mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-03 06:20:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

vtls: remove obsolete declarations of SSL backend functionality

Browse Source 
These functions are all available via the Curl_ssl struct now, no need
to declare them separately anymore.

As the global declarations are removed, the corresponding function
definitions are marked as file-local. The only two exceptions here are
Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the
declarations were removed, there are no function definitions to mark
file-local.

Please note that Curl_nss_force_init() is *still* declared globally, as
the only SSL backend-specific function, because it was introduced
specifically for the use case where cURL was compiled with
`--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add
support for NSS, 2010-06-27).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin 2017-06-23 13:19:00 +02:00 committed by Daniel Stenberg
parent 742ddc9d8f
commit 6f1eec14e0
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
21 changed files with 134 additions and 380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/vtls/axtls.c
View File

@ -49,7 +49,7 @@
/* Global axTLS init, called from Curl_ssl_init() */ /* Global axTLS init, called from Curl_ssl_init() */
int Curl_axtls_init(void) static int Curl_axtls_init(void)
{ {
/* axTLS has no global init. Everything is done through SSL and SSL_CTX /* axTLS has no global init. Everything is done through SSL and SSL_CTX
* structs stored in connectdata structure. Perhaps can move to axtls.h. * structs stored in connectdata structure. Perhaps can move to axtls.h.
@ -57,7 +57,7 @@ int Curl_axtls_init(void)
return 1; return 1;
} }
void Curl_axtls_cleanup(void) static void Curl_axtls_cleanup(void)
{ {
/* axTLS has no global cleanup. Perhaps can move this to axtls.h. */ /* axTLS has no global cleanup. Perhaps can move this to axtls.h. */
} }
@ -284,7 +284,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
void Curl_axtls_close(struct connectdata *conn, int sockindex) static void Curl_axtls_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -424,10 +424,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
* Use axTLS's non-blocking connection feature to open an SSL connection. * Use axTLS's non-blocking connection feature to open an SSL connection.
* This is called after a TCP connection is already established. * This is called after a TCP connection is already established.
*/ */
CURLcode Curl_axtls_connect_nonblocking( static CURLcode Curl_axtls_connect_nonblocking(struct connectdata *conn,
struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
CURLcode conn_step; CURLcode conn_step;
int ssl_fcn_return; int ssl_fcn_return;
@ -491,10 +489,7 @@ CURLcode Curl_axtls_connect_nonblocking(
* This function is called after the TCP connect has completed. Setup the TLS * This function is called after the TCP connect has completed. Setup the TLS
* layer and do all necessary magic for a blocking connect. * layer and do all necessary magic for a blocking connect.
*/ */
CURLcode static CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex)
Curl_axtls_connect(struct connectdata *conn,
int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
CURLcode conn_step = connect_prep(conn, sockindex); CURLcode conn_step = connect_prep(conn, sockindex);
@ -563,7 +558,7 @@ static ssize_t axtls_send(struct connectdata *conn,
* This function is called to shut down the SSL layer but keep the * This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel) * socket open (CCC - Clear Command Channel)
*/ */
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) static int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{ {
/* Outline taken from openssl.c since functions are in axTLS compat layer. /* Outline taken from openssl.c since functions are in axTLS compat layer.
axTLS's error set is much smaller, so a lot of error-handling was removed. axTLS's error set is much smaller, so a lot of error-handling was removed.
@ -662,7 +657,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
* 0 means the connection has been closed * 0 means the connection has been closed
* -1 means the connection status is unknown * -1 means the connection status is unknown
*/ */
int Curl_axtls_check_cxn(struct connectdata *conn) static int Curl_axtls_check_cxn(struct connectdata *conn)
{ {
/* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1); /* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1);
axTLS compat layer always returns the last argument, so connection is axTLS compat layer always returns the last argument, so connection is
@ -672,7 +667,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn)
return 1; /* connection still in place */ return 1; /* connection still in place */
} }
void Curl_axtls_session_free(void *ptr) static void Curl_axtls_session_free(void *ptr)
{ {
(void)ptr; (void)ptr;
/* free the ID */ /* free the ID */
@ -680,14 +675,13 @@ void Curl_axtls_session_free(void *ptr)
compatibility layer does nothing, so we do nothing too. */ compatibility layer does nothing, so we do nothing too. */
} }
size_t Curl_axtls_version(char *buffer, size_t size) static size_t Curl_axtls_version(char *buffer, size_t size)
{ {
return snprintf(buffer, size, "axTLS/%s", ssl_version()); return snprintf(buffer, size, "axTLS/%s", ssl_version());
} }
CURLcode Curl_axtls_random(struct Curl_easy *data, static CURLcode Curl_axtls_random(struct Curl_easy *data,
unsigned char *entropy, unsigned char *entropy, size_t length)
size_t length)
{ {
static bool ssl_seeded = FALSE; static bool ssl_seeded = FALSE;
(void)data; (void)data;

