diff --git a/DEPENDENCIES b/DEPENDENCIES index 15e8bb39..a88f2457 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,6 +1,6 @@ vendorpull https://github.com/sourcemeta/vendorpull dea311b5bfb53b6926a4140267959ae334d3ecf4 -noa https://github.com/sourcemeta/noa 517e88aef5981b88ac6bb8caff15d17dffcb4320 -jsontoolkit https://github.com/sourcemeta/jsontoolkit 9abbaee71e9e00e95632858d29c7ebe5c2a723b0 -hydra https://github.com/sourcemeta/hydra 3c53d3fdef79e9ba603d48470a508cc45472a0dc -alterschema https://github.com/sourcemeta/alterschema 358df64771979da64e043a416cf340d83a5382ca -jsonbinpack https://github.com/sourcemeta/jsonbinpack b25d54363f5a88cd23c1af41e4c6025b9c94d0d6 +noa https://github.com/sourcemeta/noa 837e1ff981f8df45d9e2977a50f5da61d8affed4 +jsontoolkit https://github.com/sourcemeta/jsontoolkit 9685d29e2e633d71319c64b1ab2fbceab865dbf3 +hydra https://github.com/sourcemeta/hydra c0d2f53dc52d8febd3092ce873847729b9f447fb +alterschema https://github.com/sourcemeta/alterschema 36dc1933bbbdbf1f2574c309e41f510f58874838 +jsonbinpack https://github.com/sourcemeta/jsonbinpack b09b7948f90a9e9c30a2c38441f44d1c4b93b45a diff --git a/vendor/alterschema/src/engine/rule.cc b/vendor/alterschema/src/engine/rule.cc index 669d3a53..3e45c659 100644 --- a/vendor/alterschema/src/engine/rule.cc +++ b/vendor/alterschema/src/engine/rule.cc @@ -48,9 +48,9 @@ auto sourcemeta::alterschema::Rule::apply( "Could not determine the schema dialect"); } - const auto vocabularies{vocabularies_to_set( - sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect) - .get())}; + const auto vocabularies{ + vocabularies_to_set(sourcemeta::jsontoolkit::vocabularies( + schema, resolver, default_dialect))}; if (!this->condition(schema, dialect.value(), vocabularies, pointer)) { return {}; } @@ -83,8 +83,8 @@ auto sourcemeta::alterschema::Rule::check( "Could not determine the schema dialect"); } - const auto vocabularies{vocabularies_to_set( - sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect) - .get())}; + const auto vocabularies{ + vocabularies_to_set(sourcemeta::jsontoolkit::vocabularies( + schema, resolver, default_dialect))}; return this->condition(schema, dialect.value(), vocabularies, pointer); } diff --git a/vendor/alterschema/vendor/noa/cmake/noa/compiler/options.cmake b/vendor/alterschema/vendor/noa/cmake/noa/compiler/options.cmake index b1fc6e53..dde90f21 100644 --- a/vendor/alterschema/vendor/noa/cmake/noa/compiler/options.cmake +++ b/vendor/alterschema/vendor/noa/cmake/noa/compiler/options.cmake @@ -42,6 +42,10 @@ function(noa_add_default_options visibility target) -Winvalid-offsetof -funroll-loops -fstrict-aliasing + -ftree-vectorize + + # To improve how much GCC/Clang will vectorize + -fno-math-errno # Assume that signed arithmetic overflow of addition, subtraction and # multiplication wraps around using twos-complement representation @@ -78,10 +82,28 @@ function(noa_add_default_options visibility target) -fslp-vectorize) elseif(NOA_COMPILER_GCC) target_compile_options("${target}" ${visibility} + -fno-trapping-math # Newer versions of GCC (i.e. 14) seem to print a lot of false-positives here -Wno-dangling-reference - + # GCC seems to print a lot of false-positives here + -Wno-free-nonheap-object # Disables runtime type information -fno-rtti) endif() endfunction() + +# For studying failed vectorization results +# - On Clang , seems to only take effect on release shared builds +# - On GCC, seems to only take effect on release shared builds +function(noa_add_vectorization_diagnostics target) + if(NOA_COMPILER_LLVM) + # See https://llvm.org/docs/Vectorizers.html#id6 + target_compile_options("${target}" PRIVATE + -Rpass-analysis=loop-vectorize + -Rpass-missed=loop-vectorize) + elseif(NOA_COMPILER_GCC) + target_compile_options("${target}" PRIVATE + -fopt-info-vec-missed + -fopt-info-loop-missed) + endif() +endfunction() diff --git a/vendor/alterschema/vendor/noa/cmake/noa/library.cmake b/vendor/alterschema/vendor/noa/cmake/noa/library.cmake index 05d57748..9868714d 100644 --- a/vendor/alterschema/vendor/noa/cmake/noa/library.cmake +++ b/vendor/alterschema/vendor/noa/cmake/noa/library.cmake @@ -1,6 +1,6 @@ function(noa_library) cmake_parse_arguments(NOA_LIBRARY "" - "NAMESPACE;PROJECT;NAME;FOLDER" "PRIVATE_HEADERS;SOURCES" ${ARGN}) + "NAMESPACE;PROJECT;NAME;FOLDER;VARIANT" "PRIVATE_HEADERS;SOURCES" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -18,7 +18,11 @@ function(noa_library) set(INCLUDE_PREFIX "include/${NOA_LIBRARY_PROJECT}") endif() - set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + if(NOT NOA_LIBRARY_VARIANT) + set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + else() + set(PUBLIC_HEADER "../${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + endif() if(NOA_LIBRARY_SOURCES) set(ABSOLUTE_PRIVATE_HEADERS "${CMAKE_CURRENT_BINARY_DIR}/${NOA_LIBRARY_NAME}_export.h") @@ -38,6 +42,11 @@ function(noa_library) set(ALIAS_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + set(ALIAS_NAME "${ALIAS_NAME}::${NOA_LIBRARY_VARIANT}") + endif() + if(NOA_LIBRARY_SOURCES) add_library(${TARGET_NAME} ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS} ${NOA_LIBRARY_SOURCES}) @@ -50,23 +59,34 @@ function(noa_library) add_library(${ALIAS_NAME} ALIAS ${TARGET_NAME}) + if(NOT NOA_LIBRARY_VARIANT) + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/include") + else() + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/../include") + endif() if(NOA_LIBRARY_SOURCES) target_include_directories(${TARGET_NAME} PUBLIC - "$" + "$" "$") else() target_include_directories(${TARGET_NAME} INTERFACE - "$" + "$" "$") endif() if(NOA_LIBRARY_SOURCES) + if(NOA_LIBRARY_VARIANT) + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}::${NOA_LIBRARY_VARIANT}") + else() + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") + endif() + set_target_properties(${TARGET_NAME} PROPERTIES OUTPUT_NAME ${TARGET_NAME} PUBLIC_HEADER "${PUBLIC_HEADER}" PRIVATE_HEADER "${ABSOLUTE_PRIVATE_HEADERS}" - EXPORT_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}" + EXPORT_NAME "${export_name}" FOLDER "${NOA_LIBRARY_FOLDER}") else() set_target_properties(${TARGET_NAME} @@ -93,7 +113,7 @@ function(noa_library) endfunction() function(noa_library_install) - cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME" "" ${ARGN}) + cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME;VARIANT" "" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -114,6 +134,10 @@ function(noa_library_install) set(NAMESPACE_PREFIX "") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + endif() + include(GNUInstallDirs) install(TARGETS ${TARGET_NAME} EXPORT ${TARGET_NAME} diff --git a/vendor/hydra/CMakeLists.txt b/vendor/hydra/CMakeLists.txt index 54cdcbfe..d6f1709d 100644 --- a/vendor/hydra/CMakeLists.txt +++ b/vendor/hydra/CMakeLists.txt @@ -3,9 +3,9 @@ project(hydra VERSION 0.0.1 LANGUAGES C CXX DESCRIPTION "A convenience networking library for modern C++") list(APPEND CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake") include(vendor/noa/cmake/noa.cmake) -include(cmake/CompilerOptions.cmake) # Options +option(HYDRA_CRYPTO "Build the Hydra crypto library" ON) option(HYDRA_HTTPCLIENT "Build the Hydra HTTP client library" ON) if(WIN32) # TODO: Make it work on Windows. Main challenge is that uSockets @@ -42,14 +42,22 @@ if(HYDRA_HTTPCLIENT OR HYDRA_HTTPSERVER OR HYDRA_BUCKET) add_subdirectory(src/http) endif() +if(HYDRA_CRYPTO OR HYDRA_HTTPCLIENT OR HYDRA_BUCKET) + find_package(BearSSL REQUIRED) +endif() + +if(HYDRA_CRYPTO OR HYDRA_HTTPSERVER OR HYDRA_BUCKET) + add_subdirectory(src/crypto) +endif() + if(HYDRA_HTTPCLIENT OR HYDRA_BUCKET) find_package(ZLIB REQUIRED) - find_package(BearSSL REQUIRED) find_package(CURL REQUIRED) add_subdirectory(src/httpclient) endif() if(HYDRA_HTTPSERVER) + find_package(ZLIB REQUIRED) find_package(uSockets REQUIRED) find_package(uWebSockets REQUIRED) add_subdirectory(src/httpserver) @@ -87,6 +95,10 @@ if(HYDRA_TESTS) add_subdirectory(test/unit/http) endif() + if(HYDRA_CRYPTO) + add_subdirectory(test/unit/crypto) + endif() + if(HYDRA_HTTPCLIENT) add_subdirectory(test/e2e/httpclient) endif() diff --git a/vendor/hydra/cmake/CompilerOptions.cmake b/vendor/hydra/cmake/CompilerOptions.cmake deleted file mode 100644 index 307d2743..00000000 --- a/vendor/hydra/cmake/CompilerOptions.cmake +++ /dev/null @@ -1,66 +0,0 @@ -function(sourcemeta_hydra_add_compile_options target) - if(NOA_COMPILER_MSVC) - # See https://learn.microsoft.com/en-us/cpp/build/reference/compiler-options-listed-by-category - target_compile_options("${target}" PRIVATE - /options:strict - /permissive- - /W4 - /WL - /MP - /sdl) - else() - target_compile_options("${target}" PRIVATE - -Wall - -Wextra - -Wpedantic - -Wshadow - -Wdouble-promotion - -Wconversion - -Wunused-parameter - -Wtrigraphs - -Wunreachable-code - -Wmissing-braces - -Wparentheses - -Wswitch - -Wunused-function - -Wunused-label - -Wunused-parameter - -Wunused-variable - -Wunused-value - -Wempty-body - -Wuninitialized - -Wshadow - -Wconversion - -Wenum-conversion - -Wfloat-conversion - -Wimplicit-fallthrough - -Wsign-compare - -Wsign-conversion - -Wunknown-pragmas - -Wnon-virtual-dtor - -Woverloaded-virtual - -Winvalid-offsetof) - endif() - - if(NOA_COMPILER_LLVM) - target_compile_options("${target}" PRIVATE - -Wbool-conversion - -Wint-conversion - -Wpointer-sign - -Wconditional-uninitialized - -Wconstant-conversion - -Wnon-literal-null-conversion - -Wshorten-64-to-32 - -Wdeprecated-implementations - -Winfinite-recursion - -Wnewline-eof - -Wfour-char-constants - -Wselector - -Wundeclared-selector - -Wdocumentation - -Wmove - -Wc++11-extensions - -Wno-exit-time-destructors - -Wrange-loop-analysis) - endif() -endfunction() diff --git a/vendor/hydra/cmake/FindCURL.cmake b/vendor/hydra/cmake/FindCURL.cmake index 34f83ef5..ab96099d 100644 --- a/vendor/hydra/cmake/FindCURL.cmake +++ b/vendor/hydra/cmake/FindCURL.cmake @@ -358,6 +358,10 @@ if(NOT CURL_FOUND) "${CURL_DIR}/lib/vquic/vquic-tls.c" "${CURL_DIR}/lib/vquic/vquic-tls.h") + if(NOT MSVC) + target_compile_options(curl PRIVATE -Wno-enum-conversion) + endif() + # General options target_compile_definitions(curl PRIVATE BUILDING_LIBCURL) target_compile_definitions(curl PRIVATE UNICODE) diff --git a/vendor/hydra/config.cmake.in b/vendor/hydra/config.cmake.in index 3f2b3e9c..cab1b69a 100644 --- a/vendor/hydra/config.cmake.in +++ b/vendor/hydra/config.cmake.in @@ -24,7 +24,10 @@ if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") endif() foreach(component ${HYDRA_COMPONENTS}) - if(component STREQUAL "httpclient") + if(component STREQUAL "crypto") + find_dependency(BearSSL) + include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_crypto.cmake") + elseif(component STREQUAL "httpclient") include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_http.cmake") find_dependency(ZLIB) find_dependency(BearSSL) @@ -38,14 +41,17 @@ foreach(component ${HYDRA_COMPONENTS}) endif() include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_http.cmake") + find_dependency(BearSSL) + include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_crypto.cmake") find_dependency(uSockets) find_dependency(uWebSockets) find_dependency(JSONToolkit COMPONENTS json) include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_httpserver.cmake") elseif(component STREQUAL "bucket") include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_http.cmake") - find_dependency(ZLIB) find_dependency(BearSSL) + include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_crypto.cmake") + find_dependency(ZLIB) find_dependency(CURL) include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_hydra_httpclient.cmake") find_dependency(JSONToolkit COMPONENTS json uri) diff --git a/vendor/hydra/src/bucket/CMakeLists.txt b/vendor/hydra/src/bucket/CMakeLists.txt index 8c1d4485..15db3379 100644 --- a/vendor/hydra/src/bucket/CMakeLists.txt +++ b/vendor/hydra/src/bucket/CMakeLists.txt @@ -9,7 +9,6 @@ endif() target_link_libraries(sourcemeta_hydra_bucket PUBLIC sourcemeta::jsontoolkit::json) target_link_libraries(sourcemeta_hydra_bucket PUBLIC sourcemeta::jsontoolkit::uri) +target_link_libraries(sourcemeta_hydra_bucket PRIVATE sourcemeta::hydra::crypto) target_link_libraries(sourcemeta_hydra_bucket PUBLIC sourcemeta::hydra::http) target_link_libraries(sourcemeta_hydra_bucket PRIVATE sourcemeta::hydra::httpclient) -target_link_libraries(sourcemeta_hydra_bucket PRIVATE BearSSL::BearSSL) -sourcemeta_hydra_add_compile_options(sourcemeta_hydra_bucket) diff --git a/vendor/hydra/src/bucket/aws_sigv4.cc b/vendor/hydra/src/bucket/aws_sigv4.cc index 0b825e74..064c4020 100644 --- a/vendor/hydra/src/bucket/aws_sigv4.cc +++ b/vendor/hydra/src/bucket/aws_sigv4.cc @@ -1,112 +1,16 @@ #include - -#if defined(__clang__) -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wimplicit-int-conversion" -#elif defined(__GNUC__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#elif defined(_MSC_VER) -#pragma warning(disable : 4244 4267) -#endif -extern "C" { -#include -} -#if defined(__clang__) -#pragma clang diagnostic pop -#elif defined(__GNUC__) -#pragma GCC diagnostic pop -#elif defined(_MSC_VER) -#pragma warning(default : 4244 4267) -#endif +#include #include // assert #include // std::time_t, std::tm, std::gmtime #include // std::setfill, std::setw, std::put_time -#include // std::hex, std::ios_base +#include // std::hex #include // std::ostringstream #include // std::runtime_error #include // std::move namespace sourcemeta::hydra { -auto aws_sigv4_sha256(std::string_view input, std::ostream &output) -> void { - br_sha256_context context; - br_sha256_init(&context); - br_sha256_update(&context, input.data(), input.size()); - unsigned char hash[br_sha256_SIZE]; - br_sha256_out(&context, hash); - std::string_view buffer{reinterpret_cast(hash), br_sha256_SIZE}; - output << std::hex << std::setfill('0'); - for (const auto character : buffer) { - output << std::setw(2) - << static_cast(static_cast(character)); - } - - output.unsetf(std::ios_base::hex); -} - -auto aws_sigv4_hmac_sha256(std::string_view secret, std::string_view value, - std::ostream &output) -> void { - br_hmac_key_context key_context; - br_hmac_key_init(&key_context, &br_sha256_vtable, secret.data(), - secret.size()); - br_hmac_context context; - br_hmac_init(&context, &key_context, 0); - br_hmac_update(&context, value.data(), value.size()); - unsigned char hash[br_sha256_SIZE]; - br_hmac_out(&context, hash); - std::string_view buffer{reinterpret_cast(hash), br_sha256_SIZE}; - output << buffer; -} - -template -static auto base64_map_character(const CharT input, const std::size_t position, - const std::size_t limit) -> CharT { - static const CharT BASE64_DICTIONARY[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; - return position > limit ? '=' - : BASE64_DICTIONARY[static_cast(input)]; -} - -// Adapted from https://stackoverflow.com/a/31322410/1641422 -auto aws_sigv4_base64(std::string_view input, std::ostream &output) -> void { - using CharT = std::ostream::char_type; - const auto remainder{input.size() % 3}; - const std::size_t next_multiple_of_3{ - remainder == 0 ? input.size() : input.size() + (3 - remainder)}; - const std::size_t total_size{4 * (next_multiple_of_3 / 3)}; - const std::size_t limit{total_size - (next_multiple_of_3 - input.size()) - 1}; - std::size_t cursor = 0; - for (std::size_t index = 0; index < total_size / 4; index++) { - // Read a group of three bytes - CharT triplet[3]; - triplet[0] = ((index * 3) + 0 < input.size()) ? input[(index * 3) + 0] : 0; - triplet[1] = ((index * 3) + 1 < input.size()) ? input[(index * 3) + 1] : 0; - triplet[2] = ((index * 3) + 2 < input.size()) ? input[(index * 3) + 2] : 0; - - // Transform into four base 64 characters - CharT quad[4]; - quad[0] = static_cast((triplet[0] & 0xfc) >> 2); - quad[1] = static_cast(((triplet[0] & 0x03) << 4) + - ((triplet[1] & 0xf0) >> 4)); - quad[2] = static_cast(((triplet[1] & 0x0f) << 2) + - ((triplet[2] & 0xc0) >> 6)); - quad[3] = static_cast(((triplet[2] & 0x3f) << 0)); - - // Write resulting characters - output.put(base64_map_character(quad[0], cursor, limit)); - cursor += 1; - output.put(base64_map_character(quad[1], cursor, limit)); - cursor += 1; - output.put(base64_map_character(quad[2], cursor, limit)); - cursor += 1; - output.put(base64_map_character(quad[3], cursor, limit)); - cursor += 1; - } -} - static inline auto write_date_with_format(const std::chrono::system_clock::time_point time, const char *const format, std::ostream &output) -> void { @@ -150,14 +54,15 @@ auto aws_sigv4_scope(std::string_view datastamp, std::string_view region, auto aws_sigv4_key(std::string_view secret_key, std::string_view region, std::string_view datastamp) -> std::string { std::ostringstream hmac_date; - aws_sigv4_hmac_sha256(std::string{"AWS4"} + std::string{secret_key}, - datastamp, hmac_date); + sourcemeta::hydra::hmac_sha256(std::string{"AWS4"} + std::string{secret_key}, + datastamp, hmac_date); std::ostringstream hmac_region; - aws_sigv4_hmac_sha256(hmac_date.str(), region, hmac_region); + sourcemeta::hydra::hmac_sha256(hmac_date.str(), region, hmac_region); std::ostringstream hmac_service; - aws_sigv4_hmac_sha256(hmac_region.str(), "s3", hmac_service); + sourcemeta::hydra::hmac_sha256(hmac_region.str(), "s3", hmac_service); std::ostringstream signing_key; - aws_sigv4_hmac_sha256(hmac_service.str(), "aws4_request", signing_key); + sourcemeta::hydra::hmac_sha256(hmac_service.str(), "aws4_request", + signing_key); return signing_key.str(); } @@ -209,7 +114,7 @@ auto aws_sigv4(const http::Method method, string_to_sign << request_date_iso8601.str() << '\n'; aws_sigv4_scope(request_date_datastamp.str(), region, string_to_sign); string_to_sign << '\n'; - aws_sigv4_sha256(canonical, string_to_sign); + sourcemeta::hydra::sha256(canonical, string_to_sign); // Authorization std::ostringstream authorization; @@ -228,7 +133,7 @@ auto aws_sigv4(const http::Method method, const auto signing_key{ aws_sigv4_key(secret_key, region, request_date_datastamp.str())}; std::ostringstream signature; - aws_sigv4_hmac_sha256(signing_key, string_to_sign.str(), signature); + sourcemeta::hydra::hmac_sha256(signing_key, string_to_sign.str(), signature); authorization << std::hex << std::setfill('0'); for (const auto character : signature.str()) { authorization << std::setw(2) diff --git a/vendor/hydra/src/bucket/bucket.cc b/vendor/hydra/src/bucket/bucket.cc index ef4b6c7b..31b01df3 100644 --- a/vendor/hydra/src/bucket/bucket.cc +++ b/vendor/hydra/src/bucket/bucket.cc @@ -1,5 +1,6 @@ #include #include +#include #include #include @@ -115,7 +116,7 @@ auto Bucket::upsert_json(const std::string &key, std::stringstream content; sourcemeta::jsontoolkit::prettify(document, content); std::ostringstream content_checksum; - aws_sigv4_sha256(content.str(), content_checksum); + sourcemeta::hydra::sha256(content.str(), content_checksum); request.header("content-length", std::to_string(content.str().size())); request.header("transfer-encoding", ""); @@ -139,9 +140,10 @@ auto Bucket::upsert_json(const std::string &key, return promise.get_future(); } -auto Bucket::fetch_or_upsert(const std::string &key, - std::function - callback) -> std::future { +auto Bucket::fetch_or_upsert( + const std::string &key, + std::function callback) + -> std::future { std::promise promise; auto maybe_response{this->fetch_json(key).get()}; if (maybe_response.has_value()) { diff --git a/vendor/hydra/src/bucket/include/sourcemeta/hydra/bucket_aws_sigv4.h b/vendor/hydra/src/bucket/include/sourcemeta/hydra/bucket_aws_sigv4.h index bfb28d16..fdf1cd3b 100644 --- a/vendor/hydra/src/bucket/include/sourcemeta/hydra/bucket_aws_sigv4.h +++ b/vendor/hydra/src/bucket/include/sourcemeta/hydra/bucket_aws_sigv4.h @@ -29,39 +29,33 @@ aws_sigv4(const http::Method method, const sourcemeta::jsontoolkit::URI &url, const std::chrono::system_clock::time_point now) -> std::map; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_scope(std::string_view datastamp, std::string_view region, - std::ostream &output) -> void; +auto SOURCEMETA_HYDRA_BUCKET_EXPORT aws_sigv4_scope(std::string_view datastamp, + std::string_view region, + std::ostream &output) + -> void; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_key(std::string_view secret_key, std::string_view region, - std::string_view datastamp) -> std::string; +auto SOURCEMETA_HYDRA_BUCKET_EXPORT aws_sigv4_key(std::string_view secret_key, + std::string_view region, + std::string_view datastamp) + -> std::string; auto SOURCEMETA_HYDRA_BUCKET_EXPORT aws_sigv4_canonical(const http::Method method, std::string_view host, std::string_view path, std::string_view content_checksum, std::string_view timestamp) -> std::string; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_sha256(std::string_view input, std::ostream &output) -> void; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_hmac_sha256(std::string_view secret, std::string_view value, - std::ostream &output) -> void; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_base64(std::string_view input, std::ostream &output) -> void; - // A datestamp format is as follows: // YYYY: Four-digit year // MM: Two-digit month (01-12) // DD: Two-digit day (01-31) // Example: 20230913 (September 13, 2023) -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_datastamp(const std::chrono::system_clock::time_point time, - std::ostream &output) -> void; +auto SOURCEMETA_HYDRA_BUCKET_EXPORT aws_sigv4_datastamp( + const std::chrono::system_clock::time_point time, std::ostream &output) + -> void; -auto SOURCEMETA_HYDRA_BUCKET_EXPORT -aws_sigv4_iso8601(const std::chrono::system_clock::time_point time, - std::ostream &output) -> void; +auto SOURCEMETA_HYDRA_BUCKET_EXPORT aws_sigv4_iso8601( + const std::chrono::system_clock::time_point time, std::ostream &output) + -> void; } // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/crypto/CMakeLists.txt b/vendor/hydra/src/crypto/CMakeLists.txt new file mode 100644 index 00000000..60bc7fab --- /dev/null +++ b/vendor/hydra/src/crypto/CMakeLists.txt @@ -0,0 +1,9 @@ +noa_library(NAMESPACE sourcemeta PROJECT hydra NAME crypto + FOLDER "Hydra/Crypto" + SOURCES bearssl.h uuid.cc sha256.cc md5.cc base64.cc) + +if(HYDRA_INSTALL) + noa_library_install(NAMESPACE sourcemeta PROJECT hydra NAME crypto) +endif() + +target_link_libraries(sourcemeta_hydra_crypto PRIVATE BearSSL::BearSSL) diff --git a/vendor/hydra/src/crypto/base64.cc b/vendor/hydra/src/crypto/base64.cc new file mode 100644 index 00000000..5fe3f189 --- /dev/null +++ b/vendor/hydra/src/crypto/base64.cc @@ -0,0 +1,52 @@ +#include + +template +static auto base64_map_character(const CharT input, const std::size_t position, + const std::size_t limit) -> CharT { + static const CharT BASE64_DICTIONARY[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"; + return position > limit ? '=' + : BASE64_DICTIONARY[static_cast(input)]; +} + +namespace sourcemeta::hydra { + +// Adapted from https://stackoverflow.com/a/31322410/1641422 +auto base64_encode(std::string_view input, std::ostream &output) -> void { + using CharT = std::ostream::char_type; + const auto remainder{input.size() % 3}; + const std::size_t next_multiple_of_3{ + remainder == 0 ? input.size() : input.size() + (3 - remainder)}; + const std::size_t total_size{4 * (next_multiple_of_3 / 3)}; + const std::size_t limit{total_size - (next_multiple_of_3 - input.size()) - 1}; + std::size_t cursor = 0; + for (std::size_t index = 0; index < total_size / 4; index++) { + // Read a group of three bytes + CharT triplet[3]; + triplet[0] = ((index * 3) + 0 < input.size()) ? input[(index * 3) + 0] : 0; + triplet[1] = ((index * 3) + 1 < input.size()) ? input[(index * 3) + 1] : 0; + triplet[2] = ((index * 3) + 2 < input.size()) ? input[(index * 3) + 2] : 0; + + // Transform into four base 64 characters + CharT quad[4]; + quad[0] = static_cast((triplet[0] & 0xfc) >> 2); + quad[1] = static_cast(((triplet[0] & 0x03) << 4) + + ((triplet[1] & 0xf0) >> 4)); + quad[2] = static_cast(((triplet[1] & 0x0f) << 2) + + ((triplet[2] & 0xc0) >> 6)); + quad[3] = static_cast(((triplet[2] & 0x3f) << 0)); + + // Write resulting characters + output.put(base64_map_character(quad[0], cursor, limit)); + cursor += 1; + output.put(base64_map_character(quad[1], cursor, limit)); + cursor += 1; + output.put(base64_map_character(quad[2], cursor, limit)); + cursor += 1; + output.put(base64_map_character(quad[3], cursor, limit)); + cursor += 1; + } +} + +} // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/crypto/bearssl.h b/vendor/hydra/src/crypto/bearssl.h new file mode 100644 index 00000000..2dcf1093 --- /dev/null +++ b/vendor/hydra/src/crypto/bearssl.h @@ -0,0 +1,24 @@ +#ifndef SOURCEMETA_HYDRA_CRYPTO_BEARSSL_H +#define SOURCEMETA_HYDRA_CRYPTO_BEARSSL_H + +#if defined(__clang__) +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wimplicit-int-conversion" +#elif defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wconversion" +#elif defined(_MSC_VER) +#pragma warning(disable : 4244 4267) +#endif +extern "C" { +#include +} +#if defined(__clang__) +#pragma clang diagnostic pop +#elif defined(__GNUC__) +#pragma GCC diagnostic pop +#elif defined(_MSC_VER) +#pragma warning(default : 4244 4267) +#endif + +#endif diff --git a/vendor/hydra/src/crypto/include/sourcemeta/hydra/crypto.h b/vendor/hydra/src/crypto/include/sourcemeta/hydra/crypto.h new file mode 100644 index 00000000..f87fbfce --- /dev/null +++ b/vendor/hydra/src/crypto/include/sourcemeta/hydra/crypto.h @@ -0,0 +1,100 @@ +#ifndef SOURCEMETA_HYDRA_CRYPTO_H +#define SOURCEMETA_HYDRA_CRYPTO_H + +#if defined(__Unikraft__) +#define SOURCEMETA_HYDRA_CRYPTO_EXPORT +#else +#include "crypto_export.h" +#endif + +#include // std::ostream +#include // std::string +#include // std::string_view + +/// @defgroup crypto Crypto +/// @brief This module offers a collection of cryptographic utilities for use in +/// the other modules. +/// +/// This functionality is included as follows: +/// +/// ```cpp +/// #include +/// ``` + +namespace sourcemeta::hydra { + +/// @ingroup crypto +/// Generate a random UUID v4 string. For example: +/// +/// ```cpp +/// #include +/// #include +/// +/// std::cout << sourcemeta::hydra::uuid() << "\n"; +/// ``` +auto SOURCEMETA_HYDRA_CRYPTO_EXPORT uuid() -> std::string; + +/// @ingroup crypto +/// Encode a string using Base64. For example: +/// +/// ```cpp +/// #include +/// #include +/// #include +/// +/// std::ostringstream result; +/// sourcemeta::hydra::base64_encode("foo bar", result); +/// std::cout << result.str() << "\n"; +/// ``` +auto SOURCEMETA_HYDRA_CRYPTO_EXPORT base64_encode(std::string_view input, + std::ostream &output) -> void; + +/// @ingroup crypto +/// Hash a string using MD5. For example: +/// +/// ```cpp +/// #include +/// #include +/// #include +/// +/// std::ostringstream result; +/// sourcemeta::hydra::md5("foo bar", result); +/// std::cout << result.str() << "\n"; +/// ``` +auto SOURCEMETA_HYDRA_CRYPTO_EXPORT md5(std::string_view input, + std::ostream &output) -> void; + +/// @ingroup crypto +/// Hash a string using SHA256. For example: +/// +/// ```cpp +/// #include +/// #include +/// #include +/// +/// std::ostringstream result; +/// sourcemeta::hydra::sha256("foo bar", result); +/// std::cout << result.str() << "\n"; +/// ``` +auto SOURCEMETA_HYDRA_CRYPTO_EXPORT sha256(std::string_view input, + std::ostream &output) -> void; + +/// @ingroup crypto +/// Compute a HMAC-SHA256 key. For example: +/// +/// ```cpp +/// #include +/// #include +/// #include +/// +/// std::ostringstream result; +/// sourcemeta::hydra::hmac_sha256("my secret", "my value", result); +/// std::cout << result.str() << "\n"; +/// ``` +auto SOURCEMETA_HYDRA_CRYPTO_EXPORT hmac_sha256(std::string_view secret, + std::string_view value, + std::ostream &output) -> void; + +} // namespace sourcemeta::hydra + +#endif diff --git a/vendor/hydra/src/crypto/md5.cc b/vendor/hydra/src/crypto/md5.cc new file mode 100644 index 00000000..7c62d498 --- /dev/null +++ b/vendor/hydra/src/crypto/md5.cc @@ -0,0 +1,26 @@ +#include + +#include // std::setfill, std::setw +#include // std::hex + +#include "bearssl.h" + +namespace sourcemeta::hydra { + +auto md5(std::string_view input, std::ostream &output) -> void { + br_md5_context context; + br_md5_init(&context); + br_md5_update(&context, input.data(), input.size()); + unsigned char hash[br_md5_SIZE]; + br_md5_out(&context, hash); + std::string_view buffer{reinterpret_cast(hash), br_md5_SIZE}; + output << std::hex << std::setfill('0'); + for (const auto character : buffer) { + output << std::setw(2) + << static_cast(static_cast(character)); + } + + output.unsetf(std::ios_base::hex); +} + +} // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/crypto/sha256.cc b/vendor/hydra/src/crypto/sha256.cc new file mode 100644 index 00000000..1cf5e825 --- /dev/null +++ b/vendor/hydra/src/crypto/sha256.cc @@ -0,0 +1,40 @@ +#include + +#include // std::setfill, std::setw +#include // std::hex + +#include "bearssl.h" + +namespace sourcemeta::hydra { + +auto sha256(std::string_view input, std::ostream &output) -> void { + br_sha256_context context; + br_sha256_init(&context); + br_sha256_update(&context, input.data(), input.size()); + unsigned char hash[br_sha256_SIZE]; + br_sha256_out(&context, hash); + std::string_view buffer{reinterpret_cast(hash), br_sha256_SIZE}; + output << std::hex << std::setfill('0'); + for (const auto character : buffer) { + output << std::setw(2) + << static_cast(static_cast(character)); + } + + output.unsetf(std::ios_base::hex); +} + +auto hmac_sha256(std::string_view secret, std::string_view value, + std::ostream &output) -> void { + br_hmac_key_context key_context; + br_hmac_key_init(&key_context, &br_sha256_vtable, secret.data(), + secret.size()); + br_hmac_context context; + br_hmac_init(&context, &key_context, 0); + br_hmac_update(&context, value.data(), value.size()); + unsigned char hash[br_sha256_SIZE]; + br_hmac_out(&context, hash); + std::string_view buffer{reinterpret_cast(hash), br_sha256_SIZE}; + output << buffer; +} + +} // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/crypto/uuid.cc b/vendor/hydra/src/crypto/uuid.cc new file mode 100644 index 00000000..b6a2e8f0 --- /dev/null +++ b/vendor/hydra/src/crypto/uuid.cc @@ -0,0 +1,32 @@ +#include + +#include // std::uint8_t +#include // std::random_device, std::mt19937, std::uniform_int_distribution +#include // std::string_view + +namespace sourcemeta::hydra { + +// Adapted from https://stackoverflow.com/a/58467162/1641422 +auto uuid() -> std::string { + static std::random_device device; + static std::mt19937 generator{device()}; + static constexpr std::string_view digits = "0123456789abcdef"; + static constexpr bool dash[] = {0, 0, 0, 0, 1, 0, 1, 0, + 1, 0, 1, 0, 0, 0, 0, 0}; + std::uniform_int_distribution distribution(0, + 15); + std::string result; + result.reserve(36); + for (std::uint8_t index = 0; index < 16; index++) { + if (dash[index]) { + result += "-"; + } + + result += digits[distribution(generator)]; + result += digits[distribution(generator)]; + } + + return result; +} + +} // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/http/CMakeLists.txt b/vendor/hydra/src/http/CMakeLists.txt index ed779aba..29b7c543 100644 --- a/vendor/hydra/src/http/CMakeLists.txt +++ b/vendor/hydra/src/http/CMakeLists.txt @@ -1,10 +1,8 @@ noa_library(NAMESPACE sourcemeta PROJECT hydra NAME http FOLDER "Hydra/HTTP" - PRIVATE_HEADERS method.h status.h error.h header.h time.h - SOURCES method.cc status.cc error.cc header.cc time.cc) + PRIVATE_HEADERS method.h status.h error.h header.h time.h mime.h + SOURCES method.cc status.cc error.cc header.cc time.cc mime.cc) if(HYDRA_INSTALL) noa_library_install(NAMESPACE sourcemeta PROJECT hydra NAME http) endif() - -sourcemeta_hydra_add_compile_options(sourcemeta_hydra_http) diff --git a/vendor/hydra/src/http/include/sourcemeta/hydra/http.h b/vendor/hydra/src/http/include/sourcemeta/hydra/http.h index 308901c5..debe1cfa 100644 --- a/vendor/hydra/src/http/include/sourcemeta/hydra/http.h +++ b/vendor/hydra/src/http/include/sourcemeta/hydra/http.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include diff --git a/vendor/hydra/src/http/include/sourcemeta/hydra/http_method.h b/vendor/hydra/src/http/include/sourcemeta/hydra/http_method.h index 82a4b91c..76641914 100644 --- a/vendor/hydra/src/http/include/sourcemeta/hydra/http_method.h +++ b/vendor/hydra/src/http/include/sourcemeta/hydra/http_method.h @@ -38,8 +38,9 @@ enum class Method { /// output << sourcemeta::hydra::http::Method::GET; /// assert(output.str() == "GET"); /// ``` -auto SOURCEMETA_HYDRA_HTTP_EXPORT -operator<<(std::ostream &stream, const Method method) -> std::ostream &; +auto SOURCEMETA_HYDRA_HTTP_EXPORT operator<<(std::ostream &stream, + const Method method) + -> std::ostream &; /// @ingroup http /// Construct a HTTP method from a string. Note that casing is not supported. diff --git a/vendor/hydra/src/http/include/sourcemeta/hydra/http_mime.h b/vendor/hydra/src/http/include/sourcemeta/hydra/http_mime.h new file mode 100644 index 00000000..ac3233a6 --- /dev/null +++ b/vendor/hydra/src/http/include/sourcemeta/hydra/http_mime.h @@ -0,0 +1,30 @@ +#ifndef SOURCEMETA_HYDRA_HTTP_MIME_H +#define SOURCEMETA_HYDRA_HTTP_MIME_H + +#if defined(__Unikraft__) +#define SOURCEMETA_HYDRA_HTTP_EXPORT +#else +#include "http_export.h" +#endif + +#include // std::filesystem +#include // std::string + +namespace sourcemeta::hydra { + +/// @ingroup http +/// Find a IANA MIME type for the given file. For example: +/// +/// ```cpp +/// #include +/// #include +/// +/// const auto result{sourcemeta::hydra::mime_type("image.png")}; +/// assert(result == "image/png"); +/// ``` +auto SOURCEMETA_HYDRA_HTTP_EXPORT +mime_type(const std::filesystem::path &file_path) -> std::string; + +} // namespace sourcemeta::hydra + +#endif diff --git a/vendor/hydra/src/http/include/sourcemeta/hydra/http_status.h b/vendor/hydra/src/http/include/sourcemeta/hydra/http_status.h index a1aac740..928cbae4 100644 --- a/vendor/hydra/src/http/include/sourcemeta/hydra/http_status.h +++ b/vendor/hydra/src/http/include/sourcemeta/hydra/http_status.h @@ -89,8 +89,9 @@ enum class Status : std::uint16_t { }; /// @ingroup http -auto SOURCEMETA_HYDRA_HTTP_EXPORT -operator<<(std::ostream &stream, const Status value) -> std::ostream &; +auto SOURCEMETA_HYDRA_HTTP_EXPORT operator<<(std::ostream &stream, + const Status value) + -> std::ostream &; } // namespace sourcemeta::hydra::http diff --git a/vendor/hydra/src/http/mime.cc b/vendor/hydra/src/http/mime.cc new file mode 100644 index 00000000..c63322ed --- /dev/null +++ b/vendor/hydra/src/http/mime.cc @@ -0,0 +1,36 @@ +#include + +#include // std::transform +#include // std::tolower +#include // std::map + +namespace sourcemeta::hydra { + +// See https://www.iana.org/assignments/media-types/media-types.xhtml +auto mime_type(const std::filesystem::path &file_path) -> std::string { + // TODO: More exhaustively define all known types + static const std::map MIME_TYPES{ + {".css", "text/css"}, + {".png", "image/png"}, + {".webp", "image/webp"}, + {".ico", "image/vnd.microsoft.icon"}, + {".svg", "image/svg+xml"}, + {".webmanifest", "application/manifest+json"}, + {".json", "application/json"}, + {".woff", "font/woff"}, + {".woff2", "font/woff2"}, + }; + + std::string extension{file_path.extension().string()}; + std::transform(extension.begin(), extension.end(), extension.begin(), + [](const auto character) { + return static_cast( + std::tolower(character)); + }); + + const auto result{MIME_TYPES.find(extension)}; + return result == MIME_TYPES.cend() ? "application/octet-stream" + : result->second; +} + +} // namespace sourcemeta::hydra diff --git a/vendor/hydra/src/httpclient/CMakeLists.txt b/vendor/hydra/src/httpclient/CMakeLists.txt index cacde551..bd374d1c 100644 --- a/vendor/hydra/src/httpclient/CMakeLists.txt +++ b/vendor/hydra/src/httpclient/CMakeLists.txt @@ -9,4 +9,3 @@ endif() target_link_libraries(sourcemeta_hydra_httpclient PRIVATE CURL::libcurl) target_link_libraries(sourcemeta_hydra_httpclient PUBLIC sourcemeta::hydra::http) -sourcemeta_hydra_add_compile_options(sourcemeta_hydra_httpclient) diff --git a/vendor/hydra/src/httpclient/request.cc b/vendor/hydra/src/httpclient/request.cc index 7e88727e..e324e735 100644 --- a/vendor/hydra/src/httpclient/request.cc +++ b/vendor/hydra/src/httpclient/request.cc @@ -40,8 +40,8 @@ auto ClientRequest::capture(std::initializer_list headers) auto ClientRequest::capture() -> void { this->capture_all_ = true; } -auto ClientRequest::header(std::string_view key, - std::string_view value) -> void { +auto ClientRequest::header(std::string_view key, std::string_view value) + -> void { this->stream.header(key, value); } diff --git a/vendor/hydra/src/httpclient/stream_curl.cc b/vendor/hydra/src/httpclient/stream_curl.cc index e25336d7..3c1780e7 100644 --- a/vendor/hydra/src/httpclient/stream_curl.cc +++ b/vendor/hydra/src/httpclient/stream_curl.cc @@ -42,10 +42,10 @@ inline auto handle_curl(CURLcode code) -> void { } } -auto callback_on_response_body(const void *const data, const std::size_t size, - const std::size_t count, - const sourcemeta::hydra::http::ClientStream - *const request) noexcept -> std::size_t { +auto callback_on_response_body( + const void *const data, const std::size_t size, const std::size_t count, + const sourcemeta::hydra::http::ClientStream *const request) noexcept + -> std::size_t { const std::size_t total_size{size * count}; if (request->internal->on_data) { try { @@ -61,10 +61,10 @@ auto callback_on_response_body(const void *const data, const std::size_t size, return total_size; } -auto callback_on_header(const void *const data, const std::size_t size, - const std::size_t count, - sourcemeta::hydra::http::ClientStream - *const request) noexcept -> std::size_t { +auto callback_on_header( + const void *const data, const std::size_t size, const std::size_t count, + sourcemeta::hydra::http::ClientStream *const request) noexcept + -> std::size_t { const std::size_t total_size{size * count}; const std::string_view line{static_cast(data), total_size}; const std::size_t colon{line.find(':')}; @@ -130,10 +130,10 @@ auto callback_on_header(const void *const data, const std::size_t size, return total_size; } -auto callback_on_request_body(char *buffer, const std::size_t size, - const std::size_t count, - sourcemeta::hydra::http::ClientStream - *const request) noexcept -> std::size_t { +auto callback_on_request_body( + char *buffer, const std::size_t size, const std::size_t count, + sourcemeta::hydra::http::ClientStream *const request) noexcept + -> std::size_t { assert(buffer); assert(request->internal->on_body); const std::size_t total_size{size * count}; @@ -242,8 +242,8 @@ auto ClientStream::on_body(BodyCallback callback) noexcept -> void { this->internal->on_body = std::move(callback); } -auto ClientStream::header(std::string_view key, - std::string_view value) -> void { +auto ClientStream::header(std::string_view key, std::string_view value) + -> void { std::stringstream stream; stream << key << ": " << value; const std::string result{stream.str()}; diff --git a/vendor/hydra/src/httpserver/CMakeLists.txt b/vendor/hydra/src/httpserver/CMakeLists.txt index 2cfac889..e993ceda 100644 --- a/vendor/hydra/src/httpserver/CMakeLists.txt +++ b/vendor/hydra/src/httpserver/CMakeLists.txt @@ -1,15 +1,15 @@ noa_library(NAMESPACE sourcemeta PROJECT hydra NAME httpserver FOLDER "Hydra/HTTP Server" PRIVATE_HEADERS request.h response.h logger.h - SOURCES uwebsockets.h httpserver.cc request.cc response.cc logger.cc) + SOURCES uwebsockets.h httpserver.cc request.cc response.cc logger.cc static.cc) if(HYDRA_INSTALL) noa_library_install(NAMESPACE sourcemeta PROJECT hydra NAME httpserver) endif() +target_link_libraries(sourcemeta_hydra_httpserver PRIVATE sourcemeta::hydra::crypto) target_link_libraries(sourcemeta_hydra_httpserver PUBLIC sourcemeta::hydra::http) target_link_libraries(sourcemeta_hydra_httpserver PUBLIC sourcemeta::jsontoolkit::json) target_link_libraries(sourcemeta_hydra_httpserver PRIVATE ZLIB::ZLIB) target_link_libraries(sourcemeta_hydra_httpserver PRIVATE uNetworking::uSockets) target_link_libraries(sourcemeta_hydra_httpserver PRIVATE uNetworking::uWebSockets) -sourcemeta_hydra_add_compile_options(sourcemeta_hydra_httpserver) diff --git a/vendor/hydra/src/httpserver/httpserver.cc b/vendor/hydra/src/httpserver/httpserver.cc index 2a72ad00..52daeb43 100644 --- a/vendor/hydra/src/httpserver/httpserver.cc +++ b/vendor/hydra/src/httpserver/httpserver.cc @@ -6,10 +6,16 @@ #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wnewline-eof" #pragma clang diagnostic ignored "-Wunused-variable" +#pragma clang diagnostic ignored "-Wunused-parameter" +#elif defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-parameter" #endif #include #if defined(__clang__) #pragma clang diagnostic pop +#elif defined(__GNUC__) +#pragma GCC diagnostic pop #endif #include // assert @@ -105,10 +111,10 @@ static auto wrap_route( logger << line.str(); } -static auto -default_handler(const sourcemeta::hydra::http::ServerLogger &, - const sourcemeta::hydra::http::ServerRequest &, - sourcemeta::hydra::http::ServerResponse &response) -> void { +static auto default_handler(const sourcemeta::hydra::http::ServerLogger &, + const sourcemeta::hydra::http::ServerRequest &, + sourcemeta::hydra::http::ServerResponse &response) + -> void { response.status(sourcemeta::hydra::http::Status::NOT_IMPLEMENTED); response.end(); } diff --git a/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver.h b/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver.h index a5a99765..129fe21c 100644 --- a/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver.h +++ b/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver.h @@ -23,6 +23,7 @@ #include // std::uint32_t #include // std::exception_ptr +#include // std::filesystem::path #include // std::function #include // std::string #include // std::tuple @@ -79,8 +80,8 @@ class SOURCEMETA_HYDRA_HTTPSERVER_EXPORT Server { /// /// server.run(3000); /// ``` - auto route(const Method method, std::string &&path, - RouteCallback &&callback) -> void; + auto route(const Method method, std::string &&path, RouteCallback &&callback) + -> void; /// Set a handler that responds to HTTP requests that do not match any other /// registered routes. For example: @@ -198,6 +199,37 @@ class SOURCEMETA_HYDRA_HTTPSERVER_EXPORT Server { ServerLogger logger{"global"}; }; +/// @ingroup httpserver +/// Serve a static file. This function assumes that the file exists and that is +/// not a directory. For example: +/// +/// ```cpp +/// #include +/// +/// static auto +/// on_static(const sourcemeta::hydra::http::ServerLogger &, +/// const sourcemeta::hydra::http::ServerRequest &request, +/// sourcemeta::hydra::http::ServerResponse &response) -> void { +/// const std::filesystem::path file_path{"path/to/static" + request.path()}; +/// if (!std::filesystem::exists(file_path)) { +/// response.status(sourcemeta::hydra::http::Status::NOT_FOUND); +/// response.end(); +/// return; +/// } +/// +/// sourcemeta::hydra::http::serve_file(file_path, request, response); +/// } +/// +/// int main() { +/// sourcemeta::hydra::http::Server server; +/// server.route(sourcemeta::hydra::http::Method::GET, "/*", on_static); +/// return server.run(3000); +/// } +/// ``` +auto SOURCEMETA_HYDRA_HTTPSERVER_EXPORT +serve_file(const std::filesystem::path &file_path, const ServerRequest &request, + ServerResponse &response) -> void; + } // namespace sourcemeta::hydra::http #endif diff --git a/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver_response.h b/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver_response.h index bfe35a41..b12a6374 100644 --- a/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver_response.h +++ b/vendor/hydra/src/httpserver/include/sourcemeta/hydra/httpserver_response.h @@ -189,16 +189,21 @@ class SOURCEMETA_HYDRA_HTTPSERVER_EXPORT ServerResponse { /// /// static auto /// on_root(const sourcemeta::hydra::http::ServerLogger &, - /// const sourcemeta::hydra::http::ServerRequest &, + /// const sourcemeta::hydra::http::ServerRequest &request, /// sourcemeta::hydra::http::ServerResponse &response) -> void { /// response.status(sourcemeta::hydra::http::Status::OK); /// response.end("Hello world!"); /// } /// /// server.route(sourcemeta::hydra::http::Method::GET, "/", on_root); + /// server.route(sourcemeta::hydra::http::Method::HEAD, "/", on_root); /// ``` auto end(const std::string_view message) -> void; + /// Same as sourcemeta::hydra::http::ServerResponse::end but without sending + /// the actual response content + auto head(const std::string_view message) -> void; + /// Respond with a JSON document. Keep in mind that you still need to manually /// set a corresponding `Content-Type` header. For example: /// @@ -224,6 +229,42 @@ class SOURCEMETA_HYDRA_HTTPSERVER_EXPORT ServerResponse { /// ``` auto end(const sourcemeta::jsontoolkit::JSON &document) -> void; + /// Same as sourcemeta::hydra::http::ServerResponse::end but without sending + /// the actual response content + auto head(const sourcemeta::jsontoolkit::JSON &document) -> void; + + /// Respond with a JSON document, passing a key comparison for formatting + /// purposes. Keep in mind that you still need to manually set a corresponding + /// `Content-Type` header. For example: + /// + /// ```cpp + /// #include + /// #include + /// + /// sourcemeta::hydra::http::Server server; + /// + /// static auto + /// on_root(const sourcemeta::hydra::http::ServerLogger &, + /// const sourcemeta::hydra::http::ServerRequest &, + /// sourcemeta::hydra::http::ServerResponse &response) -> void { + /// response.status(sourcemeta::hydra::http::Status::OK); + /// response.header("Content-Type", "application/json"); + /// auto schema{sourcemeta::jsontoolkit::JSON::make_object()}; + /// schema.assign("type", sourcemeta::jsontoolkit::JSON{"string"}); + /// schema.assign("minLength", sourcemeta::jsontoolkit::JSON{1}); + /// response.end(schema, sourcemeta::jsontoolkit::schema_format_compare); + /// } + /// + /// server.route(sourcemeta::hydra::http::Method::GET, "/", on_root); + /// ``` + auto end(const sourcemeta::jsontoolkit::JSON &document, + const sourcemeta::jsontoolkit::KeyComparison &compare) -> void; + + /// Same as sourcemeta::hydra::http::ServerResponse::end but without sending + /// the actual response content + auto head(const sourcemeta::jsontoolkit::JSON &document, + const sourcemeta::jsontoolkit::KeyComparison &compare) -> void; + /// Respond with an empty body. For example: /// /// ```cpp @@ -241,6 +282,9 @@ class SOURCEMETA_HYDRA_HTTPSERVER_EXPORT ServerResponse { /// /// server.route(sourcemeta::hydra::http::Method::GET, "/", on_root); /// ``` + /// + /// Do not make use of this method to respond to `HEAD` requests, as it will + /// incorrectly result in a `Content-Length` of `0`. auto end() -> void; private: diff --git a/vendor/hydra/src/httpserver/logger.cc b/vendor/hydra/src/httpserver/logger.cc index b0b56a27..c9552a99 100644 --- a/vendor/hydra/src/httpserver/logger.cc +++ b/vendor/hydra/src/httpserver/logger.cc @@ -1,41 +1,17 @@ +#include #include #include -#include // std::chrono::system_clock -#include // std::uint8_t -#include // std::cerr -#include // std::mutex, std::lock_guard -#include // std::random_device, std::mt19937, std::uniform_int_distribution +#include // std::chrono::system_clock +#include // std::cerr +#include // std::mutex, std::lock_guard #include // std::string_view #include // std::this_thread #include // std::move -// Adapted from https://stackoverflow.com/a/58467162/1641422 -static auto uuid() -> std::string { - static std::random_device device; - static std::mt19937 generator{device()}; - static constexpr std::string_view digits = "0123456789abcdef"; - static constexpr bool dash[] = {0, 0, 0, 0, 1, 0, 1, 0, - 1, 0, 1, 0, 0, 0, 0, 0}; - std::uniform_int_distribution distribution(0, - 15); - std::string result; - result.reserve(36); - for (std::uint8_t index = 0; index < 16; index++) { - if (dash[index]) { - result += "-"; - } - - result += digits[distribution(generator)]; - result += digits[distribution(generator)]; - } - - return result; -} - namespace sourcemeta::hydra::http { -ServerLogger::ServerLogger() : ServerLogger{uuid()} {} +ServerLogger::ServerLogger() : ServerLogger{sourcemeta::hydra::uuid()} {} ServerLogger::ServerLogger(std::string &&id) : identifier{std::move(id)} {} diff --git a/vendor/hydra/src/httpserver/request.cc b/vendor/hydra/src/httpserver/request.cc index 8ee97144..7ea44fbc 100644 --- a/vendor/hydra/src/httpserver/request.cc +++ b/vendor/hydra/src/httpserver/request.cc @@ -71,7 +71,10 @@ auto ServerRequest::header_if_modified_since( return true; } - return if_modified_since.value() < last_modified; + // Time comparison can be flaky, but adding a bit of tolerance leads + // to more consistent behavior. + return (if_modified_since.value() + std::chrono::seconds(1)) < + last_modified; // If there is an error parsing the `If-Modified-Since` timestamp, don't // abort, but lean on the safe side: the requested resource has been // modified diff --git a/vendor/hydra/src/httpserver/response.cc b/vendor/hydra/src/httpserver/response.cc index bd9a5e4d..6b88b675 100644 --- a/vendor/hydra/src/httpserver/response.cc +++ b/vendor/hydra/src/httpserver/response.cc @@ -65,8 +65,8 @@ auto ServerResponse::status(const Status status_code) -> void { auto ServerResponse::status() const -> Status { return this->code; } -auto ServerResponse::header(std::string_view key, - std::string_view value) -> void { +auto ServerResponse::header(std::string_view key, std::string_view value) + -> void { this->headers.emplace(key, value); } @@ -128,9 +128,33 @@ auto ServerResponse::end(const std::string_view message) -> void { switch (this->content_encoding) { case ServerContentEncoding::GZIP: this->internal->handler->end(zlib_compress_gzip(message)); + break; case ServerContentEncoding::Identity: this->internal->handler->end(message); + + break; + } +} + +auto ServerResponse::head(const std::string_view message) -> void { + std::ostringstream code_string; + code_string << this->code; + this->internal->handler->writeStatus(code_string.str()); + + for (const auto &[key, value] : this->headers) { + this->internal->handler->writeHeader(key, value); + } + + switch (this->content_encoding) { + case ServerContentEncoding::GZIP: + this->internal->handler->endWithoutBody( + zlib_compress_gzip(message).size()); + this->internal->handler->end(); + break; + case ServerContentEncoding::Identity: + this->internal->handler->endWithoutBody(message.size()); + this->internal->handler->end(); break; } } @@ -142,6 +166,29 @@ auto ServerResponse::end(const sourcemeta::jsontoolkit::JSON &document) this->end(output.str()); } +auto ServerResponse::head(const sourcemeta::jsontoolkit::JSON &document) + -> void { + std::ostringstream output; + sourcemeta::jsontoolkit::prettify(document, output); + this->head(output.str()); +} + +auto ServerResponse::end(const sourcemeta::jsontoolkit::JSON &document, + const sourcemeta::jsontoolkit::KeyComparison &compare) + -> void { + std::ostringstream output; + sourcemeta::jsontoolkit::prettify(document, output, compare); + this->end(output.str()); +} + +auto ServerResponse::head(const sourcemeta::jsontoolkit::JSON &document, + const sourcemeta::jsontoolkit::KeyComparison &compare) + -> void { + std::ostringstream output; + sourcemeta::jsontoolkit::prettify(document, output, compare); + this->head(output.str()); +} + auto ServerResponse::end() -> void { std::ostringstream code_string; code_string << this->code; diff --git a/vendor/hydra/src/httpserver/static.cc b/vendor/hydra/src/httpserver/static.cc new file mode 100644 index 00000000..94b0fb30 --- /dev/null +++ b/vendor/hydra/src/httpserver/static.cc @@ -0,0 +1,63 @@ +#include +#include + +#include // assert +#include // std::filesystem +#include // std::ifstream +#include // std::ostringstream + +namespace sourcemeta::hydra::http { + +auto serve_file(const std::filesystem::path &file_path, + const ServerRequest &request, ServerResponse &response) + -> void { + assert(request.method() == sourcemeta::hydra::http::Method::GET || + request.method() == sourcemeta::hydra::http::Method::HEAD); + + // Its the responsibility of the caller to ensure the file path + // exists, otherwise we cannot know how the application prefers + // to react to such case. + assert(std::filesystem::exists(file_path)); + assert(std::filesystem::is_regular_file(file_path)); + + const auto last_write_time{std::filesystem::last_write_time(file_path)}; + const auto last_modified{ + std::chrono::time_point_cast( + last_write_time - std::filesystem::file_time_type::clock::now() + + std::chrono::system_clock::now())}; + + if (!request.header_if_modified_since(last_modified)) { + response.status(sourcemeta::hydra::http::Status::NOT_MODIFIED); + response.end(); + return; + } + + std::ifstream stream{std::filesystem::canonical(file_path)}; + stream.exceptions(std::ifstream::failbit | std::ifstream::badbit); + assert(!stream.fail()); + assert(stream.is_open()); + + std::ostringstream contents; + contents << stream.rdbuf(); + std::ostringstream etag; + sourcemeta::hydra::md5(contents.str(), etag); + + if (!request.header_if_none_match(etag.str())) { + response.status(sourcemeta::hydra::http::Status::NOT_MODIFIED); + response.end(); + return; + } + + response.status(sourcemeta::hydra::http::Status::OK); + response.header("Content-Type", sourcemeta::hydra::mime_type(file_path)); + response.header_etag(etag.str()); + response.header_last_modified(last_modified); + + if (request.method() == sourcemeta::hydra::http::Method::HEAD) { + response.head(contents.str()); + } else { + response.end(contents.str()); + } +} + +} // namespace sourcemeta::hydra::http diff --git a/vendor/hydra/src/httpserver/uwebsockets.h b/vendor/hydra/src/httpserver/uwebsockets.h index 1d1e1697..08a90d43 100644 --- a/vendor/hydra/src/httpserver/uwebsockets.h +++ b/vendor/hydra/src/httpserver/uwebsockets.h @@ -7,10 +7,12 @@ #pragma clang diagnostic ignored "-Wshadow" #pragma clang diagnostic ignored "-Wnewline-eof" #pragma clang diagnostic ignored "-Wsign-compare" +#pragma clang diagnostic ignored "-Wunused-parameter" #elif defined(__GNUC__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" #pragma GCC diagnostic ignored "-Wsign-compare" +#pragma GCC diagnostic ignored "-Wunused-parameter" #endif #include #if defined(__clang__) diff --git a/vendor/hydra/vendor/curl.mask b/vendor/hydra/vendor/curl.mask index 5d6bdffc..b433a499 100644 --- a/vendor/hydra/vendor/curl.mask +++ b/vendor/hydra/vendor/curl.mask @@ -58,3 +58,10 @@ lib/curl_config.h.cmake Dockerfile lib/dllmain.c renovate.json +REUSE.toml +CHANGES.md +lib/libcurl.def +lib/vauth/.checksrc +lib/vquic/.checksrc +lib/vssh/.checksrc +lib/vtls/.checksrc diff --git a/vendor/hydra/vendor/curl/include/curl/curl.h b/vendor/hydra/vendor/curl/include/curl/curl.h index 91e11f62..c4fae4d4 100644 --- a/vendor/hydra/vendor/curl/include/curl/curl.h +++ b/vendor/hydra/vendor/curl/include/curl/curl.h @@ -34,24 +34,32 @@ #endif /* Compile-time deprecation macros. */ -#if defined(__GNUC__) && \ - ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1 ))) && \ +#if (defined(__GNUC__) && \ + ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1 ))) || \ + defined(__IAR_SYSTEMS_ICC__)) && \ !defined(__INTEL_COMPILER) && \ !defined(CURL_DISABLE_DEPRECATION) && !defined(BUILDING_LIBCURL) #define CURL_DEPRECATED(version, message) \ __attribute__((deprecated("since " # version ". " message))) +#if defined(__IAR_SYSTEMS_ICC__) +#define CURL_IGNORE_DEPRECATION(statements) \ + _Pragma("diag_suppress=Pe1444") \ + statements \ + _Pragma("diag_default=Pe1444") +#else #define CURL_IGNORE_DEPRECATION(statements) \ _Pragma("GCC diagnostic push") \ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") \ statements \ _Pragma("GCC diagnostic pop") +#endif #else #define CURL_DEPRECATED(version, message) #define CURL_IGNORE_DEPRECATION(statements) statements #endif #include "curlver.h" /* libcurl version defines */ -#include "system.h" /* determine things run-time */ +#include "system.h" /* determine things runtime */ #include #include @@ -68,8 +76,8 @@ #if defined(_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) #if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) -/* The check above prevents the winsock2 inclusion if winsock.h already was - included, since they can't co-exist without problems */ +/* The check above prevents the winsock2.h inclusion if winsock.h already was + included, since they cannot co-exist without problems */ #include #include #endif @@ -189,9 +197,9 @@ struct curl_httppost { files */ long flags; /* as defined below */ -/* specified content is a file name */ +/* specified content is a filename */ #define CURL_HTTPPOST_FILENAME (1<<0) -/* specified content is a file name */ +/* specified content is a filename */ #define CURL_HTTPPOST_READFILE (1<<1) /* name is only stored pointer do not free in formfree */ #define CURL_HTTPPOST_PTRNAME (1<<2) @@ -207,8 +215,8 @@ struct curl_httppost { /* use size in 'contentlen', added in 7.46.0 */ #define CURL_HTTPPOST_LARGE (1<<7) - char *showfilename; /* The file name to show. If not set, the - actual file name will be used (if this + char *showfilename; /* The filename to show. If not set, the + actual filename will be used (if this is a file part) */ void *userp; /* custom pointer used for HTTPPOST_CALLBACK posts */ @@ -350,13 +358,13 @@ typedef long (*curl_chunk_bgn_callback)(const void *transfer_info, download of an individual chunk finished. Note! After this callback was set then it have to be called FOR ALL chunks. Even if downloading of this chunk was skipped in CHUNK_BGN_FUNC. - This is the reason why we don't need "transfer_info" parameter in this + This is the reason why we do not need "transfer_info" parameter in this callback and we are not interested in "remains" parameter too. */ typedef long (*curl_chunk_end_callback)(void *ptr); /* return codes for FNMATCHFUNCTION */ #define CURL_FNMATCHFUNC_MATCH 0 /* string corresponds to the pattern */ -#define CURL_FNMATCHFUNC_NOMATCH 1 /* pattern doesn't match the string */ +#define CURL_FNMATCHFUNC_NOMATCH 1 /* pattern does not match the string */ #define CURL_FNMATCHFUNC_FAIL 2 /* an error occurred */ /* callback type for wildcard downloading pattern matching. If the @@ -368,7 +376,7 @@ typedef int (*curl_fnmatch_callback)(void *ptr, /* These are the return codes for the seek callbacks */ #define CURL_SEEKFUNC_OK 0 #define CURL_SEEKFUNC_FAIL 1 /* fail the entire transfer */ -#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking can't be done, so +#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking cannot be done, so libcurl might try other means instead */ typedef int (*curl_seek_callback)(void *instream, curl_off_t offset, @@ -451,7 +459,7 @@ typedef curlioerr (*curl_ioctl_callback)(CURL *handle, #ifndef CURL_DID_MEMORY_FUNC_TYPEDEFS /* * The following typedef's are signatures of malloc, free, realloc, strdup and - * calloc respectively. Function pointers of these types can be passed to the + * calloc respectively. Function pointers of these types can be passed to the * curl_global_init_mem() function to set user defined memory management * callback routines. */ @@ -539,17 +547,17 @@ typedef enum { CURLE_WRITE_ERROR, /* 23 */ CURLE_OBSOLETE24, /* 24 - NOT USED */ CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ - CURLE_READ_ERROR, /* 26 - couldn't open/read from file */ + CURLE_READ_ERROR, /* 26 - could not open/read from file */ CURLE_OUT_OF_MEMORY, /* 27 */ CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ CURLE_OBSOLETE29, /* 29 - NOT USED */ CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ CURLE_FTP_COULDNT_USE_REST, /* 31 - the REST command failed */ CURLE_OBSOLETE32, /* 32 - NOT USED */ - CURLE_RANGE_ERROR, /* 33 - RANGE "command" didn't work */ + CURLE_RANGE_ERROR, /* 33 - RANGE "command" did not work */ CURLE_HTTP_POST_ERROR, /* 34 */ CURLE_SSL_CONNECT_ERROR, /* 35 - wrong when connecting with SSL */ - CURLE_BAD_DOWNLOAD_RESUME, /* 36 - couldn't resume download */ + CURLE_BAD_DOWNLOAD_RESUME, /* 36 - could not resume download */ CURLE_FILE_COULDNT_READ_FILE, /* 37 */ CURLE_LDAP_CANNOT_BIND, /* 38 */ CURLE_LDAP_SEARCH_FAILED, /* 39 */ @@ -573,9 +581,9 @@ typedef enum { CURLE_RECV_ERROR, /* 56 - failure in receiving network data */ CURLE_OBSOLETE57, /* 57 - NOT IN USE */ CURLE_SSL_CERTPROBLEM, /* 58 - problem with the local certificate */ - CURLE_SSL_CIPHER, /* 59 - couldn't use specified cipher */ + CURLE_SSL_CIPHER, /* 59 - could not use specified cipher */ CURLE_PEER_FAILED_VERIFICATION, /* 60 - peer's certificate or fingerprint - wasn't verified fine */ + was not verified fine */ CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ CURLE_OBSOLETE62, /* 62 - NOT IN USE since 7.82.0 */ CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ @@ -604,7 +612,7 @@ typedef enum { CURLE_SSL_SHUTDOWN_FAILED, /* 80 - Failed to shut down the SSL connection */ CURLE_AGAIN, /* 81 - socket is not ready for send/recv, - wait till it's ready and try again (Added + wait till it is ready and try again (Added in 7.18.2) */ CURLE_SSL_CRL_BADFILE, /* 82 - could not load CRL file, missing or wrong format (Added in 7.19.0) */ @@ -713,6 +721,8 @@ typedef enum { with them. */ #define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40 #define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72 +#define CURLOPT_OBSOLETE72 9999 +#define CURLOPT_OBSOLETE40 9999 #endif /* !CURL_NO_OLDIES */ @@ -763,7 +773,7 @@ typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length); typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl, /* easy handle */ void *ssl_ctx, /* actually an OpenSSL - or WolfSSL SSL_CTX, + or wolfSSL SSL_CTX, or an mbedTLS mbedtls_ssl_config */ void *userptr); @@ -780,7 +790,7 @@ typedef enum { CURLPROXY_SOCKS5 = 5, /* added in 7.10 */ CURLPROXY_SOCKS4A = 6, /* added in 7.18.0 */ CURLPROXY_SOCKS5_HOSTNAME = 7 /* Use the SOCKS5 protocol but pass along the - host name rather than the IP address. added + hostname rather than the IP address. added in 7.18.0 */ } curl_proxytype; /* this enum was added in 7.10 */ @@ -860,7 +870,7 @@ enum curl_khstat { CURLKHSTAT_FINE_ADD_TO_FILE, CURLKHSTAT_FINE, CURLKHSTAT_REJECT, /* reject the connection, return an error */ - CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now. + CURLKHSTAT_DEFER, /* do not accept it, but we cannot answer right now. Causes a CURLE_PEER_FAILED_VERIFICATION error but the connection will be left intact etc */ CURLKHSTAT_FINE_REPLACE, /* accept and replace the wrong key */ @@ -1080,7 +1090,7 @@ typedef CURLSTScode (*curl_hstswrite_callback)(CURL *easy, #define CURLOPT(na,t,nu) na = t + nu #define CURLOPTDEPRECATED(na,t,nu,v,m) na CURL_DEPRECATED(v,m) = t + nu -/* CURLOPT aliases that make no run-time difference */ +/* CURLOPT aliases that make no runtime difference */ /* 'char *' argument to a string with a trailing zero */ #define CURLOPTTYPE_STRINGPOINT CURLOPTTYPE_OBJECTPOINT @@ -1147,7 +1157,7 @@ typedef enum { * * For large file support, there is also a _LARGE version of the key * which takes an off_t type, allowing platforms with larger off_t - * sizes to handle larger files. See below for INFILESIZE_LARGE. + * sizes to handle larger files. See below for INFILESIZE_LARGE. */ CURLOPT(CURLOPT_INFILESIZE, CURLOPTTYPE_LONG, 14), @@ -1180,7 +1190,7 @@ typedef enum { * * Note there is also a _LARGE version of this key which uses * off_t types, allowing for large file offsets on platforms which - * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. + * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. */ CURLOPT(CURLOPT_RESUME_FROM, CURLOPTTYPE_LONG, 21), @@ -1242,8 +1252,7 @@ typedef enum { /* send linked-list of post-transfer QUOTE commands */ CURLOPT(CURLOPT_POSTQUOTE, CURLOPTTYPE_SLISTPOINT, 39), - /* OBSOLETE, do not use! */ - CURLOPT(CURLOPT_OBSOLETE40, CURLOPTTYPE_OBJECTPOINT, 40), + /* 40 is not used */ /* talk a lot */ CURLOPT(CURLOPT_VERBOSE, CURLOPTTYPE_LONG, 41), @@ -1316,9 +1325,9 @@ typedef enum { /* Set the interface string to use as outgoing network interface */ CURLOPT(CURLOPT_INTERFACE, CURLOPTTYPE_STRINGPOINT, 62), - /* Set the krb4/5 security level, this also enables krb4/5 awareness. This - * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string - * is set but doesn't match one of these, 'private' will be used. */ + /* Set the krb4/5 security level, this also enables krb4/5 awareness. This + * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string + * is set but does not match one of these, 'private' will be used. */ CURLOPT(CURLOPT_KRBLEVEL, CURLOPTTYPE_STRINGPOINT, 63), /* Set if we should verify the peer in ssl handshake, set 1 to verify. */ @@ -1344,22 +1353,20 @@ typedef enum { /* Max amount of cached alive connections */ CURLOPT(CURLOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 71), - /* OBSOLETE, do not use! */ - CURLOPT(CURLOPT_OBSOLETE72, CURLOPTTYPE_LONG, 72), - + /* 72 = OBSOLETE */ /* 73 = OBSOLETE */ /* Set to explicitly use a new connection for the upcoming transfer. - Do not use this unless you're absolutely sure of this, as it makes the + Do not use this unless you are absolutely sure of this, as it makes the operation slower and is less friendly for the network. */ CURLOPT(CURLOPT_FRESH_CONNECT, CURLOPTTYPE_LONG, 74), /* Set to explicitly forbid the upcoming transfer's connection to be reused - when done. Do not use this unless you're absolutely sure of this, as it + when done. Do not use this unless you are absolutely sure of this, as it makes the operation slower and is less friendly for the network. */ CURLOPT(CURLOPT_FORBID_REUSE, CURLOPTTYPE_LONG, 75), - /* Set to a file name that contains random data for libcurl to use to + /* Set to a filename that contains random data for libcurl to use to seed the random engine when doing SSL connects. */ CURLOPTDEPRECATED(CURLOPT_RANDOM_FILE, CURLOPTTYPE_STRINGPOINT, 76, 7.84.0, "Serves no purpose anymore"), @@ -1386,11 +1393,11 @@ typedef enum { * provided hostname. */ CURLOPT(CURLOPT_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 81), - /* Specify which file name to write all known cookies in after completed - operation. Set file name to "-" (dash) to make it go to stdout. */ + /* Specify which filename to write all known cookies in after completed + operation. Set filename to "-" (dash) to make it go to stdout. */ CURLOPT(CURLOPT_COOKIEJAR, CURLOPTTYPE_STRINGPOINT, 82), - /* Specify which SSL ciphers to use */ + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use */ CURLOPT(CURLOPT_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 83), /* Specify which HTTP version to use! This must be set to one of the @@ -1486,7 +1493,7 @@ typedef enum { CURLOPT(CURLOPT_HTTPAUTH, CURLOPTTYPE_VALUES, 107), /* Set the ssl context callback function, currently only for OpenSSL or - WolfSSL ssl_ctx, or mbedTLS mbedtls_ssl_config in the second argument. + wolfSSL ssl_ctx, or mbedTLS mbedtls_ssl_config in the second argument. The function must match the curl_ssl_ctx_callback prototype. */ CURLOPT(CURLOPT_SSL_CTX_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 108), @@ -1506,7 +1513,7 @@ typedef enum { CURLOPT(CURLOPT_PROXYAUTH, CURLOPTTYPE_VALUES, 111), /* Option that changes the timeout, in seconds, associated with getting a - response. This is different from transfer timeout time and essentially + response. This is different from transfer timeout time and essentially places a demand on the server to acknowledge commands in a timely manner. For FTP, SMTP, IMAP and POP3. */ CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT, CURLOPTTYPE_LONG, 112), @@ -1520,7 +1527,7 @@ typedef enum { an HTTP or FTP server. Note there is also _LARGE version which adds large file support for - platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ + platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ CURLOPT(CURLOPT_MAXFILESIZE, CURLOPTTYPE_LONG, 114), /* See the comment for INFILESIZE above, but in short, specifies @@ -1528,17 +1535,17 @@ typedef enum { */ CURLOPT(CURLOPT_INFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 115), - /* Sets the continuation offset. There is also a CURLOPTTYPE_LONG version + /* Sets the continuation offset. There is also a CURLOPTTYPE_LONG version * of this; look above for RESUME_FROM. */ CURLOPT(CURLOPT_RESUME_FROM_LARGE, CURLOPTTYPE_OFF_T, 116), /* Sets the maximum size of data that will be downloaded from - * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. + * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. */ CURLOPT(CURLOPT_MAXFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 117), - /* Set this option to the file name of your .netrc file you want libcurl + /* Set this option to the filename of your .netrc file you want libcurl to parse (using the CURLOPT_NETRC option). If not set, libcurl will do a poor attempt to find the user's home directory and check for a .netrc file in there. */ @@ -1685,7 +1692,7 @@ typedef enum { /* Callback function for opening socket (instead of socket(2)). Optionally, callback is able change the address or refuse to connect returning - CURL_SOCKET_BAD. The callback should have type + CURL_SOCKET_BAD. The callback should have type curl_opensocket_callback */ CURLOPT(CURLOPT_OPENSOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 163), CURLOPT(CURLOPT_OPENSOCKETDATA, CURLOPTTYPE_CBPOINT, 164), @@ -1755,7 +1762,7 @@ typedef enum { CURLOPTDEPRECATED(CURLOPT_REDIR_PROTOCOLS, CURLOPTTYPE_LONG, 182, 7.85.0, "Use CURLOPT_REDIR_PROTOCOLS_STR"), - /* set the SSH knownhost file name to use */ + /* set the SSH knownhost filename to use */ CURLOPT(CURLOPT_SSH_KNOWNHOSTS, CURLOPTTYPE_STRINGPOINT, 183), /* set the SSH host key callback, must point to a curl_sshkeycallback @@ -1836,7 +1843,7 @@ typedef enum { future libcurl release. libcurl will ask for the compressed methods it knows of, and if that - isn't any, it will not ask for transfer-encoding at all even if this + is not any, it will not ask for transfer-encoding at all even if this option is set to 1. */ @@ -1938,7 +1945,7 @@ typedef enum { /* Service Name */ CURLOPT(CURLOPT_SERVICE_NAME, CURLOPTTYPE_STRINGPOINT, 236), - /* Wait/don't wait for pipe/mutex to clarify */ + /* Wait/do not wait for pipe/mutex to clarify */ CURLOPT(CURLOPT_PIPEWAIT, CURLOPTTYPE_LONG, 237), /* Set the protocol used when curl is given a URL without a protocol */ @@ -2014,7 +2021,7 @@ typedef enum { /* password for the SSL private key for proxy */ CURLOPT(CURLOPT_PROXY_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 258), - /* Specify which SSL ciphers to use for proxy */ + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use for proxy */ CURLOPT(CURLOPT_PROXY_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 259), /* CRL file for proxy */ @@ -2099,7 +2106,7 @@ typedef enum { /* alt-svc control bitmask */ CURLOPT(CURLOPT_ALTSVC_CTRL, CURLOPTTYPE_LONG, 286), - /* alt-svc cache file name to possibly read from/write to */ + /* alt-svc cache filename to possibly read from/write to */ CURLOPT(CURLOPT_ALTSVC, CURLOPTTYPE_STRINGPOINT, 287), /* maximum age (idle time) of a connection to consider it for reuse @@ -2125,13 +2132,13 @@ typedef enum { /* the EC curves requested by the TLS client (RFC 8422, 5.1); * OpenSSL support via 'set_groups'/'set_curves': - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/ */ CURLOPT(CURLOPT_SSL_EC_CURVES, CURLOPTTYPE_STRINGPOINT, 298), /* HSTS bitmask */ CURLOPT(CURLOPT_HSTS_CTRL, CURLOPTTYPE_LONG, 299), - /* HSTS file name */ + /* HSTS filename */ CURLOPT(CURLOPT_HSTS, CURLOPTTYPE_STRINGPOINT, 300), /* HSTS read callback */ @@ -2195,7 +2202,7 @@ typedef enum { /* specify which protocols that libcurl is allowed to follow directs to */ CURLOPT(CURLOPT_REDIR_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 319), - /* websockets options */ + /* WebSockets options */ CURLOPT(CURLOPT_WS_OPTIONS, CURLOPTTYPE_LONG, 320), /* CA cache timeout */ @@ -2210,9 +2217,12 @@ typedef enum { /* millisecond version */ CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, CURLOPTTYPE_LONG, 324), - /* set ECH configuration */ + /* set ECH configuration */ CURLOPT(CURLOPT_ECH, CURLOPTTYPE_STRINGPOINT, 325), + /* maximum number of keepalive probes (Linux, *BSD, macOS, etc.) */ + CURLOPT(CURLOPT_TCP_KEEPCNT, CURLOPTTYPE_LONG, 326), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -2263,9 +2273,9 @@ typedef enum { /* These enums are for use with the CURLOPT_HTTP_VERSION option. */ enum { - CURL_HTTP_VERSION_NONE, /* setting this means we don't care, and that we'd - like the library to choose the best possible - for us! */ + CURL_HTTP_VERSION_NONE, /* setting this means we do not care, and that we + would like the library to choose the best + possible for us! */ CURL_HTTP_VERSION_1_0, /* please use HTTP 1.0 in the request */ CURL_HTTP_VERSION_1_1, /* please use HTTP 1.1 in the request */ CURL_HTTP_VERSION_2_0, /* please use HTTP 2 in the request */ @@ -2425,7 +2435,7 @@ CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name); * * DESCRIPTION * - * Set mime part remote file name. + * Set mime part remote filename. */ CURL_EXTERN CURLcode curl_mime_filename(curl_mimepart *part, const char *filename); @@ -2634,7 +2644,7 @@ CURL_EXTERN char *curl_getenv(const char *variable); * * DESCRIPTION * - * Returns a static ascii string of the libcurl version. + * Returns a static ASCII string of the libcurl version. */ CURL_EXTERN char *curl_version(void); @@ -2706,10 +2716,10 @@ CURL_EXTERN CURLcode curl_global_init(long flags); * DESCRIPTION * * curl_global_init() or curl_global_init_mem() should be invoked exactly once - * for each application that uses libcurl. This function can be used to + * for each application that uses libcurl. This function can be used to * initialize libcurl and set user defined memory management callback - * functions. Users can implement memory management routines to check for - * memory leaks, check for mis-use of the curl library etc. User registered + * functions. Users can implement memory management routines to check for + * memory leaks, check for mis-use of the curl library etc. User registered * callback routines will be invoked by this library instead of the system * memory management routines like malloc, free etc. */ @@ -2827,7 +2837,7 @@ CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ struct curl_certinfo { int num_of_certs; /* number of certificates with information */ - struct curl_slist **certinfo; /* for each index in this array, there's a + struct curl_slist **certinfo; /* for each index in this array, there is a linked list with textual information for a certificate in the format "name:content". eg "Subject:foo", "Issuer:bar", etc. */ @@ -2942,7 +2952,8 @@ typedef enum { CURLINFO_CONN_ID = CURLINFO_OFF_T + 64, CURLINFO_QUEUE_TIME_T = CURLINFO_OFF_T + 65, CURLINFO_USED_PROXY = CURLINFO_LONG + 66, - CURLINFO_LASTONE = 66 + CURLINFO_POSTTRANSFER_TIME_T = CURLINFO_OFF_T + 67, + CURLINFO_LASTONE = 67 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as @@ -3018,7 +3029,7 @@ typedef enum { } CURLSHcode; typedef enum { - CURLSHOPT_NONE, /* don't use */ + CURLSHOPT_NONE, /* do not use */ CURLSHOPT_SHARE, /* specify a data type to share */ CURLSHOPT_UNSHARE, /* specify which data type to stop sharing */ CURLSHOPT_LOCKFUNC, /* pass in a 'curl_lock_function' pointer */ @@ -3177,7 +3188,7 @@ CURL_EXTERN curl_version_info_data *curl_version_info(CURLversion); * DESCRIPTION * * The curl_easy_strerror function may be used to turn a CURLcode value - * into the equivalent human readable error string. This is useful + * into the equivalent human readable error string. This is useful * for printing meaningful error messages. */ CURL_EXTERN const char *curl_easy_strerror(CURLcode); @@ -3188,7 +3199,7 @@ CURL_EXTERN const char *curl_easy_strerror(CURLcode); * DESCRIPTION * * The curl_share_strerror function may be used to turn a CURLSHcode value - * into the equivalent human readable error string. This is useful + * into the equivalent human readable error string. This is useful * for printing meaningful error messages. */ CURL_EXTERN const char *curl_share_strerror(CURLSHcode); @@ -3225,9 +3236,11 @@ CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); #include "options.h" #include "header.h" #include "websockets.h" +#ifndef CURL_SKIP_INCLUDE_MPRINTF #include "mprintf.h" +#endif -/* the typechecker doesn't work in C++ (yet) */ +/* the typechecker does not work in C++ (yet) */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \ !defined(__cplusplus) && !defined(CURL_DISABLE_TYPECHECK) diff --git a/vendor/hydra/vendor/curl/include/curl/curlver.h b/vendor/hydra/vendor/curl/include/curl/curlver.h index e53c33d5..673032f5 100644 --- a/vendor/hydra/vendor/curl/include/curl/curlver.h +++ b/vendor/hydra/vendor/curl/include/curl/curlver.h @@ -32,13 +32,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "8.8.0-DEV" +#define LIBCURL_VERSION "8.10.1-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 8 -#define LIBCURL_VERSION_MINOR 8 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_MINOR 10 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -48,7 +48,7 @@ Where XX, YY and ZZ are the main version, release and patch numbers in hexadecimal (using 8 bits each). All three numbers are always represented - using two digits. 1.2 would appear as "0x010200" while version 9.11.7 + using two digits. 