• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef HEADER_CURL_VTLS_INT_H
2 #define HEADER_CURL_VTLS_INT_H
3 /***************************************************************************
4  *                                  _   _ ____  _
5  *  Project                     ___| | | |  _ \| |
6  *                             / __| | | | |_) | |
7  *                            | (__| |_| |  _ <| |___
8  *                             \___|\___/|_| \_\_____|
9  *
10  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11  *
12  * This software is licensed as described in the file COPYING, which
13  * you should have received as part of this distribution. The terms
14  * are also available at https://curl.se/docs/copyright.html.
15  *
16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17  * copies of the Software, and permit persons to whom the Software is
18  * furnished to do so, under the terms of the COPYING file.
19  *
20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21  * KIND, either express or implied.
22  *
23  * SPDX-License-Identifier: curl
24  *
25  ***************************************************************************/
26 #include "curl_setup.h"
27 #include "cfilters.h"
28 #include "urldata.h"
29 
30 #ifdef USE_SSL
31 
32 /* Information in each SSL cfilter context: cf->ctx */
33 struct ssl_connect_data {
34   ssl_connection_state state;
35   ssl_connect_state connecting_state;
36   char *hostname;                   /* hostname for verification */
37   char *dispname;                   /* display version of hostname */
38   int port;                         /* remote port at origin */
39   const struct alpn_spec *alpn;     /* ALPN to use or NULL for none */
40   struct ssl_backend_data *backend; /* vtls backend specific props */
41   struct cf_call_data call_data;    /* data handle used in current call */
42   struct curltime handshake_done;   /* time when handshake finished */
43 };
44 
45 
46 #define CF_CTX_CALL_DATA(cf)  \
47   ((struct ssl_connect_data *)(cf)->ctx)->call_data
48 
49 
50 /* Definitions for SSL Implementations */
51 
52 struct Curl_ssl {
53   /*
54    * This *must* be the first entry to allow returning the list of available
55    * backends in curl_global_sslset().
56    */
57   curl_ssl_backend info;
58   unsigned int supports; /* bitfield, see above */
59   size_t sizeof_ssl_backend_data;
60 
61   int (*init)(void);
62   void (*cleanup)(void);
63 
64   size_t (*version)(char *buffer, size_t size);
65   int (*check_cxn)(struct Curl_cfilter *cf, struct Curl_easy *data);
66   int (*shut_down)(struct Curl_cfilter *cf,
67                    struct Curl_easy *data);
68   bool (*data_pending)(struct Curl_cfilter *cf,
69                        const struct Curl_easy *data);
70 
71   /* return 0 if a find random is filled in */
72   CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
73                      size_t length);
74   bool (*cert_status_request)(void);
75 
76   CURLcode (*connect_blocking)(struct Curl_cfilter *cf,
77                                struct Curl_easy *data);
78   CURLcode (*connect_nonblocking)(struct Curl_cfilter *cf,
79                                   struct Curl_easy *data,
80                                   bool *done);
81 
82   /* If the SSL backend wants to read or write on this connection during a
83      handshake, set socks[0] to the connection's FIRSTSOCKET, and return
84      a bitmap indicating read or write with GETSOCK_WRITESOCK(0) or
85      GETSOCK_READSOCK(0). Otherwise return GETSOCK_BLANK.
86      Mandatory. */
87   int (*get_select_socks)(struct Curl_cfilter *cf, struct Curl_easy *data,
88                           curl_socket_t *socks);
89 
90   void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
91   void (*close)(struct Curl_cfilter *cf, struct Curl_easy *data);
92   void (*close_all)(struct Curl_easy *data);
93   void (*session_free)(void *ptr);
94 
95   CURLcode (*set_engine)(struct Curl_easy *data, const char *engine);
96   CURLcode (*set_engine_default)(struct Curl_easy *data);
97   struct curl_slist *(*engines_list)(struct Curl_easy *data);
98 
99   bool (*false_start)(void);
100   CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
101                     unsigned char *sha256sum, size_t sha256sumlen);
102 
103   bool (*attach_data)(struct Curl_cfilter *cf, struct Curl_easy *data);
104   void (*detach_data)(struct Curl_cfilter *cf, struct Curl_easy *data);
105 
106   void (*free_multi_ssl_backend_data)(struct multi_ssl_backend_data *mbackend);
107 
108   ssize_t (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
109                         char *buf, size_t len, CURLcode *code);
110   ssize_t (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
111                         const void *mem, size_t len, CURLcode *code);
112 
113 };
114 
115 extern const struct Curl_ssl *Curl_ssl;
116 
117 
118 int Curl_none_init(void);
119 void Curl_none_cleanup(void);
120 int Curl_none_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data);
121 int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data);
122 CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
123                           size_t length);
124 void Curl_none_close_all(struct Curl_easy *data);
125 void Curl_none_session_free(void *ptr);
126 bool Curl_none_data_pending(struct Curl_cfilter *cf,
127                             const struct Curl_easy *data);
128 bool Curl_none_cert_status_request(void);
129 CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine);
130 CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
131 struct curl_slist *Curl_none_engines_list(struct Curl_easy *data);
132 bool Curl_none_false_start(void);
133 int Curl_ssl_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data,
134                               curl_socket_t *socks);
135 
136 /**
137  * Get the ssl_config_data in `data` that is relevant for cfilter `cf`.
138  */
139 struct ssl_config_data *Curl_ssl_cf_get_config(struct Curl_cfilter *cf,
140                                                struct Curl_easy *data);
141 
142 /**
143  * Get the primary config relevant for the filter from its connection.
144  */
145 struct ssl_primary_config *
146   Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf);
147 
148 /**
149  * Get the first SSL filter in the chain starting with `cf`, or NULL.
150  */
151 struct Curl_cfilter *Curl_ssl_cf_get_ssl(struct Curl_cfilter *cf);
152 
153 /**
154  * Get the SSL filter below the given one or NULL if there is none.
155  */
156 bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf);
157 
158 /* extract a session ID
159  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
160  * Caller must make sure that the ownership of returned sessionid object
161  * is properly taken (e.g. its refcount is incremented
162  * under sessionid mutex).
163  */
164 bool Curl_ssl_getsessionid(struct Curl_cfilter *cf,
165                            struct Curl_easy *data,
166                            void **ssl_sessionid,
167                            size_t *idsize); /* set 0 if unknown */
168 /* add a new session ID
169  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
170  * Caller must ensure that it has properly shared ownership of this sessionid
171  * object with cache (e.g. incrementing refcount on success)
172  */
173 CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf,
174                                struct Curl_easy *data,
175                                void *ssl_sessionid,
176                                size_t idsize,
177                                bool *added);
178 
179 #include "openssl.h"        /* OpenSSL versions */
180 #include "gtls.h"           /* GnuTLS versions */
181 #include "nssg.h"           /* NSS versions */
182 #include "gskit.h"          /* Global Secure ToolKit versions */
183 #include "wolfssl.h"        /* wolfSSL versions */
184 #include "schannel.h"       /* Schannel SSPI version */
185 #include "sectransp.h"      /* SecureTransport (Darwin) version */
186 #include "mbedtls.h"        /* mbedTLS versions */
187 #include "bearssl.h"        /* BearSSL versions */
188 #include "rustls.h"         /* rustls versions */
189 
190 #endif /* USE_SSL */
191 
192 #endif /* HEADER_CURL_VTLS_INT_H */
193