#include "base64.h"
/* ---- Base64 Encoding/Decoding Table --- */
-const char Curl_base64encdec[]=
+const char Curl_base64encdec[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/* The Base 64 encoding with a URL and filename safe alphabet, RFC 4648
section 5 */
-static const char base64url[]=
+static const char base64url[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
static const unsigned char decodetable[] =
return CURLE_OUT_OF_MEMORY;
while(insize >= 3) {
- *output++ = table64[ in[0] >> 2 ];
- *output++ = table64[ ((in[0] & 0x03) << 4) | (in[1] >> 4) ];
- *output++ = table64[ ((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6) ];
- *output++ = table64[ in[2] & 0x3F ];
+ *output++ = table64[in[0] >> 2];
+ *output++ = table64[((in[0] & 0x03) << 4) | (in[1] >> 4)];
+ *output++ = table64[((in[1] & 0x0F) << 2) | ((in[2] & 0xC0) >> 6)];
+ *output++ = table64[in[2] & 0x3F];
insize -= 3;
in += 3;
}
if(insize) {
/* this is only one or two bytes now */
- *output++ = table64[ in[0] >> 2 ];
+ *output++ = table64[in[0] >> 2];
if(insize == 1) {
- *output++ = table64[ ((in[0] & 0x03) << 4) ];
+ *output++ = table64[((in[0] & 0x03) << 4)];
if(padbyte) {
*output++ = padbyte;
*output++ = padbyte;
}
else {
/* insize == 2 */
- *output++ = table64[ ((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4) ];
- *output++ = table64[ ((in[1] & 0x0F) << 2) ];
+ *output++ = table64[((in[0] & 0x03) << 4) | ((in[1] & 0xF0) >> 4)];
+ *output++ = table64[((in[1] & 0x0F) << 2)];
if(padbyte)
*output++ = padbyte;
}
s->bufr[s->leng] = 0;
}
return CURLE_OK;
-
}
/*
size_t allc; /* size of the current allocation */
size_t toobig; /* size limit for the buffer */
#ifdef DEBUGBUILD
- int init; /* detect API usage mistakes */
+ int init; /* detect API usage mistakes */
#endif
};
char *curlx_dyn_take(struct dynbuf *s, size_t *plen);
/* Dynamic buffer max sizes */
-#define MAX_DYNBUF_SIZE (SIZE_MAX/2)
+#define MAX_DYNBUF_SIZE (SIZE_MAX / 2)
#define DYN_DOH_RESPONSE 3000
#define DYN_DOH_CNAME 256
#define DYN_PAUSE_BUFFER (64 * 1024 * 1024)
#define DYN_HAXPROXY 2048
-#define DYN_HTTP_REQUEST (1024*1024)
+#define DYN_HTTP_REQUEST (1024 * 1024)
#define DYN_APRINTF 8000000
-#define DYN_RTSP_REQ_HEADER (64*1024)
-#define DYN_TRAILERS (64*1024)
+#define DYN_RTSP_REQ_HEADER (64 * 1024)
+#define DYN_TRAILERS (64 * 1024)
#define DYN_PROXY_CONNECT_HEADERS 16384
#define DYN_QLOG_NAME 1024
#define DYN_H1_TRAILER 4096
-#define DYN_PINGPPONG_CMD (64*1024)
-#define DYN_IMAP_CMD (64*1024)
-#define DYN_MQTT_RECV (64*1024)
+#define DYN_PINGPPONG_CMD (64 * 1024)
+#define DYN_IMAP_CMD (64 * 1024)
+#define DYN_MQTT_RECV (64 * 1024)
#define DYN_MQTT_SEND 0xFFFFFFF
-#define DYN_CRLFILE_SIZE (400*1024*1024) /* 400mb */
-#define DYN_CERTFILE_SIZE (100*1024) /* 100KiB */
-#define DYN_KEYFILE_SIZE (100*1024) /* 100KiB */
+#define DYN_CRLFILE_SIZE (400 * 1024 * 1024) /* 400MiB */
+#define DYN_CERTFILE_SIZE (100 * 1024) /* 100KiB */
+#define DYN_KEYFILE_SIZE (100 * 1024) /* 100KiB */
#endif
#endif
#ifdef CURLDEBUG
-#define curlx_fopen(file,mode) curl_dbg_fopen(file,mode,__LINE__,__FILE__)
-#define curlx_freopen(file,mode,fh) \
- curl_dbg_freopen(file,mode,fh,__LINE__,__FILE__)
-#define curlx_fdopen(file,mode) curl_dbg_fdopen(file,mode,__LINE__,__FILE__)
-#define curlx_fclose(file) curl_dbg_fclose(file,__LINE__,__FILE__)
+#define curlx_fopen(file, mode) curl_dbg_fopen(file, mode, __LINE__, __FILE__)
+#define curlx_freopen(file, mode, fh) \
+ curl_dbg_freopen(file, mode, fh, __LINE__, __FILE__)
+#define curlx_fdopen(file, mode) \
+ curl_dbg_fdopen(file, mode, __LINE__, __FILE__)
+#define curlx_fclose(file) curl_dbg_fclose(file, __LINE__, __FILE__)
#else
#define curlx_fopen CURLX_FOPEN_LOW
#define curlx_freopen CURLX_FREOPEN_LOW
*/
memset(words, '\0', sizeof(words));
for(i = 0; i < IN6ADDRSZ; i++)
- words[i/2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3));
+ words[i / 2] |= ((unsigned int)src[i] << ((1 - (i % 2)) << 3));
best.base = -1;
- cur.base = -1;
+ cur.base = -1;
best.len = 0;
cur.len = 0;
for(i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
if(words[i] == 0) {
if(cur.base == -1) {
- cur.base = i; cur.len = 1;
+ cur.base = i;
+ cur.len = 1;
}
else
cur.len++;
/* Is this address an encapsulated IPv4?
*/
if(i == 6 && best.base == 0 &&
- (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+ (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
if(!inet_ntop4(src + 12, tp, sizeof(tmp) - (tp - tmp))) {
return NULL;
}
return NULL;
}
}
-#endif /* HAVE_INET_NTOP */
+#endif /* HAVE_INET_NTOP */
#include <arpa/inet.h>
#endif
#ifdef __AMIGA__
-#define curlx_inet_ntop(af,addr,buf,size) \
+#define curlx_inet_ntop(af, addr, buf, size) \
(char *)inet_ntop(af, CURL_UNCONST(addr), (unsigned char *)buf, \
(curl_socklen_t)(size))
#else
-#define curlx_inet_ntop(af,addr,buf,size) \
+#define curlx_inet_ntop(af, addr, buf, size) \
inet_ntop(af, addr, buf, (curl_socklen_t)(size))
#endif
#else
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
-static int inet_pton4(const char *src, unsigned char *dst);
-static int inet_pton6(const char *src, unsigned char *dst);
+static int inet_pton4(const char *src, unsigned char *dst);
+static int inet_pton6(const char *src, unsigned char *dst);
/* int
* inet_pton(af, src, dst)
* author:
* Paul Vixie, 1996.
*/
-int
-curlx_inet_pton(int af, const char *src, void *dst)
+int curlx_inet_pton(int af, const char *src, void *dst)
{
switch(af) {
case AF_INET:
* author:
* Paul Vixie, 1996.
*/
-static int
-inet_pton4(const char *src, unsigned char *dst)
+static int inet_pton4(const char *src, unsigned char *dst)
{
int saw_digit, octets, ch;
unsigned char tmp[INADDRSZ], *tp;
* author:
* Paul Vixie, 1996.
*/
-static int
-inet_pton6(const char *src, unsigned char *dst)
+static int inet_pton6(const char *src, unsigned char *dst)
{
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *curtok;
}
if(tp + INT16SZ > endp)
return 0;
- *tp++ = (unsigned char) ((val >> 8) & 0xff);
- *tp++ = (unsigned char) (val & 0xff);
+ *tp++ = (unsigned char)((val >> 8) & 0xff);
+ *tp++ = (unsigned char)(val & 0xff);
saw_xdigit = 0;
val = 0;
continue;
}
if(ch == '.' && ((tp + INADDRSZ) <= endp) &&
- inet_pton4(curtok, tp) > 0) {
+ inet_pton4(curtok, tp) > 0) {
tp += INADDRSZ;
saw_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
if(saw_xdigit) {
if(tp + INT16SZ > endp)
return 0;
- *tp++ = (unsigned char) ((val >> 8) & 0xff);
- *tp++ = (unsigned char) (val & 0xff);
+ *tp++ = (unsigned char)((val >> 8) & 0xff);
+ *tp++ = (unsigned char)(val & 0xff);
}
if(colonp) {
/*
#include <arpa/inet.h>
#endif
#ifdef __AMIGA__
-#define curlx_inet_pton(x,y,z) inet_pton(x,(unsigned char *)CURL_UNCONST(y),z)
+#define curlx_inet_pton(x, y, z) \
+ inet_pton(x, (unsigned char *)CURL_UNCONST(y), z)
#else
-#define curlx_inet_pton(x,y,z) inet_pton(x,y,z)
+#define curlx_inet_pton(x, y, z) \
+ inet_pton(x, y, z)
#endif
#else
int curlx_inet_pton(int, const char *, void *);
return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
#else
-# error "no non-blocking method was found/used/set"
+#error "no non-blocking method was found/used/set"
#endif
}
* codes (WSAGetLastError) to error messages.
* Returns NULL if no error message was found for error code.
*/
-static const char *
-get_winsock_error(int err, char *buf, size_t len)
+static const char *get_winsock_error(int err, char *buf, size_t len)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
const char *p;
/* Get a word until the first space or end of string. At least one byte long.
return non-zero on error */
-int curlx_str_word(const char **linep, struct Curl_str *out,
- const size_t max)
+int curlx_str_word(const char **linep, struct Curl_str *out, const size_t max)
{
return curlx_str_until(linep, out, max, ' ');
}
return STRE_OK;
}
-
/* Get a "quoted" word. No escaping possible.
return non-zero on error */
int curlx_str_quotedword(const char **linep, struct Curl_str *out,
}
/* given an ASCII character and max ascii, return TRUE if valid */
-#define valid_digit(x,m) \
- (((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x)-'0'])
+#define valid_digit(x, m) \
+ (((x) >= '0') && ((x) <= m) && Curl_hexasciitable[(x) - '0'])
/* We use 16 for the zero index (and the necessary bitwise AND in the loop)
to be able to have a non-zero value there to make valid_digit() able to
*/
timediff_t curlx_tvtoms(struct timeval *tv)
{
- return (tv->tv_sec*1000) + (timediff_t)(tv->tv_usec/1000);
+ return (tv->tv_sec * 1000) + (timediff_t)(tv->tv_usec / 1000);
}
return now;
}
-#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \
+#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC) || \
defined(HAVE_CLOCK_GETTIME_MONOTONIC_RAW)
struct curltime curlx_now(void)
** called on unsupported OS version.
*/
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
- (HAVE_BUILTIN_AVAILABLE == 1)
+ (HAVE_BUILTIN_AVAILABLE == 1)
bool have_clock_gettime = FALSE;
if(__builtin_available(macOS 10.12, iOS 10, tvOS 10, watchOS 3, *))
have_clock_gettime = TRUE;
#ifdef HAVE_CLOCK_GETTIME_MONOTONIC_RAW
if(
-#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
- (HAVE_BUILTIN_AVAILABLE == 1)
+#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
+ (HAVE_BUILTIN_AVAILABLE == 1)
have_clock_gettime &&
#endif
(clock_gettime(CLOCK_MONOTONIC_RAW, &tsnow) == 0)) {
if(
#if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \
- (HAVE_BUILTIN_AVAILABLE == 1)
+ (HAVE_BUILTIN_AVAILABLE == 1)
have_clock_gettime &&
#endif
(clock_gettime(CLOCK_MONOTONIC, &tsnow) == 0)) {
*/
timediff_t curlx_timediff_ms(struct curltime newer, struct curltime older)
{
- timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
- if(diff >= (TIMEDIFF_T_MAX/1000))
+ timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
+ if(diff >= (TIMEDIFF_T_MAX / 1000))
return TIMEDIFF_T_MAX;
- else if(diff <= (TIMEDIFF_T_MIN/1000))
+ else if(diff <= (TIMEDIFF_T_MIN / 1000))
return TIMEDIFF_T_MIN;
- return diff * 1000 + (newer.tv_usec-older.tv_usec)/1000;
+ return diff * 1000 + (newer.tv_usec - older.tv_usec) / 1000;
}
/*
timediff_t curlx_timediff_ceil_ms(struct curltime newer,
struct curltime older)
{
- timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
- if(diff >= (TIMEDIFF_T_MAX/1000))
+ timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
+ if(diff >= (TIMEDIFF_T_MAX / 1000))
return TIMEDIFF_T_MAX;
- else if(diff <= (TIMEDIFF_T_MIN/1000))
+ else if(diff <= (TIMEDIFF_T_MIN / 1000))
return TIMEDIFF_T_MIN;
- return diff * 1000 + (newer.tv_usec - older.tv_usec + 999)/1000;
+ return diff * 1000 + (newer.tv_usec - older.tv_usec + 999) / 1000;
}
/*
*/
timediff_t curlx_timediff_us(struct curltime newer, struct curltime older)
{
- timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
- if(diff >= (TIMEDIFF_T_MAX/1000000))
+ timediff_t diff = (timediff_t)newer.tv_sec - older.tv_sec;
+ if(diff >= (TIMEDIFF_T_MAX / 1000000))
return TIMEDIFF_T_MAX;
- else if(diff <= (TIMEDIFF_T_MIN/1000000))
+ else if(diff <= (TIMEDIFF_T_MIN / 1000000))
return TIMEDIFF_T_MIN;
- return diff * 1000000 + newer.tv_usec-older.tv_usec;
+ return diff * 1000000 + newer.tv_usec - older.tv_usec;
}
/* prevent overflow, timeout_ms is typecast to ULONG/DWORD. */
#if TIMEDIFF_T_MAX >= ULONG_MAX
if(timeout_ms >= ULONG_MAX)
- timeout_ms = ULONG_MAX-1;
+ timeout_ms = ULONG_MAX - 1;
/* do not use ULONG_MAX, because that is equal to INFINITE */
#endif
Sleep((DWORD)timeout_ms);
#if defined(__INTEL_COMPILER) && defined(__unix__)
#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
+#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
#endif
#endif /* __INTEL_COMPILER && __unix__ */
unsigned char curlx_ultouc(unsigned long ulnum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
- DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_UCHAR);
- return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR);
+ DEBUGASSERT(ulnum <= (unsigned long)CURL_MASK_UCHAR);
+ return (unsigned char)(ulnum & (unsigned long)CURL_MASK_UCHAR);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
int curlx_uztosi(size_t uznum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
- DEBUGASSERT(uznum <= (size_t) CURL_MASK_SINT);
- return (int)(uznum & (size_t) CURL_MASK_SINT);
+ DEBUGASSERT(uznum <= (size_t)CURL_MASK_SINT);
+ return (int)(uznum & (size_t)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
unsigned long curlx_uztoul(size_t uznum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
#if ULONG_MAX < SIZE_MAX
- DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG);
+ DEBUGASSERT(uznum <= (size_t)CURL_MASK_ULONG);
#endif
- return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG);
+ return (unsigned long)(uznum & (size_t)CURL_MASK_ULONG);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
unsigned int curlx_uztoui(size_t uznum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
#if UINT_MAX < SIZE_MAX
- DEBUGASSERT(uznum <= (size_t) CURL_MASK_UINT);
+ DEBUGASSERT(uznum <= (size_t)CURL_MASK_UINT);
#endif
- return (unsigned int)(uznum & (size_t) CURL_MASK_UINT);
+ return (unsigned int)(uznum & (size_t)CURL_MASK_UINT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
int curlx_sltosi(long slnum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
#if INT_MAX < LONG_MAX
- DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT);
+ DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_SINT);
#endif
- return (int)(slnum & (long) CURL_MASK_SINT);
+ return (int)(slnum & (long)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
unsigned int curlx_sltoui(long slnum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
#if UINT_MAX < LONG_MAX
- DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT);
+ DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_UINT);
#endif
- return (unsigned int)(slnum & (long) CURL_MASK_UINT);
+ return (unsigned int)(slnum & (long)CURL_MASK_UINT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
unsigned short curlx_sltous(long slnum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(slnum >= 0);
- DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_USHORT);
- return (unsigned short)(slnum & (long) CURL_MASK_USHORT);
+ DEBUGASSERT((unsigned long)slnum <= (unsigned long)CURL_MASK_USHORT);
+ return (unsigned short)(slnum & (long)CURL_MASK_USHORT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
ssize_t curlx_uztosz(size_t uznum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
- DEBUGASSERT(uznum <= (size_t) CURL_MASK_SSIZE_T);
- return (ssize_t)(uznum & (size_t) CURL_MASK_SSIZE_T);
+ DEBUGASSERT(uznum <= (size_t)CURL_MASK_SSIZE_T);
+ return (ssize_t)(uznum & (size_t)CURL_MASK_SSIZE_T);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
size_t curlx_sotouz(curl_off_t sonum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sonum >= 0);
- return (size_t)(sonum & (curl_off_t) CURL_MASK_USIZE_T);
+ return (size_t)(sonum & (curl_off_t)CURL_MASK_USIZE_T);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
int curlx_sztosi(ssize_t sznum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sznum >= 0);
#if INT_MAX < SSIZE_MAX
- DEBUGASSERT((size_t) sznum <= (size_t) CURL_MASK_SINT);
+ DEBUGASSERT((size_t)sznum <= (size_t)CURL_MASK_SINT);
#endif
- return (int)(sznum & (ssize_t) CURL_MASK_SINT);
+ return (int)(sznum & (ssize_t)CURL_MASK_SINT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
unsigned short curlx_uitous(unsigned int uinum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
- DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_USHORT);
- return (unsigned short) (uinum & (unsigned int) CURL_MASK_USHORT);
+ DEBUGASSERT(uinum <= (unsigned int)CURL_MASK_USHORT);
+ return (unsigned short)(uinum & (unsigned int)CURL_MASK_USHORT);
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
size_t curlx_sitouz(int sinum)
{
#ifdef __INTEL_COMPILER
-# pragma warning(push)
-# pragma warning(disable:810) /* conversion may lose significant bits */
+#pragma warning(push)
+#pragma warning(disable:810) /* conversion may lose significant bits */
#endif
DEBUGASSERT(sinum >= 0);
- return (size_t) sinum;
+ return (size_t)sinum;
#ifdef __INTEL_COMPILER
-# pragma warning(pop)
+#pragma warning(pop)
#endif
}
return TRUE;
}
-
bool curlx_sltouz(long slnum, size_t *puznum)
{
if(slnum < 0) {
#endif
#define CURLX_FUNCTION_CAST(target_type, func) \
- (target_type)(void (*) (void))(func)
+ (target_type)(void (*)(void))(func)
unsigned char curlx_ultouc(unsigned long ulnum);
/* Truncate multiple lines */
p = strchr(buf, '\n');
if(p) {
- if(p > buf && *(p-1) == '\r')
- *(p-1) = '\0';
+ if(p > buf && *(p - 1) == '\r')
+ *(p - 1) = '\0';
else
*p = '\0';
}
#if defined(__GNUC__) && __GNUC__ >= 7
#pragma GCC diagnostic pop
#endif
-
}
#else
{
#include "../curl_setup.h"
-#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
- !defined(CURL_DISABLE_POP3) || \
+#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_POP3) || \
(!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
#include <curl/curl.h>
*
* Returns void.
*/
-void Curl_auth_create_external_message(const char *user,
- struct bufref *out)
+void Curl_auth_create_external_message(const char *user, struct bufref *out)
{
/* This is the same formatting as the login message */
Curl_auth_create_login_message(user, out);
/* Compute the digest using the password as the key */
ctxt = Curl_HMAC_init(&Curl_HMAC_MD5,
- (const unsigned char *) passwdp,
+ (const unsigned char *)passwdp,
curlx_uztoui(strlen(passwdp)));
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
#ifndef USE_WINDOWS_SSPI
/* Convert MD5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */
static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
- unsigned char *dest) /* 33 bytes */
+ unsigned char *dest) /* 33 bytes */
{
int i;
for(i = 0; i < 16; i++)
- curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
+ curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]);
}
/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */
static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
- unsigned char *dest) /* 65 bytes */
+ unsigned char *dest) /* 65 bytes */
{
int i;
for(i = 0; i < 32; i++)
- curl_msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
+ curl_msnprintf((char *)&dest[i * 2], 3, "%02x", source[i]);
}
/* Perform quoted-string escaping as described in RFC2616 and its errata */
char *alg, size_t alen,
char *qop, size_t qlen)
{
- const char *chlg = (const char *) Curl_bufref_ptr(chlgref);
+ const char *chlg = (const char *)Curl_bufref_ptr(chlgref);
/* Ensure we have a valid challenge message */
if(!Curl_bufref_len(chlgref))
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
- Curl_MD5_update(ctxt, (const unsigned char *) userp,
+ Curl_MD5_update(ctxt, (const unsigned char *)userp,
curlx_uztoui(strlen(userp)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) realm,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)realm,
curlx_uztoui(strlen(realm)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)passwdp,
curlx_uztoui(strlen(passwdp)));
Curl_MD5_final(ctxt, digest);
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
- Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+ Curl_MD5_update(ctxt, (const unsigned char *)digest, MD5_DIGEST_LEN);
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)nonce,
curlx_uztoui(strlen(nonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)cnonce,
curlx_uztoui(strlen(cnonce)));
Curl_MD5_final(ctxt, digest);
return CURLE_OUT_OF_MEMORY;
}
- Curl_MD5_update(ctxt, (const unsigned char *) method,
+ Curl_MD5_update(ctxt, (const unsigned char *)method,
curlx_uztoui(strlen(method)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) spn,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)spn,
curlx_uztoui(strlen(spn)));
Curl_MD5_final(ctxt, digest);
return CURLE_OUT_OF_MEMORY;
}
- Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+ Curl_MD5_update(ctxt, (const unsigned char *)HA1_hex, 2 * MD5_DIGEST_LEN);
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)nonce,
curlx_uztoui(strlen(nonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
+ Curl_MD5_update(ctxt, (const unsigned char *)nonceCount,
curlx_uztoui(strlen(nonceCount)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)cnonce,
curlx_uztoui(strlen(cnonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) qop,
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)qop,
curlx_uztoui(strlen(qop)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *)":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
+ Curl_MD5_update(ctxt, (const unsigned char *)HA2_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_final(ctxt, digest);
for(i = 0; i < MD5_DIGEST_LEN; i++)
if(curlx_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH))
foundAuth = TRUE;
else if(curlx_str_casecompare(&out,
- DIGEST_QOP_VALUE_STRING_AUTH_INT))
+ DIGEST_QOP_VALUE_STRING_AUTH_INT))
foundAuthInt = TRUE;
if(curlx_str_single(&token, ','))
break;
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
- result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
- result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- result = hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
+ result = hash(hashbuf, (unsigned char *)tmp, strlen(tmp));
curlx_free(tmp);
if(result)
return result;
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
- result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
if(!hashthis)
return CURLE_OUT_OF_MEMORY;
- result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
+ result = hash(hashbuf, (unsigned char *)hashthis, strlen(hashthis));
curlx_free(hashthis);
if(result)
return result;
digest->nc = 0;
digest->algo = ALGO_MD5; /* default algorithm */
- digest->stale = FALSE; /* default means normal, not stale */
+ digest->stale = FALSE; /* default means normal, not stale */
digest->userhash = FALSE;
}
-#endif /* !USE_WINDOWS_SSPI */
+#endif /* !USE_WINDOWS_SSPI */
-#endif /* !CURL_DISABLE_DIGEST_AUTH */
+#endif /* !CURL_DISABLE_DIGEST_AUTH */
#include "../strerror.h"
/*
-* Curl_auth_is_digest_supported()
-*
-* This is used to evaluate if DIGEST is supported.
