search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Resync
[CMakeLuaTailorHgBridge.git] / CMakeLua / Utilities / cmcurl-7.19.0 / lib / sslgen.c
blob1d957cd617ad9719728509828f85b105d7860496
1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * $Id: sslgen.c,v 1.1.1.1 2008-09-23 16:32:05 hoffman Exp $
22 ***************************************************************************/
23
24 /* This file is for "generic" SSL functions that all libcurl internals should
25 use. It is responsible for calling the proper 'ossl' function in ssluse.c
26 (OpenSSL based) or the 'gtls' function in gtls.c (GnuTLS based).
27
28 SSL-functions in libcurl should call functions in this source file, and not
29 to any specific SSL-layer.
30
31 Curl_ssl_ - prefix for generic ones
32 Curl_ossl_ - prefix for OpenSSL ones
33 Curl_gtls_ - prefix for GnuTLS ones
34 Curl_nss_ - prefix for NSS ones
35
36 Note that this source code uses curlssl_* functions, and they are all
37 defines/macros #defined by the lib-specific header files.
38
39 "SSL/TLS Strong Encryption: An Introduction"
40 http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
41 */
42
43 #include "setup.h"
44
45 #include <string.h>
46 #include <stdlib.h>
47 #include <ctype.h>
48 #ifdef HAVE_SYS_SOCKET_H
49 #include <sys/socket.h>
50 #endif
51
52 #include "urldata.h"
53 #define SSLGEN_C
54 #include "sslgen.h" /* generic SSL protos etc */
55 #include "ssluse.h" /* OpenSSL versions */
56 #include "gtls.h" /* GnuTLS versions */
57 #include "nssg.h" /* NSS versions */
58 #include "qssl.h" /* QSOSSL versions */
59 #include "sendf.h"
60 #include "strequal.h"
61 #include "url.h"
62 #include "memory.h"
63 #include "progress.h"
64 /* The last #include file should be: */
65 #include "memdebug.h"
66
67 static bool safe_strequal(char* str1, char* str2);
68
69 static bool safe_strequal(char* str1, char* str2)
70 {
71 if(str1 && str2)
72 /* both pointers point to something then compare them */
73 return (bool)(0 != strequal(str1, str2));
74 else
75 /* if both pointers are NULL then treat them as equal */
76 return (bool)(!str1 && !str2);
77 }
78
79 bool
80 Curl_ssl_config_matches(struct ssl_config_data* data,
81 struct ssl_config_data* needle)
82 {
83 if((data->version == needle->version) &&
84 (data->verifypeer == needle->verifypeer) &&
85 (data->verifyhost == needle->verifyhost) &&
86 safe_strequal(data->CApath, needle->CApath) &&
87 safe_strequal(data->CAfile, needle->CAfile) &&
88 safe_strequal(data->random_file, needle->random_file) &&
89 safe_strequal(data->egdsocket, needle->egdsocket) &&
90 safe_strequal(data->cipher_list, needle->cipher_list))
91 return TRUE;
92
93 return FALSE;
94 }
95
96 bool
97 Curl_clone_ssl_config(struct ssl_config_data *source,
98 struct ssl_config_data *dest)
99 {
100 dest->sessionid = source->sessionid;
101 dest->verifyhost = source->verifyhost;
102 dest->verifypeer = source->verifypeer;
103 dest->version = source->version;
104
105 if(source->CAfile) {
106 dest->CAfile = strdup(source->CAfile);
107 if(!dest->CAfile)
108 return FALSE;
109 }
110
111 if(source->CApath) {
112 dest->CApath = strdup(source->CApath);
113 if(!dest->CApath)
114 return FALSE;
115 }
116
117 if(source->cipher_list) {
118 dest->cipher_list = strdup(source->cipher_list);
119 if(!dest->cipher_list)
120 return FALSE;
121 }
122
123 if(source->egdsocket) {
124 dest->egdsocket = strdup(source->egdsocket);
125 if(!dest->egdsocket)
126 return FALSE;
127 }
128
129 if(source->random_file) {
130 dest->random_file = strdup(source->random_file);
131 if(!dest->random_file)
132 return FALSE;
133 }
134
135 return TRUE;
136 }
137
138 void Curl_free_ssl_config(struct ssl_config_data* sslc)
