Skip to content
  1. Sep 01, 2017
    • Max Dymond's avatar
      ossfuzz: additional seed corpora · 1cf323ec
      Max Dymond authored
      Create simple seed corpora for:
      - FTP
      - telnet
      - dict
      - tftp
      - imap
      - pop3
      
      based off the tests of the same number.
      
      Closes #1842
      1cf323ec
    • Max Dymond's avatar
      ossfuzz: moving towards the ideal integration · efeb4a31
      Max Dymond authored
      - Start with the basic code from the ossfuzz project.
      - Rewrite fuzz corpora to be binary files full of Type-Length-Value
        data, and write a glue layer in the fuzzing function to convert
        corpora into CURL options.
      - Have supporting functions to generate corpora from existing tests
      - Integrate with Makefile.am
      efeb4a31
  2. Aug 31, 2017
  3. Aug 30, 2017
  4. Aug 29, 2017
  5. Aug 28, 2017
    • Dan Fandrich's avatar
      asyn-thread: Fixed cleanup after OOM · df29455d
      Dan Fandrich authored
      destroy_async_data() assumes that if the flag "done" is not set yet, the
      thread itself will clean up once the request is complete.  But if an
      error (generally OOM) occurs before the thread even has a chance to
      start, it will never get a chance to clean up and memory will be leaked.
      By clearing "done" only just before starting the thread, the correct
      cleanup sequence will happen in all cases.
      df29455d
    • Daniel Stenberg's avatar
      edcb1ef6
    • Dan Fandrich's avatar
      unit1606: Fixed shadowed variable warning · 82604c50
      Dan Fandrich authored
      82604c50
    • Dan Fandrich's avatar
      d5d73672
    • Dan Fandrich's avatar
      asyn-thread: Set errno to the proper value ENOMEM in OOM situation · 11a8778e
      Dan Fandrich authored
      This used to be set in some configurations to EAI_MEMORY which is not a
      valid value for errno and caused Curl_strerror to fail an assertion.
      11a8778e
    • Johannes Schindelin's avatar
      configure: Handle "MultiSSL" specially When versioning symbols · a330bab3
      Johannes Schindelin authored
      
      
      There is a mode in which libcurl is compiled with versioned symbols,
      depending on the active SSL backend.
      
      When multiple SSL backends are active, it does not make sense to favor
      one over the others, so let's not: introduce a new prefix for the case
      where multiple SSL backends are compiled into cURL.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      a330bab3
    • Johannes Schindelin's avatar
      configure: allow setting the default SSL backend · c7170e20
      Johannes Schindelin authored
      
      
      Previously, we used as default SSL backend whatever was first in the
      `available_backends` array.
      
      However, some users may want to override that default without patching
      the source code.
      
      Now they can: with the --with-default-ssl-backend=<backend> option of
      the ./configure script.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      c7170e20
    • Johannes Schindelin's avatar
      vtls: use Curl_ssl_multi pseudo backend only when needed · 3063254e
      Johannes Schindelin authored
      
      
      When only one SSL backend is configured, it is totally unnecessary to
      let multissl_init() configure the backend at runtime, we can select the
      correct backend at build time already.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      3063254e
    • Johannes Schindelin's avatar
      version: if built with more than one SSL backend, report all of them · 81d318fa
      Johannes Schindelin authored
      
      
      To discern the active one from the inactive ones, put the latter into
      parentheses.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      81d318fa
    • Johannes Schindelin's avatar
      version: add the CURL_VERSION_MULTI_SSL feature flag · 9d96a5f0
      Johannes Schindelin authored
      
      
      This new feature flag reports When cURL was built with multiple SSL
      backends.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      9d96a5f0
    • Johannes Schindelin's avatar
      metalink: allow compiling with multiple SSL backends · b180a273
      Johannes Schindelin authored
      
      
      Previously, the code assumed that at most one of the SSL backends would
      be compiled in, emulating OpenSSL's functions if the configured backend
      was not OpenSSL itself.
      
