mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

vtls: remove obsolete declarations of SSL backend functionality

Browse Source 
These functions are all available via the Curl_ssl struct now, no need
to declare them separately anymore.

As the global declarations are removed, the corresponding function
definitions are marked as file-local. The only two exceptions here are
Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the
declarations were removed, there are no function definitions to mark
file-local.

Please note that Curl_nss_force_init() is *still* declared globally, as
the only SSL backend-specific function, because it was introduced
specifically for the use case where cURL was compiled with
`--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add
support for NSS, 2010-06-27).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin 2017-06-23 13:19:00 +02:00 committed by Daniel Stenberg
parent 742ddc9d8f
commit 6f1eec14e0
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
21 changed files with 134 additions and 380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/vtls/axtls.c
View File

@ -49,7 +49,7 @@
/* Global axTLS init, called from Curl_ssl_init() */
int Curl_axtls_init(void)
static int Curl_axtls_init(void)
{
/* axTLS has no global init. Everything is done through SSL and SSL_CTX
* structs stored in connectdata structure. Perhaps can move to axtls.h.
@ -57,7 +57,7 @@ int Curl_axtls_init(void)
return 1;
}
void Curl_axtls_cleanup(void)
static void Curl_axtls_cleanup(void)
{
/* axTLS has no global cleanup. Perhaps can move this to axtls.h. */
}
@ -284,7 +284,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
void Curl_axtls_close(struct connectdata *conn, int sockindex)
static void Curl_axtls_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -424,10 +424,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
* Use axTLS's non-blocking connection feature to open an SSL connection.
* This is called after a TCP connection is already established.
*/
CURLcode Curl_axtls_connect_nonblocking(
struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_axtls_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
CURLcode conn_step;
int ssl_fcn_return;
@ -491,10 +489,7 @@ CURLcode Curl_axtls_connect_nonblocking(
* This function is called after the TCP connect has completed. Setup the TLS
* layer and do all necessary magic for a blocking connect.
*/
CURLcode
Curl_axtls_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex)
{
struct Curl_easy *data = conn->data;
CURLcode conn_step = connect_prep(conn, sockindex);
@ -563,7 +558,7 @@ static ssize_t axtls_send(struct connectdata *conn,
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
static int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{
/* Outline taken from openssl.c since functions are in axTLS compat layer.
axTLS's error set is much smaller, so a lot of error-handling was removed.
@ -662,7 +657,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
int Curl_axtls_check_cxn(struct connectdata *conn)
static int Curl_axtls_check_cxn(struct connectdata *conn)
{
/* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1);
axTLS compat layer always returns the last argument, so connection is
@ -672,7 +667,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn)
return 1; /* connection still in place */
}
void Curl_axtls_session_free(void *ptr)
static void Curl_axtls_session_free(void *ptr)
{
(void)ptr;
/* free the ID */
@ -680,14 +675,13 @@ void Curl_axtls_session_free(void *ptr)
compatibility layer does nothing, so we do nothing too. */
}
size_t Curl_axtls_version(char *buffer, size_t size)
static size_t Curl_axtls_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "axTLS/%s", ssl_version());
}
CURLcode Curl_axtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
static CURLcode Curl_axtls_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
static bool ssl_seeded = FALSE;
(void)data;

19
lib/vtls/axtls.h
View File

@ -27,25 +27,6 @@
#include "curl/curl.h"
#include "urldata.h"
int Curl_axtls_init(void);
void Curl_axtls_cleanup(void);
CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_axtls_connect_nonblocking(
struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_axtls_close(struct connectdata *conn, int sockindex);
void Curl_axtls_session_free(void *ptr);
size_t Curl_axtls_version(char *buffer, size_t size);
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex);
int Curl_axtls_check_cxn(struct connectdata *conn);
CURLcode Curl_axtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_axtls;
/* Set the API backend definition to axTLS */