-*
-* Parameters: None
-*
-* Returns TRUE if DIGEST is supported by Windows SSPI.
-*/
+ * Curl_auth_is_digest_supported()
+ *
+ * This is used to evaluate if DIGEST is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if DIGEST is supported by Windows SSPI.
+ */
bool Curl_auth_is_digest_supported(void)
{
PSecPkgInfo SecurityPackage;
size_t outlen;
res = gsasl_step(gsasl->client,
- (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
+ (const char *)Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
&response, &outlen);
if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
failf(data, "GSASL step: %s", gsasl_strerror(res));
gss_release_buffer(&unused_status, &output_token);
}
else
- Curl_bufref_set(out, mutual_auth ? "": NULL, 0, NULL);
+ Curl_bufref_set(out, mutual_auth ? "" : NULL, 0, NULL);
return result;
}
/* Get our response size information */
status = Curl_pSecFn->QueryContextAttributes(krb5->context,
- SECPKG_ATTR_SIZES,
- &sizes);
+ SECPKG_ATTR_SIZES, &sizes);
if(status == SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
#include "vauth.h"
#include "../curl_endian.h"
-
/* NTLM buffer fixed size, large enough for long user + host + domain */
#define NTLM_BUFSIZE 1024
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
#if DEBUG_ME
-# define DEBUG_OUT(x) x
+#define DEBUG_OUT(x) x
static void ntlm_print_flags(FILE *handle, unsigned long flags)
{
if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
curl_mfprintf(stderr, "%02.2x", (unsigned int)*p++);
}
#else
-# define DEBUG_OUT(x) Curl_nop_stmt
+#define DEBUG_OUT(x) Curl_nop_stmt
#endif
/*
}
/*
-* Curl_auth_create_ntlm_type3_message()
* Curl_auth_create_ntlm_type3_message()
*
* This is used to generate an already encoded NTLM type-3 message ready for
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
/* ssl context comes from schannel.
- * When extended protection is used in IIS server,
- * we have to pass a second SecBuffer to the SecBufferDesc
- * otherwise IIS will not pass the authentication (401 response).
- * Minimum supported version is Windows 7.
- * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
- */
+ * When extended protection is used in IIS server,
+ * we have to pass a second SecBuffer to the SecBufferDesc
+ * otherwise IIS will not pass the authentication (401 response).
+ * Minimum supported version is Windows 7.
+ * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
+ */
if(ntlm->sslContext) {
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;
#include "../curl_setup.h"
#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
- !defined(CURL_DISABLE_POP3) || \
+ !defined(CURL_DISABLE_POP3) || \
(!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
#include <curl/curl.h>
nego->output_token = curlx_malloc(nego->token_max);
if(!nego->output_token)
return CURLE_OUT_OF_MEMORY;
- }
+ }
if(!nego->credentials) {
/* Do we have credentials to use or are we using single sign-on? */
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
/* ssl context comes from Schannel.
- * When extended protection is used in IIS server,
- * we have to pass a second SecBuffer to the SecBufferDesc
- * otherwise IIS will not pass the authentication (401 response).
- * Minimum supported version is Windows 7.
- * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
- */
+ * When extended protection is used in IIS server,
+ * we have to pass a second SecBuffer to the SecBufferDesc
+ * otherwise IIS will not pass the authentication (401 response).
+ * Minimum supported version is Windows 7.
+ * https://learn.microsoft.com/security-updates/SecurityAdvisories/2009/973811
+ */
if(nego->sslContext) {
SEC_CHANNEL_BINDINGS channelBindings;
SecPkgContext_Bindings pkgBindings;
struct ntlmdata *Curl_auth_ntlm_get(struct connectdata *conn, bool proxy)
{
- const char *key = proxy ? CURL_META_NTLM_PROXY_CONN :
- CURL_META_NTLM_CONN;
+ const char *key = proxy ? CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN;
struct ntlmdata *ntlm = Curl_conn_meta_get(conn, key);
if(!ntlm) {
ntlm = curlx_calloc(1, sizeof(*ntlm));
- if(!ntlm ||
- Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor))
+ if(!ntlm || Curl_conn_meta_set(conn, key, ntlm, ntlm_conn_dtor))
return NULL;
}
return ntlm;
void Curl_auth_ntlm_remove(struct connectdata *conn, bool proxy)
{
- Curl_conn_meta_remove(conn, proxy ?
- CURL_META_NTLM_PROXY_CONN : CURL_META_NTLM_CONN);
+ Curl_conn_meta_remove(conn, proxy ? CURL_META_NTLM_PROXY_CONN
+ : CURL_META_NTLM_CONN);
}
#endif /* USE_NTLM */
struct negotiatedata *Curl_auth_nego_get(struct connectdata *conn, bool proxy)
{
- const char *key = proxy ? CURL_META_NEGO_PROXY_CONN :
- CURL_META_NEGO_CONN;
+ const char *key = proxy ? CURL_META_NEGO_PROXY_CONN : CURL_META_NEGO_CONN;
struct negotiatedata *nego = Curl_conn_meta_get(conn, key);
if(!nego) {
nego = curlx_calloc(1, sizeof(*nego));
- if(!nego ||
- Curl_conn_meta_set(conn, key, nego, nego_conn_dtor))
+ if(!nego || Curl_conn_meta_set(conn, key, nego, nego_conn_dtor))
return NULL;
}
return nego;
#include "../curlx/warnless.h"
-#define QUIC_MAX_STREAMS (256*1024)
-#define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS)
+#define QUIC_MAX_STREAMS (256 * 1024)
+#define QUIC_HANDSHAKE_TIMEOUT (10 * NGTCP2_SECONDS)
/* A stream window is the maximum amount we need to buffer for
* each active transfer.
* Chunk size is large enough to take a full DATA frame */
#define H3_STREAM_WINDOW_SIZE (64 * 1024)
-#define H3_STREAM_CHUNK_SIZE (16 * 1024)
+#define H3_STREAM_CHUNK_SIZE (16 * 1024)
#if H3_STREAM_CHUNK_SIZE < NGTCP2_MAX_UDP_PAYLOAD_SIZE
#error H3_STREAM_CHUNK_SIZE smaller than NGTCP2_MAX_UDP_PAYLOAD_SIZE
#endif
/* How to access `call_data` from a cf_ngtcp2 filter */
#undef CF_CTX_CALL_DATA
-#define CF_CTX_CALL_DATA(cf) \
- ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
+#define CF_CTX_CALL_DATA(cf) ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
static void h3_stream_hash_free(unsigned int id, void *stream);
struct cf_ngtcp2_ctx *ctx = cf->ctx;
const ngtcp2_transport_params *rp;
/* Peer should have sent us its transport parameters. If it
- * announces a positive `max_idle_timeout` it will close the
- * connection when it does not hear from us for that time.
- *
- * Some servers use this as a keep-alive timer at a rather low
- * value. We are doing HTTP/3 here and waiting for the response
- * to a request may take a considerable amount of time. We need
- * to prevent the peer's QUIC stack from closing in this case.
- */
+ * announces a positive `max_idle_timeout` it will close the
+ * connection when it does not hear from us for that time.
+ *
+ * Some servers use this as a keep-alive timer at a rather low
+ * value. We are doing HTTP/3 here and waiting for the response
+ * to a request may take a considerable amount of time. We need
+ * to prevent the peer's QUIC stack from closing in this case.
+ */
if(!ctx->qconn)
return;
}
}
-
struct pkt_io_ctx;
static CURLcode cf_progress_ingress(struct Curl_cfilter *cf,
struct Curl_easy *data,
* All about the H3 internals of a stream
*/
struct h3_stream_ctx {
- int64_t id; /* HTTP/3 protocol identifier */
- struct bufq sendbuf; /* h3 request body */
- struct h1_req_parser h1; /* h1 request parsing */
+ int64_t id; /* HTTP/3 protocol identifier */
+ struct bufq sendbuf; /* h3 request body */
+ struct h1_req_parser h1; /* h1 request parsing */
size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
- uint64_t error3; /* HTTP/3 stream error code */
- curl_off_t upload_left; /* number of request bytes left to upload */
- uint64_t download_unacked; /* bytes not acknowledged yet */
- int status_code; /* HTTP status code */
- CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
- BIT(resp_hds_complete); /* we have a complete, final response */
- BIT(closed); /* TRUE on stream close */
- BIT(reset); /* TRUE on stream reset */
- BIT(send_closed); /* stream is local closed */
- BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
+ uint64_t error3; /* HTTP/3 stream error code */
+ curl_off_t upload_left; /* number of request bytes left to upload */
+ uint64_t download_unacked; /* bytes not acknowledged yet */
+ int status_code; /* HTTP status code */
+ CURLcode xfer_result; /* result from xfer_resp_write(_hd) */
+ BIT(resp_hds_complete); /* we have a complete, final response */
+ BIT(closed); /* TRUE on stream close */
+ BIT(reset); /* TRUE on stream reset */
+ BIT(send_closed); /* stream is local closed */
+ BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
return TRUE; /* continue */
}
-static struct h3_stream_ctx *
-cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx, int64_t stream_id)
+static struct h3_stream_ctx *cf_ngtcp2_get_stream(struct cf_ngtcp2_ctx *ctx,
+ int64_t stream_id)
{
struct cf_ngtcp2_sfind_ctx fctx;
fctx.stream_id = stream_id;
struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data);
(void)cf;
if(stream) {
- CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done",
- stream->id);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] easy handle is done", stream->id);
cf_ngtcp2_stream_close(cf, data, stream);
Curl_uint32_hash_remove(&ctx->streams, data->mid);
if(!Curl_uint32_hash_count(&ctx->streams))
return 0;
}
-static int
-cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
- uint64_t offset, uint64_t datalen, void *user_data,
- void *stream_user_data)
+static int cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
+ uint64_t offset, uint64_t datalen,
+ void *user_data, void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_ngtcp2_ctx *ctx = cf->ctx;
}
#if defined(_MSC_VER) && defined(_DLL)
-# pragma warning(push)
-# pragma warning(disable:4232) /* MSVC extension, dllimport identity */
+#pragma warning(push)
+#pragma warning(disable:4232) /* MSVC extension, dllimport identity */
#endif
static ngtcp2_callbacks ng_callbacks = {
};
#if defined(_MSC_VER) && defined(_DLL)
-# pragma warning(pop)
+#pragma warning(pop)
#endif
/**
}
static CURLcode recv_closed_stream(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct h3_stream_ctx *stream,
- size_t *pnread)
+ struct Curl_easy *data,
+ struct h3_stream_ctx *stream,
+ size_t *pnread)
{
(void)cf;
*pnread = 0;
return 0;
}
-static nghttp3_ssize
-cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
- nghttp3_vec *vec, size_t veccnt,
- uint32_t *pflags, void *user_data,
- void *stream_user_data)
+static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
+ nghttp3_vec *vec, size_t veccnt,
+ uint32_t *pflags, void *user_data,
+ void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_ngtcp2_ctx *ctx = cf->ctx;
}
else if(!nwritten) {
/* Not EOF, and nothing to give, we signal WOULDBLOCK. */
- CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN",
- stream->id);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN", stream->id);
return NGHTTP3_ERR_WOULDBLOCK;
}
*/
max_payload_size = ngtcp2_conn_get_max_tx_udp_payload_size(ctx->qconn);
path_max_payload_size =
- ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
+ ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
send_quantum = ngtcp2_conn_get_send_quantum(ctx->qconn);
CURL_TRC_CF(data, cf, "egress, collect and send packets, quantum=%zu",
send_quantum);
size_t buflen = Curl_bufq_len(&ctx->q.sendbuf);
if((buflen >= send_quantum) ||
((buflen + gsolen) >= ctx->q.sendbuf.chunk_size))
- break;
+ break;
DEBUGASSERT(nread > 0);
++pktcnt;
if(pktcnt == 1) {
static const char *gtls_hs_msg_name(int mtype)
{
switch(mtype) {
- case 1: return "ClientHello";
- case 2: return "ServerHello";
- case 4: return "SessionTicket";
- case 8: return "EncryptedExtensions";
- case 11: return "Certificate";
- case 13: return "CertificateRequest";
- case 15: return "CertificateVerify";
- case 20: return "Finished";
- case 24: return "KeyUpdate";
- case 254: return "MessageHash";
+ case 1:
+ return "ClientHello";
+ case 2:
+ return "ServerHello";
+ case 4:
+ return "SessionTicket";
+ case 8:
+ return "EncryptedExtensions";
+ case 11:
+ return "Certificate";
+ case 13:
+ return "CertificateRequest";
+ case 15:
+ return "CertificateVerify";
+ case 20:
+ return "Finished";
+ case 24:
+ return "KeyUpdate";
+ case 254:
+ return "MessageHash";
}
return "Unknown";
}
#endif /* WOLFSSL_EARLY_DATA */
#endif
#if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \
- (defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA))
+ (defined(USE_OPENSSL) && defined(HAVE_OPENSSL_EARLYDATA))
if((!ctx->earlydata_max)) {
CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
}
CURL_TRC_CF(data, cf, "connection refused by server");
/* When a QUIC server instance is shutting down, it may send us a
* CONNECTION_CLOSE with this code right away. We want
- * to keep on trying in this case. */
+ * to keep on trying in this case. */
result = CURLE_WEIRD_SERVER_REPLY;
}
}
* BUT OpenSSL does not offer this information to us. So, we silently
* ignore all such streams we do not expect. */
switch(stype) {
- case SSL_STREAM_TYPE_READ: {
- struct cf_osslq_stream *nstream;
- if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) {
- /* rejected, we are full */
- CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream",
- stream_id);
- SSL_free(stream_ssl);
- return CURLE_OK;
- }
- nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
- nstream->id = stream_id;
- nstream->ssl = stream_ssl;
- Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
- CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream",
+ case SSL_STREAM_TYPE_READ: {
+ struct cf_osslq_stream *nstream;
+ if(h3->remote_ctrl_n >= CURL_ARRAYSIZE(h3->remote_ctrl)) {
+ /* rejected, we are full */
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote uni stream",
stream_id);
- return CURLE_OK;
- }
- default:
- CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s"
- " stream, type=%x", stream_id,
- (stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype);
SSL_free(stream_ssl);
return CURLE_OK;
+ }
+ nstream = &h3->remote_ctrl[h3->remote_ctrl_n++];
+ nstream->id = stream_id;
+ nstream->ssl = stream_ssl;
+ Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted remote uni stream",
+ stream_id);
+ return CURLE_OK;
+ }
+ default:
+ CURL_TRC_CF(data, cf, "[%" PRId64 "] reject remote %s"
+ " stream, type=%x", stream_id,
+ (stype == SSL_STREAM_TYPE_BIDI) ? "bidi" : "write", stype);
+ SSL_free(stream_ssl);
+ return CURLE_OK;
}
}
lerr = SSL_get_verify_result(ctx->tls.ossl.ssl);
if(lerr != X509_V_OK) {
ssl_config->certverifyresult = lerr;
- curl_msnprintf(ebuf, sizeof(ebuf),
- "SSL certificate problem: %s",
+ curl_msnprintf(ebuf, sizeof(ebuf), "SSL certificate problem: %s",
X509_verify_cert_error_string(lerr));
}
else
* the SO_ERROR is also lost.
*/
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
- char extramsg[80]="";
+ char extramsg[80] = "";
int sockerr = SOCKERRNO;
struct ip_quadruple ip;
*/
struct h3_stream_ctx {
struct cf_osslq_stream s;
- struct bufq sendbuf; /* h3 request body */
- struct bufq recvbuf; /* h3 response body */
- struct h1_req_parser h1; /* h1 request parsing */
+ struct bufq sendbuf; /* h3 request body */
+ struct bufq recvbuf; /* h3 response body */
+ struct h1_req_parser h1; /* h1 request parsing */
size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */
- size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
- uint64_t error3; /* HTTP/3 stream error code */
- curl_off_t upload_left; /* number of request bytes left to upload */
- curl_off_t download_recvd; /* number of response DATA bytes received */
- int status_code; /* HTTP status code */
- BIT(resp_hds_complete); /* we have a complete, final response */
- BIT(closed); /* TRUE on stream close */
- BIT(reset); /* TRUE on stream reset */
- BIT(send_closed); /* stream is local closed */
- BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
+ size_t recv_buf_nonflow; /* buffered bytes,
+ not counting for flow control */
+ uint64_t error3; /* HTTP/3 stream error code */
+ curl_off_t upload_left; /* number of request bytes left to upload */
+ curl_off_t download_recvd; /* number of response DATA bytes received */
+ int status_code; /* HTTP status code */
+ BIT(resp_hds_complete); /* we have a complete, final response */
+ BIT(closed); /* TRUE on stream close */
+ BIT(reset); /* TRUE on stream reset */
+ BIT(send_closed); /* stream is local closed */
+ BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
(void)cf;
if(stream) {
- CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done",
- stream->s.id);
+ CURL_TRC_CF(data, cf, "[%" PRIu64 "] easy handle is done", stream->s.id);
if(ctx->h3.conn && (stream->s.id >= 0) && !stream->closed) {
nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id);
nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id,
return 0;
}
-static nghttp3_ssize
-cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
- nghttp3_vec *vec, size_t veccnt,
- uint32_t *pflags, void *user_data,
- void *stream_user_data)
+static nghttp3_ssize cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id,
+ nghttp3_vec *vec, size_t veccnt,
+ uint32_t *pflags, void *user_data,
+ void *stream_user_data)
{
struct Curl_cfilter *cf = user_data;
struct cf_osslq_ctx *ctx = cf->ctx;
}
result = cf_osslq_stream_open(&h3->s_ctrl, conn,
- SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
+ SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
goto out;
}
result = cf_osslq_stream_open(&h3->s_qpack_enc, conn,
- SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
+ SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
goto out;
}
result = cf_osslq_stream_open(&h3->s_qpack_dec, conn,
- SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI,
+ SSL_STREAM_FLAG_ADVANCE | SSL_STREAM_FLAG_UNI,
&ctx->stream_bufcp, NULL);
if(result) {
result = CURLE_QUIC_CONNECT_ERROR;
SSL_INCOMING_STREAM_POLICY_ACCEPT, 0);
/* from our side, there is no idle timeout */
SSL_set_value_uint(ctx->tls.ossl.ssl,
- SSL_VALUE_CLASS_FEATURE_REQUEST, SSL_VALUE_QUIC_IDLE_TIMEOUT, 0);
+ SSL_VALUE_CLASS_FEATURE_REQUEST,
+ SSL_VALUE_QUIC_IDLE_TIMEOUT, 0);
/* setup the H3 things on top of the QUIC connection */
result = cf_osslq_h3conn_init(ctx, ctx->tls.ossl.ssl, cf);
fill_ctx.multi = data->multi;
fill_ctx.n = 0;
Curl_uint32_hash_visit(&ctx->streams, cf_osslq_collect_block_send,
- &fill_ctx);
+ &fill_ctx);
poll_count = fill_ctx.n;
if(poll_count) {
CURL_TRC_CF(data, cf, "polling %zu blocked streams", poll_count);
res = CURLE_UNRECOVERABLE_POLL;
if(!SSL_poll(ctx->poll_items, poll_count, sizeof(SSL_POLL_ITEM),
&timeout, 0, &result_count))
- goto out;
+ goto out;
res = CURLE_OK;
uint64_t flags = (eos && ((i + 1) == n)) ? SSL_WRITE_FLAG_CONCLUDE : 0;
written = vec[i].len;
ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
- &written);
+ &written);
if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
eos_written = TRUE;
if(ok) {
* All about the H3 internals of a stream
*/
struct h3_stream_ctx {
- uint64_t id; /* HTTP/3 protocol stream identifier */
- struct bufq recvbuf; /* h3 response */
+ uint64_t id; /* HTTP/3 protocol stream identifier */
+ struct bufq recvbuf; /* h3 response */
struct h1_req_parser h1; /* h1 request parsing */
- uint64_t error3; /* HTTP/3 stream error code */
- BIT(opened); /* TRUE after stream has been opened */
- BIT(closed); /* TRUE on stream close */
- BIT(reset); /* TRUE on stream reset */
- BIT(send_closed); /* stream is locally closed */
+ uint64_t error3; /* HTTP/3 stream error code */
+ BIT(opened); /* TRUE after stream has been opened */
+ BIT(closed); /* TRUE on stream close */
+ BIT(reset); /* TRUE on stream reset */
+ BIT(send_closed); /* stream is locally closed */
BIT(resp_hds_complete); /* final response has been received */
- BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */
- BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
+ BIT(resp_got_header); /* TRUE when h3 stream has recvd some HEADER */
+ BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */
};
static void h3_stream_ctx_free(struct h3_stream_ctx *stream)
/*
* write_resp_raw() copies response data in raw format to the `data`'s
- * receive buffer. If not enough space is available, it appends to the
+ * receive buffer. If not enough space is available, it appends to the
* `data`'s overflow buffer.
*/
static CURLcode write_resp_raw(struct Curl_cfilter *cf,
timeout_ns = quiche_conn_timeout_as_nanos(ctx->qconn);
if(timeout_ns % 1000000)
timeout_ns += 1000000;
- /* expire resolution is milliseconds */
+ /* expire resolution is milliseconds */
Curl_expire(data, (timeout_ns / 1000000), EXPIRE_QUIC);
return result;
}
DEBUGASSERT(stream);
result = Curl_h1_req_parse_read(&stream->h1, buf, blen, NULL,
- !data->state.http_ignorecustom ?
- data->set.str[STRING_CUSTOMREQUEST] : NULL,
- 0, pnwritten);
+ !data->state.http_ignorecustom ?
