diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c index bd7498aad..ca182e507 100644 --- a/lib/vtls/axtls.c +++ b/lib/vtls/axtls.c @@ -49,7 +49,7 @@ /* Global axTLS init, called from Curl_ssl_init() */ -int Curl_axtls_init(void) +static int Curl_axtls_init(void) { /* axTLS has no global init. Everything is done through SSL and SSL_CTX * structs stored in connectdata structure. Perhaps can move to axtls.h. @@ -57,7 +57,7 @@ int Curl_axtls_init(void) return 1; } -void Curl_axtls_cleanup(void) +static void Curl_axtls_cleanup(void) { /* axTLS has no global cleanup. Perhaps can move this to axtls.h. */ } @@ -284,7 +284,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex) return CURLE_OK; } -void Curl_axtls_close(struct connectdata *conn, int sockindex) +static void Curl_axtls_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -424,10 +424,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex) * Use axTLS's non-blocking connection feature to open an SSL connection. * This is called after a TCP connection is already established. */ -CURLcode Curl_axtls_connect_nonblocking( - struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_axtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { CURLcode conn_step; int ssl_fcn_return; @@ -491,10 +489,7 @@ CURLcode Curl_axtls_connect_nonblocking( * This function is called after the TCP connect has completed. Setup the TLS * layer and do all necessary magic for a blocking connect. */ -CURLcode -Curl_axtls_connect(struct connectdata *conn, - int sockindex) - +static CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; CURLcode conn_step = connect_prep(conn, sockindex); @@ -563,7 +558,7 @@ static ssize_t axtls_send(struct connectdata *conn, * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) +static int Curl_axtls_shutdown(struct connectdata *conn, int sockindex) { /* Outline taken from openssl.c since functions are in axTLS compat layer. axTLS's error set is much smaller, so a lot of error-handling was removed. @@ -662,7 +657,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */ * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_axtls_check_cxn(struct connectdata *conn) +static int Curl_axtls_check_cxn(struct connectdata *conn) { /* openssl.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1); axTLS compat layer always returns the last argument, so connection is @@ -672,7 +667,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn) return 1; /* connection still in place */ } -void Curl_axtls_session_free(void *ptr) +static void Curl_axtls_session_free(void *ptr) { (void)ptr; /* free the ID */ @@ -680,14 +675,13 @@ void Curl_axtls_session_free(void *ptr) compatibility layer does nothing, so we do nothing too. */ } -size_t Curl_axtls_version(char *buffer, size_t size) +static size_t Curl_axtls_version(char *buffer, size_t size) { return snprintf(buffer, size, "axTLS/%s", ssl_version()); } -CURLcode Curl_axtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_axtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { static bool ssl_seeded = FALSE; (void)data; diff --git a/lib/vtls/axtls.h b/lib/vtls/axtls.h index 8890972c1..63adf8fc5 100644 --- a/lib/vtls/axtls.h +++ b/lib/vtls/axtls.h @@ -27,25 +27,6 @@ #include "curl/curl.h" #include "urldata.h" -int Curl_axtls_init(void); -void Curl_axtls_cleanup(void); -CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_axtls_connect_nonblocking( - struct connectdata *conn, - int sockindex, - bool *done); - - /* close a SSL connection */ -void Curl_axtls_close(struct connectdata *conn, int sockindex); - -void Curl_axtls_session_free(void *ptr); -size_t Curl_axtls_version(char *buffer, size_t size); -int Curl_axtls_shutdown(struct connectdata *conn, int sockindex); -int Curl_axtls_check_cxn(struct connectdata *conn); -CURLcode Curl_axtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - extern const struct Curl_ssl Curl_ssl_axtls; /* Set the API backend definition to axTLS */ diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 59aa1d5b2..7cc294b1d 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -696,7 +696,7 @@ static ssize_t cyassl_send(struct connectdata *conn, return rc; } -void Curl_cyassl_close(struct connectdata *conn, int sockindex) +static void Curl_cyassl_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *conssl = &conn->ssl[sockindex]; @@ -744,14 +744,14 @@ static ssize_t cyassl_recv(struct connectdata *conn, } -void Curl_cyassl_session_free(void *ptr) +static void Curl_cyassl_session_free(void *ptr) { (void)ptr; /* CyaSSL reuses sessions