19
lib/vtls/axtls.h
View File

@ -27,25 +27,6 @@
#include "curl/curl.h" #include "curl/curl.h"
#include "urldata.h" #include "urldata.h"
int Curl_axtls_init(void);
void Curl_axtls_cleanup(void);
CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_axtls_connect_nonblocking(
struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_axtls_close(struct connectdata *conn, int sockindex);
void Curl_axtls_session_free(void *ptr);
size_t Curl_axtls_version(char *buffer, size_t size);
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex);
int Curl_axtls_check_cxn(struct connectdata *conn);
CURLcode Curl_axtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_axtls; extern const struct Curl_ssl Curl_ssl_axtls;
/* Set the API backend definition to axTLS */ /* Set the API backend definition to axTLS */

28
lib/vtls/cyassl.c
View File

@ -696,7 +696,7 @@ static ssize_t cyassl_send(struct connectdata *conn,
return rc; return rc;
} }
void Curl_cyassl_close(struct connectdata *conn, int sockindex) static void Curl_cyassl_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *conssl = &conn->ssl[sockindex]; struct ssl_connect_data *conssl = &conn->ssl[sockindex];
@ -744,14 +744,14 @@ static ssize_t cyassl_recv(struct connectdata *conn,
} }
void Curl_cyassl_session_free(void *ptr) static void Curl_cyassl_session_free(void *ptr)
{ {
(void)ptr; (void)ptr;
/* CyaSSL reuses sessions on own, no free */ /* CyaSSL reuses sessions on own, no free */
} }
size_t Curl_cyassl_version(char *buffer, size_t size) static size_t Curl_cyassl_version(char *buffer, size_t size)
{ {
#if LIBCYASSL_VERSION_HEX >= 0x03006000 #if LIBCYASSL_VERSION_HEX >= 0x03006000
return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version()); return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version());
@ -765,13 +765,14 @@ size_t Curl_cyassl_version(char *buffer, size_t size)
} }
int Curl_cyassl_init(void) static int Curl_cyassl_init(void)
{ {
return (CyaSSL_Init() == SSL_SUCCESS); return (CyaSSL_Init() == SSL_SUCCESS);
} }
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) static bool Curl_cyassl_data_pending(const struct connectdata* conn,
int connindex)
{ {
if(conn->ssl[connindex].handle) /* SSL is in use */ if(conn->ssl[connindex].handle) /* SSL is in use */
return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE; return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
@ -784,7 +785,7 @@ bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
* This function is called to shut down the SSL layer but keep the * This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel) * socket open (CCC - Clear Command Channel)
*/ */
int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
{ {
int retval = 0; int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -911,18 +912,14 @@ cyassl_connect_common(struct connectdata *conn,
} }
CURLcode static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
Curl_cyassl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
return cyassl_connect_common(conn, sockindex, TRUE, done); return cyassl_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex)
Curl_cyassl_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -936,9 +933,8 @@ Curl_cyassl_connect(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode Curl_cyassl_random(struct Curl_easy *data, static CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy, unsigned char *entropy, size_t length)
size_t length)
{ {
RNG rng; RNG rng;
(void)data; (void)data;

18
lib/vtls/cyassl.h
View File

@ -25,24 +25,6 @@
#ifdef USE_CYASSL #ifdef USE_CYASSL
CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex);
int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
/* close a SSL connection */
void Curl_cyassl_close(struct connectdata *conn, int sockindex);
void Curl_cyassl_session_free(void *ptr);
size_t Curl_cyassl_version(char *buffer, size_t size);
int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex);
int Curl_cyassl_init(void);
CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_cyassl; extern const struct Curl_ssl Curl_ssl_cyassl;
/* Set the API backend definition to CyaSSL */ /* Set the API backend definition to CyaSSL */

30
lib/vtls/darwinssl.c
View File

@ -2568,17 +2568,13 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
Curl_darwinssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
return darwinssl_connect_common(conn, sockindex, TRUE, done); return darwinssl_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex)
Curl_darwinssl_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -2593,7 +2589,7 @@ Curl_darwinssl_connect(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
void Curl_darwinssl_close(struct connectdata *conn, int sockindex) static void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -2614,7 +2610,7 @@ void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
connssl->ssl_sockfd = 0; connssl->ssl_sockfd = 0;
} }
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -2667,7 +2663,7 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
return rc; return rc;
} }
void Curl_darwinssl_session_free(void *ptr) static void Curl_darwinssl_session_free(void *ptr)
{ {
/* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
cached session ID inside the Security framework. There is a private cached session ID inside the Security framework. There is a private
@ -2678,7 +2674,7 @@ void Curl_darwinssl_session_free(void *ptr)
Curl_safefree(ptr); Curl_safefree(ptr);
} }
size_t Curl_darwinssl_version(char *buffer, size_t size) static size_t Curl_darwinssl_version(char *buffer, size_t size)
{ {
return snprintf(buffer, size, "SecureTransport"); return snprintf(buffer, size, "SecureTransport");
} }
@ -2691,7 +2687,7 @@ size_t Curl_darwinssl_version(char *buffer, size_t size)
* 0 means the connection has been closed * 0 means the connection has been closed
* -1 means the connection status is unknown * -1 means the connection status is unknown
*/ */
int Curl_darwinssl_check_cxn(struct connectdata *conn) static int Curl_darwinssl_check_cxn(struct connectdata *conn)
{ {
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
OSStatus err; OSStatus err;
@ -2706,8 +2702,8 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn)
return 0; return 0;
} }
bool Curl_darwinssl_data_pending(const struct connectdata *conn, static bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex) int connindex)
{ {
const struct ssl_connect_data *connssl = &conn->ssl[connindex]; const struct ssl_connect_data *connssl = &conn->ssl[connindex];
OSStatus err; OSStatus err;
@ -2723,8 +2719,8 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
return false; return false;
} }
CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length) unsigned char *entropy, size_t length)
{ {
/* arc4random_buf() isn't available on cats older than Lion, so let's /* arc4random_buf() isn't available on cats older than Lion, so let's
do this manually for the benefit of the older cats. */ do this manually for the benefit of the older cats. */
@ -2760,7 +2756,7 @@ static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum); (void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
} }
bool Curl_darwinssl_false_start(void) static bool Curl_darwinssl_false_start(void)
{ {
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
if(SSLSetSessionOption != NULL) if(SSLSetSessionOption != NULL)