28
lib/vtls/cyassl.c
View File

@ -696,7 +696,7 @@ static ssize_t cyassl_send(struct connectdata *conn,
return rc;
}
void Curl_cyassl_close(struct connectdata *conn, int sockindex)
static void Curl_cyassl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *conssl = &conn->ssl[sockindex];
@ -744,14 +744,14 @@ static ssize_t cyassl_recv(struct connectdata *conn,
}
void Curl_cyassl_session_free(void *ptr)
static void Curl_cyassl_session_free(void *ptr)
{
(void)ptr;
/* CyaSSL reuses sessions on own, no free */
}
size_t Curl_cyassl_version(char *buffer, size_t size)
static size_t Curl_cyassl_version(char *buffer, size_t size)
{
#if LIBCYASSL_VERSION_HEX >= 0x03006000
return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version());
@ -765,13 +765,14 @@ size_t Curl_cyassl_version(char *buffer, size_t size)
}
int Curl_cyassl_init(void)
static int Curl_cyassl_init(void)
{
return (CyaSSL_Init() == SSL_SUCCESS);
}
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
static bool Curl_cyassl_data_pending(const struct connectdata* conn,
int connindex)
{
if(conn->ssl[connindex].handle) /* SSL is in use */
return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
@ -784,7 +785,7 @@ bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
{
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -911,18 +912,14 @@ cyassl_connect_common(struct connectdata *conn,
}
CURLcode
Curl_cyassl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return cyassl_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_cyassl_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -936,9 +933,8 @@ Curl_cyassl_connect(struct connectdata *conn,
return CURLE_OK;
}
CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
static CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
RNG rng;
(void)data;

18
lib/vtls/cyassl.h
View File

@ -25,24 +25,6 @@
#ifdef USE_CYASSL
CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex);
int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
/* close a SSL connection */
void Curl_cyassl_close(struct connectdata *conn, int sockindex);
void Curl_cyassl_session_free(void *ptr);
size_t Curl_cyassl_version(char *buffer, size_t size);
int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex);
int Curl_cyassl_init(void);
CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_cyassl;
/* Set the API backend definition to CyaSSL */

30
lib/vtls/darwinssl.c
View File

@ -2568,17 +2568,13 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
CURLcode
Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return darwinssl_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_darwinssl_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -2593,7 +2589,7 @@ Curl_darwinssl_connect(struct connectdata *conn,
return CURLE_OK;
}
void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
static void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -2614,7 +2610,7 @@ void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
connssl->ssl_sockfd = 0;
}
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
@ -2667,7 +2663,7 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
return rc;
}
void Curl_darwinssl_session_free(void *ptr)
static void Curl_darwinssl_session_free(void *ptr)
{
/* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
cached session ID inside the Security framework. There is a private
@ -2678,7 +2674,7 @@ void Curl_darwinssl_session_free(void *ptr)
Curl_safefree(ptr);
}
size_t Curl_darwinssl_version(char *buffer, size_t size)
static size_t Curl_darwinssl_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "SecureTransport");
}
@ -2691,7 +2687,7 @@ size_t Curl_darwinssl_version(char *buffer, size_t size)
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
int Curl_darwinssl_check_cxn(struct connectdata *conn)
static int Curl_darwinssl_check_cxn(struct connectdata *conn)
{
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
OSStatus err;
@ -2706,8 +2702,8 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn)
return 0;
}
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex)
static bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
OSStatus err;
@ -2723,8 +2719,8 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
return false;
}
CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length)
static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length)
{
/* arc4random_buf() isn't available on cats older than Lion, so let's
do this manually for the benefit of the older cats. */
@ -2760,7 +2756,7 @@ static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
}
bool Curl_darwinssl_false_start(void)
static bool Curl_darwinssl_false_start(void)
{
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
if(SSLSetSessionOption != NULL)

20
lib/vtls/darwinssl.h
View File

@ -26,26 +26,6 @@
#ifdef USE_DARWINSSL
CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
void Curl_darwinssl_session_free(void *ptr);
size_t Curl_darwinssl_version(char *buffer, size_t size);
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
int Curl_darwinssl_check_cxn(struct connectdata *conn);
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex);
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
bool Curl_darwinssl_false_start(void);
extern const struct Curl_ssl Curl_ssl_darwinssl;
/* Set the API backend definition to SecureTransport */