1.2 would appear as "0x010200" while version 9.11.7 appears as "0x090b07". This 6-digit (24 bits) hexadecimal number does not show pre-release number, @@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x080800 +#define LIBCURL_VERSION_NUM 0x080a01 /* * This is the date and time when the full source package was created. The diff --git a/vendor/hydra/vendor/curl/include/curl/easy.h b/vendor/hydra/vendor/curl/include/curl/easy.h index 1285101c..71b8dd46 100644 --- a/vendor/hydra/vendor/curl/include/curl/easy.h +++ b/vendor/hydra/vendor/curl/include/curl/easy.h @@ -50,7 +50,7 @@ CURL_EXTERN void curl_easy_cleanup(CURL *curl); * * Request internal information from the curl session with this function. * The third argument MUST be pointing to the specific type of the used option - * which is documented in each man page of the option. The data pointed to + * which is documented in each manpage of the option. The data pointed to * will be filled in accordingly and can be relied upon only if the function * returns CURLE_OK. This function is intended to get used *AFTER* a performed * transfer, all results from this function are undefined until the transfer diff --git a/vendor/hydra/vendor/curl/include/curl/mprintf.h b/vendor/hydra/vendor/curl/include/curl/mprintf.h index 4f704548..88059c85 100644 --- a/vendor/hydra/vendor/curl/include/curl/mprintf.h +++ b/vendor/hydra/vendor/curl/include/curl/mprintf.h @@ -32,12 +32,18 @@ extern "C" { #endif -#if (defined(__GNUC__) || defined(__clang__)) && \ +#ifndef CURL_TEMP_PRINTF +#if (defined(__GNUC__) || defined(__clang__) || \ + defined(__IAR_SYSTEMS_ICC__)) && \ defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(CURL_NO_FMT_CHECKS) #if defined(__MINGW32__) && !defined(__clang__) +#if defined(__MINGW_PRINTF_FORMAT) /* mingw-w64 3.0.0+. Needs stdio.h. */ #define CURL_TEMP_PRINTF(fmt, arg) \ - __attribute__((format(gnu_printf, fmt, arg))) + __attribute__((format(__MINGW_PRINTF_FORMAT, fmt, arg))) +#else +#define CURL_TEMP_PRINTF(fmt, arg) +#endif #else #define CURL_TEMP_PRINTF(fmt, arg) \ __attribute__((format(printf, fmt, arg))) @@ -45,6 +51,7 @@ extern "C" { #else #define CURL_TEMP_PRINTF(fmt, arg) #endif +#endif CURL_EXTERN int curl_mprintf(const char *format, ...) CURL_TEMP_PRINTF(1, 2); diff --git a/vendor/hydra/vendor/curl/include/curl/multi.h b/vendor/hydra/vendor/curl/include/curl/multi.h index 561470ce..7b6c351a 100644 --- a/vendor/hydra/vendor/curl/include/curl/multi.h +++ b/vendor/hydra/vendor/curl/include/curl/multi.h @@ -24,7 +24,7 @@ * ***************************************************************************/ /* - This is an "external" header file. Don't give away any internals here! + This is an "external" header file. Do not give away any internals here! GOALS @@ -66,7 +66,7 @@ typedef enum { CURLM_OK, CURLM_BAD_HANDLE, /* the passed-in handle is not a valid CURLM handle */ CURLM_BAD_EASY_HANDLE, /* an easy handle was not good/valid */ - CURLM_OUT_OF_MEMORY, /* if you ever get this, you're in deep sh*t */ + CURLM_OUT_OF_MEMORY, /* if you ever get this, you are in deep sh*t */ CURLM_INTERNAL_ERROR, /* this is a libcurl bug */ CURLM_BAD_SOCKET, /* the passed in socket argument did not match */ CURLM_UNKNOWN_OPTION, /* curl_multi_setopt() with unsupported option */ @@ -109,7 +109,7 @@ struct CURLMsg { typedef struct CURLMsg CURLMsg; /* Based on poll(2) structure and values. - * We don't use pollfd and POLL* constants explicitly + * We do not use pollfd and POLL* constants explicitly * to cover platforms without poll(). */ #define CURL_WAIT_POLLIN 0x0001 #define CURL_WAIT_POLLPRI 0x0002 @@ -205,7 +205,7 @@ CURL_EXTERN CURLMcode curl_multi_wakeup(CURLM *multi_handle); /* * Name: curl_multi_perform() * - * Desc: When the app thinks there's data available for curl it calls this + * Desc: When the app thinks there is data available for curl it calls this * function to read/write whatever there is right now. This returns * as soon as the reads and writes are done. This function does not * require that there actually is data available for reading or that @@ -236,7 +236,7 @@ CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); /* * Name: curl_multi_info_read() * - * Desc: Ask the multi handle if there's any messages/informationals from + * Desc: Ask the multi handle if there is any messages/informationals from * the individual transfers. Messages include informationals such as * error code from the transfer or just the fact that a transfer is * completed. More details on these should be written down as well. @@ -253,7 +253,7 @@ CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); * we will provide the particular "transfer handle" in that struct * and that should/could/would be used in subsequent * curl_easy_getinfo() calls (or similar). The point being that we - * must never expose complex structs to applications, as then we'll + * must never expose complex structs to applications, as then we will * undoubtably get backwards compatibility problems in the future. * * Returns: A pointer to a filled-in struct, or NULL if it failed or ran out @@ -268,7 +268,7 @@ CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle, * Name: curl_multi_strerror() * * Desc: The curl_multi_strerror function may be used to turn a CURLMcode - * value into the equivalent human readable error string. This is + * value into the equivalent human readable error string. This is * useful for printing meaningful error messages. * * Returns: A pointer to a null-terminated error message. @@ -282,7 +282,7 @@ CURL_EXTERN const char *curl_multi_strerror(CURLMcode); * Desc: An alternative version of curl_multi_perform() that allows the * application to pass in one of the file descriptors that have been * detected to have "action" on them and let libcurl perform. - * See man page for details. + * See manpage for details. */ #define CURL_POLL_NONE 0 #define CURL_POLL_IN 1 diff --git a/vendor/hydra/vendor/curl/include/curl/system.h b/vendor/hydra/vendor/curl/include/curl/system.h index 81a1b817..e5be2568 100644 --- a/vendor/hydra/vendor/curl/include/curl/system.h +++ b/vendor/hydra/vendor/curl/include/curl/system.h @@ -31,7 +31,7 @@ * changed. * * In order to differentiate between platforms/compilers/architectures use - * only compiler built in predefined preprocessor symbols. + * only compiler built-in predefined preprocessor symbols. * * curl_off_t * ---------- @@ -46,7 +46,7 @@ * As a general rule, curl_off_t shall not be mapped to off_t. This rule shall * only be violated if off_t is the only 64-bit data type available and the * size of off_t is independent of large file support settings. Keep your - * build on the safe side avoiding an off_t gating. If you have a 64-bit + * build on the safe side avoiding an off_t gating. If you have a 64-bit * off_t then take for sure that another 64-bit data type exists, dig deeper * and you will find it. * @@ -402,7 +402,7 @@ # define CURL_PULL_SYS_SOCKET_H 1 #else -/* generic "safe guess" on old 32 bit style */ +/* generic "safe guess" on old 32-bit style */ # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" diff --git a/vendor/hydra/vendor/curl/include/curl/typecheck-gcc.h b/vendor/hydra/vendor/curl/include/curl/typecheck-gcc.h index 873a49e0..e532e699 100644 --- a/vendor/hydra/vendor/curl/include/curl/typecheck-gcc.h +++ b/vendor/hydra/vendor/curl/include/curl/typecheck-gcc.h @@ -34,11 +34,11 @@ * _curl_easy_setopt_err_sometype below * * NOTE: We use two nested 'if' statements here instead of the && operator, in - * order to work around gcc bug #32061. It affects only gcc 4.3.x/4.4.x + * order to work around gcc bug #32061. It affects only gcc 4.3.x/4.4.x * when compiling with -Wlogical-op. * - * To add an option that uses the same type as an existing option, you'll just - * need to extend the appropriate _curl_*_option macro + * To add an option that uses the same type as an existing option, you will + * just need to extend the appropriate _curl_*_option macro */ #define curl_easy_setopt(handle, option, value) \ __extension__({ \ @@ -245,7 +245,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, /* To add a new option to one of the groups, just add * (option) == CURLOPT_SOMETHING - * to the or-expression. If the option takes a long or curl_off_t, you don't + * to the or-expression. If the option takes a long or curl_off_t, you do not * have to do anything */ @@ -678,7 +678,7 @@ typedef CURLcode (*_curl_ssl_ctx_callback4)(CURL *, const void *, const void *); #ifdef HEADER_SSL_H /* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX - * this will of course break if we're included before OpenSSL headers... + * this will of course break if we are included before OpenSSL headers... */ typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX *, void *); typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX *, const void *); diff --git a/vendor/hydra/vendor/curl/include/curl/urlapi.h b/vendor/hydra/vendor/curl/include/curl/urlapi.h index 19388c3c..b4a6e5d5 100644 --- a/vendor/hydra/vendor/curl/include/curl/urlapi.h +++ b/vendor/hydra/vendor/curl/include/curl/urlapi.h @@ -97,11 +97,12 @@ typedef enum { #define CURLU_NO_AUTHORITY (1<<10) /* Allow empty authority when the scheme is unknown. */ #define CURLU_ALLOW_SPACE (1<<11) /* Allow spaces in the URL */ -#define CURLU_PUNYCODE (1<<12) /* get the host name in punycode */ +#define CURLU_PUNYCODE (1<<12) /* get the hostname in punycode */ #define CURLU_PUNY2IDN (1<<13) /* punycode => IDN conversion */ #define CURLU_GET_EMPTY (1<<14) /* allow empty queries and fragments when extracting the URL or the components */ +#define CURLU_NO_GUESS_SCHEME (1<<15) /* for get, do not accept a guess */ typedef struct Curl_URL CURLU; @@ -142,7 +143,7 @@ CURL_EXTERN CURLUcode curl_url_set(CURLU *handle, CURLUPart what, /* * curl_url_strerror() turns a CURLUcode value into the equivalent human - * readable error string. This is useful for printing meaningful error + * readable error string. This is useful for printing meaningful error * messages. */ CURL_EXTERN const char *curl_url_strerror(CURLUcode); diff --git a/vendor/hydra/vendor/curl/lib/altsvc.c b/vendor/hydra/vendor/curl/lib/altsvc.c index b72a5961..dcedc491 100644 --- a/vendor/hydra/vendor/curl/lib/altsvc.c +++ b/vendor/hydra/vendor/curl/lib/altsvc.c @@ -211,7 +211,7 @@ static CURLcode altsvc_load(struct altsvcinfo *asi, const char *file) CURLcode result = CURLE_OK; FILE *fp; - /* we need a private copy of the file name so that the altsvc cache file + /* we need a private copy of the filename so that the altsvc cache file name survives an easy handle reset */ free(asi->filename); asi->filename = strdup(file); @@ -270,7 +270,7 @@ static CURLcode altsvc_out(struct altsvc *as, FILE *fp) "%s %s%s%s %u " "\"%d%02d%02d " "%02d:%02d:%02d\" " - "%u %d\n", + "%u %u\n", Curl_alpnid2str(as->src.alpnid), src6_pre, as->src.host, src6_post, as->src.port, @@ -337,13 +337,13 @@ CURLcode Curl_altsvc_ctrl(struct altsvcinfo *asi, const long ctrl) */ void Curl_altsvc_cleanup(struct altsvcinfo **altsvcp) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; if(*altsvcp) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; struct altsvcinfo *altsvc = *altsvcp; - for(e = altsvc->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&altsvc->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); altsvc_free(as); } free(altsvc->filename); @@ -358,8 +358,6 @@ void Curl_altsvc_cleanup(struct altsvcinfo **altsvcp) CURLcode Curl_altsvc_save(struct Curl_easy *data, struct altsvcinfo *altsvc, const char *file) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; char *tempstore = NULL; @@ -373,17 +371,19 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, file = altsvc->filename; if((altsvc->flags & CURLALTSVC_READONLYFILE) || !file || !file[0]) - /* marked as read-only, no file or zero length file name */ + /* marked as read-only, no file or zero length filename */ return CURLE_OK; result = Curl_fopen(data, file, &out, &tempstore); if(!result) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); - for(e = altsvc->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&altsvc->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); result = altsvc_out(as, out); if(result) break; @@ -430,7 +430,7 @@ static bool hostcompare(const char *host, const char *check) if(hlen && (host[hlen - 1] == '.')) hlen--; if(hlen != clen) - /* they can't match if they have different lengths */ + /* they cannot match if they have different lengths */ return FALSE; return strncasecompare(host, check, hlen); } @@ -440,15 +440,15 @@ static bool hostcompare(const char *host, const char *check) static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid, const char *srchost, unsigned short srcport) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; - for(e = asi->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + struct Curl_llist_node *e; + struct Curl_llist_node *n; + for(e = Curl_llist_head(&asi->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); if((srcalpnid == as->src.alpnid) && (srcport == as->src.port) && hostcompare(srchost, as->src.host)) { - Curl_llist_remove(&asi->list, e, NULL); + Curl_node_remove(e); altsvc_free(as); } } @@ -462,7 +462,7 @@ static time_t altsvc_debugtime(void *unused) char *timestr = getenv("CURL_TIME"); (void)unused; if(timestr) { - unsigned long val = strtol(timestr, NULL, 10); + long val = strtol(timestr, NULL, 10); return (time_t)val; } return time(NULL); @@ -477,11 +477,11 @@ static time_t altsvc_debugtime(void *unused) * Curl_altsvc_parse() takes an incoming alt-svc response header and stores * the data correctly in the cache. * - * 'value' points to the header *value*. That's contents to the right of the + * 'value' points to the header *value*. That is contents to the right of the * header name. * * Currently this function rejects invalid data without returning an error. - * Invalid host name, port number will result in the specific alternative + * Invalid hostname, port number will result in the specific alternative * being rejected. Unknown protocols are skipped. */ CURLcode Curl_altsvc_parse(struct Curl_easy *data, @@ -531,7 +531,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, bool valid = TRUE; p++; if(*p != ':') { - /* host name starts here */ + /* hostname starts here */ const char *hostp = p; if(*p == '[') { /* pass all valid IPv6 letters - does not handle zone id */ @@ -549,7 +549,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, len = p - hostp; } if(!len || (len >= MAX_ALTSVC_HOSTLEN)) { - infof(data, "Excessive alt-svc host name, ignoring."); + infof(data, "Excessive alt-svc hostname, ignoring."); valid = FALSE; } else { @@ -624,7 +624,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, num = strtoul(value_ptr, &end_ptr, 10); if((end_ptr != value_ptr) && (num < ULONG_MAX)) { if(strcasecompare("ma", option)) - maxage = num; + maxage = (time_t)num; else if(strcasecompare("persist", option) && (num == 1)) persist = TRUE; } @@ -651,7 +651,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data, } else break; - /* after the double quote there can be a comma if there's another + /* after the double quote there can be a comma if there is another string or a semicolon if no more */ if(*p == ',') { /* comma means another alternative is presented */ @@ -677,26 +677,26 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi, struct altsvc **dstentry, const int versions) /* one or more bits */ { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; time_t now = time(NULL); DEBUGASSERT(asi); DEBUGASSERT(srchost); DEBUGASSERT(dstentry); - for(e = asi->list.head; e; e = n) { - struct altsvc *as = e->ptr; - n = e->next; + for(e = Curl_llist_head(&asi->list); e; e = n) { + struct altsvc *as = Curl_node_elem(e); + n = Curl_node_next(e); if(as->expires < now) { /* an expired entry, remove */ - Curl_llist_remove(&asi->list, e, NULL); + Curl_node_remove(e); altsvc_free(as); continue; } if((as->src.alpnid == srcalpnid) && hostcompare(srchost, as->src.host) && (as->src.port == srcport) && - (versions & as->dst.alpnid)) { + (versions & (int)as->dst.alpnid)) { /* match */ *dstentry = as; return TRUE; diff --git a/vendor/hydra/vendor/curl/lib/altsvc.h b/vendor/hydra/vendor/curl/lib/altsvc.h index 7fea1434..48999efb 100644 --- a/vendor/hydra/vendor/curl/lib/altsvc.h +++ b/vendor/hydra/vendor/curl/lib/altsvc.h @@ -47,8 +47,8 @@ struct altsvc { struct althost dst; time_t expires; bool persist; - int prio; - struct Curl_llist_element node; + unsigned int prio; + struct Curl_llist_node node; }; struct altsvcinfo { diff --git a/vendor/hydra/vendor/curl/lib/amigaos.c b/vendor/hydra/vendor/curl/lib/amigaos.c index 139309b1..1321c53c 100644 --- a/vendor/hydra/vendor/curl/lib/amigaos.c +++ b/vendor/hydra/vendor/curl/lib/amigaos.c @@ -117,7 +117,7 @@ void Curl_amiga_cleanup(void) #ifdef CURLRES_AMIGA /* - * Because we need to handle the different cases in hostip4.c at run-time, + * Because we need to handle the different cases in hostip4.c at runtime, * not at compile-time, based on what was detected in Curl_amiga_init(), * we replace it completely with our own as to not complicate the baseline * code. Assumes malloc/calloc/free are thread safe because Curl_he2ai() diff --git a/vendor/hydra/vendor/curl/lib/arpa_telnet.h b/vendor/hydra/vendor/curl/lib/arpa_telnet.h index 228b4466..d641a01d 100644 --- a/vendor/hydra/vendor/curl/lib/arpa_telnet.h +++ b/vendor/hydra/vendor/curl/lib/arpa_telnet.h @@ -77,7 +77,7 @@ static const char * const telnetoptions[]= #define CURL_GA 249 /* Go Ahead, reverse the line */ #define CURL_SB 250 /* SuBnegotiation */ #define CURL_WILL 251 /* Our side WILL use this option */ -#define CURL_WONT 252 /* Our side WON'T use this option */ +#define CURL_WONT 252 /* Our side will not use this option */ #define CURL_DO 253 /* DO use this option! */ #define CURL_DONT 254 /* DON'T use this option! */ #define CURL_IAC 255 /* Interpret As Command */ diff --git a/vendor/hydra/vendor/curl/lib/asyn-ares.c b/vendor/hydra/vendor/curl/lib/asyn-ares.c index 8fed6176..782e3ac6 100644 --- a/vendor/hydra/vendor/curl/lib/asyn-ares.c +++ b/vendor/hydra/vendor/curl/lib/asyn-ares.c @@ -65,7 +65,7 @@ # define CARES_STATICLIB #endif #include -#include /* really old c-ares didn't include this by +#include /* really old c-ares did not include this by itself */ #if ARES_VERSION >= 0x010500 @@ -112,8 +112,8 @@ struct thread_data { /* How long we are willing to wait for additional parallel responses after obtaining a "definitive" one. For old c-ares without getaddrinfo. - This is intended to equal the c-ares default timeout. cURL always uses that - default value. Unfortunately, c-ares doesn't expose its default timeout in + This is intended to equal the c-ares default timeout. cURL always uses that + default value. Unfortunately, c-ares does not expose its default timeout in its API, but it is officially documented as 5 seconds. See query_completed_cb() for an explanation of how this is used. @@ -126,8 +126,8 @@ static int ares_ver = 0; /* * Curl_resolver_global_init() - the generic low-level asynchronous name - * resolve API. Called from curl_global_init() to initialize global resolver - * environment. Initializes ares library. + * resolve API. Called from curl_global_init() to initialize global resolver + * environment. Initializes ares library. */ int Curl_resolver_global_init(void) { @@ -169,7 +169,7 @@ static void sock_state_cb(void *data, ares_socket_t socket_fd, * * Called from curl_easy_init() -> Curl_open() to initialize resolver * URL-state specific environment ('resolver' member of the UrlState - * structure). Fills the passed pointer by the initialized ares_channel. + * structure). Fills the passed pointer by the initialized ares_channel. */ CURLcode Curl_resolver_init(struct Curl_easy *easy, void **resolver) { @@ -211,7 +211,7 @@ CURLcode Curl_resolver_init(struct Curl_easy *easy, void **resolver) * * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver * URL-state specific environment ('resolver' member of the UrlState - * structure). Destroys the ares channel. + * structure). Destroys the ares channel. */ void Curl_resolver_cleanup(void *resolver) { @@ -222,7 +222,7 @@ void Curl_resolver_cleanup(void *resolver) * Curl_resolver_duphandle() * * Called from curl_easy_duphandle() to duplicate resolver URL-state specific - * environment ('resolver' member of the UrlState structure). Duplicates the + * environment ('resolver' member of the UrlState structure). Duplicates the * 'from' ares channel and passes the resulting channel to the 'to' pointer. */ CURLcode Curl_resolver_duphandle(struct Curl_easy *easy, void **to, void *from) @@ -250,12 +250,12 @@ void Curl_resolver_cancel(struct Curl_easy *data) } /* - * We're equivalent to Curl_resolver_cancel() for the c-ares resolver. We + * We are equivalent to Curl_resolver_cancel() for the c-ares resolver. We * never block. */ void Curl_resolver_kill(struct Curl_easy *data) { - /* We don't need to check the resolver state because we can be called safely + /* We do not need to check the resolver state because we can be called safely at any time and we always do the same thing. */ Curl_resolver_cancel(data); } @@ -280,7 +280,7 @@ static void destroy_async_data(struct Curl_async *async) /* * Curl_resolver_getsock() is called when someone from the outside world - * (using curl_multi_fdset()) wants to get our fd_set setup and we're talking + * (using curl_multi_fdset()) wants to get our fd_set setup and we are talking * with ares. The caller must make sure that this function is only called when * we have a working ares channel. * @@ -350,7 +350,7 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms) } if(num) { - nfds = Curl_poll(pfd, num, timeout_ms); + nfds = Curl_poll(pfd, (unsigned int)num, timeout_ms); if(nfds < 0) return -1; } @@ -359,7 +359,7 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms) if(!nfds) /* Call ares_process() unconditionally here, even if we simply timed out - above, as otherwise the ares name resolve won't timeout! */ + above, as otherwise the ares name resolve will not timeout! */ ares_process_fd((ares_channel)data->state.async.resolver, ARES_SOCKET_BAD, ARES_SOCKET_BAD); else { @@ -394,8 +394,8 @@ CURLcode Curl_resolver_is_resolved(struct Curl_easy *data, return CURLE_UNRECOVERABLE_POLL; #ifndef HAVE_CARES_GETADDRINFO - /* Now that we've checked for any last minute results above, see if there are - any responses still pending when the EXPIRE_HAPPY_EYEBALLS_DNS timer + /* Now that we have checked for any last minute results above, see if there + are any responses still pending when the EXPIRE_HAPPY_EYEBALLS_DNS timer expires. */ if(res && res->num_pending @@ -410,7 +410,7 @@ CURLcode Curl_resolver_is_resolved(struct Curl_easy *data, &res->happy_eyeballs_dns_time, 0, sizeof(res->happy_eyeballs_dns_time)); /* Cancel the raw c-ares request, which will fire query_completed_cb() with - ARES_ECANCELLED synchronously for all pending responses. This will + ARES_ECANCELLED synchronously for all pending responses. This will leave us with res->num_pending == 0, which is perfect for the next block. */ ares_cancel((ares_channel)data->state.async.resolver); @@ -523,7 +523,7 @@ CURLcode Curl_resolver_wait_resolv(struct Curl_easy *data, *entry = data->state.async.dns; if(result) - /* close the connection, since we can't return failure here without + /* close the connection, since we cannot return failure here without cleaning up this connection properly. */ connclose(data->conn, "c-ares resolve failed"); @@ -603,57 +603,57 @@ static void query_completed_cb(void *arg, /* (struct connectdata *) */ /* If there are responses still pending, we presume they must be the complementary IPv4 or IPv6 lookups that we started in parallel in - Curl_resolver_getaddrinfo() (for Happy Eyeballs). If we've got a + Curl_resolver_getaddrinfo() (for Happy Eyeballs). If we have got a "definitive" response from one of a set of parallel queries, we need to - think about how long we're willing to wait for more responses. */ + think about how long we are willing to wait for more responses. */ if(res->num_pending /* Only these c-ares status values count as "definitive" for these - purposes. For example, ARES_ENODATA is what we expect when there is - no IPv6 entry for a domain name, and that's not a reason to get more - aggressive in our timeouts for the other response. Other errors are + purposes. For example, ARES_ENODATA is what we expect when there is + no IPv6 entry for a domain name, and that is not a reason to get more + aggressive in our timeouts for the other response. Other errors are either a result of bad input (which should affect all parallel requests), local or network conditions, non-definitive server responses, or us cancelling the request. */ && (status == ARES_SUCCESS || status == ARES_ENOTFOUND)) { - /* Right now, there can only be up to two parallel queries, so don't + /* Right now, there can only be up to two parallel queries, so do not bother handling any other cases. */ DEBUGASSERT(res->num_pending == 1); - /* It's possible that one of these parallel queries could succeed - quickly, but the other could always fail or timeout (when we're + /* it is possible that one of these parallel queries could succeed + quickly, but the other could always fail or timeout (when we are talking to a pool of DNS servers that can only successfully resolve IPv4 address, for example). - It's also possible that the other request could always just take + it is also possible that the other request could always just take longer because it needs more time or only the second DNS server can - fulfill it successfully. But, to align with the philosophy of Happy - Eyeballs, we don't want to wait _too_ long or users will think - requests are slow when IPv6 lookups don't actually work (but IPv4 ones - do). + fulfill it successfully. But, to align with the philosophy of Happy + Eyeballs, we do not want to wait _too_ long or users will think + requests are slow when IPv6 lookups do not actually work (but IPv4 + ones do). So, now that we have a usable answer (some IPv4 addresses, some IPv6 addresses, or "no such domain"), we start a timeout for the remaining - pending responses. Even though it is typical that this resolved - request came back quickly, that needn't be the case. It might be that - this completing request didn't get a result from the first DNS server - or even the first round of the whole DNS server pool. So it could - already be quite some time after we issued the DNS queries in the - first place. Without modifying c-ares, we can't know exactly where in - its retry cycle we are. We could guess based on how much time has - gone by, but it doesn't really matter. Happy Eyeballs tells us that, - given usable information in hand, we simply don't want to wait "too - much longer" after we get a result. + pending responses. Even though it is typical that this resolved + request came back quickly, that needn't be the case. It might be that + this completing request did not get a result from the first DNS + server or even the first round of the whole DNS server pool. So it + could already be quite some time after we issued the DNS queries in + the first place. Without modifying c-ares, we cannot know exactly + where in its retry cycle we are. We could guess based on how much + time has gone by, but it does not really matter. Happy Eyeballs tells + us that, given usable information in hand, we simply do not want to + wait "too much longer" after we get a result. We simply wait an additional amount of time equal to the default - c-ares query timeout. That is enough time for a typical parallel - response to arrive without being "too long". Even on a network + c-ares query timeout. That is enough time for a typical parallel + response to arrive without being "too long". Even on a network where one of the two types of queries is failing or timing out constantly, this will usually mean we wait a total of the default c-ares timeout (5 seconds) plus the round trip time for the successful - request, which seems bearable. The downside is that c-ares might race + request, which seems bearable. The downside is that c-ares might race with us to issue one more retry just before we give up, but it seems better to "waste" that request instead of trying to guess the perfect - timeout to prevent it. After all, we don't even know where in the + timeout to prevent it. After all, we do not even know where in the c-ares retry cycle each request is. */ res->happy_eyeballs_dns_time = Curl_now(); @@ -849,8 +849,8 @@ CURLcode Curl_set_dns_servers(struct Curl_easy *data, /* If server is NULL or empty, this would purge all DNS servers * from ares library, which will cause any and all queries to fail. - * So, just return OK if none are configured and don't actually make - * any changes to c-ares. This lets c-ares use its defaults, which + * So, just return OK if none are configured and do not actually make + * any changes to c-ares. This lets c-ares use its defaults, which * it gets from the OS (for instance from /etc/resolv.conf on Linux). */ if(!(servers && servers[0])) diff --git a/vendor/hydra/vendor/curl/lib/asyn-thread.c b/vendor/hydra/vendor/curl/lib/asyn-thread.c index 1760d6cb..79b9c239 100644 --- a/vendor/hydra/vendor/curl/lib/asyn-thread.c +++ b/vendor/hydra/vendor/curl/lib/asyn-thread.c @@ -54,7 +54,6 @@ # define RESOLVER_ENOMEM ENOMEM #endif -#include "system_win32.h" #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -145,22 +144,9 @@ static bool init_resolve_thread(struct Curl_easy *data, const char *hostname, int port, const struct addrinfo *hints); -#ifdef _WIN32 -/* Thread sync data used by GetAddrInfoExW for win8+ */ -struct thread_sync_data_w8 -{ - OVERLAPPED overlapped; - ADDRINFOEXW_ *res; - HANDLE cancel_ev; - ADDRINFOEXW_ hints; -}; -#endif /* Data for synchronization between resolver thread and its parent */ struct thread_sync_data { -#ifdef _WIN32 - struct thread_sync_data_w8 w8; -#endif curl_mutex_t *mtx; int done; int port; @@ -168,7 +154,7 @@ struct thread_sync_data { duplicate */ #ifndef CURL_DISABLE_SOCKETPAIR struct Curl_easy *data; - curl_socket_t sock_pair[2]; /* socket pair */ + curl_socket_t sock_pair[2]; /* eventfd/pipes/socket pair */ #endif int sock_error; struct Curl_addrinfo *res; @@ -179,9 +165,6 @@ struct thread_sync_data { }; struct thread_data { -#ifdef _WIN32 - HANDLE complete_ev; -#endif curl_thread_t thread_hnd; unsigned int poll_interval; timediff_t interval_end; @@ -251,7 +234,7 @@ int init_thread_sync_data(struct thread_data *td, #ifndef CURL_DISABLE_SOCKETPAIR /* create socket pair or pipe */ - if(wakeup_create(&tsd->sock_pair[0]) < 0) { + if(wakeup_create(tsd->sock_pair, FALSE) < 0) { tsd->sock_pair[0] = CURL_SOCKET_BAD; tsd->sock_pair[1] = CURL_SOCKET_BAD; goto err_exit; @@ -286,158 +269,13 @@ static CURLcode getaddrinfo_complete(struct Curl_easy *data) result = Curl_addrinfo_callback(data, tsd->sock_error, tsd->res); /* The tsd->res structure has been copied to async.dns and perhaps the DNS - cache. Set our copy to NULL so destroy_thread_sync_data doesn't free it. + cache. Set our copy to NULL so destroy_thread_sync_data does not free it. */ tsd->res = NULL; return result; } -#ifdef _WIN32 -static VOID WINAPI -query_complete(DWORD err, DWORD bytes, LPWSAOVERLAPPED overlapped) -{ - size_t ss_size; - const ADDRINFOEXW_ *ai; - struct Curl_addrinfo *ca; - struct Curl_addrinfo *cafirst = NULL; - struct Curl_addrinfo *calast = NULL; -#ifdef __clang__ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wcast-align" -#endif - struct thread_sync_data *tsd = - CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlapped); -#ifdef __clang__ -#pragma clang diagnostic pop -#endif - struct thread_data *td = tsd->td; - const ADDRINFOEXW_ *res = tsd->w8.res; - int error = (int)err; - (void)bytes; - - if(error == ERROR_SUCCESS) { - /* traverse the addrinfo list */ - - for(ai = res; ai != NULL; ai = ai->ai_next) { - size_t namelen = ai->ai_canonname ? wcslen(ai->ai_canonname) + 1 : 0; - /* ignore elements with unsupported address family, */ - /* settle family-specific sockaddr structure size. */ - if(ai->ai_family == AF_INET) - ss_size = sizeof(struct sockaddr_in); -#ifdef USE_IPV6 - else if(ai->ai_family == AF_INET6) - ss_size = sizeof(struct sockaddr_in6); -#endif - else - continue; - - /* ignore elements without required address info */ - if(!ai->ai_addr || !(ai->ai_addrlen > 0)) - continue; - - /* ignore elements with bogus address size */ - if((size_t)ai->ai_addrlen < ss_size) - continue; - - ca = malloc(sizeof(struct Curl_addrinfo) + ss_size + namelen); - if(!ca) { - error = EAI_MEMORY; - break; - } - - /* copy each structure member individually, member ordering, */ - /* size, or padding might be different for each platform. */ - ca->ai_flags = ai->ai_flags; - ca->ai_family = ai->ai_family; - ca->ai_socktype = ai->ai_socktype; - ca->ai_protocol = ai->ai_protocol; - ca->ai_addrlen = (curl_socklen_t)ss_size; - ca->ai_addr = NULL; - ca->ai_canonname = NULL; - ca->ai_next = NULL; - - ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); - memcpy(ca->ai_addr, ai->ai_addr, ss_size); - - if(namelen) { - size_t i; - ca->ai_canonname = (void *)((char *)ca->ai_addr + ss_size); - for(i = 0; i < namelen; ++i) /* convert wide string to ascii */ - ca->ai_canonname[i] = (char)ai->ai_canonname[i]; - ca->ai_canonname[namelen] = '\0'; - } - - /* if the return list is empty, this becomes the first element */ - if(!cafirst) - cafirst = ca; - - /* add this element last in the return list */ - if(calast) - calast->ai_next = ca; - calast = ca; - } - - /* if we failed, also destroy the Curl_addrinfo list */ - if(error) { - Curl_freeaddrinfo(cafirst); - cafirst = NULL; - } - else if(!cafirst) { -#ifdef EAI_NONAME - /* rfc3493 conformant */ - error = EAI_NONAME; -#else - /* rfc3493 obsoleted */ - error = EAI_NODATA; -#endif -#ifdef USE_WINSOCK - SET_SOCKERRNO(error); -#endif - } - tsd->res = cafirst; - } - - if(tsd->w8.res) { - Curl_FreeAddrInfoExW(tsd->w8.res); - tsd->w8.res = NULL; - } - - if(error) { - tsd->sock_error = SOCKERRNO?SOCKERRNO:error; - if(tsd->sock_error == 0) - tsd->sock_error = RESOLVER_ENOMEM; - } - else { - Curl_addrinfo_set_port(tsd->res, tsd->port); - } - - Curl_mutex_acquire(tsd->mtx); - if(tsd->done) { - /* too late, gotta clean up the mess */ - Curl_mutex_release(tsd->mtx); - destroy_thread_sync_data(tsd); - free(td); - } - else { -#ifndef CURL_DISABLE_SOCKETPAIR - char buf[1]; - if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { - /* DNS has been resolved, signal client task */ - buf[0] = 1; - if(swrite(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { - /* update sock_erro to errno */ - tsd->sock_error = SOCKERRNO; - } - } -#endif - tsd->done = 1; - Curl_mutex_release(tsd->mtx); - if(td->complete_ev) - SetEvent(td->complete_ev); /* Notify caller that the query completed */ - } -} -#endif #ifdef HAVE_GETADDRINFO @@ -447,14 +285,25 @@ query_complete(DWORD err, DWORD bytes, LPWSAOVERLAPPED overlapped) * For builds without ARES, but with USE_IPV6, create a resolver thread * and wait on it. */ -static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) +static +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +DWORD +#else +unsigned int +#endif +CURL_STDCALL getaddrinfo_thread(void *arg) { struct thread_sync_data *tsd = (struct thread_sync_data *)arg; struct thread_data *td = tsd->td; char service[12]; int rc; #ifndef CURL_DISABLE_SOCKETPAIR +#ifdef USE_EVENTFD + const void *buf; + const uint64_t val = 1; +#else char buf[1]; +#endif #endif msnprintf(service, sizeof(service), "%d", tsd->port); @@ -480,9 +329,13 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) else { #ifndef CURL_DISABLE_SOCKETPAIR if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { - /* DNS has been resolved, signal client task */ +#ifdef USE_EVENTFD + buf = &val; +#else buf[0] = 1; - if(wakeup_write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { +#endif + /* DNS has been resolved, signal client task */ + if(wakeup_write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { /* update sock_erro to errno */ tsd->sock_error = SOCKERRNO; } @@ -500,7 +353,13 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) /* * gethostbyname_thread() resolves a name and then exits. */ -static unsigned int CURL_STDCALL gethostbyname_thread(void *arg) +static +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +DWORD +#else +unsigned int +#endif +CURL_STDCALL gethostbyname_thread(void *arg) { struct thread_sync_data *tsd = (struct thread_sync_data *)arg; struct thread_data *td = tsd->td; @@ -553,26 +412,9 @@ static void destroy_async_data(struct Curl_async *async) Curl_mutex_release(td->tsd.mtx); if(!done) { -#ifdef _WIN32 - if(td->complete_ev) { - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - } -#endif - if(td->thread_hnd != curl_thread_t_null) { - Curl_thread_destroy(td->thread_hnd); - td->thread_hnd = curl_thread_t_null; - } + Curl_thread_destroy(td->thread_hnd); } else { -#ifdef _WIN32 - if(td->complete_ev) { - Curl_GetAddrInfoExCancel(&td->tsd.w8.cancel_ev); - WaitForSingleObject(td->complete_ev, INFINITE); - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - } -#endif if(td->thread_hnd != curl_thread_t_null) Curl_thread_join(&td->thread_hnd); @@ -618,9 +460,6 @@ static bool init_resolve_thread(struct Curl_easy *data, asp->status = 0; asp->dns = NULL; td->thread_hnd = curl_thread_t_null; -#ifdef _WIN32 - td->complete_ev = NULL; -#endif if(!init_thread_sync_data(td, hostname, port, hints)) { asp->tdata = NULL; @@ -636,41 +475,6 @@ static bool init_resolve_thread(struct Curl_easy *data, /* The thread will set this to 1 when complete. */ td->tsd.done = 0; -#ifdef _WIN32 - if(Curl_isWindows8OrGreater && Curl_FreeAddrInfoExW && - Curl_GetAddrInfoExCancel && Curl_GetAddrInfoExW) { -#define MAX_NAME_LEN 256 /* max domain name is 253 chars */ -#define MAX_PORT_LEN 8 - WCHAR namebuf[MAX_NAME_LEN]; - WCHAR portbuf[MAX_PORT_LEN]; - /* calculate required length */ - int w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, hostname, - -1, NULL, 0); - if((w_len > 0) && (w_len < MAX_NAME_LEN)) { - /* do utf8 conversion */ - w_len = MultiByteToWideChar(CP_UTF8, 0, hostname, -1, namebuf, w_len); - if((w_len > 0) && (w_len < MAX_NAME_LEN)) { - swprintf(portbuf, MAX_PORT_LEN, L"%d", port); - td->tsd.w8.hints.ai_family = hints->ai_family; - td->tsd.w8.hints.ai_socktype = hints->ai_socktype; - td->complete_ev = CreateEvent(NULL, TRUE, FALSE, NULL); - if(!td->complete_ev) { - /* failed to start, mark it as done here for proper cleanup. */ - td->tsd.done = 1; - goto err_exit; - } - err = Curl_GetAddrInfoExW(namebuf, portbuf, NS_DNS, - NULL, &td->tsd.w8.hints, &td->tsd.w8.res, - NULL, &td->tsd.w8.overlapped, - &query_complete, &td->tsd.w8.cancel_ev); - if(err != WSA_IO_PENDING) - query_complete(err, 0, &td->tsd.w8.overlapped); - return TRUE; - } - } - } -#endif - #ifdef HAVE_GETADDRINFO td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd); #else @@ -707,23 +511,9 @@ static CURLcode thread_wait_resolv(struct Curl_easy *data, DEBUGASSERT(data); td = data->state.async.tdata; DEBUGASSERT(td); -#ifdef _WIN32 - DEBUGASSERT(td->complete_ev || td->thread_hnd != curl_thread_t_null); -#else DEBUGASSERT(td->thread_hnd != curl_thread_t_null); -#endif /* wait for the thread to resolve the name */ -#ifdef _WIN32 - if(td->complete_ev) { - WaitForSingleObject(td->complete_ev, INFINITE); - CloseHandle(td->complete_ev); - td->complete_ev = NULL; - if(entry) - result = getaddrinfo_complete(data); - } - else -#endif if(Curl_thread_join(&td->thread_hnd)) { if(entry) result = getaddrinfo_complete(data); @@ -757,16 +547,9 @@ void Curl_resolver_kill(struct Curl_easy *data) { struct thread_data *td = data->state.async.tdata; - /* If we're still resolving, we must wait for the threads to fully clean up, - unfortunately. Otherwise, we can simply cancel to clean up any resolver + /* If we are still resolving, we must wait for the threads to fully clean up, + unfortunately. Otherwise, we can simply cancel to clean up any resolver data. */ -#ifdef _WIN32 - if(td && td->complete_ev) { - Curl_GetAddrInfoExCancel(&td->tsd.w8.cancel_ev); - (void)thread_wait_resolv(data, NULL, FALSE); - } - else -#endif if(td && td->thread_hnd != curl_thread_t_null && (data->set.quick_exit != 1L)) (void)thread_wait_resolv(data, NULL, FALSE); @@ -829,7 +612,7 @@ CURLcode Curl_resolver_is_resolved(struct Curl_easy *data, } else { /* poll for name lookup done with exponential backoff up to 250ms */ - /* should be fine even if this converts to 32 bit */ + /* should be fine even if this converts to 32-bit */ timediff_t elapsed = Curl_timediff(Curl_now(), data->progress.t_startsingle); if(elapsed < 0) diff --git a/vendor/hydra/vendor/curl/lib/asyn.h b/vendor/hydra/vendor/curl/lib/asyn.h index 7e207c4f..0ff20488 100644 --- a/vendor/hydra/vendor/curl/lib/asyn.h +++ b/vendor/hydra/vendor/curl/lib/asyn.h @@ -58,7 +58,7 @@ void Curl_resolver_global_cleanup(void); * Curl_resolver_init() * Called from curl_easy_init() -> Curl_open() to initialize resolver * URL-state specific environment ('resolver' member of the UrlState - * structure). Should fill the passed pointer by the initialized handler. + * structure). Should fill the passed pointer by the initialized handler. * Returning anything else than CURLE_OK fails curl_easy_init() with the * correspondent code. */ @@ -68,7 +68,7 @@ CURLcode Curl_resolver_init(struct Curl_easy *easy, void **resolver); * Curl_resolver_cleanup() * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver * URL-state specific environment ('resolver' member of the UrlState - * structure). Should destroy the handler and free all resources connected to + * structure). Should destroy the handler and free all resources connected to * it. */ void Curl_resolver_cleanup(void *resolver); @@ -76,9 +76,9 @@ void Curl_resolver_cleanup(void *resolver); /* * Curl_resolver_duphandle() * Called from curl_easy_duphandle() to duplicate resolver URL-state specific - * environment ('resolver' member of the UrlState structure). Should + * environment ('resolver' member of the UrlState structure). Should * duplicate the 'from' handle and pass the resulting handle to the 'to' - * pointer. Returning anything else than CURLE_OK causes failed + * pointer. Returning anything else than CURLE_OK causes failed * curl_easy_duphandle() call. */ CURLcode Curl_resolver_duphandle(struct Curl_easy *easy, void **to, @@ -89,7 +89,7 @@ CURLcode Curl_resolver_duphandle(struct Curl_easy *easy, void **to, * * It is called from inside other functions to cancel currently performing * resolver request. Should also free any temporary resources allocated to - * perform a request. This never waits for resolver threads to complete. + * perform a request. This never waits for resolver threads to complete. * * It is safe to call this when conn is in any state. */ @@ -99,8 +99,8 @@ void Curl_resolver_cancel(struct Curl_easy *data); * Curl_resolver_kill(). * * This acts like Curl_resolver_cancel() except it will block until any threads - * associated with the resolver are complete. This never blocks for resolvers - * that do not use threads. This is intended to be the "last chance" function + * associated with the resolver are complete. This never blocks for resolvers + * that do not use threads. This is intended to be the "last chance" function * that cleans up an in-progress resolver completely (before its owner is about * to die). * @@ -161,7 +161,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, int *waitp); #ifndef CURLRES_ASYNCH -/* convert these functions if an asynch resolver isn't used */ +/* convert these functions if an asynch resolver is not used */ #define Curl_resolver_cancel(x) Curl_nop_stmt #define Curl_resolver_kill(x) Curl_nop_stmt #define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST diff --git a/vendor/hydra/vendor/curl/lib/bufq.c b/vendor/hydra/vendor/curl/lib/bufq.c index c3245516..46e6eaa3 100644 --- a/vendor/hydra/vendor/curl/lib/bufq.c +++ b/vendor/hydra/vendor/curl/lib/bufq.c @@ -91,6 +91,23 @@ static size_t chunk_read(struct buf_chunk *chunk, } } +static size_t chunk_unwrite(struct buf_chunk *chunk, size_t len) +{ + size_t n = chunk->w_offset - chunk->r_offset; + DEBUGASSERT(chunk->w_offset >= chunk->r_offset); + if(!n) { + return 0; + } + else if(n <= len) { + chunk->r_offset = chunk->w_offset = 0; + return n; + } + else { + chunk->w_offset -= len; + return len; + } +} + static ssize_t chunk_slurpn(struct buf_chunk *chunk, size_t max_len, Curl_bufq_reader *reader, void *reader_ctx, CURLcode *err) @@ -363,6 +380,49 @@ static void prune_head(struct bufq *q) } } +static struct buf_chunk *chunk_prev(struct buf_chunk *head, + struct buf_chunk *chunk) +{ + while(head) { + if(head == chunk) + return NULL; + if(head->next == chunk) + return head; + head = head->next; + } + return NULL; +} + +static void prune_tail(struct bufq *q) +{ + struct buf_chunk *chunk; + + while(q->tail && chunk_is_empty(q->tail)) { + chunk = q->tail; + q->tail = chunk_prev(q->head, chunk); + if(q->tail) + q->tail->next = NULL; + if(q->head == chunk) + q->head = q->tail; + if(q->pool) { + bufcp_put(q->pool, chunk); + --q->chunk_count; + } + else if((q->chunk_count > q->max_chunks) || + (q->opts & BUFQ_OPT_NO_SPARES)) { + /* SOFT_LIMIT allowed us more than max. free spares until + * we are at max again. Or free them if we are configured + * to not use spares. */ + free(chunk); + --q->chunk_count; + } + else { + chunk->next = q->spare; + q->spare = chunk; + } + } +} + static struct buf_chunk *get_non_full_tail(struct bufq *q) { struct buf_chunk *chunk; @@ -428,6 +488,15 @@ CURLcode Curl_bufq_cwrite(struct bufq *q, return result; } +CURLcode Curl_bufq_unwrite(struct bufq *q, size_t len) +{ + while(len && q->tail) { + len -= chunk_unwrite(q->head, len); + prune_tail(q); + } + return len? CURLE_AGAIN : CURLE_OK; +} + ssize_t Curl_bufq_read(struct bufq *q, unsigned char *buf, size_t len, CURLcode *err) { diff --git a/vendor/hydra/vendor/curl/lib/bufq.h b/vendor/hydra/vendor/curl/lib/bufq.h index 87ffa45d..ec415648 100644 --- a/vendor/hydra/vendor/curl/lib/bufq.h +++ b/vendor/hydra/vendor/curl/lib/bufq.h @@ -182,6 +182,12 @@ CURLcode Curl_bufq_cwrite(struct bufq *q, const char *buf, size_t len, size_t *pnwritten); +/** + * Remove `len` bytes from the end of the buffer queue again. + * Returns CURLE_AGAIN if less than `len` bytes were in the queue. + */ +CURLcode Curl_bufq_unwrite(struct bufq *q, size_t len); + /** * Read buf from the start of the buffer queue. The buf is copied * and the amount of copied bytes is returned. diff --git a/vendor/hydra/vendor/curl/lib/bufref.c b/vendor/hydra/vendor/curl/lib/bufref.c index f0a0e2a7..f048b570 100644 --- a/vendor/hydra/vendor/curl/lib/bufref.c +++ b/vendor/hydra/vendor/curl/lib/bufref.c @@ -48,7 +48,7 @@ void Curl_bufref_init(struct bufref *br) } /* - * Free the buffer and re-init the necessary fields. It doesn't touch the + * Free the buffer and re-init the necessary fields. It does not touch the * 'signature' field and thus this buffer reference can be reused. */ diff --git a/vendor/hydra/vendor/curl/lib/c-hyper.c b/vendor/hydra/vendor/curl/lib/c-hyper.c index 0593d970..a9a62d0a 100644 --- a/vendor/hydra/vendor/curl/lib/c-hyper.c +++ b/vendor/hydra/vendor/curl/lib/c-hyper.c @@ -119,7 +119,7 @@ size_t Curl_hyper_send(void *userp, hyper_context *ctx, DEBUGF(infof(data, "Curl_hyper_send(%zu)", buflen)); result = Curl_conn_send(data, io_ctx->sockindex, - (void *)buf, buflen, &nwrote); + (void *)buf, buflen, FALSE, &nwrote); if(result == CURLE_AGAIN) { DEBUGF(infof(data, "Curl_hyper_send(%zu) -> EAGAIN", buflen)); /* would block, register interest */ @@ -206,7 +206,7 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) struct SingleRequest *k = &data->req; CURLcode result = CURLE_OK; - if(0 == k->bodywrites) { + if(!k->bodywritten) { #if defined(USE_NTLM) struct connectdata *conn = data->conn; if(conn->bits.close && @@ -324,7 +324,7 @@ static CURLcode empty_header(struct Curl_easy *data) result = hyper_each_header(data, NULL, 0, NULL, 0) ? CURLE_WRITE_ERROR : CURLE_OK; if(result) - failf(data, "hyperstream: couldn't pass blank header"); + failf(data, "hyperstream: could not pass blank header"); /* Hyper does chunked decoding itself. If it was added during * response header processing, remove it again. */ Curl_cwriter_remove_by_name(data, "chunked"); @@ -352,6 +352,8 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, (void)conn; if(data->hyp.send_body_waker) { + /* If there is still something to upload, wake it to give it + * another try. */ hyper_waker_wake(data->hyp.send_body_waker); data->hyp.send_body_waker = NULL; } @@ -367,7 +369,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, h->write_waker = NULL; } - do { + while(1) { hyper_task_return_type t; task = hyper_executor_poll(h->exec); if(!task) { @@ -391,22 +393,22 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, switch(code) { case HYPERE_ABORTED_BY_CALLBACK: result = CURLE_OK; - break; + goto out; case HYPERE_UNEXPECTED_EOF: if(!data->req.bytecount) result = CURLE_GOT_NOTHING; else result = CURLE_RECV_ERROR; - break; + goto out; case HYPERE_INVALID_PEER_MESSAGE: /* bump headerbytecount to avoid the count remaining at zero and appearing to not having read anything from the peer at all */ data->req.headerbytecount++; result = CURLE_UNSUPPORTED_PROTOCOL; /* maybe */ - break; + goto out; default: result = CURLE_RECV_ERROR; - break; + goto out; } } data->req.done = TRUE; @@ -416,115 +418,127 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, else if(t == HYPER_TASK_EMPTY) { void *userdata = hyper_task_userdata(task); hyper_task_free(task); - if((userdata_t)userdata == USERDATA_RESP_BODY) { + if(userdata == (void *)USERDATA_RESP_BODY) { /* end of transfer */ data->req.done = TRUE; infof(data, "hyperstream is done"); - if(!k->bodywrites) { - /* hyper doesn't always call the body write callback */ + if(!k->bodywritten) { + /* hyper does not always call the body write callback */ result = Curl_http_firstwrite(data); } break; } else { /* A background task for hyper; ignore */ + DEBUGF(infof(data, "hyper: some background task done")); continue; } } + else if(t == HYPER_TASK_RESPONSE) { + resp = hyper_task_value(task); + hyper_task_free(task); - DEBUGASSERT(HYPER_TASK_RESPONSE); - - resp = hyper_task_value(task); - hyper_task_free(task); - - *didwhat = KEEP_RECV; - if(!resp) { - failf(data, "hyperstream: couldn't get response"); - return CURLE_RECV_ERROR; - } + *didwhat = KEEP_RECV; + if(!resp) { + failf(data, "hyperstream: could not get response"); + result = CURLE_RECV_ERROR; + goto out; + } - http_status = hyper_response_status(resp); - http_version = hyper_response_version(resp); - reasonp = hyper_response_reason_phrase(resp); - reason_len = hyper_response_reason_phrase_len(resp); + http_status = hyper_response_status(resp); + http_version = hyper_response_version(resp); + reasonp = hyper_response_reason_phrase(resp); + reason_len = hyper_response_reason_phrase_len(resp); - if(http_status == 417 && Curl_http_exp100_is_selected(data)) { - infof(data, "Got 417 while waiting for a 100"); - data->state.disableexpect = TRUE; - data->req.newurl = strdup(data->state.url); - Curl_req_abort_sending(data); - } + if(http_status == 417 && Curl_http_exp100_is_selected(data)) { + infof(data, "Got 417 while waiting for a 100"); + data->state.disableexpect = TRUE; + data->req.newurl = strdup(data->state.url); + Curl_req_abort_sending(data); + } - result = status_line(data, conn, - http_status, http_version, reasonp, reason_len); - if(result) - break; + result = status_line(data, conn, + http_status, http_version, reasonp, reason_len); + if(result) + goto out; - headers = hyper_response_headers(resp); - if(!headers) { - failf(data, "hyperstream: couldn't get response headers"); - result = CURLE_RECV_ERROR; - break; - } + headers = hyper_response_headers(resp); + if(!headers) { + failf(data, "hyperstream: could not get response headers"); + result = CURLE_RECV_ERROR; + goto out; + } - /* the headers are already received */ - hyper_headers_foreach(headers, hyper_each_header, data); - if(data->state.hresult) { - result = data->state.hresult; - break; - } + /* the headers are already received */ + hyper_headers_foreach(headers, hyper_each_header, data); + if(data->state.hresult) { + result = data->state.hresult; + goto out; + } - result = empty_header(data); - if(result) - break; + result = empty_header(data); + if(result) + goto out; - k->deductheadercount = - (100 <= http_status && 199 >= http_status)?k->headerbytecount:0; + k->deductheadercount = + (100 <= http_status && 199 >= http_status)?k->headerbytecount:0; #ifdef USE_WEBSOCKETS - if(k->upgr101 == UPGR101_WS) { - if(http_status == 101) { - /* verify the response */ - result = Curl_ws_accept(data, NULL, 0); - if(result) - return result; - } - else { - failf(data, "Expected 101, got %u", k->httpcode); - result = CURLE_HTTP_RETURNED_ERROR; - break; + if(k->upgr101 == UPGR101_WS) { + if(http_status == 101) { + /* verify the response */ + result = Curl_ws_accept(data, NULL, 0); + if(result) + goto out; + } + else { + failf(data, "Expected 101, got %u", k->httpcode); + result = CURLE_HTTP_RETURNED_ERROR; + goto out; + } } - } #endif - /* Curl_http_auth_act() checks what authentication methods that are - * available and decides which one (if any) to use. It will set 'newurl' - * if an auth method was picked. */ - result = Curl_http_auth_act(data); - if(result) - break; + /* Curl_http_auth_act() checks what authentication methods that are + * available and decides which one (if any) to use. It will set 'newurl' + * if an auth method was picked. */ + result = Curl_http_auth_act(data); + if(result) + goto out; - resp_body = hyper_response_body(resp); - if(!resp_body) { - failf(data, "hyperstream: couldn't get response body"); - result = CURLE_RECV_ERROR; - break; - } - foreach = hyper_body_foreach(resp_body, hyper_body_chunk, data); - if(!foreach) { - failf(data, "hyperstream: body foreach failed"); - result = CURLE_OUT_OF_MEMORY; - break; + resp_body = hyper_response_body(resp); + if(!resp_body) { + failf(data, "hyperstream: could not get response body"); + result = CURLE_RECV_ERROR; + goto out; + } + foreach = hyper_body_foreach(resp_body, hyper_body_chunk, data); + if(!foreach) { + failf(data, "hyperstream: body foreach failed"); + result = CURLE_OUT_OF_MEMORY; + goto out; + } + hyper_task_set_userdata(foreach, (void *)USERDATA_RESP_BODY); + if(HYPERE_OK != hyper_executor_push(h->exec, foreach)) { + failf(data, "Couldn't hyper_executor_push the body-foreach"); + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + hyper_response_free(resp); + resp = NULL; } - hyper_task_set_userdata(foreach, (void *)USERDATA_RESP_BODY); - if(HYPERE_OK != hyper_executor_push(h->exec, foreach)) { - failf(data, "Couldn't hyper_executor_push the body-foreach"); - result = CURLE_OUT_OF_MEMORY; - break; + else { + DEBUGF(infof(data, "hyper: unhandled tasktype %x", t)); } + } /* while(1) */ - hyper_response_free(resp); - resp = NULL; - } while(1); + if(!result && Curl_xfer_needs_flush(data)) { + DEBUGF(infof(data, "Curl_hyper_stream(), connection needs flush")); + result = Curl_xfer_flush(data); + } + +out: + DEBUGF(infof(data, "Curl_hyper_stream() -> %d", result)); if(resp) hyper_response_free(resp); return result; @@ -669,12 +683,15 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, goto out; } /* increasing the writebytecount here is a little premature but we - don't know exactly when the body is sent */ + do not know exactly when the body is sent */ data->req.writebytecount += fillcount; + if(eos) + data->req.eos_read = TRUE; Curl_pgrsSetUploadCounter(data, data->req.writebytecount); rc = HYPER_POLL_READY; } else if(eos) { + data->req.eos_read = TRUE; *chunk = NULL; rc = HYPER_POLL_READY; } @@ -686,9 +703,15 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, rc = HYPER_POLL_PENDING; } + if(!data->req.upload_done && data->req.eos_read) { + DEBUGF(infof(data, "hyper: uploadstreamed(), upload is done")); + result = Curl_req_set_upload_done(data); + } + out: Curl_multi_xfer_ulbuf_release(data, xfer_ulbuf); data->state.hresult = result; + DEBUGF(infof(data, "hyper: uploadstreamed() -> %d", result)); return rc; } @@ -702,8 +725,9 @@ static CURLcode finalize_request(struct Curl_easy *data, { CURLcode result = CURLE_OK; struct dynbuf req; - if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) + if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) { Curl_pgrsSetUploadSize(data, 0); /* no request body */ + } else { hyper_body *body; Curl_dyn_init(&req, DYN_HTTP_REQUEST); @@ -772,7 +796,7 @@ static void http1xx_cb(void *arg, struct hyper_response *resp) if(!result) { headers = hyper_response_headers(resp); if(!headers) { - failf(data, "hyperstream: couldn't get 1xx response headers"); + failf(data, "hyperstream: could not get 1xx response headers"); result = CURLE_RECV_ERROR; } } @@ -821,21 +845,21 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) *done = TRUE; result = Curl_client_start(data); if(result) - return result; + goto out; /* Add collecting of headers written to client. For a new connection, * we might have done that already, but reuse * or multiplex needs it here as well. */ result = Curl_headers_init(data); if(result) - return result; + goto out; infof(data, "Time for the Hyper dance"); memset(h, 0, sizeof(struct hyptransfer)); result = Curl_http_host(data, conn); if(result) - return result; + goto out; Curl_http_method(data, conn, &method, &httpreq); @@ -846,33 +870,35 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) char *pq = NULL; if(data->state.up.query) { pq = aprintf("%s?%s", data->state.up.path, data->state.up.query); - if(!pq) - return CURLE_OUT_OF_MEMORY; + if(!pq) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } } result = Curl_http_output_auth(data, conn, method, httpreq, (pq ? pq : data->state.up.path), FALSE); free(pq); if(result) - return result; + goto out; } result = Curl_http_req_set_reader(data, httpreq, &te); if(result) - goto error; + goto out; result = Curl_http_range(data, httpreq); if(result) - return result; + goto out; result = Curl_http_useragent(data); if(result) - return result; + goto out; io = hyper_io_new(); if(!io) { failf(data, "Couldn't create hyper IO"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } /* tell Hyper how to read/write network data */ h->io_ctx.data = data; @@ -887,7 +913,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!h->exec) { failf(data, "Couldn't create hyper executor"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } } @@ -895,12 +921,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!options) { failf(data, "Couldn't create hyper client options"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(conn->alpn == CURL_HTTP_VERSION_2) { failf(data, "ALPN protocol h2 not supported with Hyper"); result = CURLE_UNSUPPORTED_PROTOCOL; - goto error; + goto out; } hyper_clientconn_options_set_preserve_header_case(options, 1); hyper_clientconn_options_set_preserve_header_order(options, 1); @@ -913,7 +939,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!handshake) { failf(data, "Couldn't create hyper client handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } io = NULL; options = NULL; @@ -921,7 +947,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) { failf(data, "Couldn't hyper_executor_push the handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } handshake = NULL; /* ownership passed on */ @@ -929,7 +955,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!task) { failf(data, "Couldn't hyper_executor_poll the handshake"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } client = hyper_task_value(task); @@ -939,7 +965,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!req) { failf(data, "Couldn't hyper_request_new"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(!Curl_use_http_1_1plus(data, conn)) { @@ -947,57 +973,57 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) HYPER_HTTP_VERSION_1_0)) { failf(data, "error setting HTTP version"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } } if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) { failf(data, "error setting method"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } result = request_target(data, conn, method, req); if(result) - goto error; + goto out; headers = hyper_request_headers(req); if(!headers) { failf(data, "hyper_request_headers"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } rc = hyper_request_on_informational(req, http1xx_cb, data); if(rc) { result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } if(data->state.aptr.host) { result = Curl_hyper_header(data, headers, data->state.aptr.host); if(result) - goto error; + goto out; } #ifndef CURL_DISABLE_PROXY if(data->state.aptr.proxyuserpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd); if(result) - goto error; + goto out; } #endif if(data->state.aptr.userpwd) { result = Curl_hyper_header(data, headers, data->state.aptr.userpwd); if(result) - goto error; + goto out; } if((data->state.use_range && data->state.aptr.rangeline)) { result = Curl_hyper_header(data, headers, data->state.aptr.rangeline); if(result) - goto error; + goto out; } if(data->set.str[STRING_USERAGENT] && @@ -1005,7 +1031,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) data->state.aptr.uagent) { result = Curl_hyper_header(data, headers, data->state.aptr.uagent); if(result) - goto error; + goto out; } p_accept = Curl_checkheaders(data, @@ -1013,12 +1039,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(p_accept) { result = Curl_hyper_header(data, headers, p_accept); if(result) - goto error; + goto out; } if(te) { result = Curl_hyper_header(data, headers, te); if(result) - goto error; + goto out; } #ifndef CURL_DISABLE_ALTSVC @@ -1027,11 +1053,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) conn->conn_to_host.name, conn->conn_to_port); if(!altused) { result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } result = Curl_hyper_header(data, headers, altused); if(result) - goto error; + goto out; free(altused); } #endif @@ -1042,7 +1068,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) - goto error; + goto out; } #endif @@ -1054,17 +1080,17 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) else result = Curl_hyper_header(data, headers, data->state.aptr.ref); if(result) - goto error; + goto out; } #ifdef HAVE_LIBZ /* we only consider transfer-encoding magic if libz support is built-in */ result = Curl_transferencode(data); if(result) - goto error; + goto out; result = Curl_hyper_header(data, headers, data->state.aptr.te); if(result) - goto error; + goto out; #endif if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && @@ -1078,29 +1104,29 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_hyper_header(data, headers, data->state.aptr.accept_encoding); if(result) - goto error; + goto out; } else Curl_safefree(data->state.aptr.accept_encoding); result = cookies(data, conn, headers); if(result) - goto error; + goto out; if(!result && conn->handler->protocol&(CURLPROTO_WS|CURLPROTO_WSS)) result = Curl_ws_request(data, headers); result = Curl_add_timecondition(data, headers); if(result) - goto error; + goto out; result = Curl_add_custom_headers(data, FALSE, headers); if(result) - goto error; + goto out; result = finalize_request(data, headers, req, httpreq); if(result) - goto error; + goto out; Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); @@ -1114,14 +1140,14 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!sendtask) { failf(data, "hyper_clientconn_send"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } req = NULL; if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) { failf(data, "Couldn't hyper_executor_push the send"); result = CURLE_OUT_OF_MEMORY; - goto error; + goto out; } sendtask = NULL; /* ownership passed on */ @@ -1131,9 +1157,12 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) { /* HTTP GET/HEAD download */ Curl_pgrsSetUploadSize(data, 0); /* nothing */ + result = Curl_req_set_upload_done(data); + if(result) + goto out; } - Curl_xfer_setup(data, FIRSTSOCKET, -1, TRUE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SENDRECV, -1, TRUE); conn->datastream = Curl_hyper_stream; /* clear userpwd and proxyuserpwd to avoid reusing old credentials @@ -1142,24 +1171,20 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); #endif - return CURLE_OK; -error: - DEBUGASSERT(result); - if(io) - hyper_io_free(io); - - if(options) - hyper_clientconn_options_free(options); - - if(handshake) - hyper_task_free(handshake); - - if(client) - hyper_clientconn_free(client); - - if(req) - hyper_request_free(req); +out: + if(result) { + if(io) + hyper_io_free(io); + if(options) + hyper_clientconn_options_free(options); + if(handshake) + hyper_task_free(handshake); + if(client) + hyper_clientconn_free(client); + if(req) + hyper_request_free(req); + } return result; } @@ -1206,6 +1231,7 @@ static const struct Curl_crtype cr_hyper_protocol = { Curl_creader_def_resume_from, Curl_creader_def_rewind, cr_hyper_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct Curl_creader) }; diff --git a/vendor/hydra/vendor/curl/lib/cf-h1-proxy.c b/vendor/hydra/vendor/curl/lib/cf-h1-proxy.c index 093c33be..6de33d0e 100644 --- a/vendor/hydra/vendor/curl/lib/cf-h1-proxy.c +++ b/vendor/hydra/vendor/curl/lib/cf-h1-proxy.c @@ -65,7 +65,6 @@ typedef enum { /* struct for HTTP CONNECT tunneling */ struct h1_tunnel_state { - struct HTTP CONNECT; struct dynbuf rcvbuf; struct dynbuf request_data; size_t nsent; @@ -182,8 +181,8 @@ static void h1_tunnel_go_state(struct Curl_cfilter *cf, data->info.httpcode = 0; /* clear it as it might've been used for the proxy */ /* If a proxy-authorization header was used for the proxy, then we should - make sure that it isn't accidentally used for the document request - after we've connected. So let's free and clear it here. */ + make sure that it is not accidentally used for the document request + after we have connected. So let's free and clear it here. */ Curl_safefree(data->state.aptr.proxyuserpwd); #ifdef USE_HYPER data->state.hconnect = FALSE; @@ -222,8 +221,8 @@ static CURLcode start_CONNECT(struct Curl_cfilter *cf, int http_minor; CURLcode result; - /* This only happens if we've looped here due to authentication - reasons, and we don't really use the newly cloned URL here + /* This only happens if we have looped here due to authentication + reasons, and we do not really use the newly cloned URL here then. Just free() it. */ Curl_safefree(data->req.newurl); @@ -267,7 +266,7 @@ static CURLcode send_CONNECT(struct Curl_cfilter *cf, blen -= ts->nsent; buf += ts->nsent; - nwritten = cf->next->cft->do_send(cf->next, data, buf, blen, &result); + nwritten = cf->next->cft->do_send(cf->next, data, buf, blen, FALSE, &result); if(nwritten < 0) { if(result == CURLE_AGAIN) { result = CURLE_OK; @@ -422,7 +421,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, if(ts->cl) { /* A Content-Length based body: simply count down the counter - and make sure to break out of the loop when we're done! */ + and make sure to break out of the loop when we are done! */ ts->cl--; if(ts->cl <= 0) { ts->keepon = KEEPON_DONE; @@ -440,7 +439,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, if(result) return result; if(Curl_httpchunk_is_done(data, &ts->ch)) { - /* we're done reading chunks! */ + /* we are done reading chunks! */ infof(data, "chunk reading DONE"); ts->keepon = KEEPON_DONE; } @@ -475,7 +474,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, if(result) return result; - /* Newlines are CRLF, so the CR is ignored as the line isn't + /* Newlines are CRLF, so the CR is ignored as the line is not really terminated until the LF comes. Treat a following CR as end-of-headers as well.*/ @@ -490,15 +489,14 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, ts->keepon = KEEPON_IGNORE; if(ts->cl) { - infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T - " bytes of response-body", ts->cl); + infof(data, "Ignore %" FMT_OFF_T " bytes of response-body", ts->cl); } else if(ts->chunked_encoding) { infof(data, "Ignore chunked response-body"); } else { /* without content-length or chunked encoding, we - can't keep the connection alive since the close is + cannot keep the connection alive since the close is the end signal so we bail out at once instead */ CURL_TRC_CF(data, cf, "CONNECT: no content-length or chunked"); ts->keepon = KEEPON_DONE; @@ -518,7 +516,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, return result; Curl_dyn_reset(&ts->rcvbuf); - } /* while there's buffer left and loop is requested */ + } /* while there is buffer left and loop is requested */ if(error) result = CURLE_RECV_ERROR; @@ -666,8 +664,8 @@ static CURLcode start_CONNECT(struct Curl_cfilter *cf, goto error; } - /* This only happens if we've looped here due to authentication - reasons, and we don't really use the newly cloned URL here + /* This only happens if we have looped here due to authentication + reasons, and we do not really use the newly cloned URL here then. Just free() it. */ Curl_safefree(data->req.newurl); @@ -955,7 +953,7 @@ static CURLcode H1_CONNECT(struct Curl_cfilter *cf, DEBUGASSERT(ts->tunnel_state == H1_TUNNEL_RESPONSE); if(data->info.httpproxycode/100 != 2) { - /* a non-2xx response and we have no next url to try. */ + /* a non-2xx response and we have no next URL to try. */ Curl_safefree(data->req.newurl); /* failure, close this connection to avoid reuse */ streamclose(conn, "proxy CONNECT failure"); @@ -1034,9 +1032,9 @@ static void cf_h1_proxy_adjust_pollset(struct Curl_cfilter *cf, * and not waiting on something, we are tunneling. */ curl_socket_t sock = Curl_conn_cf_get_socket(cf, data); if(ts) { - /* when we've sent a CONNECT to a proxy, we should rather either + /* when we have sent a CONNECT to a proxy, we should rather either wait for the socket to become readable to be able to get the - response headers or if we're still sending the request, wait + response headers or if we are still sending the request, wait for write. */ if(tunnel_want_send(ts)) Curl_pollset_set_out_only(data, ps, sock); @@ -1077,6 +1075,7 @@ struct Curl_cftype Curl_cft_h1_proxy = { cf_h1_proxy_destroy, cf_h1_proxy_connect, cf_h1_proxy_close, + Curl_cf_def_shutdown, Curl_cf_http_proxy_get_host, cf_h1_proxy_adjust_pollset, Curl_cf_def_data_pending, diff --git a/vendor/hydra/vendor/curl/lib/cf-h2-proxy.c b/vendor/hydra/vendor/curl/lib/cf-h2-proxy.c index 0bff15f3..0a60ae47 100644 --- a/vendor/hydra/vendor/curl/lib/cf-h2-proxy.c +++ b/vendor/hydra/vendor/curl/lib/cf-h2-proxy.c @@ -73,7 +73,6 @@ struct tunnel_stream { char *authority; int32_t stream_id; uint32_t error; - size_t upload_blocked_len; h2_tunnel_state state; BIT(has_final_response); BIT(closed); @@ -162,8 +161,8 @@ static void h2_tunnel_go_state(struct Curl_cfilter *cf, CURL_TRC_CF(data, cf, "[%d] new tunnel state 'failed'", ts->stream_id); ts->state = new_state; /* If a proxy-authorization header was used for the proxy, then we should - make sure that it isn't accidentally used for the document request - after we've connected. So let's free and clear it here. */ + make sure that it is not accidentally used for the document request + after we have connected. So let's free and clear it here. */ Curl_safefree(data->state.aptr.proxyuserpwd); break; } @@ -181,7 +180,8 @@ struct cf_h2_proxy_ctx { int32_t goaway_error; int32_t last_stream_id; BIT(conn_closed); - BIT(goaway); + BIT(rcvd_goaway); + BIT(sent_goaway); BIT(nw_out_blocked); }; @@ -216,11 +216,13 @@ static void drain_tunnel(struct Curl_cfilter *cf, struct Curl_easy *data, struct tunnel_stream *tunnel) { + struct cf_h2_proxy_ctx *ctx = cf->ctx; unsigned char bits; (void)cf; bits = CURL_CSELECT_IN; - if(!tunnel->closed && !tunnel->reset && tunnel->upload_blocked_len) + if(!tunnel->closed && !tunnel->reset && + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) bits |= CURL_CSELECT_OUT; if(data->state.select_bits != bits) { CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", @@ -259,7 +261,7 @@ static ssize_t proxy_h2_nw_out_writer(void *writer_ctx, if(cf) { struct Curl_easy *data = CF_DATA_CURRENT(cf); nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, buflen, - err); + FALSE, err); CURL_TRC_CF(data, cf, "[0] nw_out_writer(len=%zu) -> %zd, %d", buflen, nwritten, *err); } @@ -694,7 +696,7 @@ static int proxy_h2_on_frame_recv(nghttp2_session *session, } break; case NGHTTP2_GOAWAY: - ctx->goaway = TRUE; + ctx->rcvd_goaway = TRUE; break; default: break; @@ -1078,7 +1080,7 @@ static CURLcode H2_CONNECT(struct Curl_cfilter *cf, } while(ts->state == H2_TUNNEL_INIT); out: - if(result || ctx->tunnel.closed) + if((result && (result != CURLE_AGAIN)) || ctx->tunnel.closed) h2_tunnel_go_state(cf, ts, H2_TUNNEL_FAILED, data); return result; } @@ -1166,6 +1168,50 @@ static void cf_h2_proxy_destroy(struct Curl_cfilter *cf, } } +static CURLcode cf_h2_proxy_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + struct cf_h2_proxy_ctx *ctx = cf->ctx; + struct cf_call_data save; + CURLcode result; + int rv; + + if(!cf->connected || !ctx->h2 || cf->shutdown || ctx->conn_closed) { + *done = TRUE; + return CURLE_OK; + } + + CF_DATA_SAVE(save, cf, data); + + if(!ctx->sent_goaway) { + rv = nghttp2_submit_goaway(ctx->h2, NGHTTP2_FLAG_NONE, + 0, 0, + (const uint8_t *)"shutdown", + sizeof("shutdown")); + if(rv) { + failf(data, "nghttp2_submit_goaway() failed: %s(%d)", + nghttp2_strerror(rv), rv); + result = CURLE_SEND_ERROR; + goto out; + } + ctx->sent_goaway = TRUE; + } + /* GOAWAY submitted, process egress and ingress until nghttp2 is done. */ + result = CURLE_OK; + if(nghttp2_session_want_write(ctx->h2)) + result = proxy_h2_progress_egress(cf, data); + if(!result && nghttp2_session_want_read(ctx->h2)) + result = proxy_h2_progress_ingress(cf, data); + + *done = (ctx->conn_closed || + (!result && !nghttp2_session_want_write(ctx->h2) && + !nghttp2_session_want_read(ctx->h2))); +out: + CF_DATA_RESTORE(cf, save); + cf->shutdown = (result || *done); + return result; +} + static bool cf_h2_proxy_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) { @@ -1182,12 +1228,20 @@ static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, struct easy_pollset *ps) { struct cf_h2_proxy_ctx *ctx = cf->ctx; + struct cf_call_data save; curl_socket_t sock = Curl_conn_cf_get_socket(cf, data); bool want_recv, want_send; - Curl_pollset_check(data, ps, sock, &want_recv, &want_send); + if(!cf->connected && ctx->h2) { + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); + want_recv = nghttp2_session_want_read(ctx->h2); + } + else + Curl_pollset_check(data, ps, sock, &want_recv, &want_send); + if(ctx->h2 && (want_recv || want_send)) { - struct cf_call_data save; bool c_exhaust, s_exhaust; CF_DATA_SAVE(save, cf, data); @@ -1197,9 +1251,25 @@ static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, ctx->h2, ctx->tunnel.stream_id); want_recv = (want_recv || c_exhaust || s_exhaust); want_send = (!s_exhaust && want_send) || - (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + (!c_exhaust && nghttp2_session_want_write(ctx->h2)) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); Curl_pollset_set(data, ps, sock, want_recv, want_send); + CURL_TRC_CF(data, cf, "adjust_pollset, want_recv=%d want_send=%d", + want_recv, want_send); + CF_DATA_RESTORE(cf, save); + } + else if(ctx->sent_goaway && !cf->shutdown) { + /* shutdown in progress */ + CF_DATA_SAVE(save, cf, data); + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf); + want_recv = nghttp2_session_want_read(ctx->h2); + Curl_pollset_set(data, ps, sock, want_recv, want_send); + CURL_TRC_CF(data, cf, "adjust_pollset, want_recv=%d want_send=%d", + want_recv, want_send); CF_DATA_RESTORE(cf, save); } } @@ -1214,7 +1284,7 @@ static ssize_t h2_handle_tunnel_close(struct Curl_cfilter *cf, if(ctx->tunnel.error == NGHTTP2_REFUSED_STREAM) { CURL_TRC_CF(data, cf, "[%d] REFUSED_STREAM, try again on a new " "connection", ctx->tunnel.stream_id); - connclose(cf->conn, "REFUSED_STREAM"); /* don't use this anymore */ + connclose(cf->conn, "REFUSED_STREAM"); /* do not use this anymore */ *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */ return -1; } @@ -1259,7 +1329,8 @@ static ssize_t tunnel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } else if(ctx->tunnel.reset || (ctx->conn_closed && Curl_bufq_is_empty(&ctx->inbufq)) || - (ctx->goaway && ctx->last_stream_id < ctx->tunnel.stream_id)) { + (ctx->rcvd_goaway && + ctx->last_stream_id < ctx->tunnel.stream_id)) { *err = CURLE_RECV_ERROR; nread = -1; } @@ -1305,16 +1376,7 @@ static ssize_t cf_h2_proxy_recv(struct Curl_cfilter *cf, } result = proxy_h2_progress_egress(cf, data); - if(result == CURLE_AGAIN) { - /* pending data to send, need to be called again. Ideally, we'd - * monitor the socket for POLLOUT, but we might not be in SENDING - * transfer state any longer and are unable to make this happen. - */ - CURL_TRC_CF(data, cf, "[%d] egress blocked, DRAIN", - ctx->tunnel.stream_id); - drain_tunnel(cf, data, &ctx->tunnel); - } - else if(result) { + if(result && (result != CURLE_AGAIN)) { *err = result; nread = -1; } @@ -1334,15 +1396,16 @@ static ssize_t cf_h2_proxy_recv(struct Curl_cfilter *cf, static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_h2_proxy_ctx *ctx = cf->ctx; struct cf_call_data save; int rv; ssize_t nwritten; CURLcode result; - int blocked = 0; + (void)eos; /* TODO, maybe useful for blocks? */ if(ctx->tunnel.state != H2_TUNNEL_ESTABLISHED) { *err = CURLE_SEND_ERROR; return -1; @@ -1354,29 +1417,10 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, *err = CURLE_SEND_ERROR; goto out; } - else if(ctx->tunnel.upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - DEBUGASSERT(len >= ctx->tunnel.upload_blocked_len); - if(len < ctx->tunnel.upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/2 proxy, send again with decreased length"); - *err = CURLE_HTTP2; - nwritten = -1; - goto out; - } - nwritten = (ssize_t)ctx->tunnel.upload_blocked_len; - ctx->tunnel.upload_blocked_len = 0; - *err = CURLE_OK; - } else { nwritten = Curl_bufq_write(&ctx->tunnel.sendbuf, buf, len, err); - if(nwritten < 0) { - if(*err != CURLE_AGAIN) - goto out; - nwritten = 0; - } + if(nwritten < 0 && (*err != CURLE_AGAIN)) + goto out; } if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { @@ -1399,52 +1443,13 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, /* Call the nghttp2 send loop and flush to write ALL buffered data, * headers and/or request body completely out to the network */ result = proxy_h2_progress_egress(cf, data); - if(result == CURLE_AGAIN) { - blocked = 1; - } - else if(result) { + if(result && (result != CURLE_AGAIN)) { *err = result; nwritten = -1; goto out; } - else if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { - /* although we wrote everything that nghttp2 wants to send now, - * there is data left in our stream send buffer unwritten. This may - * be due to the stream's HTTP/2 flow window being exhausted. */ - blocked = 1; - } - - if(blocked) { - /* Unable to send all data, due to connection blocked or H2 window - * exhaustion. Data is left in our stream buffer, or nghttp2's internal - * frame buffer or our network out buffer. */ - size_t rwin = nghttp2_session_get_stream_remote_window_size( - ctx->h2, ctx->tunnel.stream_id); - if(rwin == 0) { - /* H2 flow window exhaustion. - * FIXME: there is no way to HOLD all transfers that use this - * proxy connection AND to UNHOLD all of them again when the - * window increases. - * We *could* iterate over all data on this conn maybe? */ - CURL_TRC_CF(data, cf, "[%d] remote flow " - "window is exhausted", ctx->tunnel.stream_id); - } - /* Whatever the cause, we need to return CURL_EAGAIN for this call. - * We have unwritten state that needs us being invoked again and EAGAIN - * is the only way to ensure that. */ - ctx->tunnel.upload_blocked_len = nwritten; - CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) BLOCK: win %u/%zu " - "blocked_len=%zu", - ctx->tunnel.stream_id, len, - nghttp2_session_get_remote_window_size(ctx->h2), rwin, - nwritten); - drain_tunnel(cf, data, &ctx->tunnel); - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - else if(proxy_h2_should_close_session(ctx)) { + if(proxy_h2_should_close_session(ctx)) { /* nghttp2 thinks this session is done. If the stream has not been * closed, this is an error state for out transfer */ if(ctx->tunnel.closed) { @@ -1477,6 +1482,38 @@ static ssize_t cf_h2_proxy_send(struct Curl_cfilter *cf, return nwritten; } +static CURLcode cf_h2_proxy_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_h2_proxy_ctx *ctx = cf->ctx; + struct cf_call_data save; + CURLcode result = CURLE_OK; + + CF_DATA_SAVE(save, cf, data); + if(!Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { + /* resume the potentially suspended tunnel */ + int rv = nghttp2_session_resume_data(ctx->h2, ctx->tunnel.stream_id); + if(nghttp2_is_fatal(rv)) { + result = CURLE_SEND_ERROR; + goto out; + } + } + + result = proxy_h2_progress_egress(cf, data); + +out: + CURL_TRC_CF(data, cf, "[%d] flush -> %d, " + "h2 windows %d-%d (stream-conn), buffers %zu-%zu (stream-conn)", + ctx->tunnel.stream_id, result, + nghttp2_session_get_stream_remote_window_size( + ctx->h2, ctx->tunnel.stream_id), + nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&ctx->tunnel.sendbuf), + Curl_bufq_len(&ctx->outbufq)); + CF_DATA_RESTORE(cf, save); + return result; +} + static bool proxy_h2_connisalive(struct Curl_cfilter *cf, struct Curl_easy *data, bool *input_pending) @@ -1489,8 +1526,8 @@ static bool proxy_h2_connisalive(struct Curl_cfilter *cf, return FALSE; if(*input_pending) { - /* This happens before we've sent off a request and the connection is - not in use by any other transfer, there shouldn't be any data here, + /* This happens before we have sent off a request and the connection is + not in use by any other transfer, there should not be any data here, only "protocol frames" */ CURLcode result; ssize_t nread = -1; @@ -1530,6 +1567,52 @@ static bool cf_h2_proxy_is_alive(struct Curl_cfilter *cf, return result; } +static CURLcode cf_h2_proxy_query(struct Curl_cfilter *cf, + struct Curl_easy *data, + int query, int *pres1, void *pres2) +{ + struct cf_h2_proxy_ctx *ctx = cf->ctx; + + switch(query) { + case CF_QUERY_NEED_FLUSH: { + if(!Curl_bufq_is_empty(&ctx->outbufq) || + !Curl_bufq_is_empty(&ctx->tunnel.sendbuf)) { + CURL_TRC_CF(data, cf, "needs flush"); + *pres1 = TRUE; + return CURLE_OK; + } + break; + } + default: + break; + } + return cf->next? + cf->next->cft->query(cf->next, data, query, pres1, pres2) : + CURLE_UNKNOWN_OPTION; +} + +static CURLcode cf_h2_proxy_cntrl(struct Curl_cfilter *cf, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + CURLcode result = CURLE_OK; + struct cf_call_data save; + + (void)arg1; + (void)arg2; + + switch(event) { + case CF_CTRL_FLUSH: + CF_DATA_SAVE(save, cf, data); + result = cf_h2_proxy_flush(cf, data); + CF_DATA_RESTORE(cf, save); + break; + default: + break; + } + return result; +} + struct Curl_cftype Curl_cft_h2_proxy = { "H2-PROXY", CF_TYPE_IP_CONNECT|CF_TYPE_PROXY, @@ -1537,15 +1620,16 @@ struct Curl_cftype Curl_cft_h2_proxy = { cf_h2_proxy_destroy, cf_h2_proxy_connect, cf_h2_proxy_close, + cf_h2_proxy_shutdown, Curl_cf_http_proxy_get_host, cf_h2_proxy_adjust_pollset, cf_h2_proxy_data_pending, cf_h2_proxy_send, cf_h2_proxy_recv, - Curl_cf_def_cntrl, + cf_h2_proxy_cntrl, cf_h2_proxy_is_alive, Curl_cf_def_conn_keep_alive, - Curl_cf_def_query, + cf_h2_proxy_query, }; CURLcode Curl_cf_h2_proxy_insert_after(struct Curl_cfilter *cf, diff --git a/vendor/hydra/vendor/curl/lib/cf-haproxy.c b/vendor/hydra/vendor/curl/lib/cf-haproxy.c index 2abc4d75..0fc7625c 100644 --- a/vendor/hydra/vendor/curl/lib/cf-haproxy.c +++ b/vendor/hydra/vendor/curl/lib/cf-haproxy.c @@ -70,8 +70,9 @@ static CURLcode cf_haproxy_date_out_set(struct Curl_cfilter*cf, { struct cf_haproxy_ctx *ctx = cf->ctx; CURLcode result; - const char *tcp_version; const char *client_ip; + struct ip_quadruple ipquad; + int is_ipv6; DEBUGASSERT(ctx); DEBUGASSERT(ctx->state == HAPROXY_INIT); @@ -81,19 +82,20 @@ static CURLcode cf_haproxy_date_out_set(struct Curl_cfilter*cf, result = Curl_dyn_addn(&ctx->data_out, STRCONST("PROXY UNKNOWN\r\n")); else { #endif /* USE_UNIX_SOCKETS */ + result = Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad); + if(result) + return result; + /* Emit the correct prefix for IPv6 */ - tcp_version = cf->conn->bits.ipv6 ? "TCP6" : "TCP4"; if(data->set.str[STRING_HAPROXY_CLIENT_IP]) client_ip = data->set.str[STRING_HAPROXY_CLIENT_IP]; else - client_ip = data->info.primary.local_ip; + client_ip = ipquad.local_ip; result = Curl_dyn_addf(&ctx->data_out, "PROXY %s %s %s %i %i\r\n", - tcp_version, - client_ip, - data->info.primary.remote_ip, - data->info.primary.local_port, - data->info.primary.remote_port); + is_ipv6? "TCP6" : "TCP4", + client_ip, ipquad.remote_ip, + ipquad.local_port, ipquad.remote_port); #ifdef USE_UNIX_SOCKETS } @@ -129,17 +131,17 @@ static CURLcode cf_haproxy_connect(struct Curl_cfilter *cf, case HAPROXY_SEND: len = Curl_dyn_len(&ctx->data_out); if(len > 0) { - size_t written; - result = Curl_conn_send(data, cf->sockindex, - Curl_dyn_ptr(&ctx->data_out), - len, &written); - if(result == CURLE_AGAIN) { + ssize_t nwritten; + nwritten = Curl_conn_cf_send(cf->next, data, + Curl_dyn_ptr(&ctx->data_out), len, FALSE, + &result); + if(nwritten < 0) { + if(result != CURLE_AGAIN) + goto out; result = CURLE_OK; - written = 0; + nwritten = 0; } - else if(result) - goto out; - Curl_dyn_tail(&ctx->data_out, len - written); + Curl_dyn_tail(&ctx->data_out, len - (size_t)nwritten); if(Curl_dyn_len(&ctx->data_out) > 0) { result = CURLE_OK; goto out; @@ -194,6 +196,7 @@ struct Curl_cftype Curl_cft_haproxy = { cf_haproxy_destroy, cf_haproxy_connect, cf_haproxy_close, + Curl_cf_def_shutdown, Curl_cf_def_get_host, cf_haproxy_adjust_pollset, Curl_cf_def_data_pending, diff --git a/vendor/hydra/vendor/curl/lib/cf-https-connect.c b/vendor/hydra/vendor/curl/lib/cf-https-connect.c index 50ac8d4b..bc715987 100644 --- a/vendor/hydra/vendor/curl/lib/cf-https-connect.c +++ b/vendor/hydra/vendor/curl/lib/cf-https-connect.c @@ -55,7 +55,8 @@ struct cf_hc_baller { CURLcode result; struct curltime started; int reply_ms; - bool enabled; + BIT(enabled); + BIT(shutdown); }; static void cf_hc_baller_reset(struct cf_hc_baller *b, @@ -95,6 +96,21 @@ static bool cf_hc_baller_data_pending(struct cf_hc_baller *b, return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data); } +static bool cf_hc_baller_needs_flush(struct cf_hc_baller *b, + struct Curl_easy *data) +{ + return b->cf && !b->result && Curl_conn_cf_needs_flush(b->cf, data); +} + +static CURLcode cf_hc_baller_cntrl(struct cf_hc_baller *b, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + if(b->cf && !b->result) + return Curl_conn_cf_cntrl(b->cf, data, FALSE, event, arg1, arg2); + return CURLE_OK; +} + struct cf_hc_ctx { cf_hc_state state; const struct Curl_dns_entry *remotehost; @@ -173,7 +189,6 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, switch(cf->conn->alpn) { case CURL_HTTP_VERSION_3: - infof(data, "using HTTP/3"); break; case CURL_HTTP_VERSION_2: #ifdef USE_NGHTTP2 @@ -186,16 +201,12 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, return result; } #endif - infof(data, "using HTTP/2"); break; default: - infof(data, "using HTTP/1.x"); break; } ctx->state = CF_HC_SUCCESS; cf->connected = TRUE; - Curl_conn_cf_cntrl(cf->next, data, TRUE, - CF_CTRL_CONN_INFO_UPDATE, 0, NULL); return result; } @@ -322,6 +333,49 @@ static CURLcode cf_hc_connect(struct Curl_cfilter *cf, return result; } +static CURLcode cf_hc_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + struct cf_hc_ctx *ctx = cf->ctx; + struct cf_hc_baller *ballers[2]; + size_t i; + CURLcode result = CURLE_OK; + + DEBUGASSERT(data); + if(cf->connected) { + *done = TRUE; + return CURLE_OK; + } + + /* shutdown all ballers that have not done so already. If one fails, + * continue shutting down others until all are shutdown. */ + ballers[0] = &ctx->h3_baller; + ballers[1] = &ctx->h21_baller; + for(i = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) { + struct cf_hc_baller *b = ballers[i]; + bool bdone = FALSE; + if(!cf_hc_baller_is_active(b) || b->shutdown) + continue; + b->result = b->cf->cft->do_shutdown(b->cf, data, &bdone); + if(b->result || bdone) + b->shutdown = TRUE; /* treat a failed shutdown as done */ + } + + *done = TRUE; + for(i = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) { + if(ballers[i] && !ballers[i]->shutdown) + *done = FALSE; + } + if(*done) { + for(i = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) { + if(ballers[i] && ballers[i]->result) + result = ballers[i]->result; + } + } + CURL_TRC_CF(data, cf, "shutdown -> %d, done=%d", result, *done); + return result; +} + static void cf_hc_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) @@ -384,6 +438,8 @@ static CURLcode cf_hc_query(struct Curl_cfilter *cf, struct Curl_easy *data, int query, int *pres1, void *pres2) { + struct cf_hc_ctx *ctx = cf->ctx; + if(!cf->connected) { switch(query) { case CF_QUERY_TIMER_CONNECT: { @@ -396,6 +452,14 @@ static CURLcode cf_hc_query(struct Curl_cfilter *cf, *when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT); return CURLE_OK; } + case CF_QUERY_NEED_FLUSH: { + if(cf_hc_baller_needs_flush(&ctx->h3_baller, data) + || cf_hc_baller_needs_flush(&ctx->h21_baller, data)) { + *pres1 = TRUE; + return CURLE_OK; + } + break; + } default: break; } @@ -405,6 +469,23 @@ static CURLcode cf_hc_query(struct Curl_cfilter *cf, CURLE_UNKNOWN_OPTION; } +static CURLcode cf_hc_cntrl(struct Curl_cfilter *cf, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + struct cf_hc_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(!cf->connected) { + result = cf_hc_baller_cntrl(&ctx->h3_baller, data, event, arg1, arg2); + if(!result || (result == CURLE_AGAIN)) + result = cf_hc_baller_cntrl(&ctx->h21_baller, data, event, arg1, arg2); + if(result == CURLE_AGAIN) + result = CURLE_OK; + } + return result; +} + static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data) { CURL_TRC_CF(data, cf, "close"); @@ -434,12 +515,13 @@ struct Curl_cftype Curl_cft_http_connect = { cf_hc_destroy, cf_hc_connect, cf_hc_close, + cf_hc_shutdown, Curl_cf_def_get_host, cf_hc_adjust_pollset, cf_hc_data_pending, Curl_cf_def_send, Curl_cf_def_recv, - Curl_cf_def_cntrl, + cf_hc_cntrl, Curl_cf_def_conn_is_alive, Curl_cf_def_conn_keep_alive, cf_hc_query, @@ -510,7 +592,7 @@ CURLcode Curl_cf_https_setup(struct Curl_easy *data, if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) { result = Curl_conn_may_http3(data, conn); - if(result) /* can't do it */ + if(result) /* cannot do it */ goto out; try_h3 = TRUE; try_h21 = FALSE; diff --git a/vendor/hydra/vendor/curl/lib/cf-socket.c b/vendor/hydra/vendor/curl/lib/cf-socket.c index 3e87889f..e4d6a5b8 100644 --- a/vendor/hydra/vendor/curl/lib/cf-socket.c +++ b/vendor/hydra/vendor/curl/lib/cf-socket.c @@ -35,6 +35,9 @@ #elif defined(HAVE_NETINET_TCP_H) #include #endif +#ifdef HAVE_NETINET_UDP_H +#include +#endif #ifdef HAVE_SYS_IOCTL_H #include #endif @@ -53,6 +56,11 @@ #include #endif +#ifdef __DragonFly__ +/* Required for __DragonFly_version */ +#include +#endif + #include "urldata.h" #include "bufq.h" #include "sendf.h" @@ -73,6 +81,7 @@ #include "multihandle.h" #include "rand.h" #include "share.h" +#include "strdup.h" #include "version_win32.h" /* The last 3 #include files should be in this order */ @@ -115,7 +124,7 @@ static void tcpnodelay(struct Curl_easy *data, curl_socket_t sockfd) } #ifdef SO_NOSIGPIPE -/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when +/* The preferred method on macOS (10.2 and later) to prevent SIGPIPEs when sending data to a dead peer (instead of relying on the 4th argument to send being MSG_NOSIGNAL). Possibly also existing and in use on other BSD systems? */ @@ -137,8 +146,18 @@ static void nosigpipe(struct Curl_easy *data, #define nosigpipe(x,y) Curl_nop_stmt #endif -#if defined(__DragonFly__) || defined(USE_WINSOCK) -/* DragonFlyBSD and Windows use millisecond units */ +#if defined(USE_WINSOCK) && \ + defined(TCP_KEEPIDLE) && defined(TCP_KEEPINTVL) && defined(TCP_KEEPCNT) +/* Win 10, v 1709 (10.0.16299) and later can use SetSockOpt TCP_KEEP____ + * so should use seconds */ +#define CURL_WINSOCK_KEEP_SSO +#define KEEPALIVE_FACTOR(x) +#elif defined(USE_WINSOCK) || \ + (defined(__sun) && !defined(TCP_KEEPIDLE)) || \ + (defined(__DragonFly__) && __DragonFly_version < 500702) || \ + (defined(_WIN32) && !defined(TCP_KEEPIDLE)) +/* Solaris < 11.4, DragonFlyBSD < 500702 and Windows < 10.0.16299 + * use millisecond units. */ #define KEEPALIVE_FACTOR(x) (x *= 1000) #else #define KEEPALIVE_FACTOR(x) @@ -164,44 +183,80 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set SO_KEEPALIVE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } else { -#if defined(SIO_KEEPALIVE_VALS) +#if defined(SIO_KEEPALIVE_VALS) /* Windows */ +/* Windows 10, version 1709 (10.0.16299) and later versions */ +#if defined(CURL_WINSOCK_KEEP_SSO) + optval = curlx_sltosi(data->set.tcp_keepidle); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, + (const char *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPIDLE on fd " + "%" FMT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); + } + optval = curlx_sltosi(data->set.tcp_keepintvl); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, + (const char *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPINTVL on fd " + "%" FMT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); + } + optval = curlx_sltosi(data->set.tcp_keepcnt); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPCNT, + (const char *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPCNT on fd " + "%" FMT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); + } +#else /* Windows < 10.0.16299 */ struct tcp_keepalive vals; DWORD dummy; vals.onoff = 1; optval = curlx_sltosi(data->set.tcp_keepidle); KEEPALIVE_FACTOR(optval); - vals.keepalivetime = optval; + vals.keepalivetime = (u_long)optval; optval = curlx_sltosi(data->set.tcp_keepintvl); KEEPALIVE_FACTOR(optval); - vals.keepaliveinterval = optval; + vals.keepaliveinterval = (u_long)optval; if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals), NULL, 0, &dummy, NULL, NULL) != 0) { infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", - sockfd, SOCKERRNO); + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } -#else +#endif +#else /* !Windows */ #ifdef TCP_KEEPIDLE optval = curlx_sltosi(data->set.tcp_keepidle); KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPIDLE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #elif defined(TCP_KEEPALIVE) - /* Mac OS X style */ + /* macOS style */ optval = curlx_sltosi(data->set.tcp_keepidle); KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPALIVE on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); + } +#elif defined(TCP_KEEPALIVE_THRESHOLD) + /* Solaris <11.4 style */ + optval = curlx_sltosi(data->set.tcp_keepidle); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE_THRESHOLD, + (void *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPALIVE_THRESHOLD on fd " + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } #endif @@ -211,9 +266,37 @@ tcpkeepalive(struct Curl_easy *data, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPINTVL on fd " - "%" CURL_FORMAT_SOCKET_T ": errno %d", + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); } +#elif defined(TCP_KEEPALIVE_ABORT_THRESHOLD) + /* Solaris <11.4 style */ + /* TCP_KEEPALIVE_ABORT_THRESHOLD should equal to + * TCP_KEEPCNT * TCP_KEEPINTVL on other platforms. + * The default value of TCP_KEEPCNT is 9 on Linux, + * 8 on *BSD/macOS, 5 or 10 on Windows. We use the + * default config for Solaris <11.4 because there is + * no default value for TCP_KEEPCNT on Solaris 11.4. + * + * Note that the consequent probes will not be sent + * at equal intervals on Solaris, but will be sent + * using the exponential backoff algorithm. */ + optval = curlx_sltosi(data->set.tcp_keepcnt) * + curlx_sltosi(data->set.tcp_keepintvl); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE_ABORT_THRESHOLD, + (void *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPALIVE_ABORT_THRESHOLD on fd " + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); + } +#endif +#ifdef TCP_KEEPCNT + optval = curlx_sltosi(data->set.tcp_keepcnt); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPCNT, + (void *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPCNT on fd " + "%" FMT_SOCKET_T ": errno %d", sockfd, SOCKERRNO); + } #endif #endif } @@ -249,7 +332,7 @@ void Curl_sock_assign_addr(struct Curl_sockaddr_ex *dest, dest->protocol = IPPROTO_UDP; break; } - dest->addrlen = ai->ai_addrlen; + dest->addrlen = (unsigned int)ai->ai_addrlen; if(dest->addrlen > sizeof(struct Curl_sockaddr_storage)) dest->addrlen = sizeof(struct Curl_sockaddr_storage); @@ -314,7 +397,7 @@ CURLcode Curl_socket_open(struct Curl_easy *data, struct Curl_sockaddr_ex dummy; if(!addr) - /* if the caller doesn't want info back, use a local temp copy */ + /* if the caller does not want info back, use a local temp copy */ addr = &dummy; Curl_sock_assign_addr(addr, ai, transport); @@ -324,6 +407,9 @@ CURLcode Curl_socket_open(struct Curl_easy *data, static int socket_close(struct Curl_easy *data, struct connectdata *conn, int use_callback, curl_socket_t sock) { + if(CURL_SOCKET_BAD == sock) + return 0; + if(use_callback && conn && conn->fclosesocket) { int rc; Curl_multi_closed(data, sock); @@ -363,14 +449,14 @@ int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn, Buffer Size The problem described in this knowledge-base is applied only to pre-Vista - Windows. Following function trying to detect OS version and skips + Windows. Following function trying to detect OS version and skips SO_SNDBUF adjustment for Windows Vista and above. */ #define DETECT_OS_NONE 0 #define DETECT_OS_PREVISTA 1 #define DETECT_OS_VISTA_OR_LATER 2 -void Curl_sndbufset(curl_socket_t sockfd) +void Curl_sndbuf_init(curl_socket_t sockfd) { int val = CURL_MAX_WRITE_SIZE + 32; int curval = 0; @@ -395,7 +481,88 @@ void Curl_sndbufset(curl_socket_t sockfd) setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&val, sizeof(val)); } -#endif +#endif /* USE_WINSOCK */ + +/* + * Curl_parse_interface() + * + * This is used to parse interface argument in the following formats. + * In all the examples, `host` can be an IP address or a hostname. + * + * - can be either an interface name or a host. + * if! - interface name. + * host! - hostname. + * ifhost!! - interface name and hostname. + * + * Parameters: + * + * input [in] - input string. + * len [in] - length of the input string. + * dev [in/out] - address where a pointer to newly allocated memory + * holding the interface-or-host will be stored upon + * completion. + * iface [in/out] - address where a pointer to newly allocated memory + * holding the interface will be stored upon completion. + * host [in/out] - address where a pointer to newly allocated memory + * holding the host will be stored upon completion. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_parse_interface(const char *input, + char **dev, char **iface, char **host) +{ + static const char if_prefix[] = "if!"; + static const char host_prefix[] = "host!"; + static const char if_host_prefix[] = "ifhost!"; + size_t len; + + DEBUGASSERT(dev); + DEBUGASSERT(iface); + DEBUGASSERT(host); + + len = strlen(input); + if(len > 512) + return CURLE_BAD_FUNCTION_ARGUMENT; + + if(!strncmp(if_prefix, input, strlen(if_prefix))) { + input += strlen(if_prefix); + if(!*input) + return CURLE_BAD_FUNCTION_ARGUMENT; + *iface = Curl_memdup0(input, len - strlen(if_prefix)); + return *iface ? CURLE_OK : CURLE_OUT_OF_MEMORY; + } + else if(!strncmp(host_prefix, input, strlen(host_prefix))) { + input += strlen(host_prefix); + if(!*input) + return CURLE_BAD_FUNCTION_ARGUMENT; + *host = Curl_memdup0(input, len - strlen(host_prefix)); + return *host ? CURLE_OK : CURLE_OUT_OF_MEMORY; + } + else if(!strncmp(if_host_prefix, input, strlen(if_host_prefix))) { + const char *host_part; + input += strlen(if_host_prefix); + len -= strlen(if_host_prefix); + host_part = memchr(input, '!', len); + if(!host_part || !*(host_part + 1)) + return CURLE_BAD_FUNCTION_ARGUMENT; + *iface = Curl_memdup0(input, host_part - input); + if(!*iface) + return CURLE_OUT_OF_MEMORY; + ++host_part; + *host = Curl_memdup0(host_part, len - (host_part - input)); + if(!*host) { + free(*iface); + *iface = NULL; + return CURLE_OUT_OF_MEMORY; + } + return CURLE_OK; + } + + if(!*input) + return CURLE_BAD_FUNCTION_ARGUMENT; + *dev = Curl_memdup0(input, len); + return *dev ? CURLE_OK : CURLE_OUT_OF_MEMORY; +} #ifndef CURL_DISABLE_BINDLOCAL static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, @@ -415,6 +582,10 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, /* how many port numbers to try to bind to, increasing one at a time */ int portnum = data->set.localportrange; const char *dev = data->set.str[STRING_DEVICE]; + const char *iface_input = data->set.str[STRING_INTERFACE]; + const char *host_input = data->set.str[STRING_BINDHOST]; + const char *iface = iface_input ? iface_input : dev; + const char *host = host_input ? host_input : dev; int error; #ifdef IP_BIND_ADDRESS_NO_PORT int on = 1; @@ -426,83 +597,77 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, /************************************************************* * Select device to bind socket to *************************************************************/ - if(!dev && !port) + if(!iface && !host && !port) /* no local kind of binding was requested */ return CURLE_OK; memset(&sa, 0, sizeof(struct Curl_sockaddr_storage)); - if(dev && (strlen(dev)<255) ) { + if(iface && (strlen(iface)<255) ) { char myhost[256] = ""; int done = 0; /* -1 for error, 1 for address found */ - bool is_interface = FALSE; - bool is_host = FALSE; - static const char *if_prefix = "if!"; - static const char *host_prefix = "host!"; - - if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) { - dev += strlen(if_prefix); - is_interface = TRUE; - } - else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) { - dev += strlen(host_prefix); - is_host = TRUE; - } + if2ip_result_t if2ip_result = IF2IP_NOT_FOUND; /* interface */ - if(!is_host) { #ifdef SO_BINDTODEVICE - /* - * This binds the local socket to a particular interface. This will - * force even requests to other local interfaces to go out the external - * interface. Only bind to the interface when specified as interface, - * not just as a hostname or ip address. - * - * The interface might be a VRF, eg: vrf-blue, which means it cannot be - * converted to an IP address and would fail Curl_if2ip. Simply try to - * use it straight away. - */ - if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, - dev, (curl_socklen_t)strlen(dev) + 1) == 0) { - /* This is often "errno 1, error: Operation not permitted" if you're - * not running as root or another suitable privileged user. If it - * succeeds it means the parameter was a valid interface and not an IP - * address. Return immediately. - */ - infof(data, "socket successfully bound to interface '%s'", dev); + /* + * This binds the local socket to a particular interface. This will + * force even requests to other local interfaces to go out the external + * interface. Only bind to the interface when specified as interface, + * not just as a hostname or ip address. + * + * The interface might be a VRF, eg: vrf-blue, which means it cannot be + * converted to an IP address and would fail Curl_if2ip. Simply try to + * use it straight away. + */ + if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, + iface, (curl_socklen_t)strlen(iface) + 1) == 0) { + /* This is often "errno 1, error: Operation not permitted" if you are + * not running as root or another suitable privileged user. If it + * succeeds it means the parameter was a valid interface and not an IP + * address. Return immediately. + */ + if(!host_input) { + infof(data, "socket successfully bound to interface '%s'", iface); return CURLE_OK; } + } #endif - - switch(Curl_if2ip(af, + if(!host_input) { + /* Discover IP from input device, then bind to it */ + if2ip_result = Curl_if2ip(af, #ifdef USE_IPV6 - scope, conn->scope_id, -#endif - dev, myhost, sizeof(myhost))) { - case IF2IP_NOT_FOUND: - if(is_interface) { - /* Do not fall back to treating it as a host name */ - failf(data, "Couldn't bind to interface '%s'", dev); - return CURLE_INTERFACE_FAILED; - } - break; - case IF2IP_AF_NOT_SUPPORTED: - /* Signal the caller to try another address family if available */ - return CURLE_UNSUPPORTED_PROTOCOL; - case IF2IP_FOUND: - is_interface = TRUE; - /* - * We now have the numerical IP address in the 'myhost' buffer - */ - infof(data, "Local Interface %s is ip %s using address family %i", - dev, myhost, af); - done = 1; - break; - } + scope, conn->scope_id, +#endif + iface, myhost, sizeof(myhost)); + } + switch(if2ip_result) { + case IF2IP_NOT_FOUND: + if(iface_input && !host_input) { + /* Do not fall back to treating it as a hostname */ + char buffer[STRERROR_LEN]; + data->state.os_errno = error = SOCKERRNO; + failf(data, "Couldn't bind to interface '%s' with errno %d: %s", + iface, error, Curl_strerror(error, buffer, sizeof(buffer))); + return CURLE_INTERFACE_FAILED; + } + break; + case IF2IP_AF_NOT_SUPPORTED: + /* Signal the caller to try another address family if available */ + return CURLE_UNSUPPORTED_PROTOCOL; + case IF2IP_FOUND: + /* + * We now have the numerical IP address in the 'myhost' buffer + */ + host = myhost; + infof(data, "Local Interface %s is ip %s using address family %i", + iface, host, af); + done = 1; + break; } - if(!is_interface) { + if(!iface_input || host_input) { /* - * This was not an interface, resolve the name as a host name + * This was not an interface, resolve the name as a hostname * or IP number * * Temporarily force name resolution to use only the address type @@ -519,18 +684,19 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, conn->ip_version = CURL_IPRESOLVE_V6; #endif - rc = Curl_resolv(data, dev, 80, FALSE, &h); + rc = Curl_resolv(data, host, 80, FALSE, &h); if(rc == CURLRESOLV_PENDING) (void)Curl_resolver_wait_resolv(data, &h); conn->ip_version = ipver; if(h) { + int h_af = h->addr->ai_family; /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */ Curl_printable_address(h->addr, myhost, sizeof(myhost)); infof(data, "Name '%s' family %i resolved to '%s' family %i", - dev, af, myhost, h->addr->ai_family); - Curl_resolv_unlock(data, h); - if(af != h->addr->ai_family) { + host, af, myhost, h_af); + Curl_resolv_unlink(data, &h); /* this will NULL, potential free h */ + if(af != h_af) { /* bad IP version combo, signal the caller to try another address family if available */ return CURLE_UNSUPPORTED_PROTOCOL; @@ -540,7 +706,7 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, else { /* * provided dev was no interface (or interfaces are not supported - * e.g. solaris) no ip address and no domain we fail here + * e.g. Solaris) no ip address and no domain we fail here */ done = -1; } @@ -562,7 +728,7 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, if(scope_ptr) { /* The "myhost" string either comes from Curl_if2ip or from Curl_printable_address. The latter returns only numeric scope - IDs and the former returns none at all. So the scope ID, if + IDs and the former returns none at all. So the scope ID, if present, is known to be numeric */ unsigned long scope_id = strtoul(scope_ptr, NULL, 10); if(scope_id > UINT_MAX) @@ -589,8 +755,11 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, /* errorbuf is set false so failf will overwrite any message already in the error buffer, so the user receives this error message instead of a generic resolve error. */ + char buffer[STRERROR_LEN]; data->state.errorbuf = FALSE; - failf(data, "Couldn't bind to '%s'", dev); + data->state.os_errno = error = SOCKERRNO; + failf(data, "Couldn't bind to '%s' with errno %d: %s", + host, error, Curl_strerror(error, buffer, sizeof(buffer))); return CURLE_INTERFACE_FAILED; } } @@ -667,8 +836,8 @@ static bool verifyconnect(curl_socket_t sockfd, int *error) * Gisle Vanem could reproduce the former problems with this function, but * could avoid them by adding this SleepEx() call below: * - * "I don't have Rational Quantify, but the hint from his post was - * ntdll::NtRemoveIoCompletion(). So I'd assume the SleepEx (or maybe + * "I do not have Rational Quantify, but the hint from his post was + * ntdll::NtRemoveIoCompletion(). I would assume the SleepEx (or maybe * just Sleep(0) would be enough?) would release whatever * mutex/critical-section the ntdll call is waiting on. * @@ -686,14 +855,14 @@ static bool verifyconnect(curl_socket_t sockfd, int *error) if(0 != getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void *)&err, &errSize)) err = SOCKERRNO; #ifdef _WIN32_WCE - /* Old WinCE versions don't support SO_ERROR */ + /* Old Windows CE versions do not support SO_ERROR */ if(WSAENOPROTOOPT == err) { SET_SOCKERRNO(0); err = 0; } #endif #if defined(EBADIOCTL) && defined(__minix) - /* Minix 3.1.x doesn't support getsockopt on UDP sockets */ + /* Minix 3.1.x does not support getsockopt on UDP sockets */ if(EBADIOCTL == err) { SET_SOCKERRNO(0); err = 0; @@ -703,7 +872,7 @@ static bool verifyconnect(curl_socket_t sockfd, int *error) /* we are connected, awesome! */ rc = TRUE; else - /* This wasn't a successful connect */ + /* This was not a successful connect */ rc = FALSE; if(error) *error = err; @@ -765,11 +934,14 @@ struct cf_socket_ctx { int transport; struct Curl_sockaddr_ex addr; /* address to connect to */ curl_socket_t sock; /* current attempt socket */ - struct bufq recvbuf; /* used when `buffer_recv` is set */ struct ip_quadruple ip; /* The IP quadruple 2x(addr+port) */ struct curltime started_at; /* when socket was created */ struct curltime connected_at; /* when socket connected/got first byte */ struct curltime first_byte_at; /* when first byte was recvd */ +#ifdef USE_WINSOCK + struct curltime last_sndbuf_query_at; /* when SO_SNDBUF last queried */ + ULONG sndbuf_size; /* the last set SO_SNDBUF size */ +#endif int error; /* errno of last failure or 0 */ #ifdef DEBUGBUILD int wblock_percent; /* percent of writes doing EAGAIN */ @@ -778,10 +950,10 @@ struct cf_socket_ctx { size_t recv_max; /* max enforced read size */ #endif BIT(got_first_byte); /* if first byte was received */ + BIT(listening); /* socket is listening */ BIT(accepted); /* socket was accepted, not connected */ BIT(sock_connected); /* socket is "connected", e.g. in UDP */ BIT(active); - BIT(buffer_recv); }; static void cf_socket_ctx_init(struct cf_socket_ctx *ctx, @@ -792,7 +964,6 @@ static void cf_socket_ctx_init(struct cf_socket_ctx *ctx, ctx->sock = CURL_SOCKET_BAD; ctx->transport = transport; Curl_sock_assign_addr(&ctx->addr, ai, transport); - Curl_bufq_init(&ctx->recvbuf, NW_RECV_CHUNK_SIZE, NW_RECV_CHUNKS); #ifdef DEBUGBUILD { char *p = getenv("CURL_DBG_SOCK_WBLOCK"); @@ -823,72 +994,19 @@ static void cf_socket_ctx_init(struct cf_socket_ctx *ctx, #endif } -struct reader_ctx { - struct Curl_cfilter *cf; - struct Curl_easy *data; -}; - -static ssize_t nw_in_read(void *reader_ctx, - unsigned char *buf, size_t len, - CURLcode *err) -{ - struct reader_ctx *rctx = reader_ctx; - struct cf_socket_ctx *ctx = rctx->cf->ctx; - ssize_t nread; - - *err = CURLE_OK; - nread = sread(ctx->sock, buf, len); - - if(-1 == nread) { - int sockerr = SOCKERRNO; - - if( -#ifdef WSAEWOULDBLOCK - /* This is how Windows does it */ - (WSAEWOULDBLOCK == sockerr) -#else - /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned - due to its inability to send off data without blocking. We therefore - treat both error codes the same here */ - (EWOULDBLOCK == sockerr) || (EAGAIN == sockerr) || (EINTR == sockerr) -#endif - ) { - /* this is just a case of EWOULDBLOCK */ - *err = CURLE_AGAIN; - nread = -1; - } - else { - char buffer[STRERROR_LEN]; - - failf(rctx->data, "Recv failure: %s", - Curl_strerror(sockerr, buffer, sizeof(buffer))); - rctx->data->state.os_errno = sockerr; - *err = CURLE_RECV_ERROR; - nread = -1; - } - } - CURL_TRC_CF(rctx->data, rctx->cf, "nw_in_read(len=%zu, fd=%" - CURL_FORMAT_SOCKET_T ") -> %d, err=%d", - len, ctx->sock, (int)nread, *err); - return nread; -} - static void cf_socket_close(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_socket_ctx *ctx = cf->ctx; if(ctx && CURL_SOCKET_BAD != ctx->sock) { - CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T - ")", ctx->sock); + CURL_TRC_CF(data, cf, "cf_socket_close(%" FMT_SOCKET_T ")", ctx->sock); if(ctx->sock == cf->conn->sock[cf->sockindex]) cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD; socket_close(data, cf->conn, !ctx->accepted, ctx->sock); ctx->sock = CURL_SOCKET_BAD; if(ctx->active && cf->sockindex == FIRSTSOCKET) cf->conn->remote_addr = NULL; - Curl_bufq_reset(&ctx->recvbuf); ctx->active = FALSE; - ctx->buffer_recv = FALSE; memset(&ctx->started_at, 0, sizeof(ctx->started_at)); memset(&ctx->connected_at, 0, sizeof(ctx->connected_at)); } @@ -896,13 +1014,34 @@ static void cf_socket_close(struct Curl_cfilter *cf, struct Curl_easy *data) cf->connected = FALSE; } +static CURLcode cf_socket_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool *done) +{ + if(cf->connected) { + struct cf_socket_ctx *ctx = cf->ctx; + + CURL_TRC_CF(data, cf, "cf_socket_shutdown(%" FMT_SOCKET_T ")", ctx->sock); + /* On TCP, and when the socket looks well and non-blocking mode + * can be enabled, receive dangling bytes before close to avoid + * entering RST states unnecessarily. */ + if(ctx->sock != CURL_SOCKET_BAD && + ctx->transport == TRNSPRT_TCP && + (curlx_nonblock(ctx->sock, TRUE) >= 0)) { + unsigned char buf[1024]; + (void)sread(ctx->sock, buf, sizeof(buf)); + } + } + *done = TRUE; + return CURLE_OK; +} + static void cf_socket_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_socket_ctx *ctx = cf->ctx; cf_socket_close(cf, data); CURL_TRC_CF(data, cf, "destroy"); - Curl_bufq_free(&ctx->recvbuf); free(ctx); cf->ctx = NULL; } @@ -949,7 +1088,7 @@ static CURLcode set_remote_ip(struct Curl_cfilter *cf, struct cf_socket_ctx *ctx = cf->ctx; /* store remote address and port used in this connection attempt */ - if(!Curl_addr2string(&ctx->addr.sa_addr, ctx->addr.addrlen, + if(!Curl_addr2string(&ctx->addr.sa_addr, (curl_socklen_t)ctx->addr.addrlen, ctx->ip.remote_ip, &ctx->ip.remote_port)) { char buffer[STRERROR_LEN]; @@ -974,7 +1113,20 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, (void)data; DEBUGASSERT(ctx->sock == CURL_SOCKET_BAD); ctx->started_at = Curl_now(); +#ifdef SOCK_NONBLOCK + /* Do not tuck SOCK_NONBLOCK into socktype when opensocket callback is set + * because we would not know how socketype is about to be used in the + * callback, SOCK_NONBLOCK might get factored out before calling socket(). + */ + if(!data->set.fopensocket) + ctx->addr.socktype |= SOCK_NONBLOCK; +#endif result = socket_open(data, &ctx->addr, &ctx->sock); +#ifdef SOCK_NONBLOCK + /* Restore the socktype after the socket is created. */ + if(!data->set.fopensocket) + ctx->addr.socktype &= ~SOCK_NONBLOCK; +#endif if(result) goto out; @@ -1004,7 +1156,7 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, nosigpipe(data, ctx->sock); - Curl_sndbufset(ctx->sock); + Curl_sndbuf_init(ctx->sock); if(is_tcp && data->set.tcp_keepalive) tcpkeepalive(data, ctx->sock); @@ -1045,8 +1197,27 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, } #endif - /* set socket non-blocking */ - (void)curlx_nonblock(ctx->sock, TRUE); +#ifndef SOCK_NONBLOCK + /* Set socket non-blocking, must be a non-blocking socket for + * a non-blocking connect. */ + error = curlx_nonblock(ctx->sock, TRUE); + if(error < 0) { + result = CURLE_UNSUPPORTED_PROTOCOL; + ctx->error = SOCKERRNO; + goto out; + } +#else + if(data->set.fopensocket) { + /* Set socket non-blocking, must be a non-blocking socket for + * a non-blocking connect. */ + error = curlx_nonblock(ctx->sock, TRUE); + if(error < 0) { + result = CURLE_UNSUPPORTED_PROTOCOL; + ctx->error = SOCKERRNO; + goto out; + } + } +#endif ctx->sock_connected = (ctx->addr.socktype != SOCK_DGRAM); out: if(result) { @@ -1060,7 +1231,7 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, ctx->connected_at = Curl_now(); cf->connected = TRUE; } - CURL_TRC_CF(data, cf, "cf_socket_open() -> %d, fd=%" CURL_FORMAT_SOCKET_T, + CURL_TRC_CF(data, cf, "cf_socket_open() -> %d, fd=%" FMT_SOCKET_T, result, ctx->sock); return result; } @@ -1102,8 +1273,8 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, #elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */ if(setsockopt(ctx->sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, (void *)&optval, sizeof(optval)) < 0) - infof(data, "Failed to enable TCP Fast Open on fd %" - CURL_FORMAT_SOCKET_T, ctx->sock); + infof(data, "Failed to enable TCP Fast Open on fd %" FMT_SOCKET_T, + ctx->sock); rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); #elif defined(MSG_FASTOPEN) /* old Linux */ @@ -1114,7 +1285,8 @@ static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data, #endif } else { - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.sa_addr, + (curl_socklen_t)ctx->addr.addrlen); } return rc; } @@ -1237,15 +1409,24 @@ static void cf_socket_adjust_pollset(struct Curl_cfilter *cf, struct cf_socket_ctx *ctx = cf->ctx; if(ctx->sock != CURL_SOCKET_BAD) { - if(!cf->connected) { + /* A listening socket filter needs to be connected before the accept + * for some weird FTP interaction. This should be rewritten, so that + * FTP no longer does the socket checks and accept calls and delegates + * all that to the filter. TODO. */ + if(ctx->listening) { + Curl_pollset_set_in_only(data, ps, ctx->sock); + CURL_TRC_CF(data, cf, "adjust_pollset, listening, POLLIN fd=%" + FMT_SOCKET_T, ctx->sock); + } + else if(!cf->connected) { Curl_pollset_set_out_only(data, ps, ctx->sock); CURL_TRC_CF(data, cf, "adjust_pollset, !connected, POLLOUT fd=%" - CURL_FORMAT_SOCKET_T, ctx->sock); + FMT_SOCKET_T, ctx->sock); } else if(!ctx->active) { Curl_pollset_add_in(data, ps, ctx->sock); CURL_TRC_CF(data, cf, "adjust_pollset, !active, POLLIN fd=%" - CURL_FORMAT_SOCKET_T, ctx->sock); + FMT_SOCKET_T, ctx->sock); } } } @@ -1257,21 +1438,46 @@ static bool cf_socket_data_pending(struct Curl_cfilter *cf, int readable; (void)data; - if(!Curl_bufq_is_empty(&ctx->recvbuf)) - return TRUE; - readable = SOCKET_READABLE(ctx->sock, 0); return (readable > 0 && (readable & CURL_CSELECT_IN)); } +#ifdef USE_WINSOCK + +#ifndef SIO_IDEAL_SEND_BACKLOG_QUERY +#define SIO_IDEAL_SEND_BACKLOG_QUERY 0x4004747B +#endif + +static void win_update_sndbuf_size(struct cf_socket_ctx *ctx) +{ + ULONG ideal; + DWORD ideallen; + struct curltime n = Curl_now(); + + if(Curl_timediff(n, ctx->last_sndbuf_query_at) > 1000) { + if(!WSAIoctl(ctx->sock, SIO_IDEAL_SEND_BACKLOG_QUERY, 0, 0, + &ideal, sizeof(ideal), &ideallen, 0, 0) && + ideal != ctx->sndbuf_size && + !setsockopt(ctx->sock, SOL_SOCKET, SO_SNDBUF, + (const char *)&ideal, sizeof(ideal))) { + ctx->sndbuf_size = ideal; + } + ctx->last_sndbuf_query_at = n; + } +} + +#endif /* USE_WINSOCK */ + static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_socket_ctx *ctx = cf->ctx; curl_socket_t fdsave; ssize_t nwritten; size_t orig_len = len; + (void)eos; /* unused */ *err = CURLE_OK; fdsave = cf->conn->sock[cf->sockindex]; cf->conn->sock[cf->sockindex] = ctx->sock; @@ -1280,7 +1486,7 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* simulate network blocking/partial writes */ if(ctx->wblock_percent > 0) { unsigned char c = 0; - Curl_rand(data, &c, 1); + Curl_rand_bytes(data, FALSE, &c, 1); if(c >= ((100-ctx->wblock_percent)*256/100)) { CURL_TRC_CF(data, cf, "send(len=%zu) SIMULATE EWOULDBLOCK", orig_len); *err = CURLE_AGAIN; @@ -1336,6 +1542,11 @@ static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data, } } +#if defined(USE_WINSOCK) + if(!*err) + win_update_sndbuf_size(ctx); +#endif + CURL_TRC_CF(data, cf, "send(len=%zu) -> %d, err=%d", orig_len, (int)nwritten, *err); cf->conn->sock[cf->sockindex] = fdsave; @@ -1346,14 +1557,10 @@ static ssize_t cf_socket_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err) { struct cf_socket_ctx *ctx = cf->ctx; - curl_socket_t fdsave; ssize_t nread; *err = CURLE_OK; - fdsave = cf->conn->sock[cf->sockindex]; - cf->conn->sock[cf->sockindex] = ctx->sock; - #ifdef DEBUGBUILD /* simulate network blocking/partial reads */ if(cf->cft != &Curl_cft_udp && ctx->rblock_percent > 0) { @@ -1362,9 +1569,7 @@ static ssize_t cf_socket_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(c >= ((100-ctx->rblock_percent)*256/100)) { CURL_TRC_CF(data, cf, "recv(len=%zu) SIMULATE EWOULDBLOCK", len); *err = CURLE_AGAIN; - nread = -1; - cf->conn->sock[cf->sockindex] = fdsave; - return nread; + return -1; } } if(cf->cft != &Curl_cft_udp && ctx->recv_max && ctx->recv_max < len) { @@ -1375,57 +1580,57 @@ static ssize_t cf_socket_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } #endif - if(ctx->buffer_recv && !Curl_bufq_is_empty(&ctx->recvbuf)) { - CURL_TRC_CF(data, cf, "recv from buffer"); - nread = Curl_bufq_read(&ctx->recvbuf, (unsigned char *)buf, len, err); - } - else { - struct reader_ctx rctx; - - rctx.cf = cf; - rctx.data = data; - - /* "small" reads may trigger filling our buffer, "large" reads - * are probably not worth the additional copy */ - if(ctx->buffer_recv && len < NW_SMALL_READS) { - ssize_t nwritten; - nwritten = Curl_bufq_slurp(&ctx->recvbuf, nw_in_read, &rctx, err); - if(nwritten < 0 && !Curl_bufq_is_empty(&ctx->recvbuf)) { - /* we have a partial read with an error. need to deliver - * what we got, return the error later. */ - CURL_TRC_CF(data, cf, "partial read: empty buffer first"); - nread = Curl_bufq_read(&ctx->recvbuf, (unsigned char *)buf, len, err); - } - else if(nwritten < 0) { - nread = -1; - goto out; - } - else if(nwritten == 0) { - /* eof */ - *err = CURLE_OK; - nread = 0; - } - else { - CURL_TRC_CF(data, cf, "buffered %zd additional bytes", nwritten); - nread = Curl_bufq_read(&ctx->recvbuf, (unsigned char *)buf, len, err); - } + *err = CURLE_OK; + nread = sread(ctx->sock, buf, len); + + if(-1 == nread) { + int sockerr = SOCKERRNO; + + if( +#ifdef WSAEWOULDBLOCK + /* This is how Windows does it */ + (WSAEWOULDBLOCK == sockerr) +#else + /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned + due to its inability to send off data without blocking. We therefore + treat both error codes the same here */ + (EWOULDBLOCK == sockerr) || (EAGAIN == sockerr) || (EINTR == sockerr) +#endif + ) { + /* this is just a case of EWOULDBLOCK */ + *err = CURLE_AGAIN; } else { - nread = nw_in_read(&rctx, (unsigned char *)buf, len, err); + char buffer[STRERROR_LEN]; + + failf(data, "Recv failure: %s", + Curl_strerror(sockerr, buffer, sizeof(buffer))); + data->state.os_errno = sockerr; + *err = CURLE_RECV_ERROR; } } -out: CURL_TRC_CF(data, cf, "recv(len=%zu) -> %d, err=%d", len, (int)nread, *err); if(nread > 0 && !ctx->got_first_byte) { ctx->first_byte_at = Curl_now(); ctx->got_first_byte = TRUE; } - cf->conn->sock[cf->sockindex] = fdsave; return nread; } +static void cf_socket_update_data(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + /* Update the IP info held in the transfer, if we have that. */ + if(cf->connected && (cf->sockindex == FIRSTSOCKET)) { + struct cf_socket_ctx *ctx = cf->ctx; + data->info.primary = ctx->ip; + /* not sure if this is redundant... */ + data->info.conn_remote_port = cf->conn->remote_port; + } +} + static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_socket_ctx *ctx = cf->ctx; @@ -1433,22 +1638,15 @@ static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data) /* use this socket from now on */ cf->conn->sock[cf->sockindex] = ctx->sock; set_local_ip(cf, data); - if(cf->sockindex == SECONDARYSOCKET) - cf->conn->secondary = ctx->ip; - else - cf->conn->primary = ctx->ip; - /* the first socket info gets some specials */ if(cf->sockindex == FIRSTSOCKET) { + cf->conn->primary = ctx->ip; cf->conn->remote_addr = &ctx->addr; #ifdef USE_IPV6 cf->conn->bits.ipv6 = (ctx->addr.family == AF_INET6)? TRUE : FALSE; #endif - Curl_persistconninfo(data, cf->conn, &ctx->ip); - /* buffering is currently disabled by default because we have stalls - * in parallel transfers where not all buffered data is consumed and no - * socket events happen. - */ - ctx->buffer_recv = FALSE; + } + else { + cf->conn->secondary = ctx->ip; } ctx->active = TRUE; } @@ -1464,9 +1662,10 @@ static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf, switch(event) { case CF_CTRL_CONN_INFO_UPDATE: cf_socket_active(cf, data); + cf_socket_update_data(cf, data); break; case CF_CTRL_DATA_SETUP: - Curl_persistconninfo(data, cf->conn, &ctx->ip); + cf_socket_update_data(cf, data); break; case CF_CTRL_FORGET_SOCKET: ctx->sock = CURL_SOCKET_BAD; @@ -1549,6 +1748,14 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, } return CURLE_OK; } + case CF_QUERY_IP_INFO: +#ifdef USE_IPV6 + *pres1 = (ctx->addr.family == AF_INET6)? TRUE : FALSE; +#else + *pres1 = FALSE; +#endif + *(struct ip_quadruple *)pres2 = ctx->ip; + return CURLE_OK; default: break; } @@ -1564,6 +1771,7 @@ struct Curl_cftype Curl_cft_tcp = { cf_socket_destroy, cf_tcp_connect, cf_socket_close, + cf_socket_shutdown, cf_socket_get_host, cf_socket_adjust_pollset, cf_socket_data_pending, @@ -1608,33 +1816,35 @@ CURLcode Curl_cf_tcp_create(struct Curl_cfilter **pcf, } static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf, - struct Curl_easy *data) + struct Curl_easy *data) { struct cf_socket_ctx *ctx = cf->ctx; int rc; + int one = 1; + + (void)one; /* QUIC needs a connected socket, nonblocking */ DEBUGASSERT(ctx->sock != CURL_SOCKET_BAD); -#if defined(__APPLE__) && defined(USE_OPENSSL_QUIC) - (void)rc; - /* On macOS OpenSSL QUIC fails on connected sockets. - * see: */ -#else - rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); + rc = connect(ctx->sock, &ctx->addr.sa_addr, + (curl_socklen_t)ctx->addr.addrlen); if(-1 == rc) { return socket_connect_result(data, ctx->ip.remote_ip, SOCKERRNO); } ctx->sock_connected = TRUE; -#endif set_local_ip(cf, data); - CURL_TRC_CF(data, cf, "%s socket %" CURL_FORMAT_SOCKET_T + CURL_TRC_CF(data, cf, "%s socket %" FMT_SOCKET_T " connected: [%s:%d] -> [%s:%d]", (ctx->transport == TRNSPRT_QUIC)? "QUIC" : "UDP", ctx->sock, ctx->ip.local_ip, ctx->ip.local_port, ctx->ip.remote_ip, ctx->ip.remote_port); - (void)curlx_nonblock(ctx->sock, TRUE); + /* Currently, cf->ctx->sock is always non-blocking because the only + * caller to cf_udp_setup_quic() is cf_udp_connect() that passes the + * non-blocking socket created by cf_socket_open() to it. Thus, we + * do not need to call curlx_nonblock() in cf_udp_setup_quic() anymore. + */ switch(ctx->addr.family) { #if defined(__linux__) && defined(IP_MTU_DISCOVER) case AF_INET: { @@ -1653,6 +1863,14 @@ static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf, } #endif } + +#if defined(__linux__) && defined(UDP_GRO) && \ + (defined(HAVE_SENDMMSG) || defined(HAVE_SENDMSG)) && \ + ((defined(USE_NGTCP2) && defined(USE_NGHTTP3)) || defined(USE_QUICHE)) + (void)setsockopt(ctx->sock, IPPROTO_UDP, UDP_GRO, &one, + (socklen_t)sizeof(one)); +#endif + return CURLE_OK; } @@ -1681,12 +1899,12 @@ static CURLcode cf_udp_connect(struct Curl_cfilter *cf, if(result) goto out; CURL_TRC_CF(data, cf, "cf_udp_connect(), opened socket=%" - CURL_FORMAT_SOCKET_T " (%s:%d)", + FMT_SOCKET_T " (%s:%d)", ctx->sock, ctx->ip.local_ip, ctx->ip.local_port); } else { CURL_TRC_CF(data, cf, "cf_udp_connect(), opened socket=%" - CURL_FORMAT_SOCKET_T " (unconnected)", ctx->sock); + FMT_SOCKET_T " (unconnected)", ctx->sock); } *done = TRUE; cf->connected = TRUE; @@ -1702,6 +1920,7 @@ struct Curl_cftype Curl_cft_udp = { cf_socket_destroy, cf_udp_connect, cf_socket_close, + cf_socket_shutdown, cf_socket_get_host, cf_socket_adjust_pollset, cf_socket_data_pending, @@ -1753,6 +1972,7 @@ struct Curl_cftype Curl_cft_unix = { cf_socket_destroy, cf_tcp_connect, cf_socket_close, + cf_socket_shutdown, cf_socket_get_host, cf_socket_adjust_pollset, cf_socket_data_pending, @@ -1817,6 +2037,7 @@ struct Curl_cftype Curl_cft_tcp_accept = { cf_socket_destroy, cf_tcp_accept_connect, cf_socket_close, + cf_socket_shutdown, cf_socket_get_host, /* TODO: not accurate */ cf_socket_adjust_pollset, cf_socket_data_pending, @@ -1847,6 +2068,7 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, } ctx->transport = conn->transport; ctx->sock = *s; + ctx->listening = TRUE; ctx->accepted = FALSE; result = Curl_cf_create(&cf, &Curl_cft_tcp_accept, ctx); if(result) @@ -1858,8 +2080,8 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, ctx->active = TRUE; ctx->connected_at = Curl_now(); cf->connected = TRUE; - CURL_TRC_CF(data, cf, "Curl_conn_tcp_listen_set(%" - CURL_FORMAT_SOCKET_T ")", ctx->sock); + CURL_TRC_CF(data, cf, "Curl_conn_tcp_listen_set(%" FMT_SOCKET_T ")", + ctx->sock); out: if(result) { @@ -1913,8 +2135,10 @@ CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data, return CURLE_FAILED_INIT; ctx = cf->ctx; + DEBUGASSERT(ctx->listening); /* discard the listen socket */ socket_close(data, conn, TRUE, ctx->sock); + ctx->listening = FALSE; ctx->sock = *s; conn->sock[sockindex] = ctx->sock; set_accepted_remote_ip(cf, data); @@ -1923,7 +2147,7 @@ CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data, ctx->accepted = TRUE; ctx->connected_at = Curl_now(); cf->connected = TRUE; - CURL_TRC_CF(data, cf, "accepted_set(sock=%" CURL_FORMAT_SOCKET_T + CURL_TRC_CF(data, cf, "accepted_set(sock=%" FMT_SOCKET_T ", remote=%s port=%d)", ctx->sock, ctx->ip.remote_ip, ctx->ip.remote_port); diff --git a/vendor/hydra/vendor/curl/lib/cf-socket.h b/vendor/hydra/vendor/curl/lib/cf-socket.h index 058af500..35225f15 100644 --- a/vendor/hydra/vendor/curl/lib/cf-socket.h +++ b/vendor/hydra/vendor/curl/lib/cf-socket.h @@ -54,6 +54,11 @@ struct Curl_sockaddr_ex { }; #define sa_addr _sa_ex_u.addr +/* + * Parse interface option, and return the interface name and the host part. +*/ +CURLcode Curl_parse_interface(const char *input, + char **dev, char **iface, char **host); /* * Create a socket based on info from 'conn' and 'ai'. @@ -81,9 +86,9 @@ int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn, Buffer Size */ -void Curl_sndbufset(curl_socket_t sockfd); +void Curl_sndbuf_init(curl_socket_t sockfd); #else -#define Curl_sndbufset(y) Curl_nop_stmt +#define Curl_sndbuf_init(y) Curl_nop_stmt #endif /** diff --git a/vendor/hydra/vendor/curl/lib/cfilters.c b/vendor/hydra/vendor/curl/lib/cfilters.c index a327fa19..3d7da0c6 100644 --- a/vendor/hydra/vendor/curl/lib/cfilters.c +++ b/vendor/hydra/vendor/curl/lib/cfilters.c @@ -45,7 +45,10 @@ #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) #endif -#ifdef DEBUGBUILD +static void cf_cntrl_update_info(struct Curl_easy *data, + struct connectdata *conn); + +#ifdef UNITTESTS /* used by unit2600.c */ void Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data) { @@ -55,6 +58,15 @@ void Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data) } #endif +CURLcode Curl_cf_def_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + (void)cf; + (void)data; + *done = TRUE; + return CURLE_OK; +} + static void conn_report_connect_stats(struct Curl_easy *data, struct connectdata *conn); @@ -89,10 +101,11 @@ bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, } ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { return cf->next? - cf->next->cft->do_send(cf->next, data, buf, len, err) : + cf->next->cft->do_send(cf->next, data, buf, len, eos, err) : CURLE_RECV_ERROR; } @@ -166,6 +179,61 @@ void Curl_conn_close(struct Curl_easy *data, int index) if(cf) { cf->cft->do_close(cf, data); } + Curl_shutdown_clear(data, index); +} + +CURLcode Curl_conn_shutdown(struct Curl_easy *data, int sockindex, bool *done) +{ + struct Curl_cfilter *cf; + CURLcode result = CURLE_OK; + timediff_t timeout_ms; + struct curltime now; + + DEBUGASSERT(data->conn); + /* Get the first connected filter that is not shut down already. */ + cf = data->conn->cfilter[sockindex]; + while(cf && (!cf->connected || cf->shutdown)) + cf = cf->next; + + if(!cf) { + *done = TRUE; + return CURLE_OK; + } + + *done = FALSE; + now = Curl_now(); + if(!Curl_shutdown_started(data, sockindex)) { + DEBUGF(infof(data, "shutdown start on%s connection", + sockindex? " secondary" : "")); + Curl_shutdown_start(data, sockindex, &now); + } + else { + timeout_ms = Curl_shutdown_timeleft(data->conn, sockindex, &now); + if(timeout_ms < 0) { + failf(data, "SSL shutdown timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + } + + while(cf) { + if(!cf->shutdown) { + bool cfdone = FALSE; + result = cf->cft->do_shutdown(cf, data, &cfdone); + if(result) { + CURL_TRC_CF(data, cf, "shut down failed with %d", result); + return result; + } + else if(!cfdone) { + CURL_TRC_CF(data, cf, "shut down not done yet"); + return CURLE_OK; + } + CURL_TRC_CF(data, cf, "shut down successfully"); + cf->shutdown = TRUE; + } + cf = cf->next; + } + *done = (!result); + return result; } ssize_t Curl_cf_recv(struct Curl_easy *data, int num, char *buf, @@ -192,7 +260,8 @@ ssize_t Curl_cf_recv(struct Curl_easy *data, int num, char *buf, } ssize_t Curl_cf_send(struct Curl_easy *data, int num, - const void *mem, size_t len, CURLcode *code) + const void *mem, size_t len, bool eos, + CURLcode *code) { struct Curl_cfilter *cf; @@ -204,7 +273,7 @@ ssize_t Curl_cf_send(struct Curl_easy *data, int num, cf = cf->next; } if(cf) { - ssize_t nwritten = cf->cft->do_send(cf, data, mem, len, code); + ssize_t nwritten = cf->cft->do_send(cf, data, mem, len, eos, code); DEBUGASSERT(nwritten >= 0 || *code); DEBUGASSERT(nwritten < 0 || !*code || !len); return nwritten; @@ -315,10 +384,11 @@ void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data) } ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { if(cf) - return cf->cft->do_send(cf, data, buf, len, err); + return cf->cft->do_send(cf, data, buf, len, eos, err); *err = CURLE_SEND_ERROR; return -1; } @@ -345,16 +415,29 @@ CURLcode Curl_conn_connect(struct Curl_easy *data, cf = data->conn->cfilter[sockindex]; DEBUGASSERT(cf); - if(!cf) + if(!cf) { + *done = FALSE; return CURLE_FAILED_INIT; + } *done = cf->connected; if(!*done) { + if(Curl_conn_needs_flush(data, sockindex)) { + DEBUGF(infof(data, "Curl_conn_connect(index=%d), flush", sockindex)); + result = Curl_conn_flush(data, sockindex); + if(result && (result != CURLE_AGAIN)) + return result; + } + result = cf->cft->do_connect(cf, data, blocking, done); if(!result && *done) { - Curl_conn_ev_update_info(data, data->conn); + /* Now that the complete filter chain is connected, let all filters + * persist information at the connection. E.g. cf-socket sets the + * socket and ip related information. */ + cf_cntrl_update_info(data, data->conn); conn_report_connect_stats(data, data->conn); data->conn->keepalive = Curl_now(); + Curl_verboseconnect(data, data->conn, sockindex); } else if(result) { conn_report_connect_stats(data, data->conn); @@ -435,6 +518,21 @@ bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex) return FALSE; } +bool Curl_conn_cf_needs_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + CURLcode result; + int pending = FALSE; + result = cf? cf->cft->query(cf, data, CF_QUERY_NEED_FLUSH, + &pending, NULL) : CURLE_UNKNOWN_OPTION; + return (result || pending == FALSE)? FALSE : TRUE; +} + +bool Curl_conn_needs_flush(struct Curl_easy *data, int sockindex) +{ + return Curl_conn_cf_needs_flush(data->conn->cfilter[sockindex], data); +} + void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) @@ -442,6 +540,9 @@ void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, /* Get the lowest not-connected filter, if there are any */ while(cf && !cf->connected && cf->next && !cf->next->connected) cf = cf->next; + /* Skip all filters that have already shut down */ + while(cf && cf->shutdown) + cf = cf->next; /* From there on, give all filters a chance to adjust the pollset. * Lower filters are called later, so they may override */ while(cf) { @@ -462,6 +563,42 @@ void Curl_conn_adjust_pollset(struct Curl_easy *data, } } +int Curl_conn_cf_poll(struct Curl_cfilter *cf, + struct Curl_easy *data, + timediff_t timeout_ms) +{ + struct easy_pollset ps; + struct pollfd pfds[MAX_SOCKSPEREASYHANDLE]; + unsigned int i, npfds = 0; + + DEBUGASSERT(cf); + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + memset(&ps, 0, sizeof(ps)); + memset(pfds, 0, sizeof(pfds)); + + Curl_conn_cf_adjust_pollset(cf, data, &ps); + DEBUGASSERT(ps.num <= MAX_SOCKSPEREASYHANDLE); + for(i = 0; i < ps.num; ++i) { + short events = 0; + if(ps.actions[i] & CURL_POLL_IN) { + events |= POLLIN; + } + if(ps.actions[i] & CURL_POLL_OUT) { + events |= POLLOUT; + } + if(events) { + pfds[npfds].fd = ps.sockets[i]; + pfds[npfds].events = events; + ++npfds; + } + } + + if(!npfds) + DEBUGF(infof(data, "no sockets to poll!")); + return Curl_poll(pfds, npfds, timeout_ms); +} + void Curl_conn_get_host(struct Curl_easy *data, int sockindex, const char **phost, const char **pdisplay_host, int *pport) @@ -522,6 +659,15 @@ curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf, return CURL_SOCKET_BAD; } +CURLcode Curl_conn_cf_get_ip_info(struct Curl_cfilter *cf, + struct Curl_easy *data, + int *is_ipv6, struct ip_quadruple *ipquad) +{ + if(cf) + return cf->cft->query(cf, data, CF_QUERY_IP_INFO, is_ipv6, ipquad); + return CURLE_UNKNOWN_OPTION; +} + curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex) { struct Curl_cfilter *cf; @@ -588,6 +734,13 @@ CURLcode Curl_conn_ev_data_idle(struct Curl_easy *data) CF_CTRL_DATA_IDLE, 0, NULL); } + +CURLcode Curl_conn_flush(struct Curl_easy *data, int sockindex) +{ + return Curl_conn_cf_cntrl(data->conn->cfilter[sockindex], data, FALSE, + CF_CTRL_FLUSH, 0, NULL); +} + /** * Notify connection filters that the transfer represented by `data` * is done with sending data (e.g. has uploaded everything). @@ -612,8 +765,8 @@ CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause) CF_CTRL_DATA_PAUSE, do_pause, NULL); } -void Curl_conn_ev_update_info(struct Curl_easy *data, - struct connectdata *conn) +static void cf_cntrl_update_info(struct Curl_easy *data, + struct connectdata *conn) { cf_cntrl_all(conn, data, TRUE, CF_CTRL_CONN_INFO_UPDATE, 0, NULL); } @@ -706,9 +859,10 @@ CURLcode Curl_conn_recv(struct Curl_easy *data, int sockindex, } CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten) { + size_t write_len = blen; ssize_t nwritten; CURLcode result = CURLE_OK; struct connectdata *conn; @@ -718,7 +872,7 @@ CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, DEBUGASSERT(data); DEBUGASSERT(data->conn); conn = data->conn; -#ifdef CURLDEBUG +#ifdef DEBUGBUILD { /* Allow debug builds to override this logic to force short sends */ @@ -726,11 +880,14 @@ CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, if(p) { size_t altsize = (size_t)strtoul(p, NULL, 10); if(altsize) - blen = CURLMIN(blen, altsize); + write_len = CURLMIN(write_len, altsize); } } #endif - nwritten = conn->send[sockindex](data, sockindex, buf, blen, &result); + if(write_len != blen) + eos = FALSE; + nwritten = conn->send[sockindex](data, sockindex, buf, write_len, eos, + &result); DEBUGASSERT((nwritten >= 0) || result); *pnwritten = (nwritten < 0)? 0 : (size_t)nwritten; return result; diff --git a/vendor/hydra/vendor/curl/lib/cfilters.h b/vendor/hydra/vendor/curl/lib/cfilters.h index dcfc1b71..af696f52 100644 --- a/vendor/hydra/vendor/curl/lib/cfilters.h +++ b/vendor/hydra/vendor/curl/lib/cfilters.h @@ -24,11 +24,13 @@ * ***************************************************************************/ +#include "timediff.h" struct Curl_cfilter; struct Curl_easy; struct Curl_dns_entry; struct connectdata; +struct ip_quadruple; /* Callback to destroy resources held by this filter instance. * Implementations MUST NOT chain calls to cf->next. @@ -36,9 +38,17 @@ struct connectdata; typedef void Curl_cft_destroy_this(struct Curl_cfilter *cf, struct Curl_easy *data); +/* Callback to close the connection immediately. */ typedef void Curl_cft_close(struct Curl_cfilter *cf, struct Curl_easy *data); +/* Callback to close the connection filter gracefully, non-blocking. + * Implementations MUST NOT chain calls to cf->next. + */ +typedef CURLcode Curl_cft_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool *done); + typedef CURLcode Curl_cft_connect(struct Curl_cfilter *cf, struct Curl_easy *data, bool blocking, bool *done); @@ -76,10 +86,10 @@ struct easy_pollset; * the pollset. Filters, whose filter "below" is not connected, should * also do no adjustments. * - * Examples: a TLS handshake, while ongoing, might remove POLL_IN - * when it needs to write, or vice versa. A HTTP/2 filter might remove - * POLL_OUT when a stream window is exhausted and a WINDOW_UPDATE needs - * to be received first and add instead POLL_IN. + * Examples: a TLS handshake, while ongoing, might remove POLL_IN when it + * needs to write, or vice versa. An HTTP/2 filter might remove POLL_OUT when + * a stream window is exhausted and a WINDOW_UPDATE needs to be received first + * and add instead POLL_IN. * * @param cf the filter to ask * @param data the easy handle the pollset is about @@ -96,6 +106,7 @@ typedef ssize_t Curl_cft_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* transfer */ const void *buf, /* data to write */ size_t len, /* amount to write */ + bool eos, /* last chunk */ CURLcode *err); /* error to return */ typedef ssize_t Curl_cft_recv(struct Curl_cfilter *cf, @@ -131,6 +142,7 @@ typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf, /* update conn info at connection and data */ #define CF_CTRL_CONN_INFO_UPDATE (256+0) /* 0 NULL ignored */ #define CF_CTRL_FORGET_SOCKET (256+1) /* 0 NULL ignored */ +#define CF_CTRL_FLUSH (256+2) /* 0 NULL first fail */ /** * Handle event/control for the filter. @@ -153,6 +165,9 @@ typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf, * were received. * -1 if not determined yet. * - CF_QUERY_SOCKET: the socket used by the filter chain + * - CF_QUERY_NEED_FLUSH: TRUE iff any of the filters have unsent data + * - CF_QUERY_IP_INFO: res1 says if connection used IPv6, res2 is the + * ip quadruple */ /* query res1 res2 */ #define CF_QUERY_MAX_CONCURRENT 1 /* number - */ @@ -161,6 +176,8 @@ typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf, #define CF_QUERY_TIMER_CONNECT 4 /* - struct curltime */ #define CF_QUERY_TIMER_APPCONNECT 5 /* - struct curltime */ #define CF_QUERY_STREAM_ERROR 6 /* error code - */ +#define CF_QUERY_NEED_FLUSH 7 /* TRUE/FALSE - */ +#define CF_QUERY_IP_INFO 8 /* TRUE/FALSE struct ip_quadruple */ /** * Query the cfilter for properties. Filters ignorant of a query will @@ -194,6 +211,7 @@ struct Curl_cftype { Curl_cft_destroy_this *destroy; /* destroy resources of this cf */ Curl_cft_connect *do_connect; /* establish connection */ Curl_cft_close *do_close; /* close conn */ + Curl_cft_shutdown *do_shutdown; /* shutdown conn */ Curl_cft_get_host *get_host; /* host filter talks to */ Curl_cft_adjust_pollset *adjust_pollset; /* adjust transfer poll set */ Curl_cft_data_pending *has_data_pending;/* conn has data pending */ @@ -213,6 +231,7 @@ struct Curl_cfilter { struct connectdata *conn; /* the connection this filter belongs to */ int sockindex; /* the index the filter is installed at */ BIT(connected); /* != 0 iff this filter is connected */ + BIT(shutdown); /* != 0 iff this filter has shut down */ }; /* Default implementations for the type functions, implementing nop. */ @@ -230,7 +249,8 @@ void Curl_cf_def_adjust_pollset(struct Curl_cfilter *cf, bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data); ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err); + const void *buf, size_t len, bool eos, + CURLcode *err); ssize_t Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err); CURLcode Curl_cf_def_cntrl(struct Curl_cfilter *cf, @@ -244,6 +264,8 @@ CURLcode Curl_cf_def_conn_keep_alive(struct Curl_cfilter *cf, CURLcode Curl_cf_def_query(struct Curl_cfilter *cf, struct Curl_easy *data, int query, int *pres1, void *pres2); +CURLcode Curl_cf_def_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done); /** * Create a new filter instance, unattached to the filter chain. @@ -304,7 +326,8 @@ CURLcode Curl_conn_cf_connect(struct Curl_cfilter *cf, bool blocking, bool *done); void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data); ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err); + const void *buf, size_t len, bool eos, + CURLcode *err); ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *err); CURLcode Curl_conn_cf_cntrl(struct Curl_cfilter *cf, @@ -325,6 +348,12 @@ bool Curl_conn_cf_is_ssl(struct Curl_cfilter *cf); curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf, struct Curl_easy *data); +CURLcode Curl_conn_cf_get_ip_info(struct Curl_cfilter *cf, + struct Curl_easy *data, + int *is_ipv6, struct ip_quadruple *ipquad); + +bool Curl_conn_cf_needs_flush(struct Curl_cfilter *cf, + struct Curl_easy *data); #define CURL_CF_SSL_DEFAULT -1 #define CURL_CF_SSL_DISABLE 0 @@ -371,6 +400,13 @@ bool Curl_conn_is_multiplex(struct connectdata *conn, int sockindex); */ void Curl_conn_close(struct Curl_easy *data, int sockindex); +/** + * Shutdown the connection at `sockindex` non-blocking, using timeout + * from `data->set.shutdowntimeout`, default DEFAULT_SHUTDOWN_TIMEOUT_MS. + * Will return CURLE_OK and *done == FALSE if not finished. + */ +CURLcode Curl_conn_shutdown(struct Curl_easy *data, int sockindex, bool *done); + /** * Return if data is pending in some connection filter at chain * `sockindex` for connection `data->conn`. @@ -378,6 +414,17 @@ void Curl_conn_close(struct Curl_easy *data, int sockindex); bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex); +/** + * Return TRUE if any of the connection filters at chain `sockindex` + * have data still to send. + */ +bool Curl_conn_needs_flush(struct Curl_easy *data, int sockindex); + +/** + * Flush any pending data on the connection filters at chain `sockindex`. + */ +CURLcode Curl_conn_flush(struct Curl_easy *data, int sockindex); + /** * Return the socket used on data's connection for the index. * Returns CURL_SOCKET_BAD if not available. @@ -402,6 +449,15 @@ void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, void Curl_conn_adjust_pollset(struct Curl_easy *data, struct easy_pollset *ps); +/** + * Curl_poll() the filter chain at `cf` with timeout `timeout_ms`. + * Returns 0 on timeout, negative on error or number of sockets + * with requested poll events. + */ +int Curl_conn_cf_poll(struct Curl_cfilter *cf, + struct Curl_easy *data, + timediff_t timeout_ms); + /** * Receive data through the filter chain at `sockindex` for connection * `data->conn`. Copy at most `len` bytes into `buf`. Return the @@ -418,7 +474,7 @@ ssize_t Curl_cf_recv(struct Curl_easy *data, int sockindex, char *buf, * The error code is placed into `*code`. */ ssize_t Curl_cf_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t len, CURLcode *code); + const void *buf, size_t len, bool eos, CURLcode *code); /** * The easy handle `data` is being attached to `conn`. This does @@ -467,12 +523,6 @@ void Curl_conn_ev_data_done(struct Curl_easy *data, bool premature); */ CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause); -/** - * Inform connection filters to update their info in `conn`. - */ -void Curl_conn_ev_update_info(struct Curl_easy *data, - struct connectdata *conn); - /** * Check if FIRSTSOCKET's cfilter chain deems connection alive. */ @@ -486,7 +536,9 @@ CURLcode Curl_conn_keep_alive(struct Curl_easy *data, struct connectdata *conn, int sockindex); +#ifdef UNITTESTS void Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data); +#endif void Curl_conn_get_host(struct Curl_easy *data, int sockindex, const char **phost, const char **pdisplay_host, int *pport); @@ -526,7 +578,7 @@ CURLcode Curl_conn_recv(struct Curl_easy *data, int sockindex, * Will return CURLE_AGAIN iff blocked on sending. */ CURLcode Curl_conn_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten); diff --git a/vendor/hydra/vendor/curl/lib/config-mac.h b/vendor/hydra/vendor/curl/lib/config-mac.h index c29888f8..53df87cb 100644 --- a/vendor/hydra/vendor/curl/lib/config-mac.h +++ b/vendor/hydra/vendor/curl/lib/config-mac.h @@ -27,7 +27,7 @@ /* =================================================================== */ /* Hand crafted config file for Mac OS 9 */ /* =================================================================== */ -/* On Mac OS X you must run configure to generate curl_config.h file */ +/* On macOS you must run configure to generate curl_config.h file */ /* =================================================================== */ #ifndef OS diff --git a/vendor/hydra/vendor/curl/lib/config-os400.h b/vendor/hydra/vendor/curl/lib/config-os400.h index 018e90af..29aa818f 100644 --- a/vendor/hydra/vendor/curl/lib/config-os400.h +++ b/vendor/hydra/vendor/curl/lib/config-os400.h @@ -65,9 +65,6 @@ /* Define this to 'int' if ssize_t is not an available typedefed type */ #undef ssize_t -/* Define this as a suitable file to read random data from */ -#undef RANDOM_FILE - /* Define to 1 if you have the alarm function. */ #define HAVE_ALARM 1 @@ -107,9 +104,6 @@ /* Define if you have the header file. */ #undef HAVE_IO_H -/* Define if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - /* Define if you have GSS API. */ #define HAVE_GSSAPI @@ -235,7 +229,7 @@ /* Define if you have the ANSI C header files. */ #define STDC_HEADERS -/* Define to enable HTTP3 support (experimental, requires NGTCP2, QUICHE or +/* Define to enable HTTP3 support (experimental, requires NGTCP2, quiche or MSH3) */ #undef USE_HTTP3 diff --git a/vendor/hydra/vendor/curl/lib/config-plan9.h b/vendor/hydra/vendor/curl/lib/config-plan9.h index 6f3a15a5..e56aca15 100644 --- a/vendor/hydra/vendor/curl/lib/config-plan9.h +++ b/vendor/hydra/vendor/curl/lib/config-plan9.h @@ -41,7 +41,6 @@ #define PACKAGE_STRING "curl -" #define PACKAGE_TARNAME "curl" #define PACKAGE_VERSION "-" -#define RANDOM_FILE "/dev/random" #define VERSION "0.0.0" /* TODO */ #define STDC_HEADERS 1 diff --git a/vendor/hydra/vendor/curl/lib/config-riscos.h b/vendor/hydra/vendor/curl/lib/config-riscos.h index eb1d26ec..580e822e 100644 --- a/vendor/hydra/vendor/curl/lib/config-riscos.h +++ b/vendor/hydra/vendor/curl/lib/config-riscos.h @@ -63,9 +63,6 @@ /* Define this to 'int' if ssize_t is not an available typedefed type */ #undef ssize_t -/* Define this as a suitable file to read random data from */ -#undef RANDOM_FILE - /* Define if you have the alarm function. */ #define HAVE_ALARM @@ -108,9 +105,6 @@ /* Define if you have the header file. */ #undef HAVE_IO_H -/* Define if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - /* Define if you need the malloc.h header file even with stdlib.h */ /* #define NEED_MALLOC_H 1 */ @@ -207,13 +201,6 @@ /* Version number of package */ #undef VERSION -/* Define if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _ALL_SOURCE -# undef _ALL_SOURCE -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS diff --git a/vendor/hydra/vendor/curl/lib/config-win32ce.h b/vendor/hydra/vendor/curl/lib/config-win32ce.h index ae3ca290..800fc61c 100644 --- a/vendor/hydra/vendor/curl/lib/config-win32ce.h +++ b/vendor/hydra/vendor/curl/lib/config-win32ce.h @@ -25,7 +25,7 @@ ***************************************************************************/ /* ================================================================ */ -/* lib/config-win32ce.h - Hand crafted config file for windows ce */ +/* lib/config-win32ce.h - Hand crafted config file for Windows CE */ /* ================================================================ */ /* ---------------------------------------------------------------- */ @@ -279,7 +279,7 @@ #define PACKAGE "curl" /* ---------------------------------------------------------------- */ -/* WinCE */ +/* Windows CE */ /* ---------------------------------------------------------------- */ #ifndef UNICODE diff --git a/vendor/hydra/vendor/curl/lib/conncache.c b/vendor/hydra/vendor/curl/lib/conncache.c index 2b5ee4f2..8f477827 100644 --- a/vendor/hydra/vendor/curl/lib/conncache.c +++ b/vendor/hydra/vendor/curl/lib/conncache.c @@ -29,13 +29,17 @@ #include "urldata.h" #include "url.h" +#include "cfilters.h" #include "progress.h" #include "multiif.h" #include "sendf.h" #include "conncache.h" +#include "http_negotiate.h" +#include "http_ntlm.h" #include "share.h" #include "sigpipe.h" #include "connect.h" +#include "select.h" #include "strcase.h" /* The last 3 #include files should be in this order */ @@ -43,167 +47,242 @@ #include "curl_memory.h" #include "memdebug.h" -#define HASHKEY_SIZE 128 -static CURLcode bundle_create(struct connectbundle **bundlep) +#define CPOOL_IS_LOCKED(c) ((c) && (c)->locked) + +#define CPOOL_LOCK(c) \ + do { \ + if((c)) { \ + if(CURL_SHARE_KEEP_CONNECT((c)->share)) \ + Curl_share_lock(((c)->idata), CURL_LOCK_DATA_CONNECT, \ + CURL_LOCK_ACCESS_SINGLE); \ + DEBUGASSERT(!(c)->locked); \ + (c)->locked = TRUE; \ + } \ + } while(0) + +#define CPOOL_UNLOCK(c) \ + do { \ + if((c)) { \ + DEBUGASSERT((c)->locked); \ + (c)->locked = FALSE; \ + if(CURL_SHARE_KEEP_CONNECT((c)->share)) \ + Curl_share_unlock((c)->idata, CURL_LOCK_DATA_CONNECT); \ + } \ + } while(0) + + +/* A list of connections to the same destinationn. */ +struct cpool_bundle { + struct Curl_llist conns; /* connections in the bundle */ + size_t dest_len; /* total length of destination, including NUL */ + char *dest[1]; /* destination of bundle, allocated to keep dest_len bytes */ +}; + + +static void cpool_discard_conn(struct cpool *cpool, + struct Curl_easy *data, + struct connectdata *conn, + bool aborted); +static void cpool_close_and_destroy(struct cpool *cpool, + struct connectdata *conn, + struct Curl_easy *data, + bool do_shutdown); +static void cpool_run_conn_shutdown(struct Curl_easy *data, + struct connectdata *conn, + bool *done); +static void cpool_run_conn_shutdown_handler(struct Curl_easy *data, + struct connectdata *conn); +static CURLMcode cpool_update_shutdown_ev(struct Curl_multi *multi, + struct Curl_easy *data, + struct connectdata *conn); +static void cpool_shutdown_all(struct cpool *cpool, + struct Curl_easy *data, int timeout_ms); +static void cpool_close_and_destroy_all(struct cpool *cpool); +static struct connectdata *cpool_get_oldest_idle(struct cpool *cpool); + +static struct cpool_bundle *cpool_bundle_create(const char *dest, + size_t dest_len) { - DEBUGASSERT(*bundlep == NULL); - *bundlep = malloc(sizeof(struct connectbundle)); - if(!*bundlep) - return CURLE_OUT_OF_MEMORY; - - (*bundlep)->num_connections = 0; - (*bundlep)->multiuse = BUNDLE_UNKNOWN; - - Curl_llist_init(&(*bundlep)->conn_list, NULL); - return CURLE_OK; + struct cpool_bundle *bundle; + bundle = calloc(1, sizeof(*bundle) + dest_len); + if(!bundle) + return NULL; + Curl_llist_init(&bundle->conns, NULL); + bundle->dest_len = dest_len; + memcpy(bundle->dest, dest, dest_len); + return bundle; } -static void bundle_destroy(struct connectbundle *bundle) +static void cpool_bundle_destroy(struct cpool_bundle *bundle) { + DEBUGASSERT(!Curl_llist_count(&bundle->conns)); free(bundle); } /* Add a connection to a bundle */ -static void bundle_add_conn(struct connectbundle *bundle, - struct connectdata *conn) +static void cpool_bundle_add(struct cpool_bundle *bundle, + struct connectdata *conn) { - Curl_llist_append(&bundle->conn_list, conn, &conn->bundle_node); - conn->bundle = bundle; - bundle->num_connections++; + DEBUGASSERT(!Curl_node_llist(&conn->cpool_node)); + Curl_llist_append(&bundle->conns, conn, &conn->cpool_node); + conn->bits.in_cpool = TRUE; } /* Remove a connection from a bundle */ -static int bundle_remove_conn(struct connectbundle *bundle, - struct connectdata *conn) +static void cpool_bundle_remove(struct cpool_bundle *bundle, + struct connectdata *conn) { - struct Curl_llist_element *curr; - - curr = bundle->conn_list.head; - while(curr) { - if(curr->ptr == conn) { - Curl_llist_remove(&bundle->conn_list, curr, NULL); - bundle->num_connections--; - conn->bundle = NULL; - return 1; /* we removed a handle */ - } - curr = curr->next; - } - DEBUGASSERT(0); - return 0; + (void)bundle; + DEBUGASSERT(Curl_node_llist(&conn->cpool_node) == &bundle->conns); + Curl_node_remove(&conn->cpool_node); + conn->bits.in_cpool = FALSE; } -static void free_bundle_hash_entry(void *freethis) +static void cpool_bundle_free_entry(void *freethis) { - struct connectbundle *b = (struct connectbundle *) freethis; - - bundle_destroy(b); + cpool_bundle_destroy((struct cpool_bundle *)freethis); } -int Curl_conncache_init(struct conncache *connc, size_t size) +int Curl_cpool_init(struct cpool *cpool, + Curl_cpool_disconnect_cb *disconnect_cb, + struct Curl_multi *multi, + struct Curl_share *share, + size_t size) { + DEBUGASSERT(!!multi != !!share); /* either one */ + Curl_hash_init(&cpool->dest2bundle, size, Curl_hash_str, + Curl_str_key_compare, cpool_bundle_free_entry); + Curl_llist_init(&cpool->shutdowns, NULL); + + DEBUGASSERT(disconnect_cb); + if(!disconnect_cb) + return 1; + /* allocate a new easy handle to use when closing cached connections */ - connc->closure_handle = curl_easy_init(); - if(!connc->closure_handle) + cpool->idata = curl_easy_init(); + if(!cpool->idata) return 1; /* bad */ - connc->closure_handle->state.internal = true; + cpool->idata->state.internal = true; + /* TODO: this is quirky. We need an internal handle for certain + * operations, but we do not add it to the multi (if there is one). + * But we give it the multi so that socket event operations can work. + * Probably better to have an internal handle owned by the multi that + * can be used for cpool operations. */ + cpool->idata->multi = multi; + #ifdef DEBUGBUILD + if(getenv("CURL_DEBUG")) + cpool->idata->set.verbose = true; +#endif - Curl_hash_init(&connc->hash, size, Curl_hash_str, - Curl_str_key_compare, free_bundle_hash_entry); - connc->closure_handle->state.conn_cache = connc; + cpool->disconnect_cb = disconnect_cb; + cpool->idata->multi = cpool->multi = multi; + cpool->idata->share = cpool->share = share; return 0; /* good */ } -void Curl_conncache_destroy(struct conncache *connc) +void Curl_cpool_destroy(struct cpool *cpool) { - if(connc) - Curl_hash_destroy(&connc->hash); + if(cpool) { + if(cpool->idata) { + cpool_close_and_destroy_all(cpool); + /* The internal closure handle is special and we need to + * disconnect it from multi/share before closing it down. */ + cpool->idata->multi = NULL; + cpool->idata->share = NULL; + Curl_close(&cpool->idata); + } + Curl_hash_destroy(&cpool->dest2bundle); + cpool->multi = NULL; + } } -/* creates a key to find a bundle for this connection */ -static void hashkey(struct connectdata *conn, char *buf, size_t len) +static struct cpool *cpool_get_instance(struct Curl_easy *data) { - const char *hostname; - long port = conn->remote_port; - DEBUGASSERT(len >= HASHKEY_SIZE); -#ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { - hostname = conn->http_proxy.host.name; - port = conn->primary.remote_port; + if(data) { + if(CURL_SHARE_KEEP_CONNECT(data->share)) + return &data->share->cpool; + else if(data->multi_easy) + return &data->multi_easy->cpool; + else if(data->multi) + return &data->multi->cpool; } - else -#endif - if(conn->bits.conn_to_host) - hostname = conn->conn_to_host.name; - else - hostname = conn->host.name; - - /* put the numbers first so that the hostname gets cut off if too long */ -#ifdef USE_IPV6 - msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); -#else - msnprintf(buf, len, "%ld/%s", port, hostname); -#endif - Curl_strntolower(buf, buf, len); + return NULL; } -/* Returns number of connections currently held in the connection cache. - Locks/unlocks the cache itself! -*/ -size_t Curl_conncache_size(struct Curl_easy *data) +void Curl_cpool_xfer_init(struct Curl_easy *data) { - size_t num; - CONNCACHE_LOCK(data); - num = data->state.conn_cache->num_conn; - CONNCACHE_UNLOCK(data); - return num; + struct cpool *cpool = cpool_get_instance(data); + + DEBUGASSERT(cpool); + if(cpool) { + CPOOL_LOCK(cpool); + /* the identifier inside the connection cache */ + data->id = cpool->next_easy_id++; + if(cpool->next_easy_id <= 0) + cpool->next_easy_id = 0; + data->state.lastconnect_id = -1; + + /* The closure handle only ever has default timeouts set. To improve the + state somewhat we clone the timeouts from each added handle so that the + closure handle always has the same timeouts as the most recently added + easy handle. */ + cpool->idata->set.timeout = data->set.timeout; + cpool->idata->set.server_response_timeout = + data->set.server_response_timeout; + cpool->idata->set.no_signal = data->set.no_signal; + + CPOOL_UNLOCK(cpool); + } + else { + /* We should not get here, but in a non-debug build, do something */ + data->id = 0; + data->state.lastconnect_id = -1; + } } -/* Look up the bundle with all the connections to the same host this - connectdata struct is setup to use. - - **NOTE**: When it returns, it holds the connection cache lock! */ -struct connectbundle * -Curl_conncache_find_bundle(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc) +static struct cpool_bundle *cpool_find_bundle(struct cpool *cpool, + struct connectdata *conn) { - struct connectbundle *bundle = NULL; - CONNCACHE_LOCK(data); - if(connc) { - char key[HASHKEY_SIZE]; - hashkey(conn, key, sizeof(key)); - bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); - } - - return bundle; + return Curl_hash_pick(&cpool->dest2bundle, + conn->destination, conn->destination_len); } -static void *conncache_add_bundle(struct conncache *connc, - char *key, - struct connectbundle *bundle) +static struct cpool_bundle * +cpool_add_bundle(struct cpool *cpool, struct connectdata *conn) { - return Curl_hash_add(&connc->hash, key, strlen(key), bundle); + struct cpool_bundle *bundle; + + bundle = cpool_bundle_create(conn->destination, conn->destination_len); + if(!bundle) + return NULL; + + if(!Curl_hash_add(&cpool->dest2bundle, + bundle->dest, bundle->dest_len, bundle)) { + cpool_bundle_destroy(bundle); + return NULL; + } + return bundle; } -static void conncache_remove_bundle(struct conncache *connc, - struct connectbundle *bundle) +static void cpool_remove_bundle(struct cpool *cpool, + struct cpool_bundle *bundle) { struct Curl_hash_iterator iter; struct Curl_hash_element *he; - if(!connc) + if(!cpool) return; - Curl_hash_start_iterate(&connc->hash, &iter); + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); he = Curl_hash_next_element(&iter); while(he) { if(he->ptr == bundle) { /* The bundle is destroyed by the hash destructor function, free_bundle_hash_entry() */ - Curl_hash_delete(&connc->hash, he->key, he->key_len); + Curl_hash_delete(&cpool->dest2bundle, he->key, he->key_len); return; } @@ -211,225 +290,252 @@ static void conncache_remove_bundle(struct conncache *connc, } } -CURLcode Curl_conncache_add_conn(struct Curl_easy *data) +static struct connectdata * +cpool_bundle_get_oldest_idle(struct cpool_bundle *bundle); + +int Curl_cpool_check_limits(struct Curl_easy *data, + struct connectdata *conn) { - CURLcode result = CURLE_OK; - struct connectbundle *bundle = NULL; - struct connectdata *conn = data->conn; - struct conncache *connc = data->state.conn_cache; - DEBUGASSERT(conn); + struct cpool *cpool = cpool_get_instance(data); + struct cpool_bundle *bundle; + size_t dest_limit = 0; + size_t total_limit = 0; + int result = CPOOL_LIMIT_OK; + + if(!cpool) + return CPOOL_LIMIT_OK; + + if(data && data->multi) { + dest_limit = data->multi->max_host_connections; + total_limit = data->multi->max_total_connections; + } - /* *find_bundle() locks the connection cache */ - bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache); - if(!bundle) { - char key[HASHKEY_SIZE]; + if(!dest_limit && !total_limit) + return CPOOL_LIMIT_OK; + + CPOOL_LOCK(cpool); + if(dest_limit) { + bundle = cpool_find_bundle(cpool, conn); + while(bundle && (Curl_llist_count(&bundle->conns) >= dest_limit)) { + struct connectdata *oldest_idle = NULL; + /* The bundle is full. Extract the oldest connection that may + * be removed now, if there is one. */ + oldest_idle = cpool_bundle_get_oldest_idle(bundle); + if(!oldest_idle) + break; + /* disconnect the old conn and continue */ + DEBUGF(infof(data, "Discarding connection #%" + FMT_OFF_T " from %zu to reach destination " + "limit of %zu", oldest_idle->connection_id, + Curl_llist_count(&bundle->conns), dest_limit)); + Curl_cpool_disconnect(data, oldest_idle, FALSE); + } + if(bundle && (Curl_llist_count(&bundle->conns) >= dest_limit)) { + result = CPOOL_LIMIT_DEST; + goto out; + } + } - result = bundle_create(&bundle); - if(result) { - goto unlock; + if(total_limit) { + while(cpool->num_conn >= total_limit) { + struct connectdata *oldest_idle = cpool_get_oldest_idle(cpool); + if(!oldest_idle) + break; + /* disconnect the old conn and continue */ + DEBUGF(infof(data, "Discarding connection #%" + FMT_OFF_T " from %zu to reach total " + "limit of %zu", + oldest_idle->connection_id, cpool->num_conn, total_limit)); + Curl_cpool_disconnect(data, oldest_idle, FALSE); + } + if(cpool->num_conn >= total_limit) { + result = CPOOL_LIMIT_TOTAL; + goto out; } + } - hashkey(conn, key, sizeof(key)); +out: + CPOOL_UNLOCK(cpool); + return result; +} - if(!conncache_add_bundle(data->state.conn_cache, key, bundle)) { - bundle_destroy(bundle); +CURLcode Curl_cpool_add_conn(struct Curl_easy *data, + struct connectdata *conn) +{ + CURLcode result = CURLE_OK; + struct cpool_bundle *bundle = NULL; + struct cpool *cpool = cpool_get_instance(data); + DEBUGASSERT(conn); + + DEBUGASSERT(cpool); + if(!cpool) + return CURLE_FAILED_INIT; + + CPOOL_LOCK(cpool); + bundle = cpool_find_bundle(cpool, conn); + if(!bundle) { + bundle = cpool_add_bundle(cpool, conn); + if(!bundle) { result = CURLE_OUT_OF_MEMORY; - goto unlock; + goto out; } } - bundle_add_conn(bundle, conn); - conn->connection_id = connc->next_connection_id++; - connc->num_conn++; - - DEBUGF(infof(data, "Added connection %" CURL_FORMAT_CURL_OFF_T ". " + cpool_bundle_add(bundle, conn); + conn->connection_id = cpool->next_connection_id++; + cpool->num_conn++; + DEBUGF(infof(data, "Added connection %" FMT_OFF_T ". " "The cache now contains %zu members", - conn->connection_id, connc->num_conn)); - -unlock: - CONNCACHE_UNLOCK(data); + conn->connection_id, cpool->num_conn)); +out: + CPOOL_UNLOCK(cpool); return result; } -/* - * Removes the connectdata object from the connection cache, but the transfer - * still owns this connection. - * - * Pass TRUE/FALSE in the 'lock' argument depending on if the parent function - * already holds the lock or not. - */ -void Curl_conncache_remove_conn(struct Curl_easy *data, - struct connectdata *conn, bool lock) +static void cpool_remove_conn(struct cpool *cpool, + struct connectdata *conn) { - struct connectbundle *bundle = conn->bundle; - struct conncache *connc = data->state.conn_cache; - - /* The bundle pointer can be NULL, since this function can be called - due to a failed connection attempt, before being added to a bundle */ - if(bundle) { - if(lock) { - CONNCACHE_LOCK(data); - } - bundle_remove_conn(bundle, conn); - if(bundle->num_connections == 0) - conncache_remove_bundle(connc, bundle); - conn->bundle = NULL; /* removed from it */ - if(connc) { - connc->num_conn--; - DEBUGF(infof(data, "The cache now contains %zu members", - connc->num_conn)); + struct Curl_llist *list = Curl_node_llist(&conn->cpool_node); + DEBUGASSERT(cpool); + if(list) { + /* The connection is certainly in the pool, but where? */ + struct cpool_bundle *bundle = cpool_find_bundle(cpool, conn); + if(bundle && (list == &bundle->conns)) { + cpool_bundle_remove(bundle, conn); + if(!Curl_llist_count(&bundle->conns)) + cpool_remove_bundle(cpool, bundle); + conn->bits.in_cpool = FALSE; + cpool->num_conn--; } - if(lock) { - CONNCACHE_UNLOCK(data); + else { + /* Not in a bundle, already in the shutdown list? */ + DEBUGASSERT(list == &cpool->shutdowns); } } } -/* This function iterates the entire connection cache and calls the function +/* This function iterates the entire connection pool and calls the function func() with the connection pointer as the first argument and the supplied 'param' argument as the other. - The conncache lock is still held when the callback is called. It needs it, + The cpool lock is still held when the callback is called. It needs it, so that it can safely continue traversing the lists once the callback returns. - Returns 1 if the loop was aborted due to the callback's return code. + Returns TRUE if the loop was aborted due to the callback's return code. Return 0 from func() to continue the loop, return 1 to abort it. */ -bool Curl_conncache_foreach(struct Curl_easy *data, - struct conncache *connc, - void *param, - int (*func)(struct Curl_easy *data, - struct connectdata *conn, void *param)) +static bool cpool_foreach(struct Curl_easy *data, + struct cpool *cpool, + void *param, + int (*func)(struct Curl_easy *data, + struct connectdata *conn, void *param)) { struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; struct Curl_hash_element *he; - if(!connc) + if(!cpool) return FALSE; - CONNCACHE_LOCK(data); - Curl_hash_start_iterate(&connc->hash, &iter); + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); he = Curl_hash_next_element(&iter); while(he) { - struct connectbundle *bundle; - - bundle = he->ptr; + struct Curl_llist_node *curr; + struct cpool_bundle *bundle = he->ptr; he = Curl_hash_next_element(&iter); - curr = bundle->conn_list.head; + curr = Curl_llist_head(&bundle->conns); while(curr) { /* Yes, we need to update curr before calling func(), because func() might decide to remove the connection */ - struct connectdata *conn = curr->ptr; - curr = curr->next; + struct connectdata *conn = Curl_node_elem(curr); + curr = Curl_node_next(curr); if(1 == func(data, conn, param)) { - CONNCACHE_UNLOCK(data); return TRUE; } } } - CONNCACHE_UNLOCK(data); return FALSE; } -/* Return the first connection found in the cache. Used when closing all - connections. - - NOTE: no locking is done here as this is presumably only done when cleaning - up a cache! -*/ -static struct connectdata * -conncache_find_first_connection(struct conncache *connc) +/* Return a live connection in the pool or NULL. */ +static struct connectdata *cpool_get_live_conn(struct cpool *cpool) { struct Curl_hash_iterator iter; struct Curl_hash_element *he; - struct connectbundle *bundle; - - Curl_hash_start_iterate(&connc->hash, &iter); + struct cpool_bundle *bundle; + struct Curl_llist_node *conn_node; - he = Curl_hash_next_element(&iter); - while(he) { - struct Curl_llist_element *curr; + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); + for(he = Curl_hash_next_element(&iter); he; + he = Curl_hash_next_element(&iter)) { bundle = he->ptr; - - curr = bundle->conn_list.head; - if(curr) { - return curr->ptr; - } - - he = Curl_hash_next_element(&iter); + conn_node = Curl_llist_head(&bundle->conns); + if(conn_node) + return Curl_node_elem(conn_node); } - return NULL; } /* - * Give ownership of a connection back to the connection cache. Might - * disconnect the oldest existing in there to make space. + * A connection (already in the pool) has become idle. Do any + * cleanups in regard to the pool's limits. * - * Return TRUE if stored, FALSE if closed. + * Return TRUE if idle connection kept in pool, FALSE if closed. */ -bool Curl_conncache_return_conn(struct Curl_easy *data, - struct connectdata *conn) +bool Curl_cpool_conn_now_idle(struct Curl_easy *data, + struct connectdata *conn) { unsigned int maxconnects = !data->multi->maxconnects ? data->multi->num_easy * 4: data->multi->maxconnects; - struct connectdata *conn_candidate = NULL; + struct connectdata *oldest_idle = NULL; + struct cpool *cpool = cpool_get_instance(data); + bool kept = TRUE; conn->lastused = Curl_now(); /* it was used up until now */ - if(maxconnects && Curl_conncache_size(data) > maxconnects) { - infof(data, "Connection cache is full, closing the oldest one"); - - conn_candidate = Curl_conncache_extract_oldest(data); - if(conn_candidate) { - /* Use the closure handle for this disconnect so that anything that - happens during the disconnect is not stored and associated with the - 'data' handle which already just finished a transfer and it is - important that details from this (unrelated) disconnect does not - taint meta-data in the data handle. */ - struct conncache *connc = data->state.conn_cache; - Curl_disconnect(connc->closure_handle, conn_candidate, - /* dead_connection */ FALSE); + if(cpool && maxconnects) { + /* may be called form a callback already under lock */ + bool do_lock = !CPOOL_IS_LOCKED(cpool); + if(do_lock) + CPOOL_LOCK(cpool); + if(cpool->num_conn > maxconnects) { + infof(data, "Connection pool is full, closing the oldest one"); + + oldest_idle = cpool_get_oldest_idle(cpool); + kept = (oldest_idle != conn); + if(oldest_idle) { + Curl_cpool_disconnect(cpool->idata, oldest_idle, FALSE); + } } + if(do_lock) + CPOOL_UNLOCK(cpool); } - return (conn_candidate == conn) ? FALSE : TRUE; - + return kept; } /* * This function finds the connection in the connection bundle that has been * unused for the longest time. - * - * Does not lock the connection cache! - * - * Returns the pointer to the oldest idle connection, or NULL if none was - * found. */ -struct connectdata * -Curl_conncache_extract_bundle(struct Curl_easy *data, - struct connectbundle *bundle) +static struct connectdata * +cpool_bundle_get_oldest_idle(struct cpool_bundle *bundle) { - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; timediff_t highscore = -1; timediff_t score; struct curltime now; - struct connectdata *conn_candidate = NULL; + struct connectdata *oldest_idle = NULL; struct connectdata *conn; - (void)data; - now = Curl_now(); - - curr = bundle->conn_list.head; + curr = Curl_llist_head(&bundle->conns); while(curr) { - conn = curr->ptr; + conn = Curl_node_elem(curr); if(!CONN_INUSE(conn)) { /* Set higher score for the age passed since the connection was used */ @@ -437,141 +543,836 @@ Curl_conncache_extract_bundle(struct Curl_easy *data, if(score > highscore) { highscore = score; - conn_candidate = conn; + oldest_idle = conn; } } - curr = curr->next; - } - if(conn_candidate) { - /* remove it to prevent another thread from nicking it */ - bundle_remove_conn(bundle, conn_candidate); - data->state.conn_cache->num_conn--; - DEBUGF(infof(data, "The cache now contains %zu members", - data->state.conn_cache->num_conn)); + curr = Curl_node_next(curr); } - - return conn_candidate; + return oldest_idle; } -/* - * This function finds the connection in the connection cache that has been - * unused for the longest time and extracts that from the bundle. - * - * Returns the pointer to the connection, or NULL if none was found. - */ -struct connectdata * -Curl_conncache_extract_oldest(struct Curl_easy *data) +static struct connectdata *cpool_get_oldest_idle(struct cpool *cpool) { - struct conncache *connc = data->state.conn_cache; struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; struct Curl_hash_element *he; + struct connectdata *oldest_idle = NULL; + struct cpool_bundle *bundle; + struct curltime now; timediff_t highscore =- 1; timediff_t score; - struct curltime now; - struct connectdata *conn_candidate = NULL; - struct connectbundle *bundle; - struct connectbundle *bundle_candidate = NULL; now = Curl_now(); + Curl_hash_start_iterate(&cpool->dest2bundle, &iter); - CONNCACHE_LOCK(data); - Curl_hash_start_iterate(&connc->hash, &iter); - - he = Curl_hash_next_element(&iter); - while(he) { + for(he = Curl_hash_next_element(&iter); he; + he = Curl_hash_next_element(&iter)) { struct connectdata *conn; - bundle = he->ptr; - curr = bundle->conn_list.head; - while(curr) { - conn = curr->ptr; - - if(!CONN_INUSE(conn) && !conn->bits.close && - !conn->connect_only) { - /* Set higher score for the age passed since the connection was used */ - score = Curl_timediff(now, conn->lastused); - - if(score > highscore) { - highscore = score; - conn_candidate = conn; - bundle_candidate = bundle; - } + for(curr = Curl_llist_head(&bundle->conns); curr; + curr = Curl_node_next(curr)) { + conn = Curl_node_elem(curr); + if(CONN_INUSE(conn) || conn->bits.close || conn->connect_only) + continue; + /* Set higher score for the age passed since the connection was used */ + score = Curl_timediff(now, conn->lastused); + if(score > highscore) { + highscore = score; + oldest_idle = conn; } - curr = curr->next; } + } + return oldest_idle; +} - he = Curl_hash_next_element(&iter); +bool Curl_cpool_find(struct Curl_easy *data, + const char *destination, size_t dest_len, + Curl_cpool_conn_match_cb *conn_cb, + Curl_cpool_done_match_cb *done_cb, + void *userdata) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_bundle *bundle; + bool result = FALSE; + + DEBUGASSERT(cpool); + DEBUGASSERT(conn_cb); + if(!cpool) + return FALSE; + + CPOOL_LOCK(cpool); + bundle = Curl_hash_pick(&cpool->dest2bundle, (void *)destination, dest_len); + if(bundle) { + struct Curl_llist_node *curr = Curl_llist_head(&bundle->conns); + while(curr) { + struct connectdata *conn = Curl_node_elem(curr); + /* Get next node now. callback might discard current */ + curr = Curl_node_next(curr); + + if(conn_cb(conn, userdata)) { + result = TRUE; + break; + } + } } - if(conn_candidate) { - /* remove it to prevent another thread from nicking it */ - bundle_remove_conn(bundle_candidate, conn_candidate); - connc->num_conn--; - DEBUGF(infof(data, "The cache now contains %zu members", - connc->num_conn)); + + if(done_cb) { + result = done_cb(result, userdata); } - CONNCACHE_UNLOCK(data); + CPOOL_UNLOCK(cpool); + return result; +} + +static void cpool_shutdown_discard_all(struct cpool *cpool) +{ + struct Curl_llist_node *e = Curl_llist_head(&cpool->shutdowns); + struct connectdata *conn; - return conn_candidate; + if(!e) + return; + + DEBUGF(infof(cpool->idata, "cpool_shutdown_discard_all")); + while(e) { + conn = Curl_node_elem(e); + Curl_node_remove(e); + DEBUGF(infof(cpool->idata, "discard connection #%" FMT_OFF_T, + conn->connection_id)); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); + e = Curl_llist_head(&cpool->shutdowns); + } } -void Curl_conncache_close_all_connections(struct conncache *connc) +static void cpool_close_and_destroy_all(struct cpool *cpool) { struct connectdata *conn; + int timeout_ms = 0; SIGPIPE_VARIABLE(pipe_st); - if(!connc->closure_handle) - return; - conn = conncache_find_first_connection(connc); + DEBUGASSERT(cpool); + /* Move all connections to the shutdown list */ + sigpipe_init(&pipe_st); + CPOOL_LOCK(cpool); + conn = cpool_get_live_conn(cpool); while(conn) { - sigpipe_ignore(connc->closure_handle, &pipe_st); - /* This will remove the connection from the cache */ + cpool_remove_conn(cpool, conn); + sigpipe_apply(cpool->idata, &pipe_st); connclose(conn, "kill all"); - Curl_conncache_remove_conn(connc->closure_handle, conn, TRUE); - Curl_disconnect(connc->closure_handle, conn, FALSE); - sigpipe_restore(&pipe_st); + cpool_discard_conn(cpool, cpool->idata, conn, FALSE); - conn = conncache_find_first_connection(connc); + conn = cpool_get_live_conn(cpool); } + CPOOL_UNLOCK(cpool); + + /* Just for testing, run graceful shutdown */ +#ifdef DEBUGBUILD + { + char *p = getenv("CURL_GRACEFUL_SHUTDOWN"); + if(p) { + long l = strtol(p, NULL, 10); + if(l > 0 && l < INT_MAX) + timeout_ms = (int)l; + } + } +#endif + sigpipe_apply(cpool->idata, &pipe_st); + cpool_shutdown_all(cpool, cpool->idata, timeout_ms); - sigpipe_ignore(connc->closure_handle, &pipe_st); + /* discard all connections in the shutdown list */ + cpool_shutdown_discard_all(cpool); - Curl_hostcache_clean(connc->closure_handle, - connc->closure_handle->dns.hostcache); - Curl_close(&connc->closure_handle); + Curl_hostcache_clean(cpool->idata, cpool->idata->dns.hostcache); sigpipe_restore(&pipe_st); } + +static void cpool_shutdown_destroy_oldest(struct cpool *cpool) +{ + struct Curl_llist_node *e; + struct connectdata *conn; + + e = Curl_llist_head(&cpool->shutdowns); + if(e) { + SIGPIPE_VARIABLE(pipe_st); + conn = Curl_node_elem(e); + Curl_node_remove(e); + sigpipe_init(&pipe_st); + sigpipe_apply(cpool->idata, &pipe_st); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); + sigpipe_restore(&pipe_st); + } +} + +static void cpool_discard_conn(struct cpool *cpool, + struct Curl_easy *data, + struct connectdata *conn, + bool aborted) +{ + bool done = FALSE; + + DEBUGASSERT(data); + DEBUGASSERT(cpool); + DEBUGASSERT(!conn->bits.in_cpool); + + /* + * If this connection is not marked to force-close, leave it open if there + * are other users of it + */ + if(CONN_INUSE(conn) && !aborted) { + DEBUGF(infof(data, "[CCACHE] not discarding #%" FMT_OFF_T + " still in use by %zu transfers", conn->connection_id, + CONN_INUSE(conn))); + return; + } + + /* treat the connection as aborted in CONNECT_ONLY situations, we do + * not know what the APP did with it. */ + if(conn->connect_only) + aborted = TRUE; + conn->bits.aborted = aborted; + + /* We do not shutdown dead connections. The term 'dead' can be misleading + * here, as we also mark errored connections/transfers as 'dead'. + * If we do a shutdown for an aborted transfer, the server might think + * it was successful otherwise (for example an ftps: upload). This is + * not what we want. */ + if(aborted) + done = TRUE; + if(!done) { + /* Attempt to shutdown the connection right