20
lib/vtls/darwinssl.h
View File

@ -26,26 +26,6 @@
#ifdef USE_DARWINSSL #ifdef USE_DARWINSSL
CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
void Curl_darwinssl_session_free(void *ptr);
size_t Curl_darwinssl_version(char *buffer, size_t size);
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
int Curl_darwinssl_check_cxn(struct connectdata *conn);
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex);
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
bool Curl_darwinssl_false_start(void);
extern const struct Curl_ssl Curl_ssl_darwinssl; extern const struct Curl_ssl Curl_ssl_darwinssl;
/* Set the API backend definition to SecureTransport */ /* Set the API backend definition to SecureTransport */

19
lib/vtls/gskit.c
View File

@ -427,7 +427,7 @@ static CURLcode set_ciphers(struct connectdata *conn,
} }
int Curl_gskit_init(void) static int Curl_gskit_init(void)
{ {
/* No initialisation needed. */ /* No initialisation needed. */
@ -435,7 +435,7 @@ int Curl_gskit_init(void)
} }
void Curl_gskit_cleanup(void) static void Curl_gskit_cleanup(void)
{ {
/* Nothing to do. */ /* Nothing to do. */
} }
@ -1216,9 +1216,8 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
} }
CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, static CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
int sockindex, int sockindex, bool *done)
bool *done)
{ {
CURLcode result; CURLcode result;
@ -1229,7 +1228,7 @@ CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
} }
CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) static CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
{ {
CURLcode result; CURLcode result;
bool done; bool done;
@ -1245,14 +1244,14 @@ CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
} }
void Curl_gskit_close(struct connectdata *conn, int sockindex) static void Curl_gskit_close(struct connectdata *conn, int sockindex)
{ {
close_one(&conn->ssl[sockindex], conn, sockindex); close_one(&conn->ssl[sockindex], conn, sockindex);
close_one(&conn->proxy_ssl[sockindex], conn, sockindex); close_one(&conn->proxy_ssl[sockindex], conn, sockindex);
} }
int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
@ -1306,14 +1305,14 @@ int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
} }
size_t Curl_gskit_version(char *buffer, size_t size) static size_t Curl_gskit_version(char *buffer, size_t size)
{ {
strncpy(buffer, "GSKit", size); strncpy(buffer, "GSKit", size);
return strlen(buffer); return strlen(buffer);
} }
int Curl_gskit_check_cxn(struct connectdata *cxn) static int Curl_gskit_check_cxn(struct connectdata *cxn)
{ {
int err; int err;
int errlen; int errlen;

10
lib/vtls/gskit.h
View File

@ -30,16 +30,6 @@
#include "urldata.h" #include "urldata.h"
#ifdef USE_GSKIT #ifdef USE_GSKIT
int Curl_gskit_init(void);
void Curl_gskit_cleanup(void);
CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done);
void Curl_gskit_close(struct connectdata *conn, int sockindex);
int Curl_gskit_shutdown(struct connectdata *conn, int sockindex);
size_t Curl_gskit_version(char *buffer, size_t size);
int Curl_gskit_check_cxn(struct connectdata *cxn);
extern const struct Curl_ssl Curl_ssl_gskit; extern const struct Curl_ssl Curl_ssl_gskit;

