moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 15:05:02 -05:00
Code Issues Releases Wiki Activity

bearssl: remove the BACKEND define kludge

Browse Source
This commit is contained in:
Daniel Stenberg 2020-03-18 23:18:33 +01:00
parent 5076b8668f
commit 52182e4b8f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 52 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
lib/vtls/bearssl.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2019, Michael Forney, <mforney@mforney.org> * Copyright (C) 2019 - 2020, Michael Forney, <mforney@mforney.org>
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -56,8 +56,6 @@ struct ssl_backend_data {
size_t pending_write; size_t pending_write;
}; };
#define BACKEND connssl->backend
struct cafile_parser { struct cafile_parser {
CURLcode err; CURLcode err;
bool in_cert; bool in_cert;
@ -300,6 +298,7 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name; conn->host.name;
@ -343,7 +342,7 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
} }
if(ssl_cafile) { if(ssl_cafile) {
ret = load_cafile(ssl_cafile, &BACKEND->anchors, &BACKEND->anchors_len); ret = load_cafile(ssl_cafile, &backend->anchors, &backend->anchors_len);
if(ret != CURLE_OK) { if(ret != CURLE_OK) {
if(verifypeer) { if(verifypeer) {
failf(data, "error setting certificate verify locations:\n" failf(data, "error setting certificate verify locations:\n"
@ -356,24 +355,24 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
} }
/* initialize SSL context */ /* initialize SSL context */
br_ssl_client_init_full(&BACKEND->ctx, &BACKEND->x509.minimal, br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
BACKEND->anchors, BACKEND->anchors_len); backend->anchors, backend->anchors_len);
br_ssl_engine_set_versions(&BACKEND->ctx.eng, version_min, version_max); br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
br_ssl_engine_set_buffer(&BACKEND->ctx.eng, BACKEND->buf, br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
sizeof(BACKEND->buf), 1); sizeof(backend->buf), 1);
/* initialize X.509 context */ /* initialize X.509 context */
BACKEND->x509.vtable = &x509_vtable; backend->x509.vtable = &x509_vtable;
BACKEND->x509.verifypeer = verifypeer; backend->x509.verifypeer = verifypeer;
BACKEND->x509.verifyhost = verifyhost; backend->x509.verifyhost = verifyhost;
br_ssl_engine_set_x509(&BACKEND->ctx.eng, &BACKEND->x509.vtable); br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
if(SSL_SET_OPTION(primary.sessionid)) { if(SSL_SET_OPTION(primary.sessionid)) {
void *session; void *session;
Curl_ssl_sessionid_lock(conn); Curl_ssl_sessionid_lock(conn);
if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) { if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) {
br_ssl_engine_set_session_parameters(&BACKEND->ctx.eng, session); br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
infof(data, "BearSSL: re-using session ID\n"); infof(data, "BearSSL: re-using session ID\n");
} }
Curl_ssl_sessionid_unlock(conn); Curl_ssl_sessionid_unlock(conn);
@ -389,16 +388,16 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
#ifdef USE_NGHTTP2 #ifdef USE_NGHTTP2
if(data->set.httpversion >= CURL_HTTP_VERSION_2 && if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
(!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
BACKEND->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID; backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
} }
#endif #endif
BACKEND->protocols[cur++] = ALPN_HTTP_1_1; backend->protocols[cur++] = ALPN_HTTP_1_1;
infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1); infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
br_ssl_engine_set_protocol_names(&BACKEND->ctx.eng, br_ssl_engine_set_protocol_names(&backend->ctx.eng,
BACKEND->protocols, cur); backend->protocols, cur);
} }
if((1 == Curl_inet_pton(AF_INET, hostname, &addr)) if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
@ -414,9 +413,9 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
hostname = NULL; hostname = NULL;
} }
if(!br_ssl_client_reset(&BACKEND->ctx, hostname, 0)) if(!br_ssl_client_reset(&backend->ctx, hostname, 0))
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
BACKEND->active = TRUE; backend->active = TRUE;