      However, now we allow building with multiple SSL backends and choosing
      one at runtime. Therefore, metalink needs to be adjusted to handle this
      scenario, too.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      b180a273
    • Johannes Schindelin's avatar
      docs/examples: demonstrate how to select SSL backends · a34e141c
      Johannes Schindelin authored
      
      
      The newly-introduced curl_global_sslset() function deserves to be
      show-cased.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      a34e141c
    • Johannes Schindelin's avatar
    • Johannes Schindelin's avatar
      vtls: introduce curl_global_sslset() · 1328f69d
      Johannes Schindelin authored
      
      
      Let's add a compile time safe API to select an SSL backend. This
      function needs to be called *before* curl_global_init(), and can be
      called only once.
      
      Side note: we do not explicitly test that it is called before
      curl_global_init(), but we do verify that it is not called multiple times
      (even implicitly).
      
      If SSL is used before the function was called, it will use whatever the
      CURL_SSL_BACKEND environment variable says (or default to the first
      available SSL backend), and if a subsequent call to
      curl_global_sslset() disagrees with the previous choice, it will fail
      with CURLSSLSET_TOO_LATE.
      
      The function also accepts an "avail" parameter to point to a (read-only)
      NULL-terminated list of available backends. This comes in real handy if
      an application wants to let the user choose between whatever SSL backends
      the currently available libcurl has to offer: simply call
      
      	curl_global_sslset(-1, NULL, &avail);
      
      which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail
      variable to point to the relevant information to present to the user.
      
      Just like with the HTTP/2 push functions, we have to add the function
      declaration of curl_global_sslset() function to the header file
      *multi.h* because VMS and OS/400 require a stable order of functions
      declared in include/curl/*.h (where the header files are sorted
      alphabetically). This looks a bit funny, but it cannot be helped.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      1328f69d
    • Johannes Schindelin's avatar
      vtls: refactor out essential information about the SSL backends · b59288f8
      Johannes Schindelin authored
      
      
      There is information about the compiled-in SSL backends that is really
      no concern of any code other than the SSL backend itself, such as which
      function (if any) implements SHA-256 summing.
      
      And there is information that is really interesting to the user, such as
      the name, or the curl_sslbackend value.
      
      Let's factor out the latter into a publicly visible struct. This
      information will be used in the upcoming API to set the SSL backend
      globally.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      b59288f8
    • Johannes Schindelin's avatar
      vtls: allow selecting which SSL backend to use at runtime · b0989cd3
      Johannes Schindelin authored
      
      
      When building software for the masses, it is sometimes not possible to
      decide for all users which SSL backend is appropriate.
      
      Git for Windows, for example,  uses cURL to perform clones, fetches and
      pushes via HTTPS, and some users strongly prefer OpenSSL, while other
      users really need to use Secure Channel because it offers
      enterprise-ready tools to manage credentials via Windows' Credential
      Store.
      
      The current Git for Windows versions use the ugly work-around of
      building libcurl once with OpenSSL support and once with Secure Channel
      support, and switching out the binaries in the installer depending on
      the user's choice.
      
      Needless to say, this is a super ugly workaround that actually only
      works in some cases: Git for Windows also comes in a portable form, and
      in a form intended for third-party applications requiring Git
      functionality, in which cases this "swap out libcurl-4.dll" simply is
      not an option.
      
      Therefore, the Git for Windows project has a vested interest in teaching
      cURL to make the SSL backend a *runtime* option.
      
      This patch makes that possible.
      
      By running ./configure with multiple --with-<backend> options, cURL will
      be built with multiple backends.
      
      For the moment, the backend can be configured using the environment
      variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and
      "schannel").
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      b0989cd3
    • Johannes Schindelin's avatar
    • Johannes Schindelin's avatar
    • Johannes Schindelin's avatar
      vtls: encapsulate SSL backend-specific data · 70f1db32
      Johannes Schindelin authored
      
      
      So far, all of the SSL backends' private data has been declared as
      part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
      block.
      