34
lib/vtls/gtls.c
View File

@ -186,7 +186,7 @@ static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len)
* must only be called from within curl_global_init() to keep the thread * must only be called from within curl_global_init() to keep the thread
* situation under control! * situation under control!
*/ */
int Curl_gtls_init(void) static int Curl_gtls_init(void)
{ {
int ret = 1; int ret = 1;
if(!gtls_inited) { if(!gtls_inited) {
@ -200,7 +200,7 @@ int Curl_gtls_init(void)
return ret; return ret;
} }
void Curl_gtls_cleanup(void) static void Curl_gtls_cleanup(void)
{ {
if(gtls_inited) { if(gtls_inited) {
gnutls_global_deinit(); gnutls_global_deinit();
@ -1493,18 +1493,13 @@ gtls_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
Curl_gtls_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
return gtls_connect_common(conn, sockindex, TRUE, done); return gtls_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
Curl_gtls_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -1518,7 +1513,8 @@ Curl_gtls_connect(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
bool Curl_gtls_data_pending(const struct connectdata *conn, int connindex) static bool Curl_gtls_data_pending(const struct connectdata *conn,
int connindex)
{ {
bool res = FALSE; bool res = FALSE;
if(conn->ssl[connindex].session && if(conn->ssl[connindex].session &&
@ -1570,7 +1566,7 @@ static void close_one(struct ssl_connect_data *ssl)
#endif #endif
} }
void Curl_gtls_close(struct connectdata *conn, int sockindex) static void Curl_gtls_close(struct connectdata *conn, int sockindex)
{ {
close_one(&conn->ssl[sockindex]); close_one(&conn->ssl[sockindex]);
close_one(&conn->proxy_ssl[sockindex]); close_one(&conn->proxy_ssl[sockindex]);
@ -1580,7 +1576,7 @@ void Curl_gtls_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the * This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel) * socket open (CCC - Clear Command Channel)
*/ */
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{ {
ssize_t result; ssize_t result;
int retval = 0; int retval = 0;
@ -1678,6 +1674,7 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
if(ret < 0) { if(ret < 0) {
failf(conn->data, "GnuTLS recv error (%d): %s", failf(conn->data, "GnuTLS recv error (%d): %s",
(int)ret, gnutls_strerror((int)ret)); (int)ret, gnutls_strerror((int)ret));
*curlcode = CURLE_RECV_ERROR; *curlcode = CURLE_RECV_ERROR;
return -1; return -1;
@ -1686,12 +1683,12 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
return ret; return ret;
} }
void Curl_gtls_session_free(void *ptr) static void Curl_gtls_session_free(void *ptr)
{ {
free(ptr); free(ptr);
} }
size_t Curl_gtls_version(char *buffer, size_t size) static size_t Curl_gtls_version(char *buffer, size_t size)
{ {
return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL)); return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
} }
@ -1721,9 +1718,8 @@ static int Curl_gtls_seed(struct Curl_easy *data)
#endif #endif
/* data might be NULL! */ /* data might be NULL! */
CURLcode Curl_gtls_random(struct Curl_easy *data, static CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy, unsigned char *entropy, size_t length)
size_t length)
{ {
#if defined(USE_GNUTLS_NETTLE) #if defined(USE_GNUTLS_NETTLE)
int rc; int rc;
@ -1777,7 +1773,7 @@ static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
#endif #endif
} }
bool Curl_gtls_cert_status_request(void) static bool Curl_gtls_cert_status_request(void)
{ {
#ifdef HAS_OCSP #ifdef HAS_OCSP
return TRUE; return TRUE;

21
lib/vtls/gtls.h
View File

@ -28,27 +28,6 @@
#include "urldata.h" #include "urldata.h"
int Curl_gtls_init(void);
void Curl_gtls_cleanup(void);
CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
bool Curl_gtls_data_pending(const struct connectdata *conn,
int connindex);
/* close a SSL connection */
void Curl_gtls_close(struct connectdata *conn, int sockindex);
void Curl_gtls_session_free(void *ptr);
size_t Curl_gtls_version(char *buffer, size_t size);
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
bool Curl_gtls_cert_status_request(void);
extern const struct Curl_ssl Curl_ssl_gnutls; extern const struct Curl_ssl Curl_ssl_gnutls;
/* Set the API backend definition to GnuTLS */ /* Set the API backend definition to GnuTLS */

29
lib/vtls/mbedtls.c
View File

@ -744,12 +744,12 @@ static ssize_t mbed_send(struct connectdata *conn, int sockindex,
return ret; return ret;
} }
void Curl_mbedtls_close_all(struct Curl_easy *data) static void Curl_mbedtls_close_all(struct Curl_easy *data)
{ {
(void)data; (void)data;
} }
void Curl_mbedtls_close(struct connectdata *conn, int sockindex) static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{ {
mbedtls_pk_free(&conn->ssl[sockindex].pk); mbedtls_pk_free(&conn->ssl[sockindex].pk);
mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert);
@ -788,21 +788,21 @@ static ssize_t mbed_recv(struct connectdata *conn, int num,
return len; return len;
} }
void Curl_mbedtls_session_free(void *ptr) static void Curl_mbedtls_session_free(void *ptr)
{ {
mbedtls_ssl_session_free(ptr); mbedtls_ssl_session_free(ptr);
free(ptr); free(ptr);
} }
size_t Curl_mbedtls_version(char *buffer, size_t size) static size_t Curl_mbedtls_version(char *buffer, size_t size)
{ {
unsigned int version = mbedtls_version_get_number(); unsigned int version = mbedtls_version_get_number();
return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24, return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24,
(version>>16)&0xff, (version>>8)&0xff); (version>>16)&0xff, (version>>8)&0xff);
} }
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
size_t length) unsigned char *entropy, size_t length)
{ {
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
int ret = -1; int ret = -1;
@ -963,18 +963,14 @@ mbed_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
Curl_mbedtls_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
return mbed_connect_common(conn, sockindex, TRUE, done); return mbed_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex)
Curl_mbedtls_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode retcode; CURLcode retcode;
bool done = FALSE; bool done = FALSE;
@ -992,17 +988,18 @@ Curl_mbedtls_connect(struct connectdata *conn,
* return 0 error initializing SSL * return 0 error initializing SSL
* return 1 SSL initialized successfully * return 1 SSL initialized successfully
*/ */
int Curl_mbedtls_init(void) static int Curl_mbedtls_init(void)
{ {
return Curl_polarsslthreadlock_thread_setup(); return Curl_polarsslthreadlock_thread_setup();
} }
void Curl_mbedtls_cleanup(void) static void Curl_mbedtls_cleanup(void)
{ {
(void)Curl_polarsslthreadlock_thread_cleanup(); (void)Curl_polarsslthreadlock_thread_cleanup();
} }
bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex) static bool Curl_mbedtls_data_pending(const struct connectdata *conn,
int sockindex)
{ {
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
} }

