vtls.h source code [Aseprite/third_party/curl/lib/vtls/vtls.h]

1	#ifndef HEADER_CURL_VTLS_H
2	#define HEADER_CURL_VTLS_H
3	/***************************************************************************
4	* _ _ ____ _
5	* Project ___\| \| \| \| _ \\| \|
6	* / __\| \| \| \| \|_) \| \|
7	* \| (__\| \|_\| \| _ <\| \|___
8	* \___\|\___/\|_\| \_\_____\|
9	*
10	* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
11	*
12	* This software is licensed as described in the file COPYING, which
13	* you should have received as part of this distribution. The terms
14	* are also available at https://curl.se/docs/copyright.html.
15	*
16	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
17	* copies of the Software, and permit persons to whom the Software is
18	* furnished to do so, under the terms of the COPYING file.
19	*
20	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21	* KIND, either express or implied.
22	*
23	***************************************************************************/
24	#include "curl_setup.h"
25
26	struct connectdata;
27	struct ssl_connect_data;
28
29	#define SSLSUPP_CA_PATH (1<<0) /* supports CAPATH */
30	#define SSLSUPP_CERTINFO (1<<1) /* supports CURLOPT_CERTINFO */
31	#define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */
32	#define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */
33	#define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */
34	#define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
35	#define SSLSUPP_CAINFO_BLOB (1<<6)
36
37	struct Curl_ssl {
38	/*
39	* This must be the first entry to allow returning the list of available
40	* backends in curl_global_sslset().
41	*/
42	curl_ssl_backend info;
43	unsigned int supports; / bitfield, see above /
44	size_t sizeof_ssl_backend_data;
45
46	int (init)(void*);
47	void (cleanup)(void*);
48
49	size_t (version)(char* *buffer, size_t size);
50	int (check_cxn)(struct* connectdata *cxn);
51	int (shut_down)(struct* Curl_easy data, struct* connectdata *conn,
52	int sockindex);
53	bool (data_pending)(const* struct connectdata *conn,
54	int connindex);
55
56	/ return 0 if a find random is filled in /
57	CURLcode (random)(struct* Curl_easy data, unsigned* char *entropy,
58	size_t length);
59	bool (cert_status_request)(void*);
60
61	CURLcode (connect_blocking)(struct* Curl_easy *data,
62	struct connectdata conn, int* sockindex);
63	CURLcode (connect_nonblocking)(struct* Curl_easy *data,
64	struct connectdata conn, int* sockindex,
65	bool *done);
66
67	/ If the SSL backend wants to read or write on this connection during a*
68	handshake, set socks[0] to the connection's FIRSTSOCKET, and return
69	a bitmap indicating read or write with GETSOCK_WRITESOCK(0) or
70	GETSOCK_READSOCK(0). Otherwise return GETSOCK_BLANK.
71	Mandatory. /*
72	int (getsock)(struct* connectdata conn, curl_socket_t socks);
73
74	void (get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
75	void (close_one)(struct* Curl_easy data, struct* connectdata *conn,
76	int sockindex);
77	void (close_all)(struct* Curl_easy *data);
78	void (session_free)(void* *ptr);
79
80	CURLcode (set_engine)(struct* Curl_easy data, const* char *engine);
81	CURLcode (set_engine_default)(struct* Curl_easy *data);
82	struct curl_slist (engines_list)(struct Curl_easy *data);
83
84	bool (false_start)(void*);
85	CURLcode (sha256sum)(const* unsigned char *input, size_t inputlen,
86	unsigned char *sha256sum, size_t sha256sumlen);
87
88	void (associate_connection)(struct* Curl_easy *data,
89	struct connectdata *conn,
90	int sockindex);
91	void (disassociate_connection)(struct* Curl_easy data, int* sockindex);
92	};
93
94	#ifdef USE_SSL
95	extern const struct Curl_ssl *Curl_ssl;
96	#endif
97
98	int Curl_none_init(void);
99	void Curl_none_cleanup(void);
100	int Curl_none_shutdown(struct Curl_easy data, struct* connectdata *conn,
101	int sockindex);
102	int Curl_none_check_cxn(struct connectdata *conn);
103	CURLcode Curl_none_random(struct Curl_easy data, unsigned* char *entropy,
104	size_t length);
105	void Curl_none_close_all(struct Curl_easy *data);
106	void Curl_none_session_free(void *ptr);
107	bool Curl_none_data_pending(const struct connectdata conn, int* connindex);
108	bool Curl_none_cert_status_request(void);
109	CURLcode Curl_none_set_engine(struct Curl_easy data, const* char *engine);
110	CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
111	struct curl_slist Curl_none_engines_list(struct* Curl_easy *data);
112	bool Curl_none_false_start(void);
113	bool Curl_ssl_tls13_ciphersuites(void);
114
115	#include "openssl.h" /* OpenSSL versions */
116	#include "gtls.h" /* GnuTLS versions */
117	#include "nssg.h" /* NSS versions */
118	#include "gskit.h" /* Global Secure ToolKit versions */
119	#include "wolfssl.h" /* wolfSSL versions */
120	#include "schannel.h" /* Schannel SSPI version */
121	#include "sectransp.h" /* SecureTransport (Darwin) version */