connssl->connecting_state = ssl_connect_2; connssl->connecting_state = ssl_connect_2;
@ -428,6 +427,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
curl_socket_t sockfd = conn->sock[sockindex]; curl_socket_t sockfd = conn->sock[sockindex];
unsigned state; unsigned state;
unsigned char *buf; unsigned char *buf;
@ -436,9 +436,9 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
int err; int err;
for(;;) { for(;;) {
state = br_ssl_engine_current_state(&BACKEND->ctx.eng); state = br_ssl_engine_current_state(&backend->ctx.eng);
if(state & BR_SSL_CLOSED) { if(state & BR_SSL_CLOSED) {
err = br_ssl_engine_last_error(&BACKEND->ctx.eng); err = br_ssl_engine_last_error(&backend->ctx.eng);
switch(err) { switch(err) {
case BR_ERR_OK: case BR_ERR_OK:
/* TLS close notify */ /* TLS close notify */
@ -468,7 +468,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
if(state & target) if(state & target)
return CURLE_OK; return CURLE_OK;
if(state & BR_SSL_SENDREC) { if(state & BR_SSL_SENDREC) {
buf = br_ssl_engine_sendrec_buf(&BACKEND->ctx.eng, &len); buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
ret = swrite(sockfd, buf, len); ret = swrite(sockfd, buf, len);
if(ret == -1) { if(ret == -1) {
if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) { if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
@ -478,10 +478,10 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
} }
return CURLE_WRITE_ERROR; return CURLE_WRITE_ERROR;
} }
br_ssl_engine_sendrec_ack(&BACKEND->ctx.eng, ret); br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
} }
else if(state & BR_SSL_RECVREC) { else if(state & BR_SSL_RECVREC) {
buf = br_ssl_engine_recvrec_buf(&BACKEND->ctx.eng, &len); buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
ret = sread(sockfd, buf, len); ret = sread(sockfd, buf, len);
if(ret == 0) { if(ret == 0) {
failf(data, "SSL: EOF without close notify"); failf(data, "SSL: EOF without close notify");
@ -495,7 +495,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
} }
return CURLE_READ_ERROR; return CURLE_READ_ERROR;
} }
br_ssl_engine_recvrec_ack(&BACKEND->ctx.eng, ret); br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
} }
} }
} }
@ -504,13 +504,14 @@ static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret; CURLcode ret;
ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP); ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP);
if(ret == CURLE_AGAIN) if(ret == CURLE_AGAIN)
return CURLE_OK; return CURLE_OK;
if(ret == CURLE_OK) { if(ret == CURLE_OK) {
if(br_ssl_engine_current_state(&BACKEND->ctx.eng) == BR_SSL_CLOSED) { if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
failf(data, "SSL: connection closed during handshake"); failf(data, "SSL: connection closed during handshake");
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
@ -523,6 +524,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret; CURLcode ret;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
@ -530,7 +532,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
if(conn->bits.tls_enable_alpn) { if(conn->bits.tls_enable_alpn) {
const char *protocol; const char *protocol;
protocol = br_ssl_engine_get_selected_protocol(&BACKEND->ctx.eng); protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
if(protocol) { if(protocol) {
infof(data, "ALPN, server accepted to use %s\n", protocol); infof(data, "ALPN, server accepted to use %s\n", protocol);
@ -558,7 +560,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
session = malloc(sizeof(*session)); session = malloc(sizeof(*session));
if(!session) if(!session)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
br_ssl_engine_get_session_parameters(&BACKEND->ctx.eng, session); br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
Curl_ssl_sessionid_lock(conn); Curl_ssl_sessionid_lock(conn);
incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex)); incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex));
if(incache) if(incache)
@ -581,6 +583,7 @@ static ssize_t bearssl_send(struct connectdata *conn, int sockindex,
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned char *app; unsigned char *app;
size_t applen; size_t applen;
@ -588,23 +591,23 @@ static ssize_t bearssl_send(struct connectdata *conn, int sockindex,
*err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP); *err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP);
if (*err != CURLE_OK) if (*err != CURLE_OK)
return -1; return -1;
app = br_ssl_engine_sendapp_buf(&BACKEND->ctx.eng, &applen); app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
if(!app) { if(!app) {
failf(data, "SSL: connection closed during write"); failf(data, "SSL: connection closed during write");
*err = CURLE_SEND_ERROR; *err = CURLE_SEND_ERROR;
return -1; return -1;
} }
if(BACKEND->pending_write) { if(backend->pending_write) {
applen = BACKEND->pending_write; applen = backend->pending_write;
BACKEND->pending_write = 0; backend->pending_write = 0;
return applen; return applen;
} }
if(applen > len) if(applen > len)
applen = len; applen = len;
memcpy(app, buf, applen); memcpy(app, buf, applen);
br_ssl_engine_sendapp_ack(&BACKEND->ctx.eng, applen); br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
br_ssl_engine_flush(&BACKEND->ctx.eng, 0); br_ssl_engine_flush(&backend->ctx.eng, 0);
BACKEND->pending_write = applen; backend->pending_write = applen;
} }
} }
@ -612,19 +615,20 @@ static ssize_t bearssl_recv(struct connectdata *conn, int sockindex,
char *buf, size_t len, CURLcode *err) char *buf, size_t len, CURLcode *err)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned char *app; unsigned char *app;
size_t applen; size_t applen;
*err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP); *err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP);
if(*err != CURLE_OK) if(*err != CURLE_OK)
return -1; return -1;
app = br_ssl_engine_recvapp_buf(&BACKEND->ctx.eng, &applen); app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
if(!app) if(!app)
return 0; return 0;
if(applen > len) if(applen > len)
applen = len; applen = len;
memcpy(buf, app, applen); memcpy(buf, app, applen);
br_ssl_engine_recvapp_ack(&BACKEND->ctx.eng, applen); br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
return applen; return applen;
} }
@ -739,8 +743,8 @@ static bool Curl_bearssl_data_pending(const struct connectdata *conn,
int connindex) int connindex)
{ {
const struct ssl_connect_data *connssl = &conn->ssl[connindex]; const struct ssl_connect_data *connssl = &conn->ssl[connindex];
struct ssl_backend_data *backend = connssl->backend;
return br_ssl_engine_current_state(&BACKEND->ctx.eng) & BR_SSL_RECVAPP; return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
} }
static CURLcode Curl_bearssl_random(struct Curl_easy *data UNUSED_PARAM, static CURLcode Curl_bearssl_random(struct Curl_easy *data UNUSED_PARAM,
@ -786,21 +790,23 @@ static CURLcode Curl_bearssl_connect_nonblocking(struct connectdata *conn,
static void *Curl_bearssl_get_internals(struct ssl_connect_data *connssl, static void *Curl_bearssl_get_internals(struct ssl_connect_data *connssl,
CURLINFO info UNUSED_PARAM) CURLINFO info UNUSED_PARAM)
{ {
return &BACKEND->ctx; struct ssl_backend_data *backend = connssl->backend;
return &backend->ctx;
} }
static void Curl_bearssl_close(struct connectdata *conn, int sockindex) static void Curl_bearssl_close(struct connectdata *conn, int sockindex)
{ {
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
size_t i; size_t i;
if(BACKEND->active) { if(backend->active) {
br_ssl_engine_close(&BACKEND->ctx.eng); br_ssl_engine_close(&backend->ctx.eng);
(void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED); (void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED);
} }
for(i = 0; i < BACKEND->anchors_len; ++i) for(i = 0; i < backend->anchors_len; ++i)
free(BACKEND->anchors[i].dn.data); free(backend->anchors[i].dn.data);
free(BACKEND->anchors); free(backend->anchors);
} }
static void Curl_bearssl_session_free(void *ptr) static void Curl_bearssl_session_free(void *ptr)
@ -836,9 +842,7 @@ static CURLcode Curl_bearssl_sha256sum(const unsigned char *input,
const struct Curl_ssl Curl_ssl_bearssl = { const struct Curl_ssl Curl_ssl_bearssl = {
{ CURLSSLBACKEND_BEARSSL, "bearssl" }, { CURLSSLBACKEND_BEARSSL, "bearssl" },
0, 0,
sizeof(struct ssl_backend_data), sizeof(struct ssl_backend_data),
Curl_none_init, Curl_none_init,