diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-02-26 09:21:12 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-02-27 07:41:46 +0100 |
commit | 43e1c72fefc43af68d0a591077f678f6bac0f800 (patch) | |
tree | a73038116599b125f1f0bf0fb9f6609a1df422b8 | |
parent | 15ef24985c8f7a576ffa342226be109e53064d74 (diff) | |
download | curl-bagder/secure-transport.tar.gz |
Secure Transport: no more "darwinssl"bagder/secure-transport
Everyone calls it Secure Transport, now we do too.
Reviewed-by: Nick Zitzmann
Closes #3619
-rwxr-xr-x | configure.ac | 41 | ||||
-rw-r--r-- | docs/libcurl/symbols-in-versions | 3 | ||||
-rw-r--r-- | include/curl/curl.h | 7 | ||||
-rw-r--r-- | lib/Makefile.inc | 6 | ||||
-rw-r--r-- | lib/curl_ntlm_core.c | 12 | ||||
-rw-r--r-- | lib/curl_setup.h | 4 | ||||
-rw-r--r-- | lib/vtls/sectransp.c (renamed from lib/vtls/darwinssl.c) | 154 | ||||
-rw-r--r-- | lib/vtls/sectransp.h (renamed from lib/vtls/darwinssl.h) | 14 | ||||
-rw-r--r-- | lib/vtls/vtls.c | 14 | ||||
-rw-r--r-- | lib/vtls/vtls.h | 4 |
10 files changed, 134 insertions, 125 deletions
diff --git a/configure.ac b/configure.ac index f6ee0a7c6..7b641fd54 100755 --- a/configure.ac +++ b/configure.ac @@ -155,7 +155,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,winssl,darwinssl,mesalink} )" + curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,schannel,securetransport,mesalink} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_brotli_msg="no (--with-brotli)" @@ -1509,22 +1509,27 @@ else AC_MSG_RESULT(no) fi -OPT_DARWINSSL=no +OPT_SECURETRANSPORT=no AC_ARG_WITH(darwinssl,dnl AC_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS]) AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]), - OPT_DARWINSSL=$withval) + OPT_SECURETRANSPORT=$withval) -AC_MSG_CHECKING([whether to enable Apple OS native SSL/TLS]) -if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then - if test "x$OPT_DARWINSSL" != "xno" && +AC_ARG_WITH(securetransport,dnl +AC_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]) +AC_HELP_STRING([--without-secure-transport], [disable Apple OS native SSL/TLS]), + OPT_SECURETRANSPORT=$withval) + +AC_MSG_CHECKING([whether to enable Secure Transport]) +if test -z "$ssl_backends" -o "x$OPT_SECURETRANSPORT" != xno; then + if test "x$OPT_SECURETRANSPORT" != "xno" && test -d "/System/Library/Frameworks/Security.framework"; then AC_MSG_RESULT(yes) - AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support]) - AC_SUBST(USE_DARWINSSL, [1]) - ssl_msg="Apple OS-native" - test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - DARWINSSL_ENABLED=1 + AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport]) + AC_SUBST(USE_SECTRANSP, [1]) + ssl_msg="Secure Transport" + test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + SECURETRANSPORT_ENABLED=1 LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" else AC_MSG_RESULT(no) @@ -2633,10 +2638,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED$MESALINK_ENABLED" in +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED" in x) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-winssl, --with-darwinssl, or --with-mesalink to address this.]) + AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, or --with-mesalink to address this.]) ;; x1) # one SSL backend is enabled @@ -3065,9 +3070,9 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar elif test "x$CYASSL_ENABLED" = "x1"; then versioned_symbols_flavour="CYASSL_" elif test "x$WINSSL_ENABLED" = "x1"; then - versioned_symbols_flavour="WINSSL_" - elif test "x$DARWINSSL_ENABLED" = "x1"; then - versioned_symbols_flavour="DARWINSSL_" + versioned_symbols_flavour="SCHANNEL_" + elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then + versioned_symbols_flavour="SECURE_TRANSPORT_" else versioned_symbols_flavour="" fi @@ -4118,7 +4123,7 @@ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ - -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1"; then + -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" if test "x$CURL_DISABLE_HTTP" != "x1" -a \ @@ -4200,7 +4205,7 @@ if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ - -o "x$NSS_ENABLED" = "x1" -o "x$DARWINSSL_ENABLED" = "x1" \); then + -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index f25009c2c..934ece20c 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -707,7 +707,7 @@ CURLSSH_AUTH_PUBLICKEY 7.16.1 CURLSSLBACKEND_AXTLS 7.38.0 7.61.0 CURLSSLBACKEND_BORINGSSL 7.49.0 CURLSSLBACKEND_CYASSL 7.34.0 -CURLSSLBACKEND_DARWINSSL 7.34.0 +CURLSSLBACKEND_DARWINSSL 7.34.0 7.64.1 CURLSSLBACKEND_GNUTLS 7.34.0 CURLSSLBACKEND_GSKIT 7.34.0 CURLSSLBACKEND_LIBRESSL 7.49.0 @@ -719,6 +719,7 @@ CURLSSLBACKEND_OPENSSL 7.34.0 CURLSSLBACKEND_POLARSSL 7.34.0 CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1 CURLSSLBACKEND_SCHANNEL 7.34.0 +CURLSSLBACKEND_SECURETRANSPORT 7.64.1 CURLSSLBACKEND_WOLFSSL 7.49.0 CURLSSLOPT_ALLOW_BEAST 7.25.0 CURLSSLOPT_NO_REVOKE 7.44.0 diff --git a/include/curl/curl.h b/include/curl/curl.h index 88e1f39e8..46fcd5684 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -144,7 +144,7 @@ typedef enum { CURLSSLBACKEND_POLARSSL = 6, CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_SCHANNEL = 8, - CURLSSLBACKEND_DARWINSSL = 9, + CURLSSLBACKEND_SECURETRANSPORT = 9, CURLSSLBACKEND_AXTLS = 10, /* never used since 7.63.0 */ CURLSSLBACKEND_MBEDTLS = 11, CURLSSLBACKEND_MESALINK = 12 @@ -153,7 +153,10 @@ typedef enum { /* aliases for library clones and renames */ #define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL #define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL + +/* deprecated names: */ #define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL +#define CURLSSLBACKEND_DARWINSSL CURLSSLBACKEND_SECURETRANSPORT struct curl_httppost { struct curl_httppost *next; /* next entry in the list */ diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 54acd6cea..ce8b36eee 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -30,11 +30,11 @@ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ vtls/polarssl.c vtls/polarssl_threadlock.c \ vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c \ - vtls/darwinssl.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c + vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \ - vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \ + vtls/cyassl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \ vtls/mbedtls.h vtls/mesalink.h LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index ac4db15f1..e7060eb29 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -38,7 +38,7 @@ 3. USE_GNUTLS 4. USE_NSS 5. USE_MBEDTLS - 6. USE_DARWINSSL + 6. USE_SECTRANSP 7. USE_OS400CRYPTO 8. USE_WIN32_CRYPTO @@ -101,7 +101,7 @@ # include "curl_md4.h" # endif -#elif defined(USE_DARWINSSL) +#elif defined(USE_SECTRANSP) # include <CommonCrypto/CommonCryptor.h> # include <CommonCrypto/CommonDigest.h> @@ -290,7 +290,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, return mbedtls_des_crypt_ecb(&ctx, in, out) == 0; } -#elif defined(USE_DARWINSSL) +#elif defined(USE_SECTRANSP) static bool encrypt_des(const unsigned char *in, unsigned char *out, const unsigned char *key_56) @@ -437,7 +437,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, setup_des_key(keys + 14, &des); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ +#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results + 8, keys + 7); @@ -501,7 +501,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, setup_des_key(pw + 7, &des); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_close(des); -#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \ +#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer + 8, pw + 7); @@ -591,7 +591,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, #else Curl_md4it(ntbuffer, pw, 2 * len); #endif -#elif defined(USE_DARWINSSL) +#elif defined(USE_SECTRANSP) (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer); #elif defined(USE_OS400CRYPTO) Curl_md4it(ntbuffer, pw, 2 * len); diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 