+ data->set.str[STRING_CUSTOMREQUEST] : NULL,
+ 0, pnwritten);
if(result)
goto out;
if(!stream->h1.done) {
int qfd;
(void)Curl_qlogdir(data, ctx->scid, sizeof(ctx->scid), &qfd);
if(qfd != -1)
- quiche_conn_set_qlog_fd(ctx->qconn, qfd,
- "qlog title", "curl qlog");
+ quiche_conn_set_qlog_fd(ctx->qconn, qfd, "qlog title", "curl qlog");
}
#endif
return result;
}
#else
- (void)ctx; (void)cf; (void)data;
+ (void)ctx;
+ (void)cf;
+ (void)data;
#endif
return CURLE_OK;
}
#elif defined(USE_WOLFSSL)
(void)data;
if(conn_config->verifyhost) {
- WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl);
+ WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(ctx->wssl.ssl);
if(!cert)
result = CURLE_OUT_OF_MEMORY;
else if(peer->sni &&
return result;
}
-
bool Curl_vquic_tls_get_ssl_info(struct curl_tls_ctx *ctx,
bool give_ssl_ctx,
struct curl_tlssessioninfo *info)
/**
* Initialize the QUIC TLS instances based of the SSL configurations
* for the connection filter, transfer and peer.
- * @param ctx the TLS context to initialize
- * @param cf the connection filter involved
- * @param data the transfer involved
- * @param peer the peer that will be connected to
- * @param alpns the ALPN specifications to negotiate, may be NULL
- * @param cb_setup optional callback for early TLS config
- * @param cb_user_data user_data param for callback
- * @param ssl_user_data optional pointer to set in TLS application context
+ * @param ctx the TLS context to initialize
+ * @param cf the connection filter involved
+ * @param data the transfer involved
+ * @param peer the peer that will be connected to
+ * @param alpns the ALPN specifications to negotiate, may be NULL
+ * @param cb_setup optional callback for early TLS config
+ * @param cb_user_data user_data param for callback
+ * @param ssl_user_data optional pointer to set in TLS application context
* @param session_reuse_cb callback to handle session reuse, signal early data
*/
CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx,
unsigned char c;
*psent = 0;
Curl_rand(data, &c, 1);
- if(c >= ((100-qctx->wblock_percent)*256/100)) {
+ if(c >= ((100 - qctx->wblock_percent) * 256 / 100)) {
CURL_TRC_CF(data, cf, "vquic_flush() simulate EWOULDBLOCK");
return CURLE_AGAIN;
}
qctx->split_gsolen = gsolen;
qctx->gsolen = tail_gsolen;
CURL_TRC_CF(data, cf, "vquic_send_tail_split: [%zu gso=%zu][%zu gso=%zu]",
- qctx->split_len, qctx->split_gsolen,
- tail_len, qctx->gsolen);
+ qctx->split_len, qctx->split_gsolen, tail_len, qctx->gsolen);
return vquic_flush(cf, data, qctx);
}
{
struct iovec msg_iov;
struct msghdr msg;
- uint8_t buf[64*1024];
+ uint8_t buf[64 * 1024];
struct sockaddr_storage remote_addr;
size_t total_nread, pkts, calls;
ssize_t rc;
size_t max_pkts,
vquic_recv_pkts_cb *recv_cb, void *userp)
{
- uint8_t buf[64*1024];
+ uint8_t buf[64 * 1024];
int bufsize = (int)sizeof(buf);
struct sockaddr_storage remote_addr;
socklen_t remote_addrlen = sizeof(remote_addr);
#define MAX_UDP_PAYLOAD_SIZE 1452
struct cf_quic_ctx {
- curl_socket_t sockfd; /* connected UDP socket */
+ curl_socket_t sockfd; /* connected UDP socket */
struct sockaddr_storage local_addr; /* address socket is bound to */
- socklen_t local_addrlen; /* length of local address */
-
- struct bufq sendbuf; /* buffer for sending one or more packets */
- struct curltime first_byte_at; /* when first byte was recvd */
- struct curltime last_op; /* last (attempted) send/recv operation */
- struct curltime last_io; /* last successful socket IO */
- size_t gsolen; /* length of individual packets in send buf */
- size_t split_len; /* if != 0, buffer length after which GSO differs */
+ socklen_t local_addrlen; /* length of local address */
+
+ struct bufq sendbuf; /* buffer for sending one or more packets */
+ struct curltime first_byte_at; /* when first byte was recvd */
+ struct curltime last_op; /* last (attempted) send/recv operation */
+ struct curltime last_io; /* last successful socket IO */
+ size_t gsolen; /* length of individual packets in send buf */
+ size_t split_len; /* if != 0, buffer length after which GSO differs */
size_t split_gsolen; /* length of individual packets after split_len */
#ifdef DEBUGBUILD
- int wblock_percent; /* percent of writes doing EAGAIN */
+ int wblock_percent; /* percent of writes doing EAGAIN */
#endif
BIT(got_first_byte); /* if first byte was received */
- BIT(no_gso); /* do not use gso on sending */
+ BIT(no_gso); /* do not use gso on sending */
};
-#define H3_STREAM_CTX(ctx,data) \
+#define H3_STREAM_CTX(ctx, data) \
(data ? Curl_uint32_hash_get(&(ctx)->streams, (data)->mid) : NULL)
CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx);
CURLcode vquic_flush(struct Curl_cfilter *cf, struct Curl_easy *data,
struct cf_quic_ctx *qctx);
-
typedef CURLcode vquic_recv_pkts_cb(const unsigned char *buf, size_t buflen,
size_t gso_size,
struct sockaddr_storage *remote_addr,
/* A recent macro provided by libssh. Or make our own. */
#ifndef SSH_STRING_FREE_CHAR
-#define SSH_STRING_FREE_CHAR(x) \
- do { \
- if(x) { \
- ssh_string_free_char(x); \
- x = NULL; \
- } \
+#define SSH_STRING_FREE_CHAR(x) \
+ do { \
+ if(x) { \
+ ssh_string_free_char(x); \
+ x = NULL; \
+ } \
} while(0)
#endif
static CURLcode sftp_disconnect(struct Curl_easy *data,
struct connectdata *conn,
bool dead);
-static
-CURLcode sftp_perform(struct Curl_easy *data,
- bool *connected,
- bool *dophase_done);
+static CURLcode sftp_perform(struct Curl_easy *data,
+ bool *connected,
+ bool *dophase_done);
static CURLcode myssh_pollset(struct Curl_easy *data,
struct easy_pollset *ps);
static CURLcode sftp_error_to_CURLE(int err)
{
switch(err) {
- case SSH_FX_OK:
- return CURLE_OK;
+ case SSH_FX_OK:
+ return CURLE_OK;
- case SSH_FX_NO_SUCH_FILE:
- case SSH_FX_NO_SUCH_PATH:
- return CURLE_REMOTE_FILE_NOT_FOUND;
+ case SSH_FX_NO_SUCH_FILE:
+ case SSH_FX_NO_SUCH_PATH:
+ return CURLE_REMOTE_FILE_NOT_FOUND;
- case SSH_FX_PERMISSION_DENIED:
- case SSH_FX_WRITE_PROTECT:
- return CURLE_REMOTE_ACCESS_DENIED;
+ case SSH_FX_PERMISSION_DENIED:
+ case SSH_FX_WRITE_PROTECT:
+ return CURLE_REMOTE_ACCESS_DENIED;
- case SSH_FX_FILE_ALREADY_EXISTS:
- return CURLE_REMOTE_FILE_EXISTS;
+ case SSH_FX_FILE_ALREADY_EXISTS:
+ return CURLE_REMOTE_FILE_EXISTS;
- default:
- break;
+ default:
+ break;
}
return CURLE_SSH;
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
static const char *myssh_statename(sshstate state)
{
- static const char *const names[] = {
+ static const char * const names[] = {
"SSH_STOP",
"SSH_INIT",
"SSH_S_STARTUP",
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
-#define myssh_to(x,y,z) myssh_set_state(x,y,z)
+#define myssh_to(x, y, z) myssh_set_state(x, y, z)
/*
* SSH State machine related code
enum curl_khmatch keymatch;
struct curl_khkey foundkey;
struct curl_khkey *knownkeyp = NULL;
- curl_sshkeycallback func =
- data->set.ssh_keyfunc;
+ curl_sshkeycallback func = data->set.ssh_keyfunc;
struct ssh_knownhosts_entry *knownhostsentry = NULL;
struct curl_khkey knownkey;
char md5buffer[33];
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5,
- &hash, &hlen);
+ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen);
if(rc != SSH_OK || hlen != 16) {
failf(data,
"Denied establishing ssh session: md5 fingerprint not available");
}
for(i = 0; i < 16; i++)
- curl_msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char)hash[i]);
+ curl_msnprintf(&md5buffer[i * 2], 3, "%02x", (unsigned char)hash[i]);
infof(data, "SSH MD5 fingerprint: %s", md5buffer);
Curl_set_in_callback(data, TRUE);
rc = func(data, knownkeyp, /* from the knownhosts file */
- &foundkey, /* from the remote host */
+ &foundkey, /* from the remote host */
keymatch, data->set.ssh_keyfunc_userp);
Curl_set_in_callback(data, FALSE);
struct ssh_conn *sshc)
{
myssh_to(data, sshc, SSH_SFTP_CLOSE);
- sshc->actualcode =
- sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session));
+ sshc->actualcode = sftp_error_to_CURLE(sftp_get_error(sshc->sftp_session));
return SSH_ERROR;
}
sshc->actualcode = result;
return SSH_NO_ERROR;
}
-
}
else {
if(curlx_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) {
Curl_safefree(sshc->readdir_linkPath);
- if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s",
- sshc->readdir_filename)) {
+ if(curlx_dyn_addf(&sshc->readdir_buf, " -> %s", sshc->readdir_filename)) {
/* Not using:
* return myssh_to_SFTP_CLOSE(data, sshc);
*
restart:
switch(sshc->kbd_state) {
- case 0:
- rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
- if(rc == SSH_AUTH_AGAIN)
- return SSH_AGAIN;
+ case 0:
+ rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
+ if(rc == SSH_AUTH_AGAIN)
+ return SSH_AGAIN;
- if(rc != SSH_AUTH_INFO)
- return SSH_ERROR;
+ if(rc != SSH_AUTH_INFO)
+ return SSH_ERROR;
- nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
- if(nprompts != 1)
- return SSH_ERROR;
+ nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
+ if(nprompts != 1)
+ return SSH_ERROR;
- rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd);
- if(rc < 0)
- return SSH_ERROR;
+ rc = ssh_userauth_kbdint_setanswer(sshc->ssh_session, 0, conn->passwd);
+ if(rc < 0)
+ return SSH_ERROR;
- FALLTHROUGH();
- case 1:
- sshc->kbd_state = 1;
+ FALLTHROUGH();
+ case 1:
+ sshc->kbd_state = 1;
- rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
- if(rc == SSH_AUTH_AGAIN)
- return SSH_AGAIN;
- else if(rc == SSH_AUTH_SUCCESS)
- rc = SSH_OK;
- else if(rc == SSH_AUTH_INFO) {
- nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
- if(nprompts)
- return SSH_ERROR;
+ rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
+ if(rc == SSH_AUTH_AGAIN)
+ return SSH_AGAIN;
+ else if(rc == SSH_AUTH_SUCCESS)
+ rc = SSH_OK;
+ else if(rc == SSH_AUTH_INFO) {
+ nprompts = ssh_userauth_kbdint_getnprompts(sshc->ssh_session);
+ if(nprompts)
+ return SSH_ERROR;
- sshc->kbd_state = 2;
- goto restart;
- }
- else
- rc = SSH_ERROR;
- break;
- case 2:
sshc->kbd_state = 2;
+ goto restart;
+ }
+ else
+ rc = SSH_ERROR;
+ break;
+ case 2:
+ sshc->kbd_state = 2;
- rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
- if(rc == SSH_AUTH_AGAIN)
- return SSH_AGAIN;
- else if(rc == SSH_AUTH_SUCCESS)
- rc = SSH_OK;
- else
- rc = SSH_ERROR;
+ rc = ssh_userauth_kbdint(sshc->ssh_session, NULL, NULL);
+ if(rc == SSH_AUTH_AGAIN)
+ return SSH_AGAIN;
+ else if(rc == SSH_AUTH_SUCCESS)
+ rc = SSH_OK;
+ else
+ rc = SSH_ERROR;
- break;
- default:
- return SSH_ERROR;
+ break;
+ default:
+ return SSH_ERROR;
}
sshc->kbd_state = 0;
* (2) use the "default" keys. */
if(data->set.str[STRING_SSH_PRIVATE_KEY]) {
if(sshc->pubkey && !data->set.ssl.key_passwd) {
- rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL,
- sshc->pubkey);
+ rc = ssh_userauth_try_publickey(sshc->ssh_session, NULL, sshc->pubkey);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
}
else {
rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL,
- data->set.ssl.key_passwd);
+ data->set.ssl.key_passwd);
if(rc == SSH_AUTH_AGAIN)
return SSH_AGAIN;
}
else
/* Clear file before writing (normal behavior) */
- flags = O_WRONLY|O_CREAT|O_TRUNC;
+ flags = O_WRONLY | O_CREAT | O_TRUNC;
if(sshc->sftp_file)
sftp_close(sshc->sftp_file);
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */
do {
- char scratch[4*1024];
+ char scratch[4 * 1024];
size_t readthisamountnow =
(data->state.resume_from - passed >
(curl_off_t)sizeof(scratch)) ?
/* Now store the number of bytes we are expected to download */
data->req.size = size - data->state.resume_from;
data->req.maxdownload = size - data->state.resume_from;
- Curl_pgrsSetDownloadSize(data,
- size - data->state.resume_from);
+ Curl_pgrsSetDownloadSize(data, size - data->state.resume_from);
rc = sftp_seek64(sshc->sftp_file, data->state.resume_from);
if(rc)
if(conn && CONN_SOCK_IDX_VALID(sockindex)) {
struct Curl_cfilter *cf = conn->cfilter[sockindex];
if(cf)
- (void)Curl_conn_cf_cntrl(cf, data, TRUE,
- CF_CTRL_FORGET_SOCKET, 0, NULL);
+ (void)Curl_conn_cf_cntrl(cf, data, TRUE, CF_CTRL_FORGET_SOCKET, 0, NULL);
fake_sclose(conn->sock[sockindex]);
conn->sock[sockindex] = CURL_SOCKET_BAD;
}
break;
if(rc && !sshc->acceptfail) {
Curl_safefree(sshc->quote_path1);
- failf(data, "rm command failed: %s",
- ssh_get_error(sshc->ssh_session));
+ failf(data, "rm command failed: %s", ssh_get_error(sshc->ssh_session));
myssh_to(data, sshc, SSH_SFTP_CLOSE);
sshc->nextstate = SSH_NO_STATE;
sshc->actualcode = CURLE_QUOTE_ERROR;
if(data->state.upload)
myssh_to(data, sshc, SSH_SFTP_UPLOAD_INIT);
else if(sshp) {
- if(sshp->path[strlen(sshp->path)-1] == '/')
+ if(sshp->path[strlen(sshp->path) - 1] == '/')
myssh_to(data, sshc, SSH_SFTP_READDIR_INIT);
else
myssh_to(data, sshc, SSH_SFTP_DOWNLOAD_INIT);
FALLTHROUGH();
case SSH_SCP_DOWNLOAD: {
- curl_off_t bytecount;
+ curl_off_t bytecount;
- rc = ssh_scp_pull_request(sshc->scp_session);
- if(rc != SSH_SCP_REQUEST_NEWFILE) {
- err_msg = ssh_get_error(sshc->ssh_session);
- failf(data, "%s", err_msg);
- rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND);
- break;
- }
+ rc = ssh_scp_pull_request(sshc->scp_session);
+ if(rc != SSH_SCP_REQUEST_NEWFILE) {
+ err_msg = ssh_get_error(sshc->ssh_session);
+ failf(data, "%s", err_msg);
+ rc = myssh_to_ERROR(data, sshc, CURLE_REMOTE_FILE_NOT_FOUND);
+ break;
+ }
- /* download data */
- bytecount = ssh_scp_request_get_size(sshc->scp_session);
- data->req.maxdownload = (curl_off_t) bytecount;
- Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount);
+ /* download data */
+ bytecount = ssh_scp_request_get_size(sshc->scp_session);
+ data->req.maxdownload = (curl_off_t)bytecount;
+ Curl_xfer_setup_recv(data, FIRSTSOCKET, bytecount);
- /* not set by Curl_xfer_setup to preserve keepon bits */
- conn->send_idx = 0;
+ /* not set by Curl_xfer_setup to preserve keepon bits */
+ conn->send_idx = 0;
- myssh_to(data, sshc, SSH_STOP);
- break;
+ myssh_to(data, sshc, SSH_STOP);
+ break;
}
case SSH_SCP_DONE:
if(data->state.upload)
sshc->nextstate = SSH_NO_STATE;
myssh_to(data, sshc, SSH_STOP);
break;
-
}
/* break the loop only on STOP or SSH_AGAIN. If `rc` is some
* other error code, we will have progressed the state accordingly. */
return result;
}
-
/* called by the multi interface to figure out what socket(s) to wait for and
for what actions in the DO_DONE, PERFORM and WAITPERFORM states */
static CURLcode myssh_pollset(struct Curl_easy *data,
(void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, CURL_SOCKET_BAD,
left_ms > 1000 ? 1000 : left_ms);
}
-
}
return result;
* the options previously setup.
*/
-static
-CURLcode scp_perform(struct Curl_easy *data,
- bool *connected, bool *dophase_done)
+static CURLcode scp_perform(struct Curl_easy *data,
+ bool *connected, bool *dophase_done)
{
CURLcode result = CURLE_OK;
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
return result;
}
-
static CURLcode scp_done(struct Curl_easy *data, CURLcode status,
bool premature)
{
* the options previously setup.
*/
-static
-CURLcode sftp_perform(struct Curl_easy *data,
- bool *connected,
- bool *dophase_done)
+static CURLcode sftp_perform(struct Curl_easy *data,
+ bool *connected,
+ bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
switch(sshc->sftp_send_state) {
- case 0:
- sftp_file_set_nonblocking(sshc->sftp_file);
- if(sftp_aio_begin_write(sshc->sftp_file, mem, len,
- &sshc->sftp_send_aio) == SSH_ERROR) {
- return CURLE_SEND_ERROR;
- }
- sshc->sftp_send_state = 1;
- FALLTHROUGH();
- case 1:
- nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio);
- myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE);
- if(nwrite == SSH_AGAIN)
- return CURLE_AGAIN;
- else if(nwrite < 0)
- return CURLE_SEND_ERROR;
-
- /*
- * sftp_aio_wait_write() would free sftp_send_aio and
- * assign it NULL in all cases except when it returns
- * SSH_AGAIN.
- */
-
- sshc->sftp_send_state = 0;
- *pnwritten = (size_t)nwrite;
- return CURLE_OK;
- default:
- /* we never reach here */
+ case 0:
+ sftp_file_set_nonblocking(sshc->sftp_file);
+ if(sftp_aio_begin_write(sshc->sftp_file, mem, len,
+ &sshc->sftp_send_aio) == SSH_ERROR) {
return CURLE_SEND_ERROR;
+ }
+ sshc->sftp_send_state = 1;
+ FALLTHROUGH();
+ case 1:
+ nwrite = sftp_aio_wait_write(&sshc->sftp_send_aio);
+ myssh_block2waitfor(conn, sshc, (nwrite == SSH_AGAIN) ? TRUE : FALSE);
+ if(nwrite == SSH_AGAIN)
+ return CURLE_AGAIN;
+ else if(nwrite < 0)
+ return CURLE_SEND_ERROR;
+
+ /*
+ * sftp_aio_wait_write() would free sftp_send_aio and
+ * assign it NULL in all cases except when it returns
+ * SSH_AGAIN.
+ */
+
+ sshc->sftp_send_state = 0;
+ *pnwritten = (size_t)nwrite;
+ return CURLE_OK;
+ default:
+ /* we never reach here */
+ return CURLE_SEND_ERROR;
}
#else
/*
return CURLE_FAILED_INIT;
switch(sshc->sftp_recv_state) {
- case 0:
+ case 0:
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
- if(sftp_aio_begin_read(sshc->sftp_file, len,
- &sshc->sftp_recv_aio) == SSH_ERROR) {
- return CURLE_RECV_ERROR;
- }
+ if(sftp_aio_begin_read(sshc->sftp_file, len,
+ &sshc->sftp_recv_aio) == SSH_ERROR) {
+ return CURLE_RECV_ERROR;
+ }
#else
- sshc->sftp_file_index =
- sftp_async_read_begin(sshc->sftp_file, (uint32_t)len);
- if(sshc->sftp_file_index < 0)
- return CURLE_RECV_ERROR;
+ sshc->sftp_file_index =
+ sftp_async_read_begin(sshc->sftp_file, (uint32_t)len);
+ if(sshc->sftp_file_index < 0)
+ return CURLE_RECV_ERROR;
#endif
- FALLTHROUGH();
- case 1:
- sshc->sftp_recv_state = 1;
+ FALLTHROUGH();
+ case 1:
+ sshc->sftp_recv_state = 1;
#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
- nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len);
+ nread = sftp_aio_wait_read(&sshc->sftp_recv_aio, mem, len);
#else
- nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len,
- (uint32_t)sshc->sftp_file_index);
+ nread = sftp_async_read(sshc->sftp_file, mem, (uint32_t)len,
+ (uint32_t)sshc->sftp_file_index);
#endif
- myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN));
+ myssh_block2waitfor(conn, sshc, (nread == SSH_AGAIN));
- if(nread == SSH_AGAIN)
- return CURLE_AGAIN;
- else if(nread < 0)
- return CURLE_RECV_ERROR;
+ if(nread == SSH_AGAIN)
+ return CURLE_AGAIN;
+ else if(nread < 0)
+ return CURLE_RECV_ERROR;
- /*
- * sftp_aio_wait_read() would free sftp_recv_aio and
- * assign it NULL in all cases except when it returns
- * SSH_AGAIN.
- */
+ /*
+ * sftp_aio_wait_read() would free sftp_recv_aio and
+ * assign it NULL in all cases except when it returns
+ * SSH_AGAIN.