away. */ + Curl_attach_connection(data, conn); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); + Curl_detach_connection(data); + } + + if(done) { + cpool_close_and_destroy(cpool, conn, data, FALSE); + return; + } + + /* Add the connection to our shutdown list for non-blocking shutdown + * during multi processing. */ + if(data->multi && data->multi->max_shutdown_connections > 0 && + (data->multi->max_shutdown_connections >= + (long)Curl_llist_count(&cpool->shutdowns))) { + DEBUGF(infof(data, "[CCACHE] discarding oldest shutdown connection " + "due to limit of %ld", + data->multi->max_shutdown_connections)); + cpool_shutdown_destroy_oldest(cpool); + } + + if(data->multi && data->multi->socket_cb) { + DEBUGASSERT(cpool == &data->multi->cpool); + /* Start with an empty shutdown pollset, so out internal closure handle + * is added to the sockets. */ + memset(&conn->shutdown_poll, 0, sizeof(conn->shutdown_poll)); + if(cpool_update_shutdown_ev(data->multi, cpool->idata, conn)) { + DEBUGF(infof(data, "[CCACHE] update events for shutdown failed, " + "discarding #%" FMT_OFF_T, + conn->connection_id)); + cpool_close_and_destroy(cpool, conn, data, FALSE); + return; + } + } + + Curl_llist_append(&cpool->shutdowns, conn, &conn->cpool_node); + DEBUGF(infof(data, "[CCACHE] added #%" FMT_OFF_T + " to shutdown list of length %zu", conn->connection_id, + Curl_llist_count(&cpool->shutdowns))); +} + +void Curl_cpool_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool aborted) +{ + struct cpool *cpool = cpool_get_instance(data); + bool do_lock; + + DEBUGASSERT(cpool); + DEBUGASSERT(data && !data->conn); + if(!cpool) + return; + + /* If this connection is not marked to force-close, leave it open if there + * are other users of it */ + if(CONN_INUSE(conn) && !aborted) { + DEBUGASSERT(0); /* does this ever happen? */ + DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); + return; + } + + /* This method may be called while we are under lock, e.g. from a + * user callback in find. */ + do_lock = !CPOOL_IS_LOCKED(cpool); + if(do_lock) + CPOOL_LOCK(cpool); + + if(conn->bits.in_cpool) { + cpool_remove_conn(cpool, conn); + DEBUGASSERT(!conn->bits.in_cpool); + } + + /* Run the callback to let it clean up anything it wants to. */ + aborted = cpool->disconnect_cb(data, conn, aborted); + + if(data->multi) { + /* Add it to the multi's cpool for shutdown handling */ + infof(data, "%s connection #%" FMT_OFF_T, + aborted? "closing" : "shutting down", conn->connection_id); + cpool_discard_conn(&data->multi->cpool, data, conn, aborted); + } + else { + /* No multi available. Make a best-effort shutdown + close */ + infof(data, "closing connection #%" FMT_OFF_T, conn->connection_id); + cpool_close_and_destroy(NULL, conn, data, !aborted); + } + + if(do_lock) + CPOOL_UNLOCK(cpool); +} + +static void cpool_run_conn_shutdown_handler(struct Curl_easy *data, + struct connectdata *conn) +{ + if(!conn->bits.shutdown_handler) { + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); + + /* Cleanup NTLM connection-related data */ + Curl_http_auth_cleanup_ntlm(conn); + + /* Cleanup NEGOTIATE connection-related data */ + Curl_http_auth_cleanup_negotiate(conn); + + if(conn->handler && conn->handler->disconnect) { + /* This is set if protocol-specific cleanups should be made */ + DEBUGF(infof(data, "connection #%" FMT_OFF_T + ", shutdown protocol handler (aborted=%d)", + conn->connection_id, conn->bits.aborted)); + + conn->handler->disconnect(data, conn, conn->bits.aborted); + } + + /* possible left-overs from the async name resolvers */ + Curl_resolver_cancel(data); + + conn->bits.shutdown_handler = TRUE; + } +} + +static void cpool_run_conn_shutdown(struct Curl_easy *data, + struct connectdata *conn, + bool *done) +{ + CURLcode r1, r2; + bool done1, done2; + + /* We expect to be attached when called */ + DEBUGASSERT(data->conn == conn); + + cpool_run_conn_shutdown_handler(data, conn); + + if(conn->bits.shutdown_filters) { + *done = TRUE; + return; + } + + if(!conn->connect_only && Curl_conn_is_connected(conn, FIRSTSOCKET)) + r1 = Curl_conn_shutdown(data, FIRSTSOCKET, &done1); + else { + r1 = CURLE_OK; + done1 = TRUE; + } + + if(!conn->connect_only && Curl_conn_is_connected(conn, SECONDARYSOCKET)) + r2 = Curl_conn_shutdown(data, SECONDARYSOCKET, &done2); + else { + r2 = CURLE_OK; + done2 = TRUE; + } + + /* we are done when any failed or both report success */ + *done = (r1 || r2 || (done1 && done2)); + if(*done) + conn->bits.shutdown_filters = TRUE; +} + +static CURLcode cpool_add_pollfds(struct cpool *cpool, + struct curl_pollfds *cpfds) +{ + CURLcode result = CURLE_OK; + + if(Curl_llist_head(&cpool->shutdowns)) { + struct Curl_llist_node *e; + struct easy_pollset ps; + struct connectdata *conn; + + for(e = Curl_llist_head(&cpool->shutdowns); e; + e = Curl_node_next(e)) { + conn = Curl_node_elem(e); + memset(&ps, 0, sizeof(ps)); + Curl_attach_connection(cpool->idata, conn); + Curl_conn_adjust_pollset(cpool->idata, &ps); + Curl_detach_connection(cpool->idata); + + result = Curl_pollfds_add_ps(cpfds, &ps); + if(result) { + Curl_pollfds_cleanup(cpfds); + goto out; + } + } + } +out: + return result; +} + +CURLcode Curl_cpool_add_pollfds(struct cpool *cpool, + struct curl_pollfds *cpfds) +{ + CURLcode result; + CPOOL_LOCK(cpool); + result = cpool_add_pollfds(cpool, cpfds); + CPOOL_UNLOCK(cpool); + return result; +} + +CURLcode Curl_cpool_add_waitfds(struct cpool *cpool, + struct curl_waitfds *cwfds) +{ + CURLcode result = CURLE_OK; + + CPOOL_LOCK(cpool); + if(Curl_llist_head(&cpool->shutdowns)) { + struct Curl_llist_node *e; + struct easy_pollset ps; + struct connectdata *conn; + + for(e = Curl_llist_head(&cpool->shutdowns); e; + e = Curl_node_next(e)) { + conn = Curl_node_elem(e); + memset(&ps, 0, sizeof(ps)); + Curl_attach_connection(cpool->idata, conn); + Curl_conn_adjust_pollset(cpool->idata, &ps); + Curl_detach_connection(cpool->idata); + + result = Curl_waitfds_add_ps(cwfds, &ps); + if(result) + goto out; + } + } +out: + CPOOL_UNLOCK(cpool); + return result; +} + +static void cpool_perform(struct cpool *cpool) +{ + struct Curl_easy *data = cpool->idata; + struct Curl_llist_node *e = Curl_llist_head(&cpool->shutdowns); + struct Curl_llist_node *enext; + struct connectdata *conn; + struct curltime *nowp = NULL; + struct curltime now; + timediff_t next_from_now_ms = 0, ms; + bool done; + + if(!e) + return; + + DEBUGASSERT(data); + DEBUGF(infof(data, "[CCACHE] perform, %zu connections being shutdown", + Curl_llist_count(&cpool->shutdowns))); + while(e) { + enext = Curl_node_next(e); + conn = Curl_node_elem(e); + Curl_attach_connection(data, conn); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); + Curl_detach_connection(data); + if(done) { + Curl_node_remove(e); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); + } + else { + /* Not done, when does this connection time out? */ + if(!nowp) { + now = Curl_now(); + nowp = &now; + } + ms = Curl_conn_shutdown_timeleft(conn, nowp); + if(ms && ms < next_from_now_ms) + next_from_now_ms = ms; + } + e = enext; + } + + if(next_from_now_ms) + Curl_expire(data, next_from_now_ms, EXPIRE_RUN_NOW); +} + +void Curl_cpool_multi_perform(struct Curl_multi *multi) +{ + CPOOL_LOCK(&multi->cpool); + cpool_perform(&multi->cpool); + CPOOL_UNLOCK(&multi->cpool); +} + + +/* + * Close and destroy the connection. Run the shutdown sequence once, + * of so requested. + */ +static void cpool_close_and_destroy(struct cpool *cpool, + struct connectdata *conn, + struct Curl_easy *data, + bool do_shutdown) +{ + bool done; + + /* there must be a connection to close */ + DEBUGASSERT(conn); + /* it must be removed from the connection pool */ + DEBUGASSERT(!conn->bits.in_cpool); + /* there must be an associated transfer */ + DEBUGASSERT(data || cpool); + if(!data) + data = cpool->idata; + + /* the transfer must be detached from the connection */ + DEBUGASSERT(data && !data->conn); + + Curl_attach_connection(data, conn); + + cpool_run_conn_shutdown_handler(data, conn); + if(do_shutdown) { + /* Make a last attempt to shutdown handlers and filters, if + * not done so already. */ + cpool_run_conn_shutdown(data, conn, &done); + } + + if(cpool) + DEBUGF(infof(data, "[CCACHE] closing #%" FMT_OFF_T, + conn->connection_id)); + else + DEBUGF(infof(data, "closing connection #%" FMT_OFF_T, + conn->connection_id)); + Curl_conn_close(data, SECONDARYSOCKET); + Curl_conn_close(data, FIRSTSOCKET); + Curl_detach_connection(data); + + Curl_conn_free(data, conn); +} + + +static CURLMcode cpool_update_shutdown_ev(struct Curl_multi *multi, + struct Curl_easy *data, + struct connectdata *conn) +{ + struct easy_pollset ps; + CURLMcode mresult; + + DEBUGASSERT(data); + DEBUGASSERT(multi); + DEBUGASSERT(multi->socket_cb); + + memset(&ps, 0, sizeof(ps)); + Curl_attach_connection(data, conn); + Curl_conn_adjust_pollset(data, &ps); + Curl_detach_connection(data); + + mresult = Curl_multi_pollset_ev(multi, data, &ps, &conn->shutdown_poll); + + if(!mresult) /* Remember for next time */ + memcpy(&conn->shutdown_poll, &ps, sizeof(ps)); + return mresult; +} + +void Curl_cpool_multi_socket(struct Curl_multi *multi, + curl_socket_t s, int ev_bitmask) +{ + struct cpool *cpool = &multi->cpool; + struct Curl_easy *data = cpool->idata; + struct Curl_llist_node *e; + struct connectdata *conn; + bool done; + + (void)ev_bitmask; + DEBUGASSERT(multi->socket_cb); + CPOOL_LOCK(cpool); + e = Curl_llist_head(&cpool->shutdowns); + while(e) { + conn = Curl_node_elem(e); + if(s == conn->sock[FIRSTSOCKET] || s == conn->sock[SECONDARYSOCKET]) { + Curl_attach_connection(data, conn); + cpool_run_conn_shutdown(data, conn, &done); + DEBUGF(infof(data, "[CCACHE] shutdown #%" FMT_OFF_T ", done=%d", + conn->connection_id, done)); + Curl_detach_connection(data); + if(done || cpool_update_shutdown_ev(multi, data, conn)) { + Curl_node_remove(e); + cpool_close_and_destroy(cpool, conn, NULL, FALSE); + } + break; + } + e = Curl_node_next(e); + } + CPOOL_UNLOCK(cpool); +} + +#define NUM_POLLS_ON_STACK 10 + +static CURLcode cpool_shutdown_wait(struct cpool *cpool, int timeout_ms) +{ + struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; + struct curl_pollfds cpfds; + CURLcode result; + + Curl_pollfds_init(&cpfds, a_few_on_stack, NUM_POLLS_ON_STACK); + + result = cpool_add_pollfds(cpool, &cpfds); + if(result) + goto out; + + Curl_poll(cpfds.pfds, cpfds.n, CURLMIN(timeout_ms, 1000)); + +out: + Curl_pollfds_cleanup(&cpfds); + return result; +} + +static void cpool_shutdown_all(struct cpool *cpool, + struct Curl_easy *data, int timeout_ms) +{ + struct connectdata *conn; + struct curltime started = Curl_now(); + + if(!data) + return; + (void)data; + + DEBUGF(infof(data, "cpool shutdown all")); + + /* Move all connections into the shutdown queue */ + for(conn = cpool_get_live_conn(cpool); conn; + conn = cpool_get_live_conn(cpool)) { + /* Move conn from live set to shutdown or destroy right away */ + DEBUGF(infof(data, "moving connection #%" FMT_OFF_T + " to shutdown queue", conn->connection_id)); + cpool_remove_conn(cpool, conn); + cpool_discard_conn(cpool, data, conn, FALSE); + } + + while(Curl_llist_head(&cpool->shutdowns)) { + timediff_t timespent; + int remain_ms; + + cpool_perform(cpool); + + if(!Curl_llist_head(&cpool->shutdowns)) { + DEBUGF(infof(data, "cpool shutdown ok")); + break; + } + + /* wait for activity, timeout or "nothing" */ + timespent = Curl_timediff(Curl_now(), started); + if(timespent >= (timediff_t)timeout_ms) { + DEBUGF(infof(data, "cpool shutdown %s", + (timeout_ms > 0)? "timeout" : "best effort done")); + break; + } + + remain_ms = timeout_ms - (int)timespent; + if(cpool_shutdown_wait(cpool, remain_ms)) { + DEBUGF(infof(data, "cpool shutdown all, abort")); + break; + } + } + + /* Due to errors/timeout, we might come here without being done. */ + cpool_shutdown_discard_all(cpool); +} + +struct cpool_reaper_ctx { + struct curltime now; +}; + +static int cpool_reap_dead_cb(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_reaper_ctx *rctx = param; + if(Curl_conn_seems_dead(conn, data, &rctx->now)) { + /* stop the iteration here, pass back the connection that was pruned */ + Curl_cpool_disconnect(data, conn, FALSE); + return 1; + } + return 0; /* continue iteration */ +} + +/* + * This function scans the data's connection pool for half-open/dead + * connections, closes and removes them. + * The cleanup is done at most once per second. + * + * When called, this transfer has no connection attached. + */ +void Curl_cpool_prune_dead(struct Curl_easy *data) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_reaper_ctx rctx; + timediff_t elapsed; + + if(!cpool) + return; + + rctx.now = Curl_now(); + CPOOL_LOCK(cpool); + elapsed = Curl_timediff(rctx.now, cpool->last_cleanup); + + if(elapsed >= 1000L) { + while(cpool_foreach(data, cpool, &rctx, cpool_reap_dead_cb)) + ; + cpool->last_cleanup = rctx.now; + } + CPOOL_UNLOCK(cpool); +} + +static int conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + void *param) +{ + struct curltime *now = param; + /* TODO, shall we reap connections that return an error here? */ + Curl_conn_upkeep(data, conn, now); + return 0; /* continue iteration */ +} + +CURLcode Curl_cpool_upkeep(void *data) +{ + struct cpool *cpool = cpool_get_instance(data); + struct curltime now = Curl_now(); + + if(!cpool) + return CURLE_OK; + + CPOOL_LOCK(cpool); + cpool_foreach(data, cpool, &now, conn_upkeep); + CPOOL_UNLOCK(cpool); + return CURLE_OK; +} + +struct cpool_find_ctx { + curl_off_t id; + struct connectdata *conn; +}; + +static int cpool_find_conn(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_find_ctx *fctx = param; + (void)data; + if(conn->connection_id == fctx->id) { + fctx->conn = conn; + return 1; + } + return 0; +} + +struct connectdata *Curl_cpool_get_conn(struct Curl_easy *data, + curl_off_t conn_id) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_find_ctx fctx; + + if(!cpool) + return NULL; + fctx.id = conn_id; + fctx.conn = NULL; + CPOOL_LOCK(cpool); + cpool_foreach(cpool->idata, cpool, &fctx, cpool_find_conn); + CPOOL_UNLOCK(cpool); + return fctx.conn; +} + +struct cpool_do_conn_ctx { + curl_off_t id; + Curl_cpool_conn_do_cb *cb; + void *cbdata; +}; + +static int cpool_do_conn(struct Curl_easy *data, + struct connectdata *conn, void *param) +{ + struct cpool_do_conn_ctx *dctx = param; + (void)data; + if(conn->connection_id == dctx->id) { + dctx->cb(conn, data, dctx->cbdata); + return 1; + } + return 0; +} + +void Curl_cpool_do_by_id(struct Curl_easy *data, curl_off_t conn_id, + Curl_cpool_conn_do_cb *cb, void *cbdata) +{ + struct cpool *cpool = cpool_get_instance(data); + struct cpool_do_conn_ctx dctx; + + if(!cpool) + return; + dctx.id = conn_id; + dctx.cb = cb; + dctx.cbdata = cbdata; + CPOOL_LOCK(cpool); + cpool_foreach(data, cpool, &dctx, cpool_do_conn); + CPOOL_UNLOCK(cpool); +} + +void Curl_cpool_do_locked(struct Curl_easy *data, + struct connectdata *conn, + Curl_cpool_conn_do_cb *cb, void *cbdata) +{ + struct cpool *cpool = cpool_get_instance(data); + if(cpool) { + CPOOL_LOCK(cpool); + cb(conn, data, cbdata); + CPOOL_UNLOCK(cpool); + } + else + cb(conn, data, cbdata); +} + #if 0 -/* Useful for debugging the connection cache */ -void Curl_conncache_print(struct conncache *connc) +/* Useful for debugging the connection pool */ +void Curl_cpool_print(struct cpool *cpool) { struct Curl_hash_iterator iter; - struct Curl_llist_element *curr; + struct Curl_llist_node *curr; struct Curl_hash_element *he; - if(!connc) + if(!cpool) return; fprintf(stderr, "=Bundle cache=\n"); - Curl_hash_start_iterate(connc->hash, &iter); + Curl_hash_start_iterate(cpool->dest2bundle, &iter); he = Curl_hash_next_element(&iter); while(he) { - struct connectbundle *bundle; + struct cpool_bundle *bundle; struct connectdata *conn; bundle = he->ptr; fprintf(stderr, "%s -", he->key); - curr = bundle->conn_list->head; + curr = Curl_llist_head(bundle->conns); while(curr) { - conn = curr->ptr; + conn = Curl_node_elem(curr); - fprintf(stderr, " [%p %d]", (void *)conn, conn->inuse); - curr = curr->next; + fprintf(stderr, " [%p %d]", (void *)conn, conn->refcount); + curr = Curl_node_next(curr); } fprintf(stderr, "\n"); diff --git a/vendor/hydra/vendor/curl/lib/conncache.h b/vendor/hydra/vendor/curl/lib/conncache.h index e6851239..a379ee74 100644 --- a/vendor/hydra/vendor/curl/lib/conncache.h +++ b/vendor/hydra/vendor/curl/lib/conncache.h @@ -25,98 +25,177 @@ * ***************************************************************************/ -/* - * All accesses to struct fields and changing of data in the connection cache - * and connectbundles must be done with the conncache LOCKED. The cache might - * be shared. - */ - #include #include "timeval.h" struct connectdata; +struct Curl_easy; +struct curl_pollfds; +struct curl_waitfds; +struct Curl_multi; +struct Curl_share; -struct conncache { - struct Curl_hash hash; +/** + * Callback invoked when disconnecting connections. + * @param data transfer last handling the connection, not attached + * @param conn the connection to discard + * @param aborted if the connection is being aborted + * @return if the connection is being aborted, e.g. should NOT perform + * a shutdown and just close. + **/ +typedef bool Curl_cpool_disconnect_cb(struct Curl_easy *data, + struct connectdata *conn, + bool aborted); + +struct cpool { + /* the pooled connections, bundled per destination */ + struct Curl_hash dest2bundle; size_t num_conn; curl_off_t next_connection_id; curl_off_t next_easy_id; struct curltime last_cleanup; - /* handle used for closing cached connections */ - struct Curl_easy *closure_handle; + struct Curl_llist shutdowns; /* The connections being shut down */ + struct Curl_easy *idata; /* internal handle used for discard */ + struct Curl_multi *multi; /* != NULL iff pool belongs to multi */ + struct Curl_share *share; /* != NULL iff pool belongs to share */ + Curl_cpool_disconnect_cb *disconnect_cb; + BIT(locked); }; -#define BUNDLE_NO_MULTIUSE -1 -#define BUNDLE_UNKNOWN 0 /* initial value */ -#define BUNDLE_MULTIPLEX 2 - -#ifdef CURLDEBUG -/* the debug versions of these macros make extra certain that the lock is - never doubly locked or unlocked */ -#define CONNCACHE_LOCK(x) \ - do { \ - if((x)->share) { \ - Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, \ - CURL_LOCK_ACCESS_SINGLE); \ - DEBUGASSERT(!(x)->state.conncache_lock); \ - (x)->state.conncache_lock = TRUE; \ - } \ - } while(0) - -#define CONNCACHE_UNLOCK(x) \ - do { \ - if((x)->share) { \ - DEBUGASSERT((x)->state.conncache_lock); \ - (x)->state.conncache_lock = FALSE; \ - Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT); \ - } \ - } while(0) -#else -#define CONNCACHE_LOCK(x) if((x)->share) \ - Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE) -#define CONNCACHE_UNLOCK(x) if((x)->share) \ - Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) -#endif - -struct connectbundle { - int multiuse; /* supports multi-use */ - size_t num_connections; /* Number of connections in the bundle */ - struct Curl_llist conn_list; /* The connectdata members of the bundle */ -}; +/* Init the pool, pass multi only if pool is owned by it. + * returns 1 on error, 0 is fine. + */ +int Curl_cpool_init(struct cpool *cpool, + Curl_cpool_disconnect_cb *disconnect_cb, + struct Curl_multi *multi, + struct Curl_share *share, + size_t size); + +/* Destroy all connections and free all members */ +void Curl_cpool_destroy(struct cpool *connc); + +/* Init the transfer to be used within its connection pool. + * Assigns `data->id`. */ +void Curl_cpool_xfer_init(struct Curl_easy *data); + +/** + * Get the connection with the given id from the transfer's pool. + */ +struct connectdata *Curl_cpool_get_conn(struct Curl_easy *data, + curl_off_t conn_id); + +CURLcode Curl_cpool_add_conn(struct Curl_easy *data, + struct connectdata *conn) WARN_UNUSED_RESULT; + +/** + * Return if the pool has reached its configured limits for adding + * the given connection. Will try to discard the oldest, idle + * connections to make space. + */ +#define CPOOL_LIMIT_OK 0 +#define CPOOL_LIMIT_DEST 1 +#define CPOOL_LIMIT_TOTAL 2 +int Curl_cpool_check_limits(struct Curl_easy *data, + struct connectdata *conn); + +/* Return of conn is suitable. If so, stops iteration. */ +typedef bool Curl_cpool_conn_match_cb(struct connectdata *conn, + void *userdata); + +/* Act on the result of the find, may override it. */ +typedef bool Curl_cpool_done_match_cb(bool result, void *userdata); + +/** + * Find a connection in the pool matching `destination`. + * All callbacks are invoked while the pool's lock is held. + * @param data current transfer + * @param destination match agaonst `conn->destination` in pool + * @param dest_len destination length, including terminating NUL + * @param conn_cb must be present, called for each connection in the + * bundle until it returns TRUE + * @param result_cb if not NULL, is called at the end with the result + * of the `conn_cb` or FALSE if never called. + * @return combined result of last conn_db and result_cb or FALSE if no + connections were present. + */ +bool Curl_cpool_find(struct Curl_easy *data, + const char *destination, size_t dest_len, + Curl_cpool_conn_match_cb *conn_cb, + Curl_cpool_done_match_cb *done_cb, + void *userdata); + +/* + * A connection (already in the pool) is now idle. Do any + * cleanups in regard to the pool's limits. + * + * Return TRUE if idle connection kept in pool, FALSE if closed. + */ +bool Curl_cpool_conn_now_idle(struct Curl_easy *data, + struct connectdata *conn); + +/** + * Remove the connection from the pool and tear it down. + * If `aborted` is FALSE, the connection will be shut down first + * before closing and destroying it. + * If the shutdown is not immediately complete, the connection + * will be placed into the pool's shutdown queue. + */ +void Curl_cpool_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool aborted); + +/** + * This function scans the data's connection pool for half-open/dead + * connections, closes and removes them. + * The cleanup is done at most once per second. + * + * When called, this transfer has no connection attached. + */ +void Curl_cpool_prune_dead(struct Curl_easy *data); + +/** + * Perform upkeep actions on connections in the transfer's pool. + */ +CURLcode Curl_cpool_upkeep(void *data); + +typedef void Curl_cpool_conn_do_cb(struct connectdata *conn, + struct Curl_easy *data, + void *cbdata); + +/** + * Invoke the callback on the pool's connection with the + * given connection id (if it exists). + */ +void Curl_cpool_do_by_id(struct Curl_easy *data, + curl_off_t conn_id, + Curl_cpool_conn_do_cb *cb, void *cbdata); + +/** + * Invoked the callback for the given data + connection under the + * connection pool's lock. + * The callback is always invoked, even if the transfer has no connection + * pool associated. + */ +void Curl_cpool_do_locked(struct Curl_easy *data, + struct connectdata *conn, + Curl_cpool_conn_do_cb *cb, void *cbdata); + +/** + * Add sockets and POLLIN/OUT flags for connections handled by the pool. + */ +CURLcode Curl_cpool_add_pollfds(struct cpool *connc, + struct curl_pollfds *cpfds); +CURLcode Curl_cpool_add_waitfds(struct cpool *connc, + struct curl_waitfds *cwfds); + +/** + * Perform maintenance on connections in the pool. Specifically, + * progress the shutdown of connections in the queue. + */ +void Curl_cpool_multi_perform(struct Curl_multi *multi); + +void Curl_cpool_multi_socket(struct Curl_multi *multi, + curl_socket_t s, int ev_bitmask); -/* returns 1 on error, 0 is fine */ -int Curl_conncache_init(struct conncache *, size_t size); -void Curl_conncache_destroy(struct conncache *connc); - -/* return the correct bundle, to a host or a proxy */ -struct connectbundle *Curl_conncache_find_bundle(struct Curl_easy *data, - struct connectdata *conn, - struct conncache *connc); -/* returns number of connections currently held in the connection cache */ -size_t Curl_conncache_size(struct Curl_easy *data); - -bool Curl_conncache_return_conn(struct Curl_easy *data, - struct connectdata *conn); -CURLcode Curl_conncache_add_conn(struct Curl_easy *data) WARN_UNUSED_RESULT; -void Curl_conncache_remove_conn(struct Curl_easy *data, - struct connectdata *conn, - bool lock); -bool Curl_conncache_foreach(struct Curl_easy *data, - struct conncache *connc, - void *param, - int (*func)(struct Curl_easy *data, - struct connectdata *conn, - void *param)); - -struct connectdata * -Curl_conncache_find_first_connection(struct conncache *connc); - -struct connectdata * -Curl_conncache_extract_bundle(struct Curl_easy *data, - struct connectbundle *bundle); -struct connectdata * -Curl_conncache_extract_oldest(struct Curl_easy *data); -void Curl_conncache_close_all_connections(struct conncache *connc); -void Curl_conncache_print(struct conncache *connc); #endif /* HEADER_CURL_CONNCACHE_H */ diff --git a/vendor/hydra/vendor/curl/lib/connect.c b/vendor/hydra/vendor/curl/lib/connect.c index bf85e640..923f37ac 100644 --- a/vendor/hydra/vendor/curl/lib/connect.c +++ b/vendor/hydra/vendor/curl/lib/connect.c @@ -90,7 +90,7 @@ /* * Curl_timeleft() returns the amount of milliseconds left allowed for the - * transfer/connection. If the value is 0, there's no timeout (ie there's + * transfer/connection. If the value is 0, there is no timeout (ie there is * infinite time left). If the value is negative, the timeout time has already * elapsed. * @param data the transfer to check on @@ -142,29 +142,70 @@ timediff_t Curl_timeleft(struct Curl_easy *data, return (ctimeleft_ms < timeleft_ms)? ctimeleft_ms : timeleft_ms; } -/* Copies connection info into the transfer handle to make it available when - the transfer handle is no longer associated with the connection. */ -void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, - struct ip_quadruple *ip) +void Curl_shutdown_start(struct Curl_easy *data, int sockindex, + struct curltime *nowp) { - if(ip) - data->info.primary = *ip; - else { - memset(&data->info.primary, 0, sizeof(data->info.primary)); - data->info.primary.remote_port = -1; - data->info.primary.local_port = -1; + struct curltime now; + + DEBUGASSERT(data->conn); + if(!nowp) { + now = Curl_now(); + nowp = &now; } - data->info.conn_scheme = conn->handler->scheme; - /* conn_protocol can only provide "old" protocols */ - data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; - data->info.conn_remote_port = conn->remote_port; - data->info.used_proxy = -#ifdef CURL_DISABLE_PROXY - 0 -#else - conn->bits.proxy -#endif - ; + data->conn->shutdown.start[sockindex] = *nowp; + data->conn->shutdown.timeout_ms = (data->set.shutdowntimeout > 0) ? + data->set.shutdowntimeout : DEFAULT_SHUTDOWN_TIMEOUT_MS; +} + +timediff_t Curl_shutdown_timeleft(struct connectdata *conn, int sockindex, + struct curltime *nowp) +{ + struct curltime now; + timediff_t left_ms; + + if(!conn->shutdown.start[sockindex].tv_sec || !conn->shutdown.timeout_ms) + return 0; /* not started or no limits */ + + if(!nowp) { + now = Curl_now(); + nowp = &now; + } + left_ms = conn->shutdown.timeout_ms - + Curl_timediff(*nowp, conn->shutdown.start[sockindex]); + return left_ms? left_ms : -1; +} + +timediff_t Curl_conn_shutdown_timeleft(struct connectdata *conn, + struct curltime *nowp) +{ + timediff_t left_ms = 0, ms; + struct curltime now; + int i; + + for(i = 0; conn->shutdown.timeout_ms && (i < 2); ++i) { + if(!conn->shutdown.start[i].tv_sec) + continue; + if(!nowp) { + now = Curl_now(); + nowp = &now; + } + ms = Curl_shutdown_timeleft(conn, i, nowp); + if(ms && (!left_ms || ms < left_ms)) + left_ms = ms; + } + return left_ms; +} + +void Curl_shutdown_clear(struct Curl_easy *data, int sockindex) +{ + struct curltime *pt = &data->conn->shutdown.start[sockindex]; + memset(pt, 0, sizeof(*pt)); +} + +bool Curl_shutdown_started(struct Curl_easy *data, int sockindex) +{ + struct curltime *pt = &data->conn->shutdown.start[sockindex]; + return (pt->tv_sec > 0) || (pt->tv_usec > 0); } static const struct Curl_addrinfo * @@ -246,23 +287,6 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, return FALSE; } -struct connfind { - curl_off_t id_tofind; - struct connectdata *found; -}; - -static int conn_is_conn(struct Curl_easy *data, - struct connectdata *conn, void *param) -{ - struct connfind *f = (struct connfind *)param; - (void)data; - if(conn->connection_id == f->id_tofind) { - f->found = conn; - return 1; - } - return 0; -} - /* * Used to extract socket and connectdata struct for the most recent * transfer on the given Curl_easy. @@ -279,30 +303,19 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, * - that is associated with a multi handle, and whose connection * was detached with CURLOPT_CONNECT_ONLY */ - if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { - struct connectdata *c; - struct connfind find; - find.id_tofind = data->state.lastconnect_id; - find.found = NULL; - - Curl_conncache_foreach(data, - data->share && (data->share->specifier - & (1<< CURL_LOCK_DATA_CONNECT))? - &data->share->conn_cache: - data->multi_easy? - &data->multi_easy->conn_cache: - &data->multi->conn_cache, &find, conn_is_conn); - - if(!find.found) { + if(data->state.lastconnect_id != -1) { + struct connectdata *conn; + + conn = Curl_cpool_get_conn(data, data->state.lastconnect_id); + if(!conn) { data->state.lastconnect_id = -1; return CURL_SOCKET_BAD; } - c = find.found; if(connp) /* only store this if the caller cares for it */ - *connp = c; - return c->sock[FIRSTSOCKET]; + *connp = conn; + return conn->sock[FIRSTSOCKET]; } return CURL_SOCKET_BAD; } @@ -317,7 +330,7 @@ void Curl_conncontrol(struct connectdata *conn, #endif ) { - /* close if a connection, or a stream that isn't multiplexed. */ + /* close if a connection, or a stream that is not multiplexed. */ /* This function will be called both before and after this connection is associated with a transfer. */ bool closeit, is_multiplex; @@ -358,6 +371,7 @@ struct eyeballer { BIT(has_started); /* attempts have started */ BIT(is_done); /* out of addresses/time */ BIT(connected); /* cf has connected */ + BIT(shutdown); /* cf has shutdown */ BIT(inconclusive); /* connect was not a hard failure, we * might talk to a restarting server */ }; @@ -464,7 +478,7 @@ static void baller_initiate(struct Curl_cfilter *cf, CURLcode result; - /* Don't close a previous cfilter yet to ensure that the next IP's + /* Do not close a previous cfilter yet to ensure that the next IP's socket gets a different file descriptor, which can prevent bugs when the curl_multi_socket_action interface is used with certain select() replacements such as kqueue. */ @@ -533,9 +547,11 @@ static CURLcode baller_start_next(struct Curl_cfilter *cf, { if(cf->sockindex == FIRSTSOCKET) { baller_next_addr(baller); - /* If we get inconclusive answers from the server(s), we make - * a second iteration over the address list */ - if(!baller->addr && baller->inconclusive && !baller->rewinded) + /* If we get inconclusive answers from the server(s), we start + * again until this whole thing times out. This allows us to + * connect to servers that are gracefully restarting and the + * packet routing to the new instance has not happened yet (e.g. QUIC). */ + if(!baller->addr && baller->inconclusive) baller_rewind(baller); baller_start(cf, data, baller, timeoutms); } @@ -567,7 +583,7 @@ static CURLcode baller_connect(struct Curl_cfilter *cf, baller->is_done = TRUE; } else if(Curl_timediff(*now, baller->started) >= baller->timeoutms) { - infof(data, "%s connect timeout after %" CURL_FORMAT_TIMEDIFF_T + infof(data, "%s connect timeout after %" FMT_TIMEDIFF_T "ms, move on!", baller->name, baller->timeoutms); #if defined(ETIMEDOUT) baller->error = ETIMEDOUT; @@ -658,7 +674,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, /* Nothing connected, check the time before we might * start new ballers or return ok. */ if((ongoing || not_started) && Curl_timeleft(data, &now, TRUE) < 0) { - failf(data, "Connection timeout after %" CURL_FORMAT_CURL_OFF_T " ms", + failf(data, "Connection timeout after %" FMT_OFF_T " ms", Curl_timediff(now, data->progress.t_startsingle)); return CURLE_OPERATION_TIMEDOUT; } @@ -681,8 +697,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, CURL_TRC_CF(data, cf, "%s done", baller->name); } else { - CURL_TRC_CF(data, cf, "%s starting (timeout=%" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "%s starting (timeout=%" FMT_TIMEDIFF_T "ms)", baller->name, baller->timeoutms); ++ongoing; ++added; @@ -727,7 +742,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, hostname = conn->host.name; failf(data, "Failed to connect to %s port %u after " - "%" CURL_FORMAT_TIMEDIFF_T " ms: %s", + "%" FMT_TIMEDIFF_T " ms: %s", hostname, conn->primary.remote_port, Curl_timediff(now, data->progress.t_startsingle), curl_easy_strerror(result)); @@ -744,7 +759,7 @@ static CURLcode is_connected(struct Curl_cfilter *cf, } /* - * Connect to the given host with timeout, proxy or remote doesn't matter. + * Connect to the given host with timeout, proxy or remote does not matter. * There might be more than one IP address to try out. */ static CURLcode start_connect(struct Curl_cfilter *cf, @@ -754,9 +769,9 @@ static CURLcode start_connect(struct Curl_cfilter *cf, struct cf_he_ctx *ctx = cf->ctx; struct connectdata *conn = cf->conn; CURLcode result = CURLE_COULDNT_CONNECT; - int ai_family0, ai_family1; + int ai_family0 = 0, ai_family1 = 0; timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); - const struct Curl_addrinfo *addr0, *addr1; + const struct Curl_addrinfo *addr0 = NULL, *addr1 = NULL; if(timeout_ms < 0) { /* a precaution, no need to continue if time already is up */ @@ -775,33 +790,33 @@ static CURLcode start_connect(struct Curl_cfilter *cf, * the 2 connect attempt ballers to try different families, if possible. * */ - if(conn->ip_version == CURL_IPRESOLVE_WHATEVER) { - /* any IP version is allowed */ - ai_family0 = remotehost->addr? - remotehost->addr->ai_family : 0; + if(conn->ip_version == CURL_IPRESOLVE_V6) { #ifdef USE_IPV6 - ai_family1 = ai_family0 == AF_INET6 ? - AF_INET : AF_INET6; -#else - ai_family1 = AF_UNSPEC; + ai_family0 = AF_INET6; + addr0 = addr_first_match(remotehost->addr, ai_family0); #endif } + else if(conn->ip_version == CURL_IPRESOLVE_V4) { + ai_family0 = AF_INET; + addr0 = addr_first_match(remotehost->addr, ai_family0); + } else { - /* only one IP version is allowed */ - ai_family0 = (conn->ip_version == CURL_IPRESOLVE_V4) ? - AF_INET : + /* no user preference, we try ipv6 always first when available */ #ifdef USE_IPV6 - AF_INET6; -#else - AF_UNSPEC; + ai_family0 = AF_INET6; + addr0 = addr_first_match(remotehost->addr, ai_family0); #endif - ai_family1 = AF_UNSPEC; + /* next candidate is ipv4 */ + ai_family1 = AF_INET; + addr1 = addr_first_match(remotehost->addr, ai_family1); + /* no ip address families, probably AF_UNIX or something, use the + * address family given to us */ + if(!addr1 && !addr0 && remotehost->addr) { + ai_family0 = remotehost->addr->ai_family; + addr0 = addr_first_match(remotehost->addr, ai_family0); + } } - /* Get the first address in the list that matches the family, - * this might give NULL, if we do not have any matches. */ - addr0 = addr_first_match(remotehost->addr, ai_family0); - addr1 = addr_first_match(remotehost->addr, ai_family1); if(!addr0 && addr1) { /* switch around, so a single baller always uses addr0 */ addr0 = addr1; @@ -820,8 +835,7 @@ static CURLcode start_connect(struct Curl_cfilter *cf, timeout_ms, EXPIRE_DNS_PER_NAME); if(result) return result; - CURL_TRC_CF(data, cf, "created %s (timeout %" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "created %s (timeout %" FMT_TIMEDIFF_T "ms)", ctx->baller[0]->name, ctx->baller[0]->timeoutms); if(addr1) { /* second one gets a delayed start */ @@ -832,8 +846,7 @@ static CURLcode start_connect(struct Curl_cfilter *cf, timeout_ms, EXPIRE_DNS_PER_NAME2); if(result) return result; - CURL_TRC_CF(data, cf, "created %s (timeout %" - CURL_FORMAT_TIMEDIFF_T "ms)", + CURL_TRC_CF(data, cf, "created %s (timeout %" FMT_TIMEDIFF_T "ms)", ctx->baller[1]->name, ctx->baller[1]->timeoutms); Curl_expire(data, data->set.happy_eyeballs_timeout, EXPIRE_HAPPY_EYEBALLS); @@ -857,6 +870,46 @@ static void cf_he_ctx_clear(struct Curl_cfilter *cf, struct Curl_easy *data) ctx->winner = NULL; } +static CURLcode cf_he_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + struct cf_he_ctx *ctx = cf->ctx; + size_t i; + CURLcode result = CURLE_OK; + + DEBUGASSERT(data); + if(cf->connected) { + *done = TRUE; + return CURLE_OK; + } + + /* shutdown all ballers that have not done so already. If one fails, + * continue shutting down others until all are shutdown. */ + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { + struct eyeballer *baller = ctx->baller[i]; + bool bdone = FALSE; + if(!baller || !baller->cf || baller->shutdown) + continue; + baller->result = baller->cf->cft->do_shutdown(baller->cf, data, &bdone); + if(baller->result || bdone) + baller->shutdown = TRUE; /* treat a failed shutdown as done */ + } + + *done = TRUE; + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { + if(ctx->baller[i] && !ctx->baller[i]->shutdown) + *done = FALSE; + } + if(*done) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { + if(ctx->baller[i] && ctx->baller[i]->result) + result = ctx->baller[i]->result; + } + } + CURL_TRC_CF(data, cf, "shutdown -> %d, done=%d", result, *done); + return result; +} + static void cf_he_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) @@ -913,12 +966,20 @@ static CURLcode cf_he_connect(struct Curl_cfilter *cf, cf->next = ctx->winner->cf; ctx->winner->cf = NULL; cf_he_ctx_clear(cf, data); - Curl_conn_cf_cntrl(cf->next, data, TRUE, - CF_CTRL_CONN_INFO_UPDATE, 0, NULL); if(cf->conn->handler->protocol & PROTO_FAMILY_SSH) - Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */ - Curl_verboseconnect(data, cf->conn, cf->sockindex); + Curl_pgrsTime(data, TIMER_APPCONNECT); /* we are connected already */ + if(Curl_trc_cf_is_verbose(cf, data)) { + struct ip_quadruple ipquad; + int is_ipv6; + if(!Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad)) { + const char *host, *disphost; + int port; + cf->next->cft->get_host(cf->next, data, &host, &disphost, &port); + CURL_TRC_CF(data, cf, "Connected to %s (%s) port %u", + disphost, ipquad.remote_ip, ipquad.remote_port); + } + } data->info.numconnects++; /* to track the # of connections made */ } break; @@ -1052,6 +1113,7 @@ struct Curl_cftype Curl_cft_happy_eyeballs = { cf_he_destroy, cf_he_connect, cf_he_close, + cf_he_shutdown, Curl_cf_def_get_host, cf_he_adjust_pollset, cf_he_data_pending, @@ -1112,7 +1174,7 @@ struct transport_provider { }; static -#ifndef DEBUGBUILD +#ifndef UNITTESTS const #endif struct transport_provider transport_providers[] = { @@ -1316,6 +1378,7 @@ struct Curl_cftype Curl_cft_setup = { cf_setup_destroy, cf_setup_connect, cf_setup_close, + Curl_cf_def_shutdown, Curl_cf_def_get_host, Curl_cf_def_adjust_pollset, Curl_cf_def_data_pending, @@ -1378,7 +1441,7 @@ static CURLcode cf_setup_add(struct Curl_easy *data, return result; } -#ifdef DEBUGBUILD +#ifdef UNITTESTS /* used by unit2600.c */ void Curl_debug_set_transport_provider(int transport, cf_ip_connect_create *cf_create) @@ -1391,7 +1454,7 @@ void Curl_debug_set_transport_provider(int transport, } } } -#endif /* DEBUGBUILD */ +#endif /* UNITTESTS */ CURLcode Curl_cf_setup_insert_after(struct Curl_cfilter *cf_at, struct Curl_easy *data, diff --git a/vendor/hydra/vendor/curl/lib/connect.h b/vendor/hydra/vendor/curl/lib/connect.h index 00efe6f3..160db942 100644 --- a/vendor/hydra/vendor/curl/lib/connect.h +++ b/vendor/hydra/vendor/curl/lib/connect.h @@ -32,7 +32,7 @@ struct Curl_dns_entry; struct ip_quadruple; -/* generic function that returns how much time there's left to run, according +/* generic function that returns how much time there is left to run, according to the timeouts set */ timediff_t Curl_timeleft(struct Curl_easy *data, struct curltime *nowp, @@ -40,6 +40,26 @@ timediff_t Curl_timeleft(struct Curl_easy *data, #define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */ +#define DEFAULT_SHUTDOWN_TIMEOUT_MS (2 * 1000) + +void Curl_shutdown_start(struct Curl_easy *data, int sockindex, + struct curltime *nowp); + +/* return how much time there is left to shutdown the connection at + * sockindex. Returns 0 if there is no limit or shutdown has not started. */ +timediff_t Curl_shutdown_timeleft(struct connectdata *conn, int sockindex, + struct curltime *nowp); + +/* return how much time there is left to shutdown the connection. + * Returns 0 if there is no limit or shutdown has not started. */ +timediff_t Curl_conn_shutdown_timeleft(struct connectdata *conn, + struct curltime *nowp); + +void Curl_shutdown_clear(struct Curl_easy *data, int sockindex); + +/* TRUE iff shutdown has been started */ +bool Curl_shutdown_started(struct Curl_easy *data, int sockindex); + /* * Used to extract socket and connectdata struct for the most recent * transfer on the given Curl_easy. @@ -52,9 +72,6 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, char *addr, int *port); -void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, - struct ip_quadruple *ip); - /* * Curl_conncontrol() marks the end of a connection/stream. The 'closeit' * argument specifies if it is the end of a connection or a stream. @@ -125,7 +142,7 @@ CURLcode Curl_conn_setup(struct Curl_easy *data, extern struct Curl_cftype Curl_cft_happy_eyeballs; extern struct Curl_cftype Curl_cft_setup; -#ifdef DEBUGBUILD +#ifdef UNITTESTS void Curl_debug_set_transport_provider(int transport, cf_ip_connect_create *cf_create); #endif diff --git a/vendor/hydra/vendor/curl/lib/content_encoding.c b/vendor/hydra/vendor/curl/lib/content_encoding.c index d34d3a1f..c0b97f1f 100644 --- a/vendor/hydra/vendor/curl/lib/content_encoding.c +++ b/vendor/hydra/vendor/curl/lib/content_encoding.c @@ -79,10 +79,10 @@ #define GZIP_MAGIC_1 0x8b /* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ascii text */ +#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ #define HEAD_CRC 0x02 /* bit 1 set: header CRC present */ #define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ -#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ +#define ORIG_NAME 0x08 /* bit 3 set: original filename present */ #define COMMENT 0x10 /* bit 4 set: file comment present */ #define RESERVED 0xE0 /* bits 5..7: reserved */ @@ -192,7 +192,7 @@ static CURLcode inflate_stream(struct Curl_easy *data, zp->zlib_init != ZLIB_GZIP_INFLATING) return exit_zlib(data, z, &zp->zlib_init, CURLE_WRITE_ERROR); - /* Dynamically allocate a buffer for decompression because it's uncommonly + /* Dynamically allocate a buffer for decompression because it is uncommonly large to hold on the stack */ decomp = malloc(DSIZ); if(!decomp) @@ -246,7 +246,7 @@ static CURLcode inflate_stream(struct Curl_easy *data, to fix and continue anyway */ if(zp->zlib_init == ZLIB_INIT) { /* Do not use inflateReset2(): only available since zlib 1.2.3.4. */ - (void) inflateEnd(z); /* don't care about the return code */ + (void) inflateEnd(z); /* do not care about the return code */ if(inflateInit2(z, -MAX_WBITS) == Z_OK) { z->next_in = orig_in; z->avail_in = nread; @@ -266,7 +266,7 @@ static CURLcode inflate_stream(struct Curl_easy *data, } free(decomp); - /* We're about to leave this call so the `nread' data bytes won't be seen + /* We are about to leave this call so the `nread' data bytes will not be seen again. If we are in a state that would wrongly allow restart in raw mode at the next call, assume output has already started. */ if(nread && zp->zlib_init == ZLIB_INIT) @@ -388,7 +388,7 @@ static gzip_status check_gzip_header(unsigned char const *data, ssize_t len, flags = data[3]; if(method != Z_DEFLATED || (flags & RESERVED) != 0) { - /* Can't handle this compression method or unknown flag */ + /* cannot handle this compression method or unknown flag */ return GZIP_BAD; } @@ -412,7 +412,7 @@ static gzip_status check_gzip_header(unsigned char const *data, ssize_t len, } if(flags & ORIG_NAME) { - /* Skip over NUL-terminated file name */ + /* Skip over NUL-terminated filename */ while(len && *data) { --len; ++data; @@ -474,10 +474,10 @@ static CURLcode gzip_do_write(struct Curl_easy *data, return exit_zlib(data, z, &zp->zlib_init, CURLE_WRITE_ERROR); #else - /* This next mess is to get around the potential case where there isn't - * enough data passed in to skip over the gzip header. If that happens, we - * malloc a block and copy what we have then wait for the next call. If - * there still isn't enough (this is definitely a worst-case scenario), we + /* This next mess is to get around the potential case where there is not + * enough data passed in to skip over the gzip header. If that happens, we + * malloc a block and copy what we have then wait for the next call. If + * there still is not enough (this is definitely a worst-case scenario), we * make the block bigger, copy the next part in and keep waiting. * * This is only required with zlib versions < 1.2.0.4 as newer versions @@ -499,11 +499,11 @@ static CURLcode gzip_do_write(struct Curl_easy *data, break; case GZIP_UNDERFLOW: - /* We need more data so we can find the end of the gzip header. It's + /* We need more data so we can find the end of the gzip header. it is * possible that the memory block we malloc here will never be freed if - * the transfer abruptly aborts after this point. Since it's unlikely + * the transfer abruptly aborts after this point. Since it is unlikely * that circumstances will be right for this code path to be followed in - * the first place, and it's even more unlikely for a transfer to fail + * the first place, and it is even more unlikely for a transfer to fail * immediately afterwards, it should seldom be a problem. */ z->avail_in = (uInt) nbytes; @@ -513,7 +513,7 @@ static CURLcode gzip_do_write(struct Curl_easy *data, } memcpy(z->next_in, buf, z->avail_in); zp->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */ - /* We don't have any data to inflate yet */ + /* We do not have any data to inflate yet */ return CURLE_OK; case GZIP_BAD: @@ -536,18 +536,18 @@ static CURLcode gzip_do_write(struct Curl_easy *data, /* Append the new block of data to the previous one */ memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes); - switch(check_gzip_header(z->next_in, z->avail_in, &hlen)) { + switch(check_gzip_header(z->next_in, (ssize_t)z->avail_in, &hlen)) { case GZIP_OK: /* This is the zlib stream data */ free(z->next_in); - /* Don't point into the malloced block since we just freed it */ + /* Do not point into the malloced block since we just freed it */ z->next_in = (Bytef *) buf + hlen + nbytes - z->avail_in; - z->avail_in = (uInt) (z->avail_in - hlen); + z->avail_in = z->avail_in - (uInt)hlen; zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */ break; case GZIP_UNDERFLOW: - /* We still don't have any data to inflate! */ + /* We still do not have any data to inflate! */ return CURLE_OK; case GZIP_BAD: @@ -572,11 +572,11 @@ static CURLcode gzip_do_write(struct Curl_easy *data, } if(z->avail_in == 0) { - /* We don't have any data to inflate; wait until next time */ + /* We do not have any data to inflate; wait until next time */ return CURLE_OK; } - /* We've parsed the header, now uncompress the data */ + /* We have parsed the header, now uncompress the data */ return inflate_stream(data, writer, type, ZLIB_GZIP_INFLATING); #endif } @@ -909,18 +909,18 @@ static CURLcode error_do_write(struct Curl_easy *data, struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { - char all[256]; - (void)Curl_all_content_encodings(all, sizeof(all)); - (void) writer; (void) buf; (void) nbytes; if(!(type & CLIENTWRITE_BODY) || !nbytes) return Curl_cwriter_write(data, writer->next, type, buf, nbytes); - - failf(data, "Unrecognized content encoding type. " - "libcurl understands %s content encodings.", all); + else { + char all[256]; + (void)Curl_all_content_encodings(all, sizeof(all)); + failf(data, "Unrecognized content encoding type. " + "libcurl understands %s content encodings.", all); + } return CURLE_BAD_CONTENT_ENCODING; } @@ -966,7 +966,7 @@ static const struct Curl_cwtype *find_unencode_writer(const char *name, return NULL; } -/* Set-up the unencoding stack from the Content-Encoding header value. +/* Setup the unencoding stack from the Content-Encoding header value. * See RFC 7231 section 3.1.2.2. */ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const char *enclist, int is_transfer) @@ -994,6 +994,8 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const struct Curl_cwtype *cwt; struct Curl_cwriter *writer; + CURL_TRC_WRITE(data, "looking for %s decoder: %.*s", + is_transfer? "transfer" : "content", (int)namelen, name); is_chunked = (is_transfer && (namelen == 7) && strncasecompare(name, "chunked", 7)); /* if we skip the decoding in this phase, do not look further. @@ -1001,6 +1003,8 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, if((is_transfer && !data->set.http_transfer_encoding && !is_chunked) || (!is_transfer && data->set.http_ce_skip)) { /* not requested, ignore */ + CURL_TRC_WRITE(data, "decoder not requested, ignored: %.*s", + (int)namelen, name); return CURLE_OK; } @@ -1018,6 +1022,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, * "A sender MUST NOT apply the chunked transfer coding more than * once to a message body." */ + CURL_TRC_WRITE(data, "ignoring duplicate 'chunked' decoder"); return CURLE_OK; } @@ -1040,6 +1045,8 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, cwt = &error_writer; /* Defer error at use. */ result = Curl_cwriter_create(&writer, data, cwt, phase); + CURL_TRC_WRITE(data, "added %s decoder %s -> %d", + is_transfer? "transfer" : "content", cwt->name, result); if(result) return result; diff --git a/vendor/hydra/vendor/curl/lib/cookie.c b/vendor/hydra/vendor/curl/lib/cookie.c index 837caaab..95ca4a10 100644 --- a/vendor/hydra/vendor/curl/lib/cookie.c +++ b/vendor/hydra/vendor/curl/lib/cookie.c @@ -61,7 +61,7 @@ struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie, boolean informs the cookie if a secure connection is achieved or not. - It shall only return cookies that haven't expired. + It shall only return cookies that have not expired. Example set of cookies: @@ -150,7 +150,7 @@ static bool cookie_tailmatch(const char *cookie_domain, } /* - * matching cookie path and url path + * matching cookie path and URL path * RFC6265 5.1.4 Paths and Path-Match */ static bool pathmatch(const char *cookie_path, const char *request_uri) @@ -262,8 +262,9 @@ static size_t cookie_hash_domain(const char *domain, const size_t len) size_t h = 5381; while(domain < end) { + size_t j = (size_t)Curl_raw_toupper(*domain++); h += h << 5; - h ^= Curl_raw_toupper(*domain++); + h ^= j; } return (h % COOKIE_HASH_SIZE); @@ -373,7 +374,7 @@ static void strstore(char **str, const char *newstr, size_t len) * * Remove expired cookies from the hash by inspecting the expires timestamp on * each cookie in the hash, freeing and deleting any where the timestamp is in - * the past. If the cookiejar has recorded the next timestamp at which one or + * the past. If the cookiejar has recorded the next timestamp at which one or * more cookies expire, then processing will exit early in case this timestamp * is in the future. */ @@ -385,11 +386,11 @@ static void remove_expired(struct CookieInfo *cookies) /* * If the earliest expiration timestamp in the jar is in the future we can - * skip scanning the whole jar and instead exit early as there won't be any - * cookies to evict. If we need to evict however, reset the next_expiration - * counter in order to track the next one. In case the recorded first - * expiration is the max offset, then perform the safe fallback of checking - * all cookies. + * skip scanning the whole jar and instead exit early as there will not be + * any cookies to evict. If we need to evict however, reset the + * next_expiration counter in order to track the next one. In case the + * recorded first expiration is the max offset, then perform the safe + * fallback of checking all cookies. */ if(now < cookies->next_expiration && cookies->next_expiration != CURL_OFF_T_MAX) @@ -414,7 +415,7 @@ static void remove_expired(struct CookieInfo *cookies) } else { /* - * If this cookie has an expiration timestamp earlier than what we've + * If this cookie has an expiration timestamp earlier than what we have * seen so far then record it for the next round of expirations. */ if(co->expires && co->expires < cookies->next_expiration) @@ -473,7 +474,7 @@ static int invalid_octets(const char *p) * Curl_cookie_add * * Add a single cookie line to the cookie keeping object. Be aware that - * sometimes we get an IP-only host name, and that might also be a numerical + * sometimes we get an IP-only hostname, and that might also be a numerical * IPv6 address. * * Returns NULL on out of memory or invalid cookie. This is suboptimal, @@ -509,7 +510,7 @@ Curl_cookie_add(struct Curl_easy *data, /* First, alloc and init a new struct for it */ co = calloc(1, sizeof(struct Cookie)); if(!co) - return NULL; /* bail out if we're this low on memory */ + return NULL; /* bail out if we are this low on memory */ if(httpheader) { /* This line was read off an HTTP-header */ @@ -647,7 +648,7 @@ Curl_cookie_add(struct Curl_easy *data, else if((nlen == 8) && strncasecompare("httponly", namep, 8)) co->httponly = TRUE; else if(sep) - /* there was a '=' so we're not done parsing this field */ + /* there was a '=' so we are not done parsing this field */ done = FALSE; } if(done) @@ -681,9 +682,9 @@ Curl_cookie_add(struct Curl_easy *data, #ifndef USE_LIBPSL /* - * Without PSL we don't know when the incoming cookie is set on a + * Without PSL we do not know when the incoming cookie is set on a * TLD or otherwise "protected" suffix. To reduce risk, we require a - * dot OR the exact host name being "localhost". + * dot OR the exact hostname being "localhost". */ if(bad_domain(valuep, vlen)) domain = ":"; @@ -721,10 +722,10 @@ Curl_cookie_add(struct Curl_easy *data, /* * Defined in RFC2109: * - * Optional. The Max-Age attribute defines the lifetime of the - * cookie, in seconds. The delta-seconds value is a decimal non- - * negative integer. After delta-seconds seconds elapse, the - * client should discard the cookie. A value of zero means the + * Optional. The Max-Age attribute defines the lifetime of the + * cookie, in seconds. The delta-seconds value is a decimal non- + * negative integer. After delta-seconds seconds elapse, the + * client should discard the cookie. A value of zero means the * cookie should be discarded immediately. */ CURLofft offt; @@ -780,7 +781,7 @@ Curl_cookie_add(struct Curl_easy *data, } /* - * Else, this is the second (or more) name we don't know about! + * Else, this is the second (or more) name we do not know about! */ } else { @@ -806,7 +807,7 @@ Curl_cookie_add(struct Curl_easy *data, if(!badcookie && !co->path && path) { /* - * No path was given in the header line, set the default. Note that the + * No path was given in the header line, set the default. Note that the * passed-in path to this function MAY have a '?' and following part that * MUST NOT be stored as part of the path. */ @@ -835,7 +836,7 @@ Curl_cookie_add(struct Curl_easy *data, } /* - * If we didn't get a cookie name, or a bad one, the this is an illegal + * If we did not get a cookie name, or a bad one, the this is an illegal * line so bail out. */ if(badcookie || !co->name) { @@ -868,7 +869,7 @@ Curl_cookie_add(struct Curl_easy *data, } if(lineptr[0]=='#') { - /* don't even try the comments */ + /* do not even try the comments */ free(co); return NULL; } @@ -908,7 +909,7 @@ Curl_cookie_add(struct Curl_easy *data, case 2: /* The file format allows the path field to remain not filled in */ if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { - /* only if the path doesn't look like a boolean option! */ + /* only if the path does not look like a boolean option! */ co->path = strdup(ptr); if(!co->path) badcookie = TRUE; @@ -920,7 +921,7 @@ Curl_cookie_add(struct Curl_easy *data, } break; } - /* this doesn't look like a path, make one up! */ + /* this does not look like a path, make one up! */ co->path = strdup("/"); if(!co->path) badcookie = TRUE; @@ -1003,7 +1004,7 @@ Curl_cookie_add(struct Curl_easy *data, if(!c->running && /* read from a file */ c->newsession && /* clean session cookies */ - !co->expires) { /* this is a session cookie since it doesn't expire! */ + !co->expires) { /* this is a session cookie since it does not expire! */ freecookie(co); return NULL; } @@ -1024,9 +1025,11 @@ Curl_cookie_add(struct Curl_easy *data, #ifdef USE_LIBPSL /* * Check if the domain is a Public Suffix and if yes, ignore the cookie. We - * must also check that the data handle isn't NULL since the psl code will + * must also check that the data handle is not NULL since the psl code will * dereference it. */ + DEBUGF(infof(data, "PSL check set-cookie '%s' for domain=%s in %s", + co->name, co->domain, domain)); if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { bool acceptable = FALSE; char lcase[256]; @@ -1053,6 +1056,9 @@ Curl_cookie_add(struct Curl_easy *data, return NULL; } } +#else + DEBUGF(infof(data, "NO PSL to check set-cookie '%s' for domain=%s in %s", + co->name, co->domain, domain)); #endif /* A non-secure cookie may not overlay an existing secure cookie. */ @@ -1124,10 +1130,10 @@ Curl_cookie_add(struct Curl_easy *data, if(replace_old && !co->livecookie && clist->livecookie) { /* - * Both cookies matched fine, except that the already present cookie is - * "live", which means it was set from a header, while the new one was - * read from a file and thus isn't "live". "live" cookies are preferred - * so the new cookie is freed. + * Both cookies matched fine, except that the already present cookie + * is "live", which means it was set from a header, while the new one + * was read from a file and thus is not "live". "live" cookies are + * preferred so the new cookie is freed. */ freecookie(co); return NULL; @@ -1164,7 +1170,7 @@ Curl_cookie_add(struct Curl_easy *data, if(c->running) /* Only show this when NOT reading the cookies from a file */ infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, " - "expire %" CURL_FORMAT_CURL_OFF_T, + "expire %" FMT_OFF_T, replace_old?"Replaced":"Added", co->name, co->value, co->domain, co->path, co->expires); @@ -1178,7 +1184,7 @@ Curl_cookie_add(struct Curl_easy *data, } /* - * Now that we've added a new cookie to the jar, update the expiration + * Now that we have added a new cookie to the jar, update the expiration * tracker in case it is the next one to expire. */ if(co->expires && (co->expires < c->next_expiration)) @@ -1211,12 +1217,12 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, FILE *handle = NULL; if(!inc) { - /* we didn't get a struct, create one */ + /* we did not get a struct, create one */ c = calloc(1, sizeof(struct CookieInfo)); if(!c) return NULL; /* failed to get memory */ /* - * Initialize the next_expiration time to signal that we don't have enough + * Initialize the next_expiration time to signal that we do not have enough * information yet. */ c->next_expiration = CURL_OFF_T_MAX; @@ -1271,7 +1277,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, } data->state.cookie_engine = TRUE; } - c->running = TRUE; /* now, we're running */ + c->running = TRUE; /* now, we are running */ return c; } @@ -1367,7 +1373,7 @@ static struct Cookie *dup_cookie(struct Cookie *src) * should send to the server if used now. The secure boolean informs the cookie * if a secure connection is achieved or not. * - * It shall only return cookies that haven't expired. + * It shall only return cookies that have not expired. */ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, struct CookieInfo *c, @@ -1393,7 +1399,7 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, co = c->cookies[myhash]; while(co) { - /* if the cookie requires we're secure we must only continue if we are! */ + /* if the cookie requires we are secure we must only continue if we are! */ if(co->secure?secure:TRUE) { /* now check if the domain is correct */ @@ -1583,7 +1589,7 @@ static char *get_netscape_format(const struct Cookie *co) "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ - "%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */ + "%" FMT_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ co->httponly?"#HttpOnly_":"", @@ -1605,7 +1611,7 @@ static char *get_netscape_format(const struct Cookie *co) * cookie_output() * * Writes all internally known cookies to the specified file. Specify - * "-" as file name to write to stdout. + * "-" as filename to write to stdout. * * The function returns non-zero on write failure. */ diff --git a/vendor/hydra/vendor/curl/lib/cookie.h b/vendor/hydra/vendor/curl/lib/cookie.h index 012dd892..838d74d8 100644 --- a/vendor/hydra/vendor/curl/lib/cookie.h +++ b/vendor/hydra/vendor/curl/lib/cookie.h @@ -75,7 +75,7 @@ struct CookieInfo { /** Limits for INCOMING cookies **/ -/* The longest we allow a line to be when reading a cookie from a HTTP header +/* The longest we allow a line to be when reading a cookie from an HTTP header or from a cookie jar */ #define MAX_COOKIE_LINE 5000 diff --git a/vendor/hydra/vendor/curl/lib/curl_addrinfo.c b/vendor/hydra/vendor/curl/lib/curl_addrinfo.c index c32f24d0..44e10e9c 100644 --- a/vendor/hydra/vendor/curl/lib/curl_addrinfo.c +++ b/vendor/hydra/vendor/curl/lib/curl_addrinfo.c @@ -95,7 +95,7 @@ Curl_freeaddrinfo(struct Curl_addrinfo *cahead) * the only difference that instead of returning a linked list of * addrinfo structs this one returns a linked list of Curl_addrinfo * ones. The memory allocated by this function *MUST* be free'd with - * Curl_freeaddrinfo(). For each successful call to this function + * Curl_freeaddrinfo(). For each successful call to this function * there must be an associated call later to Curl_freeaddrinfo(). * * There should be no single call to system's getaddrinfo() in the @@ -221,7 +221,7 @@ Curl_getaddrinfo_ex(const char *nodename, * stack, but usable also for IPv4, all hosts and environments. * * The memory allocated by this function *MUST* be free'd later on calling - * Curl_freeaddrinfo(). For each successful call to this function there + * Curl_freeaddrinfo(). For each successful call to this function there * must be an associated call later to Curl_freeaddrinfo(). * * Curl_addrinfo defined in "lib/curl_addrinfo.h" @@ -317,7 +317,11 @@ Curl_he2ai(const struct hostent *he, int port) addr = (void *)ai->ai_addr; /* storage area for this info */ memcpy(&addr->sin_addr, curr, sizeof(struct in_addr)); +#ifdef __MINGW32__ + addr->sin_family = (short)(he->h_addrtype); +#else addr->sin_family = (CURL_SA_FAMILY_T)(he->h_addrtype); +#endif addr->sin_port = htons((unsigned short)port); break; @@ -326,7 +330,11 @@ Curl_he2ai(const struct hostent *he, int port) addr6 = (void *)ai->ai_addr; /* storage area for this info */ memcpy(&addr6->sin6_addr, curr, sizeof(struct in6_addr)); +#ifdef __MINGW32__ + addr6->sin6_family = (short)(he->h_addrtype); +#else addr6->sin6_family = (CURL_SA_FAMILY_T)(he->h_addrtype); +#endif addr6->sin6_port = htons((unsigned short)port); break; #endif @@ -359,7 +367,7 @@ struct namebuff { /* * Curl_ip2addr() * - * This function takes an internet address, in binary form, as input parameter + * This function takes an Internet address, in binary form, as input parameter * along with its address family and the string version of the address, and it * returns a Curl_addrinfo chain filled in correctly with information for the * given address/host @@ -511,7 +519,7 @@ struct Curl_addrinfo *Curl_unix2addr(const char *path, bool *longpath, * * This is strictly for memory tracing and are using the same style as the * family otherwise present in memdebug.c. I put these ones here since they - * require a bunch of structs I didn't want to include in memdebug.c + * require a bunch of structs I did not want to include in memdebug.c */ void @@ -535,7 +543,7 @@ curl_dbg_freeaddrinfo(struct addrinfo *freethis, * * This is strictly for memory tracing and are using the same style as the * family otherwise present in memdebug.c. I put these ones here since they - * require a bunch of structs I didn't want to include in memdebug.c + * require a bunch of structs I did not want to include in memdebug.c */ int @@ -563,7 +571,7 @@ curl_dbg_getaddrinfo(const char *hostname, #if defined(HAVE_GETADDRINFO) && defined(USE_RESOLVE_ON_IPS) /* - * Work-arounds the sin6_port is always zero bug on iOS 9.3.2 and Mac OS X + * Work-arounds the sin6_port is always zero bug on iOS 9.3.2 and macOS * 10.11.5. */ void Curl_addrinfo_set_port(struct Curl_addrinfo *addrinfo, int port) diff --git a/vendor/hydra/vendor/curl/lib/curl_addrinfo.h b/vendor/hydra/vendor/curl/lib/curl_addrinfo.h index c757c49c..9ceac997 100644 --- a/vendor/hydra/vendor/curl/lib/curl_addrinfo.h +++ b/vendor/hydra/vendor/curl/lib/curl_addrinfo.h @@ -44,9 +44,9 @@ /* * Curl_addrinfo is our internal struct definition that we use to allow - * consistent internal handling of this data. We use this even when the - * system provides an addrinfo structure definition. And we use this for - * all sorts of IPv4 and IPV6 builds. + * consistent internal handling of this data. We use this even when the system + * provides an addrinfo structure definition. We use this for all sorts of + * IPv4 and IPV6 builds. */ struct Curl_addrinfo { diff --git a/vendor/hydra/vendor/curl/lib/curl_des.c b/vendor/hydra/vendor/curl/lib/curl_des.c index f8d2b2cc..15836f58 100644 --- a/vendor/hydra/vendor/curl/lib/curl_des.c +++ b/vendor/hydra/vendor/curl/lib/curl_des.c @@ -24,10 +24,10 @@ #include "curl_setup.h" -#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ - (defined(USE_GNUTLS) || \ - defined(USE_SECTRANSP) || \ - defined(USE_OS400CRYPTO) || \ +#if defined(USE_CURL_NTLM_CORE) && \ + (defined(USE_GNUTLS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ defined(USE_WIN32_CRYPTO)) #include "curl_des.h" @@ -36,7 +36,7 @@ * Curl_des_set_odd_parity() * * This is used to apply odd parity to the given byte array. It is typically - * used by when a cryptography engine doesn't have its own version. + * used by when a cryptography engine does not have its own version. * * The function is a port of the Java based oddParity() function over at: * diff --git a/vendor/hydra/vendor/curl/lib/curl_des.h b/vendor/hydra/vendor/curl/lib/curl_des.h index 66525ab4..2dd498da 100644 --- a/vendor/hydra/vendor/curl/lib/curl_des.h +++ b/vendor/hydra/vendor/curl/lib/curl_des.h @@ -26,10 +26,10 @@ #include "curl_setup.h" -#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ - (defined(USE_GNUTLS) || \ - defined(USE_SECTRANSP) || \ - defined(USE_OS400CRYPTO) || \ +#if defined(USE_CURL_NTLM_CORE) && \ + (defined(USE_GNUTLS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ defined(USE_WIN32_CRYPTO)) /* Applies odd parity to the given byte array */ diff --git a/vendor/hydra/vendor/curl/lib/curl_endian.c b/vendor/hydra/vendor/curl/lib/curl_endian.c index 11c662a4..d982e312 100644 --- a/vendor/hydra/vendor/curl/lib/curl_endian.c +++ b/vendor/hydra/vendor/curl/lib/curl_endian.c @@ -30,7 +30,7 @@ * Curl_read16_le() * * This function converts a 16-bit integer from the little endian format, as - * used in the incoming package to whatever endian format we're using + * used in the incoming package to whatever endian format we are using * natively. * * Parameters: @@ -49,7 +49,7 @@ unsigned short Curl_read16_le(const unsigned char *buf) * Curl_read32_le() * * This function converts a 32-bit integer from the little endian format, as - * used in the incoming package to whatever endian format we're using + * used in the incoming package to whatever endian format we are using * natively. * * Parameters: @@ -68,7 +68,7 @@ unsigned int Curl_read32_le(const unsigned char *buf) * Curl_read16_be() * * This function converts a 16-bit integer from the big endian format, as - * used in the incoming package to whatever endian format we're using + * used in the incoming package to whatever endian format we are using * natively. * * Parameters: diff --git a/vendor/hydra/vendor/curl/lib/curl_fnmatch.c b/vendor/hydra/vendor/curl/lib/curl_fnmatch.c index 5f9ca4f1..ab848e8f 100644 --- a/vendor/hydra/vendor/curl/lib/curl_fnmatch.c +++ b/vendor/hydra/vendor/curl/lib/curl_fnmatch.c @@ -80,7 +80,7 @@ static int parsekeyword(unsigned char **pattern, unsigned char *charset) unsigned char *p = *pattern; bool found = FALSE; for(i = 0; !found; i++) { - char c = *p++; + char c = (char)*p++; if(i >= KEYLEN) return SETCHARSET_FAIL; switch(state) { diff --git a/vendor/hydra/vendor/curl/lib/curl_fnmatch.h b/vendor/hydra/vendor/curl/lib/curl_fnmatch.h index 595646ff..b8c2a435 100644 --- a/vendor/hydra/vendor/curl/lib/curl_fnmatch.h +++ b/vendor/hydra/vendor/curl/lib/curl_fnmatch.h @@ -31,7 +31,7 @@ /* default pattern matching function * ================================= * Implemented with recursive backtracking, if you want to use Curl_fnmatch, - * please note that there is not implemented UTF/UNICODE support. + * please note that there is not implemented UTF/Unicode support. * * Implemented features: * '?' notation, does not match UTF characters diff --git a/vendor/hydra/vendor/curl/lib/curl_gethostname.c b/vendor/hydra/vendor/curl/lib/curl_gethostname.c index bd9b220d..617a8ad5 100644 --- a/vendor/hydra/vendor/curl/lib/curl_gethostname.c +++ b/vendor/hydra/vendor/curl/lib/curl_gethostname.c @@ -28,26 +28,17 @@ /* * Curl_gethostname() is a wrapper around gethostname() which allows - * overriding the host name that the function would normally return. + * overriding the hostname that the function would normally return. * This capability is used by the test suite to verify exact matching * of NTLM authentication, which exercises libcurl's MD4 and DES code * as well as by the SMTP module when a hostname is not provided. * - * For libcurl debug enabled builds host name overriding takes place + * For libcurl debug enabled builds hostname overriding takes place * when environment variable CURL_GETHOSTNAME is set, using the value - * held by the variable to override returned host name. + * held by the variable to override returned hostname. * * Note: The function always returns the un-qualified hostname rather * than being provider dependent. - * - * For libcurl shared library release builds the test suite preloads - * another shared library named libhostname using the LD_PRELOAD - * mechanism which intercepts, and might override, the gethostname() - * function call. In this case a given platform must support the - * LD_PRELOAD mechanism and additionally have environment variable - * CURL_GETHOSTNAME set in order to override the returned host name. - * - * For libcurl static library release builds no overriding takes place. */ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) @@ -65,10 +56,13 @@ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) #ifdef DEBUGBUILD - /* Override host name when environment variable CURL_GETHOSTNAME is set */ + /* Override hostname when environment variable CURL_GETHOSTNAME is set */ const char *force_hostname = getenv("CURL_GETHOSTNAME"); if(force_hostname) { - strncpy(name, force_hostname, namelen - 1); + if(strlen(force_hostname) < (size_t)namelen) + strcpy(name, force_hostname); + else + return 1; /* can't do it */ err = 0; } else { @@ -78,9 +72,6 @@ int Curl_gethostname(char * const name, GETHOSTNAME_TYPE_ARG2 namelen) #else /* DEBUGBUILD */ - /* The call to system's gethostname() might get intercepted by the - libhostname library when libcurl is built as a non-debug shared - library when running the test suite. */ name[0] = '\0'; err = gethostname(name, namelen); diff --git a/vendor/hydra/vendor/curl/lib/curl_memrchr.c b/vendor/hydra/vendor/curl/lib/curl_memrchr.c index 3f3dc6de..c6d55f10 100644 --- a/vendor/hydra/vendor/curl/lib/curl_memrchr.c +++ b/vendor/hydra/vendor/curl/lib/curl_memrchr.c @@ -33,6 +33,9 @@ #include "memdebug.h" #ifndef HAVE_MEMRCHR +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) /* * Curl_memrchr() @@ -61,4 +64,5 @@ Curl_memrchr(const void *s, int c, size_t n) return NULL; } +#endif #endif /* HAVE_MEMRCHR */ diff --git a/vendor/hydra/vendor/curl/lib/curl_memrchr.h b/vendor/hydra/vendor/curl/lib/curl_memrchr.h index 45bb38c6..67a21ef3 100644 --- a/vendor/hydra/vendor/curl/lib/curl_memrchr.h +++ b/vendor/hydra/vendor/curl/lib/curl_memrchr.h @@ -34,11 +34,15 @@ #endif #else /* HAVE_MEMRCHR */ +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) void *Curl_memrchr(const void *s, int c, size_t n); #define memrchr(x,y,z) Curl_memrchr((x),(y),(z)) +#endif #endif /* HAVE_MEMRCHR */ #endif /* HEADER_CURL_MEMRCHR_H */ diff --git a/vendor/hydra/vendor/curl/lib/curl_multibyte.h b/vendor/hydra/vendor/curl/lib/curl_multibyte.h index 8b9ac719..dec384e2 100644 --- a/vendor/hydra/vendor/curl/lib/curl_multibyte.h +++ b/vendor/hydra/vendor/curl/lib/curl_multibyte.h @@ -39,19 +39,20 @@ char *curlx_convert_wchar_to_UTF8(const wchar_t *str_w); * Macros curlx_convert_UTF8_to_tchar(), curlx_convert_tchar_to_UTF8() * and curlx_unicodefree() main purpose is to minimize the number of * preprocessor conditional directives needed by code using these - * to differentiate UNICODE from non-UNICODE builds. + * to differentiate Unicode from non-Unicode builds. * - * In the case of a non-UNICODE build the tchar strings are char strings that + * In the case of a non-Unicode build the tchar strings are char strings that * are duplicated via strdup and remain in whatever the passed in encoding is, * which is assumed to be UTF-8 but may be other encoding. Therefore the - * significance of the conversion functions is primarily for UNICODE builds. + * significance of the conversion functions is primarily for Unicode builds. * * Allocated memory should be free'd with curlx_unicodefree(). * * Note: Because these are curlx functions their memory usage is not tracked - * by the curl memory tracker memdebug. You'll notice that curlx function-like - * macros call free and strdup in parentheses, eg (strdup)(ptr), and that's to - * ensure that the curl memdebug override macros do not replace them. + * by the curl memory tracker memdebug. you will notice that curlx + * function-like macros call free and strdup in parentheses, eg (strdup)(ptr), + * and that is to ensure that the curl memdebug override macros do not replace + * them. */ #if defined(UNICODE) && defined(_WIN32) diff --git a/vendor/hydra/vendor/curl/lib/curl_ntlm_core.c b/vendor/hydra/vendor/curl/lib/curl_ntlm_core.c index 6f6d75c0..eee33afe 100644 --- a/vendor/hydra/vendor/curl/lib/curl_ntlm_core.c +++ b/vendor/hydra/vendor/curl/lib/curl_ntlm_core.c @@ -57,9 +57,14 @@ #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) #define USE_OPENSSL_DES #endif +#elif defined(USE_WOLFSSL) + #include + #if !defined(NO_DES3) + #define USE_OPENSSL_DES + #endif #endif -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) #if defined(USE_OPENSSL) # include @@ -67,7 +72,6 @@ # include # include #else -# include # include # include # include @@ -110,7 +114,7 @@ #elif defined(USE_WIN32_CRYPTO) # include #else -# error "Can't compile NTLM support without a crypto library with DES." +# error "cannot compile NTLM support without a crypto library with DES." # define CURL_NTLM_NOT_SUPPORTED #endif @@ -137,20 +141,20 @@ */ static void extend_key_56_to_64(const unsigned char *key_56, char *key) { - key[0] = key_56[0]; - key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); - key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); - key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); - key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); - key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); - key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); - key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); + key[0] = (char)key_56[0]; + key[1] = (char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1)); + key[2] = (char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2)); + key[3] = (char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3)); + key[4] = (char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4)); + key[5] = (char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5)); + key[6] = (char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); + key[7] = (char) ((key_56[6] << 1) & 0xFF); } #endif -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) /* - * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The + * Turns a 56-bit key into a 64-bit, odd parity key and sets the key. The * key schedule ks is also set. */ static void setup_des_key(const unsigned char *key_56, @@ -158,7 +162,7 @@ static void setup_des_key(const unsigned char *key_56, { DES_cblock key; - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, (char *) &key); /* Set the key parity to odd */ @@ -175,7 +179,7 @@ static void setup_des_key(const unsigned char *key_56, { char key[8]; - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, key); /* Set the key parity to odd */ @@ -193,7 +197,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, mbedtls_des_context ctx; char key[8]; - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, key); /* Set the key parity to odd */ @@ -214,7 +218,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, size_t out_len; CCCryptorStatus err; - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, key); /* Set the key parity to odd */ @@ -240,7 +244,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, ctl.Func_ID = ENCRYPT_ONLY; ctl.Data_Len = sizeof(key); - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, ctl.Crypto_Key); /* Set the key parity to odd */ @@ -278,7 +282,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, blob.hdr.aiKeyAlg = CALG_DES; blob.len = sizeof(blob.key); - /* Expand the 56-bit key to 64-bits */ + /* Expand the 56-bit key to 64 bits */ extend_key_56_to_64(key_56, blob.key); /* Set the key parity to odd */ @@ -313,7 +317,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results) { -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); @@ -367,7 +371,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, { /* Create LanManager hashed password. */ -#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) DES_key_schedule ks; setup_des_key(pw, DESKEY(ks)); @@ -466,13 +470,13 @@ static void time2filetime(struct ms_filetime *ft, time_t t) unsigned int r, s; unsigned int i; - ft->dwLowDateTime = t & 0xFFFFFFFF; + ft->dwLowDateTime = (unsigned int)t & 0xFFFFFFFF; ft->dwHighDateTime = 0; # ifndef HAVE_TIME_T_UNSIGNED /* Extend sign if needed. */ if(ft->dwLowDateTime & 0x80000000) - ft->dwHighDateTime = ~0; + ft->dwHighDateTime = ~(unsigned int)0; # endif /* Bias seconds to Jan 1, 1601. @@ -534,13 +538,13 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen, /* * Curl_ntlm_core_mk_ntlmv2_resp() * - * This creates the NTLMv2 response as set in the ntlm type-3 message. + * This creates the NTLMv2 response as set in the NTLM type-3 message. * * Parameters: * - * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) + * ntlmv2hash [in] - The NTLMv2 hash (16 bytes) * challenge_client [in] - The client nonce (8 bytes) - * ntlm [in] - The ntlm data struct being used to read TargetInfo + * ntlm [in] - The NTLM data struct being used to read TargetInfo and Server challenge received in the type-2 message * ntresp [out] - The address where a pointer to newly allocated * memory holding the NTLMv2 response. @@ -629,11 +633,11 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash, /* * Curl_ntlm_core_mk_lmv2_resp() * - * This creates the LMv2 response as used in the ntlm type-3 message. + * This creates the LMv2 response as used in the NTLM type-3 message. * * Parameters: * - * ntlmv2hash [in] - The ntlmv2 hash (16 bytes) + * ntlmv2hash [in] - The NTLMv2 hash (16 bytes) * challenge_client [in] - The client nonce (8 bytes) * challenge_client [in] - The server challenge (8 bytes) * lmresp [out] - The LMv2 response (24 bytes) @@ -657,7 +661,7 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, if(result) return result; - /* Concatenate the HMAC MD5 output with the client nonce */ + /* Concatenate the HMAC MD5 output with the client nonce */ memcpy(lmresp, hmac_output, 16); memcpy(lmresp + 16, challenge_client, 8); diff --git a/vendor/hydra/vendor/curl/lib/curl_ntlm_core.h b/vendor/hydra/vendor/curl/lib/curl_ntlm_core.h index 0c62ee05..e2e4b1bd 100644 --- a/vendor/hydra/vendor/curl/lib/curl_ntlm_core.h +++ b/vendor/hydra/vendor/curl/lib/curl_ntlm_core.h @@ -28,13 +28,6 @@ #if defined(USE_CURL_NTLM_CORE) -#if defined(USE_OPENSSL) -# include -#elif defined(USE_WOLFSSL) -# include -# include -#endif - /* Helpers to generate function byte arguments in little endian order */ #define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)) #define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \ diff --git a/vendor/hydra/vendor/curl/lib/curl_printf.h b/vendor/hydra/vendor/curl/lib/curl_printf.h index c2457d2a..e851b14a 100644 --- a/vendor/hydra/vendor/curl/lib/curl_printf.h +++ b/vendor/hydra/vendor/curl/lib/curl_printf.h @@ -29,6 +29,10 @@ * *rintf() functions. */ +#ifndef CURL_TEMP_PRINTF +#error "CURL_TEMP_PRINTF must be set before including curl/mprintf.h" +#endif + #include #define MERR_OK 0 @@ -40,7 +44,6 @@ # undef msnprintf # undef vprintf # undef vfprintf -# undef vsnprintf # undef mvsnprintf # undef aprintf # undef vaprintf diff --git a/vendor/hydra/vendor/curl/lib/curl_range.c b/vendor/hydra/vendor/curl/lib/curl_range.c index d499953c..49fb5f07 100644 --- a/vendor/hydra/vendor/curl/lib/curl_range.c +++ b/vendor/hydra/vendor/curl/lib/curl_range.c @@ -55,15 +55,13 @@ CURLcode Curl_range(struct Curl_easy *data) if((to_t == CURL_OFFT_INVAL) && !from_t) { /* X - */ data->state.resume_from = from; - DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file", - from)); + DEBUGF(infof(data, "RANGE %" FMT_OFF_T " to end of file", from)); } else if((from_t == CURL_OFFT_INVAL) && !to_t) { /* -Y */ data->req.maxdownload = to; data->state.resume_from = -to; - DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes", - to)); + DEBUGF(infof(data, "RANGE the last %" FMT_OFF_T " bytes", to)); } else { /* X-Y */ @@ -79,13 +77,12 @@ CURLcode Curl_range(struct Curl_easy *data) data->req.maxdownload = totalsize + 1; /* include last byte */ data->state.resume_from = from; - DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T - " getting %" CURL_FORMAT_CURL_OFF_T " bytes", + DEBUGF(infof(data, "RANGE from %" FMT_OFF_T + " getting %" FMT_OFF_T " bytes", from, data->req.maxdownload)); } - DEBUGF(infof(data, "range-download from %" CURL_FORMAT_CURL_OFF_T - " to %" CURL_FORMAT_CURL_OFF_T ", totally %" - CURL_FORMAT_CURL_OFF_T " bytes", + DEBUGF(infof(data, "range-download from %" FMT_OFF_T + " to %" FMT_OFF_T ", totally %" FMT_OFF_T " bytes", from, to, data->req.maxdownload)); } else diff --git a/vendor/hydra/vendor/curl/lib/curl_rtmp.c b/vendor/hydra/vendor/curl/lib/curl_rtmp.c index 76eff787..49f59e3a 100644 --- a/vendor/hydra/vendor/curl/lib/curl_rtmp.c +++ b/vendor/hydra/vendor/curl/lib/curl_rtmp.c @@ -236,7 +236,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done) r->m_sb.sb_socket = (int)conn->sock[FIRSTSOCKET]; - /* We have to know if it's a write before we send the + /* We have to know if it is a write before we send the * connect request packet */ if(data->state.upload) @@ -273,10 +273,10 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done) if(data->state.upload) { Curl_pgrsSetUploadSize(data, data->state.infilesize); - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); } else - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); *done = TRUE; return CURLE_OK; } @@ -329,13 +329,14 @@ static ssize_t rtmp_recv(struct Curl_easy *data, int sockindex, char *buf, } static ssize_t rtmp_send(struct Curl_easy *data, int sockindex, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, CURLcode *err) { struct connectdata *conn = data->conn; RTMP *r = conn->proto.rtmp; ssize_t num; (void)sockindex; /* unused */ + (void)eos; /* unused */ num = RTMP_Write(r, (char *)buf, curlx_uztosi(len)); if(num < 0) diff --git a/vendor/hydra/vendor/curl/lib/curl_sasl.c b/vendor/hydra/vendor/curl/lib/curl_sasl.c index ba8911b7..24f8c8c5 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sasl.c +++ b/vendor/hydra/vendor/curl/lib/curl_sasl.c @@ -328,7 +328,7 @@ bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data) if(data->state.aptr.user) return TRUE; - /* EXTERNAL can authenticate without a user name and/or password */ + /* EXTERNAL can authenticate without a username and/or password */ if(sasl->authmechs & sasl->prefmech & SASL_MECH_EXTERNAL) return TRUE; diff --git a/vendor/hydra/vendor/curl/lib/curl_setup.h b/vendor/hydra/vendor/curl/lib/curl_setup.h index 6c05b875..930d02a1 100644 --- a/vendor/hydra/vendor/curl/lib/curl_setup.h +++ b/vendor/hydra/vendor/curl/lib/curl_setup.h @@ -28,6 +28,9 @@ #define CURL_NO_OLDIES #endif +/* Tell "curl/curl.h" not to include "curl/mprintf.h" */ +#define CURL_SKIP_INCLUDE_MPRINTF + /* FIXME: Delete this once the warnings have been fixed. */ #if !defined(CURL_WARN_SIGN_CONVERSION) #ifdef __GNUC__ @@ -40,6 +43,45 @@ #include <_mingw.h> #endif +/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0) + that started advertising the `availability` attribute, which then gets used + by Apple SDK, but, in a way incompatible with gcc, resulting in a misc + errors inside SDK headers, e.g.: + error: attributes should be specified before the declarator in a function + definition + error: expected ',' or '}' before + Followed by missing declarations. + Fix it by overriding the built-in feature-check macro used by the headers + to enable the problematic attributes. This makes the feature check fail. */ +#if defined(__APPLE__) && \ + !defined(__clang__) && \ + defined(__GNUC__) && __GNUC__ >= 12 && \ + defined(__has_attribute) +#define availability curl_pp_attribute_disabled +#endif + +#if defined(__APPLE__) +#include +#include +/* Fixup faulty target macro initialization in macOS SDK since v14.4 (as of + 15.0 beta). The SDK target detection in `TargetConditionals.h` correctly + detects macOS, but fails to set the macro's old name `TARGET_OS_OSX`, then + continues to set it to a default value of 0. Other parts of the SDK still + rely on the old name, and with this inconsistency our builds fail due to + missing declarations. It happens when using mainline llvm older than v18. + Later versions fixed it by predefining these target macros, avoiding the + faulty dynamic detection. gcc is not affected (for now) because it lacks + the necessary dynamic detection features, so the SDK falls back to + a codepath that sets both the old and new macro to 1. */ +#if defined(TARGET_OS_MAC) && TARGET_OS_MAC && \ + defined(TARGET_OS_OSX) && !TARGET_OS_OSX && \ + (!defined(TARGET_OS_IPHONE) || !TARGET_OS_IPHONE) && \ + (!defined(TARGET_OS_SIMULATOR) || !TARGET_OS_SIMULATOR) +#undef TARGET_OS_OSX +#define TARGET_OS_OSX TARGET_OS_MAC +#endif +#endif + /* * Disable Visual Studio warnings: * 4127 "conditional expression is constant" @@ -50,7 +92,7 @@ #ifdef _WIN32 /* - * Don't include unneeded stuff in Windows headers to avoid compiler + * Do not include unneeded stuff in Windows headers to avoid compiler * warnings and macro clashes. * Make sure to define this macro before including any Windows headers. */ @@ -280,7 +322,7 @@ /* curl uses its own printf() function internally. It understands the GNU * format. Use this format, so that is matches the GNU format attribute we - * use with the mingw compiler, allowing it to verify them at compile-time. + * use with the MinGW compiler, allowing it to verify them at compile-time. */ #ifdef __MINGW32__ # undef CURL_FORMAT_CURL_OFF_T @@ -306,13 +348,28 @@ #define CURL_PRINTF(fmt, arg) #endif +/* Override default printf mask check rules in "curl/mprintf.h" */ +#define CURL_TEMP_PRINTF CURL_PRINTF + +/* Workaround for mainline llvm v16 and earlier missing a built-in macro + expected by macOS SDK v14 / Xcode v15 (2023) and newer. + gcc (as of v14) is also missing it. */ +#if defined(__APPLE__) && \ + ((!defined(__apple_build_version__) && \ + defined(__clang__) && __clang_major__ < 17) || \ + (defined(__GNUC__) && __GNUC__ <= 14)) && \ + defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) && \ + !defined(__ENVIRONMENT_OS_VERSION_MIN_REQUIRED__) +#define __ENVIRONMENT_OS_VERSION_MIN_REQUIRED__ \ + __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ +#endif + /* * Use getaddrinfo to resolve the IPv4 address literal. If the current network - * interface doesn't support IPv4, but supports IPv6, NAT64, and DNS64, + * interface does not support IPv4, but supports IPv6, NAT64, and DNS64, * performing this task will result in a synthesized IPv6 address. */ #if defined(__APPLE__) && !defined(USE_ARES) -#include #define USE_RESOLVE_ON_IPS 1 # if TARGET_OS_MAC && !(defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE) && \ defined(USE_IPV6) @@ -393,7 +450,7 @@ #endif /* - * Large file (>2Gb) support using WIN32 functions. + * Large file (>2Gb) support using Win32 functions. */ #ifdef USE_WIN32_LARGE_FILES @@ -416,7 +473,7 @@ #endif /* - * Small file (<2Gb) support using WIN32 functions. + * Small file (<2Gb) support using Win32 functions. */ #ifdef USE_WIN32_SMALL_FILES @@ -447,7 +504,7 @@ #endif #ifndef SIZEOF_TIME_T -/* assume default size of time_t to be 32 bit */ +/* assume default size of time_t to be 32 bits */ #define SIZEOF_TIME_T 4 #endif @@ -462,15 +519,15 @@ #endif #if SIZEOF_CURL_SOCKET_T < 8 -# define CURL_FORMAT_SOCKET_T "d" +# define FMT_SOCKET_T "d" #elif defined(__MINGW32__) -# define CURL_FORMAT_SOCKET_T "zd" +# define FMT_SOCKET_T "zd" #else -# define CURL_FORMAT_SOCKET_T "qd" +# define FMT_SOCKET_T "qd" #endif /* - * Default sizeof(off_t) in case it hasn't been defined in config file. + * Default sizeof(off_t) in case it has not been defined in config file. */ #ifndef SIZEOF_OFF_T @@ -514,10 +571,13 @@ # endif # define CURL_UINT64_SUFFIX CURL_SUFFIX_CURL_OFF_TU # define CURL_UINT64_C(val) CURL_CONC_MACROS(val,CURL_UINT64_SUFFIX) -# define CURL_PRId64 CURL_FORMAT_CURL_OFF_T -# define CURL_PRIu64 CURL_FORMAT_CURL_OFF_TU +# define FMT_PRId64 CURL_FORMAT_CURL_OFF_T +# define FMT_PRIu64 CURL_FORMAT_CURL_OFF_TU #endif +#define FMT_OFF_T CURL_FORMAT_CURL_OFF_T +#define FMT_OFF_TU CURL_FORMAT_CURL_OFF_TU + #if (SIZEOF_TIME_T == 4) # ifdef HAVE_TIME_T_UNSIGNED # define TIME_T_MAX UINT_MAX @@ -537,7 +597,7 @@ #endif #ifndef SIZE_T_MAX -/* some limits.h headers have this defined, some don't */ +/* some limits.h headers have this defined, some do not */ #if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) #define SIZE_T_MAX 18446744073709551615U #else @@ -546,7 +606,7 @@ #endif #ifndef SSIZE_T_MAX -/* some limits.h headers have this defined, some don't */ +/* some limits.h headers have this defined, some do not */ #if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4) #define SSIZE_T_MAX 9223372036854775807 #else @@ -555,7 +615,7 @@ #endif /* - * Arg 2 type for gethostname in case it hasn't been defined in config file. + * Arg 2 type for gethostname in case it has not been defined in config file. */ #ifndef GETHOSTNAME_TYPE_ARG2 @@ -664,6 +724,11 @@ #define USE_SSL /* SSL support has been enabled */ #endif +#if defined(USE_WOLFSSL) && defined(USE_GNUTLS) +/* Avoid defining unprefixed wolfSSL SHA macros colliding with nettle ones */ +#define NO_OLD_WC_NAMES +#endif + /* Single point where USE_SPNEGO definition might be defined */ #if !defined(CURL_DISABLE_NEGOTIATE_AUTH) && \ (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) @@ -765,12 +830,12 @@ #if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H) # if defined(SOCKET) || defined(USE_WINSOCK) -# error "WinSock and lwIP TCP/IP stack definitions shall not coexist!" +# error "Winsock and lwIP TCP/IP stack definitions shall not coexist!" # endif #endif /* - * shutdown() flags for systems that don't define them + * shutdown() flags for systems that do not define them */ #ifndef SHUT_RD @@ -803,7 +868,7 @@ Therefore we specify it explicitly. https://github.com/curl/curl/pull/258 #define FOPEN_WRITETEXT "wt" #define FOPEN_APPENDTEXT "at" #elif defined(__CYGWIN__) -/* Cygwin has specific behavior we need to address when WIN32 is not defined. +/* Cygwin has specific behavior we need to address when _WIN32 is not defined. https://cygwin.com/cygwin-ug-net/using-textbinary.html For write we want our output to have line endings of LF and be compatible with other Cygwin utilities. For read we want to handle input that may have line @@ -818,7 +883,7 @@ endings either CRLF or LF so 't' is appropriate. #define FOPEN_APPENDTEXT "a" #endif -/* for systems that don't detect this in configure */ +/* for systems that do not detect this in configure */ #ifndef CURL_SA_FAMILY_T # if defined(HAVE_SA_FAMILY_T) # define CURL_SA_FAMILY_T sa_family_t @@ -847,7 +912,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result); #endif -#ifdef DEBUGBUILD +#ifdef UNITTESTS #define UNITTEST #else #define UNITTEST static diff --git a/vendor/hydra/vendor/curl/lib/curl_setup_once.h b/vendor/hydra/vendor/curl/lib/curl_setup_once.h index 40c7bcbf..1521e69f 100644 --- a/vendor/hydra/vendor/curl/lib/curl_setup_once.h +++ b/vendor/hydra/vendor/curl/lib/curl_setup_once.h @@ -106,7 +106,7 @@ #endif /* - * Definition of timeval struct for platforms that don't have it. + * Definition of timeval struct for platforms that do not have it. */ #ifndef HAVE_STRUCT_TIMEVAL @@ -130,7 +130,7 @@ struct timeval { #if defined(__minix) -/* Minix doesn't support recv on TCP sockets */ +/* Minix does not support recv on TCP sockets */ #define sread(x,y,z) (ssize_t)read((RECV_TYPE_ARG1)(x), \ (RECV_TYPE_ARG2)(y), \ (RECV_TYPE_ARG3)(z)) @@ -143,7 +143,7 @@ struct timeval { * * HAVE_RECV is defined if you have a function named recv() * which is used to read incoming data from sockets. If your - * function has another name then don't define HAVE_RECV. + * function has another name then do not define HAVE_RECV. * * If HAVE_RECV is defined then RECV_TYPE_ARG1, RECV_TYPE_ARG2, * RECV_TYPE_ARG3, RECV_TYPE_ARG4 and RECV_TYPE_RETV must also @@ -151,7 +151,7 @@ struct timeval { * * HAVE_SEND is defined if you have a function named send() * which is used to write outgoing data on a connected socket. - * If yours has another name then don't define HAVE_SEND. + * If yours has another name then do not define HAVE_SEND. * * If HAVE_SEND is defined then SEND_TYPE_ARG1, SEND_QUAL_ARG2, * SEND_TYPE_ARG2, SEND_TYPE_ARG3, SEND_TYPE_ARG4 and @@ -170,7 +170,7 @@ struct timeval { #if defined(__minix) -/* Minix doesn't support send on TCP sockets */ +/* Minix does not support send on TCP sockets */ #define swrite(x,y,z) (ssize_t)write((SEND_TYPE_ARG1)(x), \ (SEND_TYPE_ARG2)(y), \ (SEND_TYPE_ARG3)(z)) @@ -226,7 +226,7 @@ struct timeval { /* * 'bool' exists on platforms with , i.e. C99 platforms. - * On non-C99 platforms there's no bool, so define an enum for that. + * On non-C99 platforms there is no bool, so define an enum for that. * On C99 platforms 'false' and 'true' also exist. Enum uses a * global namespace though, so use bool_false and bool_true. */ @@ -238,7 +238,7 @@ struct timeval { } bool; /* - * Use a define to let 'true' and 'false' use those enums. There + * Use a define to let 'true' and 'false' use those enums. There * are currently no use of true and false in libcurl proper, but * there are some in the examples. This will cater for any later * code happening to use true and false. diff --git a/vendor/hydra/vendor/curl/lib/curl_sha256.h b/vendor/hydra/vendor/curl/lib/curl_sha256.h index d99f958f..c3cf00a2 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sha256.h +++ b/vendor/hydra/vendor/curl/lib/curl_sha256.h @@ -33,13 +33,8 @@ extern const struct HMAC_params Curl_HMAC_SHA256[1]; -#ifdef USE_WOLFSSL -/* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from - * sha.h */ -#include -#include -#else -#define SHA256_DIGEST_LENGTH 32 +#ifndef CURL_SHA256_DIGEST_LENGTH +#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #endif CURLcode Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, diff --git a/vendor/hydra/vendor/curl/lib/curl_sha512_256.c b/vendor/hydra/vendor/curl/lib/curl_sha512_256.c index 5f2e9951..576eda24 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sha512_256.c +++ b/vendor/hydra/vendor/curl/lib/curl_sha512_256.c @@ -37,7 +37,7 @@ * * SecureTransport (Darwin) * * mbedTLS * * BearSSL - * * rustls + * * Rustls * Skip the backend if it does not support the required algorithm */ #if defined(USE_OPENSSL) @@ -93,13 +93,13 @@ /** * Size of the SHA-512/256 single processing block in bytes. */ -#define SHA512_256_BLOCK_SIZE 128 +#define CURL_SHA512_256_BLOCK_SIZE 128 /** * Size of the SHA-512/256 resulting digest in bytes. * This is the final digest size, not intermediate hash. */ -#define SHA512_256_DIGEST_SIZE SHA512_256_DIGEST_LENGTH +#define CURL_SHA512_256_DIGEST_SIZE CURL_SHA512_256_DIGEST_LENGTH /** * Context type used for SHA-512/256 calculations @@ -124,9 +124,9 @@ Curl_sha512_256_init(void *context) if(EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL)) { /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(EVP_MD_CTX_size(*ctx) == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE); /* Check whether the block size is correct */ - DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == SHA512_256_BLOCK_SIZE); + DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == CURL_SHA512_256_BLOCK_SIZE); return CURLE_OK; /* Success */ } @@ -163,7 +163,8 @@ Curl_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return CURLE_OK if succeed, * error code otherwise */ @@ -177,11 +178,11 @@ Curl_sha512_256_finish(unsigned char *digest, #ifdef NEED_NETBSD_SHA512_256_WORKAROUND /* Use a larger buffer to work around a bug in NetBSD: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58039 */ - unsigned char tmp_digest[SHA512_256_DIGEST_SIZE * 2]; + unsigned char tmp_digest[CURL_SHA512_256_DIGEST_SIZE * 2]; ret = EVP_DigestFinal_ex(*ctx, tmp_digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER; if(ret == CURLE_OK) - memcpy(digest, tmp_digest, SHA512_256_DIGEST_SIZE); + memcpy(digest, tmp_digest, CURL_SHA512_256_DIGEST_SIZE); explicit_memset(tmp_digest, 0, sizeof(tmp_digest)); #else /* ! NEED_NETBSD_SHA512_256_WORKAROUND */ ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER; @@ -195,6 +196,9 @@ Curl_sha512_256_finish(unsigned char *digest, #elif defined(USE_GNUTLS_SHA512_256) +#define CURL_SHA512_256_BLOCK_SIZE SHA512_256_BLOCK_SIZE +#define CURL_SHA512_256_DIGEST_SIZE SHA512_256_DIGEST_SIZE + /** * Context type used for SHA-512/256 calculations */ @@ -212,7 +216,7 @@ Curl_sha512_256_init(void *context) Curl_sha512_256_ctx *const ctx = (Curl_sha512_256_ctx *)context; /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(SHA512_256_DIGEST_LENGTH == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(CURL_SHA512_256_DIGEST_LENGTH == CURL_SHA512_256_DIGEST_SIZE); sha512_256_init(ctx); @@ -247,7 +251,8 @@ Curl_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return always CURLE_OK */ static CURLcode @@ -256,7 +261,8 @@ Curl_sha512_256_finish(unsigned char *digest, { Curl_sha512_256_ctx *const ctx = (Curl_sha512_256_ctx *)context; - sha512_256_digest(ctx, (size_t)SHA512_256_DIGEST_SIZE, (uint8_t *)digest); + sha512_256_digest(ctx, + (size_t)CURL_SHA512_256_DIGEST_SIZE, (uint8_t *)digest); return CURLE_OK; } @@ -270,9 +276,9 @@ Curl_sha512_256_finish(unsigned char *digest, * ** written by Evgeny Grin (Karlson2k) for GNU libmicrohttpd. ** * * ** The author ported the code to libcurl. The ported code is provided ** * * ** under curl license. ** * - * ** This is a minimal version with minimal optimisations. Performance ** * + * ** This is a minimal version with minimal optimizations. Performance ** * * ** can be significantly improved. Big-endian store and load macros ** * - * ** are obvious targets for optimisation. ** */ + * ** are obvious targets for optimization. ** */ #ifdef __GNUC__ # if defined(__has_attribute) && defined(__STDC_VERSION__) @@ -328,7 +334,7 @@ MHDx_rotr64(curl_uint64_t value, unsigned int bits) bits %= 64; if(0 == bits) return value; - /* Defined in a form which modern compiler could optimise. */ + /* Defined in a form which modern compiler could optimize. */ return (value >> bits) | (value << (64 - bits)); } @@ -360,7 +366,7 @@ MHDx_rotr64(curl_uint64_t value, unsigned int bits) * Size of the SHA-512/256 resulting digest in bytes * This is the final digest size, not intermediate hash. */ -#define SHA512_256_DIGEST_SIZE \ +#define CURL_SHA512_256_DIGEST_SIZE \ (SHA512_256_DIGEST_SIZE_WORDS * SHA512_256_BYTES_IN_WORD) /** @@ -371,7 +377,7 @@ MHDx_rotr64(curl_uint64_t value, unsigned int bits) /** * Size of the SHA-512/256 single processing block in bytes. */ -#define SHA512_256_BLOCK_SIZE (SHA512_256_BLOCK_SIZE_BITS / 8) +#define CURL_SHA512_256_BLOCK_SIZE (SHA512_256_BLOCK_SIZE_BITS / 8) /** * Size of the SHA-512/256 single processing block in words. @@ -425,7 +431,7 @@ MHDx_sha512_256_init(void *context) struct mhdx_sha512_256ctx *const ctx = (struct mhdx_sha512_256ctx *) context; /* Check whether the header and this file use the same numbers */ - DEBUGASSERT(SHA512_256_DIGEST_LENGTH == SHA512_256_DIGEST_SIZE); + DEBUGASSERT(CURL_SHA512_256_DIGEST_LENGTH == CURL_SHA512_256_DIGEST_SIZE); DEBUGASSERT(sizeof(curl_uint64_t) == 8); @@ -453,7 +459,7 @@ MHDx_sha512_256_init(void *context) * Base of the SHA-512/256 transformation. * Gets a full 128 bytes block of data and updates hash values; * @param H hash values - * @param data the data buffer with #SHA512_256_BLOCK_SIZE bytes block + * @param data the data buffer with #CURL_SHA512_256_BLOCK_SIZE bytes block */ static void MHDx_sha512_256_transform(curl_uint64_t H[SHA512_256_HASH_SIZE_WORDS], @@ -474,10 +480,10 @@ MHDx_sha512_256_transform(curl_uint64_t H[SHA512_256_HASH_SIZE_WORDS], See FIPS PUB 180-4 section 5.2.2, 6.7, 6.4. */ curl_uint64_t W[16]; - /* 'Ch' and 'Maj' macro functions are defined with widely-used optimisation. + /* 'Ch' and 'Maj' macro functions are defined with widely-used optimization. See FIPS PUB 180-4 formulae 4.8, 4.9. */ -#define Ch(x,y,z) ( (z) ^ ((x) & ((y) ^ (z))) ) -#define Maj(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) ) +#define Sha512_Ch(x,y,z) ( (z) ^ ((x) & ((y) ^ (z))) ) +#define Sha512_Maj(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) ) /* Four 'Sigma' macro functions. See FIPS PUB 180-4 formulae 4.10, 4.11, 4.12, 4.13. */ @@ -547,9 +553,9 @@ MHDx_sha512_256_transform(curl_uint64_t H[SHA512_256_HASH_SIZE_WORDS], * Note: 'wt' must be used exactly one time in this macro as macro for 'wt' calculation may change other data as well every time when used. */ -#define SHA2STEP64(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \ - (vD) += ((vH) += SIG1 ((vE)) + Ch ((vE),(vF),(vG)) + (kt) + (wt)); \ - (vH) += SIG0 ((vA)) + Maj ((vA),(vB),(vC)); } while (0) +#define SHA2STEP64(vA,vB,vC,vD,vE,vF,vG,vH,kt,wt) do { \ + (vD) += ((vH) += SIG1((vE)) + Sha512_Ch((vE),(vF),(vG)) + (kt) + (wt)); \ + (vH) += SIG0((vA)) + Sha512_Maj((vA),(vB),(vC)); } while (0) /* One step of SHA-512/256 computation with working variables rotation, see FIPS PUB 180-4 section 6.4.2 step 3. This macro version reassigns @@ -636,9 +642,9 @@ MHDx_sha512_256_update(void *context, if(0 == length) return CURLE_OK; /* Shortcut, do nothing */ - /* Note: (count & (SHA512_256_BLOCK_SIZE-1)) - equals (count % SHA512_256_BLOCK_SIZE) for this block size. */ - bytes_have = (unsigned int) (ctx->count & (SHA512_256_BLOCK_SIZE - 1)); + /* Note: (count & (CURL_SHA512_256_BLOCK_SIZE-1)) + equals (count % CURL_SHA512_256_BLOCK_SIZE) for this block size. */ + bytes_have = (unsigned int) (ctx->count & (CURL_SHA512_256_BLOCK_SIZE - 1)); ctx->count += length; if(length > ctx->count) ctx->count_bits_hi += 1U << 3; /* Value wrap */ @@ -646,7 +652,7 @@ MHDx_sha512_256_update(void *context, ctx->count &= CURL_UINT64_C(0x1FFFFFFFFFFFFFFF); if(0 != bytes_have) { - unsigned int bytes_left = SHA512_256_BLOCK_SIZE - bytes_have; + unsigned int bytes_left = CURL_SHA512_256_BLOCK_SIZE - bytes_have; if(length >= bytes_left) { /* Combine new data with data in the buffer and process the full block. */ @@ -660,12 +666,12 @@ MHDx_sha512_256_update(void *context, } } - while(SHA512_256_BLOCK_SIZE <= length) { + while(CURL_SHA512_256_BLOCK_SIZE <= length) { /* Process any full blocks of new data directly, without copying to the buffer. */ MHDx_sha512_256_transform(ctx->H, data); - data += SHA512_256_BLOCK_SIZE; - length -= SHA512_256_BLOCK_SIZE; + data += CURL_SHA512_256_BLOCK_SIZE; + length -= CURL_SHA512_256_BLOCK_SIZE; } if(0 != length) { @@ -694,7 +700,8 @@ MHDx_sha512_256_update(void *context, * Finalise SHA-512/256 calculation, return digest. * * @param context the calculation context - * @param[out] digest set to the hash, must be #SHA512_256_DIGEST_SIZE bytes + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE + # bytes * @return always CURLE_OK */ static CURLcode @@ -712,9 +719,9 @@ MHDx_sha512_256_finish(unsigned char *digest, not change the amount of hashed data. */ num_bits = ctx->count << 3; - /* Note: (count & (SHA512_256_BLOCK_SIZE-1)) - equals (count % SHA512_256_BLOCK_SIZE) for this block size. */ - bytes_have = (unsigned int) (ctx->count & (SHA512_256_BLOCK_SIZE - 1)); + /* Note: (count & (CURL_SHA512_256_BLOCK_SIZE-1)) + equals (count % CURL_SHA512_256_BLOCK_SIZE) for this block size. */ + bytes_have = (unsigned int) (ctx->count & (CURL_SHA512_256_BLOCK_SIZE - 1)); /* Input data must be padded with a single bit "1", then with zeros and the finally the length of data in bits must be added as the final bytes @@ -728,12 +735,12 @@ MHDx_sha512_256_finish(unsigned char *digest, processed when formed). */ ((unsigned char *) ctx_buf)[bytes_have++] = 0x80U; - if(SHA512_256_BLOCK_SIZE - bytes_have < SHA512_256_SIZE_OF_LEN_ADD) { + if(CURL_SHA512_256_BLOCK_SIZE - bytes_have < SHA512_256_SIZE_OF_LEN_ADD) { /* No space in the current block to put the total length of message. Pad the current block with zeros and process it. */ - if(bytes_have < SHA512_256_BLOCK_SIZE) + if(bytes_have < CURL_SHA512_256_BLOCK_SIZE) memset(((unsigned char *) ctx_buf) + bytes_have, 0, - SHA512_256_BLOCK_SIZE - bytes_have); + CURL_SHA512_256_BLOCK_SIZE - bytes_have); /* Process the full block. */ MHDx_sha512_256_transform(ctx->H, ctx->buffer); /* Start the new block. */ @@ -742,17 +749,17 @@ MHDx_sha512_256_finish(unsigned char *digest, /* Pad the rest of the buffer with zeros. */ memset(((unsigned char *) ctx_buf) + bytes_have, 0, - SHA512_256_BLOCK_SIZE - SHA512_256_SIZE_OF_LEN_ADD - bytes_have); + CURL_SHA512_256_BLOCK_SIZE - SHA512_256_SIZE_OF_LEN_ADD - bytes_have); /* Put high part of number of bits in processed message and then lower part of number of bits as big-endian values. See FIPS PUB 180-4 section 5.1.2. */ /* Note: the target location is predefined and buffer is always aligned */ MHDX_PUT_64BIT_BE(((unsigned char *) ctx_buf) \ - + SHA512_256_BLOCK_SIZE \ + + CURL_SHA512_256_BLOCK_SIZE \ - SHA512_256_SIZE_OF_LEN_ADD, \ ctx->count_bits_hi); MHDX_PUT_64BIT_BE(((unsigned char *) ctx_buf) \ - + SHA512_256_BLOCK_SIZE \ + + CURL_SHA512_256_BLOCK_SIZE \ - SHA512_256_SIZE_OF_LEN_ADD \ + SHA512_256_BYTES_IN_WORD, \ num_bits); @@ -841,9 +848,9 @@ const struct HMAC_params Curl_HMAC_SHA512_256[] = { /* Context structure size. */ sizeof(Curl_sha512_256_ctx), /* Maximum key length (bytes). */ - SHA512_256_BLOCK_SIZE, + CURL_SHA512_256_BLOCK_SIZE, /* Result length (bytes). */ - SHA512_256_DIGEST_SIZE + CURL_SHA512_256_DIGEST_SIZE } }; diff --git a/vendor/hydra/vendor/curl/lib/curl_sha512_256.h b/vendor/hydra/vendor/curl/lib/curl_sha512_256.h index 30a9f140..a84e77bc 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sha512_256.h +++ b/vendor/hydra/vendor/curl/lib/curl_sha512_256.h @@ -33,7 +33,7 @@ extern const struct HMAC_params Curl_HMAC_SHA512_256[1]; -#define SHA512_256_DIGEST_LENGTH 32 +#define CURL_SHA512_256_DIGEST_LENGTH 32 CURLcode Curl_sha512_256it(unsigned char *output, const unsigned char *input, diff --git a/vendor/hydra/vendor/curl/lib/curl_sspi.c b/vendor/hydra/vendor/curl/lib/curl_sspi.c index eb21e7e2..680bb661 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sspi.c +++ b/vendor/hydra/vendor/curl/lib/curl_sspi.c @@ -52,10 +52,10 @@ typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID); #endif /* Handle of security.dll or secur32.dll, depending on Windows version */ -HMODULE s_hSecDll = NULL; +HMODULE Curl_hSecDll = NULL; /* Pointer to SSPI dispatch table */ -PSecurityFunctionTable s_pSecFn = NULL; +PSecurityFunctionTable Curl_pSecFn = NULL; /* * Curl_sspi_global_init() @@ -79,29 +79,29 @@ CURLcode Curl_sspi_global_init(void) INITSECURITYINTERFACE_FN pInitSecurityInterface; /* If security interface is not yet initialized try to do this */ - if(!s_hSecDll) { + if(!Curl_hSecDll) { /* Security Service Provider Interface (SSPI) functions are located in * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP * have both these DLLs (security.dll forwards calls to secur32.dll) */ /* Load SSPI dll into the address space of the calling process */ if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL)) - s_hSecDll = Curl_load_library(TEXT("security.dll")); + Curl_hSecDll = Curl_load_library(TEXT("security.dll")); else - s_hSecDll = Curl_load_library(TEXT("secur32.dll")); - if(!s_hSecDll) + Curl_hSecDll = Curl_load_library(TEXT("secur32.dll")); + if(!Curl_hSecDll) return CURLE_FAILED_INIT; /* Get address of the InitSecurityInterfaceA function from the SSPI dll */ pInitSecurityInterface = CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN, - (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT))); + (GetProcAddress(Curl_hSecDll, SECURITYENTRYPOINT))); if(!pInitSecurityInterface) return CURLE_FAILED_INIT; /* Get pointer to Security Service Provider Interface dispatch table */ - s_pSecFn = pInitSecurityInterface(); - if(!s_pSecFn) + Curl_pSecFn = pInitSecurityInterface(); + if(!Curl_pSecFn) return CURLE_FAILED_INIT; } @@ -119,10 +119,10 @@ CURLcode Curl_sspi_global_init(void) */ void Curl_sspi_global_cleanup(void) { - if(s_hSecDll) { - FreeLibrary(s_hSecDll); - s_hSecDll = NULL; - s_pSecFn = NULL; + if(Curl_hSecDll) { + FreeLibrary(Curl_hSecDll); + Curl_hSecDll = NULL; + Curl_pSecFn = NULL; } } @@ -134,7 +134,7 @@ void Curl_sspi_global_cleanup(void) * * Parameters: * - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * identity [in/out] - The identity structure. * diff --git a/vendor/hydra/vendor/curl/lib/curl_sspi.h b/vendor/hydra/vendor/curl/lib/curl_sspi.h index b26c3915..535a1ff6 100644 --- a/vendor/hydra/vendor/curl/lib/curl_sspi.h +++ b/vendor/hydra/vendor/curl/lib/curl_sspi.h @@ -57,8 +57,8 @@ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity); /* Forward-declaration of global variables defined in curl_sspi.c */ -extern HMODULE s_hSecDll; -extern PSecurityFunctionTable s_pSecFn; +extern HMODULE Curl_hSecDll; +extern PSecurityFunctionTable Curl_pSecFn; /* Provide some definitions missing in old headers */ #define SP_NAME_DIGEST "WDigest" diff --git a/vendor/hydra/vendor/curl/lib/curl_threads.c b/vendor/hydra/vendor/curl/lib/curl_threads.c index 93fa2daf..6d73273f 100644 --- a/vendor/hydra/vendor/curl/lib/curl_threads.c +++ b/vendor/hydra/vendor/curl/lib/curl_threads.c @@ -35,7 +35,9 @@ #endif #include "curl_threads.h" +#ifdef BUILDING_LIBCURL #include "curl_memory.h" +#endif /* The last #include file should be: */ #include "memdebug.h" @@ -100,18 +102,23 @@ int Curl_thread_join(curl_thread_t *hnd) #elif defined(USE_THREADS_WIN32) -/* !checksrc! disable SPACEBEFOREPAREN 1 */ -curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void *), +curl_thread_t Curl_thread_create( +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) + DWORD +#else + unsigned int +#endif + (CURL_STDCALL *func) (void *), void *arg) { -#ifdef _WIN32_WCE +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) typedef HANDLE curl_win_thread_handle_t; #else typedef uintptr_t curl_win_thread_handle_t; #endif curl_thread_t t; curl_win_thread_handle_t thread_handle; -#ifdef _WIN32_WCE +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) thread_handle = CreateThread(NULL, 0, func, arg, 0, NULL); #else thread_handle = _beginthreadex(NULL, 0, func, arg, 0, NULL); diff --git a/vendor/hydra/vendor/curl/lib/curl_threads.h b/vendor/hydra/vendor/curl/lib/curl_threads.h index 27a478d4..be22352d 100644 --- a/vendor/hydra/vendor/curl/lib/curl_threads.h +++ b/vendor/hydra/vendor/curl/lib/curl_threads.h @@ -52,8 +52,13 @@ #if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32) -/* !checksrc! disable SPACEBEFOREPAREN 1 */ -curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void *), +curl_thread_t Curl_thread_create( +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) + DWORD +#else + unsigned int +#endif + (CURL_STDCALL *func) (void *), void *arg); void Curl_thread_destroy(curl_thread_t hnd); diff --git a/vendor/hydra/vendor/curl/lib/curl_trc.c b/vendor/hydra/vendor/curl/lib/curl_trc.c index f017e21a..58512d74 100644 --- a/vendor/hydra/vendor/curl/lib/curl_trc.c +++ b/vendor/hydra/vendor/curl/lib/curl_trc.c @@ -53,6 +53,9 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif void Curl_debug(struct Curl_easy *data, curl_infotype type, char *ptr, size_t size) @@ -118,10 +121,16 @@ static void trc_infof(struct Curl_easy *data, struct curl_trc_feat *feat, const char * const fmt, va_list ap) { int len = 0; - char buffer[MAXINFO + 2]; + char buffer[MAXINFO + 5]; if(feat) - len = msnprintf(buffer, MAXINFO, "[%s] ", feat->name); - len += mvsnprintf(buffer + len, MAXINFO - len, fmt, ap); + len = msnprintf(buffer, (MAXINFO + 1), "[%s] ", feat->name); + len += mvsnprintf(buffer + len, (MAXINFO + 1) - len, fmt, ap); + if(len >= MAXINFO) { /* too long, shorten with '...' */ + --len; + buffer[len++] = '.'; + buffer[len++] = '.'; + buffer[len++] = '.'; + } buffer[len++] = '\n'; buffer[len] = '\0'; Curl_debug(data, CURLINFO_TEXT, buffer, len); @@ -212,58 +221,144 @@ void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) } #endif /* !CURL_DISABLE_FTP */ -static struct curl_trc_feat *trc_feats[] = { - &Curl_trc_feat_read, - &Curl_trc_feat_write, +#ifndef CURL_DISABLE_SMTP +struct curl_trc_feat Curl_trc_feat_smtp = { + "SMTP", + CURL_LOG_LVL_NONE, +}; + +void Curl_trc_smtp(struct Curl_easy *data, const char *fmt, ...) +{ + DEBUGASSERT(!strchr(fmt, '\n')); + if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_smtp)) { + va_list ap; + va_start(ap, fmt); + trc_infof(data, &Curl_trc_feat_smtp, fmt, ap); + va_end(ap); + } +} +#endif /* !CURL_DISABLE_SMTP */ + +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +struct curl_trc_feat Curl_trc_feat_ws = { + "WS", + CURL_LOG_LVL_NONE, +}; + +void Curl_trc_ws(struct Curl_easy *data, const char *fmt, ...) +{ + DEBUGASSERT(!strchr(fmt, '\n')); + if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ws)) { + va_list ap; + va_start(ap, fmt); + trc_infof(data, &Curl_trc_feat_ws, fmt, ap); + va_end(ap); + } +} +#endif /* USE_WEBSOCKETS && !CURL_DISABLE_HTTP */ + +#define TRC_CT_NONE (0) +#define TRC_CT_PROTOCOL (1<<(0)) +#define TRC_CT_NETWORK (1<<(1)) +#define TRC_CT_PROXY (1<<(2)) + +struct trc_feat_def { + struct curl_trc_feat *feat; + unsigned int category; +}; + +static struct trc_feat_def trc_feats[] = { + { &Curl_trc_feat_read, TRC_CT_NONE }, + { &Curl_trc_feat_write, TRC_CT_NONE }, #ifndef CURL_DISABLE_FTP - &Curl_trc_feat_ftp, + { &Curl_trc_feat_ftp, TRC_CT_PROTOCOL }, #endif #ifndef CURL_DISABLE_DOH - &Curl_doh_trc, + { &Curl_doh_trc, TRC_CT_NETWORK }, +#endif +#ifndef CURL_DISABLE_SMTP + { &Curl_trc_feat_smtp, TRC_CT_PROTOCOL }, #endif - NULL, +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) + { &Curl_trc_feat_ws, TRC_CT_PROTOCOL }, +#endif +}; + +struct trc_cft_def { + struct Curl_cftype *cft; + unsigned int category; }; -static struct Curl_cftype *cf_types[] = { - &Curl_cft_tcp, - &Curl_cft_udp, - &Curl_cft_unix, - &Curl_cft_tcp_accept, - &Curl_cft_happy_eyeballs, - &Curl_cft_setup, +static struct trc_cft_def trc_cfts[] = { + { &Curl_cft_tcp, TRC_CT_NETWORK }, + { &Curl_cft_udp, TRC_CT_NETWORK }, + { &Curl_cft_unix, TRC_CT_NETWORK }, + { &Curl_cft_tcp_accept, TRC_CT_NETWORK }, + { &Curl_cft_happy_eyeballs, TRC_CT_NETWORK }, + { &Curl_cft_setup, TRC_CT_PROTOCOL }, #ifdef USE_NGHTTP2 - &Curl_cft_nghttp2, + { &Curl_cft_nghttp2, TRC_CT_PROTOCOL }, #endif #ifdef USE_SSL - &Curl_cft_ssl, + { &Curl_cft_ssl, TRC_CT_NETWORK }, #ifndef CURL_DISABLE_PROXY - &Curl_cft_ssl_proxy, + { &Curl_cft_ssl_proxy, TRC_CT_PROXY }, #endif #endif #if !defined(CURL_DISABLE_PROXY) #if !defined(CURL_DISABLE_HTTP) - &Curl_cft_h1_proxy, + { &Curl_cft_h1_proxy, TRC_CT_PROXY }, #ifdef USE_NGHTTP2 - &Curl_cft_h2_proxy, + { &Curl_cft_h2_proxy, TRC_CT_PROXY }, #endif - &Curl_cft_http_proxy, + { &Curl_cft_http_proxy, TRC_CT_PROXY }, #endif /* !CURL_DISABLE_HTTP */ - &Curl_cft_haproxy, - &Curl_cft_socks_proxy, + { &Curl_cft_haproxy, TRC_CT_PROXY }, + { &Curl_cft_socks_proxy, TRC_CT_PROXY }, #endif /* !CURL_DISABLE_PROXY */ #ifdef USE_HTTP3 - &Curl_cft_http3, + { &Curl_cft_http3, TRC_CT_PROTOCOL }, #endif #if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) - &Curl_cft_http_connect, + { &Curl_cft_http_connect, TRC_CT_PROTOCOL }, #endif - NULL, }; -CURLcode Curl_trc_opt(const char *config) +static void trc_apply_level_by_name(const char * const token, int lvl) +{ + size_t i; + + for(i = 0; i < ARRAYSIZE(trc_cfts); ++i) { + if(strcasecompare(token, trc_cfts[i].cft->name)) { + trc_cfts[i].cft->log_level = lvl; + break; + } + } + for(i = 0; i < ARRAYSIZE(trc_feats); ++i) { + if(strcasecompare(token, trc_feats[i].feat->name)) { + trc_feats[i].feat->log_level = lvl; + break; + } + } +} + +static void trc_apply_level_by_category(int category, int lvl) { - char *token, *tok_buf, *tmp; size_t i; + + for(i = 0; i < ARRAYSIZE(trc_cfts); ++i) { + if(!category || (trc_cfts[i].category & category)) + trc_cfts[i].cft->log_level = lvl; + } + for(i = 0; i < ARRAYSIZE(trc_feats); ++i) { + if(!category || (trc_feats[i].category & category)) + trc_feats[i].feat->log_level = lvl; + } +} + +static CURLcode trc_opt(const char *config) +{ + char *token, *tok_buf, *tmp; int lvl; tmp = strdup(config); @@ -285,42 +380,46 @@ CURLcode Curl_trc_opt(const char *config) lvl = CURL_LOG_LVL_INFO; break; } - for(i = 0; cf_types[i]; ++i) { - if(strcasecompare(token, "all")) { - cf_types[i]->log_level = lvl; - } - else if(strcasecompare(token, cf_types[i]->name)) { - cf_types[i]->log_level = lvl; - break; - } - } - for(i = 0; trc_feats[i]; ++i) { - if(strcasecompare(token, "all")) { - trc_feats[i]->log_level = lvl; - } - else if(strcasecompare(token, trc_feats[i]->name)) { - trc_feats[i]->log_level = lvl; - break; - } - } + if(strcasecompare(token, "all")) + trc_apply_level_by_category(TRC_CT_NONE, lvl); + else if(strcasecompare(token, "protocol")) + trc_apply_level_by_category(TRC_CT_PROTOCOL, lvl); + else if(strcasecompare(token, "network")) + trc_apply_level_by_category(TRC_CT_NETWORK, lvl); + else if(strcasecompare(token, "proxy")) + trc_apply_level_by_category(TRC_CT_PROXY, lvl); + else + trc_apply_level_by_name(token, lvl); + token = strtok_r(NULL, ", ", &tok_buf); } free(tmp); return CURLE_OK; } -CURLcode Curl_trc_init(void) +CURLcode Curl_trc_opt(const char *config) { + CURLcode result = config? trc_opt(config) : CURLE_OK; #ifdef DEBUGBUILD - /* WIP: we use the auto-init from an env var only in DEBUG builds for - * convenience. */ - const char *config = getenv("CURL_DEBUG"); - if(config) { - return Curl_trc_opt(config); + /* CURL_DEBUG can override anything */ + if(!result) { + const char *dbg_config = getenv("CURL_DEBUG"); + if(dbg_config) + result = trc_opt(dbg_config); } #endif /* DEBUGBUILD */ + return result; +} + +CURLcode Curl_trc_init(void) +{ +#ifdef DEBUGBUILD + return Curl_trc_opt(NULL); +#else return CURLE_OK; +#endif } + #else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ CURLcode Curl_trc_init(void) diff --git a/vendor/hydra/vendor/curl/lib/curl_trc.h b/vendor/hydra/vendor/curl/lib/curl_trc.h index 3d380183..5f675b45 100644 --- a/vendor/hydra/vendor/curl/lib/curl_trc.h +++ b/vendor/hydra/vendor/curl/lib/curl_trc.h @@ -89,6 +89,16 @@ void Curl_failf(struct Curl_easy *data, do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ftp)) \ Curl_trc_ftp(data, __VA_ARGS__); } while(0) #endif /* !CURL_DISABLE_FTP */ +#ifndef CURL_DISABLE_SMTP +#define CURL_TRC_SMTP(data, ...) \ + do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_smtp)) \ + Curl_trc_smtp(data, __VA_ARGS__); } while(0) +#endif /* !CURL_DISABLE_SMTP */ +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#define CURL_TRC_WS(data, ...) \ + do { if(Curl_trc_ft_is_verbose(data, &Curl_trc_feat_ws)) \ + Curl_trc_ws(data, __VA_ARGS__); } while(0) +#endif /* USE_WEBSOCKETS && !CURL_DISABLE_HTTP */ #else /* CURL_HAVE_C99 */ @@ -100,6 +110,12 @@ void Curl_failf(struct Curl_easy *data, #ifndef CURL_DISABLE_FTP #define CURL_TRC_FTP Curl_trc_ftp #endif +#ifndef CURL_DISABLE_SMTP +#define CURL_TRC_SMTP Curl_trc_smtp +#endif +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +#define CURL_TRC_WS Curl_trc_ws +#endif #endif /* !CURL_HAVE_C99 */ @@ -148,6 +164,16 @@ extern struct curl_trc_feat Curl_trc_feat_ftp; void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) CURL_PRINTF(2, 3); #endif +#ifndef CURL_DISABLE_SMTP +extern struct curl_trc_feat Curl_trc_feat_smtp; +void Curl_trc_smtp(struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(2, 3); +#endif +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) +extern struct curl_trc_feat Curl_trc_feat_ws; +void Curl_trc_ws(struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(2, 3); +#endif #else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ @@ -194,6 +220,12 @@ static void Curl_trc_ftp(struct Curl_easy *data, const char *fmt, ...) (void)data; (void)fmt; } #endif +#ifndef CURL_DISABLE_SMTP +static void Curl_trc_smtp(struct Curl_easy *data, const char *fmt, ...) +{ + (void)data; (void)fmt; +} +#endif #endif /* !defined(CURL_DISABLE_VERBOSE_STRINGS) */ diff --git a/vendor/hydra/vendor/curl/lib/curlx.h b/vendor/hydra/vendor/curl/lib/curlx.h index 54e42795..0391d7cd 100644 --- a/vendor/hydra/vendor/curl/lib/curlx.h +++ b/vendor/hydra/vendor/curl/lib/curlx.h @@ -31,10 +31,8 @@ * be. */ -#include -/* this is still a public header file that provides the curl_mprintf() - functions while they still are offered publicly. They will be made library- - private one day */ +/* map standard printf functions to curl implementations */ +#include "curl_printf.h" #include "strcase.h" /* "strcase.h" provides the strcasecompare protos */ @@ -77,41 +75,4 @@ */ -#define curlx_mvsnprintf curl_mvsnprintf -#define curlx_msnprintf curl_msnprintf -#define curlx_maprintf curl_maprintf -#define curlx_mvaprintf curl_mvaprintf -#define curlx_msprintf curl_msprintf -#define curlx_mprintf curl_mprintf -#define curlx_mfprintf curl_mfprintf -#define curlx_mvsprintf curl_mvsprintf -#define curlx_mvprintf curl_mvprintf -#define curlx_mvfprintf curl_mvfprintf - -#ifdef ENABLE_CURLX_PRINTF -/* If this define is set, we define all "standard" printf() functions to use - the curlx_* version instead. It makes the source code transparent and - easier to understand/patch. Undefine them first. */ -# undef printf -# undef fprintf -# undef sprintf -# undef msnprintf -# undef vprintf -# undef vfprintf -# undef vsprintf -# undef mvsnprintf -# undef aprintf -# undef vaprintf - -# define printf curlx_mprintf -# define fprintf curlx_mfprintf -# define sprintf curlx_msprintf -# define msnprintf curlx_msnprintf -# define vprintf curlx_mvprintf -# define vfprintf curlx_mvfprintf -# define mvsnprintf curlx_mvsnprintf -# define aprintf curlx_maprintf -# define vaprintf curlx_mvaprintf -#endif /* ENABLE_CURLX_PRINTF */ - #endif /* HEADER_CURL_CURLX_H */ diff --git a/vendor/hydra/vendor/curl/lib/cw-out.c b/vendor/hydra/vendor/curl/lib/cw-out.c index 4e56c6a1..56ec4162 100644 --- a/vendor/hydra/vendor/curl/lib/cw-out.c +++ b/vendor/hydra/vendor/curl/lib/cw-out.c @@ -228,8 +228,8 @@ static CURLcode cw_out_ptr_flush(struct cw_out_ctx *ctx, if(CURL_WRITEFUNC_PAUSE == nwritten) { if(data->conn && data->conn->handler->flags & PROTOPT_NONETWORK) { /* Protocols that work without network cannot be paused. This is - actually only FILE:// just now, and it can't pause since the - transfer isn't done using the "normal" procedure. */ + actually only FILE:// just now, and it cannot pause since the + transfer is not done using the "normal" procedure. */ failf(data, "Write callback asked for PAUSE when not supported"); return CURLE_WRITE_ERROR; } diff --git a/vendor/hydra/vendor/curl/lib/dict.c b/vendor/hydra/vendor/curl/lib/dict.c index a26a28b7..7d9c18dc 100644 --- a/vendor/hydra/vendor/curl/lib/dict.c +++ b/vendor/hydra/vendor/curl/lib/dict.c @@ -146,7 +146,7 @@ static CURLcode sendf(struct Curl_easy *data, const char *fmt, ...) for(;;) { /* Write the buffer to the socket */ - result = Curl_xfer_send(data, sptr, write_len, &bytes_written); + result = Curl_xfer_send(data, sptr, write_len, FALSE, &bytes_written); if(result) break; @@ -241,7 +241,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) failf(data, "Failed sending DICT request"); goto error; } - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); /* no upload */ + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); /* no upload */ } else if(strncasecompare(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) || strncasecompare(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) || @@ -287,7 +287,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) failf(data, "Failed sending DICT request"); goto error; } - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); } else { @@ -309,7 +309,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) goto error; } - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); } } diff --git a/vendor/hydra/vendor/curl/lib/doh.c b/vendor/hydra/vendor/curl/lib/doh.c index 03317ae2..52b35745 100644 --- a/vendor/hydra/vendor/curl/lib/doh.c +++ b/vendor/hydra/vendor/curl/lib/doh.c @@ -46,7 +46,7 @@ #define DNS_CLASS_IN 0x01 -/* local_print_buf truncates if the hex string will be more than this */ +/* doh_print_buf truncates if the hex string will be more than this */ #define LOCAL_PB_HEXMAX 400 #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -82,32 +82,32 @@ struct curl_trc_feat Curl_doh_trc = { /* @unittest 1655 */ -UNITTEST DOHcode doh_encode(const char *host, - DNStype dnstype, - unsigned char *dnsp, /* buffer */ - size_t len, /* buffer size */ - size_t *olen) /* output length */ +UNITTEST DOHcode doh_req_encode(const char *host, + DNStype dnstype, + unsigned char *dnsp, /* buffer */ + size_t len, /* buffer size */ + size_t *olen) /* output length */ { const size_t hostlen = strlen(host); unsigned char *orig = dnsp; const char *hostp = host; /* The expected output length is 16 bytes more than the length of - * the QNAME-encoding of the host name. + * the QNAME-encoding of the hostname. * * A valid DNS name may not contain a zero-length label, except at - * the end. For this reason, a name beginning with a dot, or + * the end. For this reason, a name beginning with a dot, or * containing a sequence of two or more consecutive dots, is invalid * and cannot be encoded as a QNAME. * - * If the host name ends with a trailing dot, the corresponding - * QNAME-encoding is one byte longer than the host name. If (as is + * If the hostname ends with a trailing dot, the corresponding + * QNAME-encoding is one byte longer than the hostname. If (as is * also valid) the hostname is shortened by the omission of the * trailing dot, then its QNAME-encoding will be two bytes longer - * than the host name. + * than the hostname. * * Each [ label, dot ] pair is encoded as [ length, label ], - * preserving overall length. A final [ label ] without a dot is + * preserving overall length. A final [ label ] without a dot is * also encoded as [ length, label ], increasing overall length * by one. The encoding is completed by appending a zero byte, * representing the zero-length root label, again increasing @@ -191,10 +191,10 @@ doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp) return realsize; } -#if defined(USE_HTTPSRR) && defined(CURLDEBUG) -static void local_print_buf(struct Curl_easy *data, - const char *prefix, - unsigned char *buf, size_t len) +#if defined(USE_HTTPSRR) && defined(DEBUGBUILD) +static void doh_print_buf(struct Curl_easy *data, + const char *prefix, + unsigned char *buf, size_t len) { unsigned char hexstr[LOCAL_PB_HEXMAX]; size_t hlen = LOCAL_PB_HEXMAX; @@ -214,19 +214,26 @@ static void local_print_buf(struct Curl_easy *data, /* called from multi.c when this DoH transfer is complete */ static int doh_done(struct Curl_easy *doh, CURLcode result) { - struct Curl_easy *data = doh->set.dohfor; - struct dohdata *dohp = data->req.doh; - /* so one of the DoH request done for the 'data' transfer is now complete! */ - dohp->pending--; - infof(doh, "a DoH request is completed, %u to go", dohp->pending); - if(result) - infof(doh, "DoH request %s", curl_easy_strerror(result)); + struct Curl_easy *data; /* the transfer that asked for the DoH probe */ + + data = Curl_multi_get_handle(doh->multi, doh->set.dohfor_mid); + if(!data) { + DEBUGF(infof(doh, "doh_done: xfer for mid=%" FMT_OFF_T + " not found", doh->set.dohfor_mid)); + DEBUGASSERT(0); + } + else { + struct doh_probes *dohp = data->req.doh; + /* one of the DoH request done for the 'data' transfer is now complete! */ + dohp->pending--; + infof(doh, "a DoH request is completed, %u to go", dohp->pending); + if(result) + infof(doh, "DoH request %s", curl_easy_strerror(result)); - if(!dohp->pending) { - /* DoH completed */ - curl_slist_free_all(dohp->headers); - dohp->headers = NULL; - Curl_expire(data, 0, EXPIRE_RUN_NOW); + if(!dohp->pending) { + /* DoH completed, run the transfer picking up the results */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } } return 0; } @@ -240,24 +247,24 @@ do { \ goto error; \ } while(0) -static CURLcode dohprobe(struct Curl_easy *data, - struct dnsprobe *p, DNStype dnstype, - const char *host, - const char *url, CURLM *multi, - struct curl_slist *headers) +static CURLcode doh_run_probe(struct Curl_easy *data, + struct doh_probe *p, DNStype dnstype, + const char *host, + const char *url, CURLM *multi, + struct curl_slist *headers) { struct Curl_easy *doh = NULL; CURLcode result = CURLE_OK; timediff_t timeout_ms; - DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer), - &p->dohlen); + DOHcode d = doh_req_encode(host, dnstype, p->req_body, sizeof(p->req_body), + &p->req_body_len); if(d) { failf(data, "Failed to encode DoH packet [%d]", d); return CURLE_OUT_OF_MEMORY; } p->dnstype = dnstype; - Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE); + Curl_dyn_init(&p->resp_body, DYN_DOH_RESPONSE); timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms <= 0) { @@ -266,126 +273,126 @@ static CURLcode dohprobe(struct Curl_easy *data, } /* Curl_open() is the internal version of curl_easy_init() */ result = Curl_open(&doh); - if(!result) { - /* pass in the struct pointer via a local variable to please coverity and - the gcc typecheck helpers */ - struct dynbuf *resp = &p->serverdoh; - doh->state.internal = true; + if(result) + goto error; + + /* pass in the struct pointer via a local variable to please coverity and + the gcc typecheck helpers */ + doh->state.internal = true; #ifndef CURL_DISABLE_VERBOSE_STRINGS - doh->state.feat = &Curl_doh_trc; + doh->state.feat = &Curl_doh_trc; #endif - ERROR_CHECK_SETOPT(CURLOPT_URL, url); - ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); - ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); - ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp); - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); - ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); + ERROR_CHECK_SETOPT(CURLOPT_URL, url); + ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); + ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); + ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, &p->resp_body); + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->req_body); + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->req_body_len); + ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); #ifdef USE_HTTP2 - ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); - ERROR_CHECK_SETOPT(CURLOPT_PIPEWAIT, 1L); + ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); + ERROR_CHECK_SETOPT(CURLOPT_PIPEWAIT, 1L); #endif -#ifndef CURLDEBUG - /* enforce HTTPS if not debug */ - ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); +#ifndef DEBUGBUILD + /* enforce HTTPS if not debug */ + ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); #else - /* in debug mode, also allow http */ - ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS); + /* in debug mode, also allow http */ + ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS); #endif - ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms); - ERROR_CHECK_SETOPT(CURLOPT_SHARE, data->share); - if(data->set.err && data->set.err != stderr) - ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err); - if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) - ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L); - if(data->set.no_signal) - ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L); - - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST, - data->set.doh_verifyhost ? 2L : 0L); - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER, - data->set.doh_verifypeer ? 1L : 0L); - ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS, - data->set.doh_verifystatus ? 1L : 0L); - - /* Inherit *some* SSL options from the user's transfer. This is a - best-guess as to which options are needed for compatibility. #3661 - - Note DoH does not inherit the user's proxy server so proxy SSL settings - have no effect and are not inherited. If that changes then two new - options should be added to check doh proxy insecure separately, - CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER. - */ - if(data->set.ssl.falsestart) - ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L); - if(data->set.str[STRING_SSL_CAFILE]) { - ERROR_CHECK_SETOPT(CURLOPT_CAINFO, - data->set.str[STRING_SSL_CAFILE]); - } - if(data->set.blobs[BLOB_CAINFO]) { - ERROR_CHECK_SETOPT(CURLOPT_CAINFO_BLOB, - data->set.blobs[BLOB_CAINFO]); - } - if(data->set.str[STRING_SSL_CAPATH]) { - ERROR_CHECK_SETOPT(CURLOPT_CAPATH, - data->set.str[STRING_SSL_CAPATH]); - } - if(data->set.str[STRING_SSL_CRLFILE]) { - ERROR_CHECK_SETOPT(CURLOPT_CRLFILE, - data->set.str[STRING_SSL_CRLFILE]); - } - if(data->set.ssl.certinfo) - ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); - if(data->set.ssl.fsslctx) - ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); - if(data->set.ssl.fsslctxp) - ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp); - if(data->set.fdebug) - ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug); - if(data->set.debugdata) - ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata); - if(data->set.str[STRING_SSL_EC_CURVES]) { - ERROR_CHECK_SETOPT(CURLOPT_SSL_EC_CURVES, - data->set.str[STRING_SSL_EC_CURVES]); - } + ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms); + ERROR_CHECK_SETOPT(CURLOPT_SHARE, data->share); + if(data->set.err && data->set.err != stderr) + ERROR_CHECK_SETOPT(CURLOPT_STDERR, data->set.err); + if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) + ERROR_CHECK_SETOPT(CURLOPT_VERBOSE, 1L); + if(data->set.no_signal) + ERROR_CHECK_SETOPT(CURLOPT_NOSIGNAL, 1L); + + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYHOST, + data->set.doh_verifyhost ? 2L : 0L); + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYPEER, + data->set.doh_verifypeer ? 1L : 0L); + ERROR_CHECK_SETOPT(CURLOPT_SSL_VERIFYSTATUS, + data->set.doh_verifystatus ? 1L : 0L); + + /* Inherit *some* SSL options from the user's transfer. This is a + best-guess as to which options are needed for compatibility. #3661 + + Note DoH does not inherit the user's proxy server so proxy SSL settings + have no effect and are not inherited. If that changes then two new + options should be added to check doh proxy insecure separately, + CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER. + */ + if(data->set.ssl.falsestart) + ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L); + if(data->set.str[STRING_SSL_CAFILE]) { + ERROR_CHECK_SETOPT(CURLOPT_CAINFO, + data->set.str[STRING_SSL_CAFILE]); + } + if(data->set.blobs[BLOB_CAINFO]) { + ERROR_CHECK_SETOPT(CURLOPT_CAINFO_BLOB, + data->set.blobs[BLOB_CAINFO]); + } + if(data->set.str[STRING_SSL_CAPATH]) { + ERROR_CHECK_SETOPT(CURLOPT_CAPATH, + data->set.str[STRING_SSL_CAPATH]); + } + if(data->set.str[STRING_SSL_CRLFILE]) { + ERROR_CHECK_SETOPT(CURLOPT_CRLFILE, + data->set.str[STRING_SSL_CRLFILE]); + } + if(data->set.ssl.certinfo) + ERROR_CHECK_SETOPT(CURLOPT_CERTINFO, 1L); + if(data->set.ssl.fsslctx) + ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_FUNCTION, data->set.ssl.fsslctx); + if(data->set.ssl.fsslctxp) + ERROR_CHECK_SETOPT(CURLOPT_SSL_CTX_DATA, data->set.ssl.fsslctxp); + if(data->set.fdebug) + ERROR_CHECK_SETOPT(CURLOPT_DEBUGFUNCTION, data->set.fdebug); + if(data->set.debugdata) + ERROR_CHECK_SETOPT(CURLOPT_DEBUGDATA, data->set.debugdata); + if(data->set.str[STRING_SSL_EC_CURVES]) { + ERROR_CHECK_SETOPT(CURLOPT_SSL_EC_CURVES, + data->set.str[STRING_SSL_EC_CURVES]); + } - { - long mask = - (data->set.ssl.enable_beast ? - CURLSSLOPT_ALLOW_BEAST : 0) | - (data->set.ssl.no_revoke ? - CURLSSLOPT_NO_REVOKE : 0) | - (data->set.ssl.no_partialchain ? - CURLSSLOPT_NO_PARTIALCHAIN : 0) | - (data->set.ssl.revoke_best_effort ? - CURLSSLOPT_REVOKE_BEST_EFFORT : 0) | - (data->set.ssl.native_ca_store ? - CURLSSLOPT_NATIVE_CA : 0) | - (data->set.ssl.auto_client_cert ? - CURLSSLOPT_AUTO_CLIENT_CERT : 0); - - (void)curl_easy_setopt(doh, CURLOPT_SSL_OPTIONS, mask); - } + { + long mask = + (data->set.ssl.enable_beast ? + CURLSSLOPT_ALLOW_BEAST : 0) | + (data->set.ssl.no_revoke ? + CURLSSLOPT_NO_REVOKE : 0) | + (data->set.ssl.no_partialchain ? + CURLSSLOPT_NO_PARTIALCHAIN : 0) | + (data->set.ssl.revoke_best_effort ? + CURLSSLOPT_REVOKE_BEST_EFFORT : 0) | + (data->set.ssl.native_ca_store ? + CURLSSLOPT_NATIVE_CA : 0) | + (data->set.ssl.auto_client_cert ? + CURLSSLOPT_AUTO_CLIENT_CERT : 0); + + (void)curl_easy_setopt(doh, CURLOPT_SSL_OPTIONS, mask); + } - doh->set.fmultidone = doh_done; - doh->set.dohfor = data; /* identify for which transfer this is done */ - p->easy = doh; + doh->set.fmultidone = doh_done; + doh->set.dohfor_mid = data->mid; /* for which transfer this is done */ - /* DoH handles must not inherit private_data. The handles may be passed to - the user via callbacks and the user will be able to identify them as - internal handles because private data is not set. The user can then set - private_data via CURLOPT_PRIVATE if they so choose. */ - DEBUGASSERT(!doh->set.private_data); + /* DoH handles must not inherit private_data. The handles may be passed to + the user via callbacks and the user will be able to identify them as + internal handles because private data is not set. The user can then set + private_data via CURLOPT_PRIVATE if they so choose. */ + DEBUGASSERT(!doh->set.private_data); - if(curl_multi_add_handle(multi, doh)) - goto error; - } - else + if(curl_multi_add_handle(multi, doh)) goto error; + + p->easy_mid = doh->mid; return CURLE_OK; error: Curl_close(&doh); + p->easy_mid = -1; return result; } @@ -400,9 +407,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, int *waitp) { CURLcode result = CURLE_OK; - int slot; - struct dohdata *dohp; + struct doh_probes *dohp; struct connectdata *conn = data->conn; + size_t i; #ifdef USE_HTTPSRR /* for now, this is only used when ECH is enabled */ # ifdef USE_ECH @@ -417,23 +424,27 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, DEBUGASSERT(conn); /* start clean, consider allocating this struct on demand */ - dohp = data->req.doh = calloc(1, sizeof(struct dohdata)); + dohp = data->req.doh = calloc(1, sizeof(struct doh_probes)); if(!dohp) return NULL; + for(i = 0; i < DOH_SLOT_COUNT; ++i) { + dohp->probe[i].easy_mid = -1; + } + conn->bits.doh = TRUE; dohp->host = hostname; dohp->port = port; - dohp->headers = + dohp->req_hds = curl_slist_append(NULL, "Content-Type: application/dns-message"); - if(!dohp->headers) + if(!dohp->req_hds) goto error; /* create IPv4 DoH request */ - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V4], - DNS_TYPE_A, hostname, data->set.str[STRING_DOH], - data->multi, dohp->headers); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_IPV4], + DNS_TYPE_A, hostname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); if(result) goto error; dohp->pending++; @@ -441,9 +452,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, #ifdef USE_IPV6 if((conn->ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) { /* create IPv6 DoH request */ - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6], - DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH], - data->multi, dohp->headers); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_IPV6], + DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); if(result) goto error; dohp->pending++; @@ -455,9 +466,9 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, * TODO: Figure out the conditions under which we want to make * a request for an HTTPS RR when we are not doing ECH. For now, * making this request breaks a bunch of DoH tests, e.g. test2100, - * where the additional request doesn't match the pre-cooked data - * files, so there's a bit of work attached to making the request - * in a non-ECH use-case. For the present, we'll only make the + * where the additional request does not match the pre-cooked data + * files, so there is a bit of work attached to making the request + * in a non-ECH use-case. For the present, we will only make the * request when ECH is enabled in the build and is being used for * the curl operation. */ @@ -470,10 +481,10 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, qname = aprintf("_%d._https.%s", port, hostname); if(!qname) goto error; - result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_HTTPS], - DNS_TYPE_HTTPS, qname, data->set.str[STRING_DOH], - data->multi, dohp->headers); - free(qname); + result = doh_run_probe(data, &dohp->probe[DOH_SLOT_HTTPS_RR], + DNS_TYPE_HTTPS, qname, data->set.str[STRING_DOH], + data->multi, dohp->req_hds); + Curl_safefree(qname); if(result) goto error; dohp->pending++; @@ -484,18 +495,12 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, return NULL; error: - curl_slist_free_all(dohp->headers); - data->req.doh->headers = NULL; - for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { - (void)curl_multi_remove_handle(data->multi, dohp->probe[slot].easy); - Curl_close(&dohp->probe[slot].easy); - } - Curl_safefree(data->req.doh); + Curl_doh_cleanup(data); return NULL; } -static DOHcode skipqname(const unsigned char *doh, size_t dohlen, - unsigned int *indexp) +static DOHcode doh_skipqname(const unsigned char *doh, size_t dohlen, + unsigned int *indexp) { unsigned char length; do { @@ -518,12 +523,13 @@ static DOHcode skipqname(const unsigned char *doh, size_t dohlen, return DOH_OK; } -static unsigned short get16bit(const unsigned char *doh, int index) +static unsigned short doh_get16bit(const unsigned char *doh, + unsigned int index) { return (unsigned short)((doh[index] << 8) | doh[index + 1]); } -static unsigned int get32bit(const unsigned char *doh, int index) +static unsigned int doh_get32bit(const unsigned char *doh, unsigned int index) { /* make clang and gcc optimize this to bswap by incrementing the pointer first. */ @@ -531,12 +537,13 @@ static unsigned int get32bit(const unsigned char *doh, int index) /* avoid undefined behavior by casting to unsigned before shifting 24 bits, possibly into the sign bit. codegen is same, but - ub sanitizer won't be upset */ + ub sanitizer will not be upset */ return ((unsigned)doh[0] << 24) | ((unsigned)doh[1] << 16) | ((unsigned)doh[2] << 8) | doh[3]; } -static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d) +static void doh_store_a(const unsigned char *doh, int index, + struct dohentry *d) { /* silently ignore addresses over the limit */ if(d->numaddr < DOH_MAX_ADDR) { @@ -545,12 +552,10 @@ static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d) memcpy(&a->ip.v4, &doh[index], 4); d->numaddr++; } - return DOH_OK; } -static DOHcode store_aaaa(const unsigned char *doh, - int index, - struct dohentry *d) +static void doh_store_aaaa(const unsigned char *doh, int index, + struct dohentry *d) { /* silently ignore addresses over the limit */ if(d->numaddr < DOH_MAX_ADDR) { @@ -559,14 +564,11 @@ static DOHcode store_aaaa(const unsigned char *doh, memcpy(&a->ip.v6, &doh[index], 16); d->numaddr++; } - return DOH_OK; } #ifdef USE_HTTPSRR -static DOHcode store_https(const unsigned char *doh, - int index, - struct dohentry *d, - uint16_t len) +static DOHcode doh_store_https(const unsigned char *doh, int index, + struct dohentry *d, uint16_t len) { /* silently ignore RRs over the limit */ if(d->numhttps_rrs < DOH_MAX_HTTPS) { @@ -581,10 +583,8 @@ static DOHcode store_https(const unsigned char *doh, } #endif -static DOHcode store_cname(const unsigned char *doh, - size_t dohlen, - unsigned int index, - struct dohentry *d) +static DOHcode doh_store_cname(const unsigned char *doh, size_t dohlen, + unsigned int index, struct dohentry *d) { struct dynbuf *c; unsigned int loop = 128; /* a valid DNS name can never loop this much */ @@ -606,7 +606,7 @@ static DOHcode store_cname(const unsigned char *doh, /* move to the new index */ newpos = (length & 0x3f) << 8 | doh[index + 1]; - index = newpos; + index = (unsigned int)newpos; continue; } else if(length & 0xc0) @@ -633,12 +633,12 @@ static DOHcode store_cname(const unsigned char *doh, return DOH_OK; } -static DOHcode rdata(const unsigned char *doh, - size_t dohlen, - unsigned short rdlength, - unsigned short type, - int index, - struct dohentry *d) +static DOHcode doh_rdata(const unsigned char *doh, + size_t dohlen, + unsigned short rdlength, + unsigned short type, + int index, + struct dohentry *d) { /* RDATA - A (TYPE 1): 4 bytes @@ -651,26 +651,22 @@ static DOHcode rdata(const unsigned char *doh, case DNS_TYPE_A: if(rdlength != 4) return DOH_DNS_RDATA_LEN; - rc = store_a(doh, index, d); - if(rc) - return rc; + doh_store_a(doh, index, d); break; case DNS_TYPE_AAAA: if(rdlength != 16) return DOH_DNS_RDATA_LEN; - rc = store_aaaa(doh, index, d); - if(rc) - return rc; + doh_store_aaaa(doh, index, d); break; #ifdef USE_HTTPSRR case DNS_TYPE_HTTPS: - rc = store_https(doh, index, d, rdlength); + rc = doh_store_https(doh, index, d, rdlength); if(rc) return rc; break; #endif case DNS_TYPE_CNAME: - rc = store_cname(doh, dohlen, index, d); + rc = doh_store_cname(doh, dohlen, (unsigned int)index, d); if(rc) return rc; break; @@ -694,10 +690,10 @@ UNITTEST void de_init(struct dohentry *de) } -UNITTEST DOHcode doh_decode(const unsigned char *doh, - size_t dohlen, - DNStype dnstype, - struct dohentry *d) +UNITTEST DOHcode doh_resp_decode(const unsigned char *doh, + size_t dohlen, + DNStype dnstype, + struct dohentry *d) { unsigned char rcode; unsigned short qdcount; @@ -717,9 +713,9 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(rcode) return DOH_DNS_BAD_RCODE; /* bad rcode */ - qdcount = get16bit(doh, 4); + qdcount = doh_get16bit(doh, 4); while(qdcount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ if(dohlen < (index + 4)) @@ -728,19 +724,19 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, qdcount--; } - ancount = get16bit(doh, 6); + ancount = doh_get16bit(doh, 6); while(ancount) { unsigned short class; unsigned int ttl; - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - type = get16bit(doh, index); + type = doh_get16bit(doh, index); if((type != DNS_TYPE_CNAME) /* may be synthesized from DNAME */ && (type != DNS_TYPE_DNAME) /* if present, accept and ignore */ && (type != dnstype)) @@ -750,7 +746,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - class = get16bit(doh, index); + class = doh_get16bit(doh, index); if(DNS_CLASS_IN != class) return DOH_DNS_UNEXPECTED_CLASS; /* unsupported */ index += 2; @@ -758,7 +754,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 4)) return DOH_DNS_OUT_OF_RANGE; - ttl = get32bit(doh, index); + ttl = doh_get32bit(doh, index); if(ttl < d->ttl) d->ttl = ttl; index += 4; @@ -766,21 +762,21 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; - rc = rdata(doh, dohlen, rdlength, type, index, d); + rc = doh_rdata(doh, dohlen, rdlength, type, (int)index, d); if(rc) - return rc; /* bad rdata */ + return rc; /* bad doh_rdata */ index += rdlength; ancount--; } - nscount = get16bit(doh, 8); + nscount = doh_get16bit(doh, 8); while(nscount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ @@ -792,7 +788,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; @@ -800,9 +796,9 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, nscount--; } - arcount = get16bit(doh, 10); + arcount = doh_get16bit(doh, 10); while(arcount) { - rc = skipqname(doh, dohlen, &index); + rc = doh_skipqname(doh, dohlen, &index); if(rc) return rc; /* bad qname */ @@ -814,7 +810,7 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, if(dohlen < (index + 2)) return DOH_DNS_OUT_OF_RANGE; - rdlength = get16bit(doh, index); + rdlength = doh_get16bit(doh, index); index += 2; if(dohlen < (index + rdlength)) return DOH_DNS_OUT_OF_RANGE; @@ -837,8 +833,8 @@ UNITTEST DOHcode doh_decode(const unsigned char *doh, } #ifndef CURL_DISABLE_VERBOSE_STRINGS -static void showdoh(struct Curl_easy *data, - const struct dohentry *d) +static void doh_show(struct Curl_easy *data, + const struct dohentry *d) { int i; infof(data, "[DoH] TTL: %u seconds", d->ttl); @@ -870,9 +866,9 @@ static void showdoh(struct Curl_easy *data, } #ifdef USE_HTTPSRR for(i = 0; i < d->numhttps_rrs; i++) { -# ifdef CURLDEBUG - local_print_buf(data, "DoH HTTPS", - d->https_rrs[i].val, d->https_rrs[i].len); +# ifdef DEBUGBUILD + doh_print_buf(data, "DoH HTTPS", + d->https_rrs[i].val, d->https_rrs[i].len); # else infof(data, "DoH HTTPS RR: length %d", d->https_rrs[i].len); # endif @@ -883,7 +879,7 @@ static void showdoh(struct Curl_easy *data, } } #else -#define showdoh(x,y) +#define doh_show(x,y) #endif /* @@ -891,11 +887,11 @@ static void showdoh(struct Curl_easy *data, * * This function returns a pointer to the first element of a newly allocated * Curl_addrinfo struct linked list filled with the data from a set of DoH - * lookups. Curl_addrinfo is meant to work like the addrinfo struct does for + * lookups. Curl_addrinfo is meant to work like the addrinfo struct does for * a IPv6 stack, but usable also for IPv4, all hosts and environments. * * The memory allocated by this function *MUST* be free'd later on calling - * Curl_freeaddrinfo(). For each successful call to this function there + * Curl_freeaddrinfo(). For each successful call to this function there * must be an associated call later to Curl_freeaddrinfo(). */ @@ -923,7 +919,7 @@ static CURLcode doh2ai(const struct dohentry *de, const char *hostname, CURL_SA_FAMILY_T addrtype; if(de->addr[i].type == DNS_TYPE_AAAA) { #ifndef USE_IPV6 - /* we can't handle IPv6 addresses */ + /* we cannot handle IPv6 addresses */ continue; #else ss_size = sizeof(struct sockaddr_in6); @@ -967,7 +963,11 @@ static CURLcode doh2ai(const struct dohentry *de, const char *hostname, addr = (void *)ai->ai_addr; /* storage area for this info */ DEBUGASSERT(sizeof(struct in_addr) == sizeof(de->addr[i].ip.v4)); memcpy(&addr->sin_addr, &de->addr[i].ip.v4, sizeof(struct in_addr)); +#ifdef __MINGW32__ + addr->sin_family = (short)addrtype; +#else addr->sin_family = addrtype; +#endif addr->sin_port = htons((unsigned short)port); break; @@ -976,7 +976,11 @@ static CURLcode doh2ai(const struct dohentry *de, const char *hostname, addr6 = (void *)ai->ai_addr; /* storage area for this info */ DEBUGASSERT(sizeof(struct in6_addr) == sizeof(de->addr[i].ip.v6)); memcpy(&addr6->sin6_addr, &de->addr[i].ip.v6, sizeof(struct in6_addr)); +#ifdef __MINGW32__ + addr6->sin6_family = (short)addrtype; +#else addr6->sin6_family = addrtype; +#endif addr6->sin6_port = htons((unsigned short)port); break; #endif @@ -995,7 +999,7 @@ static CURLcode doh2ai(const struct dohentry *de, const char *hostname, } #ifndef CURL_DISABLE_VERBOSE_STRINGS -static const char *type2name(DNStype dnstype) +static const char *doh_type2name(DNStype dnstype) { switch(dnstype) { case DNS_TYPE_A: @@ -1020,7 +1024,7 @@ UNITTEST void de_cleanup(struct dohentry *d) } #ifdef USE_HTTPSRR for(i = 0; i < d->numhttps_rrs; i++) - free(d->https_rrs[i].val); + Curl_safefree(d->https_rrs[i].val); #endif } @@ -1038,10 +1042,10 @@ UNITTEST void de_cleanup(struct dohentry *d) * * The input buffer pointer will be modified so it points to * just after the end of the DNS name encoding on output. (And - * that's why it's an "unsigned char **" :-) + * that is why it is an "unsigned char **" :-) */ -static CURLcode local_decode_rdata_name(unsigned char **buf, size_t *remaining, - char **dnsname) +static CURLcode doh_decode_rdata_name(unsigned char **buf, size_t *remaining, + char **dnsname) { unsigned char *cp = NULL; int rem = 0; @@ -1087,8 +1091,8 @@ static CURLcode local_decode_rdata_name(unsigned char **buf, size_t *remaining, return CURLE_OK; } -static CURLcode local_decode_rdata_alpn(unsigned char *rrval, size_t len, - char **alpns) +static CURLcode doh_decode_rdata_alpn(unsigned char *rrval, size_t len, + char **alpns) { /* * spec here is as per draft-ietf-dnsop-svcb-https, section-7.1.1 @@ -1097,7 +1101,7 @@ static CURLcode local_decode_rdata_alpn(unsigned char *rrval, size_t len, * output is comma-sep list of the strings * implementations may or may not handle quoting of comma within * string values, so we might see a comma within the wire format - * version of a string, in which case we'll precede that by a + * version of a string, in which case we will precede that by a * backslash - same goes for a backslash character, and of course * we need to use two backslashes in strings when we mean one;-) */ @@ -1143,10 +1147,10 @@ static CURLcode local_decode_rdata_alpn(unsigned char *rrval, size_t len, return CURLE_BAD_CONTENT_ENCODING; } -#ifdef CURLDEBUG -static CURLcode test_alpn_escapes(void) +#ifdef DEBUGBUILD +static CURLcode doh_test_alpn_escapes(void) { - /* we'll use an example from draft-ietf-dnsop-svcb, figure 10 */ + /* we will use an example from draft-ietf-dnsop-svcb, figure 10 */ static unsigned char example[] = { 0x08, /* length 8 */ 0x66, 0x5c, 0x6f, 0x6f, 0x2c, 0x62, 0x61, 0x72, /* value "f\\oo,bar" */ @@ -1157,7 +1161,7 @@ static CURLcode test_alpn_escapes(void) char *aval = NULL; static const char *expected = "f\\\\oo\\,bar,h2"; - if(local_decode_rdata_alpn(example, example_len, &aval) != CURLE_OK) + if(doh_decode_rdata_alpn(example, example_len, &aval) != CURLE_OK) return CURLE_BAD_CONTENT_ENCODING; if(strlen(aval) != strlen(expected)) return CURLE_BAD_CONTENT_ENCODING; @@ -1167,7 +1171,7 @@ static CURLcode test_alpn_escapes(void) } #endif -static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, +static CURLcode doh_resp_decode_httpsrr(unsigned char *rrval, size_t len, struct Curl_https_rrinfo **hrr) { size_t remaining = len; @@ -1176,9 +1180,9 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, struct Curl_https_rrinfo *lhrr = NULL; char *dnsname = NULL; -#ifdef CURLDEBUG - /* a few tests of escaping, shouldn't be here but ok for now */ - if(test_alpn_escapes() != CURLE_OK) +#ifdef DEBUGBUILD + /* a few tests of escaping, should not be here but ok for now */ + if(doh_test_alpn_escapes() != CURLE_OK) return CURLE_OUT_OF_MEMORY; #endif lhrr = calloc(1, sizeof(struct Curl_https_rrinfo)); @@ -1193,7 +1197,7 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, lhrr->priority = (uint16_t)((cp[0] << 8) + cp[1]); cp += 2; remaining -= (uint16_t)2; - if(local_decode_rdata_name(&cp, &remaining, &dnsname) != CURLE_OK) + if(doh_decode_rdata_name(&cp, &remaining, &dnsname) != CURLE_OK) goto err; lhrr->target = dnsname; while(remaining >= 4) { @@ -1203,24 +1207,30 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, cp += 2; remaining -= 4; if(pcode == HTTPS_RR_CODE_ALPN) { - if(local_decode_rdata_alpn(cp, plen, &lhrr->alpns) != CURLE_OK) + if(doh_decode_rdata_alpn(cp, plen, &lhrr->alpns) != CURLE_OK) goto err; } if(pcode == HTTPS_RR_CODE_NO_DEF_ALPN) lhrr->no_def_alpn = TRUE; else if(pcode == HTTPS_RR_CODE_IPV4) { + if(!plen) + goto err; lhrr->ipv4hints = Curl_memdup(cp, plen); if(!lhrr->ipv4hints) goto err; lhrr->ipv4hints_len = (size_t)plen; } else if(pcode == HTTPS_RR_CODE_ECH) { + if(!plen) + goto err; lhrr->echconfiglist = Curl_memdup(cp, plen); if(!lhrr->echconfiglist) goto err; lhrr->echconfiglist_len = (size_t)plen; } else if(pcode == HTTPS_RR_CODE_IPV6) { + if(!plen) + goto err; lhrr->ipv6hints = Curl_memdup(cp, plen); if(!lhrr->ipv6hints) goto err; @@ -1236,17 +1246,18 @@ static CURLcode Curl_doh_decode_httpsrr(unsigned char *rrval, size_t len, return CURLE_OK; err: if(lhrr) { - free(lhrr->target); - free(lhrr->echconfiglist); - free(lhrr->val); - free(lhrr); + Curl_safefree(lhrr->target); + Curl_safefree(lhrr->echconfiglist); + Curl_safefree(lhrr->val); + Curl_safefree(lhrr->alpns); + Curl_safefree(lhrr); } return CURLE_OUT_OF_MEMORY; } -# ifdef CURLDEBUG -static void local_print_httpsrr(struct Curl_easy *data, - struct Curl_https_rrinfo *hrr) +# ifdef DEBUGBUILD +static void doh_print_httpsrr(struct Curl_easy *data, + struct Curl_https_rrinfo *hrr) { DEBUGASSERT(hrr); infof(data, "HTTPS RR: priority %d, target: %s", @@ -1260,20 +1271,20 @@ static void local_print_httpsrr(struct Curl_easy *data, else infof(data, "HTTPS RR: no_def_alpn not set"); if(hrr->ipv4hints) { - local_print_buf(data, "HTTPS RR: ipv4hints", - hrr->ipv4hints, hrr->ipv4hints_len); + doh_print_buf(data, "HTTPS RR: ipv4hints", + hrr->ipv4hints, hrr->ipv4hints_len); } else infof(data, "HTTPS RR: no ipv4hints"); if(hrr->echconfiglist) { - local_print_buf(data, "HTTPS RR: ECHConfigList", - hrr->echconfiglist, hrr->echconfiglist_len); + doh_print_buf(data, "HTTPS RR: ECHConfigList", + hrr->echconfiglist, hrr->echconfiglist_len); } else infof(data, "HTTPS RR: no ECHConfigList"); if(hrr->ipv6hints) { - local_print_buf(data, "HTTPS RR: ipv6hint", - hrr->ipv6hints, hrr->ipv6hints_len); + doh_print_buf(data, "HTTPS RR: ipv6hint", + hrr->ipv6hints, hrr->ipv6hints_len); } else infof(data, "HTTPS RR: no ipv6hints"); @@ -1286,63 +1297,53 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, struct Curl_dns_entry **dnsp) { CURLcode result; - struct dohdata *dohp = data->req.doh; + struct doh_probes *dohp = data->req.doh; *dnsp = NULL; /* defaults to no response */ if(!dohp) return CURLE_OUT_OF_MEMORY; - if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy && - !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) { + if(dohp->probe[DOH_SLOT_IPV4].easy_mid < 0 && + dohp->probe[DOH_SLOT_IPV6].easy_mid < 0) { failf(data, "Could not DoH-resolve: %s", data->state.async.hostname); return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY: CURLE_COULDNT_RESOLVE_HOST; } else if(!dohp->pending) { -#ifndef USE_HTTPSRR - DOHcode rc[DOH_PROBE_SLOTS] = { - DOH_OK, DOH_OK - }; -#else - DOHcode rc[DOH_PROBE_SLOTS] = { - DOH_OK, DOH_OK, DOH_OK - }; -#endif + DOHcode rc[DOH_SLOT_COUNT]; struct dohentry de; int slot; + + memset(rc, 0, sizeof(rc)); /* remove DoH handles from multi handle and close them */ - for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { - curl_multi_remove_handle(data->multi, dohp->probe[slot].easy); - Curl_close(&dohp->probe[slot].easy); - } + Curl_doh_close(data); /* parse the responses, create the struct and return it! */ de_init(&de); - for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { - struct dnsprobe *p = &dohp->probe[slot]; + for(slot = 0; slot < DOH_SLOT_COUNT; slot++) { + struct doh_probe *p = &dohp->probe[slot]; if(!p->dnstype) continue; - rc[slot] = doh_decode(Curl_dyn_uptr(&p->serverdoh), - Curl_dyn_len(&p->serverdoh), - p->dnstype, - &de); - Curl_dyn_free(&p->serverdoh); + rc[slot] = doh_resp_decode(Curl_dyn_uptr(&p->resp_body), + Curl_dyn_len(&p->resp_body), + p->dnstype, &de); + Curl_dyn_free(&p->resp_body); #ifndef CURL_DISABLE_VERBOSE_STRINGS if(rc[slot]) { infof(data, "DoH: %s type %s for %s", doh_strerror(rc[slot]), - type2name(p->dnstype), dohp->host); + doh_type2name(p->dnstype), dohp->host); } #endif } /* next slot */ result = CURLE_COULDNT_RESOLVE_HOST; /* until we know better */ - if(!rc[DOH_PROBE_SLOT_IPADDR_V4] || !rc[DOH_PROBE_SLOT_IPADDR_V6]) { + if(!rc[DOH_SLOT_IPV4] || !rc[DOH_SLOT_IPV6]) { /* we have an address, of one kind or other */ struct Curl_dns_entry *dns; struct Curl_addrinfo *ai; if(Curl_trc_ft_is_verbose(data, &Curl_doh_trc)) { - infof(data, "[DoH] Host name: %s", dohp->host); - showdoh(data, &de); + infof(data, "[DoH] hostname: %s", dohp->host); + doh_show(data, &de); } result = doh2ai(&de, dohp->host, dohp->port, &ai); @@ -1355,7 +1356,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* we got a response, store it in the cache */ - dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port); + dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -1375,15 +1376,15 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, #ifdef USE_HTTPSRR if(de.numhttps_rrs > 0 && result == CURLE_OK && *dnsp) { struct Curl_https_rrinfo *hrr = NULL; - result = Curl_doh_decode_httpsrr(de.https_rrs->val, de.https_rrs->len, + result = doh_resp_decode_httpsrr(de.https_rrs->val, de.https_rrs->len, &hrr); if(result) { infof(data, "Failed to decode HTTPS RR"); return result; } infof(data, "Some HTTPS RR to process"); -# ifdef CURLDEBUG - local_print_httpsrr(data, hrr); +# ifdef DEBUGBUILD + doh_print_httpsrr(data, hrr); # endif (*dnsp)->hinfo = hrr; } @@ -1391,7 +1392,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, /* All done */ de_cleanup(&de); - Curl_safefree(data->req.doh); + Curl_doh_cleanup(data); return result; } /* !dohp->pending */ @@ -1400,4 +1401,43 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, return CURLE_OK; } +void Curl_doh_close(struct Curl_easy *data) +{ + struct doh_probes *doh = data->req.doh; + if(doh && data->multi) { + struct Curl_easy *probe_data; + curl_off_t mid; + size_t slot; + for(slot = 0; slot < DOH_SLOT_COUNT; slot++) { + mid = doh->probe[slot].easy_mid; + if(mid < 0) + continue; + doh->probe[slot].easy_mid = -1; + /* should have been called before data is removed from multi handle */ + DEBUGASSERT(data->multi); + probe_data = data->multi? Curl_multi_get_handle(data->multi, mid) : NULL; + if(!probe_data) { + DEBUGF(infof(data, "Curl_doh_close: xfer for mid=%" + FMT_OFF_T " not found!", + doh->probe[slot].easy_mid)); + continue; + } + /* data->multi might already be reset at this time */ + curl_multi_remove_handle(data->multi, probe_data); + Curl_close(&probe_data); + } + } +} + +void Curl_doh_cleanup(struct Curl_easy *data) +{ + struct doh_probes *doh = data->req.doh; + if(doh) { + Curl_doh_close(data); + curl_slist_free_all(doh->req_hds); + data->req.doh->req_hds = NULL; + Curl_safefree(data->req.doh); + } +} + #endif /* CURL_DISABLE_DOH */ diff --git a/vendor/hydra/vendor/curl/lib/doh.h b/vendor/hydra/vendor/curl/lib/doh.h index bb881ecc..aae32a65 100644 --- a/vendor/hydra/vendor/curl/lib/doh.h +++ b/vendor/hydra/vendor/curl/lib/doh.h @@ -59,18 +59,39 @@ typedef enum { } DNStype; /* one of these for each DoH request */ -struct dnsprobe { - CURL *easy; +struct doh_probe { + curl_off_t easy_mid; /* multi id of easy handle doing the lookup */ DNStype dnstype; - unsigned char dohbuffer[512]; - size_t dohlen; - struct dynbuf serverdoh; + unsigned char req_body[512]; + size_t req_body_len; + struct dynbuf resp_body; }; -struct dohdata { - struct curl_slist *headers; - struct dnsprobe probe[DOH_PROBE_SLOTS]; - unsigned int pending; /* still outstanding requests */ +enum doh_slot_num { + /* Explicit values for first two symbols so as to match hard-coded + * constants in existing code + */ + DOH_SLOT_IPV4 = 0, /* make 'V4' stand out for readability */ + DOH_SLOT_IPV6 = 1, /* 'V6' likewise */ + + /* Space here for (possibly build-specific) additional slot definitions */ +#ifdef USE_HTTPSRR + DOH_SLOT_HTTPS_RR = 2, /* for HTTPS RR */ +#endif + + /* for example */ + /* #ifdef WANT_DOH_FOOBAR_TXT */ + /* DOH_PROBE_SLOT_FOOBAR_TXT, */ + /* #endif */ + + /* AFTER all slot definitions, establish how many we have */ + DOH_SLOT_COUNT +}; + +struct doh_probes { + struct curl_slist *req_hds; + struct doh_probe probe[DOH_SLOT_COUNT]; + unsigned int pending; /* still outstanding probes */ int port; const char *host; }; @@ -116,7 +137,7 @@ struct dohaddr { #define HTTPS_RR_CODE_IPV6 0x06 /* - * These may need escaping when found within an alpn string + * These may need escaping when found within an ALPN string * value. */ #define COMMA_CHAR ',' @@ -140,19 +161,22 @@ struct dohentry { #endif }; - -#ifdef DEBUGBUILD -DOHcode doh_encode(const char *host, - DNStype dnstype, - unsigned char *dnsp, /* buffer */ - size_t len, /* buffer size */ - size_t *olen); /* output length */ -DOHcode doh_decode(const unsigned char *doh, - size_t dohlen, - DNStype dnstype, - struct dohentry *d); -void de_init(struct dohentry *d); -void de_cleanup(struct dohentry *d); +void Curl_doh_close(struct Curl_easy *data); +void Curl_doh_cleanup(struct Curl_easy *data); + +#ifdef UNITTESTS +UNITTEST DOHcode doh_req_encode(const char *host, + DNStype dnstype, + unsigned char *dnsp, /* buffer */ + size_t len, /* buffer size */ + size_t *olen); /* output length */ +UNITTEST DOHcode doh_resp_decode(const unsigned char *doh, + size_t dohlen, + DNStype dnstype, + struct dohentry *d); + +UNITTEST void de_init(struct dohentry *d); +UNITTEST void de_cleanup(struct dohentry *d); #endif extern struct curl_trc_feat Curl_doh_trc; diff --git a/vendor/hydra/vendor/curl/lib/dynbuf.c b/vendor/hydra/vendor/curl/lib/dynbuf.c index 3b62eaf8..eab07efb 100644 --- a/vendor/hydra/vendor/curl/lib/dynbuf.c +++ b/vendor/hydra/vendor/curl/lib/dynbuf.c @@ -51,7 +51,7 @@ void Curl_dyn_init(struct dynbuf *s, size_t toobig) } /* - * free the buffer and re-init the necessary fields. It doesn't touch the + * free the buffer and re-init the necessary fields. It does not touch the * 'init' field and thus this buffer can be reused to add data to again. */ void Curl_dyn_free(struct dynbuf *s) @@ -71,7 +71,7 @@ static CURLcode dyn_nappend(struct dynbuf *s, size_t a = s->allc; size_t fit = len + indx + 1; /* new string + old string + zero byte */ - /* try to detect if there's rubbish in the struct */ + /* try to detect if there is rubbish in the struct */ DEBUGASSERT(s->init == DYNINIT); DEBUGASSERT(s->toobig); DEBUGASSERT(indx < s->toobig); diff --git a/vendor/hydra/vendor/curl/lib/dynhds.c b/vendor/hydra/vendor/curl/lib/dynhds.c index d7548959..9153838e 100644 --- a/vendor/hydra/vendor/curl/lib/dynhds.c +++ b/vendor/hydra/vendor/curl/lib/dynhds.c @@ -275,7 +275,7 @@ CURLcode Curl_dynhds_h1_cadd_line(struct dynhds *dynhds, const char *line) return Curl_dynhds_h1_add_line(dynhds, line, line? strlen(line) : 0); } -#ifdef DEBUGBUILD +#ifdef UNITTESTS /* used by unit2602.c */ bool Curl_dynhds_contains(struct dynhds *dynhds, diff --git a/vendor/hydra/vendor/curl/lib/dynhds.h b/vendor/hydra/vendor/curl/lib/dynhds.h index 3b536000..fb162a30 100644 --- a/vendor/hydra/vendor/curl/lib/dynhds.h +++ b/vendor/hydra/vendor/curl/lib/dynhds.h @@ -95,6 +95,9 @@ struct dynhds_entry *Curl_dynhds_get(struct dynhds *dynhds, const char *name, size_t namelen); struct dynhds_entry *Curl_dynhds_cget(struct dynhds *dynhds, const char *name); +#ifdef UNITTESTS +/* used by unit2602.c */ + /** * Return TRUE iff one or more headers with the given name exist. */ @@ -115,20 +118,6 @@ size_t Curl_dynhds_count_name(struct dynhds *dynhds, */ size_t Curl_dynhds_ccount_name(struct dynhds *dynhds, const char *name); -/** - * Add a header, name + value, to `dynhds` at the end. Does *not* - * check for duplicate names. - */ -CURLcode Curl_dynhds_add(struct dynhds *dynhds, - const char *name, size_t namelen, - const char *value, size_t valuelen); - -/** - * Add a header, c-string name + value, to `dynhds` at the end. - */ -CURLcode Curl_dynhds_cadd(struct dynhds *dynhds, - const char *name, const char *value); - /** * Remove all entries with the given name. * Returns number of entries removed. @@ -146,19 +135,34 @@ size_t Curl_dynhds_cremove(struct dynhds *dynhds, const char *name); CURLcode Curl_dynhds_set(struct dynhds *dynhds, const char *name, size_t namelen, const char *value, size_t valuelen); +#endif CURLcode Curl_dynhds_cset(struct dynhds *dynhds, const char *name, const char *value); /** - * Add a single header from a HTTP/1.1 formatted line at the end. Line + * Add a header, name + value, to `dynhds` at the end. Does *not* + * check for duplicate names. + */ +CURLcode Curl_dynhds_add(struct dynhds *dynhds, + const char *name, size_t namelen, + const char *value, size_t valuelen); + +/** + * Add a header, c-string name + value, to `dynhds` at the end. + */ +CURLcode Curl_dynhds_cadd(struct dynhds *dynhds, + const char *name, const char *value); + +/** + * Add a single header from an HTTP/1.1 formatted line at the end. Line * may contain a delimiting \r\n or just \n. Any characters after * that will be ignored. */ CURLcode Curl_dynhds_h1_cadd_line(struct dynhds *dynhds, const char *line); /** - * Add a single header from a HTTP/1.1 formatted line at the end. Line + * Add a single header from an HTTP/1.1 formatted line at the end. Line * may contain a delimiting \r\n or just \n. Any characters after * that will be ignored. */ diff --git a/vendor/hydra/vendor/curl/lib/easy.c b/vendor/hydra/vendor/curl/lib/easy.c index a04dbedd..261445ae 100644 --- a/vendor/hydra/vendor/curl/lib/easy.c +++ b/vendor/hydra/vendor/curl/lib/easy.c @@ -113,6 +113,7 @@ static curl_simple_lock s_lock = CURL_SIMPLE_LOCK_INIT; #endif #if defined(_MSC_VER) && defined(_DLL) +# pragma warning(push) # pragma warning(disable:4232) /* MSVC extension, dllimport identity */ #endif @@ -130,7 +131,7 @@ curl_wcsdup_callback Curl_cwcsdup = Curl_wcsdup; #endif #if defined(_MSC_VER) && defined(_DLL) -# pragma warning(default:4232) /* MSVC extension, dllimport identity */ +# pragma warning(pop) #endif #ifdef DEBUGBUILD @@ -242,7 +243,7 @@ CURLcode curl_global_init_mem(long flags, curl_malloc_callback m, global_init_lock(); if(initialized) { - /* Already initialized, don't do it again, but bump the variable anyway to + /* Already initialized, do not do it again, but bump the variable anyway to work like curl_global_init() and require the same amount of cleanup calls. */ initialized++; @@ -268,7 +269,8 @@ CURLcode curl_global_init_mem(long flags, curl_malloc_callback m, /** * curl_global_cleanup() globally cleanups curl, uses the value of - * "easy_init_flags" to determine what needs to be cleaned up and what doesn't. + * "easy_init_flags" to determine what needs to be cleaned up and what does + * not. */ void curl_global_cleanup(void) { @@ -374,7 +376,7 @@ struct Curl_easy *curl_easy_init(void) return data; } -#ifdef CURLDEBUG +#ifdef DEBUGBUILD struct socketmonitor { struct socketmonitor *next; /* the next node in the list or NULL */ @@ -389,25 +391,22 @@ struct events { int running_handles; /* store the returned number */ }; +#define DEBUG_EV_POLL 0 + /* events_timer * * Callback that gets called with a new value when the timeout should be * updated. */ - static int events_timer(struct Curl_multi *multi, /* multi handle */ long timeout_ms, /* see above */ void *userp) /* private callback pointer */ { struct events *ev = userp; (void)multi; - if(timeout_ms == -1) - /* timeout removed */ - timeout_ms = 0; - else if(timeout_ms == 0) - /* timeout is already reached! */ - timeout_ms = 1; /* trigger asap */ - +#if DEBUG_EV_POLL + fprintf(stderr, "events_timer: set timeout %ldms\n", timeout_ms); +#endif ev->ms = timeout_ms; ev->msbump = TRUE; return 0; @@ -461,6 +460,7 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ struct events *ev = userp; struct socketmonitor *m; struct socketmonitor *prev = NULL; + bool found = FALSE; #if defined(CURL_DISABLE_VERBOSE_STRINGS) (void) easy; @@ -470,7 +470,7 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ m = ev->list; while(m) { if(m->socket.fd == s) { - + found = TRUE; if(what == CURL_POLL_REMOVE) { struct socketmonitor *nxt = m->next; /* remove this node from the list of monitored sockets */ @@ -479,15 +479,13 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ else ev->list = nxt; free(m); - m = nxt; - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T - " REMOVED", s); + infof(easy, "socket cb: socket %" FMT_SOCKET_T " REMOVED", s); } else { /* The socket 's' is already being monitored, update the activity mask. Convert from libcurl bitmask to the poll one. */ m->socket.events = socketcb2poll(what); - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T + infof(easy, "socket cb: socket %" FMT_SOCKET_T " UPDATED as %s%s", s, (what&CURL_POLL_IN)?"IN":"", (what&CURL_POLL_OUT)?"OUT":""); @@ -497,12 +495,13 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ prev = m; m = m->next; /* move to next node */ } - if(!m) { + + if(!found) { if(what == CURL_POLL_REMOVE) { - /* this happens a bit too often, libcurl fix perhaps? */ - /* fprintf(stderr, - "%s: socket %d asked to be REMOVED but not present!