19
lib/vtls/gskit.c
View File

@ -427,7 +427,7 @@ static CURLcode set_ciphers(struct connectdata *conn,
}
int Curl_gskit_init(void)
static int Curl_gskit_init(void)
{
/* No initialisation needed. */
@ -435,7 +435,7 @@ int Curl_gskit_init(void)
}
void Curl_gskit_cleanup(void)
static void Curl_gskit_cleanup(void)
{
/* Nothing to do. */
}
@ -1216,9 +1216,8 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
}
CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
CURLcode result;
@ -1229,7 +1228,7 @@ CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
}
CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
static CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done;
@ -1245,14 +1244,14 @@ CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
}
void Curl_gskit_close(struct connectdata *conn, int sockindex)
static void Curl_gskit_close(struct connectdata *conn, int sockindex)
{
close_one(&conn->ssl[sockindex], conn, sockindex);
close_one(&conn->proxy_ssl[sockindex], conn, sockindex);
}
int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
@ -1306,14 +1305,14 @@ int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
}
size_t Curl_gskit_version(char *buffer, size_t size)
static size_t Curl_gskit_version(char *buffer, size_t size)
{
strncpy(buffer, "GSKit", size);
return strlen(buffer);
}
int Curl_gskit_check_cxn(struct connectdata *cxn)
static int Curl_gskit_check_cxn(struct connectdata *cxn)
{
int err;
int errlen;

10
lib/vtls/gskit.h
View File

@ -30,16 +30,6 @@
#include "urldata.h"
#ifdef USE_GSKIT
int Curl_gskit_init(void);
void Curl_gskit_cleanup(void);
CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done);
void Curl_gskit_close(struct connectdata *conn, int sockindex);
int Curl_gskit_shutdown(struct connectdata *conn, int sockindex);
size_t Curl_gskit_version(char *buffer, size_t size);
int Curl_gskit_check_cxn(struct connectdata *cxn);
extern const struct Curl_ssl Curl_ssl_gskit;

34
lib/vtls/gtls.c
View File

@ -186,7 +186,7 @@ static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len)
* must only be called from within curl_global_init() to keep the thread
* situation under control!
*/
int Curl_gtls_init(void)
static int Curl_gtls_init(void)
{
int ret = 1;
if(!gtls_inited) {
@ -200,7 +200,7 @@ int Curl_gtls_init(void)
return ret;
}
void Curl_gtls_cleanup(void)
static void Curl_gtls_cleanup(void)
{
if(gtls_inited) {
gnutls_global_deinit();
@ -1493,18 +1493,13 @@ gtls_connect_common(struct connectdata *conn,
return CURLE_OK;
}
CURLcode
Curl_gtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return gtls_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_gtls_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -1518,7 +1513,8 @@ Curl_gtls_connect(struct connectdata *conn,
return CURLE_OK;
}
bool Curl_gtls_data_pending(const struct connectdata *conn, int connindex)
static bool Curl_gtls_data_pending(const struct connectdata *conn,
int connindex)
{
bool res = FALSE;
if(conn->ssl[connindex].session &&
@ -1570,7 +1566,7 @@ static void close_one(struct ssl_connect_data *ssl)
#endif
}
void Curl_gtls_close(struct connectdata *conn, int sockindex)
static void Curl_gtls_close(struct connectdata *conn, int sockindex)
{
close_one(&conn->ssl[sockindex]);
close_one(&conn->proxy_ssl[sockindex]);
@ -1580,7 +1576,7 @@ void Curl_gtls_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{
ssize_t result;
int retval = 0;
@ -1678,6 +1674,7 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
if(ret < 0) {
failf(conn->data, "GnuTLS recv error (%d): %s",
(int)ret, gnutls_strerror((int)ret));
*curlcode = CURLE_RECV_ERROR;
return -1;
@ -1686,12 +1683,12 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
return ret;
}
void Curl_gtls_session_free(void *ptr)
static void Curl_gtls_session_free(void *ptr)
{
free(ptr);
}
size_t Curl_gtls_version(char *buffer, size_t size)
static size_t Curl_gtls_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
}
@ -1721,9 +1718,8 @@ static int Curl_gtls_seed(struct Curl_easy *data)
#endif
/* data might be NULL! */
CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
static CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
#if defined(USE_GNUTLS_NETTLE)
int rc;
@ -1777,7 +1773,7 @@ static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
#endif
}
bool Curl_gtls_cert_status_request(void)
static bool Curl_gtls_cert_status_request(void)
{
#ifdef HAS_OCSP
return TRUE;

