vtls: declare Curl_ssl structs for every SSL backend

The idea of introducing the Curl_ssl struct was to unify how the SSL backends are declared and called. To this end, we now provide an instance of the Curl_ssl struct for each and every SSL backend. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2024-12-21 23:58:49 -05:00 · 2017-06-22 16:45:34 +02:00 · 2017-06-22 16:45:34 +02:00 · e09bb63ed8
commit e09bb63ed8
parent e7e03e47d4
22 changed files with 346 additions and 0 deletions
--- a/lib/vtls/axtls.c
+++ b/lib/vtls/axtls.c
@ -702,4 +702,26 @@ CURLcode Curl_axtls_random(struct Curl_easy *data,
  return CURLE_OK;
 }

+const struct Curl_ssl Curl_ssl_axtls = {
+  "axtls",                        /* name */
+
+  Curl_axtls_init,                /* init */
+  Curl_axtls_cleanup,             /* cleanup */
+  Curl_axtls_version,             /* version */
+  Curl_axtls_check_cxn,           /* check_cxn */
+  Curl_axtls_shutdown,            /* shutdown */
+  Curl_none_data_pending,         /* data_pending */
+  Curl_axtls_random,              /* random */
+  Curl_none_cert_status_request,  /* cert_status_request */
+  Curl_axtls_connect,             /* connect */
+  Curl_axtls_connect_nonblocking, /* connect_nonblocking */
+  Curl_axtls_close,               /* close */
+  Curl_none_close_all,            /* close_all */
+  Curl_axtls_session_free,        /* session_free */
+  Curl_none_set_engine,           /* set_engine */
+  Curl_none_set_engine_default,   /* set_engine_default */
+  Curl_none_engines_list,         /* engines_list */
+  Curl_none_false_start           /* false_start */
+};
+
 #endif /* USE_AXTLS */
--- a/lib/vtls/axtls.h
+++ b/lib/vtls/axtls.h
@ -46,6 +46,8 @@ CURLcode Curl_axtls_random(struct Curl_easy *data,
                           unsigned char *entropy,
                           size_t length);

+extern const struct Curl_ssl Curl_ssl_axtls;
+
 /* Set the API backend definition to axTLS */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_AXTLS

--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@ -951,4 +951,26 @@ void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
  Sha256Final(&SHA256pw, sha256sum);
 }

+const struct Curl_ssl Curl_ssl_cyassl = {
+  "cyassl",                        /* name */
+
+  Curl_cyassl_init,                /* init */
+  Curl_none_cleanup,               /* cleanup */
+  Curl_cyassl_version,             /* version */
+  Curl_none_check_cxn,             /* check_cxn */
+  Curl_cyassl_shutdown,            /* shutdown */
+  Curl_cyassl_data_pending,        /* data_pending */
+  Curl_cyassl_random,              /* random */
+  Curl_none_cert_status_request,   /* cert_status_request */
+  Curl_cyassl_connect,             /* connect */
+  Curl_cyassl_connect_nonblocking, /* connect_nonblocking */
+  Curl_cyassl_close,               /* close */
+  Curl_none_close_all,             /* close_all */
+  Curl_cyassl_session_free,        /* session_free */
+  Curl_none_set_engine,            /* set_engine */
+  Curl_none_set_engine_default,    /* set_engine_default */
+  Curl_none_engines_list,          /* engines_list */
+  Curl_none_false_start            /* false_start */
+};
+
 #endif
--- a/lib/vtls/cyassl.h
+++ b/lib/vtls/cyassl.h
@ -59,6 +59,8 @@ void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
                     unsigned char *sha256sum, /* output */
                     size_t unused);

+extern const struct Curl_ssl Curl_ssl_cyassl;
+
 /* Set the API backend definition to CyaSSL */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_CYASSL

--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@ -2856,6 +2856,28 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
  return (ssize_t)processed;
 }