25
lib/vtls/mbedtls.h
View File

@ -26,31 +26,6 @@
#ifdef USE_MBEDTLS #ifdef USE_MBEDTLS
/* Called on first use mbedTLS, setup threading if supported */
int Curl_mbedtls_init(void);
void Curl_mbedtls_cleanup(void);
bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* tell mbedTLS to close down all open information regarding connections (and
thus session ID caching etc) */
void Curl_mbedtls_close_all(struct Curl_easy *data);
/* close a SSL connection */
void Curl_mbedtls_close(struct connectdata *conn, int sockindex);
void Curl_mbedtls_session_free(void *ptr);
size_t Curl_mbedtls_version(char *buffer, size_t size);
int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_mbedtls; extern const struct Curl_ssl Curl_ssl_mbedtls;
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS #define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS

29
lib/vtls/nss.c
View File

@ -1351,7 +1351,7 @@ static CURLcode nss_init(struct Curl_easy *data)
* @retval 0 error initializing SSL * @retval 0 error initializing SSL
* @retval 1 SSL initialized successfully * @retval 1 SSL initialized successfully
*/ */
int Curl_nss_init(void) static int Curl_nss_init(void)
{ {
/* curl_global_init() is not thread-safe so this test is ok */ /* curl_global_init() is not thread-safe so this test is ok */
if(nss_initlock == NULL) { if(nss_initlock == NULL) {
@ -1386,7 +1386,7 @@ CURLcode Curl_nss_force_init(struct Curl_easy *data)
} }
/* Global cleanup */ /* Global cleanup */
void Curl_nss_cleanup(void) static void Curl_nss_cleanup(void)
{ {
/* This function isn't required to be threadsafe and this is only done /* This function isn't required to be threadsafe and this is only done
* as a safety feature. * as a safety feature.
@ -1426,8 +1426,7 @@ void Curl_nss_cleanup(void)
* 0 means the connection has been closed * 0 means the connection has been closed
* -1 means the connection status is unknown * -1 means the connection status is unknown
*/ */
int static int Curl_nss_check_cxn(struct connectdata *conn)
Curl_nss_check_cxn(struct connectdata *conn)
{ {
int rc; int rc;
char buf; char buf;
@ -1473,7 +1472,7 @@ static void nss_close(struct ssl_connect_data *connssl)
/* /*
* This function is called when an SSL connection is closed. * This function is called when an SSL connection is closed.
*/ */
void Curl_nss_close(struct connectdata *conn, int sockindex) static void Curl_nss_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
@ -2164,13 +2163,13 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
return CURLE_OK; return CURLE_OK;
} }
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
{ {
return nss_connect_common(conn, sockindex, /* blocking */ NULL); return nss_connect_common(conn, sockindex, /* blocking */ NULL);
} }
CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
int sockindex, bool *done) int sockindex, bool *done)
{ {
return nss_connect_common(conn, sockindex, done); return nss_connect_common(conn, sockindex, done);
} }
@ -2252,22 +2251,22 @@ static ssize_t nss_recv(struct connectdata *conn, /* connection data */
return nread; return nread;
} }
size_t Curl_nss_version(char *buffer, size_t size) static size_t Curl_nss_version(char *buffer, size_t size)
{ {
return snprintf(buffer, size, "NSS/%s", NSS_VERSION); return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
} }
/* data might be NULL */ /* data might be NULL */
int Curl_nss_seed(struct Curl_easy *data) static int Curl_nss_seed(struct Curl_easy *data)
{ {
/* make sure that NSS is initialized */ /* make sure that NSS is initialized */
return !!Curl_nss_force_init(data); return !!Curl_nss_force_init(data);
} }
/* data might be NULL */ /* data might be NULL */
CURLcode Curl_nss_random(struct Curl_easy *data, static CURLcode Curl_nss_random(struct Curl_easy *data,
unsigned char *entropy, unsigned char *entropy,
size_t length) size_t length)
{ {
Curl_nss_seed(data); /* Initiate the seed if not already done */ Curl_nss_seed(data); /* Initiate the seed if not already done */
@ -2306,7 +2305,7 @@ static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
PK11_DestroyContext(SHA256pw, PR_TRUE); PK11_DestroyContext(SHA256pw, PR_TRUE);
} }
bool Curl_nss_cert_status_request(void) static bool Curl_nss_cert_status_request(void)
{ {
#ifdef SSL_ENABLE_OCSP_STAPLING #ifdef SSL_ENABLE_OCSP_STAPLING
return TRUE; return TRUE;
@ -2315,7 +2314,7 @@ bool Curl_nss_cert_status_request(void)
#endif #endif
} }
bool Curl_nss_false_start(void) static bool Curl_nss_false_start(void)
{ {
#if NSSVERNUM >= 0x030f04 /* 3.15.4 */ #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
return TRUE; return TRUE;