\n", - __func__, s); */ + /* should not happen if our logic is correct, but is no drama. */ + DEBUGF(infof(easy, "socket cb: asked to REMOVE socket %" + FMT_SOCKET_T "but not present!", s)); + DEBUGASSERT(0); } else { m = malloc(sizeof(struct socketmonitor)); @@ -512,8 +511,7 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ m->socket.events = socketcb2poll(what); m->socket.revents = 0; ev->list = m; - infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T - " ADDED as %s%s", s, + infof(easy, "socket cb: socket %" FMT_SOCKET_T " ADDED as %s%s", s, (what&CURL_POLL_IN)?"IN":"", (what&CURL_POLL_OUT)?"OUT":""); } @@ -563,14 +561,15 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) int pollrc; int i; struct curltime before; - struct curltime after; /* populate the fds[] array */ for(m = ev->list, f = &fds[0]; m; m = m->next) { f->fd = m->socket.fd; f->events = m->socket.events; f->revents = 0; - /* fprintf(stderr, "poll() %d check socket %d\n", numfds, f->fd); */ +#if DEBUG_EV_POLL + fprintf(stderr, "poll() %d check socket %d\n", numfds, f->fd); +#endif f++; numfds++; } @@ -578,12 +577,27 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) /* get the time stamp to use to figure out how long poll takes */ before = Curl_now(); - /* wait for activity or timeout */ - pollrc = Curl_poll(fds, numfds, ev->ms); - if(pollrc < 0) - return CURLE_UNRECOVERABLE_POLL; - - after = Curl_now(); + if(numfds) { + /* wait for activity or timeout */ +#if DEBUG_EV_POLL + fprintf(stderr, "poll(numfds=%d, timeout=%ldms)\n", numfds, ev->ms); +#endif + pollrc = Curl_poll(fds, (unsigned int)numfds, ev->ms); +#if DEBUG_EV_POLL + fprintf(stderr, "poll(numfds=%d, timeout=%ldms) -> %d\n", + numfds, ev->ms, pollrc); +#endif + if(pollrc < 0) + return CURLE_UNRECOVERABLE_POLL; + } + else { +#if DEBUG_EV_POLL + fprintf(stderr, "poll, but no fds, wait timeout=%ldms\n", ev->ms); +#endif + pollrc = 0; + if(ev->ms > 0) + Curl_wait_ms(ev->ms); + } ev->msbump = FALSE; /* reset here */ @@ -596,26 +610,37 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) } else { /* here pollrc is > 0 */ + struct Curl_llist_node *e = Curl_llist_head(&multi->process); + struct Curl_easy *data; + DEBUGASSERT(e); + data = Curl_node_elem(e); + DEBUGASSERT(data); /* loop over the monitored sockets to see which ones had activity */ for(i = 0; i< numfds; i++) { if(fds[i].revents) { /* socket activity, tell libcurl */ int act = poll2cselect(fds[i].revents); /* convert */ - infof(multi->easyp, - "call curl_multi_socket_action(socket " - "%" CURL_FORMAT_SOCKET_T ")", fds[i].fd); + + /* sending infof "randomly" to the first easy handle */ + infof(data, "call curl_multi_socket_action(socket " + "%" FMT_SOCKET_T ")", (curl_socket_t)fds[i].fd); mcode = curl_multi_socket_action(multi, fds[i].fd, act, &ev->running_handles); } } - if(!ev->msbump) { + + if(!ev->msbump && ev->ms >= 0) { /* If nothing updated the timeout, we decrease it by the spent time. * If it was updated, it has the new timeout time stored already. */ - timediff_t timediff = Curl_timediff(after, before); + timediff_t timediff = Curl_timediff(Curl_now(), before); if(timediff > 0) { +#if DEBUG_EV_POLL + fprintf(stderr, "poll timeout %ldms not updated, decrease by " + "time spent %ldms\n", ev->ms, (long)timediff); +#endif if(timediff > ev->ms) ev->ms = 0; else @@ -627,7 +652,7 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) if(mcode) return CURLE_URL_MALFORMAT; - /* we don't really care about the "msgs_in_queue" value returned in the + /* we do not really care about the "msgs_in_queue" value returned in the second argument */ msg = curl_multi_info_read(multi, &pollrc); if(msg) { @@ -648,15 +673,15 @@ static CURLcode easy_events(struct Curl_multi *multi) { /* this struct is made static to allow it to be used after this function returns and curl_multi_remove_handle() is called */ - static struct events evs = {2, FALSE, 0, NULL, 0}; + static struct events evs = {-1, FALSE, 0, NULL, 0}; /* if running event-based, do some further multi inits */ events_setup(multi, &evs); return wait_or_timeout(multi, &evs); } -#else /* CURLDEBUG */ -/* when not built with debug, this function doesn't exist */ +#else /* DEBUGBUILD */ +/* when not built with debug, this function does not exist */ #define easy_events(x) CURLE_NOT_BUILT_IN #endif @@ -706,7 +731,7 @@ static CURLcode easy_transfer(struct Curl_multi *multi) * easy handle, destroys the multi handle and returns the easy handle's return * code. * - * REALITY: it can't just create and destroy the multi handle that easily. It + * REALITY: it cannot just create and destroy the multi handle that easily. It * needs to keep it around since if this easy handle is used again by this * function, the same multi handle must be reused so that the same pools and * caches can be used. @@ -763,12 +788,13 @@ static CURLcode easy_perform(struct Curl_easy *data, bool events) /* assign this after curl_multi_add_handle() */ data->multi_easy = multi; - sigpipe_ignore(data, &pipe_st); + sigpipe_init(&pipe_st); + sigpipe_apply(data, &pipe_st); /* run the transfer */ result = events ? easy_events(multi) : easy_transfer(multi); - /* ignoring the return code isn't nice, but atm we can't really handle + /* ignoring the return code is not nice, but atm we cannot really handle a failure here, room for future improvement! */ (void)curl_multi_remove_handle(multi, data); @@ -788,7 +814,7 @@ CURLcode curl_easy_perform(struct Curl_easy *data) return easy_perform(data, FALSE); } -#ifdef CURLDEBUG +#ifdef DEBUGBUILD /* * curl_easy_perform_ev() is the external interface that performs a blocking * transfer using the event-based API internally. @@ -912,8 +938,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER); - /* the connection cache is setup on demand */ - outcurl->state.conn_cache = NULL; + /* the connection pool is setup on demand */ outcurl->state.lastconnect_id = -1; outcurl->state.recent_conn_id = -1; outcurl->id = -1; @@ -1010,7 +1035,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) goto fail; } #endif /* USE_ARES */ - +#ifndef CURL_DISABLE_HTTP + Curl_llist_init(&outcurl->state.httphdrs, NULL); +#endif Curl_initinfo(outcurl); outcurl->magic = CURLEASY_MAGIC_NUMBER; @@ -1090,7 +1117,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) bool keep_changed, unpause_read, not_all_paused; if(!GOOD_EASY_HANDLE(data) || !data->conn) - /* crazy input, don't continue */ + /* crazy input, do not continue */ return CURLE_BAD_FUNCTION_ARGUMENT; if(Curl_is_in_callback(data)) @@ -1110,7 +1137,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) (data->mstate == MSTATE_PERFORMING || data->mstate == MSTATE_RATELIMITING)); /* Unpausing writes is detected on the next run in - * transfer.c:Curl_readwrite(). This is because this may result + * transfer.c:Curl_sendrecv(). This is because this may result * in a transfer error if the application's callbacks fail */ /* Set the new keepon state, so it takes effect no matter what error @@ -1142,6 +1169,11 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) goto out; } + if(!(k->keepon & KEEP_RECV_PAUSE) && Curl_cwriter_is_paused(data)) { + Curl_conn_ev_data_pause(data, FALSE); + result = Curl_cwriter_unpause(data); + } + out: if(!result && !data->state.done && keep_changed) /* This transfer may have been moved in or out of the bundle, update the @@ -1257,7 +1289,7 @@ CURLcode Curl_senddata(struct Curl_easy *data, const void *buffer, Curl_attach_connection(data, c); sigpipe_ignore(data, &pipe_st); - result = Curl_conn_send(data, FIRSTSOCKET, buffer, buflen, n); + result = Curl_conn_send(data, FIRSTSOCKET, buffer, buflen, FALSE, n); sigpipe_restore(&pipe_st); if(result && result != CURLE_AGAIN) @@ -1282,47 +1314,6 @@ CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer, return result; } -/* - * Wrapper to call functions in Curl_conncache_foreach() - * - * Returns always 0. - */ -static int conn_upkeep(struct Curl_easy *data, - struct connectdata *conn, - void *param) -{ - struct curltime *now = param; - - if(Curl_timediff(*now, conn->keepalive) <= data->set.upkeep_interval_ms) - return 0; - - /* briefly attach for action */ - Curl_attach_connection(data, conn); - if(conn->handler->connection_check) { - /* Do a protocol-specific keepalive check on the connection. */ - conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE); - } - else { - /* Do the generic action on the FIRSTSOCKET filter chain */ - Curl_conn_keep_alive(data, conn, FIRSTSOCKET); - } - Curl_detach_connection(data); - - conn->keepalive = *now; - return 0; /* continue iteration */ -} - -static CURLcode upkeep(struct conncache *conn_cache, void *data) -{ - struct curltime now = Curl_now(); - /* Loop over every connection and make connection alive. */ - Curl_conncache_foreach(data, - conn_cache, - &now, - conn_upkeep); - return CURLE_OK; -} - /* * Performs connection upkeep for the given session handle. */ @@ -1332,12 +1323,9 @@ CURLcode curl_easy_upkeep(struct Curl_easy *data) if(!GOOD_EASY_HANDLE(data)) return CURLE_BAD_FUNCTION_ARGUMENT; - if(data->multi_easy) { - /* Use the common function to keep connections alive. */ - return upkeep(&data->multi_easy->conn_cache, data); - } - else { - /* No connections, so just return success */ - return CURLE_OK; - } + if(Curl_is_in_callback(data)) + return CURLE_RECURSIVE_API_CALL; + + /* Use the common function to keep connections alive. */ + return Curl_cpool_upkeep(data); } diff --git a/vendor/hydra/vendor/curl/lib/easygetopt.c b/vendor/hydra/vendor/curl/lib/easygetopt.c index a0239a89..86833bf6 100644 --- a/vendor/hydra/vendor/curl/lib/easygetopt.c +++ b/vendor/hydra/vendor/curl/lib/easygetopt.c @@ -42,7 +42,7 @@ static struct curl_easyoption *lookup(const char *name, CURLoption id) } else { if((o->id == id) && !(o->flags & CURLOT_FLAG_ALIAS)) - /* don't match alias options */ + /* do not match alias options */ return o; } o++; diff --git a/vendor/hydra/vendor/curl/lib/easyif.h b/vendor/hydra/vendor/curl/lib/easyif.h index 6ce3483c..d77bb98f 100644 --- a/vendor/hydra/vendor/curl/lib/easyif.h +++ b/vendor/hydra/vendor/curl/lib/easyif.h @@ -34,7 +34,7 @@ CURLcode Curl_senddata(struct Curl_easy *data, const void *buffer, CURLcode Curl_connect_only_attach(struct Curl_easy *data); #endif -#ifdef CURLDEBUG +#ifdef DEBUGBUILD CURL_EXTERN CURLcode curl_easy_perform_ev(struct Curl_easy *easy); #endif diff --git a/vendor/hydra/vendor/curl/lib/easyoptions.c b/vendor/hydra/vendor/curl/lib/easyoptions.c index c79d1367..81091c40 100644 --- a/vendor/hydra/vendor/curl/lib/easyoptions.c +++ b/vendor/hydra/vendor/curl/lib/easyoptions.c @@ -328,6 +328,7 @@ struct curl_easyoption Curl_easyopts[] = { CURLOT_LONG, 0}, {"TCP_FASTOPEN", CURLOPT_TCP_FASTOPEN, CURLOT_LONG, 0}, {"TCP_KEEPALIVE", CURLOPT_TCP_KEEPALIVE, CURLOT_LONG, 0}, + {"TCP_KEEPCNT", CURLOPT_TCP_KEEPCNT, CURLOT_LONG, 0}, {"TCP_KEEPIDLE", CURLOPT_TCP_KEEPIDLE, CURLOT_LONG, 0}, {"TCP_KEEPINTVL", CURLOPT_TCP_KEEPINTVL, CURLOT_LONG, 0}, {"TCP_NODELAY", CURLOPT_TCP_NODELAY, CURLOT_LONG, 0}, @@ -376,6 +377,6 @@ struct curl_easyoption Curl_easyopts[] = { */ int Curl_easyopts_check(void) { - return ((CURLOPT_LASTENTRY%10000) != (325 + 1)); + return ((CURLOPT_LASTENTRY%10000) != (326 + 1)); } #endif diff --git a/vendor/hydra/vendor/curl/lib/escape.c b/vendor/hydra/vendor/curl/lib/escape.c index 5af00c35..9b6edb44 100644 --- a/vendor/hydra/vendor/curl/lib/escape.c +++ b/vendor/hydra/vendor/curl/lib/escape.c @@ -60,17 +60,18 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, struct dynbuf d; (void)data; - if(inlength < 0) + if(!string || (inlength < 0)) return NULL; - Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); - length = (inlength?(size_t)inlength:strlen(string)); if(!length) return strdup(""); + Curl_dyn_init(&d, length * 3 + 1); + while(length--) { - unsigned char in = *string++; /* treat the characters unsigned */ + /* treat the characters unsigned */ + unsigned char in = (unsigned char)*string++; if(ISUNRESERVED(in)) { /* append this */ @@ -137,7 +138,7 @@ CURLcode Curl_urldecode(const char *string, size_t length, *ostring = ns; while(alloc) { - unsigned char in = *string; + unsigned char in = (unsigned char)*string; if(('%' == in) && (alloc > 2) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { /* this is two hexadecimal digits following a '%' */ @@ -157,7 +158,7 @@ CURLcode Curl_urldecode(const char *string, size_t length, return CURLE_URL_MALFORMAT; } - *ns++ = in; + *ns++ = (char)in; } *ns = 0; /* terminate it */ @@ -180,7 +181,7 @@ char *curl_easy_unescape(struct Curl_easy *data, const char *string, { char *str = NULL; (void)data; - if(length >= 0) { + if(string && (length >= 0)) { size_t inputlen = (size_t)length; size_t outputlen; CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen, @@ -222,8 +223,8 @@ void Curl_hexencode(const unsigned char *src, size_t len, /* input length */ while(len-- && (olen >= 3)) { /* clang-tidy warns on this line without this comment: */ /* NOLINTNEXTLINE(clang-analyzer-core.UndefinedBinaryOperatorResult) */ - *out++ = hex[(*src & 0xF0)>>4]; - *out++ = hex[*src & 0x0F]; + *out++ = (unsigned char)hex[(*src & 0xF0)>>4]; + *out++ = (unsigned char)hex[*src & 0x0F]; ++src; olen -= 2; } diff --git a/vendor/hydra/vendor/curl/lib/file.c b/vendor/hydra/vendor/curl/lib/file.c index db860225..01af52e7 100644 --- a/vendor/hydra/vendor/curl/lib/file.c +++ b/vendor/hydra/vendor/curl/lib/file.c @@ -147,7 +147,7 @@ static CURLcode file_setup_connection(struct Curl_easy *data, /* * file_connect() gets called from Curl_protocol_connect() to allow us to - * do protocol-specific actions at connect-time. We emulate a + * do protocol-specific actions at connect-time. We emulate a * connect-then-transfer protocol and "connect" to the file here */ static CURLcode file_connect(struct Curl_easy *data, bool *done) @@ -177,18 +177,18 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) return result; #ifdef DOS_FILESYSTEM - /* If the first character is a slash, and there's + /* If the first character is a slash, and there is something that looks like a drive at the beginning of - the path, skip the slash. If we remove the initial + the path, skip the slash. If we remove the initial slash in all cases, paths without drive letters end up - relative to the current directory which isn't how + relative to the current directory which is not how browsers work. Some browsers accept | instead of : as the drive letter separator, so we do too. On other platforms, we need the slash to indicate an - absolute pathname. On Windows, absolute paths start + absolute pathname. On Windows, absolute paths start with a drive letter. */ actual_path = real_path; @@ -223,7 +223,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) * A leading slash in an AmigaDOS path denotes the parent * directory, and hence we block this as it is relative. * Absolute paths start with 'volumename:', so we check for - * this first. Failing that, we treat the path as a real unix + * this first. Failing that, we treat the path as a real Unix * path, but only if the application was compiled with -lunix. */ fd = -1; @@ -308,7 +308,7 @@ static CURLcode file_upload(struct Curl_easy *data) bool eos = FALSE; /* - * Since FILE: doesn't do the full init, we need to provide some extra + * Since FILE: does not do the full init, we need to provide some extra * assignments here. */ @@ -331,7 +331,7 @@ static CURLcode file_upload(struct Curl_easy *data) fd = open(file->path, mode, data->set.new_file_perms); if(fd < 0) { - failf(data, "Can't open %s for writing", file->path); + failf(data, "cannot open %s for writing", file->path); return CURLE_WRITE_ERROR; } @@ -343,7 +343,7 @@ static CURLcode file_upload(struct Curl_easy *data) if(data->state.resume_from < 0) { if(fstat(fd, &file_stat)) { close(fd); - failf(data, "Can't get the size of %s", file->path); + failf(data, "cannot get the size of %s", file->path); return CURLE_WRITE_ERROR; } data->state.resume_from = (curl_off_t)file_stat.st_size; @@ -413,13 +413,13 @@ static CURLcode file_upload(struct Curl_easy *data) * file_do() is the protocol-specific function for the do-phase, separated * from the connect-phase above. Other protocols merely setup the transfer in * the do-phase, to have it done in the main transfer loop but since some - * platforms we support don't allow select()ing etc on file handles (as + * platforms we support do not allow select()ing etc on file handles (as * opposed to sockets) we instead perform the whole do-operation in this * function. */ static CURLcode file_do(struct Curl_easy *data, bool *done) { - /* This implementation ignores the host name in conformance with + /* This implementation ignores the hostname in conformance with RFC 1738. Only local files (reachable via the standard file system) are supported. This means that files on remotely mounted directories (via NFS, Samba, NT sharing) can be accessed through a file:// URL @@ -465,17 +465,17 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) const struct tm *tm = &buffer; char header[80]; int headerlen; - char accept_ranges[24]= { "Accept-ranges: bytes\r\n" }; + static const char accept_ranges[]= { "Accept-ranges: bytes\r\n" }; if(expected_size >= 0) { - headerlen = msnprintf(header, sizeof(header), - "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", - expected_size); + headerlen = + msnprintf(header, sizeof(header), "Content-Length: %" FMT_OFF_T "\r\n", + expected_size); result = Curl_client_write(data, CLIENTWRITE_HEADER, header, headerlen); if(result) return result; result = Curl_client_write(data, CLIENTWRITE_HEADER, - accept_ranges, strlen(accept_ranges)); + accept_ranges, sizeof(accept_ranges) - 1); if(result != CURLE_OK) return result; } @@ -486,23 +486,26 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) return result; /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */ - headerlen = msnprintf(header, sizeof(header), - "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n%s", - Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], - tm->tm_mday, - Curl_month[tm->tm_mon], - tm->tm_year + 1900, - tm->tm_hour, - tm->tm_min, - tm->tm_sec, - data->req.no_body ? "": "\r\n"); + headerlen = + msnprintf(header, sizeof(header), + "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n", + Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], + tm->tm_mday, + Curl_month[tm->tm_mon], + tm->tm_year + 1900, + tm->tm_hour, + tm->tm_min, + tm->tm_sec); result = Curl_client_write(data, CLIENTWRITE_HEADER, header, headerlen); + if(!result) + /* end of headers */ + result = Curl_client_write(data, CLIENTWRITE_HEADER, "\r\n", 2); if(result) return result; /* set the file size to make it available post transfer */ Curl_pgrsSetDownloadSize(data, expected_size); if(data->req.no_body) - return result; + return CURLE_OK; } /* Check whether file range has been specified */ @@ -514,7 +517,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) * of the stream if the filesize could be determined */ if(data->state.resume_from < 0) { if(!fstated) { - failf(data, "Can't get the size of file."); + failf(data, "cannot get the size of file."); return CURLE_READ_ERROR; } data->state.resume_from += (curl_off_t)statbuf.st_size; @@ -522,7 +525,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) if(data->state.resume_from > 0) { /* We check explicitly if we have a start offset, because - * expected_size may be -1 if we don't know how large the file is, + * expected_size may be -1 if we do not know how large the file is, * in which case we should not adjust it. */ if(data->state.resume_from <= expected_size) expected_size -= data->state.resume_from; @@ -566,7 +569,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) if(!S_ISDIR(statbuf.st_mode)) { while(!result) { ssize_t nread; - /* Don't fill a whole buffer if we want less than all data */ + /* Do not fill a whole buffer if we want less than all data */ size_t bytestoread; if(size_known) { diff --git a/vendor/hydra/vendor/curl/lib/fileinfo.h b/vendor/hydra/vendor/curl/lib/fileinfo.h index ce009da0..0b3f56d9 100644 --- a/vendor/hydra/vendor/curl/lib/fileinfo.h +++ b/vendor/hydra/vendor/curl/lib/fileinfo.h @@ -30,7 +30,7 @@ struct fileinfo { struct curl_fileinfo info; - struct Curl_llist_element list; + struct Curl_llist_node list; struct dynbuf buf; }; diff --git a/vendor/hydra/vendor/curl/lib/fopen.c b/vendor/hydra/vendor/curl/lib/fopen.c index 0bdf2e11..7373e088 100644 --- a/vendor/hydra/vendor/curl/lib/fopen.c +++ b/vendor/hydra/vendor/curl/lib/fopen.c @@ -42,12 +42,12 @@ /* The dirslash() function breaks a null-terminated pathname string into directory and filename components then returns the directory component up - to, *AND INCLUDING*, a final '/'. If there is no directory in the path, + to, *AND INCLUDING*, a final '/'. If there is no directory in the path, this instead returns a "" string. This function returns a pointer to malloc'ed memory. - The input path to this function is expected to have a file name part. + The input path to this function is expected to have a filename part. */ #ifdef _WIN32 @@ -88,7 +88,7 @@ static char *dirslash(const char *path) * Curl_fopen() opens a file for writing with a temp name, to be renamed * to the final name when completed. If there is an existing file using this * name at the time of the open, this function will clone the mode from that - * file. if 'tempname' is non-NULL, it needs a rename after the file is + * file. if 'tempname' is non-NULL, it needs a rename after the file is * written. */ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, @@ -117,7 +117,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, dir = dirslash(filename); if(dir) { - /* The temp file name should not end up too long for the target file + /* The temp filename should not end up too long for the target file system */ tempstore = aprintf("%s%s.tmp", dir, randbuf); free(dir); diff --git a/vendor/hydra/vendor/curl/lib/formdata.c b/vendor/hydra/vendor/curl/lib/formdata.c index d6a1697a..c260d442 100644 --- a/vendor/hydra/vendor/curl/lib/formdata.c +++ b/vendor/hydra/vendor/curl/lib/formdata.c @@ -216,8 +216,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, struct curl_forms *forms = NULL; char *array_value = NULL; /* value read from an array */ - /* This is a state variable, that if TRUE means that we're parsing an - array that we got passed to us. If FALSE we're parsing the input + /* This is a state variable, that if TRUE means that we are parsing an + array that we got passed to us. If FALSE we are parsing the input va_list arguments. */ bool array_state = FALSE; @@ -260,7 +260,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, switch(option) { case CURLFORM_ARRAY: if(array_state) - /* we don't support an array from within an array */ + /* we do not support an array from within an array */ return_value = CURL_FORMADD_ILLEGAL_ARRAY; else { forms = va_arg(params, struct curl_forms *); @@ -327,7 +327,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, array_state?(curl_off_t)(size_t)array_value:va_arg(params, curl_off_t); break; - /* Get contents from a given file name */ + /* Get contents from a given filename */ case CURLFORM_FILECONTENT: if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE)) return_value = CURL_FORMADD_OPTION_TWICE; @@ -429,7 +429,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, array_state?array_value:va_arg(params, char *); if(userp) { current_form->userp = userp; - current_form->value = userp; /* this isn't strictly true but we + current_form->value = userp; /* this is not strictly true but we derive a value from this later on and we need this non-NULL to be accepted as a fine form part */ @@ -599,7 +599,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, } if(!(form->flags & HTTPPOST_PTRNAME) && (form == first_form) ) { - /* Note that there's small risk that form->name is NULL here if the + /* Note that there is small risk that form->name is NULL here if the app passed in a bad combo, so we better check for that first. */ if(form->name) { /* copy name (without strdup; possibly not null-terminated) */ @@ -764,7 +764,7 @@ void curl_formfree(struct curl_httppost *form) ) free(form->contents); /* free the contents */ free(form->contenttype); /* free the content type */ - free(form->showfilename); /* free the faked file name */ + free(form->showfilename); /* free the faked filename */ free(form); /* free the struct */ form = next; } while(form); /* continue */ @@ -790,10 +790,10 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) /* wrap call to fseeko so it matches the calling convention of callback */ static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) { -#if defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO) - return fseeko(stream, (off_t)offset, whence); -#elif defined(HAVE__FSEEKI64) +#if defined(HAVE__FSEEKI64) return _fseeki64(stream, (__int64)offset, whence); +#elif defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO) + return fseeko(stream, (off_t)offset, whence); #else if(offset > LONG_MAX) return -1; @@ -880,10 +880,10 @@ CURLcode Curl_getformdata(struct Curl_easy *data, if(post->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE)) { if(!strcmp(file->contents, "-")) { - /* There are a few cases where the code below won't work; in + /* There are a few cases where the code below will not work; in particular, freopen(stdin) by the caller is not guaranteed to result as expected. This feature has been kept for backward - compatibility: use of "-" pseudo file name should be avoided. */ + compatibility: use of "-" pseudo filename should be avoided. */ result = curl_mime_data_cb(part, (curl_off_t) -1, (curl_read_callback) fread, fseeko_wrapper, @@ -915,7 +915,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data, } } - /* Set fake file name. */ + /* Set fake filename. */ if(!result && post->showfilename) if(post->more || (post->flags & (HTTPPOST_FILENAME | HTTPPOST_BUFFER | HTTPPOST_CALLBACK))) diff --git a/vendor/hydra/vendor/curl/lib/formdata.h b/vendor/hydra/vendor/curl/lib/formdata.h index af466249..2ed96ffc 100644 --- a/vendor/hydra/vendor/curl/lib/formdata.h +++ b/vendor/hydra/vendor/curl/lib/formdata.h @@ -38,8 +38,8 @@ struct FormInfo { long flags; char *buffer; /* pointer to existing buffer used for file upload */ size_t bufferlength; - char *showfilename; /* The file name to show. If not set, the actual - file name will be used */ + char *showfilename; /* The filename to show. If not set, the actual + filename will be used */ char *userp; /* pointer for the read callback */ struct curl_slist *contentheader; struct FormInfo *more; diff --git a/vendor/hydra/vendor/curl/lib/ftp.c b/vendor/hydra/vendor/curl/lib/ftp.c index b88d4d7b..02477fd1 100644 --- a/vendor/hydra/vendor/curl/lib/ftp.c +++ b/vendor/hydra/vendor/curl/lib/ftp.c @@ -188,7 +188,7 @@ static CURLcode ftp_regular_transfer(struct Curl_easy *data, bool *done); #ifndef CURL_DISABLE_VERBOSE_STRINGS static void ftp_pasv_verbose(struct Curl_easy *data, struct Curl_addrinfo *ai, - char *newhost, /* ascii version */ + char *newhost, /* ASCII version */ int port); #endif static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data); @@ -290,12 +290,11 @@ const struct Curl_handler Curl_handler_ftps = { }; #endif -static void close_secondarysocket(struct Curl_easy *data, - struct connectdata *conn) +static void close_secondarysocket(struct Curl_easy *data) { CURL_TRC_FTP(data, "[%s] closing DATA connection", FTP_DSTATE(data)); Curl_conn_close(data, SECONDARYSOCKET); - Curl_conn_cf_discard_all(data, conn, SECONDARYSOCKET); + Curl_conn_cf_discard_all(data, data->conn, SECONDARYSOCKET); } /* @@ -328,7 +327,7 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost); } -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS /*********************************************************************** * * Lineend Conversions @@ -370,7 +369,6 @@ static CURLcode ftp_cw_lc_write(struct Curl_easy *data, } /* either we just wrote the newline or it is part of the next * chunk of bytes we write. */ - data->state.crlf_conversions++; ctx->newline_pending = FALSE; } @@ -401,7 +399,6 @@ static CURLcode ftp_cw_lc_write(struct Curl_easy *data, /* EndOfStream, if we have a trailing cr, now is the time to write it */ if(ctx->newline_pending) { ctx->newline_pending = FALSE; - data->state.crlf_conversions++; return Curl_cwriter_write(data, writer->next, type, &nl, 1); } /* Always pass on the EOS type indicator */ @@ -419,7 +416,7 @@ static const struct Curl_cwtype ftp_cw_lc = { sizeof(struct ftp_cw_lc_ctx) }; -#endif /* CURL_DO_LINEEND_CONV */ +#endif /* CURL_PREFER_LF_LINEENDS */ /*********************************************************************** * * AcceptServerConnect() @@ -475,7 +472,7 @@ static CURLcode AcceptServerConnect(struct Curl_easy *data) Curl_set_in_callback(data, false); if(error) { - close_secondarysocket(data, conn); + close_secondarysocket(data); return CURLE_ABORTED_BY_CALLBACK; } } @@ -649,19 +646,19 @@ static CURLcode InitiateTransfer(struct Curl_easy *data) return result; if(conn->proto.ftpc.state_saved == FTP_STOR) { - /* When we know we're uploading a specified file, we can get the file + /* When we know we are uploading a specified file, we can get the file size prior to the actual upload. */ Curl_pgrsSetUploadSize(data, data->state.infilesize); /* set the SO_SNDBUF for the secondary socket for those who need it */ - Curl_sndbufset(conn->sock[SECONDARYSOCKET]); + Curl_sndbuf_init(conn->sock[SECONDARYSOCKET]); - Curl_xfer_setup(data, -1, -1, FALSE, SECONDARYSOCKET); + Curl_xfer_setup2(data, CURL_XFER_SEND, -1, TRUE); } else { /* FTP download: */ - Curl_xfer_setup(data, SECONDARYSOCKET, - conn->proto.ftpc.retr_size_saved, FALSE, -1); + Curl_xfer_setup2(data, CURL_XFER_RECV, + conn->proto.ftpc.retr_size_saved, TRUE); } conn->proto.ftpc.pp.pending_resp = TRUE; /* expect server response */ @@ -674,7 +671,7 @@ static CURLcode InitiateTransfer(struct Curl_easy *data) * * AllowServerConnect() * - * When we've issue the PORT command, we have told the server to connect to + * When we have issue the PORT command, we have told the server to connect to * us. This function checks whether data connection is established if so it is * accepted. * @@ -806,7 +803,7 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, { /* * We cannot read just one byte per read() and then go back to select() as - * the OpenSSL read() doesn't grok that properly. + * the OpenSSL read() does not grok that properly. * * Alas, read as much as possible, split up into lines, use the ending * line in a response or continue reading. */ @@ -820,6 +817,8 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, int cache_skip = 0; int value_to_be_ignored = 0; + CURL_TRC_FTP(data, "getFTPResponse start"); + if(ftpcode) *ftpcode = 0; /* 0 for errors */ else @@ -849,37 +848,43 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, * * A caution here is that the ftp_readresp() function has a cache that may * contain pieces of a response from the previous invoke and we need to - * make sure we don't just wait for input while there is unhandled data in + * make sure we do not just wait for input while there is unhandled data in * that cache. But also, if the cache is there, we call ftp_readresp() and - * the cache wasn't good enough to continue we must not just busy-loop + * the cache was not good enough to continue we must not just busy-loop * around this function. * */ if(Curl_dyn_len(&pp->recvbuf) && (cache_skip < 2)) { /* - * There's a cache left since before. We then skipping the wait for + * There is a cache left since before. We then skipping the wait for * socket action, unless this is the same cache like the previous round * as then the cache was deemed not enough to act on and we then need to * wait for more data anyway. */ } else if(!Curl_conn_data_pending(data, FIRSTSOCKET)) { - switch(SOCKET_READABLE(sockfd, interval_ms)) { - case -1: /* select() error, stop reading */ + curl_socket_t wsock = Curl_pp_needs_flush(data, pp)? + sockfd : CURL_SOCKET_BAD; + int ev = Curl_socket_check(sockfd, CURL_SOCKET_BAD, wsock, interval_ms); + if(ev < 0) { failf(data, "FTP response aborted due to select/poll error: %d", SOCKERRNO); return CURLE_RECV_ERROR; - - case 0: /* timeout */ + } + else if(ev == 0) { if(Curl_pgrsUpdate(data)) return CURLE_ABORTED_BY_CALLBACK; continue; /* just continue in our loop for the timeout duration */ + } + } - default: /* for clarity */ + if(Curl_pp_needs_flush(data, pp)) { + result = Curl_pp_flushsend(data, pp); + if(result) break; - } } + result = ftp_readresp(data, FIRSTSOCKET, pp, ftpcode, &nread); if(result) break; @@ -895,9 +900,11 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, *nreadp += nread; - } /* while there's buffer left and loop is requested */ + } /* while there is buffer left and loop is requested */ pp->pending_resp = FALSE; + CURL_TRC_FTP(data, "getFTPResponse -> result=%d, nread=%zd, ftpcode=%d", + result, *nreadp, *ftpcode); return result; } @@ -948,7 +955,7 @@ static int ftp_domore_getsock(struct Curl_easy *data, CURL_TRC_FTP(data, "[%s] ftp_domore_getsock()", FTP_DSTATE(data)); if(FTP_STOP == ftpc->state) { - /* if stopped and still in this state, then we're also waiting for a + /* if stopped and still in this state, then we are also waiting for a connect on the secondary connection */ DEBUGASSERT(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD || (conn->cfilter[SECONDARYSOCKET] && @@ -1043,7 +1050,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, int error; char *host = NULL; char *string_ftpport = data->set.str[STRING_FTPPORT]; - struct Curl_dns_entry *h = NULL; + struct Curl_dns_entry *dns_entry = NULL; unsigned short port_min = 0; unsigned short port_max = 0; unsigned short port; @@ -1136,13 +1143,13 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, #endif ipstr, hbuf, sizeof(hbuf))) { case IF2IP_NOT_FOUND: - /* not an interface, use the given string as host name instead */ + /* not an interface, use the given string as hostname instead */ host = ipstr; break; case IF2IP_AF_NOT_SUPPORTED: goto out; case IF2IP_FOUND: - host = hbuf; /* use the hbuf for host name */ + host = hbuf; /* use the hbuf for hostname */ break; } } @@ -1153,7 +1160,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(!host) { const char *r; - /* not an interface and not a host name, get default by extracting + /* not an interface and not a hostname, get default by extracting the IP from the control connection */ sslen = sizeof(ss); if(getsockname(conn->sock[FIRSTSOCKET], sa, &sslen)) { @@ -1174,20 +1181,17 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(!r) { goto out; } - host = hbuf; /* use this host name */ + host = hbuf; /* use this hostname */ possibly_non_local = FALSE; /* we know it is local now */ } /* resolv ip/host to ip */ - rc = Curl_resolv(data, host, 0, FALSE, &h); + rc = Curl_resolv(data, host, 0, FALSE, &dns_entry); if(rc == CURLRESOLV_PENDING) - (void)Curl_resolver_wait_resolv(data, &h); - if(h) { - res = h->addr; - /* when we return from this function, we can forget about this entry - to we can unlock it now already */ - Curl_resolv_unlock(data, h); - } /* (h) */ + (void)Curl_resolver_wait_resolv(data, &dns_entry); + if(dns_entry) { + res = dns_entry->addr; + } else res = NULL; /* failure! */ @@ -1232,7 +1236,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, /* It failed. */ error = SOCKERRNO; if(possibly_non_local && (error == EADDRNOTAVAIL)) { - /* The requested bind address is not local. Use the address used for + /* The requested bind address is not local. Use the address used for * the control connection instead and restart the port loop */ infof(data, "bind(port=%hu) on non-local address failed: %s", port, @@ -1245,7 +1249,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, goto out; } port = port_min; - possibly_non_local = FALSE; /* don't try this again */ + possibly_non_local = FALSE; /* do not try this again */ continue; } if(error != EADDRINUSE && error != EACCES) { @@ -1355,7 +1359,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, char *dest = target; /* translate x.x.x.x to x,x,x,x */ - while(source && *source) { + while(*source) { if(*source == '.') *dest = ','; else @@ -1382,6 +1386,9 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, ftp_state(data, FTP_PORT); out: + /* If we looked up a dns_entry, now is the time to safely release it */ + if(dns_entry) + Curl_resolv_unlink(data, &dns_entry); if(result) { ftp_state(data, FTP_STOP); } @@ -1444,7 +1451,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data) struct connectdata *conn = data->conn; if(ftp->transfer != PPTRANSFER_BODY) { - /* doesn't transfer any data */ + /* does not transfer any data */ /* still possibly do PRE QUOTE jobs */ ftp_state(data, FTP_RETR_PREQUOTE); @@ -1512,7 +1519,7 @@ static CURLcode ftp_state_size(struct Curl_easy *data, if((ftp->transfer == PPTRANSFER_INFO) && ftpc->file) { /* if a "head"-like request is being made (on a file) */ - /* we know ftpc->file is a valid pointer to a file name */ + /* we know ftpc->file is a valid pointer to a filename */ result = Curl_pp_sendf(data, &ftpc->pp, "SIZE %s", ftpc->file); if(!result) ftp_state(data, FTP_SIZE); @@ -1590,13 +1597,13 @@ static CURLcode ftp_state_list(struct Curl_easy *data) static CURLcode ftp_state_retr_prequote(struct Curl_easy *data) { - /* We've sent the TYPE, now we must send the list of prequote strings */ + /* We have sent the TYPE, now we must send the list of prequote strings */ return ftp_state_quote(data, TRUE, FTP_RETR_PREQUOTE); } static CURLcode ftp_state_stor_prequote(struct Curl_easy *data) { - /* We've sent the TYPE, now we must send the list of prequote strings */ + /* We have sent the TYPE, now we must send the list of prequote strings */ return ftp_state_quote(data, TRUE, FTP_STOR_PREQUOTE); } @@ -1608,7 +1615,7 @@ static CURLcode ftp_state_type(struct Curl_easy *data) struct ftp_conn *ftpc = &conn->proto.ftpc; /* If we have selected NOBODY and HEADER, it means that we only want file - information. Which in FTP can't be much more than the file size and + information. Which in FTP cannot be much more than the file size and date. */ if(data->req.no_body && ftpc->file && ftp_need_type(conn, data->state.prefer_ascii)) { @@ -1668,13 +1675,13 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, if((data->state.resume_from && !sizechecked) || ((data->state.resume_from > 0) && sizechecked)) { - /* we're about to continue the uploading of a file */ + /* we are about to continue the uploading of a file */ /* 1. get already existing file's size. We use the SIZE command for this which may not exist in the server! The SIZE command is not in RFC959. */ /* 2. This used to set REST. But since we can do append, we - don't another ftp command. We just skip the source file + do not another ftp command. We just skip the source file offset and then we APPEND the rest on the file instead */ /* 3. pass file-size number of bytes in the source file */ @@ -1707,7 +1714,7 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, failf(data, "Could not seek stream"); return CURLE_FTP_COULDNT_USE_REST; } - /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { char scratch[4*1024]; size_t readthisamountnow = @@ -1736,17 +1743,17 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, infof(data, "File already completely uploaded"); /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); - /* Set ->transfer so that we won't get any error in - * ftp_done() because we didn't transfer anything! */ + /* Set ->transfer so that we will not get any error in + * ftp_done() because we did not transfer anything! */ ftp->transfer = PPTRANSFER_NONE; ftp_state(data, FTP_STOP); return CURLE_OK; } } - /* we've passed, proceed as normal */ + /* we have passed, proceed as normal */ } /* resume_from */ result = Curl_pp_sendf(data, &ftpc->pp, append?"APPE %s":"STOR %s", @@ -1835,16 +1842,16 @@ static CURLcode ftp_state_quote(struct Curl_easy *data, } else { if(data->set.ignorecl || data->state.prefer_ascii) { - /* 'ignorecl' is used to support download of growing files. It + /* 'ignorecl' is used to support download of growing files. It prevents the state machine from requesting the file size from - the server. With an unknown file size the download continues + the server. With an unknown file size the download continues until the server terminates it, otherwise the client stops if - the received byte count exceeds the reported file size. Set + the received byte count exceeds the reported file size. Set option CURLOPT_IGNORE_CONTENT_LENGTH to 1 to enable this behavior. In addition: asking for the size for 'TYPE A' transfers is not - constructive since servers don't report the converted size. So + constructive since servers do not report the converted size. So skip it. */ result = Curl_pp_sendf(data, &ftpc->pp, "RETR %s", ftpc->file); @@ -1882,7 +1889,7 @@ static CURLcode ftp_epsv_disable(struct Curl_easy *data, && !(conn->bits.tunnel_proxy || conn->bits.socksproxy) #endif ) { - /* We can't disable EPSV when doing IPv6, so this is instead a fail */ + /* We cannot disable EPSV when doing IPv6, so this is instead a fail */ failf(data, "Failed EPSV attempt, exiting"); return CURLE_WEIRD_SERVER_REPLY; } @@ -1907,7 +1914,7 @@ static CURLcode ftp_epsv_disable(struct Curl_easy *data, static char *control_address(struct connectdata *conn) { /* Returns the control connection IP address. - If a proxy tunnel is used, returns the original host name instead, because + If a proxy tunnel is used, returns the original hostname instead, because the effective control connection address is the proxy address, not the ftp host. */ #ifndef CURL_DISABLE_PROXY @@ -2046,7 +2053,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, if(conn->bits.proxy) { /* * This connection uses a proxy and we need to connect to the proxy again - * here. We don't want to rely on a former host lookup that might've + * here. We do not want to rely on a former host lookup that might've * expired now, instead we remake the lookup here and now! */ const char * const host_name = conn->bits.socksproxy ? @@ -2061,7 +2068,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, connectport = (unsigned short)conn->primary.remote_port; if(!addr) { - failf(data, "Can't resolve proxy host %s:%hu", host_name, connectport); + failf(data, "cannot resolve proxy host %s:%hu", host_name, connectport); return CURLE_COULDNT_RESOLVE_PROXY; } } @@ -2073,7 +2080,6 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, /* postponed address resolution in case of tcp fastopen */ if(conn->bits.tcp_fastopen && !conn->bits.reuse && !ftpc->newhost[0]) { - Curl_conn_ev_update_info(data, conn); Curl_safefree(ftpc->newhost); ftpc->newhost = strdup(control_address(conn)); if(!ftpc->newhost) @@ -2088,7 +2094,8 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, connectport = ftpc->newport; /* we connect to the remote port */ if(!addr) { - failf(data, "Can't resolve new host %s:%hu", ftpc->newhost, connectport); + failf(data, "cannot resolve new host %s:%hu", + ftpc->newhost, connectport); return CURLE_FTP_CANT_GET_HOST; } } @@ -2098,7 +2105,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, CURL_CF_SSL_ENABLE : CURL_CF_SSL_DISABLE); if(result) { - Curl_resolv_unlock(data, addr); /* we're done using this address */ + Curl_resolv_unlink(data, &addr); /* we are done using this address */ if(ftpc->count1 == 0 && ftpcode == 229) return ftp_epsv_disable(data, conn); @@ -2116,7 +2123,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, /* this just dumps information about this second connection */ ftp_pasv_verbose(data, addr->addr, ftpc->newhost, connectport); - Curl_resolv_unlock(data, addr); /* we're done using this address */ + Curl_resolv_unlink(data, &addr); /* we are done using this address */ Curl_safefree(conn->secondaryhostname); conn->secondary_port = ftpc->newport; @@ -2204,7 +2211,7 @@ static CURLcode client_write_header(struct Curl_easy *data, * call to Curl_client_write() so it does the right thing. * * Notice that we cannot enable this flag for FTP in general, - * as an FTP transfer might involve a HTTP proxy connection and + * as an FTP transfer might involve an HTTP proxy connection and * headers from CONNECT should not automatically be part of the * output. */ CURLcode result; @@ -2371,20 +2378,20 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, /* We always (attempt to) get the size of downloads, so it is done before this even when not doing resumes. */ if(filesize == -1) { - infof(data, "ftp server doesn't support SIZE"); - /* We couldn't get the size and therefore we can't know if there really + infof(data, "ftp server does not support SIZE"); + /* We could not get the size and therefore we cannot know if there really is a part of the file left to get, although the server will just - close the connection when we start the connection so it won't cause + close the connection when we start the connection so it will not cause us any harm, just not make us exit as nicely. */ } else { /* We got a file size report, so we check that there actually is a part of the file left to get, or else we go home. */ if(data->state.resume_from< 0) { - /* We're supposed to download the last abs(from) bytes */ + /* We are supposed to download the last abs(from) bytes */ if(filesize < -data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2395,8 +2402,8 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, } else { if(filesize < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2407,21 +2414,21 @@ static CURLcode ftp_state_retr(struct Curl_easy *data, if(ftp->downloadsize == 0) { /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); infof(data, "File already completely downloaded"); - /* Set ->transfer so that we won't get any error in ftp_done() - * because we didn't transfer the any file */ + /* Set ->transfer so that we will not get any error in ftp_done() + * because we did not transfer the any file */ ftp->transfer = PPTRANSFER_NONE; ftp_state(data, FTP_STOP); return CURLE_OK; } /* Set resume file transfer offset */ - infof(data, "Instructs server to resume from offset %" - CURL_FORMAT_CURL_OFF_T, data->state.resume_from); + infof(data, "Instructs server to resume from offset %" FMT_OFF_T, + data->state.resume_from); - result = Curl_pp_sendf(data, &ftpc->pp, "REST %" CURL_FORMAT_CURL_OFF_T, + result = Curl_pp_sendf(data, &ftpc->pp, "REST %" FMT_OFF_T, data->state.resume_from); if(!result) ftp_state(data, FTP_RETR_REST); @@ -2479,7 +2486,7 @@ static CURLcode ftp_state_size_resp(struct Curl_easy *data, if(-1 != filesize) { char clbuf[128]; int clbuflen = msnprintf(clbuf, sizeof(clbuf), - "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", filesize); + "Content-Length: %" FMT_OFF_T "\r\n", filesize); result = client_write_header(data, clbuf, clbuflen); if(result) return result; @@ -2619,7 +2626,7 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, !data->set.ignorecl && (ftp->downloadsize < 1)) { /* - * It seems directory listings either don't show the size or very + * It seems directory listings either do not show the size or very * often uses size 0 anyway. ASCII transfers may very well turn out * that the transferred amount of data is not the same as this line * tells, why using this number in those cases only confuses us. @@ -2659,12 +2666,10 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, else if((instate != FTP_LIST) && (data->state.prefer_ascii)) size = -1; /* kludge for servers that understate ASCII mode file size */ - infof(data, "Maxdownload = %" CURL_FORMAT_CURL_OFF_T, - data->req.maxdownload); + infof(data, "Maxdownload = %" FMT_OFF_T, data->req.maxdownload); if(instate != FTP_LIST) - infof(data, "Getting file with size: %" CURL_FORMAT_CURL_OFF_T, - size); + infof(data, "Getting file with size: %" FMT_OFF_T, size); /* FTP download: */ conn->proto.ftpc.state_saved = instate; @@ -2690,7 +2695,7 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, else { if((instate == FTP_LIST) && (ftpcode == 450)) { /* simply no matching files in the dir listing */ - ftp->transfer = PPTRANSFER_NONE; /* don't download anything */ + ftp->transfer = PPTRANSFER_NONE; /* do not download anything */ ftp_state(data, FTP_STOP); /* this phase is over */ } else { @@ -2777,7 +2782,7 @@ static CURLcode ftp_state_user_resp(struct Curl_easy *data, if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER] && !ftpc->ftp_trying_alternative) { - /* Ok, USER failed. Let's try the supplied command. */ + /* Ok, USER failed. Let's try the supplied command. */ result = Curl_pp_sendf(data, &ftpc->pp, "%s", data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]); @@ -2863,7 +2868,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, #endif if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) { - /* We don't have a SSL/TLS control connection yet, but FTPS is + /* We do not have a SSL/TLS control connection yet, but FTPS is requested. Try a FTPS connection now */ ftpc->count3 = 0; @@ -2880,7 +2885,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, default: failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d", (int)data->set.ftpsslauth); - return CURLE_UNKNOWN_OPTION; /* we don't know what to do */ + return CURLE_UNKNOWN_OPTION; /* we do not know what to do */ } result = Curl_pp_sendf(data, &ftpc->pp, "AUTH %s", ftpauth[ftpc->count1]); @@ -2980,7 +2985,13 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_CCC: if(ftpcode < 500) { /* First shut down the SSL layer (note: this call will block) */ - result = Curl_ssl_cfilter_remove(data, FIRSTSOCKET); + /* This has only been tested on the proftpd server, and the mod_tls + * code sends a close notify alert without waiting for a close notify + * alert in response. Thus we wait for a close notify alert from the + * server, but we do not send one. Let's hope other servers do + * the same... */ + result = Curl_ssl_cfilter_remove(data, FIRSTSOCKET, + (data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)); if(result) failf(data, "Failed to clear the command channel (CCC)"); @@ -3069,7 +3080,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, data->state.most_recent_ftp_entrypath = ftpc->entrypath; } else { - /* couldn't get the path */ + /* could not get the path */ Curl_dyn_free(&out); infof(data, "Failed to figure out path"); } @@ -3168,7 +3179,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, else { /* return failure */ failf(data, "Server denied you to change to the given directory"); - ftpc->cwdfail = TRUE; /* don't remember this path as we failed + ftpc->cwdfail = TRUE; /* do not remember this path as we failed to enter it */ result = CURLE_REMOTE_ACCESS_DENIED; } @@ -3373,7 +3384,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, case CURLE_REMOTE_FILE_NOT_FOUND: case CURLE_WRITE_ERROR: /* the connection stays alive fine even though this happened */ - case CURLE_OK: /* doesn't affect the control connection's status */ + case CURLE_OK: /* does not affect the control connection's status */ if(!premature) break; @@ -3439,7 +3450,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, /* free the dir tree and file parts */ freedirs(ftpc); - /* shut down the socket to inform the server we're done */ + /* shut down the socket to inform the server we are done */ #ifdef _WIN32_WCE shutdown(conn->sock[SECONDARYSOCKET], 2); /* SD_BOTH */ @@ -3457,7 +3468,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, } } - close_secondarysocket(data, conn); + close_secondarysocket(data); } if(!result && (ftp->transfer == PPTRANSFER_BODY) && ftpc->ctl_valid && @@ -3523,8 +3534,8 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, (data->state.infilesize != data->req.writebytecount) && !data->set.crlf && (ftp->transfer == PPTRANSFER_BODY)) { - failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T - " out of %" CURL_FORMAT_CURL_OFF_T " bytes)", + failf(data, "Uploaded unaligned file size (%" FMT_OFF_T + " out of %" FMT_OFF_T " bytes)", data->req.writebytecount, data->state.infilesize); result = CURLE_PARTIAL_FILE; } @@ -3532,17 +3543,9 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, else { if((-1 != data->req.size) && (data->req.size != data->req.bytecount) && -#ifdef CURL_DO_LINEEND_CONV - /* Most FTP servers don't adjust their file SIZE response for CRLFs, so - * we'll check to see if the discrepancy can be explained by the number - * of CRLFs we've changed to LFs. - */ - ((data->req.size + data->state.crlf_conversions) != - data->req.bytecount) && -#endif /* CURL_DO_LINEEND_CONV */ (data->req.maxdownload != data->req.bytecount)) { - failf(data, "Received only partial file: %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.bytecount); + failf(data, "Received only partial file: %" FMT_OFF_T " bytes", + data->req.bytecount); result = CURLE_PARTIAL_FILE; } else if(!ftpc->dont_check && @@ -3670,7 +3673,7 @@ static CURLcode ftp_nb_type(struct Curl_easy *data, * ftp_pasv_verbose() * * This function only outputs some informationals about this second connection - * when we've issued a PASV command before and thus we have connected to a + * when we have issued a PASV command before and thus we have connected to a * possibly new IP address. * */ @@ -3678,7 +3681,7 @@ static CURLcode ftp_nb_type(struct Curl_easy *data, static void ftp_pasv_verbose(struct Curl_easy *data, struct Curl_addrinfo *ai, - char *newhost, /* ascii version */ + char *newhost, /* ASCII version */ int port) { char buf[256]; @@ -3711,7 +3714,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) * complete */ struct FTP *ftp = NULL; - /* if the second connection isn't done yet, wait for it to have + /* if the second connection is not done yet, wait for it to have * connected to the remote host. When using proxy tunneling, this * means the tunnel needs to have been establish. However, we * can not expect the remote host to talk to us in any way yet. @@ -3739,20 +3742,20 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) *completep = (int)complete; - /* if we got an error or if we don't wait for a data connection return + /* if we got an error or if we do not wait for a data connection return immediately */ if(result || !ftpc->wait_data_conn) return result; /* if we reach the end of the FTP state machine here, *complete will be TRUE but so is ftpc->wait_data_conn, which says we need to wait for the - data connection and therefore we're not actually complete */ + data connection and therefore we are not actually complete */ *completep = 0; } if(ftp->transfer <= PPTRANSFER_INFO) { - /* a transfer is about to take place, or if not a file name was given - so we'll do a SIZE on it later and then we need the right TYPE first */ + /* a transfer is about to take place, or if not a filename was given so we + will do a SIZE on it later and then we need the right TYPE first */ if(ftpc->wait_data_conn) { bool serv_conned; @@ -3791,7 +3794,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) result = Curl_range(data); if(result == CURLE_OK && data->req.maxdownload >= 0) { - /* Don't check for successful transfer */ + /* Do not check for successful transfer */ ftpc->dont_check = TRUE; } @@ -3824,7 +3827,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep) } /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); if(!ftpc->wait_data_conn) { /* no waiting for the data connection so this is now complete */ @@ -3955,7 +3958,7 @@ static CURLcode init_wc_data(struct Curl_easy *data) if(data->set.ftp_filemethod == FTPFILE_NOCWD) data->set.ftp_filemethod = FTPFILE_MULTICWD; - /* try to parse ftp url */ + /* try to parse ftp URL */ result = ftp_parse_url_path(data); if(result) { goto fail; @@ -4021,7 +4024,7 @@ static CURLcode wc_statemach(struct Curl_easy *data) wildcard->state = CURLWC_CLEAN; continue; } - if(wildcard->filelist.size == 0) { + if(Curl_llist_count(&wildcard->filelist) == 0) { /* no corresponding file */ wildcard->state = CURLWC_CLEAN; return CURLE_REMOTE_FILE_NOT_FOUND; @@ -4032,7 +4035,8 @@ static CURLcode wc_statemach(struct Curl_easy *data) case CURLWC_DOWNLOADING: { /* filelist has at least one file, lets get first one */ struct ftp_conn *ftpc = &conn->proto.ftpc; - struct curl_fileinfo *finfo = wildcard->filelist.head->ptr; + struct Curl_llist_node *head = Curl_llist_head(&wildcard->filelist); + struct curl_fileinfo *finfo = Curl_node_elem(head); struct FTP *ftp = data->req.p.ftp; char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename); @@ -4048,7 +4052,8 @@ static CURLcode wc_statemach(struct Curl_easy *data) long userresponse; Curl_set_in_callback(data, true); userresponse = data->set.chunk_bgn( - finfo, data->set.wildcardptr, (int)wildcard->filelist.size); + finfo, data->set.wildcardptr, + (int)Curl_llist_count(&wildcard->filelist)); Curl_set_in_callback(data, false); switch(userresponse) { case CURL_CHUNK_BGN_FUNC_SKIP: @@ -4073,10 +4078,11 @@ static CURLcode wc_statemach(struct Curl_easy *data) if(result) return result; - /* we don't need the Curl_fileinfo of first file anymore */ - Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); + /* we do not need the Curl_fileinfo of first file anymore */ + Curl_node_remove(Curl_llist_head(&wildcard->filelist)); - if(wildcard->filelist.size == 0) { /* remains only one file to down. */ + if(Curl_llist_count(&wildcard->filelist) == 0) { + /* remains only one file to down. */ wildcard->state = CURLWC_CLEAN; /* after that will be ftp_do called once again and no transfer will be done because of CURLWC_CLEAN state */ @@ -4091,8 +4097,8 @@ static CURLcode wc_statemach(struct Curl_easy *data) data->set.chunk_end(data->set.wildcardptr); Curl_set_in_callback(data, false); } - Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL); - wildcard->state = (wildcard->filelist.size == 0) ? + Curl_node_remove(Curl_llist_head(&wildcard->filelist)); + wildcard->state = (Curl_llist_count(&wildcard->filelist) == 0) ? CURLWC_CLEAN : CURLWC_DOWNLOADING; continue; } @@ -4138,7 +4144,7 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) *done = FALSE; /* default to false */ ftpc->wait_data_conn = FALSE; /* default to no such wait */ -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS { /* FTP data may need conversion. */ struct Curl_cwriter *ftp_lc_writer; @@ -4154,7 +4160,7 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) return result; } } -#endif /* CURL_DO_LINEEND_CONV */ +#endif /* CURL_PREFER_LF_LINEENDS */ if(data->state.wildcardmatch) { result = wc_statemach(data); @@ -4228,7 +4234,7 @@ static CURLcode ftp_disconnect(struct Curl_easy *data, bad in any way, sending quit and waiting around here will make the disconnect wait in vain and cause more problems than we need to. - ftp_quit() will check the state of ftp->ctl_valid. If it's ok it + ftp_quit() will check the state of ftp->ctl_valid. If it is ok it will try to send the QUIT command, otherwise it will just return. */ if(dead_connection) @@ -4323,10 +4329,10 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) } ftpc->dirdepth = 1; /* we consider it to be a single dir */ - fileName = slashPos + 1; /* rest is file name */ + fileName = slashPos + 1; /* rest is filename */ } else - fileName = rawPath; /* file name only (or empty) */ + fileName = rawPath; /* filename only (or empty) */ break; default: /* allow pretty much anything */ @@ -4357,7 +4363,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) ++compLen; /* we skip empty path components, like "x//y" since the FTP command - CWD requires a parameter and a non-existent parameter a) doesn't + CWD requires a parameter and a non-existent parameter a) does not work on many servers and b) has no effect on the others. */ if(compLen > 0) { char *comp = Curl_memdup0(curPos, compLen); @@ -4371,7 +4377,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) } } DEBUGASSERT((size_t)ftpc->dirdepth <= dirAlloc); - fileName = curPos; /* the rest is the file name (or empty) */ + fileName = curPos; /* the rest is the filename (or empty) */ } break; } /* switch */ @@ -4383,8 +4389,8 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) we make it a NULL pointer */ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { - /* We need a file name when uploading. Return error! */ - failf(data, "Uploading to a URL without a file name"); + /* We need a filename when uploading. Return error! */ + failf(data, "Uploading to a URL without a filename"); free(rawPath); return CURLE_URL_MALFORMAT; } @@ -4425,16 +4431,16 @@ static CURLcode ftp_dophase_done(struct Curl_easy *data, bool connected) CURLcode result = ftp_do_more(data, &completed); if(result) { - close_secondarysocket(data, conn); + close_secondarysocket(data); return result; } } if(ftp->transfer != PPTRANSFER_BODY) /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); else if(!connected) - /* since we didn't connect now, we want do_more to get called */ + /* since we did not connect now, we want do_more to get called */ conn->bits.do_more = TRUE; ftpc->ctl_valid = TRUE; /* seems good */ @@ -4539,10 +4545,10 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, } data->req.p.ftp = ftp; - ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ + ftp->path = &data->state.up.path[1]; /* do not include the initial slash */ /* FTP URLs support an extension like ";type=" that - * we'll try to get now! */ + * we will try to get now! */ type = strstr(ftp->path, ";type="); if(!type) diff --git a/vendor/hydra/vendor/curl/lib/ftp.h b/vendor/hydra/vendor/curl/lib/ftp.h index 977fc883..3d0af015 100644 --- a/vendor/hydra/vendor/curl/lib/ftp.h +++ b/vendor/hydra/vendor/curl/lib/ftp.h @@ -61,7 +61,7 @@ enum { FTP_STOR_PREQUOTE, FTP_POSTQUOTE, FTP_CWD, /* change dir */ - FTP_MKD, /* if the dir didn't exist */ + FTP_MKD, /* if the dir did not exist */ FTP_MDTM, /* to figure out the datestamp */ FTP_TYPE, /* to set type when doing a head-like request */ FTP_LIST_TYPE, /* set type when about to do a dir list */ @@ -123,7 +123,7 @@ struct ftp_conn { char *account; char *alternative_to_user; char *entrypath; /* the PWD reply when we logged on */ - char *file; /* url-decoded file name (or path) */ + char *file; /* url-decoded filename (or path) */ char **dirs; /* realloc()ed array for path components */ char *newhost; char *prevpath; /* url-decoded conn->path from the previous transfer */ @@ -139,7 +139,7 @@ struct ftp_conn { int count1; /* general purpose counter for the state machine */ int count2; /* general purpose counter for the state machine */ int count3; /* general purpose counter for the state machine */ - /* newhost is the (allocated) IP addr or host name to connect the data + /* newhost is the (allocated) IP addr or hostname to connect the data connection to */ unsigned short newport; ftpstate state; /* always use ftp.c:state() to change state! */ diff --git a/vendor/hydra/vendor/curl/lib/getenv.c b/vendor/hydra/vendor/curl/lib/getenv.c index 48ee9722..49a2e50f 100644 --- a/vendor/hydra/vendor/curl/lib/getenv.c +++ b/vendor/hydra/vendor/curl/lib/getenv.c @@ -37,7 +37,7 @@ static char *GetEnv(const char *variable) return NULL; #elif defined(_WIN32) /* This uses Windows API instead of C runtime getenv() to get the environment - variable since some changes aren't always visible to the latter. #4774 */ + variable since some changes are not always visible to the latter. #4774 */ char *buf = NULL; char *tmp; DWORD bufsize; @@ -54,8 +54,8 @@ static char *GetEnv(const char *variable) buf = tmp; bufsize = rc; - /* It's possible for rc to be 0 if the variable was found but empty. - Since getenv doesn't make that distinction we ignore it as well. */ + /* it is possible for rc to be 0 if the variable was found but empty. + Since getenv does not make that distinction we ignore it as well. */ rc = GetEnvironmentVariableA(variable, buf, bufsize); if(!rc || rc == bufsize || rc > max) { free(buf); diff --git a/vendor/hydra/vendor/curl/lib/getinfo.c b/vendor/hydra/vendor/curl/lib/getinfo.c index e423f0b2..71461015 100644 --- a/vendor/hydra/vendor/curl/lib/getinfo.c +++ b/vendor/hydra/vendor/curl/lib/getinfo.c @@ -53,6 +53,7 @@ CURLcode Curl_initinfo(struct Curl_easy *data) pro->t_connect = 0; pro->t_appconnect = 0; pro->t_pretransfer = 0; + pro->t_posttransfer = 0; pro->t_starttransfer = 0; pro->timespent = 0; pro->t_redirect = 0; @@ -76,10 +77,9 @@ CURLcode Curl_initinfo(struct Curl_easy *data) free(info->wouldredirect); info->wouldredirect = NULL; - info->primary.remote_ip[0] = '\0'; - info->primary.local_ip[0] = '\0'; - info->primary.remote_port = 0; - info->primary.local_port = 0; + memset(&info->primary, 0, sizeof(info->primary)); + info->primary.remote_port = -1; + info->primary.local_port = -1; info->retry_after = 0; info->conn_scheme = 0; @@ -204,7 +204,7 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, #ifdef DEBUGBUILD char *timestr = getenv("CURL_TIME"); if(timestr) { - unsigned long val = strtol(timestr, NULL, 10); + unsigned long val = strtoul(timestr, NULL, 10); switch(info) { case CURLINFO_LOCAL_PORT: *param_longp = (long)val; @@ -216,7 +216,7 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, /* use another variable for this to allow different values */ timestr = getenv("CURL_DEBUG_SIZE"); if(timestr) { - unsigned long val = strtol(timestr, NULL, 10); + unsigned long val = strtoul(timestr, NULL, 10); switch(info) { case CURLINFO_HEADER_SIZE: case CURLINFO_REQUEST_SIZE: @@ -252,11 +252,13 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, case CURLINFO_SSL_VERIFYRESULT: *param_longp = data->set.ssl.certverifyresult; break; -#ifndef CURL_DISABLE_PROXY case CURLINFO_PROXY_SSL_VERIFYRESULT: +#ifndef CURL_DISABLE_PROXY *param_longp = data->set.proxy_ssl.certverifyresult; - break; +#else + *param_longp = 0; #endif + break; case CURLINFO_REDIRECT_COUNT: *param_longp = data->state.followlocation; break; @@ -277,8 +279,8 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, case CURLINFO_LASTSOCKET: sockfd = Curl_getconnectinfo(data, NULL); - /* note: this is not a good conversion for systems with 64 bit sockets and - 32 bit longs */ + /* note: this is not a good conversion for systems with 64-bit sockets and + 32-bit longs */ if(sockfd != CURL_SOCKET_BAD) *param_longp = (long)sockfd; else @@ -314,6 +316,12 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, case CURLINFO_RTSP_CSEQ_RECV: *param_longp = data->state.rtsp_CSeq_recv; break; +#else + case CURLINFO_RTSP_CLIENT_CSEQ: + case CURLINFO_RTSP_SERVER_CSEQ: + case CURLINFO_RTSP_CSEQ_RECV: + *param_longp = 0; + break; #endif case CURLINFO_HTTP_VERSION: switch(data->info.httpversion) { @@ -335,7 +343,7 @@ static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info, } break; case CURLINFO_PROTOCOL: - *param_longp = data->info.conn_protocol; + *param_longp = (long)data->info.conn_protocol; break; case CURLINFO_USED_PROXY: *param_longp = @@ -361,13 +369,14 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, #ifdef DEBUGBUILD char *timestr = getenv("CURL_TIME"); if(timestr) { - unsigned long val = strtol(timestr, NULL, 10); + unsigned long val = strtoul(timestr, NULL, 10); switch(info) { case CURLINFO_TOTAL_TIME_T: case CURLINFO_NAMELOOKUP_TIME_T: case CURLINFO_CONNECT_TIME_T: case CURLINFO_APPCONNECT_TIME_T: case CURLINFO_PRETRANSFER_TIME_T: + case CURLINFO_POSTTRANSFER_TIME_T: case CURLINFO_STARTTRANSFER_TIME_T: case CURLINFO_REDIRECT_TIME_T: case CURLINFO_SPEED_DOWNLOAD_T: @@ -384,24 +393,24 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, *param_offt = (curl_off_t)data->info.filetime; break; case CURLINFO_SIZE_UPLOAD_T: - *param_offt = data->progress.uploaded; + *param_offt = data->progress.ul.cur_size; break; case CURLINFO_SIZE_DOWNLOAD_T: - *param_offt = data->progress.downloaded; + *param_offt = data->progress.dl.cur_size; break; case CURLINFO_SPEED_DOWNLOAD_T: - *param_offt = data->progress.dlspeed; + *param_offt = data->progress.dl.speed; break; case CURLINFO_SPEED_UPLOAD_T: - *param_offt = data->progress.ulspeed; + *param_offt = data->progress.ul.speed; break; case CURLINFO_CONTENT_LENGTH_DOWNLOAD_T: *param_offt = (data->progress.flags & PGRS_DL_SIZE_KNOWN)? - data->progress.size_dl:-1; + data->progress.dl.total_size:-1; break; case CURLINFO_CONTENT_LENGTH_UPLOAD_T: *param_offt = (data->progress.flags & PGRS_UL_SIZE_KNOWN)? - data->progress.size_ul:-1; + data->progress.ul.total_size:-1; break; case CURLINFO_TOTAL_TIME_T: *param_offt = data->progress.timespent; @@ -418,6 +427,9 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, case CURLINFO_PRETRANSFER_TIME_T: *param_offt = data->progress.t_pretransfer; break; + case CURLINFO_POSTTRANSFER_TIME_T: + *param_offt = data->progress.t_posttransfer; + break; case CURLINFO_STARTTRANSFER_TIME_T: *param_offt = data->progress.t_starttransfer; break; @@ -450,7 +462,7 @@ static CURLcode getinfo_double(struct Curl_easy *data, CURLINFO info, #ifdef DEBUGBUILD char *timestr = getenv("CURL_TIME"); if(timestr) { - unsigned long val = strtol(timestr, NULL, 10); + unsigned long val = strtoul(timestr, NULL, 10); switch(info) { case CURLINFO_TOTAL_TIME: case CURLINFO_NAMELOOKUP_TIME: @@ -488,24 +500,24 @@ static CURLcode getinfo_double(struct Curl_easy *data, CURLINFO info, *param_doublep = DOUBLE_SECS(data->progress.t_starttransfer); break; case CURLINFO_SIZE_UPLOAD: - *param_doublep = (double)data->progress.uploaded; + *param_doublep = (double)data->progress.ul.cur_size; break; case CURLINFO_SIZE_DOWNLOAD: - *param_doublep = (double)data->progress.downloaded; + *param_doublep = (double)data->progress.dl.cur_size; break; case CURLINFO_SPEED_DOWNLOAD: - *param_doublep = (double)data->progress.dlspeed; + *param_doublep = (double)data->progress.dl.speed; break; case CURLINFO_SPEED_UPLOAD: - *param_doublep = (double)data->progress.ulspeed; + *param_doublep = (double)data->progress.ul.speed; break; case CURLINFO_CONTENT_LENGTH_DOWNLOAD: *param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN)? - (double)data->progress.size_dl:-1; + (double)data->progress.dl.total_size:-1; break; case CURLINFO_CONTENT_LENGTH_UPLOAD: *param_doublep = (data->progress.flags & PGRS_UL_SIZE_KNOWN)? - (double)data->progress.size_ul:-1; + (double)data->progress.ul.total_size:-1; break; case CURLINFO_REDIRECT_TIME: *param_doublep = DOUBLE_SECS(data->progress.t_redirect); diff --git a/vendor/hydra/vendor/curl/lib/gopher.c b/vendor/hydra/vendor/curl/lib/gopher.c index 311bd379..051e6e7a 100644 --- a/vendor/hydra/vendor/curl/lib/gopher.c +++ b/vendor/hydra/vendor/curl/lib/gopher.c @@ -187,7 +187,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) if(strlen(sel) < 1) break; - result = Curl_xfer_send(data, sel, k, &amount); + result = Curl_xfer_send(data, sel, k, FALSE, &amount); if(!result) { /* Which may not have written it all! */ result = Curl_client_write(data, CLIENTWRITE_HEADER, sel, amount); if(result) @@ -209,9 +209,9 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) if(!timeout_ms) timeout_ms = TIMEDIFF_T_MAX; - /* Don't busyloop. The entire loop thing is a work-around as it causes a + /* Do not busyloop. The entire loop thing is a work-around as it causes a BLOCKING behavior which is a NO-NO. This function should rather be - split up in a do and a doing piece where the pieces that aren't + split up in a do and a doing piece where the pieces that are not possible to send now will be sent in the doing function repeatedly until the entire request is sent. */ @@ -229,7 +229,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) free(sel_org); if(!result) - result = Curl_xfer_send(data, "\r\n", 2, &amount); + result = Curl_xfer_send(data, "\r\n", 2, FALSE, &amount); if(result) { failf(data, "Failed sending Gopher request"); return result; @@ -238,7 +238,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) if(result) return result; - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); return CURLE_OK; } #endif /* CURL_DISABLE_GOPHER */ diff --git a/vendor/hydra/vendor/curl/lib/hash.c b/vendor/hydra/vendor/curl/lib/hash.c index ddbae4d3..1910ac5d 100644 --- a/vendor/hydra/vendor/curl/lib/hash.c +++ b/vendor/hydra/vendor/curl/lib/hash.c @@ -33,6 +33,10 @@ /* The last #include file should be: */ #include "memdebug.h" +/* random patterns for API verification */ +#define HASHINIT 0x7017e781 +#define ITERINIT 0x5FEDCBA9 + static void hash_element_dtor(void *user, void *element) { @@ -40,7 +44,10 @@ hash_element_dtor(void *user, void *element) struct Curl_hash_element *e = (struct Curl_hash_element *) element; if(e->ptr) { - h->dtor(e->ptr); + if(e->dtor) + e->dtor(e->key, e->key_len, e->ptr); + else + h->dtor(e->ptr); e->ptr = NULL; } @@ -74,10 +81,14 @@ Curl_hash_init(struct Curl_hash *h, h->dtor = dtor; h->size = 0; h->slots = slots; +#ifdef DEBUGBUILD + h->init = HASHINIT; +#endif } static struct Curl_hash_element * -mk_hash_element(const void *key, size_t key_len, const void *p) +mk_hash_element(const void *key, size_t key_len, const void *p, + Curl_hash_elem_dtor dtor) { /* allocate the struct plus memory after it to store the key */ struct Curl_hash_element *he = malloc(sizeof(struct Curl_hash_element) + @@ -87,29 +98,23 @@ mk_hash_element(const void *key, size_t key_len, const void *p) memcpy(he->key, key, key_len); he->key_len = key_len; he->ptr = (void *) p; + he->dtor = dtor; } return he; } #define FETCH_LIST(x,y,z) &x->table[x->hash_func(y, z, x->slots)] -/* Insert the data in the hash. If there already was a match in the hash, that - * data is replaced. This function also "lazily" allocates the table if - * needed, as it isn't done in the _init function (anymore). - * - * @unittest: 1305 - * @unittest: 1602 - * @unittest: 1603 - */ -void * -Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) +void *Curl_hash_add2(struct Curl_hash *h, void *key, size_t key_len, void *p, + Curl_hash_elem_dtor dtor) { struct Curl_hash_element *he; - struct Curl_llist_element *le; + struct Curl_llist_node *le; struct Curl_llist *l; DEBUGASSERT(h); DEBUGASSERT(h->slots); + DEBUGASSERT(h->init == HASHINIT); if(!h->table) { size_t i; h->table = malloc(h->slots * sizeof(struct Curl_llist)); @@ -121,16 +126,16 @@ Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - he = (struct Curl_hash_element *) le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + he = (struct Curl_hash_element *) Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { - Curl_llist_remove(l, le, (void *)h); + Curl_node_uremove(le, (void *)h); --h->size; break; } } - he = mk_hash_element(key, key_len, p); + he = mk_hash_element(key, key_len, p, dtor); if(he) { Curl_llist_append(l, he, &he->list); ++h->size; @@ -140,6 +145,20 @@ Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) return NULL; /* failure */ } +/* Insert the data in the hash. If there already was a match in the hash, that + * data is replaced. This function also "lazily" allocates the table if + * needed, as it is not done in the _init function (anymore). + * + * @unittest: 1305 + * @unittest: 1602 + * @unittest: 1603 + */ +void * +Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) +{ + return Curl_hash_add2(h, key, key_len, p, NULL); +} + /* Remove the identified hash entry. * Returns non-zero on failure. * @@ -147,18 +166,17 @@ Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p) */ int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len) { - struct Curl_llist_element *le; - struct Curl_llist *l; - DEBUGASSERT(h); DEBUGASSERT(h->slots); + DEBUGASSERT(h->init == HASHINIT); if(h->table) { - l = FETCH_LIST(h, key, key_len); + struct Curl_llist_node *le; + struct Curl_llist *l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - struct Curl_hash_element *he = le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + struct Curl_hash_element *he = Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { - Curl_llist_remove(l, le, (void *) h); + Curl_node_uremove(le, (void *) h); --h->size; return 0; } @@ -174,15 +192,15 @@ int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len) void * Curl_hash_pick(struct Curl_hash *h, void *key, size_t key_len) { - struct Curl_llist_element *le; - struct Curl_llist *l; - DEBUGASSERT(h); + DEBUGASSERT(h->init == HASHINIT); if(h->table) { + struct Curl_llist_node *le; + struct Curl_llist *l; DEBUGASSERT(h->slots); l = FETCH_LIST(h, key, key_len); - for(le = l->head; le; le = le->next) { - struct Curl_hash_element *he = le->ptr; + for(le = Curl_llist_head(l); le; le = Curl_node_next(le)) { + struct Curl_hash_element *he = Curl_node_elem(le); if(h->comp_func(he->key, he->key_len, key, key_len)) { return he->ptr; } @@ -202,6 +220,7 @@ Curl_hash_pick(struct Curl_hash *h, void *key, size_t key_len) void Curl_hash_destroy(struct Curl_hash *h) { + DEBUGASSERT(h->init == HASHINIT); if(h->table) { size_t i; for(i = 0; i < h->slots; ++i) { @@ -223,28 +242,33 @@ Curl_hash_clean(struct Curl_hash *h) Curl_hash_clean_with_criterium(h, NULL, NULL); } +size_t Curl_hash_count(struct Curl_hash *h) +{ + DEBUGASSERT(h->init == HASHINIT); + return h->size; +} + /* Cleans all entries that pass the comp function criteria. */ void Curl_hash_clean_with_criterium(struct Curl_hash *h, void *user, int (*comp)(void *, void *)) { - struct Curl_llist_element *le; - struct Curl_llist_element *lnext; - struct Curl_llist *list; size_t i; if(!h || !h->table) return; + DEBUGASSERT(h->init == HASHINIT); for(i = 0; i < h->slots; ++i) { - list = &h->table[i]; - le = list->head; /* get first list entry */ + struct Curl_llist *list = &h->table[i]; + struct Curl_llist_node *le = + Curl_llist_head(list); /* get first list entry */ while(le) { - struct Curl_hash_element *he = le->ptr; - lnext = le->next; + struct Curl_hash_element *he = Curl_node_elem(le); + struct Curl_llist_node *lnext = Curl_node_next(le); /* ask the callback function if we shall remove this entry or not */ if(!comp || comp(user, he->ptr)) { - Curl_llist_remove(list, le, (void *) h); + Curl_node_uremove(le, (void *) h); --h->size; /* one less entry in the hash now */ } le = lnext; @@ -259,8 +283,9 @@ size_t Curl_hash_str(void *key, size_t key_length, size_t slots_num) size_t h = 5381; while(key_str < end) { + size_t j = (size_t)*key_str++; h += h << 5; - h ^= *key_str++; + h ^= j; } return (h % slots_num); @@ -278,29 +303,34 @@ size_t Curl_str_key_compare(void *k1, size_t key1_len, void Curl_hash_start_iterate(struct Curl_hash *hash, struct Curl_hash_iterator *iter) { + DEBUGASSERT(hash->init == HASHINIT); iter->hash = hash; iter->slot_index = 0; iter->current_element = NULL; +#ifdef DEBUGBUILD + iter->init = ITERINIT; +#endif } struct Curl_hash_element * Curl_hash_next_element(struct Curl_hash_iterator *iter) { - struct Curl_hash *h = iter->hash; - + struct Curl_hash *h; + DEBUGASSERT(iter->init == ITERINIT); + h = iter->hash; if(!h->table) return NULL; /* empty hash, nothing to return */ /* Get the next element in the current list, if any */ if(iter->current_element) - iter->current_element = iter->current_element->next; + iter->current_element = Curl_node_next(iter->current_element); /* If we have reached the end of the list, find the next one */ if(!iter->current_element) { size_t i; for(i = iter->slot_index; i < h->slots; i++) { - if(h->table[i].head) { - iter->current_element = h->table[i].head; + if(Curl_llist_head(&h->table[i])) { + iter->current_element = Curl_llist_head(&h->table[i]); iter->slot_index = i + 1; break; } @@ -308,7 +338,7 @@ Curl_hash_next_element(struct Curl_hash_iterator *iter) } if(iter->current_element) { - struct Curl_hash_element *he = iter->current_element->ptr; + struct Curl_hash_element *he = Curl_node_elem(iter->current_element); return he; } return NULL; diff --git a/vendor/hydra/vendor/curl/lib/hash.h b/vendor/hydra/vendor/curl/lib/hash.h index 2bdc2471..b1603950 100644 --- a/vendor/hydra/vendor/curl/lib/hash.h +++ b/vendor/hydra/vendor/curl/lib/hash.h @@ -56,19 +56,31 @@ struct Curl_hash { Curl_hash_dtor dtor; size_t slots; size_t size; +#ifdef DEBUGBUILD + int init; +#endif }; +typedef void (*Curl_hash_elem_dtor)(void *key, size_t key_len, void *p); + struct Curl_hash_element { - struct Curl_llist_element list; + struct Curl_llist_node list; void *ptr; + Curl_hash_elem_dtor dtor; size_t key_len; +#ifdef DEBUGBUILD + int init; +#endif char key[1]; /* allocated memory following the struct */ }; struct Curl_hash_iterator { struct Curl_hash *hash; size_t slot_index; - struct Curl_llist_element *current_element; + struct Curl_llist_node *current_element; +#ifdef DEBUGBUILD + int init; +#endif }; void Curl_hash_init(struct Curl_hash *h, @@ -78,10 +90,13 @@ void Curl_hash_init(struct Curl_hash *h, Curl_hash_dtor dtor); void *Curl_hash_add(struct Curl_hash *h, void *key, size_t key_len, void *p); +void *Curl_hash_add2(struct Curl_hash *h, void *key, size_t key_len, void *p, + Curl_hash_elem_dtor dtor); int Curl_hash_delete(struct Curl_hash *h, void *key, size_t key_len); void *Curl_hash_pick(struct Curl_hash *, void *key, size_t key_len); -#define Curl_hash_count(h) ((h)->size) + void Curl_hash_destroy(struct Curl_hash *h); +size_t Curl_hash_count(struct Curl_hash *h); void Curl_hash_clean(struct Curl_hash *h); void Curl_hash_clean_with_criterium(struct Curl_hash *h, void *user, int (*comp)(void *, void *)); diff --git a/vendor/hydra/vendor/curl/lib/headers.c b/vendor/hydra/vendor/curl/lib/headers.c index 9a5692e5..7c60c079 100644 --- a/vendor/hydra/vendor/curl/lib/headers.c +++ b/vendor/hydra/vendor/curl/lib/headers.c @@ -42,7 +42,7 @@ static void copy_header_external(struct Curl_header_store *hs, size_t index, size_t amount, - struct Curl_llist_element *e, + struct Curl_llist_node *e, struct curl_header *hout) { struct curl_header *h = hout; @@ -54,7 +54,7 @@ static void copy_header_external(struct Curl_header_store *hs, impossible for applications to do == comparisons, as that would otherwise be very tempting and then lead to the reserved bits not being reserved anymore. */ - h->origin = hs->type | (1<<27); + h->origin = (unsigned int)(hs->type | (1<<27)); h->anchor = e; } @@ -66,8 +66,8 @@ CURLHcode curl_easy_header(CURL *easy, int request, struct curl_header **hout) { - struct Curl_llist_element *e; - struct Curl_llist_element *e_pick = NULL; + struct Curl_llist_node *e; + struct Curl_llist_node *e_pick = NULL; struct Curl_easy *data = easy; size_t match = 0; size_t amount = 0; @@ -85,8 +85,8 @@ CURLHcode curl_easy_header(CURL *easy, request = data->state.requests; /* we need a first round to count amount of this header */ - for(e = data->state.httphdrs.head; e; e = e->next) { - hs = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + hs = Curl_node_elem(e); if(strcasecompare(hs->name, name) && (hs->type & type) && (hs->request == request)) { @@ -104,8 +104,8 @@ CURLHcode curl_easy_header(CURL *easy, /* if the last or only occurrence is what's asked for, then we know it */ hs = pick; else { - for(e = data->state.httphdrs.head; e; e = e->next) { - hs = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + hs = Curl_node_elem(e); if(strcasecompare(hs->name, name) && (hs->type & type) && (hs->request == request) && @@ -114,7 +114,7 @@ CURLHcode curl_easy_header(CURL *easy, break; } } - if(!e) /* this shouldn't happen */ + if(!e) /* this should not happen */ return CURLHE_MISSING; } /* this is the name we want */ @@ -131,8 +131,8 @@ struct curl_header *curl_easy_nextheader(CURL *easy, struct curl_header *prev) { struct Curl_easy *data = easy; - struct Curl_llist_element *pick; - struct Curl_llist_element *e; + struct Curl_llist_node *pick; + struct Curl_llist_node *e; struct Curl_header_store *hs; size_t amount = 0; size_t index = 0; @@ -147,18 +147,18 @@ struct curl_header *curl_easy_nextheader(CURL *easy, if(!pick) /* something is wrong */ return NULL; - pick = pick->next; + pick = Curl_node_next(pick); } else - pick = data->state.httphdrs.head; + pick = Curl_llist_head(&data->state.httphdrs); if(pick) { /* make sure it is the next header of the desired type */ do { - hs = pick->ptr; + hs = Curl_node_elem(pick); if((hs->type & type) && (hs->request == request)) break; - pick = pick->next; + pick = Curl_node_next(pick); } while(pick); } @@ -166,12 +166,12 @@ struct curl_header *curl_easy_nextheader(CURL *easy, /* no more headers available */ return NULL; - hs = pick->ptr; + hs = Curl_node_elem(pick); /* count number of occurrences of this name within the mask and figure out the index for the currently selected entry */ - for(e = data->state.httphdrs.head; e; e = e->next) { - struct Curl_header_store *check = e->ptr; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = Curl_node_next(e)) { + struct Curl_header_store *check = Curl_node_elem(e); if(strcasecompare(hs->name, check->name) && (check->request == request) && (check->type & type)) @@ -247,7 +247,7 @@ static CURLcode unfold_value(struct Curl_easy *data, const char *value, /* since this header block might move in the realloc below, it needs to first be unlinked from the list and then re-added again after the realloc */ - Curl_llist_remove(&data->state.httphdrs, &hs->node, NULL); + Curl_node_remove(&hs->node); /* new size = struct + new value length + old name+value length */ newhs = Curl_saferealloc(hs, sizeof(*hs) + vlen + oalloc + 1); @@ -302,7 +302,7 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, /* line folding, append value to the previous header's value */ return unfold_value(data, header, hlen); else { - /* Can't unfold without a previous header. Instead of erroring, just + /* cannot unfold without a previous header. Instead of erroring, just pass the leading blanks. */ while(hlen && ISBLANK(*header)) { header++; @@ -405,12 +405,12 @@ CURLcode Curl_headers_init(struct Curl_easy *data) */ CURLcode Curl_headers_cleanup(struct Curl_easy *data) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; - for(e = data->state.httphdrs.head; e; e = n) { - struct Curl_header_store *hs = e->ptr; - n = e->next; + for(e = Curl_llist_head(&data->state.httphdrs); e; e = n) { + struct Curl_header_store *hs = Curl_node_elem(e); + n = Curl_node_next(e); free(hs); } headers_reset(data); diff --git a/vendor/hydra/vendor/curl/lib/headers.h b/vendor/hydra/vendor/curl/lib/headers.h index d9813388..e11fe980 100644 --- a/vendor/hydra/vendor/curl/lib/headers.h +++ b/vendor/hydra/vendor/curl/lib/headers.h @@ -28,7 +28,7 @@ #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HEADERS_API) struct Curl_header_store { - struct Curl_llist_element node; + struct Curl_llist_node node; char *name; /* points into 'buffer' */ char *value; /* points into 'buffer */ int request; /* 0 is the first request, then 1.. 