+const struct Curl_ssl Curl_ssl_darwinssl = {
+  "darwinssl",                        /* name */
+
+  Curl_none_init,                     /* init */
+  Curl_none_cleanup,                  /* cleanup */
+  Curl_darwinssl_version,             /* version */
+  Curl_darwinssl_check_cxn,           /* check_cxn */
+  Curl_darwinssl_shutdown,            /* shutdown */
+  Curl_darwinssl_data_pending,        /* data_pending */
+  Curl_darwinssl_random,              /* random */
+  Curl_none_cert_status_request,      /* cert_status_request */
+  Curl_darwinssl_connect,             /* connect */
+  Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */
+  Curl_darwinssl_close,               /* close */
+  Curl_none_close_all,                /* close_all */
+  Curl_darwinssl_session_free,        /* session_free */
+  Curl_none_set_engine,               /* set_engine */
+  Curl_none_set_engine_default,       /* set_engine_default */
+  Curl_none_engines_list,             /* engines_list */
+  Curl_darwinssl_false_start          /* false_start */
+};
+
 #ifdef __clang__
 #pragma clang diagnostic pop
 #endif
--- a/lib/vtls/darwinssl.h
+++ b/lib/vtls/darwinssl.h
@ -54,6 +54,8 @@ void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
                              size_t sha256len);
 bool Curl_darwinssl_false_start(void);

+extern const struct Curl_ssl Curl_ssl_darwinssl;
+
 /* Set the API backend definition to SecureTransport */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_DARWINSSL

--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@ -1334,4 +1334,27 @@ int Curl_gskit_check_cxn(struct connectdata *cxn)
  return -1;  /* connection status unknown */
 }

+const struct Curl_ssl Curl_ssl_gskit = {
+  "gskit",                        /* name */
+
+  Curl_gskit_init,                /* init */
+  Curl_gskit_cleanup,             /* cleanup */
+  Curl_gskit_version,             /* version */
+  Curl_gskit_check_cxn,           /* check_cxn */
+  Curl_gskit_shutdown,            /* shutdown */
+  Curl_none_data_pending,         /* data_pending */
+  Curl_none_random,               /* random */
+  Curl_none_cert_status_request,  /* cert_status_request */
+  Curl_gskit_connect,             /* connect */
+  Curl_gskit_connect_nonblocking, /* connect_nonblocking */
+  Curl_gskit_close,               /* close */
+  Curl_none_close_all,            /* close_all */
+  /* No session handling for GSKit */
+  Curl_none_session_free,         /* session_free */
+  Curl_none_set_engine,           /* set_engine */
+  Curl_none_set_engine_default,   /* set_engine_default */
+  Curl_none_engines_list,         /* engines_list */
+  Curl_none_false_start           /* false_start */
+};
+
 #endif /* USE_GSKIT */
--- a/lib/vtls/gskit.h
+++ b/lib/vtls/gskit.h
@ -44,6 +44,8 @@ int Curl_gskit_check_cxn(struct connectdata *cxn);
 /* Support HTTPS-proxy */
 /* TODO: add '#define HTTPS_PROXY_SUPPORT 1' and fix test #1014 (if need) */

+extern const struct Curl_ssl Curl_ssl_gskit;
+
 /* Set the API backend definition to GSKit */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT

--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@ -1785,4 +1785,26 @@ bool Curl_gtls_cert_status_request(void)
 #endif
 }