on own, no free */ } -size_t Curl_cyassl_version(char *buffer, size_t size) +static size_t Curl_cyassl_version(char *buffer, size_t size) { #if LIBCYASSL_VERSION_HEX >= 0x03006000 return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version()); @@ -765,13 +765,14 @@ size_t Curl_cyassl_version(char *buffer, size_t size) } -int Curl_cyassl_init(void) +static int Curl_cyassl_init(void) { return (CyaSSL_Init() == SSL_SUCCESS); } -bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) +static bool Curl_cyassl_data_pending(const struct connectdata* conn, + int connindex) { if(conn->ssl[connindex].handle) /* SSL is in use */ return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE; @@ -784,7 +785,7 @@ bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex) * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) { int retval = 0; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -911,18 +912,14 @@ cyassl_connect_common(struct connectdata *conn, } -CURLcode -Curl_cyassl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return cyassl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_cyassl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -936,9 +933,8 @@ Curl_cyassl_connect(struct connectdata *conn, return CURLE_OK; } -CURLcode Curl_cyassl_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_cyassl_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { RNG rng; (void)data; diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h index 423fdc0bf..8a6771e2a 100644 --- a/lib/vtls/cyassl.h +++ b/lib/vtls/cyassl.h @@ -25,24 +25,6 @@ #ifdef USE_CYASSL -CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex); -bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex); -int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex); - - /* close a SSL connection */ -void Curl_cyassl_close(struct connectdata *conn, int sockindex); - -void Curl_cyassl_session_free(void *ptr); -size_t Curl_cyassl_version(char *buffer, size_t size); -int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex); -int Curl_cyassl_init(void); -CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -CURLcode Curl_cyassl_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - extern const struct Curl_ssl Curl_ssl_cyassl; /* Set the API backend definition to CyaSSL */ diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c index 076ee293c..aef644457 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/darwinssl.c @@ -2568,17 +2568,13 @@ darwinssl_connect_common(struct connectdata *conn, return CURLE_OK; } -CURLcode -Curl_darwinssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return darwinssl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_darwinssl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -2593,7 +2589,7 @@ Curl_darwinssl_connect(struct connectdata *conn, return CURLE_OK; } -void Curl_darwinssl_close(struct connectdata *conn, int sockindex) +static void Curl_darwinssl_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -2614,7 +2610,7 @@ void Curl_darwinssl_close(struct connectdata *conn, int sockindex) connssl->ssl_sockfd = 0; } -int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; @@ -2667,7 +2663,7 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) return rc; } -void Curl_darwinssl_session_free(void *ptr) +static void Curl_darwinssl_session_free(void *ptr) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private @@ -2678,7 +2674,7 @@ void Curl_darwinssl_session_free(void *ptr) Curl_safefree(ptr); } -size_t Curl_darwinssl_version(char *buffer, size_t size) +static size_t Curl_darwinssl_version(char *buffer, size_t size) { return snprintf(buffer, size, "SecureTransport"); } @@ -2691,7 +2687,7 @@ size_t Curl_darwinssl_version(char *buffer, size_t size) * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_darwinssl_check_cxn(struct connectdata *conn) +static int Curl_darwinssl_check_cxn(struct connectdata *conn) { struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; OSStatus err; @@ -2706,8 +2702,8 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn) return 0; } -bool Curl_darwinssl_data_pending(const struct connectdata *conn, - int connindex) +static bool Curl_darwinssl_data_pending(const struct connectdata *conn, + int connindex) { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; OSStatus err; @@ -2723,8 +2719,8 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn, return false; } -CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, - unsigned char *entropy, size_t length) +static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy, size_t