21
lib/vtls/gtls.h
View File

@ -28,27 +28,6 @@
#include "urldata.h"
int Curl_gtls_init(void);
void Curl_gtls_cleanup(void);
CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
bool Curl_gtls_data_pending(const struct connectdata *conn,
int connindex);
/* close a SSL connection */
void Curl_gtls_close(struct connectdata *conn, int sockindex);
void Curl_gtls_session_free(void *ptr);
size_t Curl_gtls_version(char *buffer, size_t size);
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
bool Curl_gtls_cert_status_request(void);
extern const struct Curl_ssl Curl_ssl_gnutls;
/* Set the API backend definition to GnuTLS */

29
lib/vtls/mbedtls.c
View File

@ -744,12 +744,12 @@ static ssize_t mbed_send(struct connectdata *conn, int sockindex,
return ret;
}
void Curl_mbedtls_close_all(struct Curl_easy *data)
static void Curl_mbedtls_close_all(struct Curl_easy *data)
{
(void)data;
}
void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{
mbedtls_pk_free(&conn->ssl[sockindex].pk);
mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert);
@ -788,21 +788,21 @@ static ssize_t mbed_recv(struct connectdata *conn, int num,
return len;
}
void Curl_mbedtls_session_free(void *ptr)
static void Curl_mbedtls_session_free(void *ptr)
{
mbedtls_ssl_session_free(ptr);
free(ptr);
}
size_t Curl_mbedtls_version(char *buffer, size_t size)
static size_t Curl_mbedtls_version(char *buffer, size_t size)
{
unsigned int version = mbedtls_version_get_number();
return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24,
(version>>16)&0xff, (version>>8)&0xff);
}
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
size_t length)
static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = -1;
@ -963,18 +963,14 @@ mbed_connect_common(struct connectdata *conn,
return CURLE_OK;
}
CURLcode
Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return mbed_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_mbedtls_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex)
{
CURLcode retcode;
bool done = FALSE;
@ -992,17 +988,18 @@ Curl_mbedtls_connect(struct connectdata *conn,
* return 0 error initializing SSL
* return 1 SSL initialized successfully
*/
int Curl_mbedtls_init(void)
static int Curl_mbedtls_init(void)
{
return Curl_polarsslthreadlock_thread_setup();
}
void Curl_mbedtls_cleanup(void)
static void Curl_mbedtls_cleanup(void)
{
(void)Curl_polarsslthreadlock_thread_cleanup();
}
bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex)
static bool Curl_mbedtls_data_pending(const struct connectdata *conn,
int sockindex)
{
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
}

25
lib/vtls/mbedtls.h
View File

@ -26,31 +26,6 @@
#ifdef USE_MBEDTLS
/* Called on first use mbedTLS, setup threading if supported */
int Curl_mbedtls_init(void);
void Curl_mbedtls_cleanup(void);
bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* tell mbedTLS to close down all open information regarding connections (and
thus session ID caching etc) */
void Curl_mbedtls_close_all(struct Curl_easy *data);
/* close a SSL connection */
void Curl_mbedtls_close(struct connectdata *conn, int sockindex);
void Curl_mbedtls_session_free(void *ptr);
size_t Curl_mbedtls_version(char *buffer, size_t size);
int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_mbedtls;
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS

29
lib/vtls/nss.c
View File

@ -1351,7 +1351,7 @@ static CURLcode nss_init(struct Curl_easy *data)
* @retval 0 error initializing SSL
* @retval 1 SSL initialized successfully
*/
int Curl_nss_init(void)
static int Curl_nss_init(void)
{
/* curl_global_init() is not thread-safe so this test is ok */
if(nss_initlock == NULL) {
@ -1386,7 +1386,7 @@ CURLcode Curl_nss_force_init(struct Curl_easy *data)
}
/* Global cleanup */
void Curl_nss_cleanup(void)
static void Curl_nss_cleanup(void)
{
/* This function isn't required to be threadsafe and this is only done
* as a safety feature.
@ -1426,8 +1426,7 @@ void Curl_nss_cleanup(void)
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
int
Curl_nss_check_cxn(struct connectdata *conn)
static int Curl_nss_check_cxn(struct connectdata *conn)
{
int rc;
char buf;
@ -1473,7 +1472,7 @@ static void nss_close(struct ssl_connect_data *connssl)
/*
* This function is called when an SSL connection is closed.
*/
void Curl_nss_close(struct connectdata *conn, int sockindex)
static void Curl_nss_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
@ -2164,13 +2163,13 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
return CURLE_OK;
}
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{
return nss_connect_common(conn, sockindex, /* blocking */ NULL);
}
CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return nss_connect_common(conn, sockindex, done);
}
@ -2252,22 +2251,22 @@ static ssize_t nss_recv(struct connectdata *conn, /* connection data */
return nread;
}
size_t Curl_nss_version(char *buffer, size_t size)
static size_t Curl_nss_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
}
/* data might be NULL */
int Curl_nss_seed(struct Curl_easy *data)
static int Curl_nss_seed(struct Curl_easy *data)
{
/* make sure that NSS is initialized */
return !!Curl_nss_force_init(data);
}
/* data might be NULL */
CURLcode Curl_nss_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
static CURLcode Curl_nss_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length)
{
Curl_nss_seed(data); /* Initiate the seed if not already done */
@ -2306,7 +2305,7 @@ static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
PK11_DestroyContext(SHA256pw, PR_TRUE);
}
bool Curl_nss_cert_status_request(void)
static bool Curl_nss_cert_status_request(void)
{
#ifdef SSL_ENABLE_OCSP_STAPLING
return TRUE;
@ -2315,7 +2314,7 @@ bool Curl_nss_cert_status_request(void)
#endif
}
bool Curl_nss_false_start(void)
static bool Curl_nss_false_start(void)
{
#if NSSVERNUM >= 0x030f04 /* 3.15.4 */
return TRUE;

23
lib/vtls/nssg.h
View File

@ -30,32 +30,9 @@
#include "urldata.h"
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_nss_close(struct connectdata *conn, int sockindex);
int Curl_nss_init(void);
void Curl_nss_cleanup(void);
size_t Curl_nss_version(char *buffer, size_t size);
int Curl_nss_check_cxn(struct connectdata *cxn);
int Curl_nss_seed(struct Curl_easy *data);
/* initialize NSS library if not already */
CURLcode Curl_nss_force_init(struct Curl_easy *data);
CURLcode Curl_nss_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
bool Curl_nss_cert_status_request(void);
bool Curl_nss_false_start(void);
extern const struct Curl_ssl Curl_ssl_nss;
/* Set the API backend definition to NSS */