      This can only work as long as the SSL backend is a compile-time option,
      something we want to change in the next commits.
      
      Therefore, let's encapsulate the exact data needed by each SSL backend
      into a private struct, and let's avoid bleeding any SSL backend-specific
      information into urldata.h. This is also necessary to allow multiple SSL
      backends to be compiled in at the same time, as e.g. OpenSSL's and
      CyaSSL's headers cannot be included in the same .c file.
      
      To avoid too many malloc() calls, we simply append the private structs
      to the connectdata struct in allocate_conn().
      
      This requires us to take extra care of alignment issues: struct fields
      often need to be aligned on certain boundaries e.g. 32-bit values need to
      be stored at addresses that divide evenly by 4 (= 32 bit / 8
      bit-per-byte).
      
      We do that by assuming that no SSL backend's private data contains any
      fields that need to be aligned on boundaries larger than `long long`
      (typically 64-bit) would need. Under this assumption, we simply add a
      dummy field of type `long long` to the `struct connectdata` struct. This
      field will never be accessed but acts as a placeholder for the four
      instances of ssl_backend_data instead. the size of each ssl_backend_data
      struct is stored in the SSL backend-specific metadata, to allow
      allocate_conn() to know how much extra space to allocate, and how to
      initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
      pointers.
      
      This would appear to be a little complicated at first, but is really
      necessary to encapsulate the private data of each SSL backend correctly.
      And we need to encapsulate thusly if we ever want to allow selecting
      CyaSSL and OpenSSL at runtime, as their headers cannot be included within
      the same .c file (there are just too many conflicting definitions and
      declarations for that).
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      70f1db32
    • Johannes Schindelin's avatar
      vtls: prepare the SSL backends for encapsulated private data · d65e6cc4
      Johannes Schindelin authored
      
      
      At the moment, cURL's SSL backend needs to be configured at build time.
      As such, it is totally okay for them to hard-code their backend-specific
      data in the ssl_connect_data struct.
      
      In preparation for making the SSL backend a runtime option, let's make
      the access of said private data a bit more abstract so that it can be
      adjusted later in an easy manner.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      d65e6cc4
    • Johannes Schindelin's avatar
      urldata.h: move SSPI-specific #include to correct location · 20c6cf7e
      Johannes Schindelin authored
      In 86b88948 (sasl_gssapi: Added GSS-API based Kerberos V5 variables,
      2014-12-03), an SSPI-specific field was added to the kerberos5data
      struct without moving the #include "curl_sspi.h" later in the same file.
      
      This broke the build when SSPI was enabled, unless Secure Channel was
      used as SSL backend, because it just so happens that Secure Channel also
      requires "curl_sspi.h" to be #included.
      
      In f4739f63
      
       (urldata: include curl_sspi.h when Windows SSPI is enabled,
      2017-02-21), this bug was fixed incorrectly: Instead of moving the
      appropriate conditional #include, the Secure Channel-conditional part
      was now also SSPI-conditional.
      
      Fix this problem by moving the correct #include instead.
      
      This is also required for an upcoming patch that moves all the Secure
      Channel-specific stuff out of urldata.h and encapsulates it properly in
      vtls/schannel.c instead.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      20c6cf7e
    • Johannes Schindelin's avatar
      urldata.h: remove support for obsolete PolarSSL version · 583cb03f
      Johannes Schindelin authored
      Since 5017d5ad
      
       (polarssl: now require 1.3.0+, 2014-03-17), we require
      a newer PolarSSL version. No need to keep code trying to support any
      older version.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      583cb03f
    • Johannes Schindelin's avatar
      getinfo: access SSL internals via Curl_ssl · 69039fd1
      Johannes Schindelin authored
      
      
      In the ongoing endeavor to abstract out all SSL backend-specific
      functionality, this is the next step: Instead of hard-coding how the
      different SSL backends access their internal data in getinfo.c, let's
      implement backend-specific functions to do that task.
      
      This will also allow for switching SSL backends as a runtime option.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      69039fd1