length) { /* arc4random_buf() isn't available on cats older than Lion, so let's do this manually for the benefit of the older cats. */ @@ -2760,7 +2756,7 @@ static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ (void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum); } -bool Curl_darwinssl_false_start(void) +static bool Curl_darwinssl_false_start(void) { #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 if(SSLSetSessionOption != NULL) diff --git a/lib/vtls/darwinssl.h b/lib/vtls/darwinssl.h index 9c4611988..aace2946d 100644 --- a/lib/vtls/darwinssl.h +++ b/lib/vtls/darwinssl.h @@ -26,26 +26,6 @@ #ifdef USE_DARWINSSL -CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* close a SSL connection */ -void Curl_darwinssl_close(struct connectdata *conn, int sockindex); - -void Curl_darwinssl_session_free(void *ptr); -size_t Curl_darwinssl_version(char *buffer, size_t size); -int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex); -int Curl_darwinssl_check_cxn(struct connectdata *conn); -bool Curl_darwinssl_data_pending(const struct connectdata *conn, - int connindex); - -CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); -bool Curl_darwinssl_false_start(void); - extern const struct Curl_ssl Curl_ssl_darwinssl; /* Set the API backend definition to SecureTransport */ diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index fc73cf289..dab114912 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -427,7 +427,7 @@ static CURLcode set_ciphers(struct connectdata *conn, } -int Curl_gskit_init(void) +static int Curl_gskit_init(void) { /* No initialisation needed. */ @@ -435,7 +435,7 @@ int Curl_gskit_init(void) } -void Curl_gskit_cleanup(void) +static void Curl_gskit_cleanup(void) { /* Nothing to do. */ } @@ -1216,9 +1216,8 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex, } -CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { CURLcode result; @@ -1229,7 +1228,7 @@ CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, } -CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done; @@ -1245,14 +1244,14 @@ CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex) } -void Curl_gskit_close(struct connectdata *conn, int sockindex) +static void Curl_gskit_close(struct connectdata *conn, int sockindex) { close_one(&conn->ssl[sockindex], conn, sockindex); close_one(&conn->proxy_ssl[sockindex], conn, sockindex); } -int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) +static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; @@ -1306,14 +1305,14 @@ int Curl_gskit_shutdown(struct connectdata *conn, int sockindex) } -size_t Curl_gskit_version(char *buffer, size_t size) +static size_t Curl_gskit_version(char *buffer, size_t size) { strncpy(buffer, "GSKit", size); return strlen(buffer); } -int Curl_gskit_check_cxn(struct connectdata *cxn) +static int Curl_gskit_check_cxn(struct connectdata *cxn) { int err; int errlen; diff --git a/lib/vtls/gskit.h b/lib/vtls/gskit.h index c8a2810e5..91e55987c 100644 --- a/lib/vtls/gskit.h +++ b/lib/vtls/gskit.h @@ -30,16 +30,6 @@ #include "urldata.h" #ifdef USE_GSKIT -int Curl_gskit_init(void); -void Curl_gskit_cleanup(void); -CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done); -void Curl_gskit_close(struct connectdata *conn, int sockindex); -int Curl_gskit_shutdown(struct connectdata *conn, int sockindex); - -size_t Curl_gskit_version(char *buffer, size_t size); -int Curl_gskit_check_cxn(struct connectdata *cxn); extern const struct Curl_ssl Curl_ssl_gskit; diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 493520a62..54fda5467 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -186,7 +186,7 @@ static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len) * must only be called from within curl_global_init() to keep the thread * situation under control! */ -int Curl_gtls_init(void) +static int Curl_gtls_init(void) { int ret = 1; if(!gtls_inited) { @@ -200,7 +200,7 @@ int Curl_gtls_init(void) return ret; } -void Curl_gtls_cleanup(void) +static void Curl_gtls_cleanup(void) { if(gtls_inited) { gnutls_global_deinit(); @@ -1493,18 +1493,13 @@ gtls_connect_common(struct connectdata *conn, return CURLE_OK; } -CURLcode -Curl_gtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return gtls_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_gtls_connect(struct connectdata *conn, - int sockindex) - +static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -1518,7 +1513,8 @@ Curl_gtls_connect(struct connectdata *conn, return CURLE_OK; } -bool Curl_gtls_data_pending(const