122	#include "mbedtls.h" /* mbedTLS versions */
123	#include "mesalink.h" /* MesaLink versions */
124	#include "bearssl.h" /* BearSSL versions */
125	#include "rustls.h" /* rustls versions */
126
127	#ifndef MAX_PINNED_PUBKEY_SIZE
128	#define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
129	#endif
130
131	#ifndef CURL_SHA256_DIGEST_LENGTH
132	#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
133	#endif
134
135	/ see https://www.iana.org/assignments/tls-extensiontype-values/ /
136	#define ALPN_HTTP_1_1_LENGTH 8
137	#define ALPN_HTTP_1_1 "http/1.1"
138	#define ALPN_H2_LENGTH 2
139	#define ALPN_H2 "h2"
140
141	/ set of helper macros for the backends to access the correct fields. For the*
142	proxy or for the remote host - to properly support HTTPS proxy /*
143	#ifndef CURL_DISABLE_PROXY
144	#define SSL_IS_PROXY() \
145	(CURLPROXY_HTTPS == conn->http_proxy.proxytype && \
146	ssl_connection_complete != \
147	conn->proxy_ssl[conn->sock[SECONDARYSOCKET] == \
148	CURL_SOCKET_BAD ? FIRSTSOCKET : SECONDARYSOCKET].state)
149	#define SSL_SET_OPTION(var) \
150	(SSL_IS_PROXY() ? data->set.proxy_ssl.var : data->set.ssl.var)
151	#define SSL_SET_OPTION_LVALUE(var) \
152	(*(SSL_IS_PROXY() ? &data->set.proxy_ssl.var : &data->set.ssl.var))
153	#define SSL_CONN_CONFIG(var) \
154	(SSL_IS_PROXY() ? conn->proxy_ssl_config.var : conn->ssl_config.var)
155	#define SSL_HOST_NAME() \
156	(SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name)
157	#define SSL_HOST_DISPNAME() \
158	(SSL_IS_PROXY() ? conn->http_proxy.host.dispname : conn->host.dispname)
159	#define SSL_HOST_PORT() \
160	(SSL_IS_PROXY() ? conn->port : conn->remote_port)
161	#define SSL_PINNED_PUB_KEY() (SSL_IS_PROXY() \
162	? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] \
163	: data->set.str[STRING_SSL_PINNEDPUBLICKEY])
164	#else
165	#define SSL_IS_PROXY() FALSE
166	#define SSL_SET_OPTION(var) data->set.ssl.var
167	#define SSL_SET_OPTION_LVALUE(var) data->set.ssl.var
168	#define SSL_CONN_CONFIG(var) conn->ssl_config.var
169	#define SSL_HOST_NAME() conn->host.name
170	#define SSL_HOST_DISPNAME() conn->host.dispname
171	#define SSL_HOST_PORT() conn->remote_port
172	#define SSL_PINNED_PUB_KEY() \
173	data->set.str[STRING_SSL_PINNEDPUBLICKEY]
174	#endif
175
176	bool Curl_ssl_config_matches(struct ssl_primary_config *data,
177	struct ssl_primary_config *needle);
178	bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
179	struct ssl_primary_config *dest);
180	void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc);
181	/ An implementation of the getsock field of Curl_ssl that relies*
182	on the ssl_connect_state enum. Asks for read or write depending
183	on whether conn->state is ssl_connect_2_reading or
184	ssl_connect_2_writing. /*
185	int Curl_ssl_getsock(struct connectdata conn, curl_socket_t socks);
186
187	int Curl_ssl_backend(void);
188
189	#ifdef USE_SSL
190	int Curl_ssl_init(void);
191	void Curl_ssl_cleanup(void);
192	CURLcode Curl_ssl_connect(struct Curl_easy data, struct* connectdata *conn,
193	int sockindex);
194	CURLcode Curl_ssl_connect_nonblocking(struct Curl_easy *data,
195	struct connectdata *conn,
196	bool isproxy,
197	int sockindex,
198	bool *done);
199	/ tell the SSL stuff to close down all open information regarding*
200	connections (and thus session ID caching etc) /*
201	void Curl_ssl_close_all(struct Curl_easy *data);
202	void Curl_ssl_close(struct Curl_easy data, struct* connectdata *conn,
203	int sockindex);
204	CURLcode Curl_ssl_shutdown(struct Curl_easy data, struct* connectdata *conn,
205	int sockindex);
206	CURLcode Curl_ssl_set_engine(struct Curl_easy data, const* char *engine);
207	/ Sets engine as default for all SSL operations /
208	CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
209	struct curl_slist Curl_ssl_engines_list(struct* Curl_easy *data);
210
211	/ init the SSL session ID cache /
212	CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
213	void Curl_ssl_version(char *buffer, size_t size);
214	bool Curl_ssl_data_pending(const struct connectdata *conn,
215	int connindex);
216	int Curl_ssl_check_cxn(struct connectdata *conn);
217
218	/ Certificate information list handling. /
219
220	void Curl_ssl_free_certinfo(struct Curl_easy *data);
221	CURLcode Curl_ssl_init_certinfo(struct Curl_easy data, int* num);
222	CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy data, int* certnum,
223	const char label, const* char *value,
224	size_t valuelen);
225	CURLcode Curl_ssl_push_certinfo(struct Curl_easy data, int* certnum,
226	const char label, const* char *value);
227
228	/ Functions to be used by SSL library adaptation functions /
229
230	/ Lock session cache mutex.*
231	* Call this before calling other Curl_ssl_session functions
232	* Caller should unlock this mutex as soon as possible, as it may block
233	* other SSL connection from making progress.
