OpenSSL 4 has plans to make ASN1_STRING opaque, which will break the
build, so convert the code to use accessors. ASN1_STRING_length() and
ASN1_STRING_type() go way back to SSLeay and ASN1_STRING_get0_data() is
OpenSSL 1.1 API present in BoringSSL since foreer and also available
since LibreSSL 2.7, so this should not cause compat issues with any
libcrypto in a supported version of the fork family.
https://github.com/openssl/openssl/issues/29117Closes#19831
Since this function returns allocated resources there is probably at
least a theoretical risk this can return NULL.
Pointed out by ZeroPath
Closes#19756
Before this patch curl used the C preprocessor to override standard
memory allocation symbols: malloc, calloc, strdup, realloc, free.
The goal of these is to replace them with curl's debug wrappers in
`CURLDEBUG` builds, another was to replace them with the wrappers
calling user-defined allocators in libcurl. This solution needed a bunch
of workarounds to avoid breaking external headers: it relied on include
order to do the overriding last. For "unity" builds it needed to reset
overrides before external includes. Also in test apps, which are always
built as single source files. It also needed the `(symbol)` trick
to avoid overrides in some places. This would still not fix cases where
the standard symbols were macros. It was also fragile and difficult
to figure out which was the actual function behind an alloc or free call
in a specific piece of code. This in turn caused bugs where the wrong
allocator was accidentally called.
To avoid these problems, this patch replaces this solution with
`curlx_`-prefixed allocator macros, and mapping them _once_ to either
the libcurl wrappers, the debug wrappers or the standard ones, matching
the rest of the code in libtests.
This concludes the long journey to avoid redefining standard functions
in the curl codebase.
Note: I did not update `packages/OS400/*.c` sources. They did not
`#include` `curl_setup.h`, `curl_memory.h` or `memdebug.h`, meaning
the overrides were never applied to them. This may or may not have been
correct. For now I suppressed the direct use of standard allocators
via a local `.checksrc`. Probably they (except for `curlcl.c`) should be
updated to include `curl_setup.h` and use the `curlx_` macros.
This patch changes mappings in two places:
- `lib/curl_threads.c` in libtests: Before this patch it mapped to
libcurl allocators. After, it maps to standard allocators, like
the rest of libtests code.
- `units`: before this patch it mapped to standard allocators. After, it
maps to libcurl allocators.
Also:
- drop all position-dependent `curl_memory.h` and `memdebug.h` includes,
and delete the now unnecessary headers.
- rename `Curl_tcsdup` macro to `curlx_tcsdup` and define like the other
allocators.
- map `curlx_strdup()` to `_strdup()` on Windows (was: `strdup()`).
To fix warnings silenced via `_CRT_NONSTDC_NO_DEPRECATE`.
- multibyte: map `curlx_convert_*()` to `_strdup()` on Windows
(was: `strdup()`).
- src: do not reuse the `strdup` name for the local replacement.
- lib509: call `_strdup()` on Windows (was: `strdup()`).
- test1132: delete test obsoleted by this patch.
- CHECKSRC.md: update text for `SNPRINTF`.
- checksrc: ban standard allocator symbols.
Follow-up to b12da22db1#18866
Follow-up to db98daab05#18844
Follow-up to 4deea9396b#18814
Follow-up to 9678ff5b1b#18776
Follow-up to 10bac43b87#18774
Follow-up to 20142f5d06#18634
Follow-up to bf7375ecc5#18503
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#19626
Change the send parameter from `const void *` to `const uint8_t *` and
adapt calling code. Several had already unsigned chars and were casting.
Closes#19729
Change `inputbuff` parameter from `const char *` to `const uint8_t *` to
reflect the binary nature of the input bytes. Half the code was casting
unsigned char to signed already in calling.
Closes#19722
Add protocol handler flag `PROTOPT_CONN_REUSE` to indicate that the
protocol allows reusing connections for other tranfers. Add that
to all handlers that support it.
Create connections with `conn->bits.close = FALSE` and remove all
the `connkeep()` calls in protocol handlers setup/connect implementations.
`PROTOPT_CONN_REUSE` assures that the default behaviour applies
at the end of a transfer without need to juggle the close bit.
`conn->bits.close` now serves as an additional indication that a
connection cannot be reused. Only protocol handles that allow
reuse need to set it to override the default behaviour.
Remove all `connclose()` and `connkeep()` calls from connection
filters. Filters should not modify connection flags. They are
supposed to run in eyeballing situations where a filter is just
one of many determining the outcome.
Fix http response header handling to only honour `Connection: close`
for HTTP/1.x versions.
Closes#19333
Windows CRTs have a `share.h`. Before this patch when trying to
`#include <share.h>` it, the compiler picked up curl's internal
`lib/share.h` instead. Rename it to avoid this issue.
CRT `share.h` has constants necessary for using safe open CRT functions.
Also rename `lib/share.c` to keep matching the header.
Ref: https://learn.microsoft.com/cpp/c-runtime-library/sharing-constants
Ref: 625f2c1644#16949#16991
Cherry-picked from #19643Closes#19676
Description of how this works in `docs/internal/RATELIMITS.ms`.