struct connectdata *conn, int connindex) +static bool Curl_gtls_data_pending(const struct connectdata *conn, + int connindex) { bool res = FALSE; if(conn->ssl[connindex].session && @@ -1570,7 +1566,7 @@ static void close_one(struct ssl_connect_data *ssl) #endif } -void Curl_gtls_close(struct connectdata *conn, int sockindex) +static void Curl_gtls_close(struct connectdata *conn, int sockindex) { close_one(&conn->ssl[sockindex]); close_one(&conn->proxy_ssl[sockindex]); @@ -1580,7 +1576,7 @@ void Curl_gtls_close(struct connectdata *conn, int sockindex) * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) +static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) { ssize_t result; int retval = 0; @@ -1678,6 +1674,7 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */ if(ret < 0) { failf(conn->data, "GnuTLS recv error (%d): %s", + (int)ret, gnutls_strerror((int)ret)); *curlcode = CURLE_RECV_ERROR; return -1; @@ -1686,12 +1683,12 @@ static ssize_t gtls_recv(struct connectdata *conn, /* connection data */ return ret; } -void Curl_gtls_session_free(void *ptr) +static void Curl_gtls_session_free(void *ptr) { free(ptr); } -size_t Curl_gtls_version(char *buffer, size_t size) +static size_t Curl_gtls_version(char *buffer, size_t size) { return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL)); } @@ -1721,9 +1718,8 @@ static int Curl_gtls_seed(struct Curl_easy *data) #endif /* data might be NULL! */ -CURLcode Curl_gtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_gtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { #if defined(USE_GNUTLS_NETTLE) int rc; @@ -1777,7 +1773,7 @@ static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ #endif } -bool Curl_gtls_cert_status_request(void) +static bool Curl_gtls_cert_status_request(void) { #ifdef HAS_OCSP return TRUE; diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h index f51cd70cf..0dcf13a56 100644 --- a/lib/vtls/gtls.h +++ b/lib/vtls/gtls.h @@ -28,27 +28,6 @@ #include "urldata.h" -int Curl_gtls_init(void); -void Curl_gtls_cleanup(void); -CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -bool Curl_gtls_data_pending(const struct connectdata *conn, - int connindex); - - /* close a SSL connection */ -void Curl_gtls_close(struct connectdata *conn, int sockindex); - -void Curl_gtls_session_free(void *ptr); -size_t Curl_gtls_version(char *buffer, size_t size); -int Curl_gtls_shutdown(struct connectdata *conn, int sockindex); -CURLcode Curl_gtls_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - -bool Curl_gtls_cert_status_request(void); - extern const struct Curl_ssl Curl_ssl_gnutls; /* Set the API backend definition to GnuTLS */ diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index b13c617a4..ea8f3c6d5 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -744,12 +744,12 @@ static ssize_t mbed_send(struct connectdata *conn, int sockindex, return ret; } -void Curl_mbedtls_close_all(struct Curl_easy *data) +static void Curl_mbedtls_close_all(struct Curl_easy *data) { (void)data; } -void Curl_mbedtls_close(struct connectdata *conn, int sockindex) +static void Curl_mbedtls_close(struct connectdata *conn, int sockindex) { mbedtls_pk_free(&conn->ssl[sockindex].pk); mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); @@ -788,21 +788,21 @@ static ssize_t mbed_recv(struct connectdata *conn, int num, return len; } -void Curl_mbedtls_session_free(void *ptr) +static void Curl_mbedtls_session_free(void *ptr) { mbedtls_ssl_session_free(ptr); free(ptr); } -size_t Curl_mbedtls_version(char *buffer, size_t size) +static size_t Curl_mbedtls_version(char *buffer, size_t size) { unsigned int version = mbedtls_version_get_number(); return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24, (version>>16)&0xff, (version>>8)&0xff); } -CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, - size_t length) +static CURLcode Curl_mbedtls_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { #if defined(MBEDTLS_CTR_DRBG_C) int ret = -1; @@ -963,18 +963,14 @@ mbed_connect_common(struct connectdata *conn, return CURLE_OK; } -CURLcode -Curl_mbedtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return mbed_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_mbedtls_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex) { CURLcode retcode; bool done = FALSE; @@ -992,17 +988,18 @@ Curl_mbedtls_connect(struct connectdata *conn, * return 0 error initializing SSL * return 1 SSL initialized successfully */ -int Curl_mbedtls_init(void) +static int Curl_mbedtls_init(void) { return Curl_polarsslthreadlock_thread_setup(); } -void