+ */
- sshc->sftp_recv_state = 0;
- *pnread = (size_t)nread;
- return CURLE_OK;
+ sshc->sftp_recv_state = 0;
+ *pnread = (size_t)nread;
+ return CURLE_OK;
- default:
- /* we never reach here */
- return CURLE_RECV_ERROR;
+ default:
+ /* we never reach here */
+ return CURLE_RECV_ERROR;
}
}
-
CURLcode Curl_ssh_init(void)
{
if(ssh_init()) {
(void)curl_msnprintf(buffer, buflen, "libssh/%s", ssh_version(0));
}
-#endif /* USE_LIBSSH */
+#endif /* USE_LIBSSH */
PROTOPT_NOURLQUERY | PROTOPT_CONN_REUSE
};
-static void
-kbd_callback(const char *name, int name_len, const char *instruction,
- int instruction_len, int num_prompts,
- const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
- LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
- void **abstract)
+static void kbd_callback(const char *name, int name_len,
+ const char *instruction, int instruction_len,
+ int num_prompts,
+ const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
+ LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
+ void **abstract)
{
struct Curl_easy *data = (struct Curl_easy *)*abstract;
static CURLcode sftp_libssh2_error_to_CURLE(unsigned long err)
{
switch(err) {
- case LIBSSH2_FX_OK:
- return CURLE_OK;
+ case LIBSSH2_FX_OK:
+ return CURLE_OK;
- case LIBSSH2_FX_NO_SUCH_FILE:
- case LIBSSH2_FX_NO_SUCH_PATH:
- return CURLE_REMOTE_FILE_NOT_FOUND;
+ case LIBSSH2_FX_NO_SUCH_FILE:
+ case LIBSSH2_FX_NO_SUCH_PATH:
+ return CURLE_REMOTE_FILE_NOT_FOUND;
- case LIBSSH2_FX_PERMISSION_DENIED:
- case LIBSSH2_FX_WRITE_PROTECT:
- case LIBSSH2_FX_LOCK_CONFlICT:
- return CURLE_REMOTE_ACCESS_DENIED;
+ case LIBSSH2_FX_PERMISSION_DENIED:
+ case LIBSSH2_FX_WRITE_PROTECT:
+ case LIBSSH2_FX_LOCK_CONFlICT:
+ return CURLE_REMOTE_ACCESS_DENIED;
- case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
- case LIBSSH2_FX_QUOTA_EXCEEDED:
- return CURLE_REMOTE_DISK_FULL;
+ case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
+ case LIBSSH2_FX_QUOTA_EXCEEDED:
+ return CURLE_REMOTE_DISK_FULL;
- case LIBSSH2_FX_FILE_ALREADY_EXISTS:
- return CURLE_REMOTE_FILE_EXISTS;
+ case LIBSSH2_FX_FILE_ALREADY_EXISTS:
+ return CURLE_REMOTE_FILE_EXISTS;
- case LIBSSH2_FX_DIR_NOT_EMPTY:
- return CURLE_QUOTE_ERROR;
+ case LIBSSH2_FX_DIR_NOT_EMPTY:
+ return CURLE_QUOTE_ERROR;
- default:
- break;
+ default:
+ break;
}
return CURLE_SSH;
static CURLcode libssh2_session_error_to_CURLE(int err)
{
switch(err) {
- /* Ordered by order of appearance in libssh2.h */
- case LIBSSH2_ERROR_NONE:
- return CURLE_OK;
+ /* Ordered by order of appearance in libssh2.h */
+ case LIBSSH2_ERROR_NONE:
+ return CURLE_OK;
- /* This is the error returned by libssh2_scp_recv2
- * on unknown file */
- case LIBSSH2_ERROR_SCP_PROTOCOL:
- return CURLE_REMOTE_FILE_NOT_FOUND;
+ /* This is the error returned by libssh2_scp_recv2
+ * on unknown file */
+ case LIBSSH2_ERROR_SCP_PROTOCOL:
+ return CURLE_REMOTE_FILE_NOT_FOUND;
- case LIBSSH2_ERROR_SOCKET_NONE:
- return CURLE_COULDNT_CONNECT;
+ case LIBSSH2_ERROR_SOCKET_NONE:
+ return CURLE_COULDNT_CONNECT;
- case LIBSSH2_ERROR_ALLOC:
- return CURLE_OUT_OF_MEMORY;
+ case LIBSSH2_ERROR_ALLOC:
+ return CURLE_OUT_OF_MEMORY;
- case LIBSSH2_ERROR_SOCKET_SEND:
- return CURLE_SEND_ERROR;
+ case LIBSSH2_ERROR_SOCKET_SEND:
+ return CURLE_SEND_ERROR;
- case LIBSSH2_ERROR_HOSTKEY_INIT:
- case LIBSSH2_ERROR_HOSTKEY_SIGN:
- case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
- case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
- return CURLE_PEER_FAILED_VERIFICATION;
+ case LIBSSH2_ERROR_HOSTKEY_INIT:
+ case LIBSSH2_ERROR_HOSTKEY_SIGN:
+ case LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED:
+ case LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED:
+ return CURLE_PEER_FAILED_VERIFICATION;
- case LIBSSH2_ERROR_PASSWORD_EXPIRED:
- return CURLE_LOGIN_DENIED;
+ case LIBSSH2_ERROR_PASSWORD_EXPIRED:
+ return CURLE_LOGIN_DENIED;
- case LIBSSH2_ERROR_SOCKET_TIMEOUT:
- case LIBSSH2_ERROR_TIMEOUT:
- return CURLE_OPERATION_TIMEDOUT;
+ case LIBSSH2_ERROR_SOCKET_TIMEOUT:
+ case LIBSSH2_ERROR_TIMEOUT:
+ return CURLE_OPERATION_TIMEDOUT;
- case LIBSSH2_ERROR_EAGAIN:
- return CURLE_AGAIN;
+ case LIBSSH2_ERROR_EAGAIN:
+ return CURLE_AGAIN;
}
return CURLE_SSH;
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
static const char *myssh_statename(sshstate state)
{
- static const char *const names[] = {
+ static const char * const names[] = {
"SSH_STOP",
"SSH_INIT",
"SSH_S_STARTUP",
#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
-#define myssh_state(x,y,z) myssh_set_state(x,y,z)
+#define myssh_state(x, y, z) myssh_set_state(x, y, z)
/*
* SSH State machine related code
/* The fingerprint points to static storage (!), do not free() it. */
int i;
for(i = 0; i < 16; i++) {
- curl_msnprintf(&md5buffer[i*2], 3, "%02x",
+ curl_msnprintf(&md5buffer[i * 2], 3, "%02x",
(unsigned char)fingerprint[i]);
}
rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp,
(int)keytype, remotekey, keylen);
Curl_set_in_callback(data, FALSE);
- if(rc!= CURLKHMATCH_OK) {
+ if(rc != CURLKHMATCH_OK) {
myssh_state(data, sshc, SSH_SESSION_FREE);
return CURLE_PEER_FAILED_VERIFICATION;
}
return CURLE_QUOTE_ERROR;
}
-static CURLcode
-sftp_upload_init(struct Curl_easy *data,
- struct ssh_conn *sshc,
- struct SSHPROTO *sshp,
- bool *blockp)
+static CURLcode sftp_upload_init(struct Curl_easy *data,
+ struct ssh_conn *sshc,
+ struct SSHPROTO *sshp,
+ bool *blockp)
{
unsigned long flags;
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */
do {
- char scratch[4*1024];
+ char scratch[4 * 1024];
size_t readthisamountnow =
(data->state.resume_from - passed >
(curl_off_t)sizeof(scratch)) ?
return 0;
}
-static CURLcode
-sftp_quote_stat(struct Curl_easy *data,
- struct ssh_conn *sshc,
- struct SSHPROTO *sshp,
- bool *blockp)
+static CURLcode sftp_quote_stat(struct Curl_easy *data,
+ struct ssh_conn *sshc,
+ struct SSHPROTO *sshp,
+ bool *blockp)
{
char *cmd = sshc->quote_item->data;
sshc->acceptfail = FALSE;
return CURLE_QUOTE_ERROR;
}
-static CURLcode
-sftp_download_stat(struct Curl_easy *data,
- struct ssh_conn *sshc,
- struct SSHPROTO *sshp,
- bool *blockp)
+static CURLcode sftp_download_stat(struct Curl_easy *data,
+ struct ssh_conn *sshc,
+ struct SSHPROTO *sshp,
+ bool *blockp)
{
LIBSSH2_SFTP_ATTRIBUTES attrs;
int rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshp->path,
/* Now store the number of bytes we are expected to download */
data->req.size = attrs.filesize - data->state.resume_from;
data->req.maxdownload = attrs.filesize - data->state.resume_from;
- Curl_pgrsSetDownloadSize(data,
- attrs.filesize - data->state.resume_from);
+ Curl_pgrsSetDownloadSize(data, attrs.filesize - data->state.resume_from);
libssh2_sftp_seek64(sshc->sftp_handle,
(libssh2_uint64_t)data->state.resume_from);
}
return result;
}
if(rc > 0) {
- size_t readdir_len = (size_t) rc;
+ size_t readdir_len = (size_t)rc;
sshp->readdir_filename[readdir_len] = '\0';
if(data->set.list_only) {
myssh_state(data, sshc, SSH_SESSION_FREE);
return libssh2_session_error_to_CURLE(rc);
}
- infof(data, "SSH authentication methods available: %s",
- sshc->authlist);
+ infof(data, "SSH authentication methods available: %s", sshc->authlist);
myssh_state(data, sshc, SSH_AUTH_PKEY_INIT);
return CURLE_OK;
err_msg = unknown;
}
else {
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
}
infof(data, "SSH public key authentication failed: %s", err_msg);
myssh_state(data, sshc, SSH_AUTH_PASS_INIT);
struct ssh_conn *sshc)
{
int rc = 0;
- if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT)
- && (strstr(sshc->authlist, "publickey") != NULL)) {
+ if((data->set.ssh_auth_types & CURLSSH_AUTH_AGENT) &&
+ (strstr(sshc->authlist, "publickey") != NULL)) {
/* Connect to the ssh-agent */
/* The agent could be shared by a curl thread i believe
static CURLcode ssh_state_auth_key_init(struct Curl_easy *data,
struct ssh_conn *sshc)
{
- if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD)
- && (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
+ if((data->set.ssh_auth_types & CURLSSH_AUTH_KEYBOARD) &&
+ (strstr(sshc->authlist, "keyboard-interactive") != NULL)) {
myssh_state(data, sshc, SSH_AUTH_KEY);
}
else {
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "Failure initializing sftp session: %s", err_msg);
myssh_state(data, sshc, SSH_SESSION_FREE);
return CURLE_FAILED_INIT;
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
- ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0));
+ ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "%s", err_msg);
myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE);
return libssh2_session_error_to_CURLE(ssh_err);
if(rc < 0) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
sshc->sftp_handle = NULL;
if(rc < 0) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session, &err_msg,
- NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
sshc->sftp_handle = NULL;
LIBSSH2_ERROR_EAGAIN)
return CURLE_AGAIN;
- ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0));
+ ssh_err = libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
failf(data, "%s", err_msg);
myssh_state(data, sshc, SSH_SCP_CHANNEL_FREE);
result = libssh2_session_error_to_CURLE(ssh_err);
if(rc < 0) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- infof(data, "Failed to free libssh2 scp subsystem: %d %s",
- rc, err_msg);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
+ infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
}
sshc->ssh_channel = NULL;
}
if(rc < 0) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- infof(data, "Failed to disconnect libssh2 session: %d %s",
- rc, err_msg);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
+ infof(data, "Failed to disconnect libssh2 session: %d %s", rc, err_msg);
}
}
}
break;
- case SSH_SFTP_FILETIME:
- {
+ case SSH_SFTP_FILETIME: {
LIBSSH2_SFTP_ATTRIBUTES attrs;
int rc;
if(data->state.upload)
myssh_state(data, sshc, SSH_SFTP_UPLOAD_INIT);
else if(sshp) {
- if(sshp->path[strlen(sshp->path)-1] == '/')
+ if(sshp->path[strlen(sshp->path) - 1] == '/')
myssh_state(data, sshc, SSH_SFTP_READDIR_INIT);
else
myssh_state(data, sshc, SSH_SFTP_DOWNLOAD_INIT);
dir = libssh2_session_block_directions(sshc->ssh_session);
if(dir) {
/* translate the libssh2 define bits into our own bit defines */
- sshc->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) |
- ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0);
+ sshc->waitfor = ((dir & LIBSSH2_SESSION_BLOCK_INBOUND) ? KEEP_RECV : 0) |
+ ((dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) ? KEEP_SEND : 0);
}
}
if(!dir)
{
const char *crypto_str;
switch(libssh2_crypto_engine()) {
- case libssh2_gcrypt:
- crypto_str = "libgcrypt";
- break;
- case libssh2_mbedtls:
- crypto_str = "mbedTLS";
- break;
- case libssh2_openssl:
- crypto_str = "openssl compatible";
- break;
- case libssh2_os400qc3:
- crypto_str = "OS400QC3";
- break;
- case libssh2_wincng:
- crypto_str = "WinCNG";
- break;
- default:
- crypto_str = NULL;
- break;
+ case libssh2_gcrypt:
+ crypto_str = "libgcrypt";
+ break;
+ case libssh2_mbedtls:
+ crypto_str = "mbedTLS";
+ break;
+ case libssh2_openssl:
+ crypto_str = "openssl compatible";
+ break;
+ case libssh2_os400qc3:
+ crypto_str = "OS400QC3";
+ break;
+ case libssh2_wincng:
+ crypto_str = "WinCNG";
+ break;
+ default:
+ crypto_str = NULL;
+ break;
}
if(crypto_str)
infof(data, "libssh2 cryptography backend: %s", crypto_str);
* the options previously setup.
*/
-static
-CURLcode scp_perform(struct Curl_easy *data,
- bool *connected,
- bool *dophase_done)
+static CURLcode scp_perform(struct Curl_easy *data,
+ bool *connected,
+ bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
rc = libssh2_agent_disconnect(sshc->ssh_agent);
if((rc < 0) && data) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to disconnect from libssh2 agent: %d %s",
rc, err_msg);
}
rc = libssh2_sftp_close(sshc->sftp_handle);
if((rc < 0) && data) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session, &err_msg,
- NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to close libssh2 file: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
rc = libssh2_channel_free(sshc->ssh_channel);
if((rc < 0) && data) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- infof(data, "Failed to free libssh2 scp subsystem: %d %s",
- rc, err_msg);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
+ infof(data, "Failed to free libssh2 scp subsystem: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
return CURLE_AGAIN;
rc = libssh2_sftp_shutdown(sshc->sftp_session);
if((rc < 0) && data) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to stop libssh2 sftp subsystem: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
rc = libssh2_session_free(sshc->ssh_session);
if((rc < 0) && data) {
char *err_msg = NULL;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
infof(data, "Failed to free libssh2 session: %d %s", rc, err_msg);
}
if(!block && (rc == LIBSSH2_ERROR_EAGAIN))
return CURLE_OK;
}
-
/* BLOCKING, but the function is using the state machine so the only reason
this is still blocking is that the multi interface code has no support for
disconnecting operations that takes a while */
return result;
}
-
static CURLcode scp_done(struct Curl_easy *data, CURLcode status,
bool premature)
{
return CURLE_FAILED_INIT;
/* libssh2_channel_write() returns int! */
- nwritten = (ssize_t) libssh2_channel_write(sshc->ssh_channel,
- (const char *)mem, len);
+ nwritten = (ssize_t)libssh2_channel_write(sshc->ssh_channel,
+ (const char *)mem, len);
ssh_block2waitfor(data, sshc, (nwritten == LIBSSH2_ERROR_EAGAIN));
return CURLE_FAILED_INIT;
/* libssh2_channel_read() returns int */
- nread = (ssize_t) libssh2_channel_read(sshc->ssh_channel, mem, len);
+ nread = (ssize_t)libssh2_channel_read(sshc->ssh_channel, mem, len);
ssh_block2waitfor(data, sshc, (nread == LIBSSH2_ERROR_EAGAIN));
if(nread == LIBSSH2_ERROR_EAGAIN)
* the options previously setup.
*/
-static
-CURLcode sftp_perform(struct Curl_easy *data,
- bool *connected,
- bool *dophase_done)
+static CURLcode sftp_perform(struct Curl_easy *data,
+ bool *connected,
+ bool *dophase_done)
{
struct ssh_conn *sshc = Curl_conn_meta_get(data->conn, CURL_META_SSH_CONN);
CURLcode result = CURLE_OK;
sshc_cleanup(sshc, data, TRUE);
}
return result;
-
}
static CURLcode sftp_done(struct Curl_easy *data, CURLcode status,
static const char *sftp_libssh2_strerror(unsigned long err)
{
switch(err) {
- case LIBSSH2_FX_NO_SUCH_FILE:
- return "No such file or directory";
+ case LIBSSH2_FX_NO_SUCH_FILE:
+ return "No such file or directory";
- case LIBSSH2_FX_PERMISSION_DENIED:
- return "Permission denied";
+ case LIBSSH2_FX_PERMISSION_DENIED:
+ return "Permission denied";
- case LIBSSH2_FX_FAILURE:
- return "Operation failed";
+ case LIBSSH2_FX_FAILURE:
+ return "Operation failed";
- case LIBSSH2_FX_BAD_MESSAGE:
- return "Bad message from SFTP server";
+ case LIBSSH2_FX_BAD_MESSAGE:
+ return "Bad message from SFTP server";
- case LIBSSH2_FX_NO_CONNECTION:
- return "Not connected to SFTP server";
+ case LIBSSH2_FX_NO_CONNECTION:
+ return "Not connected to SFTP server";
- case LIBSSH2_FX_CONNECTION_LOST:
- return "Connection to SFTP server lost";
+ case LIBSSH2_FX_CONNECTION_LOST:
+ return "Connection to SFTP server lost";
- case LIBSSH2_FX_OP_UNSUPPORTED:
- return "Operation not supported by SFTP server";
+ case LIBSSH2_FX_OP_UNSUPPORTED:
+ return "Operation not supported by SFTP server";
- case LIBSSH2_FX_INVALID_HANDLE:
- return "Invalid handle";
+ case LIBSSH2_FX_INVALID_HANDLE:
+ return "Invalid handle";
- case LIBSSH2_FX_NO_SUCH_PATH:
- return "No such file or directory";
+ case LIBSSH2_FX_NO_SUCH_PATH:
+ return "No such file or directory";
- case LIBSSH2_FX_FILE_ALREADY_EXISTS:
- return "File already exists";
+ case LIBSSH2_FX_FILE_ALREADY_EXISTS:
+ return "File already exists";
- case LIBSSH2_FX_WRITE_PROTECT:
- return "File is write protected";
+ case LIBSSH2_FX_WRITE_PROTECT:
+ return "File is write protected";
- case LIBSSH2_FX_NO_MEDIA:
- return "No media";
+ case LIBSSH2_FX_NO_MEDIA:
+ return "No media";
- case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
- return "Disk full";
+ case LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM:
+ return "Disk full";
- case LIBSSH2_FX_QUOTA_EXCEEDED:
- return "User quota exceeded";
+ case LIBSSH2_FX_QUOTA_EXCEEDED:
+ return "User quota exceeded";
- case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
- return "Unknown principle";
+ case LIBSSH2_FX_UNKNOWN_PRINCIPLE:
+ return "Unknown principle";
- case LIBSSH2_FX_LOCK_CONFlICT:
- return "File lock conflict";
+ case LIBSSH2_FX_LOCK_CONFlICT:
+ return "File lock conflict";
- case LIBSSH2_FX_DIR_NOT_EMPTY:
- return "Directory not empty";
+ case LIBSSH2_FX_DIR_NOT_EMPTY:
+ return "Directory not empty";
- case LIBSSH2_FX_NOT_A_DIRECTORY:
- return "Not a directory";
+ case LIBSSH2_FX_NOT_A_DIRECTORY:
+ return "Not a directory";
- case LIBSSH2_FX_INVALID_FILENAME:
- return "Invalid filename";
+ case LIBSSH2_FX_INVALID_FILENAME:
+ return "Invalid filename";
- case LIBSSH2_FX_LINK_LOOP:
- return "Link points to itself";
+ case LIBSSH2_FX_LINK_LOOP:
+ return "Link points to itself";
}
return "Unknown error in libssh2";
}
#ifdef USE_LIBSSH
#if LIBSSH_VERSION_INT < SSH_VERSION_INT(0, 9, 0)
-# error "SCP/SFTP protocols require libssh 0.9.0 or later"
+#error "SCP/SFTP protocols require libssh 0.9.0 or later"
#endif
#endif
non-configure platforms */
#if !defined(LIBSSH2_VERSION_NUM) || (LIBSSH2_VERSION_NUM < 0x010208)
-# error "SCP/SFTP protocols require libssh2 1.2.8 or later"
+#error "SCP/SFTP protocols require libssh2 1.2.8 or later"
/* 1.2.8 was released on April 5 2011 */
#endif
#else
/* for non-SSH builds */
#define Curl_ssh_cleanup()
-#define Curl_ssh_attach(x,y)
+#define Curl_ssh_attach(x, y)
#define Curl_ssh_init() 0
#endif
/* Copy a separating '/' if homedir does not end with one */