23
lib/vtls/nssg.h
View File

@ -30,32 +30,9 @@
#include "urldata.h" #include "urldata.h"
CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_nss_close(struct connectdata *conn, int sockindex);
int Curl_nss_init(void);
void Curl_nss_cleanup(void);
size_t Curl_nss_version(char *buffer, size_t size);
int Curl_nss_check_cxn(struct connectdata *cxn);
int Curl_nss_seed(struct Curl_easy *data);
/* initialize NSS library if not already */ /* initialize NSS library if not already */
CURLcode Curl_nss_force_init(struct Curl_easy *data); CURLcode Curl_nss_force_init(struct Curl_easy *data);
CURLcode Curl_nss_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
bool Curl_nss_cert_status_request(void);
bool Curl_nss_false_start(void);
extern const struct Curl_ssl Curl_ssl_nss; extern const struct Curl_ssl Curl_ssl_nss;
/* Set the API backend definition to NSS */ /* Set the API backend definition to NSS */

42
lib/vtls/openssl.c
View File

@ -732,7 +732,7 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
* @retval 0 error initializing SSL * @retval 0 error initializing SSL
* @retval 1 SSL initialized successfully * @retval 1 SSL initialized successfully
*/ */
int Curl_ossl_init(void) static int Curl_ossl_init(void)
{ {
OPENSSL_load_builtin_modules(); OPENSSL_load_builtin_modules();
@ -774,7 +774,7 @@ int Curl_ossl_init(void)
} }
/* Global cleanup */ /* Global cleanup */
void Curl_ossl_cleanup(void) static void Curl_ossl_cleanup(void)
{ {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
!defined(LIBRESSL_VERSION_NUMBER) !defined(LIBRESSL_VERSION_NUMBER)
@ -816,7 +816,7 @@ void Curl_ossl_cleanup(void)
* 0 means the connection has been closed * 0 means the connection has been closed
* -1 means the connection status is unknown * -1 means the connection status is unknown
*/ */
int Curl_ossl_check_cxn(struct connectdata *conn) static int Curl_ossl_check_cxn(struct connectdata *conn)
{ {
/* SSL_peek takes data out of the raw recv buffer without peeking so we use /* SSL_peek takes data out of the raw recv buffer without peeking so we use
recv MSG_PEEK instead. Bug #795 */ recv MSG_PEEK instead. Bug #795 */
@ -862,7 +862,8 @@ int Curl_ossl_check_cxn(struct connectdata *conn)
/* Selects an OpenSSL crypto engine /* Selects an OpenSSL crypto engine
*/ */
CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine) static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
const char *engine)
{ {
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
ENGINE *e; ENGINE *e;
@ -907,7 +908,7 @@ CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine)
/* Sets engine as default for all SSL operations /* Sets engine as default for all SSL operations
*/ */
CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
{ {
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef HAVE_OPENSSL_ENGINE_H
if(data->state.engine) { if(data->state.engine) {
@ -929,7 +930,7 @@ CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
/* Return list of OpenSSL crypto engine names. /* Return list of OpenSSL crypto engine names.
*/ */
struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{ {
struct curl_slist *list = NULL; struct curl_slist *list = NULL;
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
@ -968,7 +969,7 @@ static void ossl_close(struct ssl_connect_data *connssl)
/* /*
* This function is called when an SSL connection is closed. * This function is called when an SSL connection is closed.
*/ */
void Curl_ossl_close(struct connectdata *conn, int sockindex) static void Curl_ossl_close(struct connectdata *conn, int sockindex)
{ {
ossl_close(&conn->ssl[sockindex]); ossl_close(&conn->ssl[sockindex]);
ossl_close(&conn->proxy_ssl[sockindex]); ossl_close(&conn->proxy_ssl[sockindex]);
@ -978,7 +979,7 @@ void Curl_ossl_close(struct connectdata *conn, int sockindex)
* This function is called to shut down the SSL layer but keep the * This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel) * socket open (CCC - Clear Command Channel)
*/ */
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
{ {
int retval = 0; int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -1077,7 +1078,7 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
return retval; return retval;
} }
void Curl_ossl_session_free(void *ptr) static void Curl_ossl_session_free(void *ptr)
{ {
/* free the ID */ /* free the ID */
SSL_SESSION_free(ptr); SSL_SESSION_free(ptr);
@ -1087,7 +1088,7 @@ void Curl_ossl_session_free(void *ptr)
* This function is called when the 'data' struct is going away. Close * This function is called when the 'data' struct is going away. Close
* down everything and free all resources! * down everything and free all resources!
*/ */
void Curl_ossl_close_all(struct Curl_easy *data) static void Curl_ossl_close_all(struct Curl_easy *data)
{ {
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef HAVE_OPENSSL_ENGINE_H
if(data->state.engine) { if(data->state.engine) {
@ -3148,14 +3149,14 @@ static CURLcode ossl_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex, int sockindex,
bool *done) bool *done)
{ {
return ossl_connect_common(conn, sockindex, TRUE, done); return ossl_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -3169,7 +3170,8 @@ CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex) static bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex)
{ {
if(conn->ssl[connindex].handle) if(conn->ssl[connindex].handle)
/* SSL is in use */ /* SSL is in use */
@ -3180,6 +3182,8 @@ bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
return FALSE; return FALSE;
} }
static size_t Curl_ossl_version(char *buffer, size_t size);
static ssize_t ossl_send(struct connectdata *conn, static ssize_t ossl_send(struct connectdata *conn,
int sockindex, int sockindex,
const void *mem, const void *mem,
@ -3293,7 +3297,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
return nread; return nread;
} }
size_t Curl_ossl_version(char *buffer, size_t size) static size_t Curl_ossl_version(char *buffer, size_t size)
{ {
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
return snprintf(buffer, size, OSSL_PACKAGE); return snprintf(buffer, size, OSSL_PACKAGE);
@ -3333,8 +3337,8 @@ size_t Curl_ossl_version(char *buffer, size_t size)
} }
/* can be called with data == NULL */ /* can be called with data == NULL */
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy, static CURLcode Curl_ossl_random(struct Curl_easy *data,
size_t length) unsigned char *entropy, size_t length)
{ {
int rc; int rc;
if(data) { if(data) {
@ -3377,7 +3381,7 @@ static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
} }
#endif #endif
bool Curl_ossl_cert_status_request(void) static bool Curl_ossl_cert_status_request(void)
{ {
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
!defined(OPENSSL_NO_OCSP) !defined(OPENSSL_NO_OCSP)