Curl_mbedtls_cleanup(void) +static void Curl_mbedtls_cleanup(void) { (void)Curl_polarsslthreadlock_thread_cleanup(); } -bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_mbedtls_data_pending(const struct connectdata *conn, + int sockindex) { return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; } diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h index aaf84bd54..842b4d50f 100644 --- a/lib/vtls/mbedtls.h +++ b/lib/vtls/mbedtls.h @@ -26,31 +26,6 @@ #ifdef USE_MBEDTLS -/* Called on first use mbedTLS, setup threading if supported */ -int Curl_mbedtls_init(void); -void Curl_mbedtls_cleanup(void); -bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* tell mbedTLS to close down all open information regarding connections (and - thus session ID caching etc) */ -void Curl_mbedtls_close_all(struct Curl_easy *data); - - /* close a SSL connection */ -void Curl_mbedtls_close(struct connectdata *conn, int sockindex); - -void Curl_mbedtls_session_free(void *ptr); -size_t Curl_mbedtls_version(char *buffer, size_t size); -int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex); - -CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); - extern const struct Curl_ssl Curl_ssl_mbedtls; #define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 8c2161843..3f3d59f0d 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1351,7 +1351,7 @@ static CURLcode nss_init(struct Curl_easy *data) * @retval 0 error initializing SSL * @retval 1 SSL initialized successfully */ -int Curl_nss_init(void) +static int Curl_nss_init(void) { /* curl_global_init() is not thread-safe so this test is ok */ if(nss_initlock == NULL) { @@ -1386,7 +1386,7 @@ CURLcode Curl_nss_force_init(struct Curl_easy *data) } /* Global cleanup */ -void Curl_nss_cleanup(void) +static void Curl_nss_cleanup(void) { /* This function isn't required to be threadsafe and this is only done * as a safety feature. @@ -1426,8 +1426,7 @@ void Curl_nss_cleanup(void) * 0 means the connection has been closed * -1 means the connection status is unknown */ -int -Curl_nss_check_cxn(struct connectdata *conn) +static int Curl_nss_check_cxn(struct connectdata *conn) { int rc; char buf; @@ -1473,7 +1472,7 @@ static void nss_close(struct ssl_connect_data *connssl) /* * This function is called when an SSL connection is closed. */ -void Curl_nss_close(struct connectdata *conn, int sockindex) +static void Curl_nss_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; @@ -2164,13 +2163,13 @@ static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, return CURLE_OK; } -CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) { return nss_connect_common(conn, sockindex, /* blocking */ NULL); } -CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done) +static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return nss_connect_common(conn, sockindex, done); } @@ -2252,22 +2251,22 @@ static ssize_t nss_recv(struct connectdata *conn, /* connection data */ return nread; } -size_t Curl_nss_version(char *buffer, size_t size) +static size_t Curl_nss_version(char *buffer, size_t size) { return snprintf(buffer, size, "NSS/%s", NSS_VERSION); } /* data might be NULL */ -int Curl_nss_seed(struct Curl_easy *data) +static int Curl_nss_seed(struct Curl_easy *data) { /* make sure that NSS is initialized */ return !!Curl_nss_force_init(data); } /* data might be NULL */ -CURLcode Curl_nss_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length) +static CURLcode Curl_nss_random(struct Curl_easy *data, + unsigned char *entropy, + size_t length) { Curl_nss_seed(data); /* Initiate the seed if not already done */ @@ -2306,7 +2305,7 @@ static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */ PK11_DestroyContext(SHA256pw, PR_TRUE); } -bool Curl_nss_cert_status_request(void) +static bool Curl_nss_cert_status_request(void) { #ifdef SSL_ENABLE_OCSP_STAPLING return TRUE; @@ -2315,7 +2314,7 @@ bool Curl_nss_cert_status_request(void) #endif } -bool Curl_nss_false_start(void) +static bool Curl_nss_false_start(void) { #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ return TRUE; diff --git a/lib/vtls/nssg.h b/lib/vtls/nssg.h index 7bf8123a6..5c3015a8b 100644 --- a/lib/vtls/nssg.h +++ b/lib/vtls/nssg.h @@ -30,32 +30,9 @@ #include "urldata.h" -CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); -/* close a SSL connection */ -void Curl_nss_close(struct connectdata *conn, int sockindex); - -int Curl_nss_init(void); -void Curl_nss_cleanup(void); - -size_t Curl_nss_version(char *buffer, size_t size); -int Curl_nss_check_cxn(struct connectdata *cxn); -int Curl_nss_seed(struct Curl_easy *data); - /* initialize NSS library if not already */ CURLcode Curl_nss_force_init(struct Curl_easy *data); -CURLcode Curl_nss_random(struct Curl_easy *data, - unsigned char *entropy, - size_t length); - - -bool Curl_nss_cert_status_request(void); - -bool Curl_nss_false_start(void); - extern const struct Curl_ssl Curl_ssl_nss; /* Set the API backend definition to NSS */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 00956f986..69f35c73c 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -732,7 +732,7 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) * @retval 0 error initializing SSL * @retval 1 SSL initialized successfully */ -int Curl_ossl_init(void) +static int Curl_ossl_init(void) { OPENSSL_load_builtin_modules(); @@ -774,7 +774,7 @@ int Curl_ossl_init(void) } /* Global cleanup */ -void Curl_ossl_cleanup(void) +static void Curl_ossl_cleanup(void) { #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ !defined(LIBRESSL_VERSION_NUMBER) @@ -816,7 +816,7 @@ void Curl_ossl_cleanup(void) * 0 means the connection has been closed * -1 means the connection status is unknown */ -int Curl_ossl_check_cxn(struct connectdata *conn) +static int Curl_ossl_check_cxn(struct connectdata *conn) { /* SSL_peek takes data out of the raw recv buffer without peeking so we use recv MSG_PEEK instead. Bug #795 */ @@ -862,7 +862,8 @@ int Curl_ossl_check_cxn(struct connectdata *conn) /* Selects an OpenSSL crypto engine */ -CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine) +static CURLcode Curl_ossl_set_engine(struct Curl_easy *data, + const char *engine) { #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) ENGINE *e; @@ -907,7 +908,7 @@ CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine) /* Sets engine as default for all SSL operations */ -CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) +static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) { #ifdef HAVE_OPENSSL_ENGINE_H if(data->state.engine) { @@ -929,7 +930,7 @@ CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data) /* Return list of OpenSSL crypto engine names. */ -struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) +static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data) { struct curl_slist *list = NULL; #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H) @@ -968,7 +969,7 @@ static void ossl_close(struct ssl_connect_data *connssl) /* * This function is called when an SSL connection is closed. */ -void Curl_ossl_close(struct connectdata *conn, int sockindex) +static void Curl_ossl_close(struct connectdata *conn, int sockindex) { ossl_close(&conn->ssl[sockindex]); ossl_close(&conn->proxy_ssl[sockindex]); @@ -978,7 +979,7 @@ void Curl_ossl_close(struct connectdata *conn, int sockindex) * This function is called to shut down the SSL layer but keep the * socket open (CCC - Clear Command Channel) */ -int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) { int retval = 0; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -1077,7 +1078,7 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) return retval; } -void Curl_ossl_session_free(void *ptr) +static void Curl_ossl_session_free(void *ptr) { /* free the ID */ SSL_SESSION_free(ptr); @@ -1087,7 +1088,7 @@ void Curl_ossl_session_free(void *ptr) * This function is called when the 'data' struct is going away. Close * down everything and free all resources! */ -void Curl_ossl_close_all(struct Curl_easy *data) +static void Curl_ossl_close_all(struct Curl_easy *data) { #ifdef HAVE_OPENSSL_ENGINE_H if(data->state.engine) { @@ -3148,14 +3149,14 @@ static CURLcode ossl_connect_common(struct connectdata *conn, return CURLE_OK; } -CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, + int sockindex, + bool *done) { return ossl_connect_common(conn, sockindex, TRUE, done); } -CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -3169,7 +3170,8 @@ CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex) return CURLE_OK; } -bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex) +static bool Curl_ossl_data_pending(const struct connectdata *conn, + int connindex) { if(conn->ssl[connindex].handle) /* SSL is in use */ @@ -3180,6 +3182,8 @@ bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex) return FALSE; } +static size_t Curl_ossl_version(char *buffer, size_t size); + static ssize_t ossl_send(struct connectdata *conn, int sockindex, const void *mem, @@ -3293,7 +3297,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ return nread; } -size_t Curl_ossl_version(char *buffer, size_t size) +static size_t Curl_ossl_version(char *buffer, size_t size) { #ifdef OPENSSL_IS_BORINGSSL return snprintf(buffer, size, OSSL_PACKAGE); @@ -3333,8 +3337,8 @@ size_t Curl_ossl_version(char *buffer, size_t size) } /* can be called with data == NULL */ -CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy, - size_t length) +static CURLcode Curl_ossl_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) { int rc; if(data) { @@ -3377,7 +3381,7 @@ static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */ } #endif -bool Curl_ossl_cert_status_request(void) +static bool Curl_ossl_cert_status_request(void) { #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index 9df0503ea..673719604 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -31,46 +31,6 @@ #include "urldata.h" -CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex); -CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -/* close a SSL connection */ -void Curl_ossl_close(struct connectdata *conn, int sockindex); - -/* tell OpenSSL to close down all open information regarding connections (and - thus session ID caching etc) */ -void Curl_ossl_close_all(struct Curl_easy *data); - -/* Sets an OpenSSL engine */ -CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine); - -/* function provided for the generic SSL-layer, called when a session id - should be freed */ -void Curl_ossl_session_free(void *ptr); - -/* Sets engine as default for all SSL operations */ -CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data); - -/* Build list of OpenSSL engines */ -struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data); - -int Curl_ossl_init(void); -void Curl_ossl_cleanup(void); - -size_t Curl_ossl_version(char *buffer, size_t size); -int Curl_ossl_check_cxn(struct connectdata *cxn); -int Curl_ossl_shutdown(struct connectdata *conn, int sockindex); -bool Curl_ossl_data_pending(const struct connectdata *conn, - int connindex); - -/* return 0 if a find random is filled in */ -CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); - -bool Curl_ossl_cert_status_request(void); - extern const struct Curl_ssl Curl_ssl_openssl; /* Set the API backend definition to OpenSSL */ diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index ee5a942da..e12a50d6a 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -659,7 +659,7 @@ static ssize_t polarssl_send(struct connectdata *conn, return ret; } -void Curl_polarssl_close(struct connectdata *conn, int sockindex) +static void Curl_polarssl_close(struct connectdata *conn, int sockindex) { rsa_free(&conn->ssl[sockindex].rsa); x509_crt_free(&conn->ssl[sockindex].clicert); @@ -694,7 +694,7 @@ static ssize_t polarssl_recv(struct connectdata *conn, return len; } -void Curl_polarssl_session_free(void *ptr) +static void Curl_polarssl_session_free(void *ptr) { ssl_session_free(ptr); free(ptr); @@ -703,7 +703,7 @@ void Curl_polarssl_session_free(void *ptr) /* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and higher) will be mbed TLS branded.. */ -size_t Curl_polarssl_version(char *buffer, size_t size) +static size_t Curl_polarssl_version(char *buffer, size_t size) { unsigned int version = version_get_number(); return snprintf(buffer, size, "%s/%d.%d.%d", @@ -825,18 +825,14 @@ polarssl_connect_common(struct connectdata *conn, return CURLE_OK; } -CURLcode -Curl_polarssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done) +static CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return polarssl_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_polarssl_connect(struct connectdata *conn, - int sockindex) +static CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -854,18 +850,18 @@ Curl_polarssl_connect(struct connectdata *conn, * return 0 error initializing SSL * return 1 SSL initialized successfully */ -int Curl_polarssl_init(void) +static int Curl_polarssl_init(void) { return Curl_polarsslthreadlock_thread_setup(); } -void Curl_polarssl_cleanup(void) +static void Curl_polarssl_cleanup(void) { (void)Curl_polarsslthreadlock_thread_cleanup(); } - -bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_polarssl_data_pending(const struct connectdata *conn, + int sockindex) { return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0; } diff --git a/lib/vtls/polarssl.h b/lib/vtls/polarssl.h index b2560ddb1..ce534fa53 100644 --- a/lib/vtls/polarssl.h +++ b/lib/vtls/polarssl.h @@ -26,25 +26,6 @@ #ifdef USE_POLARSSL -/* Called on first use PolarSSL, setup threading if supported */ -int Curl_polarssl_init(void); -void