139 {
140 Curl_safefree(sslc->CAfile);
141 Curl_safefree(sslc->CApath);
142 Curl_safefree(sslc->cipher_list);
143 Curl_safefree(sslc->egdsocket);
144 Curl_safefree(sslc->random_file);
145 }
146
147 #ifdef USE_SSL
148
149 /* "global" init done? */
150 static bool init_ssl=FALSE;
151
152 /**
153 * Global SSL init
154 *
155 * @retval 0 error initializing SSL
156 * @retval 1 SSL initialized successfully
157 */
158 int Curl_ssl_init(void)
159 {
160 /* make sure this is only done once */
161 if(init_ssl)
162 return 1;
163 init_ssl = TRUE; /* never again */
164
165 return curlssl_init();
166 }
167
168
169 /* Global cleanup */
170 void Curl_ssl_cleanup(void)
171 {
172 if(init_ssl) {
173 /* only cleanup if we did a previous init */
174 curlssl_cleanup();
175 init_ssl = FALSE;
176 }
177 }
178
179 CURLcode
180 Curl_ssl_connect(struct connectdata *conn, int sockindex)
181 {
182 CURLcode res;
183 /* mark this is being ssl-enabled from here on. */
184 conn->ssl[sockindex].use = TRUE;
185 conn->ssl[sockindex].state = ssl_connection_negotiating;
186
187 res = curlssl_connect(conn, sockindex);
188
189 if(!res)
190 Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
191
192 return res;
193 }
194
195 CURLcode
196 Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
197 bool *done)
198 {
199 #ifdef curlssl_connect_nonblocking
200 /* mark this is being ssl requested from here on. */
201 conn->ssl[sockindex].use = TRUE;
202 return curlssl_connect_nonblocking(conn, sockindex, done);
203 #else
204 *done = TRUE; /* fallback to BLOCKING */
205 conn->ssl[sockindex].use = TRUE;
206 return curlssl_connect(conn, sockindex);
207 #endif /* non-blocking connect support */
208 }
209
210 /*
211 * Check if there's a session ID for the given connection in the cache, and if
212 * there's one suitable, it is provided. Returns TRUE when no entry matched.
213 */
214 int Curl_ssl_getsessionid(struct connectdata *conn,
215 void **ssl_sessionid,
216 size_t *idsize) /* set 0 if unknown */
217 {
218 struct curl_ssl_session *check;
219 struct SessionHandle *data = conn->data;
220 long i;
221
222 if(!conn->ssl_config.sessionid)
223 /* session ID re-use is disabled */
224 return TRUE;
225
226 for(i=0; i< data->set.ssl.numsessions; i++) {
227 check = &data->state.session[i];
228 if(!check->sessionid)
229 /* not session ID means blank entry */
230 continue;
231 if(curl_strequal(conn->host.name, check->name) &&
232 (conn->remote_port == check->remote_port) &&
233 Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
234 /* yes, we have a session ID! */
235 data->state.sessionage++; /* increase general age */
236 check->age = data->state.sessionage; /* set this as used in this age */
237 *ssl_sessionid = check->sessionid;
238 if(idsize)
239 *idsize = check->idsize;
240 return FALSE;
241 }
242 }
243 *ssl_sessionid = NULL;
244 return TRUE;
245 }
246
247 /*
248 * Kill a single session ID entry in the cache.
249 */
250 static int kill_session(struct curl_ssl_session *session)
251 {
252 if(session->sessionid) {
253 /* defensive check */
254
255 /* free the ID the SSL-layer specific way */
256 curlssl_session_free(session->sessionid);
257
258 session->sessionid=NULL;
259 session->age = 0; /* fresh */
260
261 Curl_free_ssl_config(&session->ssl_config);
262
263 Curl_safefree(session->name);
264 session->name = NULL; /* no name */
265
266 return 0; /* ok */
267 }
268 else
269 return 1;
270 }
271
272 /*
273 * Store session id in the session cache. The ID passed on to this function
274 * must already have been extracted and allocated the proper way for the SSL
275 * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
276 * later on.
