ -1135,7 +1132,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
/* Version (always fits in less than 32 bits). */
version = 0;
for(ptr = cert.version.beg; ptr < cert.version.end; ptr++)
version = (version << 8) | *(const unsigned char *) ptr;
version = (version << 8) | *(const unsigned char *)ptr;
if(data->set.ssl.certinfo) {
result = curlx_dyn_addf(&out, "%x", version);
if(result)
@ -1163,8 +1160,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
if(result)
goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm",
&out);
result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm", &out);
if(result)
goto done;
}