VirtualBox

source: vbox/trunk/src/libs/curl-8.4.0/lib/vtls/schannel_int.h@ 103446

Last change on this file since 103446 was 101409, checked in by vboxsync, 17 months ago

curl-8.4.0: Applied and adjusted our curl changes to 8.3.0. bugref:10533
File size: 4.8 KB
Line 
1#ifndef HEADER_CURL_SCHANNEL_INT_H
2#define HEADER_CURL_SCHANNEL_INT_H
3/***************************************************************************
4 * _ _ ____ _
5 * Project ___| | | | _ \| |
6 * / __| | | | |_) | |
7 * | (__| |_| | _ <| |___
8 * \___|\___/|_| \_\_____|
9 *
10 * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>, et al.
11 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
12 *
13 * This software is licensed as described in the file COPYING, which
14 * you should have received as part of this distribution. The terms
15 * are also available at https://curl.se/docs/copyright.html.
16 *
17 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
18 * copies of the Software, and permit persons to whom the Software is
19 * furnished to do so, under the terms of the COPYING file.
20 *
21 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
22 * KIND, either express or implied.
23 *
24 * SPDX-License-Identifier: curl
25 *
26 ***************************************************************************/
27#include "curl_setup.h"
28
29#ifdef USE_SCHANNEL
30
31#if defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)
32#define HAS_MANUAL_VERIFY_API
33#endif
34
35#if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) \
36 && !defined(DISABLE_SCHANNEL_CLIENT_CERT)
37#define HAS_CLIENT_CERT_PATH
38#endif
39
40#ifndef CRYPT_DECODE_NOCOPY_FLAG
41#define CRYPT_DECODE_NOCOPY_FLAG 0x1
42#endif
43
44#ifndef CRYPT_DECODE_ALLOC_FLAG
45#define CRYPT_DECODE_ALLOC_FLAG 0x8000
46#endif
47
48#ifndef CERT_ALT_NAME_DNS_NAME
49#define CERT_ALT_NAME_DNS_NAME 3
50#endif
51
52#ifndef CERT_ALT_NAME_IP_ADDRESS
53#define CERT_ALT_NAME_IP_ADDRESS 8
54#endif
55
56
57#ifndef SCH_CREDENTIALS_VERSION
58
59#define SCH_CREDENTIALS_VERSION 0x00000005
60
61typedef enum _eTlsAlgorithmUsage
62{
63 TlsParametersCngAlgUsageKeyExchange,
64 TlsParametersCngAlgUsageSignature,
65 TlsParametersCngAlgUsageCipher,
66 TlsParametersCngAlgUsageDigest,
67 TlsParametersCngAlgUsageCertSig
68} eTlsAlgorithmUsage;
69
70typedef struct _CRYPTO_SETTINGS
71{
72 eTlsAlgorithmUsage eAlgorithmUsage;
73 UNICODE_STRING strCngAlgId;
74 DWORD cChainingModes;
75 PUNICODE_STRING rgstrChainingModes;
76 DWORD dwMinBitLength;
77 DWORD dwMaxBitLength;
78} CRYPTO_SETTINGS, * PCRYPTO_SETTINGS;
79
80typedef struct _TLS_PARAMETERS
81{
82 DWORD cAlpnIds;
83 PUNICODE_STRING rgstrAlpnIds;
84 DWORD grbitDisabledProtocols;
85 DWORD cDisabledCrypto;
86 PCRYPTO_SETTINGS pDisabledCrypto;
87 DWORD dwFlags;
88} TLS_PARAMETERS, * PTLS_PARAMETERS;
89
90typedef struct _SCH_CREDENTIALS
91{
92 DWORD dwVersion;
93 DWORD dwCredFormat;
94 DWORD cCreds;
95 PCCERT_CONTEXT* paCred;
96 HCERTSTORE hRootStore;
97
98 DWORD cMappers;
99 struct _HMAPPER **aphMappers;
100
101 DWORD dwSessionLifespan;
102 DWORD dwFlags;
103 DWORD cTlsParameters;
104 PTLS_PARAMETERS pTlsParameters;
105} SCH_CREDENTIALS, * PSCH_CREDENTIALS;
106
107#define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16
108#define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16
109#define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16
110#define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16
111
112#endif /* SCH_CREDENTIALS_VERSION */
113
114struct Curl_schannel_cred {
115 CredHandle cred_handle;
116 TimeStamp time_stamp;
117 TCHAR *sni_hostname;
118#ifdef HAS_CLIENT_CERT_PATH
119 HCERTSTORE client_cert_store;
120#endif
121 int refcount;
122};
123
124struct Curl_schannel_ctxt {
125 CtxtHandle ctxt_handle;
126 TimeStamp time_stamp;
127};
128
129struct schannel_ssl_backend_data {
130 struct Curl_schannel_cred *cred;
131 struct Curl_schannel_ctxt *ctxt;
132 SecPkgContext_StreamSizes stream_sizes;
133 size_t encdata_length, decdata_length;
134 size_t encdata_offset, decdata_offset;
135 unsigned char *encdata_buffer, *decdata_buffer;
136 /* encdata_is_incomplete: if encdata contains only a partial record that
137 can't be decrypted without another recv() (that is, status is
138 SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds
139 more bytes into encdata then set this back to false. */
140 bool encdata_is_incomplete;
141 unsigned long req_flags, ret_flags;
142 CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
143 bool recv_sspi_close_notify; /* true if connection closed by close_notify */
144 bool recv_connection_closed; /* true if connection closed, regardless how */
145 bool recv_renegotiating; /* true if recv is doing renegotiation */
146 bool use_alpn; /* true if ALPN is used for this connection */
147#ifdef HAS_MANUAL_VERIFY_API
148 bool use_manual_cred_validation; /* true if manual cred validation is used */
149#endif
150};
151
152#endif /* USE_SCHANNEL */
153#endif /* HEADER_CURL_SCHANNEL_INT_H */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette