moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 14:08:07 -05:00
Code Issues Releases Wiki Activity

bearssl: remove the BACKEND define kludge

Browse Source
This commit is contained in:
Daniel Stenberg 2020-03-18 23:18:33 +01:00
parent 5076b8668f
commit 52182e4b8f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 52 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
lib/vtls/bearssl.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2019, Michael Forney, <mforney@mforney.org>
* Copyright (C) 2019 - 2020, Michael Forney, <mforney@mforney.org>
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -56,8 +56,6 @@ struct ssl_backend_data {
size_t pending_write;
};
#define BACKEND connssl->backend
struct cafile_parser {
CURLcode err;
bool in_cert;
@ -300,6 +298,7 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name;
@ -343,7 +342,7 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
}
if(ssl_cafile) {
ret = load_cafile(ssl_cafile, &BACKEND->anchors, &BACKEND->anchors_len);
ret = load_cafile(ssl_cafile, &backend->anchors, &backend->anchors_len);
if(ret != CURLE_OK) {
if(verifypeer) {
failf(data, "error setting certificate verify locations:\n"
@ -356,24 +355,24 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
}
/* initialize SSL context */
br_ssl_client_init_full(&BACKEND->ctx, &BACKEND->x509.minimal,
BACKEND->anchors, BACKEND->anchors_len);
br_ssl_engine_set_versions(&BACKEND->ctx.eng, version_min, version_max);
br_ssl_engine_set_buffer(&BACKEND->ctx.eng, BACKEND->buf,
sizeof(BACKEND->buf), 1);
br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
backend->anchors, backend->anchors_len);
br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
sizeof(backend->buf), 1);
/* initialize X.509 context */
BACKEND->x509.vtable = &x509_vtable;
BACKEND->x509.verifypeer = verifypeer;
BACKEND->x509.verifyhost = verifyhost;
br_ssl_engine_set_x509(&BACKEND->ctx.eng, &BACKEND->x509.vtable);
backend->x509.vtable = &x509_vtable;
backend->x509.verifypeer = verifypeer;
backend->x509.verifyhost = verifyhost;
br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
if(SSL_SET_OPTION(primary.sessionid)) {
void *session;
Curl_ssl_sessionid_lock(conn);
if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) {
br_ssl_engine_set_session_parameters(&BACKEND->ctx.eng, session);
br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
infof(data, "BearSSL: re-using session ID\n");
}
Curl_ssl_sessionid_unlock(conn);
@ -389,16 +388,16 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
#ifdef USE_NGHTTP2
if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
(!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
BACKEND->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
}
#endif
BACKEND->protocols[cur++] = ALPN_HTTP_1_1;
backend->protocols[cur++] = ALPN_HTTP_1_1;
infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
br_ssl_engine_set_protocol_names(&BACKEND->ctx.eng,
BACKEND->protocols, cur);
br_ssl_engine_set_protocol_names(&backend->ctx.eng,
backend->protocols, cur);
}
if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
@ -414,9 +413,9 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
hostname = NULL;
}
if(!br_ssl_client_reset(&BACKEND->ctx, hostname, 0))
if(!br_ssl_client_reset(&backend->ctx, hostname, 0))
return CURLE_FAILED_INIT;
BACKEND->active = TRUE;
backend->active = TRUE;
connssl->connecting_state = ssl_connect_2;
@ -428,6 +427,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
curl_socket_t sockfd = conn->sock[sockindex];
unsigned state;
unsigned char *buf;
@ -436,9 +436,9 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
int err;
for(;;) {
state = br_ssl_engine_current_state(&BACKEND->ctx.eng);
state = br_ssl_engine_current_state(&backend->ctx.eng);
if(state & BR_SSL_CLOSED) {
err = br_ssl_engine_last_error(&BACKEND->ctx.eng);
err = br_ssl_engine_last_error(&backend->ctx.eng);
switch(err) {
case BR_ERR_OK:
/* TLS close notify */
@ -468,7 +468,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
if(state & target)
return CURLE_OK;
if(state & BR_SSL_SENDREC) {
buf = br_ssl_engine_sendrec_buf(&BACKEND->ctx.eng, &len);
buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
ret = swrite(sockfd, buf, len);
if(ret == -1) {
if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
@ -478,10 +478,10 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
}
return CURLE_WRITE_ERROR;
}
br_ssl_engine_sendrec_ack(&BACKEND->ctx.eng, ret);
br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
}
else if(state & BR_SSL_RECVREC) {
buf = br_ssl_engine_recvrec_buf(&BACKEND->ctx.eng, &len);
buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
ret = sread(sockfd, buf, len);
if(ret == 0) {
