#include "setup.h"
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include "urldata.h"
#define SSLGEN_C
#include "sslgen.h"
#include "ssluse.h"
#include "gtls.h"
#include "nssg.h"
#include "sendf.h"
#include "strequal.h"
#include "url.h"
#include "memory.h"
#include "memdebug.h"
static bool init_ssl=FALSE;
static bool safe_strequal(char* str1, char* str2);
static bool safe_strequal(char* str1, char* str2)
{
if(str1 && str2)
return (bool)(0 != strequal(str1, str2));
else
return (bool)(!str1 && !str2);
}
bool
Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle)
{
if((data->version == needle->version) &&
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
safe_strequal(data->CApath, needle->CApath) &&
safe_strequal(data->CAfile, needle->CAfile) &&
safe_strequal(data->random_file, needle->random_file) &&
safe_strequal(data->egdsocket, needle->egdsocket) &&
safe_strequal(data->cipher_list, needle->cipher_list))
return TRUE;
return FALSE;
}
bool
Curl_clone_ssl_config(struct ssl_config_data *source,
struct ssl_config_data *dest)
{
dest->verifyhost = source->verifyhost;
dest->verifypeer = source->verifypeer;
dest->version = source->version;
if(source->CAfile) {
dest->CAfile = strdup(source->CAfile);
if(!dest->CAfile)
return FALSE;
}
if(source->CApath) {
dest->CApath = strdup(source->CApath);
if(!dest->CApath)
return FALSE;
}
if(source->cipher_list) {
dest->cipher_list = strdup(source->cipher_list);
if(!dest->cipher_list)
return FALSE;
}
if(source->egdsocket) {
dest->egdsocket = strdup(source->egdsocket);
if(!dest->egdsocket)
return FALSE;
}
if(source->random_file) {
dest->random_file = strdup(source->random_file);
if(!dest->random_file)
return FALSE;
}
return TRUE;
}
void Curl_free_ssl_config(struct ssl_config_data* sslc)
{
if(sslc->CAfile)
free(sslc->CAfile);
if(sslc->CApath)
free(sslc->CApath);
if(sslc->cipher_list)
free(sslc->cipher_list);
if(sslc->egdsocket)
free(sslc->egdsocket);
if(sslc->random_file)
free(sslc->random_file);
}
int Curl_ssl_init(void)
{
if(init_ssl)
return 1;
init_ssl = TRUE;
#ifdef USE_SSLEAY
return Curl_ossl_init();
#else
#ifdef USE_GNUTLS
return Curl_gtls_init();
#else
#ifdef USE_NSS
return Curl_nss_init();
#else
return 1;
#endif
#endif
#endif
}
void Curl_ssl_cleanup(void)
{
if(init_ssl) {
#ifdef USE_SSLEAY
Curl_ossl_cleanup();
#else
#ifdef USE_GNUTLS
Curl_gtls_cleanup();
#ifdef USE_NSS
Curl_nss_cleanup();
#endif
#endif
#endif
init_ssl = FALSE;
}
}
CURLcode
Curl_ssl_connect(struct connectdata *conn, int sockindex)
{
#ifdef USE_SSL
conn->ssl[sockindex].use = TRUE;
#ifdef USE_SSLEAY
return Curl_ossl_connect(conn, sockindex);
#else
#ifdef USE_GNUTLS
return Curl_gtls_connect(conn, sockindex);
#else
#ifdef USE_NSS
return Curl_nss_connect(conn, sockindex);
#endif
#endif
#endif
#else
(void)conn;
(void)sockindex;
return CURLE_OK;
#endif
}
CURLcode
Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
bool *done)
{
#if defined(USE_SSL) && defined(USE_SSLEAY)
conn->ssl[sockindex].use = TRUE;
return Curl_ossl_connect_nonblocking(conn, sockindex, done);
#else
#ifdef USE_NSS
*done = TRUE;
return Curl_nss_connect(conn, sockindex);
#else
*done = TRUE;
return Curl_ssl_connect(conn, sockindex);
#endif
#endif
}
#ifdef USE_SSL
int Curl_ssl_getsessionid(struct connectdata *conn,
void **ssl_sessionid,
size_t *idsize)
{
struct curl_ssl_session *check;
struct SessionHandle *data = conn->data;
long i;
if(!conn->ssl_config.sessionid)
return TRUE;
for(i=0; i< data->set.ssl.numsessions; i++) {
check = &data->state.session[i];
if(!check->sessionid)
continue;
if(curl_strequal(conn->host.name, check->name) &&
(conn->remote_port == check->remote_port) &&
Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
data->state.sessionage++;
check->age = data->state.sessionage;
*ssl_sessionid = check->sessionid;
if(idsize)
*idsize = check->idsize;
return FALSE;
}
}
*ssl_sessionid = NULL;
return TRUE;
}
static int kill_session(struct curl_ssl_session *session)
{
if(session->sessionid) {
#ifdef USE_SSLEAY
Curl_ossl_session_free(session->sessionid);
#else
#ifdef USE_GNUTLS
Curl_gtls_session_free(session->sessionid);
#else
#ifdef USE_NSS
#endif
#endif
#endif
session->sessionid=NULL;
session->age = 0;
Curl_free_ssl_config(&session->ssl_config);
Curl_safefree(session->name);
session->name = NULL;
return 0;
}
else
return 1;
}
CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void *ssl_sessionid,
size_t idsize)
{
int i;
struct SessionHandle *data=conn->data;
struct curl_ssl_session *store = &data->state.session[0];
long oldest_age=data->state.session[0].age;
char *clone_host;
clone_host = strdup(conn->host.name);
if(!clone_host)
return CURLE_OUT_OF_MEMORY;