42
lib/vtls/openssl.c
View File

@ -732,7 +732,7 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
* @retval 0 error initializing SSL
* @retval 1 SSL initialized successfully
*/
int Curl_ossl_init(void)
static int Curl_ossl_init(void)
{
OPENSSL_load_builtin_modules();
@ -774,7 +774,7 @@ int Curl_ossl_init(void)
}
/* Global cleanup */
void Curl_ossl_cleanup(void)
static void Curl_ossl_cleanup(void)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
!defined(LIBRESSL_VERSION_NUMBER)
@ -816,7 +816,7 @@ void Curl_ossl_cleanup(void)
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
int Curl_ossl_check_cxn(struct connectdata *conn)
static int Curl_ossl_check_cxn(struct connectdata *conn)
{
/* SSL_peek takes data out of the raw recv buffer without peeking so we use
recv MSG_PEEK instead. Bug #795 */
@ -862,7 +862,8 @@ int Curl_ossl_check_cxn(struct connectdata *conn)
/* Selects an OpenSSL crypto engine
*/
CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine)
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
const char *engine)
{
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
ENGINE *e;
@ -907,7 +908,7 @@ CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine)
/* Sets engine as default for all SSL operations
*/
CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
{
#ifdef HAVE_OPENSSL_ENGINE_H
if(data->state.engine) {
@ -929,7 +930,7 @@ CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
/* Return list of OpenSSL crypto engine names.
*/
struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
@ -968,7 +969,7 @@ static void ossl_close(struct ssl_connect_data *connssl)
/*
* This function is called when an SSL connection is closed.
*/
void Curl_ossl_close(struct connectdata *conn, int sockindex)
static void Curl_ossl_close(struct connectdata *conn, int sockindex)
{
ossl_close(&conn->ssl[sockindex]);
ossl_close(&conn->proxy_ssl[sockindex]);
@ -978,7 +979,7 @@ void Curl_ossl_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
{
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -1077,7 +1078,7 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
return retval;
}
void Curl_ossl_session_free(void *ptr)
static void Curl_ossl_session_free(void *ptr)
{
/* free the ID */
SSL_SESSION_free(ptr);
@ -1087,7 +1088,7 @@ void Curl_ossl_session_free(void *ptr)
* This function is called when the 'data' struct is going away. Close
* down everything and free all resources!
*/
void Curl_ossl_close_all(struct Curl_easy *data)
static void Curl_ossl_close_all(struct Curl_easy *data)
{
#ifdef HAVE_OPENSSL_ENGINE_H
if(data->state.engine) {
@ -3148,14 +3149,14 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
{
return ossl_connect_common(conn, sockindex, TRUE, done);
}
CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -3169,7 +3170,8 @@ CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
static bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex)
{
if(conn->ssl[connindex].handle)
/* SSL is in use */
@ -3180,6 +3182,8 @@ bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
return FALSE;
}
static size_t Curl_ossl_version(char *buffer, size_t size);
static ssize_t ossl_send(struct connectdata *conn,
int sockindex,
const void *mem,
@ -3293,7 +3297,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
return nread;
}
size_t Curl_ossl_version(char *buffer, size_t size)
static size_t Curl_ossl_version(char *buffer, size_t size)
{
#ifdef OPENSSL_IS_BORINGSSL
return snprintf(buffer, size, OSSL_PACKAGE);
@ -3333,8 +3337,8 @@ size_t Curl_ossl_version(char *buffer, size_t size)
}
/* can be called with data == NULL */
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length)
static CURLcode Curl_ossl_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
int rc;
if(data) {
@ -3377,7 +3381,7 @@ static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
}
#endif
bool Curl_ossl_cert_status_request(void)
static bool Curl_ossl_cert_status_request(void)
{
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
!defined(OPENSSL_NO_OCSP)

40
lib/vtls/openssl.h
View File

@ -31,46 +31,6 @@
#include "urldata.h"
CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_ossl_close(struct connectdata *conn, int sockindex);
/* tell OpenSSL to close down all open information regarding connections (and
thus session ID caching etc) */
void Curl_ossl_close_all(struct Curl_easy *data);
/* Sets an OpenSSL engine */
CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine);
/* function provided for the generic SSL-layer, called when a session id
should be freed */
void Curl_ossl_session_free(void *ptr);
/* Sets engine as default for all SSL operations */
CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data);
/* Build list of OpenSSL engines */
struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data);
int Curl_ossl_init(void);
void Curl_ossl_cleanup(void);
size_t Curl_ossl_version(char *buffer, size_t size);
int Curl_ossl_check_cxn(struct connectdata *cxn);
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex);
/* return 0 if a find random is filled in */
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
bool Curl_ossl_cert_status_request(void);
extern const struct Curl_ssl Curl_ssl_openssl;
/* Set the API backend definition to OpenSSL */

24
lib/vtls/polarssl.c
View File

@ -659,7 +659,7 @@ static ssize_t polarssl_send(struct connectdata *conn,
return ret;
}
void Curl_polarssl_close(struct connectdata *conn, int sockindex)
static void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{
rsa_free(&conn->ssl[sockindex].rsa);
x509_crt_free(&conn->ssl[sockindex].clicert);
@ -694,7 +694,7 @@ static ssize_t polarssl_recv(struct connectdata *conn,
return len;
}
void Curl_polarssl_session_free(void *ptr)
static void Curl_polarssl_session_free(void *ptr)
{
ssl_session_free(ptr);
free(ptr);
@ -703,7 +703,7 @@ void Curl_polarssl_session_free(void *ptr)
/* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and
higher) will be mbed TLS branded.. */
size_t Curl_polarssl_version(char *buffer, size_t size)
static size_t Curl_polarssl_version(char *buffer, size_t size)
{
unsigned int version = version_get_number();
return snprintf(buffer, size, "%s/%d.%d.%d",
@ -825,18 +825,14 @@ polarssl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
CURLcode
Curl_polarssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
static CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return polarssl_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_polarssl_connect(struct connectdata *conn,
int sockindex)
static CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -854,18 +850,18 @@ Curl_polarssl_connect(struct connectdata *conn,
* return 0 error initializing SSL
* return 1 SSL initialized successfully
*/
int Curl_polarssl_init(void)
static int Curl_polarssl_init(void)
{
return Curl_polarsslthreadlock_thread_setup();
}
void Curl_polarssl_cleanup(void)
static void Curl_polarssl_cleanup(void)
{
(void)Curl_polarsslthreadlock_thread_cleanup();
}
bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex)
static bool Curl_polarssl_data_pending(const struct connectdata *conn,
int sockindex)
{
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
}