failf(data, "SSL: EOF without close notify");
@ -495,7 +495,7 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
}
return CURLE_READ_ERROR;
}
br_ssl_engine_recvrec_ack(&BACKEND->ctx.eng, ret);
br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
}
}
}
@ -504,13 +504,14 @@ static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret;
ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP);
if(ret == CURLE_AGAIN)
return CURLE_OK;
if(ret == CURLE_OK) {
if(br_ssl_engine_current_state(&BACKEND->ctx.eng) == BR_SSL_CLOSED) {
if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
failf(data, "SSL: connection closed during handshake");
return CURLE_SSL_CONNECT_ERROR;
}
@ -523,6 +524,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
CURLcode ret;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
@ -530,7 +532,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
if(conn->bits.tls_enable_alpn) {
const char *protocol;
protocol = br_ssl_engine_get_selected_protocol(&BACKEND->ctx.eng);
protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
if(protocol) {
infof(data, "ALPN, server accepted to use %s\n", protocol);
@ -558,7 +560,7 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
session = malloc(sizeof(*session));
if(!session)
return CURLE_OUT_OF_MEMORY;
br_ssl_engine_get_session_parameters(&BACKEND->ctx.eng, session);
br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
Curl_ssl_sessionid_lock(conn);
incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex));
if(incache)
@ -581,6 +583,7 @@ static ssize_t bearssl_send(struct connectdata *conn, int sockindex,
{
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned char *app;
size_t applen;
@ -588,23 +591,23 @@ static ssize_t bearssl_send(struct connectdata *conn, int sockindex,
*err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP);
if (*err != CURLE_OK)
return -1;
app = br_ssl_engine_sendapp_buf(&BACKEND->ctx.eng, &applen);
app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
if(!app) {
failf(data, "SSL: connection closed during write");
*err = CURLE_SEND_ERROR;
return -1;
}
if(BACKEND->pending_write) {
applen = BACKEND->pending_write;
BACKEND->pending_write = 0;
if(backend->pending_write) {
applen = backend->pending_write;
backend->pending_write = 0;
return applen;
}
if(applen > len)
applen = len;
memcpy(app, buf, applen);
br_ssl_engine_sendapp_ack(&BACKEND->ctx.eng, applen);
br_ssl_engine_flush(&BACKEND->ctx.eng, 0);
BACKEND->pending_write = applen;
br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
br_ssl_engine_flush(&backend->ctx.eng, 0);
backend->pending_write = applen;
}
}
@ -612,19 +615,20 @@ static ssize_t bearssl_recv(struct connectdata *conn, int sockindex,
char *buf, size_t len, CURLcode *err)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
unsigned char *app;
size_t applen;
*err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP);
if(*err != CURLE_OK)
return -1;
app = br_ssl_engine_recvapp_buf(&BACKEND->ctx.eng, &applen);
app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
if(!app)
return 0;
if(applen > len)
applen = len;
memcpy(buf, app, applen);
br_ssl_engine_recvapp_ack(&BACKEND->ctx.eng, applen);
br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
return applen;
}
@ -739,8 +743,8 @@ static bool Curl_bearssl_data_pending(const struct connectdata *conn,
int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
return br_ssl_engine_current_state(&BACKEND->ctx.eng) & BR_SSL_RECVAPP;
struct ssl_backend_data *backend = connssl->backend;
return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
}
static CURLcode Curl_bearssl_random(struct Curl_easy *data UNUSED_PARAM,
@ -786,21 +790,23 @@ static CURLcode Curl_bearssl_connect_nonblocking(struct connectdata *conn,
static void *Curl_bearssl_get_internals(struct ssl_connect_data *connssl,
CURLINFO info UNUSED_PARAM)
{
return &BACKEND->ctx;
struct ssl_backend_data *backend = connssl->backend;
return &backend->ctx;
}
static void Curl_bearssl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
size_t i;
if(BACKEND->active) {
br_ssl_engine_close(&BACKEND->ctx.eng);
if(backend->active) {
br_ssl_engine_close(&backend->ctx.eng);
(void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED);
}
for(i = 0; i < BACKEND->anchors_len; ++i)
free(BACKEND->anchors[i].dn.data);
free(BACKEND->anchors);
for(i = 0; i < backend->anchors_len; ++i)
free(backend->anchors[i].dn.data);
free(backend->anchors);
}
static void Curl_bearssl_session_free(void *ptr)
@ -836,9 +842,7 @@ static CURLcode Curl_bearssl_sha256sum(const unsigned char *input,
const struct Curl_ssl Curl_ssl_bearssl = {
{ CURLSSLBACKEND_BEARSSL, "bearssl" },
0,
sizeof(struct ssl_backend_data),
Curl_none_init,