+const struct Curl_ssl Curl_ssl_gnutls = {
+  "gnutls",                      /* name */
+
+  Curl_gtls_init,                /* init */
+  Curl_gtls_cleanup,             /* cleanup */
+  Curl_gtls_version,             /* version */
+  Curl_none_check_cxn,           /* check_cxn */
+  Curl_gtls_shutdown,            /* shutdown */
+  Curl_gtls_data_pending,        /* data_pending */
+  Curl_gtls_random,              /* random */
+  Curl_gtls_cert_status_request, /* cert_status_request */
+  Curl_gtls_connect,             /* connect */
+  Curl_gtls_connect_nonblocking, /* connect_nonblocking */
+  Curl_gtls_close,               /* close */
+  Curl_none_close_all,           /* close_all */
+  Curl_glts_session_free,        /* session_free */
+  Curl_none_set_engine,          /* set_engine */
+  Curl_none_set_engine_default,  /* set_engine_default */
+  Curl_none_engines_list,        /* engines_list */
+  Curl_none_false_start          /* false_start */
+};
+
 #endif /* USE_GNUTLS */
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@ -60,6 +60,8 @@ bool Curl_gtls_cert_status_request(void);
 /* Support HTTPS-proxy */
 #define HTTPS_PROXY_SUPPORT 1

+extern const struct Curl_ssl Curl_ssl_gnutls;
+
 /* Set the API backend definition to GnuTLS */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS

--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@ -1007,4 +1007,26 @@ bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex)
  return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
 }

+const struct Curl_ssl Curl_ssl_mbedtls = {
+  "mbedtls",                        /* name */
+
+  Curl_mbedtls_init,                /* init */
+  Curl_mbedtls_cleanup,             /* cleanup */
+  Curl_mbedtls_version,             /* version */
+  Curl_none_check_cxn,              /* check_cxn */
+  Curl_none_shutdown,               /* shutdown */
+  Curl_mbedtls_data_pending,        /* data_pending */
+  Curl_mbedtls_random,              /* random */
+  Curl_none_cert_status_request,    /* cert_status_request */
+  Curl_mbedtls_connect,             /* connect */
+  Curl_mbedtls_connect_nonblocking, /* connect_nonblocking */
+  Curl_mbedtls_close,               /* close */
+  Curl_mbedtls_close_all,           /* close_all */
+  Curl_mbedtls_session_free,        /* session_free */
+  Curl_none_set_engine,             /* set_engine */
+  Curl_none_set_engine_default,     /* set_engine_default */
+  Curl_none_engines_list,           /* engines_list */
+  Curl_none_false_start             /* false_start */
+};
+
 #endif /* USE_MBEDTLS */
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@ -59,6 +59,8 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
 /* this backend supports CURLOPT_SSL_CTX_* */
 #define have_curlssl_ssl_ctx 1

+extern const struct Curl_ssl Curl_ssl_mbedtls;
+
 /* API setup for mbedTLS */
 #define curlssl_init() Curl_mbedtls_init()
 #define curlssl_cleanup() Curl_mbedtls_cleanup()
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@ -2322,4 +2322,28 @@ bool Curl_nss_false_start(void)
 #endif
 }

+const struct Curl_ssl Curl_ssl_nss = {
+  "nss",                        /* name */
+
+  Curl_nss_init,                /* init */
+  Curl_nss_cleanup,             /* cleanup */
+  Curl_nss_version,             /* version */
+  Curl_nss_check_cxn,           /* check_cxn */
+  /* NSS has no shutdown function provided and thus always fail */
+  Curl_none_shutdown,           /* shutdown */
+  Curl_none_data_pending,       /* data_pending */
+  Curl_nss_random,              /* random */
+  Curl_nss_cert_status_request, /* cert_status_request */
+  Curl_nss_connect,             /* connect */
+  Curl_nss_connect_nonblocking, /* connect_nonblocking */
+  Curl_nss_close,               /* close */
+  Curl_none_close_all,          /* close_all */
+  /* NSS has its own session ID cache */
+  Curl_none_session_free,       /* session_free */
+  Curl_none_set_engine,         /* set_engine */
+  Curl_none_set_engine_default, /* set_engine_default */
+  Curl_none_engines_list,       /* engines_list */
+  Curl_nss_false_start          /* false_start */
+};
+
 #endif /* USE_NSS */
--- a/lib/vtls/nssg.h
+++ b/lib/vtls/nssg.h
@ -68,6 +68,8 @@ bool Curl_nss_false_start(void);
 /* Support HTTPS-proxy */
 #define HTTPS_PROXY_SUPPORT 1