len = curlx_dyn_len(&npath);
p = curlx_dyn_ptr(&npath);
- if(len && (p[len-1] != '/'))
+ if(len && (p[len - 1] != '/'))
copyfrom = 2;
if(curlx_dyn_addn(&npath, &working_path[copyfrom],
if(!curlx_dyn_len(&out))
goto fail;
-
}
else {
struct Curl_str word;
#if defined(HAVE_BUILTIN_AVAILABLE) && defined(SUPPORTS_SecOCSP)
if(ocsp_len > 0) {
if(__builtin_available(macOS 10.9, iOS 7, tvOS 9, watchOS 2, *)) {
- CFDataRef ocspdata =
- CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len);
+ CFDataRef ocspdata = CFDataCreate(NULL, ocsp_buf, (CFIndex)ocsp_len);
status = SecTrustSetOCSPResponse(trust, ocspdata);
CFRelease(ocspdata);
err_desc = curlx_malloc(size + 1);
if(err_desc) {
if(!CFStringGetCString(error_ref, err_desc, size,
- kCFStringEncodingUTF8)) {
+ kCFStringEncodingUTF8)) {
curlx_free(err_desc);
err_desc = NULL;
}
};
#define CS_LIST_LEN CURL_ARRAYSIZE(cs_list)
-static int cs_str_to_zip(const char *cs_str, size_t cs_len,
- uint8_t zip[6])
+static int cs_str_to_zip(const char *cs_str, size_t cs_len, uint8_t zip[6])
{
uint8_t indexes[8] = {0};
const char *entry, *cur;
/* determine the length of the part */
cur = nxt;
- for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++);
+ for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++)
+ ;
len = nxt - cur;
/* lookup index for the part (skip empty string at 0) */
if(idx == CS_TXT_LEN)
return -1;
- indexes[i++] = (uint8_t) idx;
+ indexes[i++] = (uint8_t)idx;
} while(nxt < end && *(nxt++) != '\0');
/* zip the 8 indexes into 48 bits */
- zip[0] = (uint8_t) (indexes[0] << 2 | (indexes[1] & 0x3F) >> 4);
- zip[1] = (uint8_t) (indexes[1] << 4 | (indexes[2] & 0x3F) >> 2);
- zip[2] = (uint8_t) (indexes[2] << 6 | (indexes[3] & 0x3F));
- zip[3] = (uint8_t) (indexes[4] << 2 | (indexes[5] & 0x3F) >> 4);
- zip[4] = (uint8_t) (indexes[5] << 4 | (indexes[6] & 0x3F) >> 2);
- zip[5] = (uint8_t) (indexes[6] << 6 | (indexes[7] & 0x3F));
+ zip[0] = (uint8_t)(indexes[0] << 2 | (indexes[1] & 0x3F) >> 4);
+ zip[1] = (uint8_t)(indexes[1] << 4 | (indexes[2] & 0x3F) >> 2);
+ zip[2] = (uint8_t)(indexes[2] << 6 | (indexes[3] & 0x3F));
+ zip[3] = (uint8_t)(indexes[4] << 2 | (indexes[5] & 0x3F) >> 4);
+ zip[4] = (uint8_t)(indexes[5] << 4 | (indexes[6] & 0x3F) >> 2);
+ zip[5] = (uint8_t)(indexes[6] << 6 | (indexes[7] & 0x3F));
return 0;
}
-static int cs_zip_to_str(const uint8_t zip[6],
- char *buf, size_t buf_size)
+static int cs_zip_to_str(const uint8_t zip[6], char *buf, size_t buf_size)
{
uint8_t indexes[8] = {0};
const char *entry;
static bool cs_is_separator(char c)
{
switch(c) {
- case ' ':
- case '\t':
- case ':':
- case ',':
- case ';':
- return TRUE;
- default:;
+ case ' ':
+ case '\t':
+ case ':':
+ case ',':
+ case ';':
+ return TRUE;
}
return FALSE;
}
uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end)
{
/* move string pointer to first non-separator or end of string */
- for(; cs_is_separator(*str[0]); (*str)++);
+ for(; cs_is_separator(*str[0]); (*str)++)
+ ;
/* move end pointer to next separator or end of string */
- for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++);
+ for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++)
+ ;
return Curl_cipher_suite_lookup_id(*str, *end - *str);
}
#ifdef GTLSDEBUG
static void tls_log_func(int level, const char *str)
{
- curl_mfprintf(stderr, "|<%d>| %s", level, str);
+ curl_mfprintf(stderr, "|<%d>| %s", level, str);
}
#endif
}
result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
- CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd",
- blen, result, nread);
+ CURL_TRC_CF(data, cf, "glts_pull(len=%zu) -> %d, %zd", blen, result, nread);
backend->gtls.io_result = result;
if(result) {
/* !checksrc! disable ERRNOVAR 1 */
}
#ifndef CURL_DISABLE_VERBOSE_STRINGS
-static void showtime(struct Curl_easy *data,
- const char *text,
- time_t stamp)
+static void showtime(struct Curl_easy *data, const char *text, time_t stamp)
{
struct tm buffer;
const struct tm *tm = &buffer;
f = curlx_fopen(file, "rb");
if(!f)
return loaded_file;
- if(fseek(f, 0, SEEK_END) != 0
- || (filelen = ftell(f)) < 0
- || fseek(f, 0, SEEK_SET) != 0
- || !(ptr = curlx_malloc((size_t)filelen)))
+ if(fseek(f, 0, SEEK_END) != 0 ||
+ (filelen = ftell(f)) < 0 ||
+ fseek(f, 0, SEEK_SET) != 0 ||
+ !(ptr = curlx_malloc((size_t)filelen)))
goto out;
if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
curlx_free(ptr);
curlx_free(data.data);
}
-
/* this function does an SSL/TLS (re-)handshake */
static CURLcode cf_gtls_handshake(struct Curl_cfilter *cf,
struct Curl_easy *data)
return strcmp(sc->CAfile, conn_config->CAfile);
}
-static struct gtls_shared_creds*
-gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data)
+static struct gtls_shared_creds *gtls_get_cached_creds(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct gtls_shared_creds *shared_creds;
if(data->multi) {
shared_creds = Curl_hash_pick(&data->multi->proto_hash,
CURL_UNCONST(MPROTO_GTLS_X509_KEY),
- sizeof(MPROTO_GTLS_X509_KEY)-1);
- if(shared_creds && shared_creds->creds &&
- !gtls_shared_creds_expired(data, shared_creds) &&
- !gtls_shared_creds_different(cf, shared_creds)) {
- return shared_creds;
- }
+ sizeof(MPROTO_GTLS_X509_KEY) - 1);
+ if(shared_creds && shared_creds->creds &&
+ !gtls_shared_creds_expired(data, shared_creds) &&
+ !gtls_shared_creds_different(cf, shared_creds)) {
+ return shared_creds;
+ }
}
return NULL;
}
static void gtls_shared_creds_hash_free(void *key, size_t key_len, void *p)
{
struct gtls_shared_creds *sc = p;
- DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY)-1));
+ DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_GTLS_X509_KEY, key, key_len));
(void)key;
(void)key_len;
return;
if(!Curl_hash_add2(&data->multi->proto_hash,
- CURL_UNCONST(MPROTO_GTLS_X509_KEY),
- sizeof(MPROTO_GTLS_X509_KEY)-1,
- sc, gtls_shared_creds_hash_free)) {
+ CURL_UNCONST(MPROTO_GTLS_X509_KEY),
+ sizeof(MPROTO_GTLS_X509_KEY) - 1,
+ sc, gtls_shared_creds_hash_free)) {
Curl_gtls_shared_creds_free(&sc); /* down reference again */
return;
}
if((conn_config->cipher_list[0] == '+') ||
(conn_config->cipher_list[0] == '-') ||
(conn_config->cipher_list[0] == '!')) {
- /* add it to out own */
+ /* add it to out own */
if(!curlx_dyn_len(&buf)) { /* not added yet */
result = curlx_dyn_add(&buf, priority);
if(result)
connssl->earlydata_state = ssl_earlydata_await;
connssl->state = ssl_connection_deferred;
result = Curl_alpn_set_negotiated(cf, data, connssl,
- (const unsigned char *)scs->alpn,
- scs->alpn ? strlen(scs->alpn) : 0);
+ (const unsigned char *)scs->alpn,
+ scs->alpn ? strlen(scs->alpn) : 0);
*do_early_data = !result;
}
return result;
return result;
}
-static CURLcode
-gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode gtls_connect_step1(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
return result;
}
-void Curl_gtls_report_handshake(struct Curl_easy *data,
- struct gtls_ctx *gctx)
+void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(Curl_trc_is_verbose(data)) {
CURLcode result;
result = Curl_vtls_apple_verify(cf, data, peer, chain->num_certs,
- gtls_chain_get_der, chain,
- NULL, 0);
+ gtls_chain_get_der, chain, NULL, 0);
*pverified = !result;
if(*pverified)
infof(data, " SSL certificate verified by Apple SecTrust.");
}
#endif /* USE_APPLE_SECTRUST */
-CURLcode
-Curl_gtls_verifyserver(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- gnutls_session_t session,
- struct ssl_primary_config *config,
- struct ssl_config_data *ssl_config,
- struct ssl_peer *peer,
- const char *pinned_key)
+CURLcode Curl_gtls_verifyserver(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ gnutls_session_t session,
+ struct ssl_primary_config *config,
+ struct ssl_config_data *ssl_config,
+ struct ssl_peer *peer,
+ const char *pinned_key)
{
struct gtls_cert_chain chain;
gnutls_x509_crt_t x509_cert = NULL, x509_issuer = NULL;
goto out;
for(i = 0; i < chain.num_certs; i++) {
- const char *beg = (const char *) chain.certs[i].data;
+ const char *beg = (const char *)chain.certs[i].data;
const char *end = beg + chain.certs[i].size;
result = Curl_extract_certinfo(data, (int)i, beg, end);
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
- (struct gtls_ssl_backend_data *)connssl->backend;
+ (struct gtls_ssl_backend_data *)connssl->backend;
CURLcode result = CURLE_OK;
const unsigned char *buf;
size_t blen;
backend->gtls.io_result = CURLE_OK;
while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) {
n = gnutls_record_send_early_data(backend->gtls.session, buf, blen);
- CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd",
- blen, n);
+ CURL_TRC_CF(data, cf, "gtls_send_earlydata(len=%zu) -> %zd", blen, n);
if(n < 0) {
if(n == GNUTLS_E_AGAIN)
result = CURLE_AGAIN;
{
struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
- (struct gtls_ssl_backend_data *)connssl->backend;
+ (struct gtls_ssl_backend_data *)connssl->backend;
CURLcode result = CURLE_OK;
DEBUGASSERT(backend);
size_t i;
DEBUGASSERT(backend);
- /* If we have no handshaked connection or already shut down */
+ /* If we have no handshaked connection or already shut down */
if(!backend->gtls.session || cf->shutdown ||
connssl->state != ssl_connection_complete) {
*done = TRUE;
size_t quic_tp_len);
/* Report properties of a successful handshake */
-void Curl_gtls_report_handshake(struct Curl_easy *data,
- struct gtls_ctx *gctx);
+void Curl_gtls_report_handshake(struct Curl_easy *data, struct gtls_ctx *gctx);
extern const struct Curl_ssl Curl_ssl_gnutls;
DEBUGASSERT(hostlen);
/* normalize pattern and hostname by stripping off trailing dots */
- if(hostname[hostlen-1]=='.')
+ if(hostname[hostlen - 1] == '.')
hostlen--;
- if(pattern[patternlen-1]=='.')
+ if(pattern[patternlen - 1] == '.')
patternlen--;
if(strncmp(pattern, "*.", 2))
/* The fp for the open SSLKEYLOGFILE, or NULL if not open */
static FILE *keylog_file_fp;
-void
-Curl_tls_keylog_open(void)
+void Curl_tls_keylog_open(void)
{
char *keylog_file_name;
}
}
-void
-Curl_tls_keylog_close(void)
+void Curl_tls_keylog_close(void)
{
if(keylog_file_fp) {
curlx_fclose(keylog_file_fp);
}
}
-bool
-Curl_tls_keylog_enabled(void)
+bool Curl_tls_keylog_enabled(void)
{
return keylog_file_fp != NULL;
}
-bool
-Curl_tls_keylog_write_line(const char *line)
+bool Curl_tls_keylog_write_line(const char *line)
{
/* The current maximum valid keylog line length LF and NUL is 195. */
size_t linelen;
return TRUE;
}
-bool
-Curl_tls_keylog_write(const char *label,
- const unsigned char client_random[CLIENT_RANDOM_SIZE],
- const unsigned char *secret, size_t secretlen)
+bool Curl_tls_keylog_write(const char *label,
+ const unsigned char client_random[CLIENT_RANDOM_SIZE],
+ const unsigned char *secret, size_t secretlen)
{
size_t pos, i;
unsigned char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER < 0x03020000
- #error "mbedTLS 3.2.0 or later required"
+#error "mbedTLS 3.2.0 or later required"
#endif
#include <psa/crypto_config.h>
#include <mbedtls/net_sockets.h>
/* ALPN for http2 */
#if defined(USE_HTTP2) && defined(MBEDTLS_SSL_ALPN)
-# define HAS_ALPN_MBEDTLS
+#define HAS_ALPN_MBEDTLS
#endif
struct mbed_ssl_backend_data {
#endif
#ifndef MBEDTLS_ERROR_C
-#define mbedtls_strerror(a,b,c) b[0] = 0
+#define mbedtls_strerror(a, b, c) b[0] = 0
#endif
#if defined(CURL_MBEDTLS_DRBG) && defined(HAS_THREADING_SUPPORT)
/*
* profile
*/
-static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr =
-{
+static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = {
/* Hashes from SHA-1 and above */
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
cipher suite present in other SSL implementations. Provide
provisional support for specifying the cipher suite here. */
#ifdef MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
-static int
-mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
- bool prefer_rfc)
+static int mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
+ bool prefer_rfc)
{
if(id == MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8)
curl_msnprintf(buf, buf_size, "%s", "TLS_ECJPAKE_WITH_AES_128_CCM_8");
return 0;
}
-static uint16_t
-mbed_cipher_suite_walk_str(const char **str, const char **end)
+static uint16_t mbed_cipher_suite_walk_str(const char **str, const char **end)
{
uint16_t id = Curl_cipher_suite_walk_str(str, end);
size_t len = *end - *str;
const char *ptr, *end;
supported = mbedtls_ssl_list_ciphersuites();
- for(i = 0; supported[i] != 0; i++);
+ for(i = 0; supported[i] != 0; i++)
+ ;
supported_len = i;
selected = curlx_malloc(sizeof(int) * (supported_len + 1));
if(!ciphers13) {
/* Add default TLSv1.3 ciphers to selection */
for(j = 0; j < supported_len; j++) {
- uint16_t id = (uint16_t) supported[j];
+ uint16_t id = (uint16_t)supported[j];
if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) != 0)
continue;
/* Check if cipher is supported */
if(id) {
- for(i = 0; i < supported_len && supported[i] != id; i++);
+ for(i = 0; i < supported_len && supported[i] != id; i++)
+ ;
if(i == supported_len)
id = 0;
}
if(!id) {
if(ptr[0] != '\0')
infof(data, "mbedTLS: unknown cipher in list: \"%.*s\"",
- (int) (end - ptr), ptr);
+ (int)(end - ptr), ptr);
continue;
}
/* No duplicates allowed (so selected cannot overflow) */
- for(i = 0; i < count && selected[i] != id; i++);
+ for(i = 0; i < count && selected[i] != id; i++)
+ ;
if(i < count) {
if(i >= default13_count)
infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"",
- (int) (end - ptr), ptr);
+ (int)(end - ptr), ptr);
continue;
}
if(!ciphers12) {
/* Add default TLSv1.2 ciphers to selection */
for(j = 0; j < supported_len; j++) {
- uint16_t id = (uint16_t) supported[j];
+ uint16_t id = (uint16_t)supported[j];
if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) == 0)
continue;
/* No duplicates allowed (so selected cannot overflow) */
- for(i = 0; i < count && selected[i] != id; i++);
+ for(i = 0; i < count && selected[i] != id; i++)
+ ;
if(i < count)
continue;
return CURLE_OK;
}
-static void
-mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt)
+static void mbed_dump_cert_info(struct Curl_easy *data,
+ const mbedtls_x509_crt *crt)
{
#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(MBEDTLS_X509_REMOVE_INFO)
(void)data, (void)crt;
infof(data, "Server certificate:");
for(p = buffer; *p; p += *p != '\0') {
size_t s = strcspn(p, "\n");
- infof(data, "%.*s", (int) s, p);
+ infof(data, "%.*s", (int)s, p);
p += s;
}
}
#endif
}
-static void
-mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt)
+static void mbed_extract_certinfo(struct Curl_easy *data,
+ const mbedtls_x509_crt *crt)
{
CURLcode result;
const mbedtls_x509_crt *cur;
result = Curl_ssl_init_certinfo(data, cert_count);
for(i = 0, cur = crt; result == CURLE_OK && cur; ++i, cur = cur->next) {
- const char *beg = (const char *) cur->raw.p;
+ const char *beg = (const char *)cur->raw.p;
const char *end = beg + cur->raw.len;
result = Curl_extract_certinfo(data, i, beg, end);
}
static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt,
int depth, uint32_t *flags)
{
- struct Curl_cfilter *cf = (struct Curl_cfilter *) ptr;
+ struct Curl_cfilter *cf = (struct Curl_cfilter *)ptr;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
struct Curl_easy *data = CF_DATA_CURRENT(cf);
return 0;
}
-static CURLcode
-mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode mbed_connect_step1(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
return CURLE_OK;
}
-static CURLcode
-mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode mbed_connect_step2(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
CURLcode result;
int ret;
{
char cipher_str[64];
uint16_t cipher_id;
- cipher_id = (uint16_t)
- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
+ cipher_id =
+ (uint16_t)mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), TRUE);
infof(data, "mbedTLS: %s Handshake complete, cipher is %s",
mbedtls_ssl_get_version(&backend->ssl), cipher_str);
return CURLE_OK;
}
-static CURLcode
-mbed_new_session(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode mbed_new_session(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
}
static CURLcode mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data,
- const void *mem, size_t len,
- size_t *pnwritten)
+ const void *mem, size_t len, size_t *pnwritten)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
}
static CURLcode mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
- char *buf, size_t buffersize,
- size_t *pnread)
+ char *buf, size_t buffersize, size_t *pnread)
{
struct ssl_connect_data *connssl = cf->ctx;
struct mbed_ssl_backend_data *backend =
***************************************************************************/
#include "../curl_setup.h"
-#if defined(USE_MBEDTLS) && \
- ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
- defined(_WIN32))
+#if defined(USE_MBEDTLS) && \
+ ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32))
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
# include <pthread.h>
#ifdef USE_MBEDTLS
-#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
- defined(_WIN32)
+#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || defined(_WIN32)
int Curl_mbedtlsthreadlock_thread_setup(void);
int Curl_mbedtlsthreadlock_thread_cleanup(void);
#define OSSL_PACKAGE "BoringSSL"
#elif defined(OPENSSL_IS_AWSLC)
#define OSSL_PACKAGE "AWS-LC"
-#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
+#elif defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
!defined(OPENSSL_QUIC_API2)
#define OSSL_PACKAGE "quictls"
#else
return push_certinfo(data, mem, namebuf, num);
}
-#define print_pubkey_BN(_type, _name, _num) \
+#define print_pubkey_BN(_type, _name, _num) \
pubkey_show(data, mem, _num, #_type, #_name, _name)
static int asn1_object_dump(const ASN1_OBJECT *a, char *buf, size_t len)
* ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
* OpenSSL being used does not have native support for doing that.