85fe479f0..742665440 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -648,7 +648,7 @@ int netware_init(void); #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ defined(USE_POLARSSL) || defined(USE_MBEDTLS) || \ defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ - defined(USE_DARWINSSL) || defined(USE_GSKIT) || defined(USE_MESALINK) + defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) #define USE_SSL /* SSL support has been enabled */ #endif @@ -667,7 +667,7 @@ int netware_init(void); /* Single point where USE_NTLM definition might be defined */ #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH) #if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \ - defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \ + defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \ defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \ defined(USE_MBEDTLS) diff --git a/lib/vtls/darwinssl.c b/lib/vtls/sectransp.c index bb251cdb3..949bd236b 100644 --- a/lib/vtls/darwinssl.c +++ b/lib/vtls/sectransp.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. - * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ #include "curl_base64.h" #include "strtok.h" -#ifdef USE_DARWINSSL +#ifdef USE_SECTRANSP #ifdef __clang__ #pragma clang diagnostic push @@ -59,7 +59,7 @@ #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050 -#error "The darwinssl back-end requires Leopard or later." +#error "The Secure Transport back-end requires Leopard or later." #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */ #define CURL_BUILD_IOS 0 @@ -105,7 +105,7 @@ #define CURL_SUPPORT_MAC_10_9 0 #else -#error "The darwinssl back-end requires iOS or OS X." +#error "The Secure Transport back-end requires iOS or macOS." #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */ #if CURL_BUILD_MAC @@ -118,7 +118,7 @@ #include "connect.h" #include "select.h" #include "vtls.h" -#include "darwinssl.h" +#include "sectransp.h" #include "curl_printf.h" #include "strdup.h" @@ -144,20 +144,20 @@ struct ssl_backend_data { /* version 1 supports macOS 10.12+ and iOS 10+ */ #if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \ (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)) -#define DARWIN_SSL_PINNEDPUBKEY_V1 1 +#define SECTRANSP_PINNEDPUBKEY_V1 1 #endif /* version 2 supports MacOSX 10.7+ */ #if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) -#define DARWIN_SSL_PINNEDPUBKEY_V2 1 +#define SECTRANSP_PINNEDPUBKEY_V2 1 #endif -#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2) +#if defined(SECTRANSP_PINNEDPUBKEY_V1) || defined(SECTRANSP_PINNEDPUBKEY_V2) /* this backend supports CURLOPT_PINNEDPUBLICKEY */ -#define DARWIN_SSL_PINNEDPUBKEY 1 -#endif /* DARWIN_SSL_PINNEDPUBKEY */ +#define SECTRANSP_PINNEDPUBKEY 1 +#endif /* SECTRANSP_PINNEDPUBKEY */ -#ifdef DARWIN_SSL_PINNEDPUBKEY +#ifdef SECTRANSP_PINNEDPUBKEY /* both new and old APIs return rsa keys missing the spki header (not DER) */ static const unsigned char rsa4096SpkiHeader[] = { 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, @@ -170,7 +170,7 @@ static const unsigned char rsa2048SpkiHeader[] = { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00}; -#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 +#ifdef SECTRANSP_PINNEDPUBKEY_V1 /* the *new* version doesn't return DER encoded ecdsa certs like the old... */ static const unsigned char ecDsaSecp256r1SpkiHeader[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, @@ -184,8 +184,8 @@ static const unsigned char ecDsaSecp384r1SpkiHeader[] = { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00}; -#endif /* DARWIN_SSL_PINNEDPUBKEY_V1 */ -#endif /* DARWIN_SSL_PINNEDPUBKEY */ +#endif /* SECTRANSP_PINNEDPUBKEY_V1 */ +#endif /* SECTRANSP_PINNEDPUBKEY */ /* The following two functions were ripped from Apple sample code, * with some modifications: */ @@ -1242,7 +1242,7 @@ CF_INLINE bool is_file(const char *filename) } #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS -static CURLcode darwinssl_version_from_curl(SSLProtocol *darwinver, +static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver, long ssl_version) { switch(ssl_version) { @@ -1312,13 +1312,13 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex) if(SSLSetProtocolVersionMax != NULL) { SSLProtocol darwin_ver_min = kTLSProtocol1; SSLProtocol darwin_ver_max = kTLSProtocol1; - CURLcode result = darwinssl_version_from_curl(&darwin_ver_min, + CURLcode result = sectransp_version_from_curl(&darwin_ver_min, ssl_version); if(result) { failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); return result; } - result = darwinssl_version_from_curl(&darwin_ver_max, + result = sectransp_version_from_curl(&darwin_ver_max, ssl_version_max >> 16); if(result) { failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); @@ -1361,12 +1361,12 @@ set_ssl_version_min_max(struct connectdata *conn, int sockindex) #endif /* CURL_SUPPORT_MAC_10_8 */ } #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - failf(data, "DarwinSSL: cannot set SSL protocol"); + failf(data, "Secure Transport: cannot set SSL protocol"); return CURLE_SSL_CONNECT_ERROR; } -static CURLcode darwinssl_connect_step1(struct connectdata *conn, +static CURLcode sectransp_connect_step1(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; @@ -2234,7 +2234,7 @@ static int verify_cert(const char *cafile, struct Curl_easy *data, } } -#ifdef DARWIN_SSL_PINNEDPUBKEY +#ifdef SECTRANSP_PINNEDPUBKEY static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, SSLContextRef ctx, const char *pinnedpubkey) @@ -2266,14 +2266,14 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, if(keyRef == NULL) break; -#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 +#ifdef SECTRANSP_PINNEDPUBKEY_V1 publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL); CFRelease(keyRef); if(publicKeyBits == NULL) break; -#elif DARWIN_SSL_PINNEDPUBKEY_V2 +#elif SECTRANSP_PINNEDPUBKEY_V2 OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL, &publicKeyBits); @@ -2281,7 +2281,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, if(success != errSecSuccess || publicKeyBits == NULL) break; -#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */ +#endif /* SECTRANSP_PINNEDPUBKEY_V2 */ pubkeylen = CFDataGetLength(publicKeyBits); pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits); @@ -2295,7 +2295,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, /* 2048 bit RSA pubkeylen == 270 */ spkiHeader = rsa2048SpkiHeader; break; -#ifdef DARWIN_SSL_PINNEDPUBKEY_V1 +#ifdef SECTRANSP_PINNEDPUBKEY_V1 case 65: /* ecDSA secp256r1 pubkeylen == 65 */ spkiHeader = ecDsaSecp256r1SpkiHeader; @@ -2308,7 +2308,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, break; default: infof(data, "SSL: unhandled public key length: %d\n", pubkeylen); -#elif DARWIN_SSL_PINNEDPUBKEY_V2 +#elif SECTRANSP_PINNEDPUBKEY_V2 default: /* ecDSA secp256r1 pubkeylen == 91 header already included? * ecDSA secp384r1 header already included too @@ -2316,7 +2316,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, */ result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey, pubkeylen); -#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */ +#endif /* SECTRANSP_PINNEDPUBKEY_V2 */ continue; /* break from loop */ } @@ -2339,10 +2339,10 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, return result; } -#endif /* DARWIN_SSL_PINNEDPUBKEY */ +#endif /* SECTRANSP_PINNEDPUBKEY */ static CURLcode -darwinssl_connect_step2(struct connectdata *conn, int sockindex) +sectransp_connect_step2(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -2376,7 +2376,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) return res; } /* the documentation says we need to call SSLHandshake() again */ - return darwinssl_connect_step2(conn, sockindex); + return sectransp_connect_step2(conn, sockindex); /* Problem with encrypt / decrypt */ case errSSLPeerDecodeError: @@ -2578,7 +2578,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) /* we have been connected fine, we're not waiting for anything else. */ connssl->connecting_state = ssl_connect_3; -#ifdef DARWIN_SSL_PINNEDPUBKEY +#ifdef SECTRANSP_PINNEDPUBKEY if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) { CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx, data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]); @@ -2587,7 +2587,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) return result; } } -#endif /* DARWIN_SSL_PINNEDPUBKEY */ +#endif /* SECTRANSP_PINNEDPUBKEY */ /* Informational message */ (void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher); @@ -2771,7 +2771,7 @@ show_verbose_server_cert(struct connectdata *conn, #endif /* !CURL_DISABLE_VERBOSE_STRINGS */ static CURLcode -darwinssl_connect_step3(struct connectdata *conn, +sectransp_connect_step3(struct connectdata *conn, int sockindex) { struct Curl_easy *data = conn->data; @@ -2789,11 +2789,11 @@ darwinssl_connect_step3(struct connectdata *conn, return CURLE_OK; } -static Curl_recv darwinssl_recv; -static Curl_send darwinssl_send; +static Curl_recv sectransp_recv; +static Curl_send sectransp_send; static CURLcode -darwinssl_connect_common(struct connectdata *conn, +sectransp_connect_common(struct connectdata *conn, int sockindex, bool nonblocking, bool *done) @@ -2821,7 +2821,7 @@ darwinssl_connect_common(struct connectdata *conn, return CURLE_OPERATION_TIMEDOUT; } - result = darwinssl_connect_step1(conn, sockindex); + result = sectransp_connect_step1(conn, sockindex); if(result) return result; } @@ -2875,7 +2875,7 @@ darwinssl_connect_common(struct connectdata *conn, * before step2 has completed while ensuring that a client using select() * or epoll() will always have a valid fdset to wait on. */ - result = darwinssl_connect_step2(conn, sockindex); + result = sectransp_connect_step2(conn, sockindex); if(result || (nonblocking && (ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || @@ -2886,15 +2886,15 @@ darwinssl_connect_common(struct connectdata *conn, if(ssl_connect_3 == connssl->connecting_state) { - result = darwinssl_connect_step3(conn, sockindex); + result = sectransp_connect_step3(conn, sockindex); if(result) return result; } if(ssl_connect_done == connssl->connecting_state) { connssl->state = ssl_connection_complete; - conn->recv[sockindex] = darwinssl_recv; - conn->send[sockindex] = darwinssl_send; + conn->recv[sockindex] = sectransp_recv; + conn->send[sockindex] = sectransp_send; *done = TRUE; } else @@ -2906,18 +2906,18 @@ darwinssl_connect_common(struct connectdata *conn, return CURLE_OK; } -static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn, +static CURLcode Curl_sectransp_connect_nonblocking(struct connectdata *conn, int sockindex, bool *done) { - return darwinssl_connect_common(conn, sockindex, TRUE, done); + return sectransp_connect_common(conn, sockindex, TRUE, done); } -static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex) +static CURLcode Curl_sectransp_connect(struct connectdata *conn, int sockindex) { CURLcode result; bool done = FALSE; - result = darwinssl_connect_common(conn, sockindex, FALSE, &done); + result = sectransp_connect_common(conn, sockindex, FALSE, &done); if(result) return result; @@ -2927,7 +2927,7 @@ static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex) return CURLE_OK; } -static void Curl_darwinssl_close(struct connectdata *conn, int sockindex) +static void Curl_sectransp_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; @@ -2948,7 +2948,7 @@ static void Curl_darwinssl_close(struct connectdata *conn, int sockindex) BACKEND->ssl_sockfd = 0; } -static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) +static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct Curl_easy *data = conn->data; @@ -2963,7 +2963,7 @@ static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) return 0; - Curl_darwinssl_close(conn, sockindex); + Curl_sectransp_close(conn, sockindex); rc = 0; @@ -3001,18 +3001,18 @@ static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) return rc; } -static void Curl_darwinssl_session_free(void *ptr) +static