+extern const struct Curl_ssl Curl_ssl_nss;
+
 /* Set the API backend definition to NSS */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_NSS

--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -3385,4 +3385,27 @@ bool Curl_ossl_cert_status_request(void)
  return FALSE;
 #endif
 }
+
+const struct Curl_ssl Curl_ssl_openssl = {
+  "openssl",                     /* name */
+
+  Curl_ossl_init,                /* init */
+  Curl_ossl_cleanup,             /* cleanup */
+  Curl_ossl_version,             /* version */
+  Curl_ossl_check_cxn,           /* check_cxn */
+  Curl_ossl_shutdown,            /* shutdown */
+  Curl_ossl_data_pending,        /* data_pending */
+  Curl_ossl_random,              /* random */
+  Curl_ossl_cert_status_request, /* cert_status_request */
+  Curl_ossl_connect,             /* connect */
+  Curl_ossl_connect_nonblocking, /* connect_nonblocking */
+  Curl_ossl_close,               /* close */
+  Curl_ossl_close_all,           /* close_all */
+  Curl_ossl_session_free,        /* session_free */
+  Curl_ossl_set_engine,          /* set_engine */
+  Curl_ossl_set_engine_default,  /* set_engine_default */
+  Curl_ossl_engines_list,        /* engines_list */
+  Curl_none_false_start          /* false_start */
+};
+
 #endif /* USE_OPENSSL */
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@ -82,6 +82,8 @@ bool Curl_ossl_cert_status_request(void);
 /* Support HTTPS-proxy */
 #define HTTPS_PROXY_SUPPORT 1

+extern const struct Curl_ssl Curl_ssl_openssl;
+
 /* Set the API backend definition to OpenSSL */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL

--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@ -870,4 +870,29 @@ bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex)
  return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
 }

+const struct Curl_ssl Curl_ssl_polarssl = {
+  "polarssl",                        /* name */
+
+  Curl_polarssl_init,                /* init */
+  Curl_polarssl_cleanup,             /* cleanup */
+  Curl_polarssl_version,             /* version */
+  Curl_none_check_cxn,               /* check_cxn */
+  Curl_none_shutdown,                /* shutdown */
+  Curl_polarssl_data_pending,        /* data_pending */
+  /* This might cause libcurl to use a weeker random!
+   * TODO: use Polarssl's CTR-DRBG or HMAC-DRBG
+  */
+  Curl_none_random,                  /* random */
+  Curl_none_cert_status_request,     /* cert_status_request */
+  Curl_polarssl_connect,             /* connect */
+  Curl_polarssl_connect_nonblocking, /* connect_nonblocking */
+  Curl_polarssl_close,               /* close */
+  Curl_none_close_all,               /* close_all */
+  Curl_polarssl_session_free,        /* session_free */
+  Curl_none_set_engine,              /* set_engine */
+  Curl_none_set_engine_default,      /* set_engine_default */
+  Curl_none_engines_list,            /* engines_list */
+  Curl_none_false_start              /* false_start */
+};
+
 #endif /* USE_POLARSSL */
--- a/lib/vtls/polarssl.h
+++ b/lib/vtls/polarssl.h
@ -47,6 +47,8 @@ void Curl_polarssl_session_free(void *ptr);
 size_t Curl_polarssl_version(char *buffer, size_t size);
 int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);

+extern const struct Curl_ssl Curl_ssl_polarssl;
+
 /* Set the API backend definition to PolarSSL */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_POLARSSL

--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@ -1726,4 +1726,26 @@ static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
 }
 #endif /* _WIN32_WCE */