*/
-static void
-ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
+static void ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
{
const SSL_SESSION *session;
unsigned char client_random[SSL3_RANDOM_SIZE];
return buf;
}
-static int passwd_callback(char *buf, int num, int encrypting,
- void *password)
+static int passwd_callback(char *buf, int num, int encrypting, void *password)
{
DEBUGASSERT(encrypting == 0);
}
else if(type == SSL_FILETYPE_PEM) {
/* ERR_R_PEM_LIB; */
- x = PEM_read_bio_X509(in, NULL,
- passwd_callback, CURL_UNCONST(key_passwd));
+ x = PEM_read_bio_X509(in, NULL, passwd_callback, CURL_UNCONST(key_passwd));
}
else {
ret = 0;
return ret;
}
-static int
-use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
- const char *key_passwd)
+static int use_certificate_chain_blob(SSL_CTX *ctx,
+ const struct curl_blob *blob,
+ const char *key_passwd)
{
int ret = 0;
X509 *x = NULL;
}
while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
- CURL_UNCONST(key_passwd)))
- != NULL) {
+ CURL_UNCONST(key_passwd))) != NULL) {
if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
X509_free(ca);
}
if(data->state.engine) {
- UI_METHOD *ui_method =
- UI_create_method("curl user interface");
+ UI_METHOD *ui_method = UI_create_method("curl user interface");
if(!ui_method) {
failf(data, "unable to create " OSSL_PACKAGE " user-interface method");
return 0;
EVP_PKEY *priv_key = NULL;
OSSL_STORE_CTX *store = NULL;
OSSL_STORE_INFO *info = NULL;
- UI_METHOD *ui_method =
- UI_create_method("curl user interface");
+ UI_METHOD *ui_method = UI_create_method("curl user interface");
if(!ui_method) {
failf(data, "unable to create " OSSL_PACKAGE " user-interface method");
return 0;
/* Load the certificate from the engine */
if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
0, ¶ms, NULL, 1)) {
- failf(data, "ssl engine cannot load client cert with id"
- " '%s' [%s]", cert_file,
+ failf(data, "ssl engine cannot load client cert with id '%s' [%s]",
+ cert_file,
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)));
return 0;
}
if(!params.cert) {
- failf(data, "ssl engine did not initialized the certificate "
- "properly.");
+ failf(data, "ssl engine did not initialized the certificate properly.");
return 0;
}
if(cert_blob) {
cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
if(!cert_bio) {
- failf(data,
- "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
+ failf(data, "BIO_new_mem_buf NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
else {
cert_bio = BIO_new(BIO_s_file());
if(!cert_bio) {
- failf(data,
- "BIO_new return NULL, " OSSL_PACKAGE " error %s",
+ failf(data, "BIO_new return NULL, " OSSL_PACKAGE " error %s",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)) );
return 0;
}
if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) {
- failf(data,
- "could not parse PKCS12 file, check password, " OSSL_PACKAGE
+ failf(data, "could not parse PKCS12 file, check password, " OSSL_PACKAGE
" error %s",
- ossl_strerror(ERR_get_error(), error_buffer,
- sizeof(error_buffer)) );
+ ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
PKCS12_free(p12);
return 0;
}
PKCS12_free(p12);
if(SSL_CTX_use_certificate(ctx, x509) != 1) {
- failf(data,
- "could not load PKCS12 client certificate, " OSSL_PACKAGE
+ failf(data, "could not load PKCS12 client certificate, " OSSL_PACKAGE
" error %s",
- ossl_strerror(ERR_get_error(), error_buffer,
- sizeof(error_buffer)) );
+ ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
goto fail;
}
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
- failf(data, "unable to use private key from PKCS12 file '%s'",
- cert_file);
+ failf(data, "unable to use private key from PKCS12 file '%s'", cert_file);
goto fail;
}
"(no key found, wrong passphrase, or wrong file format?)",
(cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
ossl_strerror(ERR_get_error(), error_buffer,
- sizeof(error_buffer)) );
+ sizeof(error_buffer)));
return CURLE_SSL_CERTPROBLEM;
}
break;
"(no key found, wrong passphrase, or wrong file format?)",
(cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
ossl_strerror(ERR_get_error(), error_buffer,
- sizeof(error_buffer)) );
+ sizeof(error_buffer)));
return CURLE_SSL_CERTPROBLEM;
}
break;
return CURLE_OK;
}
- data->state.provider =
- OSSL_PROVIDER_try_load(data->state.libctx, name, 1);
+ data->state.provider = OSSL_PROVIDER_try_load(data->state.libctx, name, 1);
if(!data->state.provider) {
char error_buffer[256];
failf(data, "Failed to initialize provider: %s",
- ossl_strerror(ERR_get_error(), error_buffer,
- sizeof(error_buffer)));
+ ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
ossl_provider_cleanup(data);
return CURLE_SSL_ENGINE_NOTFOUND;
}
/* load the base provider as well */
- data->state.baseprov =
- OSSL_PROVIDER_try_load(data->state.libctx, "base", 1);
+ data->state.baseprov = OSSL_PROVIDER_try_load(data->state.libctx, "base", 1);
if(!data->state.baseprov) {
ossl_provider_cleanup(data);
failf(data, "Failed to load base");
}
#endif
-
static CURLcode ossl_shutdown(struct Curl_cfilter *cf,
struct Curl_easy *data,
bool send_shutdown, bool *done)
if(check->type == target) {
/* get data and length */
const char *altptr = (const char *)ASN1_STRING_get0_data(check->d.ia5);
- size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+ size_t altlen = (size_t)ASN1_STRING_length(check->d.ia5);
switch(target) {
case GEN_DNS: /* name/pattern comparison */
our server IP address is */
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
matched = TRUE;
- infof(data,
- " subjectAltName: \"%s\" matches cert's IP address!",
+ infof(data, " subjectAltName: \"%s\" matches cert's IP address!",
peer->dispname);
}
break;
/* error already detected, pass through */
;
else if(!cn) {
- failf(data,
- "SSL: unable to obtain common name from peer certificate");
+ failf(data, "SSL: unable to obtain common name from peer certificate");
result = CURLE_PEER_FAILED_VERIFICATION;
}
else if(!Curl_cert_hostcheck((const char *)cn, cnlen,
*/
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
{
- struct Curl_cfilter *cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);
+ struct Curl_cfilter *cf = (struct Curl_cfilter *)SSL_get_app_data(ssl);
if(cf) {
struct Curl_easy *data = CF_DATA_CURRENT(cf);
struct ssl_connect_data *connssl = cf->ctx;
failf(data, "error loading CRL file: %s", ssl_crlfile);
return CURLE_SSL_CRL_BADFILE;
}
- x509flags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ x509flags = X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
infof(data, " CRLfile: %s", ssl_crlfile);
}
}
/* key to use at `multi->proto_hash` */
-#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share"
+#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share"
struct ossl_x509_share {
char *CAfile; /* CAfile path used to generate X509 store */
static void oss_x509_share_free(void *key, size_t key_len, void *p)
{
struct ossl_x509_share *share = p;
- DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1));
+ DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len));
(void)key;
(void)key_len;
curlx_free(share);
}
-static bool
-ossl_cached_x509_store_expired(const struct Curl_easy *data,
- const struct ossl_x509_share *mb)
+static bool ossl_cached_x509_store_expired(const struct Curl_easy *data,
+ const struct ossl_x509_share *mb)
{
const struct ssl_general_config *cfg = &data->set.general_ssl;
if(cfg->ca_cache_timeout < 0)
}
}
-static bool
-ossl_cached_x509_store_different(struct Curl_cfilter *cf,
- const struct ossl_x509_share *mb)
+static bool ossl_cached_x509_store_different(struct Curl_cfilter *cf,
+ const struct ossl_x509_share *mb)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
if(!mb->CAfile || !conn_config->CAfile)
*pempty = TRUE;
share = multi ? Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
- sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL;
+ sizeof(MPROTO_OSSL_X509_KEY) - 1) : NULL;
if(share && share->store &&
!ossl_cached_x509_store_expired(data, share) &&
!ossl_cached_x509_store_different(cf, share)) {
return;
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
- sizeof(MPROTO_OSSL_X509_KEY)-1);
+ sizeof(MPROTO_OSSL_X509_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
return;
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_OSSL_X509_KEY),
- sizeof(MPROTO_OSSL_X509_KEY)-1,
+ sizeof(MPROTO_OSSL_X509_KEY) - 1,
share, oss_x509_share_free)) {
curlx_free(share);
return;
if(data->set.tls_ech & CURLECH_HARD)
return result;
}
- if(SSL_set1_ech_config_list(octx->ssl, ech_config,
- ech_config_len) != 1) {
+ if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) {
infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
if(data->set.tls_ech & CURLECH_HARD) {
curlx_free(ech_config);
curlx_free(ech_config);
trying_ech_now = 1;
# else
- ech_config = (unsigned char *) data->set.str[STRING_ECH_CONFIG];
+ ech_config = (unsigned char *)data->set.str[STRING_ECH_CONFIG];
if(!ech_config) {
infof(data, "ECH: ECHConfig from command line empty");
return CURLE_SSL_CONNECT_ERROR;
}
ech_config_len = strlen(data->set.str[STRING_ECH_CONFIG]);
- if(SSL_set1_ech_config_list(octx->ssl, ech_config,
- ech_config_len) != 1) {
+ if(SSL_set1_ech_config_list(octx->ssl, ech_config, ech_config_len) != 1) {
infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
if(data->set.tls_ech & CURLECH_HARD)
return CURLE_SSL_CONNECT_ERROR;
infof(data, "ECH: inner: '%s', outer: '%s'",
peer->hostname ? peer->hostname : "NULL", outername);
result = SSL_ech_set1_server_names(octx->ssl,
- peer->hostname, outername,
- 0 /* do send outer */);
+ peer->hostname, outername,
+ 0 /* do send outer */);
if(result != 1) {
infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result);
return CURLE_SSL_CONNECT_ERROR;
}
}
# endif /* HAVE_BORINGSSL_LIKE */
- if(trying_ech_now
- && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
+ if(trying_ech_now &&
+ SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
return CURLE_SSL_CONNECT_ERROR;
}
}
#endif /* USE_ECH_OPENSSL */
-
static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
struct Curl_cfilter *cf,
struct Curl_easy *data,
return *pmethod ? CURLE_OK : CURLE_SSL_CONNECT_ERROR;
}
-
CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
struct Curl_cfilter *cf,
struct Curl_easy *data,
/* "--tlsv<x.y>" options mean TLS >= version <x.y> */
case CURL_SSLVERSION_DEFAULT:
- case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
+ case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
return result;
}
-void Curl_ossl_report_handshake(struct Curl_easy *data,
- struct ossl_ctx *octx)
+void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
if(Curl_trc_is_verbose(data)) {
(void)data;
(void)octx;
#endif /* CURL_DISABLE_VERBOSE_STRINGS */
-
}
static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
#ifdef USE_ECH_OPENSSL
/* If we have retry configs, then trace those out */
-static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl,
+static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL *ssl,
int reason)
{
CURLcode result = CURLE_OK;
else {
/* untreated error */
sslerr_t errdetail;
- char error_buffer[256]="";
+ char error_buffer[256] = "";
CURLcode result;
long lerr;
int lib;
* the SO_ERROR is also lost.
*/
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
- char extramsg[80]="";
+ char extramsg[80] = "";
int sockerr = SOCKERRNO;
if(sockerr && detail == SSL_ERROR_SYSCALL)
break;
default:
status = "unexpected status";
- infof(data, "ECH: unexpected status %d",rv);
+ infof(data, "ECH: unexpected status %d", rv);
}
infof(data, "ECH: result: status is %s, inner is %s, outer is %s",
(status ? status : "NULL"),
* Heavily modified from:
* https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
*/
-static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
+static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509 *cert,
const char *pinnedpubkey)
{
/* Scratch */
type_name = NULL;
#endif
- infof(data,
- " Certificate level %d: "
+ infof(data, " Certificate level %d: "
"Public key type %s%s (%d/%d Bits/secBits), signed using %s",
cert_level, type_name ? type_name : "?",
get_group_name == 0 ? "" : group_name_final,
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
X509 *issuer = NULL;
BIO *fp = NULL;
- char err_buf[256]="";
+ char err_buf[256] = "";
bool verify_enabled = (conn_config->verifypeer || conn_config->verifyhost);
CURLcode result = CURLE_OK;
infof(data, " subject: %s", result ? "[NONE]" : curlx_dyn_ptr(&dname));
ASN1_TIME_print(mem, X509_get0_notBefore(server_cert));
- len = BIO_get_mem_data(mem, (char **) &buf);
+ len = BIO_get_mem_data(mem, (char **)&buf);
infof(data, " start date: %.*s", (int)len, buf);
(void)BIO_reset(mem);
ASN1_TIME_print(mem, X509_get0_notAfter(server_cert));
- len = BIO_get_mem_data(mem, (char **) &buf);
+ len = BIO_get_mem_data(mem, (char **)&buf);
infof(data, " expire date: %.*s", (int)len, buf);
(void)BIO_reset(mem);
result = CURLE_AGAIN;
octx->blocked_ssl_write_len = memlen;
goto out;
- case SSL_ERROR_SYSCALL:
- {
+ case SSL_ERROR_SYSCALL: {
int sockerr = SOCKERRNO;
if(octx->io_result == CURLE_AGAIN) {
struct ssl_peer *peer);
/* Report properties of a successful handshake */
-void Curl_ossl_report_handshake(struct Curl_easy *data,
- struct ossl_ctx *octx);
+void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx);
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */
#include "cipher_suite.h"
#include "x509asn1.h"
-struct rustls_ssl_backend_data
-{
+struct rustls_ssl_backend_data {
const struct rustls_client_config *config;
struct rustls_connection *conn;
size_t plain_out_buffered;
return CURLE_PEER_FAILED_VERIFICATION;
}
switch(r) {
- case RUSTLS_RESULT_OK:
- return CURLE_OK;
- case RUSTLS_RESULT_NULL_PARAMETER:
- return CURLE_BAD_FUNCTION_ARGUMENT;
- default:
- return CURLE_RECV_ERROR;
+ case RUSTLS_RESULT_OK:
+ return CURLE_OK;
+ case RUSTLS_RESULT_NULL_PARAMETER:
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ default:
+ return CURLE_RECV_ERROR;
}
}
-static void
-rustls_failf(struct Curl_easy *data, const rustls_result rr, const char *msg)
+static void rustls_failf(struct Curl_easy *data, const rustls_result rr,
+ const char *msg)
{
char errorbuf[STRERROR_LEN];
size_t errorlen;
failf(data, "%s: %.*s", msg, (int)errorlen, errorbuf);
}
-static bool
-cr_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data)
+static bool cr_data_pending(struct Curl_cfilter *cf,
+ const struct Curl_easy *data)
{
const struct ssl_connect_data *ctx = cf->ctx;
struct rustls_ssl_backend_data *backend;
struct Curl_easy *data;
};
-static int
-read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n)
+static int read_cb(void *userdata, uint8_t *buf, uintptr_t len,
+ uintptr_t *out_n)
{
const struct io_ctx *io_ctx = userdata;
- struct ssl_connect_data *const connssl = io_ctx->cf->ctx;
+ struct ssl_connect_data * const connssl = io_ctx->cf->ctx;
CURLcode result;
int ret = 0;
size_t nread;
return ret;
}
-static int
-write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n)
+static int write_cb(void *userdata, const uint8_t *buf, uintptr_t len,
+ uintptr_t *out_n)
{
const struct io_ctx *io_ctx = userdata;
CURLcode result;
static ssize_t tls_recv_more(struct Curl_cfilter *cf,
struct Curl_easy *data, CURLcode *err)
{
- const struct ssl_connect_data *const connssl = cf->ctx;
- struct rustls_ssl_backend_data *const backend =
+ const struct ssl_connect_data * const connssl = cf->ctx;
+ struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct io_ctx io_ctx;
size_t tls_bytes_read = 0;
* Filter receive method implementation. `plainbuf` and `plainlen`
* are always not NULL/0.
*/
-static CURLcode
-cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
- char *plainbuf, size_t plainlen, size_t *pnread)
+static CURLcode cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ char *plainbuf, size_t plainlen, size_t *pnread)
{
- const struct ssl_connect_data *const connssl = cf->ctx;
- struct rustls_ssl_backend_data *const backend =
+ const struct ssl_connect_data * const connssl = cf->ctx;
+ struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct rustls_connection *rconn = NULL;
CURLcode result = CURLE_OK;
* In that case, it will not read anything into Rustls' plaintext input buffer.
* It will only drain Rustls' plaintext output buffer into the socket.
*/
-static CURLcode
-cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
- const void *plainbuf, size_t plainlen, size_t *pnwritten)
+static CURLcode cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+ const void *plainbuf, size_t plainlen,
+ size_t *pnwritten)
{
- const struct ssl_connect_data *const connssl = cf->ctx;
- struct rustls_ssl_backend_data *const backend =
+ const struct ssl_connect_data * const connssl = cf->ctx;
+ struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
struct rustls_connection *rconn = NULL;
size_t plainwritten = 0;
/* A server certificate verify callback for Rustls that always returns
RUSTLS_RESULT_OK, or in other words disable certificate verification. */
-static uint32_t
-cr_verify_none(void *userdata,
- const rustls_verify_server_cert_params *params)
+static uint32_t cr_verify_none(void *userdata,
+ const rustls_verify_server_cert_params *params)
{
(void)userdata;
(void)params;
return RUSTLS_RESULT_OK;
}
-static int
-read_file_into(const char *filename,
- struct dynbuf *out)
+static int read_file_into(const char *filename, struct dynbuf *out)
{
FILE *f = curlx_fopen(filename, FOPEN_READTEXT);
if(!f) {
if(!id) {
if(ptr[0] != '\0')
infof(data, "rustls: unknown cipher in list: \"%.*s\"",
- (int) (end - ptr), ptr);
+ (int)(end - ptr), ptr);
continue;
}
/* No duplicates allowed (so selected cannot overflow) */
- for(i = 0; i < count && selected[i] != entry; i++);
+ for(i = 0; i < count && selected[i] != entry; i++)
+ ;
if(i < count) {
if(i >= default13_count)
infof(data, "rustls: duplicate cipher in list: \"%.*s\"",
- (int) (end - ptr), ptr);
+ (int)(end - ptr), ptr);
continue;
}
continue;
/* No duplicates allowed (so selected cannot overflow) */
- for(i = 0; i < count && selected[i] != entry; i++);
+ for(i = 0; i < count && selected[i] != entry; i++)
+ ;
if(i < count)
continue;
*selected_size = count;
}
-static void
-cr_keylog_log_cb(struct rustls_str label,
- const uint8_t *client_random, size_t client_random_len,
- const uint8_t *secret, size_t secret_len)
+static void cr_keylog_log_cb(struct rustls_str label,
+ const uint8_t *client_random,
+ size_t client_random_len, const uint8_t *secret,
+ size_t secret_len)
{
char clabel[KEYLOG_LABEL_MAXLEN];
(void)client_random_len;
const struct rustls_crypto_provider *custom_provider = NULL;
uint16_t tls_versions[2] = {
- RUSTLS_TLS_VERSION_TLSV1_2,
- RUSTLS_TLS_VERSION_TLSV1_3,
+ RUSTLS_TLS_VERSION_TLSV1_2,
+ RUSTLS_TLS_VERSION_TLSV1_3,
};
size_t tls_versions_len = 2;
- size_t cipher_suites_len =
- rustls_default_crypto_provider_ciphersuites_len();
+ size_t cipher_suites_len = rustls_default_crypto_provider_ciphersuites_len();
CURLcode result = CURLE_OK;
rustls_result rr;
&custom_provider_builder);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr,
- "failed to create crypto provider builder from default");
+ "failed to create crypto provider builder from default");
result = CURLE_SSL_CIPHER;
goto cleanup;
}
cipher_suites_len);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr,
- "failed to set ciphersuites for crypto provider builder");
+ "failed to set ciphersuites for crypto provider builder");
result = CURLE_SSL_CIPHER;
goto cleanup;
}
- rr = rustls_crypto_provider_builder_build(
- custom_provider_builder, &custom_provider);
+ rr = rustls_crypto_provider_builder_build(custom_provider_builder,
+ &custom_provider);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to build custom crypto provider");
result = CURLE_SSL_CIPHER;
}
rr = rustls_client_config_builder_new_custom(custom_provider,
- tls_versions,
- tls_versions_len,
- config_builder);
+ tls_versions,
+ tls_versions_len,
+ config_builder);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to create client config builder");
result = CURLE_SSL_CIPHER;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
}
-static CURLcode
-init_config_builder_verifier_crl(
+static CURLcode init_config_builder_verifier_crl(
struct Curl_easy *data,
const struct ssl_primary_config *conn_config,
struct rustls_web_pki_server_cert_verifier_builder *builder)
1);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to parse trusted certificates from blob");
-
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
1);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to load trusted certificates");
-
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
if(conn_config->CRLfile) {
result = init_config_builder_verifier_crl(data,
- conn_config,
- verifier_builder);
+ conn_config,
+ verifier_builder);
if(result) {
goto cleanup;
}
return result;
}
-static CURLcode
-init_config_builder_platform_verifier(
+static CURLcode init_config_builder_platform_verifier(
struct Curl_easy *data,
struct rustls_client_config_builder *builder)
{
rr = rustls_certified_key_keys_match(certified_key);
if(rr != RUSTLS_RESULT_OK) {
- rustls_failf(data,
- rr,
+ rustls_failf(data, rr,
"rustls: client certificate and keypair files do not match:");
-
result = CURLE_SSL_CERTPROBLEM;
goto cleanup;
}
}
#endif /* USE_ECH */
-static CURLcode
-cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
- struct rustls_ssl_backend_data *const backend)
+static CURLcode cr_init_backend(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct rustls_ssl_backend_data * const backend)
{
const struct ssl_connect_data *connssl = cf->ctx;
const struct ssl_primary_config *conn_config =
return result;
}
- rr = rustls_client_config_builder_build(
- config_builder,
- &backend->config);
+ rr = rustls_client_config_builder_build(config_builder, &backend->config);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "failed to build client config");
return CURLE_SSL_CONNECT_ERROR;
return result;
}
-static void
-cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data,
- const struct rustls_connection *rconn)
+static void cr_set_negotiated_alpn(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ const struct rustls_connection *rconn)
{
- struct ssl_connect_data *const connssl = cf->ctx;
+ struct ssl_connect_data * const connssl = cf->ctx;
const uint8_t *protocol = NULL;
size_t len = 0;
* This function will set `*done` to true once the handshake is complete.
* This function never reads the value of `*done*`.
*/
-static CURLcode
-cr_connect(struct Curl_cfilter *cf,
- struct Curl_easy *data, bool *done)
+static CURLcode cr_connect(struct Curl_cfilter *cf, struct Curl_easy *data,
+ bool *done)
{
- struct ssl_connect_data *const connssl = cf->ctx;
- const struct rustls_ssl_backend_data *const backend =
+ struct ssl_connect_data * const connssl = cf->ctx;
+ const struct rustls_ssl_backend_data * const backend =
(struct rustls_ssl_backend_data *)connssl->backend;
const struct rustls_connection *rconn = NULL;
CURLcode tmperr = CURLE_OK;
/* Read/write data until the handshake is done or the socket would block. */
for(;;) {
/*
- * Connection has been established according to Rustls. Set send/recv
- * handlers, and update the state machine.
- */
+ * Connection has been established according to Rustls. Set send/recv
+ * handlers, and update the state machine.
+ */
connssl->io_need = CURL_SSL_IO_NEED_NONE;
if(!rustls_connection_is_handshaking(rconn)) {
/* Rustls claims it is no longer handshaking *before* it has
}
/* REALLY Done with the handshake. */
{
- const uint16_t proto =
- rustls_connection_get_protocol_version(rconn);
+ const uint16_t proto = rustls_connection_get_protocol_version(rconn);
const rustls_str ciphersuite_name =
rustls_connection_get_negotiated_ciphersuite_name(rconn);
const rustls_str kex_group_name =
DEBUGASSERT(FALSE);
}
-static void *
-cr_get_internals(struct ssl_connect_data *connssl,
- CURLINFO info)
+static void *cr_get_internals(struct ssl_connect_data *connssl, CURLINFO info)
{
struct rustls_ssl_backend_data *backend =
(struct rustls_ssl_backend_data *)connssl->backend;
return backend->conn;
}
-static CURLcode
-cr_shutdown(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const bool send_shutdown, bool *done)
+static CURLcode cr_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data,
+ const bool send_shutdown, bool *done)
{
struct ssl_connect_data *connssl = cf->ctx;
struct rustls_ssl_backend_data *backend =
return result;
}
-static void
-cr_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+static void cr_close(struct Curl_cfilter *cf, struct Curl_easy *data)
{
const struct ssl_connect_data *connssl = cf->ctx;
struct rustls_ssl_backend_data *backend =
return curl_msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data);
}
-static CURLcode
-cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length)
+static CURLcode cr_random(struct Curl_easy *data, unsigned char *entropy,
+ size_t length)
{
rustls_result rresult = 0;
(void)data;
- rresult =
- rustls_default_crypto_provider_random(entropy, length);
+ rresult = rustls_default_crypto_provider_random(entropy, length);
return map_error(rresult);
}
#ifdef USE_SCHANNEL
#ifndef USE_WINDOWS_SSPI
-# error "cannot compile SCHANNEL support without SSPI."
+#error "cannot compile SCHANNEL support without SSPI."