Notable implementation changes:
- KEEP_SEND_PAUSE/KEEP_SEND_HOLD and KEEP_RECV_PAUSE/KEEP_RECV_HOLD
no longer exist. Pausing is down via blocked the new rlimits.
- KEEP_SEND_TIMED no longer exists. Pausing "100-continue" transfers
is done in the new `Curl_http_perform_pollset()` method.
- HTTP/2 rate limiting implemented via window updates. When
transfer initiaiting connection has a ratelimit, adjust the
initial window size
- HTTP/3 ngtcp2 rate limitin implemnented via ack updates
- HTTP/3 quiche does not seem to support this via its API
- the default progress-meter has been improved for accuracy
in "current speed" results.
pytest speed tests have been improved.
Closes#19384
- adjust cipher list in infof() statement for min/max TLS version
- skip test_17_07 for wolfSSL 5.8.4 when CHACHA20 is negotiated
due to regression with homebrew build on ARM systems.
Fixes#19644
Reported-by: Viktor Szakats
Closes#19662
When OpenSSL fails to verify the peer certificate, we checked for
one specific reason code and did not ask Apple SecTrust for any
other failure.
Always ask Apple SecTrust after OpenSSL fails when the `native_ca_store`
is enabled. If the user configures a CAfile or CApath, the native store
is disabled, so this does not affect use cases where users asks curl
to use a specific set of trust anchors.
Do the same for GnuTLS
Fixes#19636
Reported-by: ffath-vo on github
Closes#19638
If verifypeer and verifyhost are disabled, to not generate
a failf() message for failed verifications.
Fixes#19615
Reported-by: ncaklovic on github
Closes#19625
The mistake is harmless because it is still a size of a pointer, but
this is the correct pointer.
Acked-by: Daniel McCarney
Reported-by: pelioro on hackerone
Bug: https://hackerone.com/reports/3427460Closes#19545
It also means that all supported OpenSSL versions and forks support
TLSv1.3 after this patch.
It reduces `openssl.c` size by more than 10%, or 400 LOC.
Ref: #18822Closes#18330
Windows CE support was limited to successful builds with ming32ce
(a toolchain that hasn't seen an update since 2009, using an ancient gcc
version and "old mingw"-style SDK headers, that curl deprecated earlier).
Builds with MSVC were broken for a long time. mingw32ce builds were never
actually tested and runtime and unlikely to work due to missing stubs.
Windows CE toolchains also miss to comply with C89. Paired with lack of
demand and support for the platform, curl deprecated it earlier.
This patch removes support from the codebase to ease maintaining Windows
codepaths.
Follow-up to f98c0ba834#17924
Follow-up to 8491e6574c#17379
Follow-up to 2a292c3984#15975Closes#17927
- badwords.pl: add `-a` option to check all lines in source code files.
Before this patch indented lines were skipped (to avoid Markdown code
fences.)
- GHA/checksrc: use `-a` when verifying the source code.
- GHA/checksrc: disable `So` and `But` rules for source code.
- GHA/checksrc: add docs/examples to the verified sources.
- badwords.txt: delete 4 duplicates.
- badwords.txt: group and sort contractions.
- badwords.txt: allow ` url = `, `DIR`, `<file name`.
Closes#19536
Cleanup the vtls pinned key matching somewhat. Add a DEBUGF
for pinned key hashes that do not match, so we can see in
traces what was going on.
Ref #19489Closes#19529
Move out logic from a switch() expression and return error directly
instead of using goto. This also removes the odd-looking two subsequent
closing braces at the same indent level.
Closes#19509
Rename `Curl_timeleft()` to `Curl_timeleft_ms()` to make the units in
the returned `timediff_t` clear. (We used to always have ms there, but
with QUIC started to sometimes calc ns as well).
Rename some assigned vars without `_ms` suffix for clarity as well.
Closes#19486
Also:
- replace `manpage` with `man page`, add to `badwords.txt`.
- badwords.pl: import `-w` feature from curl-www, syncing the two
scripts fully.
- badwords.txt: import missing items from curl-www, syncing the two
files fully.
- pyspelling.words: drop `cURL` allowed word.
Closes#19468
Verify that wolfSSL_BIO_meth_new() actually works and handle situations
where it returns NULL.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19459
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Fixes#19401
Reported-by: Brad King
Closes#19308
Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.
Follow-up to 4bfd7a9615
Pointed out by ZeroPath
When Curl_conn_cf_recv() returns error, the variable might not be
assigned and the tracing output may (harmlessly) use it uninitialized.
Also add a comment about the typecast from size_t to int being fine.
Pointed out by ZeroPath
Closes#19393
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.
When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.
Also add comments to autotools and cmake scripts about this feature
detection property.
Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.
```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```
Ref: dab063fca2
Ref: a21e89edacCloses#19365
This commit does the following things:
1. Update the description of gtls_init()
2. In gtls_client_init(), check the invaild SSLVERSION at first. Note
that this part refactors the duplicate/incompatible checks and removes
the useless local variable `sni`.
3. Check the return value of gnutls_ocsp_resp_init(). Although the
original code is safe because gnutls_ocsp_resp_import() will check
the validity of `ocsp_resp`, it is better to catch the error in time
and record the proper message to output log.
Closes#19366