234	* The purpose of explicitly locking SSL session cache data is to allow
235	* individual SSL engines to manage session lifetime in their specific way.
236	*/
237	void Curl_ssl_sessionid_lock(struct Curl_easy *data);
238
239	/ Unlock session cache mutex /
240	void Curl_ssl_sessionid_unlock(struct Curl_easy *data);
241
242	/ extract a session ID*
243	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
244	* Caller must make sure that the ownership of returned sessionid object
245	* is properly taken (e.g. its refcount is incremented
246	* under sessionid mutex).
247	*/
248	bool Curl_ssl_getsessionid(struct Curl_easy *data,
249	struct connectdata *conn,
250	const bool isProxy,
251	void **ssl_sessionid,
252	size_t idsize, /* set 0 if unknown /
253	int sockindex);
254	/ add a new session ID*
255	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
256	* Caller must ensure that it has properly shared ownership of this sessionid
257	* object with cache (e.g. incrementing refcount on success)
258	*/
259	CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
260	struct connectdata *conn,
261	const bool isProxy,
262	void *ssl_sessionid,
263	size_t idsize,
264	int sockindex);
265	/ Kill a single session ID entry in the cache*
266	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
267	* This will call engine-specific curlssl_session_free function, which must
268	* take sessionid object ownership from sessionid cache
269	* (e.g. decrement refcount).
270	*/
271	void Curl_ssl_kill_session(struct Curl_ssl_session *session);
272	/ delete a session from the cache*
273	* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
274	* This will call engine-specific curlssl_session_free function, which must
275	* take sessionid object ownership from sessionid cache
276	* (e.g. decrement refcount).
277	*/
278	void Curl_ssl_delsessionid(struct Curl_easy data, void* *ssl_sessionid);
279
280	/ get N random bytes into the buffer /
281	CURLcode Curl_ssl_random(struct Curl_easy data, unsigned* char *buffer,
282	size_t length);
283	/ Check pinned public key. /
284	CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
285	const char *pinnedpubkey,
286	const unsigned char *pubkey, size_t pubkeylen);
287
288	bool Curl_ssl_cert_status_request(void);
289
290	bool Curl_ssl_false_start(void);
291
292	void Curl_ssl_associate_conn(struct Curl_easy *data,
293	struct connectdata *conn);
294	void Curl_ssl_detach_conn(struct Curl_easy *data,
295	struct connectdata *conn);
296
297	#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
298
299	#else /* if not USE_SSL */
300
301	/ When SSL support is not present, just define away these function calls /
302	#define Curl_ssl_init() 1
303	#define Curl_ssl_cleanup() Curl_nop_stmt
304	#define Curl_ssl_connect(x,y,z) CURLE_NOT_BUILT_IN
305	#define Curl_ssl_close_all(x) Curl_nop_stmt
306	#define Curl_ssl_close(x,y,z) Curl_nop_stmt
307	#define Curl_ssl_shutdown(x,y,z) CURLE_NOT_BUILT_IN
308	#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
309	#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
310	#define Curl_ssl_engines_list(x) NULL
311	#define Curl_ssl_send(a,b,c,d,e) -1
312	#define Curl_ssl_recv(a,b,c,d,e) -1
313	#define Curl_ssl_initsessions(x,y) CURLE_OK
314	#define Curl_ssl_data_pending(x,y) 0
315	#define Curl_ssl_check_cxn(x) 0
316	#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
317	#define Curl_ssl_connect_nonblocking(x,y,z,w,a) CURLE_NOT_BUILT_IN
318	#define Curl_ssl_kill_session(x) Curl_nop_stmt
319	#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
320	#define Curl_ssl_cert_status_request() FALSE
321	#define Curl_ssl_false_start() FALSE
322	#define Curl_ssl_tls13_ciphersuites() FALSE
323	#define Curl_ssl_associate_conn(a,b) Curl_nop_stmt
324	#define Curl_ssl_detach_conn(a,b) Curl_nop_stmt
325	#endif
326
327	#endif /* HEADER_CURL_VTLS_H */
328

Browse the source code of Aseprite/third_party/curl/lib/vtls/vtls.h