#endif
#include "schannel.h"
*/
#ifdef CURL_SCHANNEL_DEV_DEBUG
#define SCH_DEV(x) x
-#define SCH_DEV_SHOWBOOL(x) \
+#define SCH_DEV_SHOWBOOL(x) \
infof(data, "schannel: " #x " %s", (x) ? "TRUE" : "FALSE");
#else
#define SCH_DEV(x) do { } while(0)
desc->cBuffers = NumArrElem;
}
-static CURLcode
-schannel_set_ssl_version_min_max(DWORD *enabled_protocols,
- struct Curl_cfilter *cf,
- struct Curl_easy *data)
+static CURLcode schannel_set_ssl_version_min_max(DWORD *enabled_protocols,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
long ssl_version = conn_config->version;
int id;
};
-static const struct algo algs[]= {
+static const struct algo algs[] = {
CIPHEROPTION(CALG_MD2),
CIPHEROPTION(CALG_MD4),
CIPHEROPTION(CALG_MD5),
{NULL, 0},
};
-static int
-get_alg_id_by_name(const char *name)
+static int get_alg_id_by_name(const char *name)
{
const char *nameEnd = strchr(name, ':');
size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
#define NUM_CIPHERS 47 /* There are 47 options listed above */
-static CURLcode
-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
- ALG_ID *algIds)
+static CURLcode set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
+ ALG_ID *algIds)
{
const char *startCur = ciphers;
int algCount = 0;
}
/* Function allocates memory for store_path only if CURLE_OK is returned */
-static CURLcode
-get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
- TCHAR **thumbprint)
+static CURLcode get_cert_location(TCHAR *path, DWORD *store_name,
+ TCHAR **store_path, TCHAR **thumbprint)
{
TCHAR *sep;
TCHAR *store_path_start;
*store_name = CERT_SYSTEM_STORE_SERVICES;
else if(_tcsncmp(path, TEXT("Users"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_USERS;
- else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"),
- store_name_len) == 0)
+ else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
- else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"),
- store_name_len) == 0)
+ else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
- else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"),
- store_name_len) == 0)
+ else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE;
else
return CURLE_SSL_CERTPROBLEM;
return CURLE_OK;
}
-static CURLcode
-schannel_acquire_credential_handle(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
if(ssl_config->no_revoke) {
flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
DEBUGF(infof(data, "schannel: disabled server certificate revocation "
- "checks"));
+ "checks"));
}
else if(ssl_config->revoke_best_effort) {
flags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE | SCH_CRED_REVOCATION_CHECK_CHAIN;
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE |
+ SCH_CRED_REVOCATION_CHECK_CHAIN;
DEBUGF(infof(data, "schannel: ignore revocation offline errors"));
}
else {
flags |= SCH_CRED_REVOCATION_CHECK_CHAIN;
- DEBUGF(infof(data,
- "schannel: checking server certificate revocation"));
+ DEBUGF(infof(data, "schannel: checking server certificate revocation"));
}
}
else {
flags = SCH_CRED_MANUAL_CRED_VALIDATION |
- SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
- DEBUGF(infof(data,
- "schannel: disabled server cert revocation checks"));
+ SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+ DEBUGF(infof(data, "schannel: disabled server cert revocation checks"));
}
if(!conn_config->verifyhost) {
flags |= SCH_CRED_NO_SERVERNAME_CHECK;
DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from "
- "comparing the supplied target name with the subject "
- "names in server certificates."));
+ "comparing the supplied target name with the subject "
+ "names in server certificates."));
}
if(!ssl_config->auto_client_cert) {
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
- case CURL_SSLVERSION_TLSv1_3:
- {
+ case CURL_SSLVERSION_TLSv1_3: {
result = schannel_set_ssl_version_min_max(&enabled_protocols, cf, data);
if(result)
return result;
result = get_cert_location(cert_path, &cert_store_name,
&cert_store_path, &cert_thumbprint_str);
- if(result && (data->set.ssl.primary.clientcert[0]!='\0'))
+ if(result && (data->set.ssl.primary.clientcert[0] != '\0'))
fInCert = curlx_fopen(data->set.ssl.primary.clientcert, "rb");
if(result && !fInCert) {
https://learn.microsoft.com/archive/msdn-technet-forums/3e7bc95f-b21a-4bcd-bd2c-7f996718cae5
*/
CRYPT_DATA_BLOB datablob;
- WCHAR* pszPassword;
+ WCHAR *pszPassword;
size_t pwd_len = 0;
int str_w_len = 0;
int cert_find_flags;
}
/* Convert key-pair data to the in-memory certificate store */
- datablob.pbData = (BYTE*)certdata;
+ datablob.pbData = (BYTE *)certdata;
datablob.cbData = (DWORD)certsize;
if(data->set.ssl.key_passwd)
pwd_len = strlen(data->set.ssl.key_passwd);
- pszPassword = (WCHAR*)curlx_malloc(sizeof(WCHAR)*(pwd_len + 1));
+ pszPassword = (WCHAR *)curlx_malloc(sizeof(WCHAR) * (pwd_len + 1));
if(pszPassword) {
if(pwd_len > 0)
str_w_len = MultiByteToWideChar(CP_UTF8,
return CURLE_OK;
}
-static CURLcode
-schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode schannel_connect_step1(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
size_t written = 0;
struct ssl_connect_data *connssl = cf->ctx;
CURLcode result;
DEBUGASSERT(backend);
- DEBUGF(infof(data,
- "schannel: SSL/TLS connection with %s port %d (step 1/3)",
+ DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 1/3)",
connssl->peer.hostname, connssl->peer.port));
if(curlx_verify_windows_version(5, 1, 0, PLATFORM_WINNT,
}
else {
failf(data, "schannel: this version of Windows is too old to support "
- "certificate verification via CA bundle file.");
+ "certificate verification via CA bundle file.");
return CURLE_SSL_CACERT_BADFILE;
}
}
int cur = 0;
int list_start_index = 0;
unsigned int *extension_len = NULL;
- unsigned short* list_len = NULL;
+ unsigned short *list_len = NULL;
struct alpn_proto_buf proto;
/* The first four bytes will be an unsigned int indicating number
/* The next two bytes will be an unsigned short indicating the number
of bytes used to list the preferred protocols. */
- list_len = (unsigned short*)(void *)(&alpn_buffer[cur]);
+ list_len = (unsigned short *)(void *)(&alpn_buffer[cur]);
cur += (int)sizeof(unsigned short);
list_start_index = cur;
/* security request flags */
backend->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
- ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
- ISC_REQ_STREAM;
+ ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
+ ISC_REQ_STREAM;
if(!ssl_config->auto_client_cert) {
backend->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
}
}
-static CURLcode
-schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode schannel_connect_step2(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct schannel_ssl_backend_data *backend =
doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND) ? FALSE : TRUE;
connssl->io_need = CURL_SSL_IO_NEED_NONE;
- DEBUGF(infof(data,
- "schannel: SSL/TLS connection with %s port %d (step 2/3)",
+ DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 2/3)",
connssl->peer.hostname, connssl->peer.port));
if(!backend->cred || !backend->ctxt)
if(backend->encdata_offset > inbuf[1].cbBuffer) {
memmove(backend->encdata_buffer,
(backend->encdata_buffer + backend->encdata_offset) -
- inbuf[1].cbBuffer, inbuf[1].cbBuffer);
+ inbuf[1].cbBuffer,
+ inbuf[1].cbBuffer);
backend->encdata_offset = inbuf[1].cbBuffer;
if(sspi_status == SEC_I_CONTINUE_NEEDED) {
doread = FALSE;
return CURLE_OK;
}
-static bool
-valid_cert_encoding(const CERT_CONTEXT *cert_context)
+static bool valid_cert_encoding(const CERT_CONTEXT *cert_context)
{
return (cert_context != NULL) &&
((cert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) &&
(cert_context->cbCertEncoded > 0);
}
-typedef bool(*Read_crt_func)(const CERT_CONTEXT *ccert_context,
- bool reverse_order, void *arg);
+typedef bool (*Read_crt_func)(const CERT_CONTEXT *ccert_context,
+ bool reverse_order, void *arg);
-static void
-traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func,
- void *arg)
+static void traverse_cert_store(const CERT_CONTEXT *context,
+ Read_crt_func func, void *arg)
{
const CERT_CONTEXT *current_context = NULL;
bool should_continue = TRUE;
CertFreeCertificateContext(current_context);
}
-static bool
-cert_counter_callback(const CERT_CONTEXT *ccert_context, bool reverse_order,
- void *certs_count)
+static bool cert_counter_callback(const CERT_CONTEXT *ccert_context,
+ bool reverse_order, void *certs_count)
{
(void)reverse_order;
if(valid_cert_encoding(ccert_context))
return TRUE;
}
-struct Adder_args
-{
+struct Adder_args {
struct Curl_easy *data;
CURLcode result;
int idx;
int certs_count;
};
-static bool
-add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, bool reverse_order,
- void *raw_arg)
+static bool add_cert_to_certinfo(const CERT_CONTEXT *ccert_context,
+ bool reverse_order, void *raw_arg)
{
- struct Adder_args *args = (struct Adder_args*)raw_arg;
+ struct Adder_args *args = (struct Adder_args *)raw_arg;
args->result = CURLE_OK;
if(valid_cert_encoding(ccert_context)) {
- const char *beg = (const char *) ccert_context->pbCertEncoded;
+ const char *beg = (const char *)ccert_context->pbCertEncoded;
const char *end = beg + ccert_context->cbCertEncoded;
int insert_index = reverse_order ? (args->certs_count - 1) - args->idx :
args->idx;
}
}
-static CURLcode
-schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode schannel_connect_step3(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct schannel_ssl_backend_data *backend =
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
DEBUGASSERT(backend);
- DEBUGF(infof(data,
- "schannel: SSL/TLS connection with %s port %d (step 3/3)",
+ DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 3/3)",
connssl->peer.hostname, connssl->peer.port));
if(!backend->cred)
return result;
}
-static CURLcode
-schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
- const void *buf, size_t len, size_t *pnwritten)
+static CURLcode schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+ const void *buf, size_t len, size_t *pnwritten)
{
size_t data_len = 0;
unsigned char *ptr = NULL;
else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
result = CURLE_OUT_OF_MEMORY;
}
- else{
+ else {
result = CURLE_SEND_ERROR;
}
return result;
}
-static CURLcode
-schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
- char *buf, size_t len, size_t *pnread)
+static CURLcode schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+ char *buf, size_t len, size_t *pnread)
{
size_t size = 0;
size_t nread = 0;
/* https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-decryptmessage
*/
sspi_status = Curl_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle,
- &inbuf_desc, 0, NULL);
+ &inbuf_desc, 0, NULL);
/* check if everything went fine (server may want to renegotiate
or shutdown the connection context) */
buffer */
memmove(backend->encdata_buffer,
(backend->encdata_buffer + backend->encdata_offset) -
- inbuf[3].cbBuffer, inbuf[3].cbBuffer);
+ inbuf[3].cbBuffer,
+ inbuf[3].cbBuffer);
backend->encdata_offset = inbuf[3].cbBuffer;
}
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
- sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1);
+ sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1);
if(!share || !share->cert_store) {
return NULL;
}
static void schannel_cert_share_free(void *key, size_t key_len, void *p)
{
struct schannel_cert_share *share = p;
- DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1));
+ DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_SCHANNEL_CERT_SHARE_KEY, key, key_len));
(void)key;
(void)key_len;
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
- sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1);
+ sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
if(!share) {
}
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_SCHANNEL_CERT_SHARE_KEY),
- sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1,
+ sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY) - 1,
share, schannel_cert_share_free)) {
curlx_free(share);
return FALSE;
* (and only here).
*/
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
-# undef X509_NAME
-# undef X509_CERT_PAIR
-# undef X509_EXTENSIONS
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
#endif
extern const struct Curl_ssl Curl_ssl_schannel;
-CURLcode Curl_verify_host(struct Curl_cfilter *cf,
- struct Curl_easy *data);
+CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data);
CURLcode Curl_verify_certificate(struct Curl_cfilter *cf,
struct Curl_easy *data);
#ifdef USE_SCHANNEL
#ifndef USE_WINDOWS_SSPI
-# error "cannot compile SCHANNEL support without SSPI."
+#error "cannot compile SCHANNEL support without SSPI."
#endif
#include "schannel.h"
const CERT_CONTEXT *cert_context = NULL;
BOOL add_cert_result = FALSE;
DWORD actual_content_type = 0;
- DWORD cert_size = (DWORD)
- ((end_cert_ptr + end_cert_len) - begin_cert_ptr);
+ DWORD cert_size =
+ (DWORD)((end_cert_ptr + end_cert_len) - begin_cert_ptr);
cert_blob.pbData = (BYTE *)CURL_UNCONST(begin_cert_ptr);
cert_blob.cbData = cert_size;
if(result == CURLE_OK) {
if(!num_certs) {
- infof(data,
- "schannel: did not add any certificates from CA file '%s'",
+ infof(data, "schannel: did not add any certificates from CA file '%s'",
ca_file_text);
}
else {
- infof(data,
- "schannel: added %d certificate(s) from CA file '%s'",
+ infof(data, "schannel: added %d certificate(s) from CA file '%s'",
num_certs, ca_file_text);
}
}
ca_file_tstr = curlx_convert_UTF8_to_tchar(ca_file);
if(!ca_file_tstr) {
char buffer[WINAPI_ERROR_LEN];
- failf(data,
- "schannel: invalid path name for CA file '%s': %s",
- ca_file,
+ failf(data, "schannel: invalid path name for CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
NULL);
if(ca_file_handle == INVALID_HANDLE_VALUE) {
char buffer[WINAPI_ERROR_LEN];
- failf(data,
- "schannel: failed to open CA file '%s': %s",
- ca_file,
+ failf(data, "schannel: failed to open CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
if(!GetFileSizeEx(ca_file_handle, &file_size)) {
char buffer[WINAPI_ERROR_LEN];
- failf(data,
- "schannel: failed to determine size of CA file '%s': %s",
+ failf(data, "schannel: failed to determine size of CA file '%s': %s",
ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
}
if(file_size.QuadPart > MAX_CAFILE_SIZE) {
- failf(data,
- "schannel: CA file exceeds max size of %u bytes",
+ failf(data, "schannel: CA file exceeds max size of %u bytes",
MAX_CAFILE_SIZE);
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
if(!ReadFile(ca_file_handle, ca_file_buffer + total_bytes_read,
bytes_to_read, &bytes_read, NULL)) {
char buffer[WINAPI_ERROR_LEN];
- failf(data,
- "schannel: failed to read from CA file '%s': %s",
- ca_file,
+ failf(data, "schannel: failed to read from CA file '%s': %s", ca_file,
curlx_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
result = CURLE_SSL_CACERT_BADFILE;
goto cleanup;
}
/*
-* Returns TRUE if the hostname is a numeric IPv4/IPv6 Address,
-* and populates the buffer with IPv4/IPv6 info.
-*/
+ * Returns TRUE if the hostname is a numeric IPv4/IPv6 Address,
+ * and populates the buffer with IPv4/IPv6 info.
+ */
-static bool get_num_host_info(struct num_ip_data *ip_blob,
- LPCSTR hostname)
+static bool get_num_host_info(struct num_ip_data *ip_blob, LPCSTR hostname)
{
struct in_addr ia;
struct in6_addr ia6;
&decode_para,
alt_name_info,
alt_name_info_size)) {
- failf(data,
- "schannel: CryptDecodeObjectEx() returned no alternate name "
- "information.");
+ failf(data, "schannel: CryptDecodeObjectEx() returned no alternate name "
+ "information.");
return result;
}
result = TRUE;
}
/* Verify the server's hostname */
-CURLcode Curl_verify_host(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+CURLcode Curl_verify_host(struct Curl_cfilter *cf, struct Curl_easy *data)
{
CURLcode result = CURLE_PEER_FAILED_VERIFICATION;
struct ssl_connect_data *connssl = cf->ctx;
DWORD actual_len = 0;
PCERT_ALT_NAME_INFO alt_name_info = NULL;
DWORD alt_name_info_size = 0;
- struct num_ip_data ip_blob = { 0 };
+ struct num_ip_data ip_blob = {0};
bool Win8_compat;
struct num_ip_data *p = &ip_blob;
DWORD i;
* list URL, or when the list could not be downloaded because the
* server is currently unreachable. */
dwTrustErrorMask &= ~(DWORD)(CERT_TRUST_REVOCATION_STATUS_UNKNOWN |
- CERT_TRUST_IS_OFFLINE_REVOCATION);
+ CERT_TRUST_IS_OFFLINE_REVOCATION);
}
if(dwTrustErrorMask) {
dest->var = NULL; \
} while(0)
-#define CLONE_BLOB(var) \
- do { \
- if(blobdup(&dest->var, source->var)) \
- return FALSE; \
+#define CLONE_BLOB(var) \
+ do { \
+ if(blobdup(&dest->var, source->var)) \
+ return FALSE; \
} while(0)
-static CURLcode blobdup(struct curl_blob **dest,
- struct curl_blob *src)
+static CURLcode blobdup(struct curl_blob **dest, struct curl_blob *src)
{
DEBUGASSERT(dest);
DEBUGASSERT(!*dest);
#endif
#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_PROXY)
-static const struct alpn_spec *
-alpn_get_spec(http_majors allowed, bool use_alpn)
+static const struct alpn_spec *alpn_get_spec(http_majors allowed,
+ bool use_alpn)
{
if(!use_alpn)
return NULL;
#endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_PROXY */
#endif /* USE_SSL */
-
void Curl_ssl_easy_config_init(struct Curl_easy *data)
{
/*
#endif
}
-static bool
-match_ssl_primary_config(struct Curl_easy *data,
- struct ssl_primary_config *c1,
- struct ssl_primary_config *c2)
+static bool match_ssl_primary_config(struct Curl_easy *data,
+ struct ssl_primary_config *c1,
+ struct ssl_primary_config *c2)
{
(void)data;
if((c1->version == c2->version) &&
sslc->primary.cipher_list13 = data->set.str[STRING_SSL_CIPHER13_LIST];
sslc->primary.signature_algorithms =
data->set.str[STRING_SSL_SIGNATURE_ALGORITHMS];
- sslc->primary.pinned_key =
- data->set.str[STRING_SSL_PINNEDPUBLICKEY];
+ sslc->primary.pinned_key = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
sslc->primary.cert_blob = data->set.blobs[BLOB_CERT];
sslc->primary.ca_info_blob = data->set.blobs[BLOB_CAINFO];
sslc->primary.curves = data->set.str[STRING_SSL_EC_CURVES];
Curl_ssl->close_all(data);
}
-CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct easy_pollset *ps)
+CURLcode Curl_ssl_adjust_pollset(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct easy_pollset *ps)
{
struct ssl_connect_data *connssl = cf->ctx;
Curl_ssl_free_certinfo(data);
/* Allocate the required certificate information structures */
- table = curlx_calloc((size_t) num, sizeof(struct curl_slist *));
+ table = curlx_calloc((size_t)num, sizeof(struct curl_slist *));
if(!table)
return CURLE_OUT_OF_MEMORY;
curlx_dyn_addn(&build, value, valuelen))
return CURLE_OUT_OF_MEMORY;
- nl = Curl_slist_append_nodup(ci->certinfo[certnum],
- curlx_dyn_ptr(&build));
+ nl = Curl_slist_append_nodup(ci->certinfo[certnum], curlx_dyn_ptr(&build));
if(!nl) {
curlx_dyn_free(&build);
curl_slist_free_all(ci->certinfo[certnum]);
pinned_hash = pinnedpubkey;
while(pinned_hash &&
- !strncmp(pinned_hash, "sha256//", (sizeof("sha256//")-1))) {
- pinned_hash = pinned_hash + (sizeof("sha256//")-1);
+ !strncmp(pinned_hash, "sha256//", (sizeof("sha256//") - 1))) {
+ pinned_hash = pinned_hash + (sizeof("sha256//") - 1);
end_pos = strchr(pinned_hash, ';');
pinned_hash_len = end_pos ?
(size_t)(end_pos - pinned_hash) : strlen(pinned_hash);
* if the size of our certificate is bigger than the file
* size then it cannot match
*/
- size = curlx_sotouz((curl_off_t) filesize);
+ size = curlx_sotouz((curl_off_t)filesize);
if(pubkeylen > size)
goto end;
/* not an IP address, normalize according to RCC 6066 ch. 3,
* max len of SNI is 2^16-1, no trailing dot */
size_t len = strlen(peer->hostname);
- if(len && (peer->hostname[len-1] == '.'))
+ if(len && (peer->hostname[len - 1] == '.'))
len--;
if(len < USHRT_MAX) {
peer->sni = curlx_calloc(1, len + 1);
*done = TRUE;
/* If we have done the SSL handshake, shut down the connection cleanly */
if(cf->connected && (connssl->state == ssl_connection_complete) &&
- !cf->shutdown && Curl_ssl->shut_down) {
+ !cf->shutdown && Curl_ssl->shut_down) {
struct cf_call_data save;
CF_DATA_SAVE(save, cf, data);
#ifdef USE_HTTP2
if(conn->http_proxy.proxytype == CURLPROXY_HTTPS2) {
use_alpn = TRUE;
- allowed = (CURL_HTTP_V1x|CURL_HTTP_V2x);
+ allowed = (CURL_HTTP_V1x | CURL_HTTP_V2x);
}
#endif
}
result = connssl->ssl_impl->shut_down(cf, data, send_shutdown, done);
- if(result ||*done)
+ if(result || *done)
goto out;
if(connssl->io_need) {
if(proto && proto_len) {
if(memchr(proto, '\0', proto_len)) {
failf(data, "ALPN: server selected protocol contains NUL. "
- "Refusing to continue.");
+ "Refusing to continue.");
result = CURLE_SSL_CONNECT_ERROR;
goto out;
}
#define Curl_ssl_init() 1
#define Curl_ssl_cleanup() Curl_nop_stmt
#define Curl_ssl_close_all(x) Curl_nop_stmt
-#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_set_engine(x, y) CURLE_NOT_BUILT_IN
#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
#define Curl_ssl_engines_list(x) NULL
#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
-#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
+#define Curl_ssl_random(x, y, z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_cert_status_request() FALSE
-#define Curl_ssl_supports(a,b) FALSE
-#define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN
-#define Curl_ssl_cfilter_remove(a,b,c) CURLE_OK
-#define Curl_ssl_cf_get_config(a,b) NULL
+#define Curl_ssl_supports(a, b) FALSE
+#define Curl_ssl_cfilter_add(a, b, c) CURLE_NOT_BUILT_IN
+#define Curl_ssl_cfilter_remove(a, b, c) CURLE_OK
+#define Curl_ssl_cf_get_config(a, b) NULL
#define Curl_ssl_cf_get_primary_config(a) NULL
#endif
const unsigned char *proto,
size_t proto_len);
-bool Curl_alpn_contains_proto(const struct alpn_spec *spec,
- const char *proto);
+bool Curl_alpn_contains_proto(const struct alpn_spec *spec, const char *proto);
/* enum for the nonblocking SSL connection state machine */
typedef enum {
} ssl_earlydata_state;
#define CURL_SSL_IO_NEED_NONE (0)
-#define CURL_SSL_IO_NEED_RECV (1<<0)
-#define CURL_SSL_IO_NEED_SEND (1<<1)
+#define CURL_SSL_IO_NEED_RECV (1 << 0)
+#define CURL_SSL_IO_NEED_SEND (1 << 1)
/* Max earlydata payload we want to send */
-#define CURL_SSL_EARLY_MAX (64*1024)
+#define CURL_SSL_EARLY_MAX (64 * 1024)
/* Information in each SSL cfilter context: cf->ctx */
struct ssl_connect_data {
BIT(input_pending); /* data for SSL_read() may be available */
};
-
#undef CF_CTX_CALL_DATA
-#define CF_CTX_CALL_DATA(cf) \
- ((struct ssl_connect_data *)(cf)->ctx)->call_data
-
+#define CF_CTX_CALL_DATA(cf) ((struct ssl_connect_data *)(cf)->ctx)->call_data
/* Definitions for SSL Implementations */
/* data_pending() shall return TRUE when it wants to get called again to
drain internal buffers and deliver data instead of waiting for the socket
to get readable */
- bool (*data_pending)(struct Curl_cfilter *cf,
- const struct Curl_easy *data);
+ bool (*data_pending)(struct Curl_cfilter *cf, const struct Curl_easy *data);
/* return 0 if a find random is filled in */
CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
struct curl_slist *(*engines_list)(struct Curl_easy *data);
CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
- unsigned char *sha256sum, size_t sha256sumlen);
+ unsigned char *sha256sum, size_t sha256sumlen);
CURLcode (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
char *buf, size_t len, size_t *pnread);
CURLcode (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex,
struct dynbuf *binding);
-
};
extern const struct Curl_ssl *Curl_ssl;
curlx_free(s);
}
-CURLcode
-Curl_ssl_session_create(void *sdata, size_t sdata_len,
- int ietf_tls_id, const char *alpn,
- curl_off_t valid_until, size_t earlydata_max,
- struct Curl_ssl_session **psession)
+CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len,
+ int ietf_tls_id, const char *alpn,
+ curl_off_t valid_until, size_t earlydata_max,
+ struct Curl_ssl_session **psession)
{
return Curl_ssl_session_create2(sdata, sdata_len, ietf_tls_id, alpn,
valid_until, earlydata_max,
NULL, 0, psession);
}
-CURLcode
-Curl_ssl_session_create2(void *sdata, size_t sdata_len,
- int ietf_tls_id, const char *alpn,
- curl_off_t valid_until, size_t earlydata_max,
- unsigned char *quic_tp, size_t quic_tp_len,
- struct Curl_ssl_session **psession)
+CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len,
+ int ietf_tls_id, const char *alpn,
+ curl_off_t valid_until, size_t earlydata_max,
+ unsigned char *quic_tp, size_t quic_tp_len,
+ struct Curl_ssl_session **psession)
{
struct Curl_ssl_session *s;
}
scache->magic = CURL_SCACHE_MAGIC;
- scache->default_lifetime_secs = (24*60*60); /* 1 day */
+ scache->default_lifetime_secs = (24 * 60 * 60); /* 1 day */
scache->peer_count = max_peers;
scache->peers = peers;
scache->age = 1;
if(ssl->version || ssl->version_max) {
r = curlx_dyn_addf(&buf, ":TLSVER-%d-%d", ssl->version,
- (ssl->version_max >> 16));
+ (ssl->version_max >> 16));
if(r)
goto out;
}
else if(!Curl_safecmp(peer->clientcert, conn_config->clientcert))
return FALSE;
#ifdef USE_TLS_SRP
- if(Curl_timestrcmp(peer->srp_username, conn_config->username) ||
- Curl_timestrcmp(peer->srp_password, conn_config->password))
- return FALSE;
+ if(Curl_timestrcmp(peer->srp_username, conn_config->username) ||
+ Curl_timestrcmp(peer->srp_password, conn_config->password))
+ return FALSE;
#endif
return TRUE;
}
-static CURLcode
-cf_ssl_find_peer_by_key(struct Curl_easy *data,
- struct Curl_ssl_scache *scache,
- const char *ssl_peer_key,
- struct ssl_primary_config *conn_config,
- struct Curl_ssl_scache_peer **ppeer)
+static CURLcode cf_ssl_find_peer_by_key(struct Curl_easy *data,
+ struct Curl_ssl_scache *scache,
+ const char *ssl_peer_key,
+ struct ssl_primary_config *conn_config,
+ struct Curl_ssl_scache_peer **ppeer)
{
size_t i, peer_key_len = 0;
CURLcode result = CURLE_OK;
return peer;
}
-static CURLcode
-cf_ssl_add_peer(struct Curl_easy *data,
- struct Curl_ssl_scache *scache,
- const char *ssl_peer_key,
- struct ssl_primary_config *conn_config,
- struct Curl_ssl_scache_peer **ppeer)
+static CURLcode cf_ssl_add_peer(struct Curl_easy *data,
+ struct Curl_ssl_scache *scache,
+ const char *ssl_peer_key,
+ struct ssl_primary_config *conn_config,
+ struct Curl_ssl_scache_peer **ppeer)
{
struct Curl_ssl_scache_peer *peer = NULL;
CURLcode result = CURLE_OK;
#ifdef USE_SSLS_EXPORT
-#define CURL_SSL_TICKET_MAX (16*1024)
+#define CURL_SSL_TICKET_MAX (16 * 1024)
static CURLcode cf_ssl_scache_peer_set_hmac(struct Curl_ssl_scache_peer *peer)
{
/* RFC 8446 (TLSv1.3) restrict lifetime to one week max, for
* other, less secure versions, we restrict it to a day */
-#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60*60*24*7)
-#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60*60*24)
+#define CURL_SCACHE_MAX_13_LIFETIME_SEC (60 * 60 * 24 * 7)
+#define CURL_SCACHE_MAX_12_LIFETIME_SEC (60 * 60 * 24)
/* Create a session cache for up to max_peers endpoints with a total
* of up to max_sessions SSL sessions per peer */
* in case this is not known.