void Curl_sectransp_session_free(void *ptr) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private function that does this, but I don't want to have to explain to you why I got your application rejected from the App Store due to the use of a private API, so the best we can do is free up our own char array that we - created way back in darwinssl_connect_step1... */ + created way back in sectransp_connect_step1... */ Curl_safefree(ptr); } -static size_t Curl_darwinssl_version(char *buffer, size_t size) +static size_t Curl_sectransp_version(char *buffer, size_t size) { return msnprintf(buffer, size, "SecureTransport"); } @@ -3025,7 +3025,7 @@ static size_t Curl_darwinssl_version(char *buffer, size_t size) * 0 means the connection has been closed * -1 means the connection status is unknown */ -static int Curl_darwinssl_check_cxn(struct connectdata *conn) +static int Curl_sectransp_check_cxn(struct connectdata *conn) { struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; OSStatus err; @@ -3040,7 +3040,7 @@ static int Curl_darwinssl_check_cxn(struct connectdata *conn) return 0; } -static bool Curl_darwinssl_data_pending(const struct connectdata *conn, +static bool Curl_sectransp_data_pending(const struct connectdata *conn, int connindex) { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; @@ -3057,7 +3057,7 @@ static bool Curl_darwinssl_data_pending(const struct connectdata *conn, return false; } -static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, +static CURLcode Curl_sectransp_random(struct Curl_easy *data UNUSED_PARAM, unsigned char *entropy, size_t length) { /* arc4random_buf() isn't available on cats older than Lion, so let's @@ -3077,7 +3077,7 @@ static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM, return CURLE_OK; } -static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ +static CURLcode Curl_sectransp_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ size_t md5len) @@ -3087,7 +3087,7 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ return CURLE_OK; } -static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ +static CURLcode Curl_sectransp_sha256sum(const unsigned char *tmp, /* input */ size_t tmplen, unsigned char *sha256sum, /* output */ size_t sha256len) @@ -3097,7 +3097,7 @@ static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */ return CURLE_OK; } -static bool Curl_darwinssl_false_start(void) +static bool Curl_sectransp_false_start(void) { #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 if(SSLSetSessionOption != NULL) @@ -3106,7 +3106,7 @@ static bool Curl_darwinssl_false_start(void) return FALSE; } -static ssize_t darwinssl_send(struct connectdata *conn, +static ssize_t sectransp_send(struct connectdata *conn, int sockindex, const void *mem, size_t len, @@ -3172,7 +3172,7 @@ static ssize_t darwinssl_send(struct connectdata *conn, return (ssize_t)processed; } -static ssize_t darwinssl_recv(struct connectdata *conn, +static ssize_t sectransp_recv(struct connectdata *conn, int num, char *buf, size_t buffersize, @@ -3212,48 +3212,48 @@ static ssize_t darwinssl_recv(struct connectdata *conn, return (ssize_t)processed; } -static void *Curl_darwinssl_get_internals(struct ssl_connect_data *connssl, +static void *Curl_sectransp_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { (void)info; return BACKEND->ssl_ctx; } -const struct Curl_ssl Curl_ssl_darwinssl = { - { CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */ +const struct Curl_ssl Curl_ssl_sectransp = { + { CURLSSLBACKEND_SECURETRANSPORT, "secure-transport" }, /* info */ -#ifdef DARWIN_SSL_PINNEDPUBKEY +#ifdef SECTRANSP_PINNEDPUBKEY SSLSUPP_PINNEDPUBKEY, #else 0, -#endif /* DARWIN_SSL_PINNEDPUBKEY */ +#endif /* SECTRANSP_PINNEDPUBKEY */ sizeof(struct ssl_backend_data), Curl_none_init, /* init */ Curl_none_cleanup, /* cleanup */ - Curl_darwinssl_version, /* version */ - Curl_darwinssl_check_cxn, /* check_cxn */ - Curl_darwinssl_shutdown, /* shutdown */ - Curl_darwinssl_data_pending, /* data_pending */ - Curl_darwinssl_random, /* random */ + Curl_sectransp_version, /* version */ + Curl_sectransp_check_cxn, /* check_cxn */ + Curl_sectransp_shutdown, /* shutdown */ + Curl_sectransp_data_pending, /* data_pending */ + Curl_sectransp_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ - Curl_darwinssl_connect, /* connect */ - Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */ - Curl_darwinssl_get_internals, /* get_internals */ - Curl_darwinssl_close, /* close_one */ + Curl_sectransp_connect, /* connect */ + Curl_sectransp_connect_nonblocking, /* connect_nonblocking */ + Curl_sectransp_get_internals, /* get_internals */ + Curl_sectransp_close, /* close_one */ Curl_none_close_all, /* close_all */ - Curl_darwinssl_session_free, /* session_free */ + Curl_sectransp_session_free, /* session_free */ Curl_none_set_engine, /* set_engine */ Curl_none_set_engine_default, /* set_engine_default */ Curl_none_engines_list, /* engines_list */ - Curl_darwinssl_false_start, /* false_start */ - Curl_darwinssl_md5sum, /* md5sum */ - Curl_darwinssl_sha256sum /* sha256sum */ + Curl_sectransp_false_start, /* false_start */ + Curl_sectransp_md5sum, /* md5sum */ + Curl_sectransp_sha256sum /* sha256sum */ }; #ifdef __clang__ #pragma clang diagnostic pop #endif -#endif /* USE_DARWINSSL */ +#endif /* USE_SECTRANSP */ diff --git a/lib/vtls/darwinssl.h b/lib/vtls/sectransp.h index 23c7f705c..5cec797b3 100644 --- a/lib/vtls/darwinssl.h +++ b/lib/vtls/sectransp.h @@ -1,5 +1,5 @@ -#ifndef HEADER_CURL_DARWINSSL_H -#define HEADER_CURL_DARWINSSL_H +#ifndef HEADER_CURL_SECTRANSP_H +#define HEADER_CURL_SECTRANSP_H /*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>. - * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,9 +24,9 @@ ***************************************************************************/ #include "curl_setup.h" -#ifdef USE_DARWINSSL +#ifdef USE_SECTRANSP -extern const struct Curl_ssl Curl_ssl_darwinssl; +extern const struct Curl_ssl Curl_ssl_sectransp; -#endif /* USE_DARWINSSL */ -#endif /* HEADER_CURL_DARWINSSL_H */ +#endif /* USE_SECTRANSP */ +#endif /* HEADER_CURL_SECTRANSP_H */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 5e75f92e9..3d4a0229b 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -513,7 +513,7 @@ void Curl_ssl_close_all(struct Curl_easy *data) } #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ - defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS) || \ + defined(USE_SECTRANSP) || defined(USE_POLARSSL) || defined(USE_NSS) || \ defined(USE_MBEDTLS) || defined(USE_CYASSL) int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, int numsocks) @@ -546,7 +546,7 @@ int Curl_ssl_getsock(struct connectdata *conn, (void)numsocks; return GETSOCK_BLANK; } -/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ +/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_SECTRANSP || USE_NSS */ #endif void Curl_ssl_close(struct connectdata *conn, int sockindex) @@ -1172,8 +1172,8 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_multi; #elif defined(USE_CYASSL) &Curl_ssl_cyassl; -#elif defined(USE_DARWINSSL) - &Curl_ssl_darwinssl; +#elif defined(USE_SECTRANSP) + &Curl_ssl_sectransp; #elif defined(USE_GNUTLS) &Curl_ssl_gnutls; #elif defined(USE_GSKIT) @@ -1198,8 +1198,8 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_CYASSL) &Curl_ssl_cyassl, #endif -#if defined(USE_DARWINSSL) - &Curl_ssl_darwinssl, +#if defined(USE_SECTRANSP) + &Curl_ssl_sectransp, #endif #if defined(USE_GNUTLS) &Curl_ssl_gnutls, diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 1f163631f..f1decbad6 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -105,7 +105,7 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, #include "polarssl.h" /* PolarSSL versions */ #include "cyassl.h" /* CyaSSL versions */ #include "schannel.h" /* Schannel SSPI version */ -#include "darwinssl.h" /* SecureTransport (Darwin) version */ +#include "sectransp.h" /* SecureTransport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ #include "mesalink.h" /* MesaLink versions */ |