diff options
Diffstat (limited to 'lib/vtls/bearssl.c')
| -rw-r--r-- | lib/vtls/bearssl.c | 65 |
1 files changed, 35 insertions, 30 deletions
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c index 6eb61943a..8dd262ed0 100644 --- a/lib/vtls/bearssl.c +++ b/lib/vtls/bearssl.c @@ -294,9 +294,9 @@ static const br_x509_class x509_vtable = { x509_get_pkey }; -static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) +static CURLcode bearssl_connect_step1(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); @@ -374,12 +374,12 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) if(SSL_SET_OPTION(primary.sessionid)) { void *session; - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) { + Curl_ssl_sessionid_lock(data); + if(!Curl_ssl_getsessionid(data, conn, &session, NULL, sockindex)) { br_ssl_engine_set_session_parameters(&backend->ctx.eng, session); infof(data, "BearSSL: re-using session ID\n"); } - Curl_ssl_sessionid_unlock(conn); + Curl_ssl_sessionid_unlock(data); } if(conn->bits.tls_enable_alpn) { @@ -429,10 +429,10 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex) return CURLE_OK; } -static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex, +static CURLcode bearssl_run_until(struct Curl_easy *data, + struct connectdata *conn, int sockindex, unsigned target) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; curl_socket_t sockfd = conn->sock[sockindex]; @@ -507,14 +507,15 @@ static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex, } } -static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex) +static CURLcode bearssl_connect_step2(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; CURLcode ret; - ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP); + ret = bearssl_run_until(data, conn, sockindex, + BR_SSL_SENDAPP | BR_SSL_RECVAPP); if(ret == CURLE_AGAIN) return CURLE_OK; if(ret == CURLE_OK) { @@ -527,9 +528,9 @@ static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex) return ret; } -static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex) +static CURLcode bearssl_connect_step3(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; CURLcode ret; @@ -568,12 +569,13 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex) if(!session) return CURLE_OUT_OF_MEMORY; br_ssl_engine_get_session_parameters(&backend->ctx.eng, session); - Curl_ssl_sessionid_lock(conn); - incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex)); + Curl_ssl_sessionid_lock(data); + incache = !(Curl_ssl_getsessionid(data, conn, + &oldsession, NULL, sockindex)); if(incache) - Curl_ssl_delsessionid(conn, oldsession); - ret = Curl_ssl_addsessionid(conn, session, 0, sockindex); - Curl_ssl_sessionid_unlock(conn); + Curl_ssl_delsessionid(data, oldsession); + ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex); + Curl_ssl_sessionid_unlock(data); if(ret) { free(session); return CURLE_OUT_OF_MEMORY; @@ -595,7 +597,7 @@ static ssize_t bearssl_send(struct Curl_easy *data, int sockindex, size_t applen; for(;;) { - *err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP); + *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP); if (*err != CURLE_OK) return -1; app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen); @@ -627,7 +629,7 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex, unsigned char *app; size_t applen; - *err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP); + *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP); if(*err != CURLE_OK) return -1; app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen); @@ -641,13 +643,13 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex, return applen; } -static CURLcode bearssl_connect_common(struct connectdata *conn, +static CURLcode bearssl_connect_common(struct Curl_easy *data, + struct connectdata *conn, int sockindex, bool nonblocking, bool *done) { CURLcode ret; - struct Curl_easy *data = conn->data; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; curl_socket_t sockfd = conn->sock[sockindex]; timediff_t timeout_ms; @@ -660,7 +662,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn, } if(ssl_connect_1 == connssl->connecting_state) { - ret = bearssl_connect_step1(conn, sockindex); + ret = bearssl_connect_step1(data, conn, sockindex); if(ret) return ret; } @@ -713,7 +715,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn, * before step2 has completed while ensuring that a client using select() * or epoll() will always have a valid fdset to wait on. */ - ret = bearssl_connect_step2(conn, sockindex); + ret = bearssl_connect_step2(data, conn, sockindex); if(ret || (nonblocking && (ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || @@ -722,7 +724,7 @@ static CURLcode bearssl_connect_common(struct connectdata *conn, } if(ssl_connect_3 == connssl->connecting_state) { - ret = bearssl_connect_step3(conn, sockindex); + ret = bearssl_connect_step3(data, conn, sockindex); if(ret) return ret; } @@ -775,12 +777,13 @@ static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM, return CURLE_OK; } -static CURLcode bearssl_connect(struct connectdata *conn, int sockindex) +static CURLcode bearssl_connect(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { CURLcode ret; bool done = FALSE; - ret = bearssl_connect_common(conn, sockindex, FALSE, &done); + ret = bearssl_connect_common(data, conn, sockindex, FALSE, &done); if(ret) return ret; @@ -789,10 +792,11 @@ static CURLcode bearssl_connect(struct connectdata *conn, int sockindex) return CURLE_OK; } -static CURLcode bearssl_connect_nonblocking(struct connectdata *conn, +static CURLcode bearssl_connect_nonblocking(struct Curl_easy *data, + struct connectdata *conn, int sockindex, bool *done) { - return bearssl_connect_common(conn, sockindex, TRUE, done); + return bearssl_connect_common(data, conn, sockindex, TRUE, done); } static void *bearssl_get_internals(struct ssl_connect_data *connssl, @@ -802,7 +806,8 @@ static void *bearssl_get_internals(struct ssl_connect_data *connssl, return &backend->ctx; } -static void bearssl_close(struct connectdata *conn, int sockindex) +static void bearssl_close(struct Curl_easy *data, + struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; @@ -810,7 +815,7 @@ static void bearssl_close(struct connectdata *conn, int sockindex) if(backend->active) { br_ssl_engine_close(&backend->ctx.eng); - (void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED); + (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED); } for(i = 0; i < backend->anchors_len; ++i) free(backend->anchors[i].dn.data); |