277 */
278 CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
279 void *ssl_sessionid,
280 size_t idsize)
281 {
282 long i;
283 struct SessionHandle *data=conn->data; /* the mother of all structs */
284 struct curl_ssl_session *store = &data->state.session[0];
285 long oldest_age=data->state.session[0].age; /* zero if unused */
286 char *clone_host;
287
288 /* Even though session ID re-use might be disabled, that only disables USING
289 IT. We still store it here in case the re-using is again enabled for an
290 upcoming transfer */
291
292 clone_host = strdup(conn->host.name);
293 if(!clone_host)
294 return CURLE_OUT_OF_MEMORY; /* bail out */
295
296 /* Now we should add the session ID and the host name to the cache, (remove
297 the oldest if necessary) */
298
299 /* find an empty slot for us, or find the oldest */
300 for(i=1; (i<data->set.ssl.numsessions) &&
301 data->state.session[i].sessionid; i++) {
302 if(data->state.session[i].age < oldest_age) {
303 oldest_age = data->state.session[i].age;
304 store = &data->state.session[i];
305 }
306 }
307 if(i == data->set.ssl.numsessions)
308 /* cache is full, we must "kill" the oldest entry! */
309 kill_session(store);
310 else
311 store = &data->state.session[i]; /* use this slot */
312
313 /* now init the session struct wisely */
314 store->sessionid = ssl_sessionid;
315 store->idsize = idsize;
316 store->age = data->state.sessionage; /* set current age */
317 if (store->name)
318 /* free it if there's one already present */
319 free(store->name);
320 store->name = clone_host; /* clone host name */
321 store->remote_port = conn->remote_port; /* port number */
322
323 if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config))
324 return CURLE_OUT_OF_MEMORY;
325
326 return CURLE_OK;
327 }
328
329
330 void Curl_ssl_close_all(struct SessionHandle *data)
331 {
332 long i;
333 /* kill the session ID cache */
334 if(data->state.session) {
335 for(i=0; i< data->set.ssl.numsessions; i++)
336 /* the single-killer function handles empty table slots */
337 kill_session(&data->state.session[i]);
338
339 /* free the cache data */
340 free(data->state.session);
341 data->state.session = NULL;
342 }
343
344 curlssl_close_all(data);
345 }
346
347 void Curl_ssl_close(struct connectdata *conn, int sockindex)
348 {
349 DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
350 curlssl_close(conn, sockindex);
351 }
352
353 CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
354 {
355 if(curlssl_shutdown(conn, sockindex))
356 return CURLE_SSL_SHUTDOWN_FAILED;
357
358 conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
359 conn->ssl[sockindex].state = ssl_connection_none;
360
361 return CURLE_OK;
362 }
363
364 /* Selects an SSL crypto engine
365 */
366 CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
367 {
368 return curlssl_set_engine(data, engine);
369 }
370
371 /* Selects the default SSL crypto engine
372 */
373 CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
374 {
375 return curlssl_set_engine_default(data);
376 }
377
378 /* Return list of OpenSSL crypto engine names. */
379 struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
380 {
381 return curlssl_engines_list(data);
382 }
383
384 /* return number of sent (non-SSL) bytes */
385 ssize_t Curl_ssl_send(struct connectdata *conn,
386 int sockindex,
387 const void *mem,
388 size_t len)
389 {
390 return curlssl_send(conn, sockindex, mem, len);
391 }
392
393 /* return number of received (decrypted) bytes */
394
395 /*
396 * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
397 * a regular CURLcode value.
398 */
399 ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
400 int sockindex, /* socketindex */
401 char *mem, /* store read data here */
402 size_t len) /* max amount to read */
403 {
404 ssize_t nread;
405 bool block = FALSE;
406
407 nread = curlssl_recv(conn, sockindex, mem, len, &block);
408 if(nread == -1) {
409 if(!block)
410 return 0; /* this is a true error, not EWOULDBLOCK */
411 else
412 return -1;
413 }
414
415 return nread;
416 }
417
418
419 /*
420 * This sets up a session ID cache to the specified size. Make sure this code
421 * is agnostic to what underlying SSL technology we use.
422 */
423 CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
424 {
425 struct curl_ssl_session *session;
426
427 if(data->state.session)
428 /* this is just a precaution to prevent multiple inits */
429 return CURLE_OK;
430
431 session = (struct curl_ssl_session *)
432 calloc(sizeof(struct curl_ssl_session), amount);
433 if(!session)
434 return CURLE_OUT_OF_MEMORY;
435
436 /* store the info in the SSL section */
437 data->set.ssl.numsessions = amount;
438 data->state.session = session;
439 data->state.sessionage = 1; /* this is brand new */
440 return CURLE_OK;
441 }
442
443 size_t Curl_ssl_version(char *buffer, size_t size)
444 {
445 return curlssl_version(buffer, size);
446 }
447
448 /*
449 * This function tries to determine connection status.
450 *
451 * Return codes:
452 * 1 means the connection is still in place
453 * 0 means the connection has been closed
454 * -1 means the connection status is unknown
455 */
456 int Curl_ssl_check_cxn(struct connectdata *conn)
457 {
458 return curlssl_check_cxn(conn);
459 }
460
461 bool Curl_ssl_data_pending(const struct connectdata *conn,
462 int connindex)
463 {
464 return curlssl_data_pending(conn, connindex);
465 }
466 #endif /* USE_SSL */
467
Intermediate bridge repo between official CMake (CVS) and CMakeLua (Mercurial)