1 #ifndef HEADER_CURL_SCHANNEL_H 2 #define HEADER_CURL_SCHANNEL_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. 11 * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. 12 * 13 * This software is licensed as described in the file COPYING, which 14 * you should have received as part of this distribution. The terms 15 * are also available at https://curl.se/docs/copyright.html. 16 * 17 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 18 * copies of the Software, and permit persons to whom the Software is 19 * furnished to do so, under the terms of the COPYING file. 20 * 21 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 22 * KIND, either express or implied. 23 * 24 ***************************************************************************/ 25 #include "curl_setup.h" 26 27 #ifdef USE_SCHANNEL 28 29 #include <schnlsp.h> 30 #include <schannel.h> 31 #include "curl_sspi.h" 32 33 #include "urldata.h" 34 35 /* <wincrypt.h> has been included via the above <schnlsp.h>. 36 * Or in case of ldap.c, it was included via <winldap.h>. 37 * And since <wincrypt.h> has this: 38 * #define X509_NAME ((LPCSTR) 7) 39 * 40 * And in BoringSSL's <openssl/base.h> there is: 41 * typedef struct X509_name_st X509_NAME; 42 * etc. 43 * 44 * this will cause all kinds of C-preprocessing paste errors in 45 * BoringSSL's <openssl/x509.h>: So just undefine those defines here 46 * (and only here). 47 */ 48 #if defined(HAVE_BORINGSSL) || defined(OPENSSL_IS_BORINGSSL) 49 # undef X509_NAME 50 # undef X509_CERT_PAIR 51 # undef X509_EXTENSIONS 52 #endif 53 54 extern const struct Curl_ssl Curl_ssl_schannel; 55 56 CURLcode Curl_verify_certificate(struct Curl_easy *data, 57 struct connectdata *conn, int sockindex); 58 59 /* structs to expose only in schannel.c and schannel_verify.c */ 60 #ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS 61 62 #ifdef __MINGW32__ 63 #include <_mingw.h> 64 #ifdef __MINGW64_VERSION_MAJOR 65 #define HAS_MANUAL_VERIFY_API 66 #endif 67 #else 68 #include <wincrypt.h> 69 #ifdef CERT_CHAIN_REVOCATION_CHECK_CHAIN 70 #define HAS_MANUAL_VERIFY_API 71 #endif 72 #endif 73 74 #define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ 75 76 struct Curl_schannel_cred { 77 CredHandle cred_handle; 78 TimeStamp time_stamp; 79 int refcount; 80 }; 81 82 struct Curl_schannel_ctxt { 83 CtxtHandle ctxt_handle; 84 TimeStamp time_stamp; 85 }; 86 87 struct ssl_backend_data { 88 struct Curl_schannel_cred *cred; 89 struct Curl_schannel_ctxt *ctxt; 90 SecPkgContext_StreamSizes stream_sizes; 91 size_t encdata_length, decdata_length; 92 size_t encdata_offset, decdata_offset; 93 unsigned char *encdata_buffer, *decdata_buffer; 94 /* encdata_is_incomplete: if encdata contains only a partial record that 95 can't be decrypted without another Curl_read_plain (that is, status is 96 SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes 97 more bytes into encdata then set this back to false. */ 98 bool encdata_is_incomplete; 99 unsigned long req_flags, ret_flags; 100 CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ 101 bool recv_sspi_close_notify; /* true if connection closed by close_notify */ 102 bool recv_connection_closed; /* true if connection closed, regardless how */ 103 bool use_alpn; /* true if ALPN is used for this connection */ 104 #ifdef HAS_MANUAL_VERIFY_API 105 bool use_manual_cred_validation; /* true if manual cred validation is used */ 106 #endif 107 ALG_ID algIds[NUMOF_CIPHERS]; 108 }; 109 #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ 110 111 #endif /* USE_SCHANNEL */ 112 #endif /* HEADER_CURL_SCHANNEL_H */ 113