40
lib/vtls/openssl.h
View File

@ -31,46 +31,6 @@
#include "urldata.h" #include "urldata.h"
CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_ossl_close(struct connectdata *conn, int sockindex);
/* tell OpenSSL to close down all open information regarding connections (and
thus session ID caching etc) */
void Curl_ossl_close_all(struct Curl_easy *data);
/* Sets an OpenSSL engine */
CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine);
/* function provided for the generic SSL-layer, called when a session id
should be freed */
void Curl_ossl_session_free(void *ptr);
/* Sets engine as default for all SSL operations */
CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data);
/* Build list of OpenSSL engines */
struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data);
int Curl_ossl_init(void);
void Curl_ossl_cleanup(void);
size_t Curl_ossl_version(char *buffer, size_t size);
int Curl_ossl_check_cxn(struct connectdata *cxn);
int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
bool Curl_ossl_data_pending(const struct connectdata *conn,
int connindex);
/* return 0 if a find random is filled in */
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
bool Curl_ossl_cert_status_request(void);
extern const struct Curl_ssl Curl_ssl_openssl; extern const struct Curl_ssl Curl_ssl_openssl;
/* Set the API backend definition to OpenSSL */ /* Set the API backend definition to OpenSSL */

24
lib/vtls/polarssl.c
View File

@ -659,7 +659,7 @@ static ssize_t polarssl_send(struct connectdata *conn,
return ret; return ret;
} }
void Curl_polarssl_close(struct connectdata *conn, int sockindex) static void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{ {
rsa_free(&conn->ssl[sockindex].rsa); rsa_free(&conn->ssl[sockindex].rsa);
x509_crt_free(&conn->ssl[sockindex].clicert); x509_crt_free(&conn->ssl[sockindex].clicert);
@ -694,7 +694,7 @@ static ssize_t polarssl_recv(struct connectdata *conn,
return len; return len;
} }
void Curl_polarssl_session_free(void *ptr) static void Curl_polarssl_session_free(void *ptr)
{ {
ssl_session_free(ptr); ssl_session_free(ptr);
free(ptr); free(ptr);
@ -703,7 +703,7 @@ void Curl_polarssl_session_free(void *ptr)
/* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and /* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and
higher) will be mbed TLS branded.. */ higher) will be mbed TLS branded.. */
size_t Curl_polarssl_version(char *buffer, size_t size) static size_t Curl_polarssl_version(char *buffer, size_t size)
{ {
unsigned int version = version_get_number(); unsigned int version = version_get_number();
return snprintf(buffer, size, "%s/%d.%d.%d", return snprintf(buffer, size, "%s/%d.%d.%d",
@ -825,18 +825,14 @@ polarssl_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode static CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
Curl_polarssl_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done)
int sockindex,
bool *done)
{ {
return polarssl_connect_common(conn, sockindex, TRUE, done); return polarssl_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex)
Curl_polarssl_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -854,18 +850,18 @@ Curl_polarssl_connect(struct connectdata *conn,
* return 0 error initializing SSL * return 0 error initializing SSL
* return 1 SSL initialized successfully * return 1 SSL initialized successfully
*/ */
int Curl_polarssl_init(void) static int Curl_polarssl_init(void)
{ {
return Curl_polarsslthreadlock_thread_setup(); return Curl_polarsslthreadlock_thread_setup();
} }
void Curl_polarssl_cleanup(void) static void Curl_polarssl_cleanup(void)
{ {
(void)Curl_polarsslthreadlock_thread_cleanup(); (void)Curl_polarsslthreadlock_thread_cleanup();
} }
static bool Curl_polarssl_data_pending(const struct connectdata *conn,
bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) int sockindex)
{ {
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
} }

19
lib/vtls/polarssl.h
View File

@ -26,25 +26,6 @@
#ifdef USE_POLARSSL #ifdef USE_POLARSSL
/* Called on first use PolarSSL, setup threading if supported */
int Curl_polarssl_init(void);
void Curl_polarssl_cleanup(void);
bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex);
CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* close a SSL connection */
void Curl_polarssl_close(struct connectdata *conn, int sockindex);
void Curl_polarssl_session_free(void *ptr);
size_t Curl_polarssl_version(char *buffer, size_t size);
int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);
extern const struct Curl_ssl Curl_ssl_polarssl; extern const struct Curl_ssl Curl_ssl_polarssl;
/* Set the API backend definition to PolarSSL */ /* Set the API backend definition to PolarSSL */

27
lib/vtls/schannel.c
View File

@ -1395,15 +1395,13 @@ cleanup:
return *err ? -1 : 0; return *err ? -1 : 0;
} }
CURLcode static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex, int sockindex, bool *done)
bool *done)
{ {
return schannel_connect_common(conn, sockindex, TRUE, done); return schannel_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex)
Curl_schannel_connect(struct connectdata *conn, int sockindex)
{ {
CURLcode result; CURLcode result;
bool done = FALSE; bool done = FALSE;
@ -1417,7 +1415,8 @@ Curl_schannel_connect(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex) static bool Curl_schannel_data_pending(const struct connectdata *conn,
int sockindex)
{ {
const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@ -1428,14 +1427,14 @@ bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex)
return FALSE; return FALSE;
} }
void Curl_schannel_close(struct connectdata *conn, int sockindex) static void Curl_schannel_close(struct connectdata *conn, int sockindex)
{ {
if(conn->ssl[sockindex].use) if(conn->ssl[sockindex].use)
/* if the SSL/TLS channel hasn't been shut down yet, do that now. */ /* if the SSL/TLS channel hasn't been shut down yet, do that now. */
Curl_ssl_shutdown(conn, sockindex); Curl_ssl_shutdown(conn, sockindex);
} }
void Curl_schannel_session_free(void *ptr) static void Curl_schannel_session_free(void *ptr)
{ {
/* this is expected to be called under sessionid lock */ /* this is expected to be called under sessionid lock */
struct curl_schannel_cred *cred = ptr; struct curl_schannel_cred *cred = ptr;
@ -1447,7 +1446,7 @@ void Curl_schannel_session_free(void *ptr)
} }
} }
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
{ {
/* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
* Shutting Down an Schannel Connection * Shutting Down an Schannel Connection
@ -1551,25 +1550,25 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
return CURLE_OK; return CURLE_OK;
} }
int Curl_schannel_init(void) static int Curl_schannel_init(void)
{ {
return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0); return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
} }
void Curl_schannel_cleanup(void) static void Curl_schannel_cleanup(void)
{ {
Curl_sspi_global_cleanup(); Curl_sspi_global_cleanup();
} }
size_t Curl_schannel_version(char *buffer, size_t size) static size_t Curl_schannel_version(char *buffer, size_t size)
{ {
size = snprintf(buffer, size, "WinSSL"); size = snprintf(buffer, size, "WinSSL");
return size; return size;
} }
CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
unsigned char *entropy, size_t length) unsigned char *entropy, size_t length)
{ {
HCRYPTPROV hCryptProv = 0; HCRYPTPROV hCryptProv = 0;

19
lib/vtls/schannel.h
View File

@ -76,25 +76,6 @@
#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 #define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 #define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
void Curl_schannel_close(struct connectdata *conn, int sockindex);
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
void Curl_schannel_session_free(void *ptr);
int Curl_schannel_init(void);
void Curl_schannel_cleanup(void);
size_t Curl_schannel_version(char *buffer, size_t size);
CURLcode Curl_schannel_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
extern const struct Curl_ssl Curl_ssl_schannel; extern const struct Curl_ssl Curl_ssl_schannel;
/* Set the API backend definition to Schannel */ /* Set the API backend definition to Schannel */

8
lib/vtls/vtls.c
View File

@ -28,14 +28,6 @@
to any specific SSL-layer. to any specific SSL-layer.
Curl_ssl_ - prefix for generic ones Curl_ssl_ - prefix for generic ones
Curl_ossl_ - prefix for OpenSSL ones
Curl_gtls_ - prefix for GnuTLS ones
Curl_nss_ - prefix for NSS ones
Curl_gskit_ - prefix for GSKit ones
Curl_polarssl_ - prefix for PolarSSL ones
Curl_cyassl_ - prefix for CyaSSL ones
Curl_schannel_ - prefix for Schannel SSPI ones
Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones
Note that this source code uses the functions of the configured SSL Note that this source code uses the functions of the configured SSL
backend via the global Curl_ssl instance. backend via the global Curl_ssl instance.