* @param psession on return the scached session instance created
*/
-CURLcode
-Curl_ssl_session_create(void *sdata, size_t sdata_len,
- int ietf_tls_id, const char *alpn,
- curl_off_t valid_until,
- size_t earlydata_max,
- struct Curl_ssl_session **psession);
+CURLcode Curl_ssl_session_create(void *sdata, size_t sdata_len,
+ int ietf_tls_id, const char *alpn,
+ curl_off_t valid_until, size_t earlydata_max,
+ struct Curl_ssl_session **psession);
/* Variation of session creation with quic transport parameter bytes,
* Takes ownership of `quic_tp` regardless of return code. */
-CURLcode
-Curl_ssl_session_create2(void *sdata, size_t sdata_len,
- int ietf_tls_id, const char *alpn,
- curl_off_t valid_until,
- size_t earlydata_max,
- unsigned char *quic_tp, size_t quic_tp_len,
- struct Curl_ssl_session **psession);
+CURLcode Curl_ssl_session_create2(void *sdata, size_t sdata_len,
+ int ietf_tls_id, const char *alpn,
+ curl_off_t valid_until, size_t earlydata_max,
+ unsigned char *quic_tp, size_t quic_tp_len,
+ struct Curl_ssl_session **psession);
/* Destroy a `session` instance. Can be called with NULL.
* Does NOT need locking. */
return curlx_dyn_addn(buf, &b, 1);
}
-static CURLcode
-spack_dec8(uint8_t *val, const uint8_t **src, const uint8_t *end)
+static CURLcode spack_dec8(uint8_t *val, const uint8_t **src,
+ const uint8_t *end)
{
if(end - *src < 1)
return CURLE_READ_ERROR;
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
-static CURLcode
-spack_dec16(uint16_t *val, const uint8_t **src, const uint8_t *end)
+static CURLcode spack_dec16(uint16_t *val, const uint8_t **src,
+ const uint8_t *end)
{
if(end - *src < 2)
return CURLE_READ_ERROR;
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
-static CURLcode
-spack_dec32(uint32_t *val, const uint8_t **src, const uint8_t *end)
+static CURLcode spack_dec32(uint32_t *val, const uint8_t **src,
+ const uint8_t *end)
{
if(end - *src < 4)
return CURLE_READ_ERROR;
nval[0] = (uint8_t)(val >> 56);
nval[1] = (uint8_t)(val >> 48);
nval[2] = (uint8_t)(val >> 40);
- nval[3] = (uint8_t)(val >> 32); \
+ nval[3] = (uint8_t)(val >> 32);
nval[4] = (uint8_t)(val >> 24);
nval[5] = (uint8_t)(val >> 16);
nval[6] = (uint8_t)(val >> 8);
return curlx_dyn_addn(buf, nval, sizeof(nval));
}
-static CURLcode
-spack_dec64(uint64_t *val, const uint8_t **src, const uint8_t *end)
+static CURLcode spack_dec64(uint64_t *val, const uint8_t **src,
+ const uint8_t *end)
{
if(end - *src < 8)
return CURLE_READ_ERROR;
return r;
}
-static CURLcode
-spack_decstr16(char **val, const uint8_t **src, const uint8_t *end)
+static CURLcode spack_decstr16(char **val, const uint8_t **src,
+ const uint8_t *end)
{
uint16_t slen;
CURLcode r;
return *val ? CURLE_OK : CURLE_OUT_OF_MEMORY;
}
-static CURLcode spack_encdata16(struct dynbuf *buf,
- const uint8_t *data, size_t data_len)
+static CURLcode spack_encdata16(struct dynbuf *buf, const uint8_t *data,
+ size_t data_len)
{
CURLcode r;
if(data_len > UINT16_MAX)
return r;
}
-static CURLcode
-spack_decdata16(uint8_t **val, size_t *val_len,
- const uint8_t **src, const uint8_t *end)
+static CURLcode spack_decdata16(uint8_t **val, size_t *val_len,
+ const uint8_t **src, const uint8_t *end)
{
uint16_t data_len;
CURLcode r;
* (--enable-opensslextra or --enable-all).
*/
#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
-static int
-wssl_tls13_secret_callback(SSL *ssl, int id, const unsigned char *secret,
- int secretSz, void *ctx)
+static int wssl_tls13_secret_callback(SSL *ssl, int id,
+ const unsigned char *secret,
+ int secretSz, void *ctx)
{
const char *label;
unsigned char client_random[SSL3_RANDOM_SIZE];
return ret;
}
-static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio,
- const char *buf, int blen)
+static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
{
struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
struct ssl_connect_data *connssl = cf->ctx;
{
struct Curl_cfilter *cf;
- cf = (struct Curl_cfilter*)wolfSSL_get_app_data(ssl);
+ cf = (struct Curl_cfilter *)wolfSSL_get_app_data(ssl);
DEBUGASSERT(cf != NULL);
if(cf && session) {
struct ssl_connect_data *connssl = cf->ctx;
connssl->earlydata_state = ssl_earlydata_await;
connssl->state = ssl_connection_deferred;
result = Curl_alpn_set_negotiated(cf, data, connssl,
- (const unsigned char *)scs->alpn,
- scs->alpn ? strlen(scs->alpn) : 0);
+ (const unsigned char *)scs->alpn,
+ scs->alpn ? strlen(scs->alpn) : 0);
*do_early_data = !result;
}
return result;
}
#else
infof(data, "ignoring native CA option because wolfSSL was built without "
- "native CA support");
+ "native CA support");
#endif
}
#endif /* !NO_FILESYSTEM */
/* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "error setting certificate verify locations,"
- " continuing anyway:");
+ " continuing anyway:");
}
}
else {
#define MPROTO_WSSL_X509_KEY "tls:wssl:x509:share"
struct wssl_x509_share {
- char *CAfile; /* CAfile path used to generate X509 store */
+ char *CAfile; /* CAfile path used to generate X509 store */
WOLFSSL_X509_STORE *store; /* cached X509 store or NULL if none */
- struct curltime time; /* when the cached store was created */
+ struct curltime time; /* when the cached store was created */
};
static void wssl_x509_share_free(void *key, size_t key_len, void *p)
{
struct wssl_x509_share *share = p;
- DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY)-1));
+ DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY) - 1));
DEBUGASSERT(!memcmp(MPROTO_WSSL_X509_KEY, key, key_len));
(void)key;
(void)key_len;
curlx_free(share);
}
-static bool
-wssl_cached_x509_store_expired(const struct Curl_easy *data,
- const struct wssl_x509_share *mb)
+static bool wssl_cached_x509_store_expired(const struct Curl_easy *data,
+ const struct wssl_x509_share *mb)
{
const struct ssl_general_config *cfg = &data->set.general_ssl;
struct curltime now = curlx_now();
return elapsed_ms >= timeout_ms;
}
-static bool
-wssl_cached_x509_store_different(struct Curl_cfilter *cf,
- const struct wssl_x509_share *mb)
+static bool wssl_cached_x509_store_different(struct Curl_cfilter *cf,
+ const struct wssl_x509_share *mb)
{
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
if(!mb->CAfile || !conn_config->CAfile)
DEBUGASSERT(multi);
share = multi ? Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
- sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL;
+ sizeof(MPROTO_WSSL_X509_KEY) - 1) : NULL;
if(share && share->store &&
!wssl_cached_x509_store_expired(data, share) &&
!wssl_cached_x509_store_different(cf, share)) {
return;
share = Curl_hash_pick(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
- sizeof(MPROTO_WSSL_X509_KEY)-1);
+ sizeof(MPROTO_WSSL_X509_KEY) - 1);
if(!share) {
share = curlx_calloc(1, sizeof(*share));
return;
if(!Curl_hash_add2(&multi->proto_hash,
CURL_UNCONST(MPROTO_WSSL_X509_KEY),
- sizeof(MPROTO_WSSL_X509_KEY)-1,
+ sizeof(MPROTO_WSSL_X509_KEY) - 1,
share, wssl_x509_share_free)) {
curlx_free(share);
return;
}
#ifdef WOLFSSL_TLS13
-static CURLcode
-wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
+static CURLcode wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
{
int i;
char *str;
/* 4.2.0 (2019) */
#if LIBWOLFSSL_VERSION_HEX < 0x04002000 || !defined(OPENSSL_EXTRA)
-static int
-wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
+static int wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX *ctx, int version)
{
int res;
switch(version) {
}
return res;
}
-static int
-wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version)
+
+static int wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX *ctx, int version)
{
(void)ctx, (void)version;
return WOLFSSL_NOT_IMPLEMENTED;
return CURLE_OK;
}
-
#define QUIC_GROUPS "P-256:P-384:P-521"
CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
{
struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
struct ssl_primary_config *conn_config;
- WOLFSSL_METHOD* req_method = NULL;
+ WOLFSSL_METHOD *req_method = NULL;
struct alpn_spec alpns;
char *curves;
#ifdef WOLFSSL_HAVE_KYBER
/* Ensure the Client Random is preserved. */
wolfSSL_KeepArrays(wctx->ssl);
#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
- wolfSSL_set_tls13_secret_cb(wctx->ssl,
- wssl_tls13_secret_callback, NULL);
+ wolfSSL_set_tls13_secret_cb(wctx->ssl, wssl_tls13_secret_callback, NULL);
#endif
}
#endif /* OPENSSL_EXTRA */
if(data->set.tls_ech == CURLECH_GREASE) {
infof(data, "ECH: GREASE is done by default by wolfSSL: no need to ask");
}
- if(data->set.tls_ech & CURLECH_CLA_CFG
- && data->set.str[STRING_ECH_CONFIG]) {
+ if(data->set.tls_ech & CURLECH_CLA_CFG &&
+ data->set.str[STRING_ECH_CONFIG]) {
char *b64val = data->set.str[STRING_ECH_CONFIG];
word32 b64len = 0;
- b64len = (word32) strlen(b64val);
- if(b64len
- && wolfSSL_SetEchConfigsBase64(wctx->ssl, b64val, b64len)
- != WOLFSSL_SUCCESS) {
+ b64len = (word32)strlen(b64val);
+ if(b64len &&
+ wolfSSL_SetEchConfigsBase64(wctx->ssl,
+ b64val, b64len) != WOLFSSL_SUCCESS) {
if(data->set.tls_ech & CURLECH_HARD) {
result = CURLE_SSL_CONNECT_ERROR;
goto out;
size_t elen = rinfo->echconfiglist_len;
infof(data, "ECH: ECHConfig from DoH HTTPS RR");
- if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32) elen) !=
- WOLFSSL_SUCCESS) {
+ if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32)elen) !=
+ WOLFSSL_SUCCESS) {
infof(data, "ECH: wolfSSL_SetEchConfigs failed");
if(data->set.tls_ech & CURLECH_HARD) {
result = CURLE_SSL_CONNECT_ERROR;
* This function loads all the client/CA certificates and CRLs. Setup the TLS
* layer and do all necessary magic.
*/
-static CURLcode
-wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode wssl_connect_step1(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
return CURLE_OK;
}
-
-static char *wssl_strerror(unsigned long error, char *buf,
- unsigned long size)
+static char *wssl_strerror(unsigned long error, char *buf, unsigned long size)
{
DEBUGASSERT(size > 40);
*buf = '\0';
}
#endif /* WOLFSSL_EARLY_DATA */
-static CURLcode wssl_handshake(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+static CURLcode wssl_handshake(struct Curl_cfilter *cf, struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
conn_config->verifyhost &&
!connssl->peer.sni) {
/* we have an IP address as hostname. */
- WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(wssl->ssl);
+ WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(wssl->ssl);
if(!cert) {
failf(data, "unable to get peer certificate");
return CURLE_PEER_FAILED_VERIFICATION;
}
else if(wssl->io_result) {
switch(wssl->io_result) {
- case CURLE_SEND_ERROR:
- case CURLE_RECV_ERROR:
- return CURLE_SSL_CONNECT_ERROR;
- default:
- return wssl->io_result;
+ case CURLE_SEND_ERROR:
+ case CURLE_RECV_ERROR:
+ return CURLE_SSL_CONNECT_ERROR;
+ default:
+ return wssl->io_result;
}
}
#ifdef USE_ECH_WOLFSSL
int rv = 0;
/* this currently does not produce the retry_configs */
- rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs,
- &echConfigsLen);
+ rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs, &echConfigsLen);
if(rv != WOLFSSL_SUCCESS) {
infof(data, "Failed to get ECHConfigs");
}
#endif
}
-
static int wssl_init(void)
{
int ret;
return ret;
}
-
static void wssl_cleanup(void)
{
wssl_bio_cf_free_methods();
#endif
}
-
static bool wssl_data_pending(struct Curl_cfilter *cf,
const struct Curl_easy *data)
{
return FALSE;
}
-void Curl_wssl_report_handshake(struct Curl_easy *data,
- struct wssl_ctx *wssl)
+void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl)
{
#if (LIBWOLFSSL_VERSION_HEX >= 0x03009010)
- infof(data, "SSL connection using %s / %s",
- wolfSSL_get_version(wssl->ssl),
- wolfSSL_get_cipher_name(wssl->ssl));
+ infof(data, "SSL connection using %s / %s",
+ wolfSSL_get_version(wssl->ssl),
+ wolfSSL_get_cipher_name(wssl->ssl));
#else
- infof(data, "SSL connected");
+ infof(data, "SSL connected");
#endif
}
struct wssl_ctx {
struct WOLFSSL_CTX *ssl_ctx;
- struct WOLFSSL *ssl;
- CURLcode io_result; /* result of last BIO cfilter operation */
- CURLcode hs_result; /* result of handshake */
+ struct WOLFSSL *ssl;
+ CURLcode io_result; /* result of last BIO cfilter operation */
+ CURLcode hs_result; /* result of handshake */
int io_send_blocked_len; /* length of last BIO write that EAGAIN-ed */
BIT(x509_store_setup); /* x509 store has been set up */
BIT(shutting_down); /* TLS is being shut down */
struct Curl_easy *data,
struct wssl_ctx *wssl);
-void Curl_wssl_report_handshake(struct Curl_easy *data,
- struct wssl_ctx *wssl);
+void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl);
#endif /* USE_WOLFSSL */
#endif /* HEADER_CURL_WOLFSSL_H */
/* Process header byte. */
elem->header = beg;
- b = (unsigned char) *beg++;
+ b = (unsigned char)*beg++;
elem->constructed = (b & 0x20) != 0;
elem->eclass = (b >> 6) & 3;
b &= 0x1F;
/* Process length. */
if(beg >= end)
return NULL;
- b = (unsigned char) *beg++;
+ b = (unsigned char)*beg++;
if(!(b & 0x80))
len = b;
else if(!(b &= 0x7F)) {
{
if(end - beg != 1)
return CURLE_BAD_FUNCTION_ARGUMENT;
- return curlx_dyn_add(store, *beg ? "TRUE": "FALSE");
+ return curlx_dyn_add(store, *beg ? "TRUE" : "FALSE");
}
/*
CURLcode result = CURLE_OK;
while(!result && beg < end)
- result = curlx_dyn_addf(store, "%02x:", (unsigned char) *beg++);
+ result = curlx_dyn_addf(store, "%02x:", (unsigned char)*beg++);
return result;
}
-static CURLcode bit2str(struct dynbuf *store,
- const char *beg, const char *end)
+static CURLcode bit2str(struct dynbuf *store, const char *beg, const char *end)
{
/* Convert an ASN.1 bit string to a printable string. */
*
* Returns error.
*/
-static CURLcode int2str(struct dynbuf *store,
- const char *beg, const char *end)
+static CURLcode int2str(struct dynbuf *store, const char *beg, const char *end)
{
unsigned int val = 0;
size_t n = end - beg;
val = ~val;
do
- val = (val << 8) | *(const unsigned char *) beg++;
+ val = (val << 8) | *(const unsigned char *)beg++;
while(beg < end);
return curlx_dyn_addf(store, "%s%x", val >= 10 ? "0x" : "", val);
}
*
* Returns error.
*/
-static CURLcode
-utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
+static CURLcode utf8asn1str(struct dynbuf *to, int type, const char *from,
+ const char *end)
{
size_t inlength = end - from;
int size = 1;
switch(size) {
case 4:
- wc = (wc << 8) | *(const unsigned char *) from++;
- wc = (wc << 8) | *(const unsigned char *) from++;
+ wc = (wc << 8) | *(const unsigned char *)from++;
+ wc = (wc << 8) | *(const unsigned char *)from++;
FALLTHROUGH();
case 2:
- wc = (wc << 8) | *(const unsigned char *) from++;
+ wc = (wc << 8) | *(const unsigned char *)from++;
FALLTHROUGH();
default: /* case 1: */
- wc = (wc << 8) | *(const unsigned char *) from++;
+ wc = (wc << 8) | *(const unsigned char *)from++;
}
if(wc >= 0x00000080) {
if(wc >= 0x00000800) {
/* Invalid char. size for target encoding. */
return CURLE_WEIRD_SERVER_REPLY;
}
- buf[3] = (char) (0x80 | (wc & 0x3F));
+ buf[3] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00010000;
charsize++;
}
- buf[2] = (char) (0x80 | (wc & 0x3F));
+ buf[2] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00000800;
charsize++;
}
- buf[1] = (char) (0x80 | (wc & 0x3F));
+ buf[1] = (char)(0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x000000C0;
charsize++;
}
- buf[0] = (char) wc;
+ buf[0] = (char)wc;
result = curlx_dyn_addn(to, buf, charsize);
}
}
CURLcode result = CURLE_OK;
/* Process the first two numbers. */
- y = *(const unsigned char *) beg++;
+ y = *(const unsigned char *)beg++;
x = y / 40;
y -= x * 40;
do {
if(x & 0xFF000000)
return CURLE_OK;
- y = *(const unsigned char *) beg++;
+ y = *(const unsigned char *)beg++;
x = (x << 7) | (y & 0x7F);
} while(y & 0x80);
result = curlx_dyn_addf(store, ".%u", x);
}
/* return 0 on success, 1 on error */
-static int do_pubkey(struct Curl_easy *data, int certnum,
- const char *algo, struct Curl_asn1Element *param,
+static int do_pubkey(struct Curl_easy *data, int certnum, const char *algo,
+ struct Curl_asn1Element *param,
struct Curl_asn1Element *pubkey)
{
struct Curl_asn1Element elem;
len = ((elem.end - q) * 8);
if(len) {
unsigned int i;
- for(i = *(const unsigned char *) q; !(i & 0x80); i <<= 1)
+ for(i = *(const unsigned char *)q; !(i & 0x80); i <<= 1)
len--;
}
if(len > 32)
* Convert an ASN.1 distinguished name into a printable string.
* Return error.
*/
-static CURLcode DNtostr(struct dynbuf *store,
- struct Curl_asn1Element *dn)
+static CURLcode DNtostr(struct dynbuf *store, struct Curl_asn1Element *dn)
{
return encodeDN(store, dn);
}
/* Version (always fits in less than 32 bits). */
version = 0;
for(ptr = cert.version.beg; ptr < cert.version.end; ptr++)
- version = (version << 8) | *(const unsigned char *) ptr;
+ version = (version << 8) | *(const unsigned char *)ptr;
if(data->set.ssl.certinfo) {
result = curlx_dyn_addf(&out, "%x", version);
if(result)
if(result)
goto done;
if(data->set.ssl.certinfo) {
- result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm",
- &out);
+ result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm", &out);
if(result)
goto done;
}
projects / thirdparty / curl.git / commitdiff