Curl_polarssl_cleanup(void); -bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); - - -CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - - /* close a SSL connection */ -void Curl_polarssl_close(struct connectdata *conn, int sockindex); - -void Curl_polarssl_session_free(void *ptr); -size_t Curl_polarssl_version(char *buffer, size_t size); -int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); - extern const struct Curl_ssl Curl_ssl_polarssl; /* Set the API backend definition to PolarSSL */ diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 8308ccbc6..0531b9b2f 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -1395,15 +1395,13 @@ cleanup: return *err ? -1 : 0; } -CURLcode -Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex, - bool *done) +static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) { return schannel_connect_common(conn, sockindex, TRUE, done); } -CURLcode -Curl_schannel_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; @@ -1417,7 +1415,8 @@ Curl_schannel_connect(struct connectdata *conn, int sockindex) return CURLE_OK; } -bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex) +static bool Curl_schannel_data_pending(const struct connectdata *conn, + int sockindex) { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -1428,14 +1427,14 @@ bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex) return FALSE; } -void Curl_schannel_close(struct connectdata *conn, int sockindex) +static void Curl_schannel_close(struct connectdata *conn, int sockindex) { if(conn->ssl[sockindex].use) /* if the SSL/TLS channel hasn't been shut down yet, do that now. */ Curl_ssl_shutdown(conn, sockindex); } -void Curl_schannel_session_free(void *ptr) +static void Curl_schannel_session_free(void *ptr) { /* this is expected to be called under sessionid lock */ struct curl_schannel_cred *cred = ptr; @@ -1447,7 +1446,7 @@ void Curl_schannel_session_free(void *ptr) } } -int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) +static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) { /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx * Shutting Down an Schannel Connection @@ -1551,25 +1550,25 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) return CURLE_OK; } -int Curl_schannel_init(void) +static int Curl_schannel_init(void) { return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0); } -void Curl_schannel_cleanup(void) +static void Curl_schannel_cleanup(void) { Curl_sspi_global_cleanup(); } -size_t Curl_schannel_version(char *buffer, size_t size) +static size_t Curl_schannel_version(char *buffer, size_t size) { size = snprintf(buffer, size, "WinSSL"); return size; } -CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, - unsigned char *entropy, size_t length) +static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, + unsigned char *entropy, size_t length) { HCRYPTPROV hCryptProv = 0; diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h index aaf253a6b..04d640147 100644 --- a/lib/vtls/schannel.h +++ b/lib/vtls/schannel.h @@ -76,25 +76,6 @@ #define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 #define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 - -CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex); - -CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn, - int sockindex, - bool *done); - -bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex); -void Curl_schannel_close(struct connectdata *conn, int sockindex); -int Curl_schannel_shutdown(struct connectdata *conn, int sockindex); -void Curl_schannel_session_free(void *ptr); - -int Curl_schannel_init(void); -void Curl_schannel_cleanup(void); -size_t Curl_schannel_version(char *buffer, size_t size); - -CURLcode Curl_schannel_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); - extern const struct Curl_ssl Curl_ssl_schannel; /* Set the API backend definition to Schannel */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index d55328b8c..bc72ad31e 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -28,14 +28,6 @@ to any specific SSL-layer. Curl_ssl_ - prefix for generic ones - Curl_ossl_ - prefix for OpenSSL ones - Curl_gtls_ - prefix for GnuTLS ones - Curl_nss_ - prefix for NSS ones - Curl_gskit_ - prefix for GSKit ones - Curl_polarssl_ - prefix for PolarSSL ones - Curl_cyassl_ - prefix for CyaSSL ones - Curl_schannel_ - prefix for Schannel SSPI ones - Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones Note that this source code uses the functions of the configured SSL backend via the global Curl_ssl instance.