+const struct Curl_ssl Curl_ssl_schannel = {
+  "schannel",                        /* name */
+
+  Curl_schannel_init,                /* init */
+  Curl_schannel_cleanup,             /* cleanup */
+  Curl_schannel_version,             /* version */
+  Curl_none_check_cxn,               /* check_cxn */
+  Curl_schannel_shutdown,            /* shutdown */
+  Curl_schannel_data_pending,        /* data_pending */
+  Curl_schannel_random,              /* random */
+  Curl_none_cert_status_request,     /* cert_status_request */
+  Curl_schannel_connect,             /* connect */
+  Curl_schannel_connect_nonblocking, /* connect_nonblocking */
+  Curl_schannel_close,               /* close */
+  Curl_none_close_all,               /* close_all */
+  Curl_schannel_session_free,        /* session_free */
+  Curl_none_set_engine,              /* set_engine */
+  Curl_none_set_engine_default,      /* set_engine_default */
+  Curl_none_engines_list,            /* engines_list */
+  Curl_none_false_start              /* false_start */
+};
+
 #endif /* USE_SCHANNEL */
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@ -95,6 +95,8 @@ size_t Curl_schannel_version(char *buffer, size_t size);
 CURLcode Curl_schannel_random(struct Curl_easy *data, unsigned char *entropy,
                              size_t length);

+extern const struct Curl_ssl Curl_ssl_schannel;
+
 /* Set the API backend definition to Schannel */
 #define CURL_SSL_BACKEND CURLSSLBACKEND_SCHANNEL

--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@ -984,4 +984,88 @@ bool Curl_ssl_false_start(void)
 #endif
 }

+/*
+ * Default implementations for unsupported functions.
+ */
+
+int Curl_none_init(void)
+{
+  return 1;
+}
+
+void Curl_none_cleanup(void)
+{ }
+
+int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM,
+                       int sockindex UNUSED_PARAM)
+{
+  (void)conn;
+  (void)sockindex;
+  return 0;
+}
+
+int Curl_none_check_cxn(struct connectdata *conn UNUSED_PARAM)
+{
+  (void)conn;
+  return -1;
+}
+
+CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM,
+                          unsigned char *entropy UNUSED_PARAM,
+                          size_t length UNUSED_PARAM)
+{
+  (void)data;
+  (void)entropy;
+  (void)length;
+  return CURLE_NOT_BUILT_IN;
+}
+
+void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM)
+{
+  (void)data;
+}
+
+void Curl_none_session_free(void *ptr UNUSED_PARAM)
+{
+  (void)ptr;
+}
+
+bool Curl_none_data_pending(const struct connectdata *conn UNUSED_PARAM,
+                            int connindex UNUSED_PARAM)
+{
+  (void)conn;
+  (void)connindex;
+  return 0;
+}
+
+bool Curl_none_cert_status_request(void)
+{
+  return FALSE;
+}
+
+CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM,
+                              const char *engine UNUSED_PARAM)
+{
+  (void)data;
+  (void)engine;
+  return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM)
+{
+  (void)data;
+  return CURLE_NOT_BUILT_IN;
+}
+
+struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM)
+{
+  (void)data;
+  return (struct curl_slist *)NULL;
+}
+
+bool Curl_none_false_start(void)
+{
+  return FALSE;
+}
+
 #endif /* USE_SSL */
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@ -56,6 +56,21 @@ struct Curl_ssl {
  bool (*false_start)(void);
 };

+int Curl_none_init(void);
+void Curl_none_cleanup(void);
+int Curl_none_shutdown(struct connectdata *conn, int sockindex);
+int Curl_none_check_cxn(struct connectdata *conn);
+CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
+                          size_t length);
+void Curl_none_close_all(struct Curl_easy *data);
+void Curl_none_session_free(void *ptr);
+bool Curl_none_data_pending(const struct connectdata *conn, int connindex);
+bool Curl_none_cert_status_request(void);
+CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine);
+CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
+struct curl_slist *Curl_none_engines_list(struct Curl_easy *data);
+bool Curl_none_false_start(void);
+
 #include "openssl.h"        /* OpenSSL versions */
 #include "gtls.h"           /* GnuTLS versions */
 #include "nssg.h"           /* NSS versions */