for(i=1; (i<data->set.ssl.numsessions) &&
data->state.session[i].sessionid; i++) {
if(data->state.session[i].age < oldest_age) {
oldest_age = data->state.session[i].age;
store = &data->state.session[i];
}
}
if(i == data->set.ssl.numsessions)
kill_session(store);
else
store = &data->state.session[i];
store->sessionid = ssl_sessionid;
store->idsize = idsize;
store->age = data->state.sessionage;
store->name = clone_host;
store->remote_port = conn->remote_port;
if (!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config))
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
#endif
void Curl_ssl_close_all(struct SessionHandle *data)
{
#ifdef USE_SSL
int i;
if(data->state.session) {
for(i=0; i< data->set.ssl.numsessions; i++)
kill_session(&data->state.session[i]);
free(data->state.session);
data->state.session = NULL;
}
#ifdef USE_SSLEAY
Curl_ossl_close_all(data);
#else
#ifdef USE_GNUTLS
Curl_gtls_close_all(data);
#else
#ifdef USE_NSS
Curl_nss_close_all(data);
#endif
#endif
#endif
#else
(void)data;
#endif
}
void Curl_ssl_close(struct connectdata *conn)
{
if(conn->ssl[FIRSTSOCKET].use) {
#ifdef USE_SSLEAY
Curl_ossl_close(conn);
#endif
#ifdef USE_GNUTLS
Curl_gtls_close(conn);
#endif
#ifdef USE_NSS
Curl_nss_close(conn);
#endif
conn->ssl[FIRSTSOCKET].use = FALSE;
}
}
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
{
if(conn->ssl[sockindex].use) {
#ifdef USE_SSLEAY
if(Curl_ossl_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
#else
#ifdef USE_GNUTLS
if(Curl_gtls_shutdown(conn, sockindex))
return CURLE_SSL_SHUTDOWN_FAILED;
#else
(void)conn;
(void)sockindex;
#endif
#endif
}
return CURLE_OK;
}
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
{
#ifdef USE_SSLEAY
return Curl_ossl_set_engine(data, engine);
#else
#ifdef USE_GNUTLS
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#else
#ifdef USE_NSS
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#else
(void)data;
(void)engine;
return CURLE_FAILED_INIT;
#endif
#endif
#endif
}
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
{
#ifdef USE_SSLEAY
return Curl_ossl_set_engine_default(data);
#else
#ifdef USE_GNUTLS
(void)data;
return CURLE_FAILED_INIT;
#else
#ifdef USE_NSS
(void)data;
return CURLE_FAILED_INIT;
#else
(void)data;
return CURLE_FAILED_INIT;
#endif
#endif
#endif
}
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
{
#ifdef USE_SSLEAY
return Curl_ossl_engines_list(data);
#else
#ifdef USE_GNUTLS
(void)data;
return NULL;
#else
#ifdef USE_NSS
(void)data;
return NULL;
#else
(void)data;
return NULL;
#endif
#endif
#endif
}
ssize_t Curl_ssl_send(struct connectdata *conn,
int sockindex,
void *mem,
size_t len)
{
#ifdef USE_SSLEAY
return Curl_ossl_send(conn, sockindex, mem, len);
#else
#ifdef USE_GNUTLS
return Curl_gtls_send(conn, sockindex, mem, len);
#else
#ifdef USE_NSS
return Curl_nss_send(conn, sockindex, mem, len);
#else
(void)conn;
(void)sockindex;
(void)mem;
(void)len;
return 0;
#endif
#endif
#endif
}
ssize_t Curl_ssl_recv(struct connectdata *conn,
int sockindex,
char *mem,
size_t len)
{
#ifdef USE_SSL
ssize_t nread;
bool block = FALSE;
#ifdef USE_SSLEAY
nread = Curl_ossl_recv(conn, sockindex, mem, len, &block);
#else
#ifdef USE_GNUTLS
nread = Curl_gtls_recv(conn, sockindex, mem, len, &block);
#else
#ifdef USE_NSS
nread = Curl_nss_recv(conn, sockindex, mem, len, &block);
#endif
#endif
#endif
if(nread == -1) {
if(!block)
return 0;
else
return -1;
}
return (int)nread;
#else
(void)conn;
(void)sockindex;
(void)mem;
(void)len;
return 0;
#endif
}
CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
{
#ifdef USE_SSL
struct curl_ssl_session *session;
if(data->state.session)
return CURLE_OK;
session = (struct curl_ssl_session *)
calloc(sizeof(struct curl_ssl_session), amount);
if(!session)
return CURLE_OUT_OF_MEMORY;
data->set.ssl.numsessions = amount;
data->state.session = session;
data->state.sessionage = 1;
#else
(void)data;
(void)amount;
#endif
return CURLE_OK;
}
size_t Curl_ssl_version(char *buffer, size_t size)
{
#ifdef USE_SSLEAY
return Curl_ossl_version(buffer, size);
#else
#ifdef USE_GNUTLS
return Curl_gtls_version(buffer, size);
#else
#ifdef USE_NSS
return Curl_nss_version(buffer, size);
#else
(void)buffer;
(void)size;
return 0;
#endif
#endif
#endif
}
int Curl_ssl_check_cxn(struct connectdata *conn)
{
#ifdef USE_SSLEAY
return Curl_ossl_check_cxn(conn);
#else
#ifdef USE_NSS
return Curl_nss_check_cxn(conn);
#else
(void)conn;
return -1;
#endif
#endif
}
bool Curl_ssl_data_pending(struct connectdata *conn,
int connindex)
{
#ifdef USE_SSLEAY
if(conn->ssl[connindex].handle)
return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
#else
(void)conn;
(void)connindex;
#endif
return FALSE;
}