19
lib/vtls/polarssl.h
View File

@ -26,25 +26,6 @@
#ifdef USE_POLARSSL
/* Called on first use PolarSSL, setup threading if supported */
int Curl_polarssl_init(void);
void Curl_polarssl_cleanup(void);
bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex);
CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_polarssl_close(struct connectdata *conn, int sockindex);
void Curl_polarssl_session_free(void *ptr);
size_t Curl_polarssl_version(char *buffer, size_t size);
int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);
extern const struct Curl_ssl Curl_ssl_polarssl;
/* Set the API backend definition to PolarSSL */

27
lib/vtls/schannel.c
View File

@ -1395,15 +1395,13 @@ cleanup:
return *err ? -1 : 0;
}
CURLcode
Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done)
static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done)
{
return schannel_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_schannel_connect(struct connectdata *conn, int sockindex)
static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex)
{
CURLcode result;
bool done = FALSE;
@ -1417,7 +1415,8 @@ Curl_schannel_connect(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex)
static bool Curl_schannel_data_pending(const struct connectdata *conn,
int sockindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -1428,14 +1427,14 @@ bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex)
return FALSE;
}
void Curl_schannel_close(struct connectdata *conn, int sockindex)
static void Curl_schannel_close(struct connectdata *conn, int sockindex)
{
if(conn->ssl[sockindex].use)
/* if the SSL/TLS channel hasn't been shut down yet, do that now. */
Curl_ssl_shutdown(conn, sockindex);
}
void Curl_schannel_session_free(void *ptr)
static void Curl_schannel_session_free(void *ptr)
{
/* this is expected to be called under sessionid lock */
struct curl_schannel_cred *cred = ptr;
@ -1447,7 +1446,7 @@ void Curl_schannel_session_free(void *ptr)
}
}
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
{
/* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
* Shutting Down an Schannel Connection
@ -1551,25 +1550,25 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
return CURLE_OK;
}
int Curl_schannel_init(void)
static int Curl_schannel_init(void)
{
return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
}
void Curl_schannel_cleanup(void)
static void Curl_schannel_cleanup(void)
{
Curl_sspi_global_cleanup();
}
size_t Curl_schannel_version(char *buffer, size_t size)
static size_t Curl_schannel_version(char *buffer, size_t size)
{
size = snprintf(buffer, size, "WinSSL");
return size;
}
CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length)
static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length)
{
HCRYPTPROV hCryptProv = 0;

19
lib/vtls/schannel.h
View File

@ -76,25 +76,6 @@
#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
void Curl_schannel_close(struct connectdata *conn, int sockindex);
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
void Curl_schannel_session_free(void *ptr);
int Curl_schannel_init(void);
void Curl_schannel_cleanup(void);
size_t Curl_schannel_version(char *buffer, size_t size);
CURLcode Curl_schannel_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_schannel;
/* Set the API backend definition to Schannel */

8
lib/vtls/vtls.c
View File

@ -28,14 +28,6 @@
to any specific SSL-layer.
Curl_ssl_ - prefix for generic ones
Curl_ossl_ - prefix for OpenSSL ones
Curl_gtls_ - prefix for GnuTLS ones
Curl_nss_ - prefix for NSS ones
Curl_gskit_ - prefix for GSKit ones
Curl_polarssl_ - prefix for PolarSSL ones
Curl_cyassl_ - prefix for CyaSSL ones
Curl_schannel_ - prefix for Schannel SSPI ones
Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones
Note that this source code uses the functions of the configured SSL
backend via the global Curl_ssl instance.