2.. */ diff --git a/vendor/hydra/vendor/curl/lib/hmac.c b/vendor/hydra/vendor/curl/lib/hmac.c index 4019b67f..90f37f0b 100644 --- a/vendor/hydra/vendor/curl/lib/hmac.c +++ b/vendor/hydra/vendor/curl/lib/hmac.c @@ -42,7 +42,7 @@ * Generic HMAC algorithm. * * This module computes HMAC digests based on any hash function. Parameters - * and computing procedures are set-up dynamically at HMAC computation context + * and computing procedures are setup dynamically at HMAC computation context * initialization. */ diff --git a/vendor/hydra/vendor/curl/lib/hostasyn.c b/vendor/hydra/vendor/curl/lib/hostasyn.c index 2f6762ca..4d6a8e85 100644 --- a/vendor/hydra/vendor/curl/lib/hostasyn.c +++ b/vendor/hydra/vendor/curl/lib/hostasyn.c @@ -79,7 +79,7 @@ CURLcode Curl_addrinfo_callback(struct Curl_easy *data, dns = Curl_cache_addr(data, ai, data->state.async.hostname, 0, - data->state.async.port); + data->state.async.port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); diff --git a/vendor/hydra/vendor/curl/lib/hostip.c b/vendor/hydra/vendor/curl/lib/hostip.c index 93c36e03..fc01dc3f 100644 --- a/vendor/hydra/vendor/curl/lib/hostip.c +++ b/vendor/hydra/vendor/curl/lib/hostip.c @@ -84,8 +84,8 @@ * source file are these: * * CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use - * that. The host may not be able to resolve IPv6, but we don't really have to - * take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 + * that. The host may not be able to resolve IPv6, but we do not really have to + * take that into account. Hosts that are not IPv6-enabled have CURLRES_IPV4 * defined. * * CURLRES_ARES - is defined if libcurl is built to use c-ares for @@ -115,7 +115,7 @@ * CURLRES_* defines based on the config*.h and curl_setup.h defines. */ -static void freednsentry(void *freethis); +static void hostcache_unlink_entry(void *entry); #ifndef CURL_DISABLE_VERBOSE_STRINGS static void show_resolve_info(struct Curl_easy *data, @@ -178,7 +178,7 @@ create_hostcache_id(const char *name, struct hostcache_prune_data { time_t now; time_t oldest; /* oldest time in cache not pruned. */ - int cache_timeout; + int max_age_sec; }; /* @@ -189,16 +189,16 @@ struct hostcache_prune_data { * cache. */ static int -hostcache_timestamp_remove(void *datap, void *hc) +hostcache_entry_is_stale(void *datap, void *hc) { struct hostcache_prune_data *prune = (struct hostcache_prune_data *) datap; - struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc; + struct Curl_dns_entry *dns = (struct Curl_dns_entry *) hc; - if(c->timestamp) { + if(dns->timestamp) { /* age in seconds */ - time_t age = prune->now - c->timestamp; - if(age >= prune->cache_timeout) + time_t age = prune->now - dns->timestamp; + if(age >= prune->max_age_sec) return TRUE; if(age > prune->oldest) prune->oldest = age; @@ -216,13 +216,13 @@ hostcache_prune(struct Curl_hash *hostcache, int cache_timeout, { struct hostcache_prune_data user; - user.cache_timeout = cache_timeout; + user.max_age_sec = cache_timeout; user.now = now; user.oldest = 0; Curl_hash_clean_with_criterium(hostcache, (void *) &user, - hostcache_timestamp_remove); + hostcache_entry_is_stale); return user.oldest; } @@ -238,7 +238,7 @@ void Curl_hostcache_prune(struct Curl_easy *data) int timeout = data->set.dns_cache_timeout; if(!data->dns.hostcache) - /* NULL hostcache means we can't do it */ + /* NULL hostcache means we cannot do it */ return; if(data->share) @@ -257,7 +257,8 @@ void Curl_hostcache_prune(struct Curl_easy *data) /* if the cache size is still too big, use the oldest age as new prune limit */ - } while(timeout && (data->dns.hostcache->size > MAX_DNS_CACHE_SIZE)); + } while(timeout && + (Curl_hash_count(data->dns.hostcache) > MAX_DNS_CACHE_SIZE)); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -283,14 +284,14 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, size_t entry_len = create_hostcache_id(hostname, 0, port, entry_id, sizeof(entry_id)); - /* See if it's already in our dns cache */ + /* See if it is already in our dns cache */ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); /* No entry found in cache, check if we might have a wildcard entry */ if(!dns && data->state.wildcard_resolve) { entry_len = create_hostcache_id("*", 1, port, entry_id, sizeof(entry_id)); - /* See if it's already in our dns cache */ + /* See if it is already in our dns cache */ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); } @@ -299,10 +300,10 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, struct hostcache_prune_data user; user.now = time(NULL); - user.cache_timeout = data->set.dns_cache_timeout; + user.max_age_sec = data->set.dns_cache_timeout; user.oldest = 0; - if(hostcache_timestamp_remove(&user, dns)) { + if(hostcache_entry_is_stale(&user, dns)) { infof(data, "Hostname in DNS cache was stale, zapped"); dns = NULL; /* the memory deallocation is being handled by the hash */ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); @@ -329,7 +330,7 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, } if(!found) { - infof(data, "Hostname in DNS cache doesn't have needed family, zapped"); + infof(data, "Hostname in DNS cache does not have needed family, zapped"); dns = NULL; /* the memory deallocation is being handled by the hash */ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); } @@ -348,8 +349,8 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data, * * Returns the Curl_dns_entry entry pointer or NULL if not in the cache. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after - * use, or we'll leak memory! + * The returned data *MUST* be "released" with Curl_resolv_unlink() after + * use, or we will leak memory! */ struct Curl_dns_entry * Curl_fetch_addr(struct Curl_easy *data, @@ -364,7 +365,7 @@ Curl_fetch_addr(struct Curl_easy *data, dns = fetch_addr(data, hostname, port); if(dns) - dns->inuse++; /* we use it! */ + dns->refcount++; /* we use it! */ if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -428,8 +429,8 @@ UNITTEST CURLcode Curl_shuffle_addr(struct Curl_easy *data, if(Curl_rand(data, (unsigned char *)rnd, rnd_size) == CURLE_OK) { struct Curl_addrinfo *swap_tmp; for(i = num_addrs - 1; i > 0; i--) { - swap_tmp = nodes[rnd[i] % (i + 1)]; - nodes[rnd[i] % (i + 1)] = nodes[i]; + swap_tmp = nodes[rnd[i] % (unsigned int)(i + 1)]; + nodes[rnd[i] % (unsigned int)(i + 1)] = nodes[i]; nodes[i] = swap_tmp; } @@ -468,7 +469,8 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, const char *hostname, size_t hostlen, /* length or zero */ - int port) + int port, + bool permanent) { char entry_id[MAX_HOSTCACHE_LEN]; size_t entry_len; @@ -496,11 +498,15 @@ Curl_cache_addr(struct Curl_easy *data, entry_len = create_hostcache_id(hostname, hostlen, port, entry_id, sizeof(entry_id)); - dns->inuse = 1; /* the cache has the first reference */ + dns->refcount = 1; /* the cache has the first reference */ dns->addr = addr; /* this is the address(es) */ - time(&dns->timestamp); - if(dns->timestamp == 0) - dns->timestamp = 1; /* zero indicates permanent CURLOPT_RESOLVE entry */ + if(permanent) + dns->timestamp = 0; /* an entry that never goes stale */ + else { + dns->timestamp = time(NULL); + if(dns->timestamp == 0) + dns->timestamp = 1; + } dns->hostport = port; if(hostlen) memcpy(dns->hostname, hostname, hostlen); @@ -514,7 +520,7 @@ Curl_cache_addr(struct Curl_easy *data, } dns = dns2; - dns->inuse++; /* mark entry as in-use */ + dns->refcount++; /* mark entry as in-use */ return dns; } @@ -536,8 +542,8 @@ static struct Curl_addrinfo *get_localhost6(int port, const char *name) sa6.sin6_port = htons(port16); sa6.sin6_flowinfo = 0; sa6.sin6_scope_id = 0; - if(Curl_inet_pton(AF_INET6, "::1", ipv6) < 1) - return NULL; + + (void)Curl_inet_pton(AF_INET6, "::1", ipv6); memcpy(&sa6.sin6_addr, ipv6, sizeof(ipv6)); ca->ai_flags = 0; @@ -602,7 +608,7 @@ static struct Curl_addrinfo *get_localhost(int port, const char *name) bool Curl_ipv6works(struct Curl_easy *data) { if(data) { - /* the nature of most system is that IPv6 status doesn't come and go + /* the nature of most system is that IPv6 status does not come and go during a program's lifetime so we only probe the first time and then we have the info kept for fast reuse */ DEBUGASSERT(data); @@ -618,7 +624,7 @@ bool Curl_ipv6works(struct Curl_easy *data) /* probe to see if we have a working IPv6 stack */ curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); if(s == CURL_SOCKET_BAD) - /* an IPv6 address was requested but we can't get/use one */ + /* an IPv6 address was requested but we cannot get/use one */ ipv6_works = 0; else { ipv6_works = 1; @@ -662,12 +668,12 @@ static bool tailmatch(const char *full, const char *part) /* * Curl_resolv() is the main name resolve function within libcurl. It resolves * a name and returns a pointer to the entry in the 'entry' argument (if one - * is provided). This function might return immediately if we're using asynch + * is provided). This function might return immediately if we are using asynch * resolves. See the return codes. * * The cache entry we return will get its 'inuse' counter increased when this - * function is used. You MUST call Curl_resolv_unlock() later (when you're - * done using this struct) to decrease the counter again. + * function is used. You MUST call Curl_resolv_unlink() later (when you are + * done using this struct) to decrease the reference counter again. * * Return codes: * @@ -708,7 +714,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(dns) { infof(data, "Hostname %s was found in DNS cache", hostname); - dns->inuse++; /* we use it! */ + dns->refcount++; /* we use it! */ rc = CURLRESOLV_RESOLVED; } @@ -813,7 +819,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(respwait) { /* the response to our resolve call will come asynchronously at a later time, good or bad */ - /* First, check that we haven't received the info by now */ + /* First, check that we have not received the info by now */ result = Curl_resolv_check(data, &dns); if(result) /* error detected */ return CURLRESOLV_ERROR; @@ -828,7 +834,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); /* we got a response, store it in the cache */ - dns = Curl_cache_addr(data, addr, hostname, 0, port); + dns = Curl_cache_addr(data, addr, hostname, 0, port, FALSE); if(data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -851,7 +857,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, #ifdef USE_ALARM_TIMEOUT /* * This signal handler jumps back into the main libcurl code and continues - * execution. This effectively causes the remainder of the application to run + * execution. This effectively causes the remainder of the application to run * within a signal handler which is nonportable and could lead to problems. */ CURL_NORETURN static @@ -864,12 +870,12 @@ void alarmfunc(int sig) /* * Curl_resolv_timeout() is the same as Curl_resolv() but specifies a - * timeout. This function might return immediately if we're using asynch + * timeout. This function might return immediately if we are using asynch * resolves. See the return codes. * * The cache entry we return will get its 'inuse' counter increased when this - * function is used. You MUST call Curl_resolv_unlock() later (when you're - * done using this struct) to decrease the counter again. + * function is used. You MUST call Curl_resolv_unlink() later (when you are + * done using this struct) to decrease the reference counter again. * * If built with a synchronous resolver and use of signals is not * disabled by the application, then a nonzero timeout will cause a @@ -934,7 +940,7 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, will generate a signal and we will siglongjmp() from that here. This technique has problems (see alarmfunc). This should be the last thing we do before calling Curl_resolv(), - as otherwise we'd have to worry about variables that get modified + as otherwise we would have to worry about variables that get modified before we invoke Curl_resolv() (and thus use "volatile"). */ curl_simple_lock_lock(&curl_jmpenv_lock); @@ -955,7 +961,7 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, keep_copysig = TRUE; /* yes, we have a copy */ sigact.sa_handler = alarmfunc; #ifdef SA_RESTART - /* HPUX doesn't have SA_RESTART but defaults to that behavior! */ + /* HP-UX does not have SA_RESTART but defaults to that behavior! */ sigact.sa_flags &= ~SA_RESTART; #endif /* now set the new struct */ @@ -1022,7 +1028,7 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, ((alarm_set >= 0x80000000) && (prev_alarm < 0x80000000)) ) { /* if the alarm time-left reached zero or turned "negative" (counted with unsigned values), we should fire off a SIGALRM here, but we - won't, and zero would be to switch it off so we never set it to + will not, and zero would be to switch it off so we never set it to less than 1! */ alarm(1); rc = CURLRESOLV_TIMEDOUT; @@ -1037,18 +1043,20 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, } /* - * Curl_resolv_unlock() unlocks the given cached DNS entry. When this has been - * made, the struct may be destroyed due to pruning. It is important that only - * one unlock is made for each Curl_resolv() call. + * Curl_resolv_unlink() releases a reference to the given cached DNS entry. + * When the reference count reaches 0, the entry is destroyed. It is important + * that only one unlink is made for each Curl_resolv() call. * * May be called with 'data' == NULL for global cache. */ -void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns) +void Curl_resolv_unlink(struct Curl_easy *data, struct Curl_dns_entry **pdns) { + struct Curl_dns_entry *dns = *pdns; + *pdns = NULL; if(data && data->share) Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); - freednsentry(dns); + hostcache_unlink_entry(dns); if(data && data->share) Curl_share_unlock(data, CURL_LOCK_DATA_DNS); @@ -1057,13 +1065,13 @@ void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns) /* * File-internal: release cache dns entry reference, free if inuse drops to 0 */ -static void freednsentry(void *freethis) +static void hostcache_unlink_entry(void *entry) { - struct Curl_dns_entry *dns = (struct Curl_dns_entry *) freethis; - DEBUGASSERT(dns && (dns->inuse>0)); + struct Curl_dns_entry *dns = (struct Curl_dns_entry *) entry; + DEBUGASSERT(dns && (dns->refcount>0)); - dns->inuse--; - if(dns->inuse == 0) { + dns->refcount--; + if(dns->refcount == 0) { Curl_freeaddrinfo(dns->addr); #ifdef USE_HTTPSRR if(dns->hinfo) { @@ -1092,7 +1100,7 @@ static void freednsentry(void *freethis) void Curl_init_dnscache(struct Curl_hash *hash, size_t size) { Curl_hash_init(hash, size, Curl_hash_str, Curl_str_key_compare, - freednsentry); + hostcache_unlink_entry); } /* @@ -1150,7 +1158,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) if(data->share) Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); - /* delete entry, ignore if it didn't exist */ + /* delete entry, ignore if it did not exist */ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1); if(data->share) @@ -1264,7 +1272,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) if(data->share) Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE); - /* See if it's already in our dns cache */ + /* See if it is already in our dns cache */ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); if(dns) { @@ -1285,13 +1293,11 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) } /* put this new host in the cache */ - dns = Curl_cache_addr(data, head, host_begin, hlen, port); + dns = Curl_cache_addr(data, head, host_begin, hlen, port, permanent); if(dns) { - if(permanent) - dns->timestamp = 0; /* mark as permanent */ /* release the returned reference; the cache itself will keep the * entry alive: */ - dns->inuse--; + dns->refcount--; } if(data->share) @@ -1362,7 +1368,7 @@ static void show_resolve_info(struct Curl_easy *data, if(!result) result = Curl_dyn_add(d, buf); if(result) { - infof(data, "too many IP, can't show"); + infof(data, "too many IP, cannot show"); goto fail; } } @@ -1443,8 +1449,7 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done) if(result) { Curl_detach_connection(data); - Curl_conncache_remove_conn(data, conn, TRUE); - Curl_disconnect(data, conn, TRUE); + Curl_cpool_disconnect(data, conn, TRUE); } return result; } diff --git a/vendor/hydra/vendor/curl/lib/hostip.h b/vendor/hydra/vendor/curl/lib/hostip.h index bf4e94d2..b1c5ecb2 100644 --- a/vendor/hydra/vendor/curl/lib/hostip.h +++ b/vendor/hydra/vendor/curl/lib/hostip.h @@ -80,7 +80,7 @@ struct Curl_https_rrinfo { char *alpns; /* keytag = 1 */ bool no_def_alpn; /* keytag = 2 */ /* - * we don't support ports (keytag = 3) as we don't support + * we do not support ports (keytag = 3) as we do not support * port-switching yet */ unsigned char *ipv4hints; /* keytag = 4 */ @@ -97,13 +97,13 @@ struct Curl_dns_entry { #ifdef USE_HTTPSRR struct Curl_https_rrinfo *hinfo; #endif - /* timestamp == 0 -- permanent CURLOPT_RESOLVE entry (doesn't time out) */ + /* timestamp == 0 -- permanent CURLOPT_RESOLVE entry (does not time out) */ time_t timestamp; - /* use-counter, use Curl_resolv_unlock to release reference */ - long inuse; + /* reference counter, entry is freed on reaching 0 */ + size_t refcount; /* hostname port number that resolved to addr. */ int hostport; - /* hostname that resolved to addr. may be NULL (unix domain sockets). */ + /* hostname that resolved to addr. may be NULL (Unix domain sockets). */ char hostname[1]; }; @@ -113,8 +113,8 @@ bool Curl_host_is_ipnum(const char *hostname); * Curl_resolv() returns an entry with the info for the specified host * and port. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after - * use, or we'll leak memory! + * The returned data *MUST* be "released" with Curl_resolv_unlink() after + * use, or we will leak memory! */ /* return codes */ enum resolve_t { @@ -161,9 +161,9 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, int *waitp); -/* unlock a previously resolved dns entry */ -void Curl_resolv_unlock(struct Curl_easy *data, - struct Curl_dns_entry *dns); +/* unlink a dns entry, potentially shared with a cache */ +void Curl_resolv_unlink(struct Curl_easy *data, + struct Curl_dns_entry **pdns); /* init a new dns cache */ void Curl_init_dnscache(struct Curl_hash *hash, size_t hashsize); @@ -199,8 +199,8 @@ void Curl_printable_address(const struct Curl_addrinfo *ip, * * Returns the Curl_dns_entry entry pointer or NULL if not in the cache. * - * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after - * use, or we'll leak memory! + * The returned data *MUST* be "released" with Curl_resolv_unlink() after + * use, or we will leak memory! */ struct Curl_dns_entry * Curl_fetch_addr(struct Curl_easy *data, @@ -209,12 +209,13 @@ Curl_fetch_addr(struct Curl_easy *data, /* * Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache. - * + * @param permanent iff TRUE, entry will never become stale * Returns the Curl_dns_entry entry pointer or NULL if the storage failed. */ struct Curl_dns_entry * Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr, - const char *hostname, size_t hostlen, int port); + const char *hostname, size_t hostlen, int port, + bool permanent); #ifndef INADDR_NONE #define CURL_INADDR_NONE (in_addr_t) ~0 diff --git a/vendor/hydra/vendor/curl/lib/hostip4.c b/vendor/hydra/vendor/curl/lib/hostip4.c index 9140180f..3bfea48d 100644 --- a/vendor/hydra/vendor/curl/lib/hostip4.c +++ b/vendor/hydra/vendor/curl/lib/hostip4.c @@ -62,7 +62,7 @@ bool Curl_ipvalid(struct Curl_easy *data, struct connectdata *conn) { (void)data; if(conn->ip_version == CURL_IPRESOLVE_V6) - /* An IPv6 address was requested and we can't get/use one */ + /* An IPv6 address was requested and we cannot get/use one */ return FALSE; return TRUE; /* OK, proceed */ @@ -82,7 +82,7 @@ bool Curl_ipvalid(struct Curl_easy *data, struct connectdata *conn) * detect which one this platform supports in the configure script and set up * the HAVE_GETHOSTBYNAME_R_3, HAVE_GETHOSTBYNAME_R_5 or * HAVE_GETHOSTBYNAME_R_6 defines accordingly. Note that HAVE_GETADDRBYNAME - * has the corresponding rules. This is primarily on *nix. Note that some unix + * has the corresponding rules. This is primarily on *nix. Note that some Unix * flavours have thread-safe versions of the plain gethostbyname() etc. * */ @@ -193,8 +193,8 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, * small. Previous versions are known to return ERANGE for the same * problem. * - * This wouldn't be such a big problem if older versions wouldn't - * sometimes return EAGAIN on a common failure case. Alas, we can't + * This would not be such a big problem if older versions would not + * sometimes return EAGAIN on a common failure case. Alas, we cannot * assume that EAGAIN *or* ERANGE means ERANGE for any given version of * glibc. * @@ -210,9 +210,9 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, * gethostbyname_r() in glibc: * * In glibc 2.2.5 the interface is different (this has also been - * discovered in glibc 2.1.1-6 as shipped by Redhat 6). What I can't + * discovered in glibc 2.1.1-6 as shipped by Redhat 6). What I cannot * explain, is that tests performed on glibc 2.2.4-34 and 2.2.4-32 - * (shipped/upgraded by Redhat 7.2) don't show this behavior! + * (shipped/upgraded by Redhat 7.2) do not show this behavior! * * In this "buggy" version, the return code is -1 on error and 'errno' * is set to the ERANGE or EAGAIN code. Note that 'errno' is not a @@ -221,9 +221,9 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, if(!h) /* failure */ #elif defined(HAVE_GETHOSTBYNAME_R_3) - /* AIX, Digital Unix/Tru64, HPUX 10, more? */ + /* AIX, Digital UNIX/Tru64, HP-UX 10, more? */ - /* For AIX 4.3 or later, we don't use gethostbyname_r() at all, because of + /* For AIX 4.3 or later, we do not use gethostbyname_r() at all, because of * the plain fact that it does not return unique full buffers on each * call, but instead several of the pointers in the hostent structs will * point to the same actual data! This have the unfortunate down-side that @@ -237,7 +237,7 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, * * Troels Walsted Hansen helped us work this out on March 3rd, 2003. * - * [*] = much later we've found out that it isn't at all "completely + * [*] = much later we have found out that it is not at all "completely * thread-safe", but at least the gethostbyname() function is. */ @@ -253,7 +253,7 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, (struct hostent *)buf, (struct hostent_data *)((char *)buf + sizeof(struct hostent))); - h_errnop = SOCKERRNO; /* we don't deal with this, but set it anyway */ + h_errnop = SOCKERRNO; /* we do not deal with this, but set it anyway */ } else res = -1; /* failure, too smallish buffer size */ @@ -263,8 +263,8 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, h = buf; /* result expected in h */ /* This is the worst kind of the different gethostbyname_r() interfaces. - * Since we don't know how big buffer this particular lookup required, - * we can't realloc down the huge alloc without doing closer analysis of + * Since we do not know how big buffer this particular lookup required, + * we cannot realloc down the huge alloc without doing closer analysis of * the returned data. Thus, we always use CURL_HOSTENT_SIZE for every * name lookup. Fixing this would require an extra malloc() and then * calling Curl_addrinfo_copy() that subsequent realloc()s down the new @@ -280,7 +280,7 @@ struct Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, #else /* (HAVE_GETADDRINFO && HAVE_GETADDRINFO_THREADSAFE) || HAVE_GETHOSTBYNAME_R */ /* - * Here is code for platforms that don't have a thread safe + * Here is code for platforms that do not have a thread safe * getaddrinfo() nor gethostbyname_r() function or for which * gethostbyname() is the preferred one. */ diff --git a/vendor/hydra/vendor/curl/lib/hostip6.c b/vendor/hydra/vendor/curl/lib/hostip6.c index 18969a7a..c16ddfe5 100644 --- a/vendor/hydra/vendor/curl/lib/hostip6.c +++ b/vendor/hydra/vendor/curl/lib/hostip6.c @@ -124,7 +124,7 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, #ifndef USE_RESOLVE_ON_IPS /* * The AI_NUMERICHOST must not be set to get synthesized IPv6 address from - * an IPv4 address on iOS and Mac OS X. + * an IPv4 address on iOS and macOS. */ if((1 == Curl_inet_pton(AF_INET, hostname, addrbuf)) || (1 == Curl_inet_pton(AF_INET6, hostname, addrbuf))) { diff --git a/vendor/hydra/vendor/curl/lib/hsts.c b/vendor/hydra/vendor/curl/lib/hsts.c index a5e76761..a5c216f6 100644 --- a/vendor/hydra/vendor/curl/lib/hsts.c +++ b/vendor/hydra/vendor/curl/lib/hsts.c @@ -54,7 +54,7 @@ #define MAX_HSTS_DATELENSTR "64" #define UNLIMITED "unlimited" -#ifdef DEBUGBUILD +#if defined(DEBUGBUILD) || defined(UNITTESTS) /* to play well with debug builds, we can *set* a fixed time this will return */ time_t deltatime; /* allow for "adjustments" for unit test purposes */ @@ -94,11 +94,11 @@ void Curl_hsts_cleanup(struct hsts **hp) { struct hsts *h = *hp; if(h) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + struct Curl_llist_node *e; + struct Curl_llist_node *n; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + n = Curl_node_next(e); hsts_free(sts); } free(h->filename); @@ -215,7 +215,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, /* remove the entry if present verbatim (without subdomain match) */ sts = Curl_hsts(h, hostname, FALSE); if(sts) { - Curl_llist_remove(&h->list, &sts->node, NULL); + Curl_node_remove(&sts->node); hsts_free(sts); } return CURLE_OK; @@ -241,7 +241,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, } /* - * Return TRUE if the given host name is currently an HSTS one. + * Return TRUE if the given hostname is currently an HSTS one. * * The 'subdomain' argument tells the function if subdomain matching should be * attempted. @@ -253,8 +253,8 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, char buffer[MAX_HSTS_HOSTLEN + 1]; time_t now = time(NULL); size_t hlen = strlen(hostname); - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; if((hlen > MAX_HSTS_HOSTLEN) || !hlen) return NULL; @@ -265,12 +265,12 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, buffer[hlen] = 0; hostname = buffer; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + n = Curl_node_next(e); if(sts->expires <= now) { /* remove expired entries */ - Curl_llist_remove(&h->list, &sts->node, NULL); + Curl_node_remove(&sts->node); hsts_free(sts); continue; } @@ -353,8 +353,8 @@ static CURLcode hsts_out(struct stsentry *sts, FILE *fp) CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, const char *file) { - struct Curl_llist_element *e; - struct Curl_llist_element *n; + struct Curl_llist_node *e; + struct Curl_llist_node *n; CURLcode result = CURLE_OK; FILE *out; char *tempstore = NULL; @@ -368,7 +368,7 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, file = h->filename; if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0]) - /* marked as read-only, no file or zero length file name */ + /* marked as read-only, no file or zero length filename */ goto skipsave; result = Curl_fopen(data, file, &out, &tempstore); @@ -376,9 +376,9 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; - n = e->next; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); + n = Curl_node_next(e); result = hsts_out(sts, out); if(result) break; @@ -393,14 +393,14 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, free(tempstore); skipsave: if(data->set.hsts_write) { - /* if there's a write callback */ + /* if there is a write callback */ struct curl_index i; /* count */ - i.total = h->list.size; + i.total = Curl_llist_count(&h->list); i.index = 0; - for(e = h->list.head; e; e = n) { - struct stsentry *sts = e->ptr; + for(e = Curl_llist_head(&h->list); e; e = n) { + struct stsentry *sts = Curl_node_elem(e); bool stop; - n = e->next; + n = Curl_node_next(e); result = hsts_push(data, &i, sts, &stop); if(result || stop) break; @@ -440,7 +440,7 @@ static CURLcode hsts_add(struct hsts *h, char *line) if(!e) result = hsts_create(h, p, subdomain, expires); else { - /* the same host name, use the largest expire time */ + /* the same hostname, use the largest expire time */ if(expires > e->expires) e->expires = expires; } @@ -508,7 +508,7 @@ static CURLcode hsts_load(struct hsts *h, const char *file) CURLcode result = CURLE_OK; FILE *fp; - /* we need a private copy of the file name so that the hsts cache file + /* we need a private copy of the filename so that the hsts cache file name survives an easy handle reset */ free(h->filename); h->filename = strdup(file); diff --git a/vendor/hydra/vendor/curl/lib/hsts.h b/vendor/hydra/vendor/curl/lib/hsts.h index d3431a5d..1c544f97 100644 --- a/vendor/hydra/vendor/curl/lib/hsts.h +++ b/vendor/hydra/vendor/curl/lib/hsts.h @@ -29,18 +29,18 @@ #include #include "llist.h" -#ifdef DEBUGBUILD +#if defined(DEBUGBUILD) || defined(UNITTESTS) extern time_t deltatime; #endif struct stsentry { - struct Curl_llist_element node; + struct Curl_llist_node node; const char *host; bool includeSubDomains; curl_off_t expires; /* the timestamp of this entry's expiry */ }; -/* The HSTS cache. Needs to be able to tailmatch host names. */ +/* The HSTS cache. Needs to be able to tailmatch hostnames. */ struct hsts { struct Curl_llist list; char *filename; diff --git a/vendor/hydra/vendor/curl/lib/http.c b/vendor/hydra/vendor/curl/lib/http.c index 2a41f807..f00c803a 100644 --- a/vendor/hydra/vendor/curl/lib/http.c +++ b/vendor/hydra/vendor/curl/lib/http.c @@ -169,14 +169,6 @@ CURLcode Curl_http_setup_conn(struct Curl_easy *data, { /* allocate the HTTP-specific struct for the Curl_easy, only to survive during this request */ - struct HTTP *http; - DEBUGASSERT(data->req.p.http == NULL); - - http = calloc(1, sizeof(struct HTTP)); - if(!http) - return CURLE_OUT_OF_MEMORY; - - data->req.p.http = http; connkeep(conn, "HTTP default"); if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) { @@ -418,9 +410,9 @@ static CURLcode http_perhapsrewind(struct Curl_easy *data, curl_off_t upload_remain = (expectsend >= 0)? (expectsend - bytessent) : -1; bool little_upload_remains = (upload_remain >= 0 && upload_remain < 2000); bool needs_rewind = Curl_creader_needs_rewind(data); - /* By default, we'd like to abort the transfer when little or - * unknown amount remains. But this may be overridden by authentications - * further below! */ + /* By default, we would like to abort the transfer when little or unknown + * amount remains. This may be overridden by authentications further + * below! */ bool abort_upload = (!data->req.upload_done && !little_upload_remains); const char *ongoing_auth = NULL; @@ -470,20 +462,19 @@ static CURLcode http_perhapsrewind(struct Curl_easy *data, if(abort_upload) { if(upload_remain >= 0) - infof(data, "%s%sclose instead of sending %" - CURL_FORMAT_CURL_OFF_T " more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : "", - upload_remain); + infof(data, "%s%sclose instead of sending %" FMT_OFF_T " more bytes", + ongoing_auth? ongoing_auth : "", + ongoing_auth? " send, " : "", + upload_remain); else infof(data, "%s%sclose instead of sending unknown amount " - "of more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : ""); + "of more bytes", + ongoing_auth? ongoing_auth : "", + ongoing_auth? " send, " : ""); /* We decided to abort the ongoing transfer */ streamclose(conn, "Mid-auth HTTP and much data left to send"); /* FIXME: questionable manipulation here, can we do this differently? */ - data->req.size = 0; /* don't download any more than 0 bytes */ + data->req.size = 0; /* do not download any more than 0 bytes */ } return CURLE_OK; } @@ -556,7 +547,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) /* no (known) authentication available, authentication is not "done" yet and no authentication seems to be required and - we didn't try HEAD or GET */ + we did not try HEAD or GET */ if((data->state.httpreq != HTTPREQ_GET) && (data->state.httpreq != HTTPREQ_HEAD)) { data->req.newurl = strdup(data->state.url); /* clone URL */ @@ -746,13 +737,13 @@ Curl_http_output_auth(struct Curl_easy *data, if(authhost->want && !authhost->picked) /* The app has selected one or more methods, but none has been picked so far by a server round-trip. Then we set the picked one to the - want one, and if this is one single bit it'll be used instantly. */ + want one, and if this is one single bit it will be used instantly. */ authhost->picked = authhost->want; if(authproxy->want && !authproxy->picked) /* The app has selected one or more methods, but none has been picked so far by a proxy round-trip. Then we set the picked one to the want one, - and if this is one single bit it'll be used instantly. */ + and if this is one single bit it will be used instantly. */ authproxy->picked = authproxy->want; #ifndef CURL_DISABLE_PROXY @@ -767,7 +758,7 @@ Curl_http_output_auth(struct Curl_easy *data, #else (void)proxytunnel; #endif /* CURL_DISABLE_PROXY */ - /* we have no proxy so let's pretend we're done authenticating + /* we have no proxy so let's pretend we are done authenticating with it */ authproxy->done = TRUE; @@ -941,7 +932,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_DIGEST; /* We call this function on input Digest headers even if Digest - * authentication isn't activated yet, as we need to store the + * authentication is not activated yet, as we need to store the * incoming data from this header in case we are going to use * Digest */ result = Curl_input_digest(data, proxy, auth); @@ -960,7 +951,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_BASIC; if(authp->picked == CURLAUTH_BASIC) { /* We asked for Basic authentication but got a 40X back - anyway, which basically means our name+password isn't + anyway, which basically means our name+password is not valid. */ authp->avail = CURLAUTH_NONE; infof(data, "Authentication problem. Ignoring this."); @@ -976,7 +967,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_BEARER; if(authp->picked == CURLAUTH_BEARER) { /* We asked for Bearer authentication but got a 40X back - anyway, which basically means our token isn't valid. */ + anyway, which basically means our token is not valid. */ authp->avail = CURLAUTH_NONE; infof(data, "Authentication problem. Ignoring this."); data->state.authproblem = TRUE; @@ -996,7 +987,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, /* there may be multiple methods on one line, so keep reading */ while(*auth && *auth != ',') /* read up to the next comma */ auth++; - if(*auth == ',') /* if we're on a comma, skip it */ + if(*auth == ',') /* if we are on a comma, skip it */ auth++; while(*auth && ISSPACE(*auth)) auth++; @@ -1019,8 +1010,8 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) DEBUGASSERT(data->conn); /* - ** If we haven't been asked to fail on error, - ** don't fail. + ** If we have not been asked to fail on error, + ** do not fail. */ if(!data->set.http_fail_on_error) return FALSE; @@ -1040,7 +1031,7 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) return FALSE; /* - ** Any code >= 400 that's not 401 or 407 is always + ** Any code >= 400 that is not 401 or 407 is always ** a terminal error */ if((httpcode != 401) && (httpcode != 407)) @@ -1052,22 +1043,19 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) DEBUGASSERT((httpcode == 401) || (httpcode == 407)); /* - ** Examine the current authentication state to see if this - ** is an error. The idea is for this function to get - ** called after processing all the headers in a response - ** message. So, if we've been to asked to authenticate a - ** particular stage, and we've done it, we're OK. But, if - ** we're already completely authenticated, it's not OK to - ** get another 401 or 407. + ** Examine the current authentication state to see if this is an error. The + ** idea is for this function to get called after processing all the headers + ** in a response message. So, if we have been to asked to authenticate a + ** particular stage, and we have done it, we are OK. If we are already + ** completely authenticated, it is not OK to get another 401 or 407. ** - ** It is possible for authentication to go stale such that - ** the client needs to reauthenticate. Once that info is - ** available, use it here. + ** It is possible for authentication to go stale such that the client needs + ** to reauthenticate. Once that info is available, use it here. */ /* - ** Either we're not authenticating, or we're supposed to - ** be authenticating something else. This is an error. + ** Either we are not authenticating, or we are supposed to be authenticating + ** something else. This is an error. */ if((httpcode == 401) && !data->state.aptr.user) return TRUE; @@ -1106,7 +1094,7 @@ Curl_compareheader(const char *headerline, /* line to check */ DEBUGASSERT(content); if(!strncasecompare(headerline, header, hlen)) - return FALSE; /* doesn't start with header */ + return FALSE; /* does not start with header */ /* pass the header */ start = &headerline[hlen]; @@ -1118,11 +1106,11 @@ Curl_compareheader(const char *headerline, /* line to check */ /* find the end of the header line */ end = strchr(start, '\r'); /* lines end with CRLF */ if(!end) { - /* in case there's a non-standard compliant line here */ + /* in case there is a non-standard compliant line here */ end = strchr(start, '\n'); if(!end) - /* hm, there's no line ending here, use the zero byte! */ + /* hm, there is no line ending here, use the zero byte! */ end = strchr(start, '\0'); } @@ -1153,7 +1141,7 @@ CURLcode Curl_http_connect(struct Curl_easy *data, bool *done) } /* this returns the socket to wait for in the DO and DOING state for the multi - interface and then we're always _sending_ a request and thus we wait for + interface and then we are always _sending_ a request and thus we wait for the single socket to become writable only */ int Curl_http_getsock_do(struct Curl_easy *data, struct connectdata *conn, @@ -1174,16 +1162,12 @@ CURLcode Curl_http_done(struct Curl_easy *data, CURLcode status, bool premature) { struct connectdata *conn = data->conn; - struct HTTP *http = data->req.p.http; - /* Clear multipass flag. If authentication isn't done yet, then it will get + /* Clear multipass flag. If authentication is not done yet, then it will get * a chance to be set back to true when we output the next auth header */ data->state.authhost.multipass = FALSE; data->state.authproxy.multipass = FALSE; - if(!http) - return CURLE_OK; - Curl_dyn_reset(&data->state.headerb); Curl_hyper_done(data); @@ -1197,8 +1181,8 @@ CURLcode Curl_http_done(struct Curl_easy *data, (data->req.bytecount + data->req.headerbytecount - data->req.deductheadercount) <= 0) { - /* If this connection isn't simply closed to be retried, AND nothing was - read from the HTTP server (that counts), this can't be right so we + /* If this connection is not simply closed to be retried, AND nothing was + read from the HTTP server (that counts), this cannot be right so we return an error here */ failf(data, "Empty reply from server"); /* Mark it as closed to avoid the "left intact" message */ @@ -1357,7 +1341,7 @@ CURLcode Curl_dynhds_add_custom(struct Curl_easy *data, DEBUGASSERT(name && value); if(data->state.aptr.host && - /* a Host: header was sent already, don't pass on any custom Host: + /* a Host: header was sent already, do not pass on any custom Host: header as that will produce *two* in the same request! */ hd_name_eq(name, namelen, STRCONST("Host:"))) ; @@ -1370,18 +1354,18 @@ CURLcode Curl_dynhds_add_custom(struct Curl_easy *data, hd_name_eq(name, namelen, STRCONST("Content-Type:"))) ; else if(data->req.authneg && - /* while doing auth neg, don't allow the custom length since + /* while doing auth neg, do not allow the custom length since we will force length zero then */ hd_name_eq(name, namelen, STRCONST("Content-Length:"))) ; else if(data->state.aptr.te && - /* when asking for Transfer-Encoding, don't pass on a custom + /* when asking for Transfer-Encoding, do not pass on a custom Connection: */ hd_name_eq(name, namelen, STRCONST("Connection:"))) ; else if((conn->httpversion >= 20) && hd_name_eq(name, namelen, STRCONST("Transfer-Encoding:"))) - /* HTTP/2 doesn't support chunked requests */ + /* HTTP/2 does not support chunked requests */ ; else if((hd_name_eq(name, namelen, STRCONST("Authorization:")) || hd_name_eq(name, namelen, STRCONST("Cookie:"))) && @@ -1503,8 +1487,9 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, char *compare = semicolonp ? semicolonp : headers->data; if(data->state.aptr.host && - /* a Host: header was sent already, don't pass on any custom Host: - header as that will produce *two* in the same request! */ + /* a Host: header was sent already, do not pass on any custom + Host: header as that will produce *two* in the same + request! */ checkprefix("Host:", compare)) ; else if(data->state.httpreq == HTTPREQ_POST_FORM && @@ -1516,18 +1501,18 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, checkprefix("Content-Type:", compare)) ; else if(data->req.authneg && - /* while doing auth neg, don't allow the custom length since + /* while doing auth neg, do not allow the custom length since we will force length zero then */ checkprefix("Content-Length:", compare)) ; else if(data->state.aptr.te && - /* when asking for Transfer-Encoding, don't pass on a custom + /* when asking for Transfer-Encoding, do not pass on a custom Connection: */ checkprefix("Connection:", compare)) ; else if((conn->httpversion >= 20) && checkprefix("Transfer-Encoding:", compare)) - /* HTTP/2 doesn't support chunked requests */ + /* HTTP/2 does not support chunked requests */ ; else if((checkprefix("Authorization:", compare) || checkprefix("Cookie:", compare)) && @@ -1719,10 +1704,10 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) if(ptr && (!data->state.this_is_a_follow || strcasecompare(data->state.first_host, conn->host.name))) { #if !defined(CURL_DISABLE_COOKIES) - /* If we have a given custom Host: header, we extract the host name in + /* If we have a given custom Host: header, we extract the hostname in order to possibly use it for cookie reasons later on. We only allow the custom Host: header if this is NOT a redirect, as setting Host: in the - redirected request is being out on thin ice. Except if the host name + redirected request is being out on thin ice. Except if the hostname is the same as the first one! */ char *cookiehost = Curl_copy_header_value(ptr); if(!cookiehost) @@ -1760,15 +1745,15 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) } } else { - /* When building Host: headers, we must put the host name within - [brackets] if the host name is a plain IPv6-address. RFC2732-style. */ + /* When building Host: headers, we must put the hostname within + [brackets] if the hostname is a plain IPv6-address. RFC2732-style. */ const char *host = conn->host.name; if(((conn->given->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS)) && (conn->remote_port == PORT_HTTPS)) || ((conn->given->protocol&(CURLPROTO_HTTP|CURLPROTO_WS)) && (conn->remote_port == PORT_HTTP)) ) - /* if(HTTPS on port 443) OR (HTTP on port 80) then don't include + /* if(HTTPS on port 443) OR (HTTP on port 80) then do not include the port number in the host string */ aptr->host = aprintf("Host: %s%s%s\r\n", conn->bits.ipv6_ip?"[":"", host, conn->bits.ipv6_ip?"]":""); @@ -1778,7 +1763,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) conn->remote_port); if(!aptr->host) - /* without Host: we can't make a nice request */ + /* without Host: we cannot make a nice request */ return CURLE_OUT_OF_MEMORY; } return CURLE_OK; @@ -1806,7 +1791,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, /* The path sent to the proxy is in fact the entire URL. But if the remote host is a IDN-name, we must make sure that the request we produce only - uses the encoded host name! */ + uses the encoded hostname! */ /* and no fragment part */ CURLUcode uc; @@ -1829,7 +1814,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, } if(strcasecompare("http", data->state.up.scheme)) { - /* when getting HTTP, we don't want the userinfo the URL */ + /* when getting HTTP, we do not want the userinfo the URL */ uc = curl_url_set(h, CURLUPART_USER, NULL, 0); if(uc) { curl_url_cleanup(h); @@ -1850,7 +1835,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, curl_url_cleanup(h); - /* target or url */ + /* target or URL */ result = Curl_dyn_add(r, data->set.str[STRING_TARGET]? data->set.str[STRING_TARGET]:url); free(url); @@ -2053,7 +2038,7 @@ static CURLcode http_resume(struct Curl_easy *data, Curl_HttpReq httpreq) if(data->state.resume_from < 0) { /* * This is meant to get the size of the present remote-file by itself. - * We don't support this now. Bail out! + * We do not support this now. Bail out! */ data->state.resume_from = 0; } @@ -2063,7 +2048,7 @@ static CURLcode http_resume(struct Curl_easy *data, Curl_HttpReq httpreq) CURLcode result; result = Curl_creader_resume_from(data, data->state.resume_from); if(result) { - failf(data, "Unable to resume from offset %" CURL_FORMAT_CURL_OFF_T, + failf(data, "Unable to resume from offset %" FMT_OFF_T, data->state.resume_from); return result; } @@ -2138,7 +2123,7 @@ static CURLcode addexpect(struct Curl_easy *data, struct dynbuf *r, if(data->req.upgr101 != UPGR101_INIT) return CURLE_OK; - /* For really small puts we don't use Expect: headers at all, and for + /* For really small puts we do not use Expect: headers at all, and for the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ @@ -2190,7 +2175,7 @@ CURLcode Curl_http_req_complete(struct Curl_easy *data, case HTTPREQ_POST_MIME: #endif /* We only set Content-Length and allow a custom Content-Length if - we don't upload data chunked, as RFC2616 forbids us to set both + we do not upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length). We do not override a custom "Content-Length" header, but during authentication negotiation that header is suppressed. @@ -2199,10 +2184,9 @@ CURLcode Curl_http_req_complete(struct Curl_easy *data, (data->req.authneg || !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, - although it isn't very wise to actually set your own */ - result = Curl_dyn_addf(r, - "Content-Length: %" CURL_FORMAT_CURL_OFF_T - "\r\n", req_clen); + although it is not very wise to actually set your own */ + result = Curl_dyn_addf(r, "Content-Length: %" FMT_OFF_T "\r\n", + req_clen); } if(result) goto out; @@ -2247,7 +2231,7 @@ CURLcode Curl_http_req_complete(struct Curl_easy *data, out: if(!result) { /* setup variables for the upcoming transfer */ - Curl_xfer_setup(data, FIRSTSOCKET, -1, TRUE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SENDRECV, -1, TRUE); } return result; } @@ -2335,7 +2319,7 @@ CURLcode Curl_http_range(struct Curl_easy *data, { if(data->state.use_range) { /* - * A range is selected. We use different headers whether we're downloading + * A range is selected. We use different headers whether we are downloading * or uploading and we always let customized headers override our internal * ones if any such are specified. */ @@ -2353,12 +2337,11 @@ CURLcode Curl_http_range(struct Curl_easy *data, free(data->state.aptr.rangeline); if(data->set.set_resume_from < 0) { - /* Upload resume was asked for, but we don't know the size of the + /* Upload resume was asked for, but we do not know the size of the remote part so we tell the server (and act accordingly) that we upload the whole file (again) */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes 0-%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", req_clen - 1, req_clen); } @@ -2371,15 +2354,14 @@ CURLcode Curl_http_range(struct Curl_easy *data, data->state.infilesize : (data->state.resume_from + req_clen); data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes %s%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", data->state.range, total_len-1, total_len); } else { /* Range was selected and then we just pass the incoming range and append total size */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n", + aprintf("Content-Range: bytes %s/%" FMT_OFF_T "\r\n", data->state.range, req_clen); } if(!data->state.aptr.rangeline) @@ -2397,12 +2379,12 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) if(data->req.newurl) { if(conn->bits.close) { /* Abort after the headers if "follow Location" is set - and we're set to close anyway. */ + and we are set to close anyway. */ k->keepon &= ~KEEP_RECV; k->done = TRUE; return CURLE_OK; } - /* We have a new url to load, but since we want to be able to reuse this + /* We have a new URL to load, but since we want to be able to reuse this connection properly, we read the full response in "ignore more" */ k->ignorebody = TRUE; infof(data, "Ignoring the response-body"); @@ -2413,7 +2395,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) if(k->size == data->state.resume_from) { /* The resume point is at the end of file, consider this fine even if it - doesn't allow resume from here. */ + does not allow resume from here. */ infof(data, "The entire document is already downloaded"); streamclose(conn, "already downloaded"); /* Abort download */ @@ -2422,10 +2404,10 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) return CURLE_OK; } - /* we wanted to resume a download, although the server doesn't seem to - * support this and we did this with a GET (if it wasn't a GET we did a + /* we wanted to resume a download, although the server does not seem to + * support this and we did this with a GET (if it was not a GET we did a * POST or PUT resume) */ - failf(data, "HTTP server doesn't seem to support " + failf(data, "HTTP server does not seem to support " "byte ranges. Cannot resume."); return CURLE_RANGE_ERROR; } @@ -2437,7 +2419,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) if(!Curl_meets_timecondition(data, k->timeofdoc)) { k->done = TRUE; - /* We're simulating an HTTP 304 from server so we return + /* We are simulating an HTTP 304 from server so we return what should have been returned from the server */ data->info.httpcode = 304; infof(data, "Simulate an HTTP 304 response"); @@ -2459,7 +2441,7 @@ CURLcode Curl_transferencode(struct Curl_easy *data) /* When we are to insert a TE: header in the request, we must also insert TE in a Connection: header, so we need to merge the custom provided Connection: header and prevent the original to get sent. Note that if - the user has inserted his/her own TE: header we don't do this magic + the user has inserted his/her own TE: header we do not do this magic but then assume that the user will handle it all! */ char *cptr = Curl_checkheaders(data, STRCONST("Connection")); #define TE_HEADER "TE: gzip\r\n" @@ -2705,7 +2687,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(!(conn->handler->flags&PROTOPT_SSL) && conn->httpversion < 20 && (data->state.httpwant == CURL_HTTP_VERSION_2)) { - /* append HTTP2 upgrade magic stuff to the HTTP request if it isn't done + /* append HTTP2 upgrade magic stuff to the HTTP request if it is not done over SSL */ result = Curl_http2_request_upgrade(&req, data); if(result) { @@ -2849,7 +2831,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, #ifndef CURL_DISABLE_ALTSVC v = (data->asi && ((data->conn->handler->flags & PROTOPT_SSL) || -#ifdef CURLDEBUG +#ifdef DEBUGBUILD /* allow debug builds to circumvent the HTTPS restriction */ getenv("CURL_ALTSVC_HTTP") #else @@ -2901,7 +2883,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, * Process Content-Encoding. Look for the values: identity, * gzip, deflate, compress, x-gzip and x-compress. x-gzip and * x-compress are the same as gzip and compress. (Sec 3.5 RFC - * 2616). zlib cannot handle compress. However, errors are + * 2616). zlib cannot handle compress. However, errors are * handled further down when the response body is processed */ return Curl_build_unencoding_stack(data, v, FALSE); @@ -2936,7 +2918,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, /* * An HTTP/1.0 reply with the 'Connection: keep-alive' line * tells us the connection will be kept alive for our - * pleasure. Default action for 1.0 is to close. + * pleasure. Default action for 1.0 is to close. * * [RFC2068, section 19.7.1] */ connkeep(conn, "Connection keep-alive"); @@ -3029,13 +3011,13 @@ CURLcode Curl_http_header(struct Curl_easy *data, * connection will be kept alive for our pleasure. * Default action for 1.0 is to close. */ - connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */ + connkeep(conn, "Proxy-Connection keep-alive"); /* do not close */ infof(data, "HTTP/1.0 proxy connection set to keep alive"); } else if((conn->httpversion == 11) && conn->bits.httpproxy && HD_IS_AND_SAYS(hd, hdlen, "Proxy-Connection:", "close")) { /* - * We get an HTTP/1.1 response from a proxy and it says it'll + * We get an HTTP/1.1 response from a proxy and it says it will * close down after this transfer. */ connclose(conn, "Proxy-Connection: asked to close after done"); @@ -3095,7 +3077,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, HD_VAL(hd, hdlen, "Set-Cookie:") : NULL; if(v) { /* If there is a custom-set Host: name, use it here, or else use - * real peer host name. */ + * real peer hostname. */ const char *host = data->state.aptr.cookiehost? data->state.aptr.cookiehost:conn->host.name; const bool secure_context = @@ -3116,7 +3098,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, /* If enabled, the header is incoming and this is over HTTPS */ v = (data->hsts && ((conn->handler->flags & PROTOPT_SSL) || -#ifdef CURLDEBUG +#ifdef DEBUGBUILD /* allow debug builds to circumvent the HTTPS restriction */ getenv("CURL_HSTS_HTTP") #else @@ -3132,7 +3114,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, #ifdef DEBUGBUILD else infof(data, "Parsed STS header fine (%zu entries)", - data->hsts->list.size); + Curl_llist_count(&data->hsts->list)); #endif } #endif @@ -3160,7 +3142,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, if(result) return result; if(!k->chunk && data->set.http_transfer_encoding) { - /* if this isn't chunked, only close can signal the end of this + /* if this is not chunked, only close can signal the end of this * transfer as Content-Length is said not to be trusted for * transfer-encoding! */ connclose(conn, "HTTP/1.1 transfer-encoding without chunks"); @@ -3168,6 +3150,11 @@ CURLcode Curl_http_header(struct Curl_easy *data, } return CURLE_OK; } + v = HD_VAL(hd, hdlen, "Trailer:"); + if(v) { + data->req.resp_trailer = TRUE; + return CURLE_OK; + } break; case 'w': case 'W': @@ -3231,11 +3218,11 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, data->state.httpversion = (unsigned char)k->httpversion; /* - * This code executes as part of processing the header. As a - * result, it's not totally clear how to interpret the + * This code executes as part of processing the header. As a + * result, it is not totally clear how to interpret the * response code yet as that depends on what other headers may - * be present. 401 and 407 may be errors, but may be OK - * depending on how authentication is working. Other codes + * be present. 401 and 407 may be errors, but may be OK + * depending on how authentication is working. Other codes * are definitely errors, so give up here. */ if(data->state.resume_from && data->state.httpreq == HTTPREQ_GET && @@ -3255,9 +3242,6 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, else if(k->httpversion == 20 || (k->upgr101 == UPGR101_H2 && k->httpcode == 101)) { DEBUGF(infof(data, "HTTP/2 found, allow multiplexing")); - /* HTTP/2 cannot avoid multiplexing since it is a core functionality - of the protocol */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; } k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200; @@ -3287,7 +3271,7 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, } /* Content-Length must be ignored if any Transfer-Encoding is present in the - response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is + response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is figured out here after all headers have been received but before the final call to the user's header callback, so that a valid content length can be retrieved by the user in the final call. */ @@ -3299,10 +3283,13 @@ CURLcode Curl_http_size(struct Curl_easy *data) } else if(k->size != -1) { if(data->set.max_filesize && - k->size > data->set.max_filesize) { + !k->ignorebody && + (k->size > data->set.max_filesize)) { failf(data, "Maximum file size exceeded"); return CURLE_FILESIZE_EXCEEDED; } + if(k->ignorebody) + infof(data, "setting size while ignoring"); Curl_pgrsSetDownloadSize(data, k->size); k->maxdownload = k->size; } @@ -3323,7 +3310,7 @@ static CURLcode verify_header(struct Curl_easy *data, /* the first "header" is the status-line and it has no colon */ return CURLE_OK; if(((hd[0] == ' ') || (hd[0] == '\t')) && k->headerline > 2) - /* line folding, can't happen on line 2 */ + /* line folding, cannot happen on line 2 */ ; else { ptr = memchr(hd, ':', hdlen); @@ -3363,8 +3350,35 @@ CURLcode Curl_bump_headersize(struct Curl_easy *data, return CURLE_OK; } +static CURLcode http_write_header(struct Curl_easy *data, + const char *hd, size_t hdlen) +{ + CURLcode result; + int writetype; + + /* now, only output this if the header AND body are requested: + */ + Curl_debug(data, CURLINFO_HEADER_IN, (char *)hd, hdlen); + + writetype = CLIENTWRITE_HEADER | + ((data->req.httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); + + result = Curl_client_write(data, writetype, hd, hdlen); + if(result) + return result; + + result = Curl_bump_headersize(data, hdlen, FALSE); + if(result) + return result; + + data->req.deductheadercount = (100 <= data->req.httpcode && + 199 >= data->req.httpcode)? + data->req.headerbytecount:0; + return result; +} static CURLcode http_on_response(struct Curl_easy *data, + const char *last_hd, size_t last_hd_len, const char *buf, size_t blen, size_t *pconsumed) { @@ -3380,13 +3394,21 @@ static CURLcode http_on_response(struct Curl_easy *data, if(conn->httpversion != 20) infof(data, "Lying server, not serving HTTP/2"); } - if(conn->httpversion < 20) { - conn->bundle->multiuse = BUNDLE_NO_MULTIUSE; + + if(k->httpcode < 200 && last_hd) { + /* Intermediate responses might trigger processing of more + * responses, write the last header to the client before + * proceeding. */ + result = http_write_header(data, last_hd, last_hd_len); + last_hd = NULL; /* handled it */ + if(result) + goto out; } if(k->httpcode < 100) { failf(data, "Unsupported response code in HTTP response"); - return CURLE_UNSUPPORTED_PROTOCOL; + result = CURLE_UNSUPPORTED_PROTOCOL; + goto out; } else if(k->httpcode < 200) { /* "A user agent MAY ignore unexpected 1xx status responses." @@ -3405,15 +3427,18 @@ static CURLcode http_on_response(struct Curl_easy *data, break; case 101: /* Switching Protocols only allowed from HTTP/1.1 */ + if(conn->httpversion != 11) { /* invalid for other HTTP versions */ failf(data, "unexpected 101 response code"); - return CURLE_WEIRD_SERVER_REPLY; + result = CURLE_WEIRD_SERVER_REPLY; + goto out; } if(k->upgr101 == UPGR101_H2) { /* Switching to HTTP/2, where we will get more responses */ infof(data, "Received 101, Switching to HTTP/2"); k->upgr101 = UPGR101_RECEIVED; + data->conn->bits.asks_multiplex = FALSE; /* We expect more response from HTTP/2 later */ k->header = TRUE; k->headerline = 0; /* restart the header line counter */ @@ -3421,7 +3446,7 @@ static CURLcode http_on_response(struct Curl_easy *data, * be processed. */ result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, buf, blen); if(result) - return result; + goto out; *pconsumed += blen; } #ifdef USE_WEBSOCKETS @@ -3430,7 +3455,7 @@ static CURLcode http_on_response(struct Curl_easy *data, * WebSockets format and taken in by the protocol handler. */ result = Curl_ws_accept(data, buf, blen); if(result) - return result; + goto out; *pconsumed += blen; /* ws accept handled the data */ k->header = FALSE; /* we will not get more responses */ if(data->set.connect_only) @@ -3451,7 +3476,7 @@ static CURLcode http_on_response(struct Curl_easy *data, * to receive a final response eventually. */ break; } - return result; + goto out; } /* k->httpcode >= 200, final response */ @@ -3460,6 +3485,7 @@ static CURLcode http_on_response(struct Curl_easy *data, if(k->upgr101 == UPGR101_H2) { /* A requested upgrade was denied, poke the multi handle to possibly allow a pending pipewait to continue */ + data->conn->bits.asks_multiplex = FALSE; Curl_multi_connchanged(data->multi); } @@ -3509,10 +3535,11 @@ static CURLcode http_on_response(struct Curl_easy *data, #endif #ifdef USE_WEBSOCKETS - /* All >=200 HTTP status codes are errors when wanting websockets */ + /* All >=200 HTTP status codes are errors when wanting WebSockets */ if(data->req.upgr101 == UPGR101_WS) { failf(data, "Refused WebSockets upgrade: %d", k->httpcode); - return CURLE_HTTP_RETURNED_ERROR; + result = CURLE_HTTP_RETURNED_ERROR; + goto out; } #endif @@ -3520,7 +3547,8 @@ static CURLcode http_on_response(struct Curl_easy *data, if(http_should_fail(data, data->req.httpcode)) { failf(data, "The requested URL returned error: %d", k->httpcode); - return CURLE_HTTP_RETURNED_ERROR; + result = CURLE_HTTP_RETURNED_ERROR; + goto out; } /* Curl_http_auth_act() checks what authentication methods @@ -3528,7 +3556,7 @@ static CURLcode http_on_response(struct Curl_easy *data, * use. It will set 'newurl' if an auth method was picked. */ result = Curl_http_auth_act(data); if(result) - return result; + goto out; if(k->httpcode >= 300) { if((!data->req.authneg) && !conn->bits.close && @@ -3551,7 +3579,7 @@ static CURLcode http_on_response(struct Curl_easy *data, case HTTPREQ_POST_MIME: /* We got an error response. If this happened before the whole * request body has been sent we stop sending and mark the - * connection for closure after we've read the entire response. + * connection for closure after we have read the entire response. */ if(!Curl_req_done_sending(data)) { if((k->httpcode == 417) && Curl_http_exp100_is_selected(data)) { @@ -3566,7 +3594,7 @@ static CURLcode http_on_response(struct Curl_easy *data, "Stop sending data before everything sent"); result = http_perhapsrewind(data, conn); if(result) - return result; + goto out; } data->state.disableexpect = TRUE; DEBUGASSERT(!data->req.newurl); @@ -3582,7 +3610,7 @@ static CURLcode http_on_response(struct Curl_easy *data, streamclose(conn, "Stop sending data before everything sent"); result = Curl_req_abort_sending(data); if(result) - return result; + goto out; } } break; @@ -3600,13 +3628,6 @@ static CURLcode http_on_response(struct Curl_easy *data, } - /* This is the last response that we will got for the current request. - * Check on the body size and determine if the response is complete. - */ - result = Curl_http_size(data); - if(result) - return result; - /* If we requested a "no body", this is a good time to get * out and return home. */ @@ -3614,9 +3635,9 @@ static CURLcode http_on_response(struct Curl_easy *data, k->download_done = TRUE; /* If max download size is *zero* (nothing) we already have - nothing and can safely return ok now! But for HTTP/2, we'd + nothing and can safely return ok now! But for HTTP/2, we would like to call http2_handle_stream_close to properly close a - stream. In order to do this, we keep reading until we + stream. In order to do this, we keep reading until we close the stream. */ if(0 == k->maxdownload && !Curl_conn_is_http2(data, conn, FIRSTSOCKET) @@ -3624,7 +3645,22 @@ static CURLcode http_on_response(struct Curl_easy *data, k->download_done = TRUE; /* final response without error, prepare to receive the body */ - return Curl_http_firstwrite(data); + result = Curl_http_firstwrite(data); + + if(!result) + /* This is the last response that we get for the current request. + * Check on the body size and determine if the response is complete. + */ + result = Curl_http_size(data); + +out: + if(last_hd) { + /* if not written yet, write it now */ + CURLcode r2 = http_write_header(data, last_hd, last_hd_len); + if(!result) + result = r2; + } + return result; } static CURLcode http_rw_hd(struct Curl_easy *data, @@ -3639,36 +3675,25 @@ static CURLcode http_rw_hd(struct Curl_easy *data, *pconsumed = 0; if((0x0a == *hd) || (0x0d == *hd)) { /* Empty header line means end of headers! */ + struct dynbuf last_header; size_t consumed; - /* now, only output this if the header AND body are requested: - */ - Curl_debug(data, CURLINFO_HEADER_IN, (char *)hd, hdlen); - - writetype = CLIENTWRITE_HEADER | - ((k->httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); - - result = Curl_client_write(data, writetype, hd, hdlen); - if(result) - return result; - - result = Curl_bump_headersize(data, hdlen, FALSE); + Curl_dyn_init(&last_header, hdlen + 1); + result = Curl_dyn_addn(&last_header, hd, hdlen); if(result) return result; - data->req.deductheadercount = - (100 <= k->httpcode && 199 >= k->httpcode)?data->req.headerbytecount:0; - /* analyze the response to find out what to do. */ /* Caveat: we clear anything in the header brigade, because a * response might switch HTTP version which may call use recursively. * Not nice, but that is currently the way of things. */ Curl_dyn_reset(&data->state.headerb); - result = http_on_response(data, buf_remain, blen, &consumed); - if(result) - return result; + result = http_on_response(data, Curl_dyn_ptr(&last_header), + Curl_dyn_len(&last_header), + buf_remain, blen, &consumed); *pconsumed += consumed; - return CURLE_OK; + Curl_dyn_free(&last_header); + return result; } /* @@ -3681,14 +3706,14 @@ static CURLcode http_rw_hd(struct Curl_easy *data, or else we consider this to be the body right away! */ bool fine_statusline = FALSE; - k->httpversion = 0; /* Don't know yet */ + k->httpversion = 0; /* Do not know yet */ if(data->conn->handler->protocol & PROTO_FAMILY_HTTP) { /* * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2 * * The response code is always a three-digit number in HTTP as the spec * says. We allow any three-digit number here, but we cannot make - * guarantees on future behaviors since it isn't within the protocol. + * guarantees on future behaviors since it is not within the protocol. */ const char *p = hd; @@ -4405,9 +4430,18 @@ static CURLcode cr_exp100_read(struct Curl_easy *data, switch(ctx->state) { case EXP100_SENDING_REQUEST: + if(!Curl_req_sendbuf_empty(data)) { + /* The initial request data has not been fully sent yet. Do + * not start the timer yet. */ + DEBUGF(infof(data, "cr_exp100_read, request not full sent yet")); + *nread = 0; + *eos = FALSE; + return CURLE_OK; + } /* We are now waiting for a reply from the server or - * a timeout on our side */ - DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE")); + * a timeout on our side IFF the request has been fully sent. */ + DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE, " + "timeout %ldms", data->set.expect_100_timeout)); ctx->state = EXP100_AWAITING_CONTINUE; ctx->start = Curl_now(); Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT); @@ -4431,7 +4465,7 @@ static CURLcode cr_exp100_read(struct Curl_easy *data, *eos = FALSE; return CURLE_OK; } - /* we've waited long enough, continue anyway */ + /* we have waited long enough, continue anyway */ http_exp100_continue(data, reader); infof(data, "Done waiting for 100-continue"); FALLTHROUGH(); @@ -4460,6 +4494,7 @@ static const struct Curl_crtype cr_exp100 = { Curl_creader_def_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, cr_exp100_done, sizeof(struct cr_exp100_ctx) }; diff --git a/vendor/hydra/vendor/curl/lib/http.h b/vendor/hydra/vendor/curl/lib/http.h index b0c4f5fd..bb5974d9 100644 --- a/vendor/hydra/vendor/curl/lib/http.h +++ b/vendor/hydra/vendor/curl/lib/http.h @@ -73,7 +73,6 @@ char *Curl_checkProxyheaders(struct Curl_easy *data, const struct connectdata *conn, const char *thisheader, const size_t thislen); -struct HTTP; /* see below */ CURLcode Curl_add_timecondition(struct Curl_easy *data, #ifndef USE_HYPER @@ -147,7 +146,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data); selected to use no auth at all. Ie, we actively select no auth, as opposed to not having one selected. The other CURLAUTH_* defines are present in the public curl/curl.h header. */ -#define CURLAUTH_PICKNONE (1<<30) /* don't use auth */ +#define CURLAUTH_PICKNONE (1<<30) /* do not use auth */ /* MAX_INITIAL_POST_SIZE indicates the number of bytes that will make the POST data get included in the initial data chunk sent to the server. If the @@ -187,10 +186,6 @@ void Curl_http_exp100_got100(struct Curl_easy *data); /**************************************************************************** * HTTP unique setup ***************************************************************************/ -struct HTTP { - /* TODO: no longer used, we should remove it from SingleRequest */ - char unused; -}; CURLcode Curl_http_size(struct Curl_easy *data); @@ -240,7 +235,7 @@ struct httpreq { }; /** - * Create a HTTP request struct. + * Create an HTTP request struct. */ CURLcode Curl_http_req_make(struct httpreq **preq, const char *method, size_t m_len, @@ -290,7 +285,7 @@ struct http_resp { }; /** - * Create a HTTP response struct. + * Create an HTTP response struct. */ CURLcode Curl_http_resp_make(struct http_resp **presp, int status, diff --git a/vendor/hydra/vendor/curl/lib/http1.c b/vendor/hydra/vendor/curl/lib/http1.c index 182234ca..d7e21fdc 100644 --- a/vendor/hydra/vendor/curl/lib/http1.c +++ b/vendor/hydra/vendor/curl/lib/http1.c @@ -217,7 +217,7 @@ static CURLcode start_req(struct h1_req_parser *parser, tmp[target_len] = '\0'; /* See if treating TARGET as an absolute URL makes sense */ if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) { - int url_options; + unsigned int url_options; url = curl_url(); if(!url) { diff --git a/vendor/hydra/vendor/curl/lib/http2.c b/vendor/hydra/vendor/curl/lib/http2.c index f0f7b566..df3e6f0d 100644 --- a/vendor/hydra/vendor/curl/lib/http2.c +++ b/vendor/hydra/vendor/curl/lib/http2.c @@ -69,38 +69,44 @@ /* buffer dimensioning: * use 16K as chunk size, as that fits H2 DATA frames well */ #define H2_CHUNK_SIZE (16 * 1024) -/* this is how much we want "in flight" for a stream */ -#define H2_STREAM_WINDOW_SIZE (10 * 1024 * 1024) +/* connection window size */ +#define H2_CONN_WINDOW_SIZE (10 * 1024 * 1024) /* on receiving from TLS, we prep for holding a full stream window */ -#define H2_NW_RECV_CHUNKS (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +#define H2_NW_RECV_CHUNKS (H2_CONN_WINDOW_SIZE / H2_CHUNK_SIZE) /* on send into TLS, we just want to accumulate small frames */ #define H2_NW_SEND_CHUNKS 1 -/* stream recv/send chunks are a result of window / chunk sizes */ -#define H2_STREAM_RECV_CHUNKS (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +/* this is how much we want "in flight" for a stream, unthrottled */ +#define H2_STREAM_WINDOW_SIZE_MAX (10 * 1024 * 1024) +/* this is how much we want "in flight" for a stream, initially, IFF + * nghttp2 allows us to tweak the local window size. */ +#if NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE +#define H2_STREAM_WINDOW_SIZE_INITIAL (64 * 1024) +#else +#define H2_STREAM_WINDOW_SIZE_INITIAL H2_STREAM_WINDOW_SIZE_MAX +#endif /* keep smaller stream upload buffer (default h2 window size) to have * our progress bars and "upload done" reporting closer to reality */ #define H2_STREAM_SEND_CHUNKS ((64 * 1024) / H2_CHUNK_SIZE) /* spare chunks we keep for a full window */ -#define H2_STREAM_POOL_SPARES (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) +#define H2_STREAM_POOL_SPARES (H2_CONN_WINDOW_SIZE / H2_CHUNK_SIZE) -/* We need to accommodate the max number of streams with their window - * sizes on the overall connection. Streams might become PAUSED which - * will block their received QUOTA in the connection window. And if we - * run out of space, the server is blocked from sending us any data. - * See #10988 for an issue with this. */ -#define HTTP2_HUGE_WINDOW_SIZE (100 * H2_STREAM_WINDOW_SIZE) +/* We need to accommodate the max number of streams with their window sizes on + * the overall connection. Streams might become PAUSED which will block their + * received QUOTA in the connection window. If we run out of space, the server + * is blocked from sending us any data. See #10988 for an issue with this. */ +#define HTTP2_HUGE_WINDOW_SIZE (100 * H2_STREAM_WINDOW_SIZE_MAX) #define H2_SETTINGS_IV_LEN 3 #define H2_BINSETTINGS_LEN 80 -static int populate_settings(nghttp2_settings_entry *iv, - struct Curl_easy *data) +static size_t populate_settings(nghttp2_settings_entry *iv, + struct Curl_easy *data) { iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; iv[0].value = Curl_multi_max_concurrent_streams(data->multi); iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; - iv[1].value = H2_STREAM_WINDOW_SIZE; + iv[1].value = H2_STREAM_WINDOW_SIZE_INITIAL; iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; iv[2].value = data->multi->push_cb != NULL; @@ -112,7 +118,7 @@ static ssize_t populate_binsettings(uint8_t *binsettings, struct Curl_easy *data) { nghttp2_settings_entry iv[H2_SETTINGS_IV_LEN]; - int ivlen; + size_t ivlen; ivlen = populate_settings(iv, data); /* this returns number of bytes it wrote or a negative number on error. */ @@ -130,13 +136,17 @@ struct cf_h2_ctx { struct bufc_pool stream_bufcp; /* spares for stream buffers */ struct dynbuf scratch; /* scratch buffer for temp use */ - struct Curl_hash streams; /* hash of `data->id` to `h2_stream_ctx` */ + struct Curl_hash streams; /* hash of `data->mid` to `h2_stream_ctx` */ size_t drain_total; /* sum of all stream's UrlState drain */ uint32_t max_concurrent_streams; - int32_t goaway_error; - int32_t last_stream_id; + uint32_t goaway_error; /* goaway error code from server */ + int32_t remote_max_sid; /* max id processed by server */ + int32_t local_max_sid; /* max id processed by us */ + BIT(initialized); + BIT(via_h1_upgrade); BIT(conn_closed); - BIT(goaway); + BIT(rcvd_goaway); + BIT(sent_goaway); BIT(enable_push); BIT(nw_out_blocked); }; @@ -146,28 +156,38 @@ struct cf_h2_ctx { #define CF_CTX_CALL_DATA(cf) \ ((struct cf_h2_ctx *)(cf)->ctx)->call_data -static void cf_h2_ctx_clear(struct cf_h2_ctx *ctx) +static void h2_stream_hash_free(void *stream); + +static void cf_h2_ctx_init(struct cf_h2_ctx *ctx, bool via_h1_upgrade) { - struct cf_call_data save = ctx->call_data; + Curl_bufcp_init(&ctx->stream_bufcp, H2_CHUNK_SIZE, H2_STREAM_POOL_SPARES); + Curl_bufq_initp(&ctx->inbufq, &ctx->stream_bufcp, H2_NW_RECV_CHUNKS, 0); + Curl_bufq_initp(&ctx->outbufq, &ctx->stream_bufcp, H2_NW_SEND_CHUNKS, 0); + Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); + Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); + ctx->remote_max_sid = 2147483647; + ctx->via_h1_upgrade = via_h1_upgrade; + ctx->initialized = TRUE; +} - if(ctx->h2) { - nghttp2_session_del(ctx->h2); +static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufq_free(&ctx->inbufq); + Curl_bufq_free(&ctx->outbufq); + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_dyn_free(&ctx->scratch); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + memset(ctx, 0, sizeof(*ctx)); } - Curl_bufq_free(&ctx->inbufq); - Curl_bufq_free(&ctx->outbufq); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_dyn_free(&ctx->scratch); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - memset(ctx, 0, sizeof(*ctx)); - ctx->call_data = save; + free(ctx); } -static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) +static void cf_h2_ctx_close(struct cf_h2_ctx *ctx) { - if(ctx) { - cf_h2_ctx_clear(ctx); - free(ctx); + if(ctx->h2) { + nghttp2_session_del(ctx->h2); } } @@ -183,8 +203,6 @@ struct h2_stream_ctx { struct h1_req_parser h1; /* parsing the request */ struct dynhds resp_trailers; /* response trailer fields */ size_t resp_hds_len; /* amount of response header bytes in recvbuf */ - size_t upload_blocked_len; - curl_off_t upload_left; /* number of request bytes left to upload */ curl_off_t nrcvd_data; /* number of DATA bytes received */ char **push_headers; /* allocated array */ @@ -194,19 +212,19 @@ struct h2_stream_ctx { int status_code; /* HTTP response status code */ uint32_t error; /* stream error code */ CURLcode xfer_result; /* Result of writing out response */ - uint32_t local_window_size; /* the local recv window size */ + int32_t local_window_size; /* the local recv window size */ int32_t id; /* HTTP/2 protocol identifier for stream */ BIT(resp_hds_complete); /* we have a complete, final response */ BIT(closed); /* TRUE on stream close */ BIT(reset); /* TRUE on stream reset */ BIT(close_handled); /* TRUE if stream closure is handled by libcurl */ BIT(bodystarted); - BIT(send_closed); /* transfer is done sending, we might have still - buffered data in stream->sendbuf to upload. */ + BIT(body_eos); /* the complete body has been added to `sendbuf` and + * is being/has been processed from there. */ }; #define H2_STREAM_CTX(ctx,data) ((struct h2_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static struct h2_stream_ctx *h2_stream_ctx_create(struct cf_h2_ctx *ctx) { @@ -228,8 +246,7 @@ static struct h2_stream_ctx *h2_stream_ctx_create(struct cf_h2_ctx *ctx) stream->closed = FALSE; stream->close_handled = FALSE; stream->error = NGHTTP2_NO_ERROR; - stream->local_window_size = H2_STREAM_WINDOW_SIZE; - stream->upload_left = 0; + stream->local_window_size = H2_STREAM_WINDOW_SIZE_INITIAL; stream->nrcvd_data = 0; return stream; } @@ -258,6 +275,77 @@ static void h2_stream_hash_free(void *stream) h2_stream_ctx_free((struct h2_stream_ctx *)stream); } +#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE +static int32_t cf_h2_get_desired_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + (void)cf; + if(data->set.max_recv_speed && data->set.max_recv_speed < INT32_MAX) { + /* The transfer should only receive `max_recv_speed` bytes per second. + * We restrict the stream's local window size, so that the server cannot + * send us "too much" at a time. + * This gets less precise the higher the latency. */ + return (int32_t)data->set.max_recv_speed; + } + return H2_STREAM_WINDOW_SIZE_MAX; +} + +static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + bool paused) +{ + struct cf_h2_ctx *ctx = cf->ctx; + int32_t dwsize; + int rv; + + dwsize = paused? 0 : cf_h2_get_desired_local_win(cf, data); + if(dwsize != stream->local_window_size) { + int32_t wsize = nghttp2_session_get_stream_effective_local_window_size( + ctx->h2, stream->id); + if(dwsize > wsize) { + rv = nghttp2_submit_window_update(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, dwsize - wsize); + if(rv) { + failf(data, "[%d] nghttp2_submit_window_update() failed: " + "%s(%d)", stream->id, nghttp2_strerror(rv), rv); + return CURLE_HTTP2; + } + stream->local_window_size = dwsize; + CURL_TRC_CF(data, cf, "[%d] local window update by %d", + stream->id, dwsize - wsize); + } + else { + rv = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE, + stream->id, dwsize); + if(rv) { + failf(data, "[%d] nghttp2_session_set_local_window_size() failed: " + "%s(%d)", stream->id, nghttp2_strerror(rv), rv); + return CURLE_HTTP2; + } + stream->local_window_size = dwsize; + CURL_TRC_CF(data, cf, "[%d] local window size now %d", + stream->id, dwsize); + } + } + return CURLE_OK; +} + +#else /* NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE */ + +static CURLcode cf_h2_update_local_win(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + bool paused) +{ + (void)cf; + (void)data; + (void)stream; + (void)paused; + return CURLE_OK; +} +#endif /* !NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE */ + /* * Mark this transfer to get "drained". */ @@ -269,10 +357,10 @@ static void drain_stream(struct Curl_cfilter *cf, (void)cf; bits = CURL_CSELECT_IN; - if(!stream->send_closed && - (stream->upload_left || stream->upload_blocked_len)) + if(!stream->closed && + (!stream->body_eos || !Curl_bufq_is_empty(&stream->sendbuf))) bits |= CURL_CSELECT_OUT; - if(data->state.select_bits != bits) { + if(stream->closed || (data->state.select_bits != bits)) { CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", stream->id, bits); data->state.select_bits = bits; @@ -289,10 +377,6 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf, (void)cf; DEBUGASSERT(data); - if(!data->req.p.http) { - failf(data, "initialization failure, transfer not http initialized"); - return CURLE_FAILED_INIT; - } stream = H2_STREAM_CTX(ctx, data); if(stream) { *pstream = stream; @@ -303,7 +387,7 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf, if(!stream) return CURLE_OUT_OF_MEMORY; - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h2_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -318,7 +402,7 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); DEBUGASSERT(ctx); - if(!stream) + if(!stream || !ctx->initialized) return; if(ctx->h2) { @@ -332,7 +416,6 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) stream->id); stream->closed = TRUE; stream->reset = TRUE; - stream->send_closed = TRUE; nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE, stream->id, NGHTTP2_STREAM_CLOSED); flush_egress = TRUE; @@ -342,7 +425,7 @@ static void http2_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) nghttp2_session_send(ctx->h2); } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } static int h2_client_new(struct Curl_cfilter *cf, @@ -385,8 +468,8 @@ static ssize_t nw_out_writer(void *writer_ctx, struct Curl_easy *data = CF_DATA_CURRENT(cf); if(data) { - ssize_t nwritten = Curl_conn_cf_send(cf->next, data, - (const char *)buf, buflen, err); + ssize_t nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, + buflen, FALSE, err); if(nwritten > 0) CURL_TRC_CF(data, cf, "[0] egress: wrote %zd bytes", nwritten); return nwritten; @@ -418,12 +501,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, static int error_callback(nghttp2_session *session, const char *msg, size_t len, void *userp); -/* - * Initialize the cfilter context - */ -static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, - struct Curl_easy *data, - bool via_h1_upgrade) +static CURLcode cf_h2_ctx_open(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream; @@ -432,12 +511,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, nghttp2_session_callbacks *cbs = NULL; DEBUGASSERT(!ctx->h2); - Curl_bufcp_init(&ctx->stream_bufcp, H2_CHUNK_SIZE, H2_STREAM_POOL_SPARES); - Curl_bufq_initp(&ctx->inbufq, &ctx->stream_bufcp, H2_NW_RECV_CHUNKS, 0); - Curl_bufq_initp(&ctx->outbufq, &ctx->stream_bufcp, H2_NW_SEND_CHUNKS, 0); - Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); - Curl_hash_offt_init(&ctx->streams, 63, h2_stream_hash_free); - ctx->last_stream_id = 2147483647; + DEBUGASSERT(ctx->initialized); rc = nghttp2_session_callbacks_new(&cbs); if(rc) { @@ -466,7 +540,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, } ctx->max_concurrent_streams = DEFAULT_MAX_CONCURRENT_STREAMS; - if(via_h1_upgrade) { + if(ctx->via_h1_upgrade) { /* HTTP/1.1 Upgrade issued. H2 Settings have already been submitted * in the H1 request and we upgrade from there. This stream * is opened implicitly as #1. */ @@ -486,7 +560,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, DEBUGASSERT(stream); stream->id = 1; /* queue SETTINGS frame (again) */ - rc = nghttp2_session_upgrade2(ctx->h2, binsettings, binlen, + rc = nghttp2_session_upgrade2(ctx->h2, binsettings, (size_t)binlen, data->state.httpreq == HTTPREQ_HEAD, NULL); if(rc) { @@ -507,7 +581,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, } else { nghttp2_settings_entry iv[H2_SETTINGS_IV_LEN]; - int ivlen; + size_t ivlen; ivlen = populate_settings(iv, data); rc = nghttp2_submit_settings(ctx->h2, NGHTTP2_FLAG_NONE, @@ -532,7 +606,7 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, /* all set, traffic will be send on connect */ result = CURLE_OK; CURL_TRC_CF(data, cf, "[0] created h2 session%s", - via_h1_upgrade? " (via h1 upgrade)" : ""); + ctx->via_h1_upgrade? " (via h1 upgrade)" : ""); out: if(cbs) @@ -612,8 +686,8 @@ static bool http2_connisalive(struct Curl_cfilter *cf, struct Curl_easy *data, return FALSE; if(*input_pending) { - /* This happens before we've sent off a request and the connection is - not in use by any other transfer, there shouldn't be any data here, + /* This happens before we have sent off a request and the connection is + not in use by any other transfer, there should not be any data here, only "protocol frames" */ CURLcode result; ssize_t nread = -1; @@ -794,18 +868,9 @@ static struct Curl_easy *h2_duphandle(struct Curl_cfilter *cf, { struct Curl_easy *second = curl_easy_duphandle(data); if(second) { - /* setup the request struct */ - struct HTTP *http = calloc(1, sizeof(struct HTTP)); - if(!http) { - (void)Curl_close(&second); - } - else { - struct h2_stream_ctx *second_stream; - - second->req.p.http = http; - http2_data_setup(cf, second, &second_stream); - second->state.priority.weight = data->state.priority.weight; - } + struct h2_stream_ctx *second_stream; + http2_data_setup(cf, second, &second_stream); + second->state.priority.weight = data->state.priority.weight; } return second; } @@ -867,9 +932,7 @@ static int set_transfer_url(struct Curl_easy *data, static void discard_newhandle(struct Curl_cfilter *cf, struct Curl_easy *newhandle) { - if(newhandle->req.p.http) { - http2_data_done(cf, newhandle); - } + http2_data_done(cf, newhandle); (void)Curl_close(&newhandle); } @@ -967,6 +1030,10 @@ static int push_promise(struct Curl_cfilter *cf, rv = CURL_PUSH_DENY; goto fail; } + + /* success, remember max stream id processed */ + if(newstream->id > ctx->local_max_sid) + ctx->local_max_sid = newstream->id; } else { CURL_TRC_CF(data, cf, "Got PUSH_PROMISE, ignore it"); @@ -985,6 +1052,8 @@ static void h2_xfer_write_resp_hd(struct Curl_cfilter *cf, /* If we already encountered an error, skip further writes */ if(!stream->xfer_result) { stream->xfer_result = Curl_xfer_write_resp_hd(data, buf, blen, eos); + if(!stream->xfer_result && !eos) + stream->xfer_result = cf_h2_update_local_win(cf, data, stream, FALSE); if(stream->xfer_result) CURL_TRC_CF(data, cf, "[%d] error %d writing %zu bytes of headers", stream->id, stream->xfer_result, blen); @@ -1000,6 +1069,8 @@ static void h2_xfer_write_resp(struct Curl_cfilter *cf, /* If we already encountered an error, skip further writes */ if(!stream->xfer_result) stream->xfer_result = Curl_xfer_write_resp(data, buf, blen, eos); + if(!stream->xfer_result && !eos) + stream->xfer_result = cf_h2_update_local_win(cf, data, stream, FALSE); /* If the transfer write is errored, we do not want any more data */ if(stream->xfer_result) { struct cf_h2_ctx *ctx = cf->ctx; @@ -1007,7 +1078,7 @@ static void h2_xfer_write_resp(struct Curl_cfilter *cf, "RST-ing stream", stream->id, stream->xfer_result, blen); nghttp2_submit_rst_stream(ctx->h2, 0, stream->id, - NGHTTP2_ERR_CALLBACK_FAILURE); + (uint32_t)NGHTTP2_ERR_CALLBACK_FAILURE); } } @@ -1048,7 +1119,7 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, break; case NGHTTP2_HEADERS: if(stream->bodystarted) { - /* Only valid HEADERS after body started is trailer HEADERS. We + /* Only valid HEADERS after body started is trailer HEADERS. We buffer them in on_header callback. */ break; } @@ -1093,13 +1164,19 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, if(frame->rst_stream.error_code) { stream->reset = TRUE; } - stream->send_closed = TRUE; drain_stream(cf, data, stream); break; case NGHTTP2_WINDOW_UPDATE: - if(CURL_WANT_SEND(data)) { + if(CURL_WANT_SEND(data) && Curl_bufq_is_empty(&stream->sendbuf)) { + /* need more data, force processing of transfer */ drain_stream(cf, data, stream); } + else if(!Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) + return CURLE_SEND_ERROR; + } break; default: break; @@ -1252,12 +1329,12 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, break; } case NGHTTP2_GOAWAY: - ctx->goaway = TRUE; + ctx->rcvd_goaway = TRUE; ctx->goaway_error = frame->goaway.error_code; - ctx->last_stream_id = frame->goaway.last_stream_id; + ctx->remote_max_sid = frame->goaway.last_stream_id; if(data) { - infof(data, "received GOAWAY, error=%d, last_stream=%u", - ctx->goaway_error, ctx->last_stream_id); + infof(data, "received GOAWAY, error=%u, last_stream=%u", + ctx->goaway_error, ctx->remote_max_sid); Curl_multi_connchanged(data->multi); } break; @@ -1310,9 +1387,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, nghttp2_session_consume(ctx->h2, stream_id, len); stream->nrcvd_data += (curl_off_t)len; - - /* if we receive data for another handle, wake that up */ - drain_stream(cf, data_s, stream); return 0; } @@ -1327,8 +1401,7 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, (void)session; DEBUGASSERT(call_data); - /* get the stream from the hash based on Stream ID, stream ID zero is for - connection-oriented stuff */ + /* stream id 0 is the connection, do not look there for streams. */ data_s = stream_id? nghttp2_session_get_stream_user_data(session, stream_id) : NULL; if(!data_s) { @@ -1356,7 +1429,6 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, stream->error = error_code; if(stream->error) { stream->reset = TRUE; - stream->send_closed = TRUE; } if(stream->error) @@ -1582,22 +1654,21 @@ static ssize_t req_body_read_callback(nghttp2_session *session, (void)source; (void)cf; - if(stream_id) { - /* get the stream from the hash based on Stream ID, stream ID zero is for - connection-oriented stuff */ - data_s = nghttp2_session_get_stream_user_data(session, stream_id); - if(!data_s) - /* Receiving a Stream ID not in the hash should not happen, this is an - internal error more than anything else! */ - return NGHTTP2_ERR_CALLBACK_FAILURE; - - stream = H2_STREAM_CTX(ctx, data_s); - if(!stream) - return NGHTTP2_ERR_CALLBACK_FAILURE; - } - else + if(!stream_id) return NGHTTP2_ERR_INVALID_ARGUMENT; + /* get the stream from the hash based on Stream ID, stream ID zero is for + connection-oriented stuff */ + data_s = nghttp2_session_get_stream_user_data(session, stream_id); + if(!data_s) + /* Receiving a Stream ID not in the hash should not happen, this is an + internal error more than anything else! */ + return NGHTTP2_ERR_CALLBACK_FAILURE; + + stream = H2_STREAM_CTX(ctx, data_s); + if(!stream) + return NGHTTP2_ERR_CALLBACK_FAILURE; + nread = Curl_bufq_read(&stream->sendbuf, buf, length, &result); if(nread < 0) { if(result != CURLE_AGAIN) @@ -1605,19 +1676,14 @@ static ssize_t req_body_read_callback(nghttp2_session *session, nread = 0; } - if(nread > 0 && stream->upload_left != -1) - stream->upload_left -= nread; + CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) eos=%d -> %zd, %d", + stream_id, length, stream->body_eos, nread, result); - CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) left=%" - CURL_FORMAT_CURL_OFF_T " -> %zd, %d", - stream_id, length, stream->upload_left, nread, result); - - if(stream->upload_left == 0) + if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf)) { *data_flags = NGHTTP2_DATA_FLAG_EOF; - else if(nread == 0) - return NGHTTP2_ERR_DEFERRED; - - return nread; + return nread; + } + return (nread == 0)? NGHTTP2_ERR_DEFERRED : nread; } #if !defined(CURL_DISABLE_VERBOSE_STRINGS) @@ -1654,7 +1720,7 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, return CURLE_FAILED_INIT; } - result = Curl_base64url_encode((const char *)binsettings, binlen, + result = Curl_base64url_encode((const char *)binsettings, (size_t)binlen, &base64, &blen); if(result) { Curl_dyn_free(req); @@ -1669,37 +1735,11 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, free(base64); k->upgr101 = UPGR101_H2; + data->conn->bits.asks_multiplex = TRUE; return result; } -static CURLcode http2_data_done_send(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_h2_ctx *ctx = cf->ctx; - CURLcode result = CURLE_OK; - struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); - - if(!ctx || !ctx->h2 || !stream) - goto out; - - CURL_TRC_CF(data, cf, "[%d] data done send", stream->id); - if(!stream->send_closed) { - stream->send_closed = TRUE; - if(stream->upload_left) { - /* we now know that everything that is buffered is all there is. */ - stream->upload_left = Curl_bufq_len(&stream->sendbuf); - /* resume sending here to trigger the callback to get called again so - that it can signal EOF to nghttp2 */ - (void)nghttp2_session_resume_data(ctx->h2, stream->id); - drain_stream(cf, data, stream); - } - } - -out: - return result; -} - static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf, struct Curl_easy *data, struct h2_stream_ctx *stream, @@ -1710,7 +1750,7 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf, if(stream->error == NGHTTP2_REFUSED_STREAM) { CURL_TRC_CF(data, cf, "[%d] REFUSED_STREAM, try again on a new " "connection", stream->id); - connclose(cf->conn, "REFUSED_STREAM"); /* don't use this anymore */ + connclose(cf->conn, "REFUSED_STREAM"); /* do not use this anymore */ data->state.refused_stream = TRUE; *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */ return -1; @@ -1817,7 +1857,7 @@ static void h2_pri_spec(struct cf_h2_ctx *ctx, } /* - * Check if there's been an update in the priority / + * Check if there is been an update in the priority / * dependency settings and if so it submits a PRIORITY frame with the updated * info. * Flush any out data pending in the network buffer. @@ -1878,7 +1918,7 @@ static ssize_t stream_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } else if(stream->reset || (ctx->conn_closed && Curl_bufq_is_empty(&ctx->inbufq)) || - (ctx->goaway && ctx->last_stream_id < stream->id)) { + (ctx->rcvd_goaway && ctx->remote_max_sid < stream->id)) { CURL_TRC_CF(data, cf, "[%d] returning ERR", stream->id); *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP2; nread = -1; @@ -1944,12 +1984,15 @@ static CURLcode h2_progress_ingress(struct Curl_cfilter *cf, if(h2_process_pending_input(cf, data, &result)) return result; + CURL_TRC_CF(data, cf, "[0] progress ingress: inbufg=%zu", + Curl_bufq_len(&ctx->inbufq)); } if(ctx->conn_closed && Curl_bufq_is_empty(&ctx->inbufq)) { connclose(cf->conn, "GOAWAY received"); } + CURL_TRC_CF(data, cf, "[0] progress ingress: done"); return CURLE_OK; } @@ -1967,9 +2010,8 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, * (unlikely) or the transfer has been done, cleaned up its resources, but * a read() is called anyway. It is not clear what the calling sequence * is for such a case. */ - failf(data, "[%zd-%zd], http/2 recv on a transfer never opened " - "or already cleared", (ssize_t)data->id, - (ssize_t)cf->conn->connection_id); + failf(data, "http/2 recv on a transfer never opened " + "or already cleared, mid=%" FMT_OFF_T, data->mid); *err = CURLE_HTTP2; return -1; } @@ -2015,11 +2057,11 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, out: result = h2_progress_egress(cf, data); if(result == CURLE_AGAIN) { - /* pending data to send, need to be called again. Ideally, we'd - * monitor the socket for POLLOUT, but we might not be in SENDING - * transfer state any longer and are unable to make this happen. - */ - drain_stream(cf, data, stream); + /* pending data to send, need to be called again. Ideally, we + * monitor the socket for POLLOUT, but when not SENDING + * any more, we force processing of the transfer. */ + if(!CURL_WANT_SEND(data)) + drain_stream(cf, data, stream); } else if(result) { *err = result; @@ -2039,10 +2081,57 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, return nread; } +static ssize_t cf_h2_body_send(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h2_stream_ctx *stream, + const void *buf, size_t blen, bool eos, + CURLcode *err) +{ + struct cf_h2_ctx *ctx = cf->ctx; + ssize_t nwritten; + + if(stream->closed) { + if(stream->resp_hds_complete) { + /* Server decided to close the stream after having sent us a final + * response. This is valid if it is not interested in the request + * body. This happens on 30x or 40x responses. + * We silently discard the data sent, since this is not a transport + * error situation. */ + CURL_TRC_CF(data, cf, "[%d] discarding data" + "on closed stream with response", stream->id); + if(eos) + stream->body_eos = TRUE; + *err = CURLE_OK; + return (ssize_t)blen; + } + /* Server closed before we got a response, this is an error */ + infof(data, "stream %u closed", stream->id); + *err = CURLE_SEND_ERROR; + return -1; + } + + nwritten = Curl_bufq_write(&stream->sendbuf, buf, blen, err); + if(nwritten < 0) + return -1; + + if(eos && (blen == (size_t)nwritten)) + stream->body_eos = TRUE; + + if(eos || !Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + int rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) { + *err = CURLE_SEND_ERROR; + return -1; + } + } + return nwritten; +} + static ssize_t h2_submit(struct h2_stream_ctx **pstream, struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, - size_t *phdslen, CURLcode *err) + bool eos, CURLcode *err) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = NULL; @@ -2055,7 +2144,6 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, nghttp2_priority_spec pri_spec; ssize_t nwritten; - *phdslen = 0; Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); *err = http2_data_setup(cf, data, &stream); @@ -2067,7 +2155,6 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err); if(nwritten < 0) goto out; - *phdslen = (size_t)nwritten; if(!stream->h1.done) { /* need more data */ goto out; @@ -2098,19 +2185,12 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, case HTTPREQ_POST_FORM: case HTTPREQ_POST_MIME: case HTTPREQ_PUT: - if(data->state.infilesize != -1) - stream->upload_left = data->state.infilesize; - else - /* data sending without specifying the data amount up front */ - stream->upload_left = -1; /* unknown */ - data_prd.read_callback = req_body_read_callback; data_prd.source.ptr = NULL; stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader, &data_prd, data); break; default: - stream->upload_left = 0; /* no request body */ stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader, NULL, data); } @@ -2145,32 +2225,21 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, } stream->id = stream_id; - stream->local_window_size = H2_STREAM_WINDOW_SIZE; - if(data->set.max_recv_speed) { - /* We are asked to only receive `max_recv_speed` bytes per second. - * Let's limit our stream window size around that, otherwise the server - * will send in large bursts only. We make the window 50% larger to - * allow for data in flight and avoid stalling. */ - curl_off_t n = (((data->set.max_recv_speed - 1) / H2_CHUNK_SIZE) + 1); - n += CURLMAX((n/2), 1); - if(n < (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) && - n < (UINT_MAX / H2_CHUNK_SIZE)) { - stream->local_window_size = (uint32_t)n * H2_CHUNK_SIZE; - } - } body = (const char *)buf + nwritten; bodylen = len - nwritten; - if(bodylen) { - /* We have request body to send in DATA frame */ - ssize_t n = Curl_bufq_write(&stream->sendbuf, body, bodylen, err); - if(n < 0) { + if(bodylen || eos) { + ssize_t n = cf_h2_body_send(cf, data, stream, body, bodylen, eos, err); + if(n >= 0) + nwritten += n; + else if(*err == CURLE_AGAIN) + *err = CURLE_OK; + else if(*err != CURLE_AGAIN) { *err = CURLE_SEND_ERROR; nwritten = -1; goto out; } - nwritten += n; } out: @@ -2183,139 +2252,63 @@ static ssize_t h2_submit(struct h2_stream_ctx **pstream, } static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); struct cf_call_data save; - int rv; ssize_t nwritten; - size_t hdslen = 0; CURLcode result; - int blocked = 0, was_blocked = 0; CF_DATA_SAVE(save, cf, data); - if(stream && stream->id != -1) { - if(stream->upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - /* TODO: this assertion triggers in OSSFuzz runs and it is not - * clear why. Disable for now to let OSSFuzz continue its tests. */ - DEBUGASSERT(len >= stream->upload_blocked_len); - if(len < stream->upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/2 send again with decreased length (%zd vs %zd)", - len, stream->upload_blocked_len); - *err = CURLE_HTTP2; - nwritten = -1; - goto out; - } - nwritten = (ssize_t)stream->upload_blocked_len; - stream->upload_blocked_len = 0; - was_blocked = 1; - } - else if(stream->closed) { - if(stream->resp_hds_complete) { - /* Server decided to close the stream after having sent us a findl - * response. This is valid if it is not interested in the request - * body. This happens on 30x or 40x responses. - * We silently discard the data sent, since this is not a transport - * error situation. */ - CURL_TRC_CF(data, cf, "[%d] discarding data" - "on closed stream with response", stream->id); - *err = CURLE_OK; - nwritten = (ssize_t)len; - goto out; - } - infof(data, "stream %u closed", stream->id); - *err = CURLE_SEND_ERROR; - nwritten = -1; + if(!stream || stream->id == -1) { + nwritten = h2_submit(&stream, cf, data, buf, len, eos, err); + if(nwritten < 0) { goto out; } - else { - /* If stream_id != -1, we have dispatched request HEADERS and - * optionally request body, and now are going to send or sending - * more request body in DATA frame */ - nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err); - if(nwritten < 0 && *err != CURLE_AGAIN) - goto out; - } - - if(!Curl_bufq_is_empty(&stream->sendbuf)) { - /* req body data is buffered, resume the potentially suspended stream */ - rv = nghttp2_session_resume_data(ctx->h2, stream->id); - if(nghttp2_is_fatal(rv)) { - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - } + DEBUGASSERT(stream); } - else { - nwritten = h2_submit(&stream, cf, data, buf, len, &hdslen, err); + else if(stream->body_eos) { + /* We already wrote this, but CURLE_AGAINed the call due to not + * being able to flush stream->sendbuf. Make a 0-length write + * to trigger flushing again. + * If this works, we report to have written `len` bytes. */ + DEBUGASSERT(eos); + nwritten = cf_h2_body_send(cf, data, stream, buf, 0, eos, err); + CURL_TRC_CF(data, cf, "[%d] cf_body_send last CHUNK -> %zd, %d, eos=%d", + stream->id, nwritten, *err, eos); if(nwritten < 0) { goto out; } - DEBUGASSERT(stream); - DEBUGASSERT(hdslen <= (size_t)nwritten); + nwritten = len; + } + else { + nwritten = cf_h2_body_send(cf, data, stream, buf, len, eos, err); + CURL_TRC_CF(data, cf, "[%d] cf_body_send(len=%zu) -> %zd, %d, eos=%d", + stream->id, len, nwritten, *err, eos); } /* Call the nghttp2 send loop and flush to write ALL buffered data, * headers and/or request body completely out to the network */ result = h2_progress_egress(cf, data); + /* if the stream has been closed in egress handling (nghttp2 does that * when it does not like the headers, for example */ - if(stream && stream->closed && !was_blocked) { + if(stream && stream->closed) { infof(data, "stream %u closed", stream->id); *err = CURLE_SEND_ERROR; nwritten = -1; goto out; } - else if(result == CURLE_AGAIN) { - blocked = 1; - } - else if(result) { + else if(result && (result != CURLE_AGAIN)) { *err = result; nwritten = -1; goto out; } - else if(stream && !Curl_bufq_is_empty(&stream->sendbuf)) { - /* although we wrote everything that nghttp2 wants to send now, - * there is data left in our stream send buffer unwritten. This may - * be due to the stream's HTTP/2 flow window being exhausted. */ - blocked = 1; - } - - if(stream && blocked && nwritten > 0) { - /* Unable to send all data, due to connection blocked or H2 window - * exhaustion. Data is left in our stream buffer, or nghttp2's internal - * frame buffer or our network out buffer. */ - size_t rwin = nghttp2_session_get_stream_remote_window_size(ctx->h2, - stream->id); - /* At the start of a stream, we are called with request headers - * and, possibly, parts of the body. Later, only body data. - * If we cannot send pure body data, we EAGAIN. If there had been - * header, we return that *they* have been written and remember the - * block on the data length only. */ - stream->upload_blocked_len = ((size_t)nwritten) - hdslen; - CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) BLOCK: win %u/%zu " - "hds_len=%zu blocked_len=%zu", - stream->id, len, - nghttp2_session_get_remote_window_size(ctx->h2), rwin, - hdslen, stream->upload_blocked_len); - if(hdslen) { - *err = CURLE_OK; - nwritten = hdslen; - } - else { - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - } - else if(should_close_session(ctx)) { + + if(should_close_session(ctx)) { /* nghttp2 thinks this session is done. If the stream has not been * closed, this is an error state for out transfer */ if(stream->closed) { @@ -2331,11 +2324,10 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, out: if(stream) { CURL_TRC_CF(data, cf, "[%d] cf_send(len=%zu) -> %zd, %d, " - "upload_left=%" CURL_FORMAT_CURL_OFF_T ", " - "h2 windows %d-%d (stream-conn), " + "eos=%d, h2 windows %d-%d (stream-conn), " "buffers %zu-%zu (stream-conn)", stream->id, len, nwritten, *err, - stream->upload_left, + stream->body_eos, nghttp2_session_get_stream_remote_window_size( ctx->h2, stream->id), nghttp2_session_get_remote_window_size(ctx->h2), @@ -2353,11 +2345,54 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, return nwritten; } +static CURLcode cf_h2_flush(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_h2_ctx *ctx = cf->ctx; + struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); + struct cf_call_data save; + CURLcode result = CURLE_OK; + + CF_DATA_SAVE(save, cf, data); + if(stream && !Curl_bufq_is_empty(&stream->sendbuf)) { + /* resume the potentially suspended stream */ + int rv = nghttp2_session_resume_data(ctx->h2, stream->id); + if(nghttp2_is_fatal(rv)) { + result = CURLE_SEND_ERROR; + goto out; + } + } + + result = h2_progress_egress(cf, data); + +out: + if(stream) { + CURL_TRC_CF(data, cf, "[%d] flush -> %d, " + "h2 windows %d-%d (stream-conn), " + "buffers %zu-%zu (stream-conn)", + stream->id, result, + nghttp2_session_get_stream_remote_window_size( + ctx->h2, stream->id), + nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&stream->sendbuf), + Curl_bufq_len(&ctx->outbufq)); + } + else { + CURL_TRC_CF(data, cf, "flush -> %d, " + "connection-window=%d, nw_send_buffer(%zu)", + result, nghttp2_session_get_remote_window_size(ctx->h2), + Curl_bufq_len(&ctx->outbufq)); + } + CF_DATA_RESTORE(cf, save); + return result; +} + static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) { struct cf_h2_ctx *ctx = cf->ctx; + struct cf_call_data save; curl_socket_t sock; bool want_recv, want_send; @@ -2368,7 +2403,6 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, Curl_pollset_check(data, ps, sock, &want_recv, &want_send); if(want_recv || want_send) { struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); - struct cf_call_data save; bool c_exhaust, s_exhaust; CF_DATA_SAVE(save, cf, data); @@ -2378,11 +2412,21 @@ static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, stream->id); want_recv = (want_recv || c_exhaust || s_exhaust); want_send = (!s_exhaust && want_send) || - (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + (!c_exhaust && nghttp2_session_want_write(ctx->h2)) || + !Curl_bufq_is_empty(&ctx->outbufq); Curl_pollset_set(data, ps, sock, want_recv, want_send); CF_DATA_RESTORE(cf, save); } + else if(ctx->sent_goaway && !cf->shutdown) { + /* shutdown in progress */ + CF_DATA_SAVE(save, cf, data); + want_send = nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq); + want_recv = nghttp2_session_want_read(ctx->h2); + Curl_pollset_set(data, ps, sock, want_recv, want_send); + CF_DATA_RESTORE(cf, save); + } } static CURLcode cf_h2_connect(struct Curl_cfilter *cf, @@ -2408,8 +2452,9 @@ static CURLcode cf_h2_connect(struct Curl_cfilter *cf, *done = FALSE; CF_DATA_SAVE(save, cf, data); + DEBUGASSERT(ctx->initialized); if(!ctx->h2) { - result = cf_h2_ctx_init(cf, data, FALSE); + result = cf_h2_ctx_open(cf, data); if(result) goto out; } @@ -2444,8 +2489,9 @@ static void cf_h2_close(struct Curl_cfilter *cf, struct Curl_easy *data) struct cf_call_data save; CF_DATA_SAVE(save, cf, data); - cf_h2_ctx_clear(ctx); + cf_h2_ctx_close(ctx); CF_DATA_RESTORE(cf, save); + cf->connected = FALSE; } if(cf->next) cf->next->cft->do_close(cf->next, data); @@ -2462,30 +2508,68 @@ static void cf_h2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) } } +static CURLcode cf_h2_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + struct cf_h2_ctx *ctx = cf->ctx; + struct cf_call_data save; + CURLcode result; + int rv; + + if(!cf->connected || !ctx->h2 || cf->shutdown || ctx->conn_closed) { + *done = TRUE; + return CURLE_OK; + } + + CF_DATA_SAVE(save, cf, data); + + if(!ctx->sent_goaway) { + rv = nghttp2_submit_goaway(ctx->h2, NGHTTP2_FLAG_NONE, + ctx->local_max_sid, 0, + (const uint8_t *)"shutdown", + sizeof("shutdown")); + if(rv) { + failf(data, "nghttp2_submit_goaway() failed: %s(%d)", + nghttp2_strerror(rv), rv); + result = CURLE_SEND_ERROR; + goto out; + } + ctx->sent_goaway = TRUE; + } + /* GOAWAY submitted, process egress and ingress until nghttp2 is done. */ + result = CURLE_OK; + if(nghttp2_session_want_write(ctx->h2) || + !Curl_bufq_is_empty(&ctx->outbufq)) + result = h2_progress_egress(cf, data); + if(!result && nghttp2_session_want_read(ctx->h2)) + result = h2_progress_ingress(cf, data, 0); + + if(result == CURLE_AGAIN) + result = CURLE_OK; + + *done = (ctx->conn_closed || + (!result && !nghttp2_session_want_write(ctx->h2) && + !nghttp2_session_want_read(ctx->h2) && + Curl_bufq_is_empty(&ctx->outbufq))); + +out: + CF_DATA_RESTORE(cf, save); + cf->shutdown = (result || *done); + return result; +} + static CURLcode http2_data_pause(struct Curl_cfilter *cf, struct Curl_easy *data, bool pause) { -#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE struct cf_h2_ctx *ctx = cf->ctx; struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); DEBUGASSERT(data); if(ctx && ctx->h2 && stream) { - uint32_t window = pause? 0 : stream->local_window_size; - - int rv = nghttp2_session_set_local_window_size(ctx->h2, - NGHTTP2_FLAG_NONE, - stream->id, - window); - if(rv) { - failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)", - nghttp2_strerror(rv), rv); - return CURLE_HTTP2; - } - - if(!pause) - drain_stream(cf, data, stream); + CURLcode result = cf_h2_update_local_win(cf, data, stream, pause); + if(result) + return result; /* attempt to send the window update */ (void)h2_progress_egress(cf, data); @@ -2499,21 +2583,9 @@ static CURLcode http2_data_pause(struct Curl_cfilter *cf, drain_stream(cf, data, stream); Curl_expire(data, 0, EXPIRE_RUN_NOW); } - DEBUGF(infof(data, "Set HTTP/2 window size to %u for stream %u", - window, stream->id)); - -#ifdef DEBUGBUILD - { - /* read out the stream local window again */ - uint32_t window2 = - nghttp2_session_get_stream_local_window_size(ctx->h2, - stream->id); - DEBUGF(infof(data, "HTTP/2 window size is now %u for stream %u", - window2, stream->id)); - } -#endif + CURL_TRC_CF(data, cf, "[%d] stream now %spaused", stream->id, + pause? "" : "un"); } -#endif return CURLE_OK; } @@ -2533,8 +2605,8 @@ static CURLcode cf_h2_cntrl(struct Curl_cfilter *cf, case CF_CTRL_DATA_PAUSE: result = http2_data_pause(cf, data, (arg1 != 0)); break; - case CF_CTRL_DATA_DONE_SEND: - result = http2_data_done_send(cf, data); + case CF_CTRL_FLUSH: + result = cf_h2_flush(cf, data); break; case CF_CTRL_DATA_DETACH: http2_data_done(cf, data); @@ -2617,6 +2689,15 @@ static CURLcode cf_h2_query(struct Curl_cfilter *cf, *pres1 = stream? (int)stream->error : 0; return CURLE_OK; } + case CF_QUERY_NEED_FLUSH: { + struct h2_stream_ctx *stream = H2_STREAM_CTX(ctx, data); + if(!Curl_bufq_is_empty(&ctx->outbufq) || + (stream && !Curl_bufq_is_empty(&stream->sendbuf))) { + *pres1 = TRUE; + return CURLE_OK; + } + break; + } default: break; } @@ -2632,6 +2713,7 @@ struct Curl_cftype Curl_cft_nghttp2 = { cf_h2_destroy, cf_h2_connect, cf_h2_close, + cf_h2_shutdown, Curl_cf_def_get_host, cf_h2_adjust_pollset, cf_h2_data_pending, @@ -2657,6 +2739,7 @@ static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf, ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; + cf_h2_ctx_init(ctx, via_h1_upgrade); result = Curl_cf_create(&cf, &Curl_cft_nghttp2, ctx); if(result) @@ -2664,7 +2747,6 @@ static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf, ctx = NULL; Curl_conn_cf_add(data, conn, sockindex, cf); - result = cf_h2_ctx_init(cf, data, via_h1_upgrade); out: if(result) @@ -2685,6 +2767,7 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; + cf_h2_ctx_init(ctx, via_h1_upgrade); result = Curl_cf_create(&cf_h2, &Curl_cft_nghttp2, ctx); if(result) @@ -2692,7 +2775,6 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, ctx = NULL; Curl_conn_cf_insert_after(cf, cf_h2); - result = cf_h2_ctx_init(cf_h2, data, via_h1_upgrade); out: if(result) @@ -2729,7 +2811,7 @@ bool Curl_http2_may_switch(struct Curl_easy *data, data->state.httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) { #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { - /* We don't support HTTP/2 proxies yet. Also it's debatable + /* We do not support HTTP/2 proxies yet. Also it is debatable whether or not this setting should apply to HTTP/2 proxies. */ infof(data, "Ignoring HTTP/2 prior knowledge due to proxy"); return FALSE; @@ -2747,15 +2829,14 @@ CURLcode Curl_http2_switch(struct Curl_easy *data, CURLcode result; DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex)); - DEBUGF(infof(data, "switching to HTTP/2")); result = http2_cfilter_add(&cf, data, conn, sockindex, FALSE); if(result) return result; + CURL_TRC_CF(data, cf, "switching connection to HTTP/2"); - conn->httpversion = 20; /* we know we're on HTTP/2 now */ + conn->httpversion = 20; /* we know we are on HTTP/2 now */ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf->next) { @@ -2777,9 +2858,8 @@ CURLcode Curl_http2_switch_at(struct Curl_cfilter *cf, struct Curl_easy *data) return result; cf_h2 = cf->next; - cf->conn->httpversion = 20; /* we know we're on HTTP/2 now */ + cf->conn->httpversion = 20; /* we know we are on HTTP/2 now */ cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf_h2->next) { @@ -2798,12 +2878,12 @@ CURLcode Curl_http2_upgrade(struct Curl_easy *data, CURLcode result; DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex)); - DEBUGF(infof(data, "upgrading to HTTP/2")); DEBUGASSERT(data->req.upgr101 == UPGR101_RECEIVED); result = http2_cfilter_add(&cf, data, conn, sockindex, TRUE); if(result) return result; + CURL_TRC_CF(data, cf, "upgrading connection to HTTP/2"); DEBUGASSERT(cf->cft == &Curl_cft_nghttp2); ctx = cf->ctx; @@ -2830,9 +2910,8 @@ CURLcode Curl_http2_upgrade(struct Curl_easy *data, " after upgrade: len=%zu", nread); } - conn->httpversion = 20; /* we know we're on HTTP/2 now */ + conn->httpversion = 20; /* we know we are on HTTP/2 now */ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - conn->bundle->multiuse = BUNDLE_MULTIPLEX; Curl_multi_connchanged(data->multi); if(cf->next) { diff --git a/vendor/hydra/vendor/curl/lib/http_aws_sigv4.c b/vendor/hydra/vendor/curl/lib/http_aws_sigv4.c index 98cc033a..3874993e 100644 --- a/vendor/hydra/vendor/curl/lib/http_aws_sigv4.c +++ b/vendor/hydra/vendor/curl/lib/http_aws_sigv4.c @@ -60,11 +60,11 @@ #define TIMESTAMP_SIZE 17 /* hex-encoded with trailing null */ -#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1) +#define SHA256_HEX_LENGTH (2 * CURL_SHA256_DIGEST_LENGTH + 1) static void sha256_to_hex(char *dst, unsigned char *sha) { - Curl_hexencode(sha, SHA256_DIGEST_LENGTH, + Curl_hexencode(sha, CURL_SHA256_DIGEST_LENGTH, (unsigned char *)dst, SHA256_HEX_LENGTH); } @@ -129,6 +129,37 @@ static void trim_headers(struct curl_slist *head) /* string been x-PROVIDER-date:TIMESTAMP, I need +1 for ':' */ #define DATE_FULL_HDR_LEN (DATE_HDR_KEY_LEN + TIMESTAMP_SIZE + 1) +/* alphabetically compare two headers by their name, expecting + headers to use ':' at this point */ +static int compare_header_names(const char *a, const char *b) +{ + const char *colon_a; + const char *colon_b; + size_t len_a; + size_t len_b; + size_t min_len; + int cmp; + + colon_a = strchr(a, ':'); + colon_b = strchr(b, ':'); + + DEBUGASSERT(colon_a); + DEBUGASSERT(colon_b); + + len_a = colon_a ? (size_t)(colon_a - a) : strlen(a); + len_b = colon_b ? (size_t)(colon_b - b) : strlen(b); + + min_len = (len_a < len_b) ? len_a : len_b; + + cmp = strncmp(a, b, min_len); + + /* return the shorter of the two if one is shorter */ + if(!cmp) + return (int)(len_a - len_b); + + return cmp; +} + /* timestamp should point to a buffer of at last TIMESTAMP_SIZE bytes */ static CURLcode make_headers(struct Curl_easy *data, const char *hostname, @@ -240,7 +271,7 @@ static CURLcode make_headers(struct Curl_easy *data, if(!tmp_head) goto fail; head = tmp_head; - *date_header = curl_maprintf("%s: %s\r\n", date_hdr_key, timestamp); + *date_header = aprintf("%s: %s\r\n", date_hdr_key, timestamp); } else { char *value; @@ -267,13 +298,13 @@ static CURLcode make_headers(struct Curl_easy *data, *date_header = NULL; } - /* alpha-sort in a case sensitive manner */ + /* alpha-sort by header name in a case sensitive manner */ do { again = 0; for(l = head; l; l = l->next) { struct curl_slist *next = l->next; - if(next && strcmp(l->data, next->data) > 0) { + if(next && compare_header_names(l->data, next->data) > 0) { char *tmp = l->data; l->data = next->data; @@ -423,6 +454,76 @@ static int compare_func(const void *a, const void *b) #define MAX_QUERYPAIRS 64 +/** + * found_equals have a double meaning, + * detect if an equal have been found when called from canon_query, + * and mark that this function is called to compute the path, + * if found_equals is NULL. + */ +static CURLcode canon_string(const char *q, size_t len, + struct dynbuf *dq, bool *found_equals) +{ + CURLcode result = CURLE_OK; + + for(; len && !result; q++, len--) { + if(ISALNUM(*q)) + result = Curl_dyn_addn(dq, q, 1); + else { + switch(*q) { + case '-': + case '.': + case '_': + case '~': + /* allowed as-is */ + result = Curl_dyn_addn(dq, q, 1); + break; + case '%': + /* uppercase the following if hexadecimal */ + if(ISXDIGIT(q[1]) && ISXDIGIT(q[2])) { + char tmp[3]="%"; + tmp[1] = Curl_raw_toupper(q[1]); + tmp[2] = Curl_raw_toupper(q[2]); + result = Curl_dyn_addn(dq, tmp, 3); + q += 2; + len -= 2; + } + else + /* '%' without a following two-digit hex, encode it */ + result = Curl_dyn_addn(dq, "%25", 3); + break; + default: { + const char hex[] = "0123456789ABCDEF"; + char out[3]={'%'}; + + if(!found_equals) { + /* if found_equals is NULL assuming, been in path */ + if(*q == '/') { + /* allowed as if */ + result = Curl_dyn_addn(dq, q, 1); + break; + } + } + else { + /* allowed as-is */ + if(*q == '=') { + result = Curl_dyn_addn(dq, q, 1); + *found_equals = true; + break; + } + } + /* URL encode */ + out[1] = hex[((unsigned char)*q)>>4]; + out[2] = hex[*q & 0xf]; + result = Curl_dyn_addn(dq, out, 3); + break; + } + } + } + } + return result; +} + + static CURLcode canon_query(struct Curl_easy *data, const char *query, struct dynbuf *dq) { @@ -460,54 +561,11 @@ static CURLcode canon_query(struct Curl_easy *data, ap = &array[0]; for(i = 0; !result && (i < entry); i++, ap++) { - size_t len; const char *q = ap->p; bool found_equals = false; if(!ap->len) continue; - for(len = ap->len; len && !result; q++, len--) { - if(ISALNUM(*q)) - result = Curl_dyn_addn(dq, q, 1); - else { - switch(*q) { - case '-': - case '.': - case '_': - case '~': - /* allowed as-is */ - result = Curl_dyn_addn(dq, q, 1); - break; - case '=': - /* allowed as-is */ - result = Curl_dyn_addn(dq, q, 1); - found_equals = true; - break; - case '%': - /* uppercase the following if hexadecimal */ - if(ISXDIGIT(q[1]) && ISXDIGIT(q[2])) { - char tmp[3]="%"; - tmp[1] = Curl_raw_toupper(q[1]); - tmp[2] = Curl_raw_toupper(q[2]); - result = Curl_dyn_addn(dq, tmp, 3); - q += 2; - len -= 2; - } - else - /* '%' without a following two-digit hex, encode it */ - result = Curl_dyn_addn(dq, "%25", 3); - break; - default: { - /* URL encode */ - const char hex[] = "0123456789ABCDEF"; - char out[3]={'%'}; - out[1] = hex[((unsigned char)*q)>>4]; - out[2] = hex[*q & 0xf]; - result = Curl_dyn_addn(dq, out, 3); - break; - } - } - } - } + result = canon_string(q, ap->len, dq, &found_equals); if(!result && !found_equals) { /* queries without value still need an equals */ result = Curl_dyn_addn(dq, "=", 1); @@ -540,12 +598,13 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) struct dynbuf canonical_headers; struct dynbuf signed_headers; struct dynbuf canonical_query; + struct dynbuf canonical_path; char *date_header = NULL; Curl_HttpReq httpreq; const char *method = NULL; char *payload_hash = NULL; size_t payload_hash_len = 0; - unsigned char sha_hash[SHA256_DIGEST_LENGTH]; + unsigned char sha_hash[CURL_SHA256_DIGEST_LENGTH]; char sha_hex[SHA256_HEX_LENGTH]; char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */ char *canonical_request = NULL; @@ -554,8 +613,8 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) char *str_to_sign = NULL; const char *user = data->state.aptr.user ? data->state.aptr.user : ""; char *secret = NULL; - unsigned char sign0[SHA256_DIGEST_LENGTH] = {0}; - unsigned char sign1[SHA256_DIGEST_LENGTH] = {0}; + unsigned char sign0[CURL_SHA256_DIGEST_LENGTH] = {0}; + unsigned char sign1[CURL_SHA256_DIGEST_LENGTH] = {0}; char *auth_headers = NULL; DEBUGASSERT(!proxy); @@ -570,6 +629,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) Curl_dyn_init(&canonical_headers, CURL_MAX_HTTP_HEADER); Curl_dyn_init(&canonical_query, CURL_MAX_HTTP_HEADER); Curl_dyn_init(&signed_headers, CURL_MAX_HTTP_HEADER); + Curl_dyn_init(&canonical_path, CURL_MAX_HTTP_HEADER); /* * Parameters parsing @@ -591,7 +651,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) ":%" MAX_SIGV4_LEN_TXT "s", provider0, provider1, region, service); if(!provider0[0]) { - failf(data, "first aws-sigv4 provider can't be empty"); + failf(data, "first aws-sigv4 provider cannot be empty"); result = CURLE_BAD_FUNCTION_ARGUMENT; goto fail; } @@ -665,10 +725,10 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) if(force_timestamp) clock = 0; else - time(&clock); + clock = time(NULL); } #else - time(&clock); + clock = time(NULL); #endif result = Curl_gmtime(clock, &tm); if(result) { @@ -698,22 +758,27 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) result = canon_query(data, data->state.up.query, &canonical_query); if(result) goto fail; + + result = canon_string(data->state.up.path, strlen(data->state.up.path), + &canonical_path, NULL); + if(result) + goto fail; result = CURLE_OUT_OF_MEMORY; canonical_request = - curl_maprintf("%s\n" /* HTTPRequestMethod */ - "%s\n" /* CanonicalURI */ - "%s\n" /* CanonicalQueryString */ - "%s\n" /* CanonicalHeaders */ - "%s\n" /* SignedHeaders */ - "%.*s", /* HashedRequestPayload in hex */ - method, - data->state.up.path, - Curl_dyn_ptr(&canonical_query) ? - Curl_dyn_ptr(&canonical_query) : "", - Curl_dyn_ptr(&canonical_headers), - Curl_dyn_ptr(&signed_headers), - (int)payload_hash_len, payload_hash); + aprintf("%s\n" /* HTTPRequestMethod */ + "%s\n" /* CanonicalURI */ + "%s\n" /* CanonicalQueryString */ + "%s\n" /* CanonicalHeaders */ + "%s\n" /* SignedHeaders */ + "%.*s", /* HashedRequestPayload in hex */ + method, + Curl_dyn_ptr(&canonical_path), + Curl_dyn_ptr(&canonical_query) ? + Curl_dyn_ptr(&canonical_query) : "", + Curl_dyn_ptr(&canonical_headers), + Curl_dyn_ptr(&signed_headers), + (int)payload_hash_len, payload_hash); if(!canonical_request) goto fail; @@ -721,12 +786,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) /* provider 0 lowercase */ Curl_strntolower(provider0, provider0, strlen(provider0)); - request_type = curl_maprintf("%s4_request", provider0); + request_type = aprintf("%s4_request", provider0); if(!request_type) goto fail; - credential_scope = curl_maprintf("%s/%s/%s/%s", - date, region, service, request_type); + credential_scope = aprintf("%s/%s/%s/%s", + date, region, service, request_type); if(!credential_scope) goto fail; @@ -743,22 +808,22 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) * Google allows using RSA key instead of HMAC, so this code might change * in the future. For now we only support HMAC. */ - str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */ - "%s\n" /* RequestDateTime */ - "%s\n" /* CredentialScope */ - "%s", /* HashedCanonicalRequest in hex */ - provider0, - timestamp, - credential_scope, - sha_hex); + str_to_sign = aprintf("%s4-HMAC-SHA256\n" /* Algorithm */ + "%s\n" /* RequestDateTime */ + "%s\n" /* CredentialScope */ + "%s", /* HashedCanonicalRequest in hex */ + provider0, + timestamp, + credential_scope, + sha_hex); if(!str_to_sign) { goto fail; } /* provider 0 uppercase */ - secret = curl_maprintf("%s4%s", provider0, - data->state.aptr.passwd ? - data->state.aptr.passwd : ""); + secret = aprintf("%s4%s", provider0, + data->state.aptr.passwd ? + data->state.aptr.passwd : ""); if(!secret) goto fail; @@ -771,24 +836,24 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) sha256_to_hex(sha_hex, sign0); /* provider 0 uppercase */ - auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 " - "Credential=%s/%s, " - "SignedHeaders=%s, " - "Signature=%s\r\n" - /* - * date_header is added here, only if it wasn't - * user-specified (using CURLOPT_HTTPHEADER). - * date_header includes \r\n - */ - "%s" - "%s", /* optional sha256 header includes \r\n */ - provider0, - user, - credential_scope, - Curl_dyn_ptr(&signed_headers), - sha_hex, - date_header ? date_header : "", - content_sha256_hdr); + auth_headers = aprintf("Authorization: %s4-HMAC-SHA256 " + "Credential=%s/%s, " + "SignedHeaders=%s, " + "Signature=%s\r\n" + /* + * date_header is added here, only if it was not + * user-specified (using CURLOPT_HTTPHEADER). + * date_header includes \r\n + */ + "%s" + "%s", /* optional sha256 header includes \r\n */ + provider0, + user, + credential_scope, + Curl_dyn_ptr(&signed_headers), + sha_hex, + date_header ? date_header : "", + content_sha256_hdr); if(!auth_headers) { goto fail; } @@ -800,6 +865,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) fail: Curl_dyn_free(&canonical_query); + Curl_dyn_free(&canonical_path); Curl_dyn_free(&canonical_headers); Curl_dyn_free(&signed_headers); free(canonical_request); diff --git a/vendor/hydra/vendor/curl/lib/http_chunks.c b/vendor/hydra/vendor/curl/lib/http_chunks.c index 48e7e462..c228eb4f 100644 --- a/vendor/hydra/vendor/curl/lib/http_chunks.c +++ b/vendor/hydra/vendor/curl/lib/http_chunks.c @@ -182,14 +182,14 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, case CHUNK_LF: /* waiting for the LF after a chunk size */ if(*buf == 0x0a) { - /* we're now expecting data to come, unless size was zero! */ + /* we are now expecting data to come, unless size was zero! */ if(0 == ch->datasize) { ch->state = CHUNK_TRAILER; /* now check for trailers */ } else { ch->state = CHUNK_DATA; CURL_TRC_WRITE(data, "http_chunked, chunk start of %" - CURL_FORMAT_CURL_OFF_T " bytes", ch->datasize); + FMT_OFF_T " bytes", ch->datasize); } } @@ -226,7 +226,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, buf += piece; /* move read pointer forward */ blen -= piece; /* decrease space left in this round */ CURL_TRC_WRITE(data, "http_chunked, write %zu body bytes, %" - CURL_FORMAT_CURL_OFF_T " bytes in chunk remain", + FMT_OFF_T " bytes in chunk remain", piece, ch->datasize); if(0 == ch->datasize) @@ -289,9 +289,9 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, break; } else { - /* no trailer, we're on the final CRLF pair */ + /* no trailer, we are on the final CRLF pair */ ch->state = CHUNK_TRAILER_POSTCR; - break; /* don't advance the pointer */ + break; /* do not advance the pointer */ } } else { @@ -344,7 +344,7 @@ static CURLcode httpchunk_readwrite(struct Curl_easy *data, blen--; (*pconsumed)++; /* Record the length of any data left in the end of the buffer - even if there's no more chunks to read */ + even if there is no more chunks to read */ ch->datasize = blen; ch->state = CHUNK_DONE; CURL_TRC_WRITE(data, "http_chunk, response complete"); @@ -470,7 +470,7 @@ const struct Curl_cwtype Curl_httpchunk_unencoder = { sizeof(struct chunked_writer) }; -/* max length of a HTTP chunk that we want to generate */ +/* max length of an HTTP chunk that we want to generate */ #define CURL_CHUNKED_MINLEN (1024) #define CURL_CHUNKED_MAXLEN (64 * 1024) @@ -659,6 +659,7 @@ const struct Curl_crtype Curl_httpchunk_encoder = { Curl_creader_def_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct chunked_reader) }; diff --git a/vendor/hydra/vendor/curl/lib/http_chunks.h b/vendor/hydra/vendor/curl/lib/http_chunks.h index d3ecc36c..34951ea0 100644 --- a/vendor/hydra/vendor/curl/lib/http_chunks.h +++ b/vendor/hydra/vendor/curl/lib/http_chunks.h @@ -33,12 +33,12 @@ struct connectdata; /* * The longest possible hexadecimal number we support in a chunked transfer. * Neither RFC2616 nor the later HTTP specs define a maximum chunk size. - * For 64 bit curl_off_t we support 16 digits. For 32 bit, 8 digits. + * For 64-bit curl_off_t we support 16 digits. For 32-bit, 8 digits. */ #define CHUNK_MAXNUM_LEN (SIZEOF_CURL_OFF_T * 2) typedef enum { - /* await and buffer all hexadecimal digits until we get one that isn't a + /* await and buffer all hexadecimal digits until we get one that is not a hexadecimal digit. When done, we go CHUNK_LF */ CHUNK_HEX, @@ -54,9 +54,9 @@ typedef enum { big deal. */ CHUNK_POSTLF, - /* Used to mark that we're out of the game. NOTE: that there's a 'datasize' - field in the struct that will tell how many bytes that were not passed to - the client in the end of the last buffer! */ + /* Used to mark that we are out of the game. NOTE: that there is a + 'datasize' field in the struct that will tell how many bytes that were + not passed to the client in the end of the last buffer! */ CHUNK_STOP, /* At this point optional trailer headers can be found, unless the next line diff --git a/vendor/hydra/vendor/curl/lib/http_negotiate.c b/vendor/hydra/vendor/curl/lib/http_negotiate.c index 4cbe2df4..26e475c2 100644 --- a/vendor/hydra/vendor/curl/lib/http_negotiate.c +++ b/vendor/hydra/vendor/curl/lib/http_negotiate.c @@ -30,6 +30,7 @@ #include "sendf.h" #include "http_negotiate.h" #include "vauth/vauth.h" +#include "vtls/vtls.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -95,7 +96,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, Curl_http_auth_cleanup_negotiate(conn); } else if(state != GSS_AUTHNONE) { - /* The server rejected our authentication and hasn't supplied any more + /* The server rejected our authentication and has not supplied any more negotiation mechanisms */ Curl_http_auth_cleanup_negotiate(conn); return CURLE_LOGIN_DENIED; @@ -106,11 +107,27 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, #if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS) neg_ctx->sslContext = conn->sslContext; #endif + /* Check if the connection is using SSL and get the channel binding data */ +#ifdef HAVE_GSSAPI + if(conn->handler->flags & PROTOPT_SSL) { + Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE); + result = Curl_ssl_get_channel_binding( + data, FIRSTSOCKET, &neg_ctx->channel_binding_data); + if(result) { + Curl_http_auth_cleanup_negotiate(conn); + return result; + } + } +#endif /* Initialize the security context and decode our challenge */ result = Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, header, neg_ctx); +#ifdef HAVE_GSSAPI + Curl_dyn_free(&neg_ctx->channel_binding_data); +#endif + if(result) Curl_http_auth_cleanup_negotiate(conn); @@ -218,7 +235,7 @@ CURLcode Curl_output_negotiate(struct Curl_easy *data, if(*state == GSS_AUTHDONE || *state == GSS_AUTHSUCC) { /* connection is already authenticated, - * don't send a header in future requests */ + * do not send a header in future requests */ authp->done = TRUE; } diff --git a/vendor/hydra/vendor/curl/lib/http_ntlm.c b/vendor/hydra/vendor/curl/lib/http_ntlm.c index 3dccb5cb..49230bc1 100644 --- a/vendor/hydra/vendor/curl/lib/http_ntlm.c +++ b/vendor/hydra/vendor/curl/lib/http_ntlm.c @@ -123,7 +123,7 @@ CURLcode Curl_input_ntlm(struct Curl_easy *data, } /* - * This is for creating ntlm header output + * This is for creating NTLM header output */ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) { @@ -187,10 +187,10 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) passwdp = ""; #ifdef USE_WINDOWS_SSPI - if(!s_hSecDll) { + if(!Curl_hSecDll) { /* not thread safe and leaks - use curl_global_init() to avoid */ CURLcode err = Curl_sspi_global_init(); - if(!s_hSecDll) + if(!Curl_hSecDll) return err; } #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS @@ -200,7 +200,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) Curl_bufref_init(&ntlmmsg); - /* connection is already authenticated, don't send a header in future + /* connection is already authenticated, do not send a header in future * requests so go directly to NTLMSTATE_LAST */ if(*state == NTLMSTATE_TYPE3) *state = NTLMSTATE_LAST; diff --git a/vendor/hydra/vendor/curl/lib/http_ntlm.h b/vendor/hydra/vendor/curl/lib/http_ntlm.h index f37572ba..c1cf0570 100644 --- a/vendor/hydra/vendor/curl/lib/http_ntlm.h +++ b/vendor/hydra/vendor/curl/lib/http_ntlm.h @@ -28,11 +28,11 @@ #if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) -/* this is for ntlm header input */ +/* this is for NTLM header input */ CURLcode Curl_input_ntlm(struct Curl_easy *data, bool proxy, const char *header); -/* this is for creating ntlm header output */ +/* this is for creating NTLM header output */ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy); void Curl_http_auth_cleanup_ntlm(struct connectdata *conn); diff --git a/vendor/hydra/vendor/curl/lib/http_proxy.c b/vendor/hydra/vendor/curl/lib/http_proxy.c index 7c035d4b..a5f27f5c 100644 --- a/vendor/hydra/vendor/curl/lib/http_proxy.c +++ b/vendor/hydra/vendor/curl/lib/http_proxy.c @@ -298,6 +298,7 @@ struct Curl_cftype Curl_cft_http_proxy = { http_proxy_cf_destroy, http_proxy_cf_connect, http_proxy_cf_close, + Curl_cf_def_shutdown, Curl_cf_http_proxy_get_host, Curl_cf_def_adjust_pollset, Curl_cf_def_data_pending, diff --git a/vendor/hydra/vendor/curl/lib/idn.c b/vendor/hydra/vendor/curl/lib/idn.c index c7956725..ed20cdc1 100644 --- a/vendor/hydra/vendor/curl/lib/idn.c +++ b/vendor/hydra/vendor/curl/lib/idn.c @@ -53,64 +53,105 @@ /* for macOS and iOS targets */ #if defined(USE_APPLE_IDN) #include +#include +#include -static CURLcode mac_idn_to_ascii(const char *in, char **out) +#define MAX_HOST_LENGTH 512 + +static CURLcode iconv_to_utf8(const char *in, size_t inlen, + char **out, size_t *outlen) { - UErrorCode err = U_ZERO_ERROR; - UIDNA* idna = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); - if(U_FAILURE(err)) { - return CURLE_OUT_OF_MEMORY; + iconv_t cd = iconv_open("UTF-8", nl_langinfo(CODESET)); + if(cd != (iconv_t)-1) { + size_t iconv_outlen = *outlen; + char *iconv_in = (char *)in; + size_t iconv_inlen = inlen; + size_t iconv_result = iconv(cd, &iconv_in, &iconv_inlen, + out, &iconv_outlen); + *outlen -= iconv_outlen; + iconv_close(cd); + if(iconv_result == (size_t)-1) { + if(errno == ENOMEM) + return CURLE_OUT_OF_MEMORY; + else + return CURLE_URL_MALFORMAT; + } + + return CURLE_OK; } else { - UIDNAInfo info = UIDNA_INFO_INITIALIZER; - char buffer[256] = {0}; - (void)uidna_nameToASCII_UTF8(idna, in, -1, buffer, - sizeof(buffer), &info, &err); - uidna_close(idna); - if(U_FAILURE(err)) { - return CURLE_URL_MALFORMAT; - } - else { - *out = strdup(buffer); - if(*out) - return CURLE_OK; - else - return CURLE_OUT_OF_MEMORY; + if(errno == ENOMEM) + return CURLE_OUT_OF_MEMORY; + else + return CURLE_FAILED_INIT; + } +} + +static CURLcode mac_idn_to_ascii(const char *in, char **out) +{ + size_t inlen = strlen(in); + if(inlen < MAX_HOST_LENGTH) { + char iconv_buffer[MAX_HOST_LENGTH] = {0}; + char *iconv_outptr = iconv_buffer; + size_t iconv_outlen = sizeof(iconv_buffer); + CURLcode iconv_result = iconv_to_utf8(in, inlen, + &iconv_outptr, &iconv_outlen); + if(!iconv_result) { + UErrorCode err = U_ZERO_ERROR; + UIDNA* idna = uidna_openUTS46( + UIDNA_CHECK_BIDI|UIDNA_NONTRANSITIONAL_TO_ASCII, &err); + if(!U_FAILURE(err)) { + UIDNAInfo info = UIDNA_INFO_INITIALIZER; + char buffer[MAX_HOST_LENGTH] = {0}; + (void)uidna_nameToASCII_UTF8(idna, iconv_buffer, (int)iconv_outlen, + buffer, sizeof(buffer) - 1, &info, &err); + uidna_close(idna); + if(!U_FAILURE(err) && !info.errors) { + *out = strdup(buffer); + if(*out) + return CURLE_OK; + else + return CURLE_OUT_OF_MEMORY; + } + } } + else + return iconv_result; } + return CURLE_URL_MALFORMAT; } static CURLcode mac_ascii_to_idn(const char *in, char **out) { - UErrorCode err = U_ZERO_ERROR; - UIDNA* idna = uidna_openUTS46(UIDNA_CHECK_BIDI, &err); - if(U_FAILURE(err)) { - return CURLE_OUT_OF_MEMORY; - } - else { - UIDNAInfo info = UIDNA_INFO_INITIALIZER; - char buffer[256] = {0}; - (void)uidna_nameToUnicodeUTF8(idna, in, -1, buffer, - sizeof(buffer), &info, &err); - uidna_close(idna); - if(U_FAILURE(err)) { - return CURLE_URL_MALFORMAT; - } - else { - *out = strdup(buffer); - if(*out) - return CURLE_OK; - else - return CURLE_OUT_OF_MEMORY; + size_t inlen = strlen(in); + if(inlen < MAX_HOST_LENGTH) { + UErrorCode err = U_ZERO_ERROR; + UIDNA* idna = uidna_openUTS46( + UIDNA_CHECK_BIDI|UIDNA_NONTRANSITIONAL_TO_UNICODE, &err); + if(!U_FAILURE(err)) { + UIDNAInfo info = UIDNA_INFO_INITIALIZER; + char buffer[MAX_HOST_LENGTH] = {0}; + (void)uidna_nameToUnicodeUTF8(idna, in, -1, buffer, + sizeof(buffer) - 1, &info, &err); + uidna_close(idna); + if(!U_FAILURE(err)) { + *out = strdup(buffer); + if(*out) + return CURLE_OK; + else + return CURLE_OUT_OF_MEMORY; + } } } + return CURLE_URL_MALFORMAT; } #endif #ifdef USE_WIN32_IDN /* using Windows kernel32 and normaliz libraries. */ -#if !defined(_WIN32_WINNT) || _WIN32_WINNT < 0x600 +#if (!defined(_WIN32_WINNT) || _WIN32_WINNT < 0x600) && \ + (!defined(WINVER) || WINVER < 0x600) WINBASEAPI int WINAPI IdnToAscii(DWORD dwFlags, const WCHAR *lpUnicodeCharStr, int cchUnicodeChar, @@ -207,7 +248,7 @@ bool Curl_is_ASCII_name(const char *hostname) * Curl_idn_decode() returns an allocated IDN decoded string if it was * possible. NULL on error. * - * CURLE_URL_MALFORMAT - the host name could not be converted + * CURLE_URL_MALFORMAT - the hostname could not be converted * CURLE_OUT_OF_MEMORY - memory problem * */ @@ -319,7 +360,7 @@ void Curl_free_idnconverted_hostname(struct hostname *host) */ CURLcode Curl_idnconvert_hostname(struct hostname *host) { - /* set the name we use to display the host name */ + /* set the name we use to display the hostname */ host->dispname = host->name; #ifdef USE_IDN diff --git a/vendor/hydra/vendor/curl/lib/if2ip.c b/vendor/hydra/vendor/curl/lib/if2ip.c index 42e14500..55afd553 100644 --- a/vendor/hydra/vendor/curl/lib/if2ip.c +++ b/vendor/hydra/vendor/curl/lib/if2ip.c @@ -216,7 +216,15 @@ if2ip_result_t Curl_if2ip(int af, memcpy(req.ifr_name, interf, len + 1); req.ifr_addr.sa_family = AF_INET; +#if defined(__GNUC__) && defined(_AIX) +/* Suppress warning inside system headers */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wshift-sign-overflow" +#endif if(ioctl(dummy, SIOCGIFADDR, &req) < 0) { +#if defined(__GNUC__) && defined(_AIX) +#pragma GCC diagnostic pop +#endif sclose(dummy); /* With SIOCGIFADDR, we cannot tell the difference between an interface that does not exist and an interface that has no address of the diff --git a/vendor/hydra/vendor/curl/lib/imap.c b/vendor/hydra/vendor/curl/lib/imap.c index f6e98bd8..4979a18e 100644 --- a/vendor/hydra/vendor/curl/lib/imap.c +++ b/vendor/hydra/vendor/curl/lib/imap.c @@ -512,7 +512,7 @@ static CURLcode imap_perform_login(struct Curl_easy *data, char *passwd; /* Check we have a username and password to authenticate with and end the - connect phase if we don't */ + connect phase if we do not */ if(!data->state.aptr.user) { imap_state(data, IMAP_STOP); @@ -612,7 +612,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, saslprogress progress; /* Check if already authenticated OR if there is enough data to authenticate - with and end the connect phase if we don't */ + with and end the connect phase if we do not */ if(imapc->preauth || !Curl_sasl_can_authenticate(&imapc->sasl, data)) { imap_state(data, IMAP_STOP); @@ -776,7 +776,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) /* Prepare the mime data if some. */ if(data->set.mimepost.kind != MIMEKIND_NONE) { /* Use the whole structure as data. */ - data->set.mimepost.flags &= ~MIME_BODY_ONLY; + data->set.mimepost.flags &= ~(unsigned int)MIME_BODY_ONLY; /* Add external headers and mime version. */ curl_mime_headers(&data->set.mimepost, data->set.headers, 0); @@ -814,8 +814,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; /* Send the APPEND command */ - result = imap_sendf(data, - "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}", + result = imap_sendf(data, "APPEND %s (\\Seen) {%" FMT_OFF_T "}", mailbox, data->state.infilesize); free(mailbox); @@ -1168,8 +1167,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, } if(parsed) { - infof(data, "Found %" CURL_FORMAT_CURL_OFF_T " bytes to download", - size); + infof(data, "Found %" FMT_OFF_T " bytes to download", size); Curl_pgrsSetDownloadSize(data, size); if(pp->overflow) { @@ -1187,7 +1185,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, chunk = (size_t)size; if(!chunk) { - /* no size, we're done with the data */ + /* no size, we are done with the data */ imap_state(data, IMAP_STOP); return CURLE_OK; } @@ -1196,7 +1194,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, if(result) return result; - infof(data, "Written %zu bytes, %" CURL_FORMAT_CURL_OFF_TU + infof(data, "Written %zu bytes, %" FMT_OFF_TU " bytes are left for transfer", chunk, size - chunk); /* Have we used the entire overflow or just part of it?*/ @@ -1214,18 +1212,18 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, if(data->req.bytecount == size) /* The entire data is already transferred! */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); else { /* IMAP download */ data->req.maxdownload = size; /* force a recv/send check of this connection, as the data might've been read off the socket already */ data->state.select_bits = CURL_CSELECT_IN; - Curl_xfer_setup(data, FIRSTSOCKET, size, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, size, FALSE); } } else { - /* We don't know how to parse this line */ + /* We do not know how to parse this line */ failf(data, "Failed to parse FETCH response."); result = CURLE_WEIRD_SERVER_REPLY; } @@ -1269,7 +1267,7 @@ static CURLcode imap_state_append_resp(struct Curl_easy *data, int imapcode, Curl_pgrsSetUploadSize(data, data->state.infilesize); /* IMAP upload */ - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* End of DO phase */ imap_state(data, IMAP_STOP); @@ -1694,7 +1692,7 @@ static CURLcode imap_dophase_done(struct Curl_easy *data, bool connected) if(imap->transfer != PPTRANSFER_BODY) /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); return CURLE_OK; } diff --git a/vendor/hydra/vendor/curl/lib/inet_ntop.c b/vendor/hydra/vendor/curl/lib/inet_ntop.c index 4520b871..a2812cf8 100644 --- a/vendor/hydra/vendor/curl/lib/inet_ntop.c +++ b/vendor/hydra/vendor/curl/lib/inet_ntop.c @@ -58,7 +58,7 @@ * - uses no statics * - takes a unsigned char* not an in_addr as input */ -static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size) +static char *inet_ntop4(const unsigned char *src, char *dst, size_t size) { char tmp[sizeof("255.255.255.255")]; size_t len; @@ -84,14 +84,14 @@ static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size) /* * Convert IPv6 binary address into presentation (printable) format. */ -static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size) +static char *inet_ntop6(const unsigned char *src, char *dst, size_t size) { /* * Note that int32_t and int16_t need only be "at least" large enough - * to contain a value of the specified size. On some systems, like + * to contain a value of the specified size. On some systems, like * Crays, there is no such thing as an integer variable with 16 bits. * Keep this in mind if you think this function should have been coded - * to use pointer overlays. All the world's not a VAX. + * to use pointer overlays. All the world's not a VAX. */ char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; char *tp; @@ -168,7 +168,7 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size) *tp++ = ':'; *tp++ = '\0'; - /* Check for overflow, copy, and we're done. + /* Check for overflow, copy, and we are done. */ if((size_t)(tp - tmp) > size) { errno = ENOSPC; @@ -185,10 +185,9 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size) * Returns NULL on error and errno set with the specific * error, EAFNOSUPPORT or ENOSPC. * - * On Windows we store the error in the thread errno, not - * in the winsock error code. This is to avoid losing the - * actual last winsock error. So when this function returns - * NULL, check errno not SOCKERRNO. + * On Windows we store the error in the thread errno, not in the Winsock error + * code. This is to avoid losing the actual last Winsock error. When this + * function returns NULL, check errno not SOCKERRNO. */ char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size) { diff --git a/vendor/hydra/vendor/curl/lib/inet_ntop.h b/vendor/hydra/vendor/curl/lib/inet_ntop.h index 7c3ead43..f592f252 100644 --- a/vendor/hydra/vendor/curl/lib/inet_ntop.h +++ b/vendor/hydra/vendor/curl/lib/inet_ntop.h @@ -32,8 +32,13 @@ char *Curl_inet_ntop(int af, const void *addr, char *buf, size_t size); #ifdef HAVE_ARPA_INET_H #include #endif +#ifdef _WIN32 #define Curl_inet_ntop(af,addr,buf,size) \ - inet_ntop(af, addr, buf, (curl_socklen_t)size) + inet_ntop(af, addr, buf, size) +#else +#define Curl_inet_ntop(af,addr,buf,size) \ + inet_ntop(af, addr, buf, (curl_socklen_t)(size)) +#endif #endif #endif /* HEADER_CURL_INET_NTOP_H */ diff --git a/vendor/hydra/vendor/curl/lib/inet_pton.c b/vendor/hydra/vendor/curl/lib/inet_pton.c index 9cfcec1c..97e6f80d 100644 --- a/vendor/hydra/vendor/curl/lib/inet_pton.c +++ b/vendor/hydra/vendor/curl/lib/inet_pton.c @@ -48,8 +48,8 @@ #endif /* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + * WARNING: Do not even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. */ static int inet_pton4(const char *src, unsigned char *dst); @@ -61,12 +61,12 @@ static int inet_pton6(const char *src, unsigned char *dst); * to network format (which is usually some kind of binary format). * return: * 1 if the address was valid for the specified address family - * 0 if the address wasn't valid (`dst' is untouched in this case) + * 0 if the address was not valid (`dst' is untouched in this case) * -1 if some other error occurred (`dst' is untouched in this case, too) * notice: * On Windows we store the error in the thread errno, not - * in the winsock error code. This is to avoid losing the - * actual last winsock error. So when this function returns + * in the Winsock error code. This is to avoid losing the + * actual last Winsock error. When this function returns * -1, check errno not SOCKERRNO. * author: * Paul Vixie, 1996. @@ -92,7 +92,7 @@ Curl_inet_pton(int af, const char *src, void *dst) * return: * 1 if `src' is a valid dotted quad, else 0. * notice: - * does not touch `dst' unless it's returning 1. + * does not touch `dst' unless it is returning 1. * author: * Paul Vixie, 1996. */ @@ -147,7 +147,7 @@ inet_pton4(const char *src, unsigned char *dst) * return: * 1 if `src' is a valid [RFC1884 2.2] address, else 0. * notice: - * (1) does not touch `dst' unless it's returning 1. + * (1) does not touch `dst' unless it is returning 1. * (2) :: in a full address is silently ignored. * credit: * inspired by Mark Andrews. @@ -221,7 +221,7 @@ inet_pton6(const char *src, unsigned char *dst) if(colonp) { /* * Since some memmove()'s erroneously fail to handle - * overlapping regions, we'll do the shift by hand. + * overlapping regions, we will do the shift by hand. */ const ssize_t n = tp - colonp; ssize_t i; diff --git a/vendor/hydra/vendor/curl/lib/krb5.c b/vendor/hydra/vendor/curl/lib/krb5.c index d355665b..f3649cd1 100644 --- a/vendor/hydra/vendor/curl/lib/krb5.c +++ b/vendor/hydra/vendor/curl/lib/krb5.c @@ -25,7 +25,7 @@ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -91,7 +91,7 @@ static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif - result = Curl_xfer_send(data, sptr, write_len, &bytes_written); + result = Curl_xfer_send(data, sptr, write_len, FALSE, &bytes_written); #ifdef HAVE_GSSAPI DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; @@ -169,7 +169,7 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to) * libraries modify the input buffer in gss_wrap() */ dec.value = (void *)from; - dec.length = length; + dec.length = (size_t)length; maj = gss_wrap(&min, *context, level == PROT_PRIVATE, GSS_C_QOP_DEFAULT, @@ -178,7 +178,7 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to) if(maj != GSS_S_COMPLETE) return -1; - /* malloc a new buffer, in case gss_release_buffer doesn't work as + /* malloc a new buffer, in case gss_release_buffer does not work as expected */ *to = malloc(enc.length); if(!*to) @@ -227,7 +227,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) /* this loop will execute twice (once for service, once for host) */ for(;;) { - /* this really shouldn't be repeated here, but can't help it */ + /* this really should not be repeated here, but cannot help it */ if(service == srv_host) { result = ftpsend(data, conn, "AUTH GSSAPI"); if(result) @@ -329,24 +329,27 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) size_t len = Curl_dyn_len(&pp->recvbuf); p = Curl_dyn_ptr(&pp->recvbuf); if((len < 4) || (p[0] != '2' && p[0] != '3')) { - infof(data, "Server didn't accept auth data"); + infof(data, "Server did not accept auth data"); ret = AUTH_ERROR; break; } } _gssresp.value = NULL; /* make sure it is initialized */ + _gssresp.length = 0; p += 4; /* over '789 ' */ p = strstr(p, "ADAT="); if(p) { - result = Curl_base64_decode(p + 5, - (unsigned char **)&_gssresp.value, - &_gssresp.length); + unsigned char *outptr; + size_t outlen; + result = Curl_base64_decode(p + 5, &outptr, &outlen); if(result) { failf(data, "base64-decoding: %s", curl_easy_strerror(result)); ret = AUTH_CONTINUE; break; } + _gssresp.value = outptr; + _gssresp.length = outlen; } gssresp = &_gssresp; @@ -497,7 +500,7 @@ socket_write(struct Curl_easy *data, int sockindex, const void *to, size_t written; while(len > 0) { - result = Curl_conn_send(data, sockindex, to_p, len, &written); + result = Curl_conn_send(data, sockindex, to_p, len, FALSE, &written); if(!result && written > 0) { len -= written; to_p += written; @@ -524,7 +527,7 @@ static CURLcode read_data(struct Curl_easy *data, int sockindex, return result; if(len) { - len = ntohl(len); + len = (int)ntohl((uint32_t)len); if(len > CURL_MAX_INPUT_LENGTH) return CURLE_TOO_LARGE; @@ -536,7 +539,7 @@ static CURLcode read_data(struct Curl_easy *data, int sockindex, do { char buffer[1024]; nread = CURLMIN(len, (int)sizeof(buffer)); - result = socket_read(data, sockindex, buffer, nread); + result = socket_read(data, sockindex, buffer, (size_t)nread); if(result) return result; result = Curl_dyn_addn(&buf->buf, buffer, nread); @@ -630,7 +633,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, else prot_level = conn->command_prot; } - bytes = conn->mech->encode(conn->app_data, from, length, prot_level, + bytes = conn->mech->encode(conn->app_data, from, length, (int)prot_level, (void **)&buffer); if(!buffer || bytes <= 0) return; /* error */ @@ -658,7 +661,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, } } else { - htonl_bytes = htonl(bytes); + htonl_bytes = (int)htonl((OM_uint32)bytes); socket_write(data, fd, &htonl_bytes, sizeof(htonl_bytes)); socket_write(data, fd, buffer, curlx_sitouz(bytes)); } @@ -686,10 +689,12 @@ static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn, /* Matches Curl_send signature */ static ssize_t sec_send(struct Curl_easy *data, int sockindex, - const void *buffer, size_t len, CURLcode *err) + const void *buffer, size_t len, bool eos, + CURLcode *err) { struct connectdata *conn = data->conn; curl_socket_t fd = conn->sock[sockindex]; + (void)eos; /* unused */ *err = CURLE_OK; return sec_write(data, conn, fd, buffer, len); } @@ -724,7 +729,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, decoded_len = curlx_uztosi(decoded_sz); decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len, - level, conn); + (int)level, conn); if(decoded_len <= 0) { free(buf); return -1; @@ -789,7 +794,7 @@ static int sec_set_protection_level(struct Curl_easy *data) if(pbsz) { /* stick to default value if the check fails */ if(ISDIGIT(pbsz[5])) - buffer_size = atoi(&pbsz[5]); + buffer_size = (unsigned int)atoi(&pbsz[5]); if(buffer_size < conn->buffer_size) conn->buffer_size = buffer_size; } @@ -878,7 +883,7 @@ static CURLcode choose_mech(struct Curl_easy *data, struct connectdata *conn) if(ret != AUTH_CONTINUE) { if(ret != AUTH_OK) { - /* Mechanism has dumped the error to stderr, don't error here. */ + /* Mechanism has dumped the error to stderr, do not error here. */ return CURLE_USE_SSL_FAILED; } DEBUGASSERT(ret == AUTH_OK); diff --git a/vendor/hydra/vendor/curl/lib/ldap.c b/vendor/hydra/vendor/curl/lib/ldap.c index 678b4d5a..01429ba7 100644 --- a/vendor/hydra/vendor/curl/lib/ldap.c +++ b/vendor/hydra/vendor/curl/lib/ldap.c @@ -143,7 +143,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp); #endif #if defined(USE_WIN32_LDAP) && defined(ldap_err2string) -/* Use ansi error strings in UNICODE builds */ +/* Use ANSI error strings in Unicode builds */ #undef ldap_err2string #define ldap_err2string ldap_err2stringA #endif @@ -252,16 +252,17 @@ static int ldap_win_bind_auth(LDAP *server, const char *user, } if(method && user && passwd) { - rc = Curl_create_sspi_identity(user, passwd, &cred); + CURLcode res = Curl_create_sspi_identity(user, passwd, &cred); + rc = (int)res; if(!rc) { - rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method); + rc = (int)ldap_bind_s(server, NULL, (TCHAR *)&cred, method); Curl_sspi_free_identity(&cred); } } else { /* proceed with current user credentials */ method = LDAP_AUTH_NEGOTIATE; - rc = ldap_bind_s(server, NULL, NULL, method); + rc = (int)ldap_bind_s(server, NULL, NULL, method); } return rc; } @@ -279,14 +280,14 @@ static int ldap_win_bind(struct Curl_easy *data, LDAP *server, inuser = curlx_convert_UTF8_to_tchar((char *) user); inpass = curlx_convert_UTF8_to_tchar((char *) passwd); - rc = ldap_simple_bind_s(server, inuser, inpass); + rc = (int)ldap_simple_bind_s(server, inuser, inpass); curlx_unicodefree(inuser); curlx_unicodefree(inpass); } #if defined(USE_WINDOWS_SSPI) else { - rc = ldap_win_bind_auth(server, user, passwd, data->set.httpauth); + rc = (int)ldap_win_bind_auth(server, user, passwd, data->set.httpauth); } #endif @@ -296,8 +297,10 @@ static int ldap_win_bind(struct Curl_easy *data, LDAP *server, #if defined(USE_WIN32_LDAP) #define FREE_ON_WINLDAP(x) curlx_unicodefree(x) +#define curl_ldap_num_t ULONG #else #define FREE_ON_WINLDAP(x) +#define curl_ldap_num_t int #endif @@ -337,7 +340,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) rc = _ldap_url_parse(data, conn, &ludp); #endif if(rc) { - failf(data, "Bad LDAP URL: %s", ldap_err2string(rc)); + failf(data, "Bad LDAP URL: %s", ldap_err2string((curl_ldap_num_t)rc)); result = CURLE_URL_MALFORMAT; goto quit; } @@ -372,8 +375,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) if(ldap_ssl) { #ifdef HAVE_LDAP_SSL #ifdef USE_WIN32_LDAP - /* Win32 LDAP SDK doesn't support insecure mode without CA! */ - server = ldap_sslinit(host, conn->primary.remote_port, 1); + /* Win32 LDAP SDK does not support insecure mode without CA! */ + server = ldap_sslinit(host, (curl_ldap_num_t)conn->primary.remote_port, 1); ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON); #else int ldap_option; @@ -503,7 +506,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } else { - server = ldap_init(host, conn->primary.remote_port); + server = ldap_init(host, (curl_ldap_num_t)conn->primary.remote_port); if(!server) { failf(data, "LDAP local: Cannot connect to %s:%u", conn->host.dispname, conn->primary.remote_port); @@ -529,7 +532,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) if(rc) { #ifdef USE_WIN32_LDAP failf(data, "LDAP local: bind via ldap_win_bind %s", - ldap_err2string(rc)); + ldap_err2string((ULONG)rc)); #else failf(data, "LDAP local: bind via ldap_simple_bind_s %s", ldap_err2string(rc)); @@ -539,11 +542,12 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) } Curl_pgrsSetDownloadCounter(data, 0); - rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope, - ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg); + rc = (int)ldap_search_s(server, ludp->lud_dn, + (curl_ldap_num_t)ludp->lud_scope, + ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg); if(rc && rc != LDAP_SIZELIMIT_EXCEEDED) { - failf(data, "LDAP remote: %s", ldap_err2string(rc)); + failf(data, "LDAP remote: %s", ldap_err2string((curl_ldap_num_t)rc)); result = CURLE_LDAP_SEARCH_FAILED; goto quit; } @@ -754,7 +758,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) FREE_ON_WINLDAP(host); /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); connclose(conn, "LDAP connection always disable reuse"); return result; diff --git a/vendor/hydra/vendor/curl/lib/llist.c b/vendor/hydra/vendor/curl/lib/llist.c index 716f0cd5..7e19cd50 100644 --- a/vendor/hydra/vendor/curl/lib/llist.c +++ b/vendor/hydra/vendor/curl/lib/llist.c @@ -32,16 +32,34 @@ /* this must be the last include file */ #include "memdebug.h" +#define LLISTINIT 0x100cc001 /* random pattern */ +#define NODEINIT 0x12344321 /* random pattern */ +#define NODEREM 0x54321012 /* random pattern */ + + +#ifdef DEBUGBUILD +#define VERIFYNODE(x) verifynode(x) +static struct Curl_llist_node *verifynode(struct Curl_llist_node *n) +{ + DEBUGASSERT(!n || (n->_init == NODEINIT)); + return n; +} +#else +#define VERIFYNODE(x) x +#endif /* * @unittest: 1300 */ void Curl_llist_init(struct Curl_llist *l, Curl_llist_dtor dtor) { - l->size = 0; - l->dtor = dtor; - l->head = NULL; - l->tail = NULL; + l->_size = 0; + l->_dtor = dtor; + l->_head = NULL; + l->_tail = NULL; +#ifdef DEBUGBUILD + l->_init = LLISTINIT; +#endif } /* @@ -56,36 +74,45 @@ Curl_llist_init(struct Curl_llist *l, Curl_llist_dtor dtor) * @unittest: 1300 */ void -Curl_llist_insert_next(struct Curl_llist *list, struct Curl_llist_element *e, +Curl_llist_insert_next(struct Curl_llist *list, + struct Curl_llist_node *e, /* may be NULL */ const void *p, - struct Curl_llist_element *ne) + struct Curl_llist_node *ne) { - ne->ptr = (void *) p; - if(list->size == 0) { - list->head = ne; - list->head->prev = NULL; - list->head->next = NULL; - list->tail = ne; + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(ne); + +#ifdef DEBUGBUILD + ne->_init = NODEINIT; +#endif + ne->_ptr = (void *) p; + ne->_list = list; + if(list->_size == 0) { + list->_head = ne; + list->_head->_prev = NULL; + list->_head->_next = NULL; + list->_tail = ne; } else { /* if 'e' is NULL here, we insert the new element first in the list */ - ne->next = e?e->next:list->head; - ne->prev = e; + ne->_next = e?e->_next:list->_head; + ne->_prev = e; if(!e) { - list->head->prev = ne; - list->head = ne; + list->_head->_prev = ne; + list->_head = ne; } - else if(e->next) { - e->next->prev = ne; + else if(e->_next) { + e->_next->_prev = ne; } else { - list->tail = ne; + list->_tail = ne; } if(e) - e->next = ne; + e->_next = ne; } - ++list->size; + ++list->_size; } /* @@ -99,64 +126,141 @@ Curl_llist_insert_next(struct Curl_llist *list, struct Curl_llist_element *e, */ void Curl_llist_append(struct Curl_llist *list, const void *p, - struct Curl_llist_element *ne) + struct Curl_llist_node *ne) { - Curl_llist_insert_next(list, list->tail, p, ne); + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(ne); + Curl_llist_insert_next(list, list->_tail, p, ne); } /* * @unittest: 1300 */ void -Curl_llist_remove(struct Curl_llist *list, struct Curl_llist_element *e, - void *user) +Curl_node_uremove(struct Curl_llist_node *e, void *user) { void *ptr; - if(!e || list->size == 0) + struct Curl_llist *list; + if(!e) return; - if(e == list->head) { - list->head = e->next; + list = e->_list; + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + DEBUGASSERT(list->_size); + DEBUGASSERT(e->_init == NODEINIT); + if(e == list->_head) { + list->_head = e->_next; - if(!list->head) - list->tail = NULL; + if(!list->_head) + list->_tail = NULL; else - e->next->prev = NULL; + e->_next->_prev = NULL; } else { - if(e->prev) - e->prev->next = e->next; + if(e->_prev) + e->_prev->_next = e->_next; - if(!e->next) - list->tail = e->prev; + if(!e->_next) + list->_tail = e->_prev; else - e->next->prev = e->prev; + e->_next->_prev = e->_prev; } - ptr = e->ptr; + ptr = e->_ptr; - e->ptr = NULL; - e->prev = NULL; - e->next = NULL; + e->_list = NULL; + e->_ptr = NULL; + e->_prev = NULL; + e->_next = NULL; +#ifdef DEBUGBUILD + e->_init = NODEREM; /* specific pattern on remove - not zero */ +#endif - --list->size; + --list->_size; /* call the dtor() last for when it actually frees the 'e' memory itself */ - if(list->dtor) - list->dtor(user, ptr); + if(list->_dtor) + list->_dtor(user, ptr); +} + +void Curl_node_remove(struct Curl_llist_node *e) +{ + Curl_node_uremove(e, NULL); } void Curl_llist_destroy(struct Curl_llist *list, void *user) { if(list) { - while(list->size > 0) - Curl_llist_remove(list, list->tail, user); + DEBUGASSERT(list->_init == LLISTINIT); + while(list->_size > 0) + Curl_node_uremove(list->_tail, user); } } -size_t -Curl_llist_count(struct Curl_llist *list) +/* Curl_llist_head() returns the first 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_head(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return VERIFYNODE(list->_head); +} + +#ifdef UNITTESTS +/* Curl_llist_tail() returns the last 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_tail(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return VERIFYNODE(list->_tail); +} +#endif + +/* Curl_llist_count() returns a size_t the number of nodes in the list */ +size_t Curl_llist_count(struct Curl_llist *list) +{ + DEBUGASSERT(list); + DEBUGASSERT(list->_init == LLISTINIT); + return list->_size; +} + +/* Curl_node_elem() returns the custom data from a Curl_llist_node */ +void *Curl_node_elem(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return n->_ptr; +} + +/* Curl_node_next() returns the next element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_next(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return VERIFYNODE(n->_next); +} + +#ifdef UNITTESTS + +/* Curl_node_prev() returns the previous element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_prev(struct Curl_llist_node *n) +{ + DEBUGASSERT(n); + DEBUGASSERT(n->_init == NODEINIT); + return VERIFYNODE(n->_prev); +} + +#endif + +struct Curl_llist *Curl_node_llist(struct Curl_llist_node *n) { - return list->size; + DEBUGASSERT(n); + DEBUGASSERT(!n->_list || n->_init == NODEINIT); + return n->_list; } diff --git a/vendor/hydra/vendor/curl/lib/llist.h b/vendor/hydra/vendor/curl/lib/llist.h index d75582fa..26581869 100644 --- a/vendor/hydra/vendor/curl/lib/llist.h +++ b/vendor/hydra/vendor/curl/lib/llist.h @@ -27,28 +27,63 @@ #include "curl_setup.h" #include -typedef void (*Curl_llist_dtor)(void *, void *); +typedef void (*Curl_llist_dtor)(void *user, void *elem); -struct Curl_llist_element { - void *ptr; - struct Curl_llist_element *prev; - struct Curl_llist_element *next; -}; +/* none of these struct members should be referenced directly, use the + dedicated functions */ struct Curl_llist { - struct Curl_llist_element *head; - struct Curl_llist_element *tail; - Curl_llist_dtor dtor; - size_t size; + struct Curl_llist_node *_head; + struct Curl_llist_node *_tail; + Curl_llist_dtor _dtor; + size_t _size; +#ifdef DEBUGBUILD + int _init; /* detect API usage mistakes */ +#endif +}; + +struct Curl_llist_node { + struct Curl_llist *_list; /* the list where this belongs */ + void *_ptr; + struct Curl_llist_node *_prev; + struct Curl_llist_node *_next; +#ifdef DEBUGBUILD + int _init; /* detect API usage mistakes */ +#endif }; void Curl_llist_init(struct Curl_llist *, Curl_llist_dtor); -void Curl_llist_insert_next(struct Curl_llist *, struct Curl_llist_element *, - const void *, struct Curl_llist_element *node); +void Curl_llist_insert_next(struct Curl_llist *, struct Curl_llist_node *, + const void *, struct Curl_llist_node *node); void Curl_llist_append(struct Curl_llist *, - const void *, struct Curl_llist_element *node); -void Curl_llist_remove(struct Curl_llist *, struct Curl_llist_element *, - void *); -size_t Curl_llist_count(struct Curl_llist *); + const void *, struct Curl_llist_node *node); +void Curl_node_uremove(struct Curl_llist_node *, void *); +void Curl_node_remove(struct Curl_llist_node *); void Curl_llist_destroy(struct Curl_llist *, void *); + +/* Curl_llist_head() returns the first 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_head(struct Curl_llist *list); + +/* Curl_llist_tail() returns the last 'struct Curl_llist_node *', which + might be NULL */ +struct Curl_llist_node *Curl_llist_tail(struct Curl_llist *list); + +/* Curl_llist_count() returns a size_t the number of nodes in the list */ +size_t Curl_llist_count(struct Curl_llist *list); + +/* Curl_node_elem() returns the custom data from a Curl_llist_node */ +void *Curl_node_elem(struct Curl_llist_node *n); + +/* Curl_node_next() returns the next element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_next(struct Curl_llist_node *n); + +/* Curl_node_prev() returns the previous element in a list from a given + Curl_llist_node */ +struct Curl_llist_node *Curl_node_prev(struct Curl_llist_node *n); + +/* Curl_node_llist() return the list the node is in or NULL. */ +struct Curl_llist *Curl_node_llist(struct Curl_llist_node *n); + #endif /* HEADER_CURL_LLIST_H */ diff --git a/vendor/hydra/vendor/curl/lib/macos.c b/vendor/hydra/vendor/curl/lib/macos.c index 9e8e76e8..e4662be1 100644 --- a/vendor/hydra/vendor/curl/lib/macos.c +++ b/vendor/hydra/vendor/curl/lib/macos.c @@ -34,21 +34,19 @@ CURLcode Curl_macos_init(void) { - { - /* - * The automagic conversion from IPv4 literals to IPv6 literals only - * works if the SCDynamicStoreCopyProxies system function gets called - * first. As Curl currently doesn't support system-wide HTTP proxies, we - * therefore don't use any value this function might return. - * - * This function is only available on macOS and is not needed for - * IPv4-only builds, hence the conditions for defining - * CURL_MACOS_CALL_COPYPROXIES in curl_setup.h. - */ - CFDictionaryRef dict = SCDynamicStoreCopyProxies(NULL); - if(dict) - CFRelease(dict); - } + /* + * The automagic conversion from IPv4 literals to IPv6 literals only + * works if the SCDynamicStoreCopyProxies system function gets called + * first. As Curl currently does not support system-wide HTTP proxies, we + * therefore do not use any value this function might return. + * + * This function is only available on macOS and is not needed for + * IPv4-only builds, hence the conditions for defining + * CURL_MACOS_CALL_COPYPROXIES in curl_setup.h. + */ + CFDictionaryRef dict = SCDynamicStoreCopyProxies(NULL); + if(dict) + CFRelease(dict); return CURLE_OK; } diff --git a/vendor/hydra/vendor/curl/lib/md4.c b/vendor/hydra/vendor/curl/lib/md4.c index db002813..f006bdcf 100644 --- a/vendor/hydra/vendor/curl/lib/md4.c +++ b/vendor/hydra/vendor/curl/lib/md4.c @@ -37,6 +37,9 @@ #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) && !defined(USE_AMISSL) /* OpenSSL 3.0.0 marks the MD4 functions as deprecated */ #define OPENSSL_NO_MD4 +#else +/* Cover also OPENSSL_NO_MD4 configured in openssl */ +#include #endif #endif /* USE_OPENSSL */ @@ -217,7 +220,7 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) } #else -/* When no other crypto library is available, or the crypto library doesn't +/* When no other crypto library is available, or the crypto library does not * support MD4, we use this code segment this implementation of it * * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. @@ -229,8 +232,8 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) * Author: * Alexander Peslyak, better known as Solar Designer * - * This software was written by Alexander Peslyak in 2001. No copyright is - * claimed, and the software is hereby placed in the public domain. In case + * This software was written by Alexander Peslyak in 2001. No copyright is + * claimed, and the software is hereby placed in the public domain. In case * this attempt to disclaim copyright and place the software in the public * domain is deemed null and void, then the software is Copyright (c) 2001 * Alexander Peslyak and it is hereby released to the general public under the @@ -239,19 +242,19 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) * Redistribution and use in source and binary forms, with or without * modification, are permitted. * - * There's ABSOLUTELY NO WARRANTY, express or implied. + * There is ABSOLUTELY NO WARRANTY, express or implied. * * (This is a heavily cut-down "BSD license".) * * This differs from Colin Plumb's older public domain implementation in that * no exactly 32-bit integer data type is required (any 32-bit or wider - * unsigned integer data type will do), there's no compile-time endianness - * configuration, and the function prototypes match OpenSSL's. No code from + * unsigned integer data type will do), there is no compile-time endianness + * configuration, and the function prototypes match OpenSSL's. No code from * Colin Plumb's implementation has been reused; this comment merely compares * the properties of the two independent implementations. * * The primary goals of this implementation are portability and ease of use. - * It is meant to be fast, but not as fast as possible. Some known + * It is meant to be fast, but not as fast as possible. Some known * optimizations are not included to reduce source code size and avoid * compile-time configuration. */ @@ -277,14 +280,14 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx); * F and G are optimized compared to their RFC 1320 definitions, with the * optimization for F borrowed from Colin Plumb's MD5 implementation. */ -#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define MD4_F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define MD4_G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z))) +#define MD4_H(x, y, z) ((x) ^ (y) ^ (z)) /* * The MD4 transformation for all three rounds. */ -#define STEP(f, a, b, c, d, x, s) \ +#define MD4_STEP(f, a, b, c, d, x, s) \ (a) += f((b), (c), (d)) + (x); \ (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); @@ -293,30 +296,31 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx); * in a properly aligned word in host byte order. * * The check for little-endian architectures that tolerate unaligned - * memory accesses is just an optimization. Nothing will break if it - * doesn't work. + * memory accesses is just an optimization. Nothing will break if it + * does not work. */ #if defined(__i386__) || defined(__x86_64__) || defined(__vax__) -#define SET(n) \ +#define MD4_SET(n) \ (*(MD4_u32plus *)(void *)&ptr[(n) * 4]) -#define GET(n) \ - SET(n) +#define MD4_GET(n) \ + MD4_SET(n) #else -#define SET(n) \ +#define MD4_SET(n) \ (ctx->block[(n)] = \ (MD4_u32plus)ptr[(n) * 4] | \ ((MD4_u32plus)ptr[(n) * 4 + 1] << 8) | \ ((MD4_u32plus)ptr[(n) * 4 + 2] << 16) | \ ((MD4_u32plus)ptr[(n) * 4 + 3] << 24)) -#define GET(n) \ +#define MD4_GET(n) \ (ctx->block[(n)]) #endif /* * This processes one or more 64-byte data blocks, but does NOT update - * the bit counters. There are no alignment requirements. + * the bit counters. There are no alignment requirements. */ -static const void *body(MD4_CTX *ctx, const void *data, unsigned long size) +static const void *my_md4_body(MD4_CTX *ctx, + const void *data, unsigned long size) { const unsigned char *ptr; MD4_u32plus a, b, c, d; @@ -337,58 +341,58 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size) saved_d = d; /* Round 1 */ - STEP(F, a, b, c, d, SET(0), 3) - STEP(F, d, a, b, c, SET(1), 7) - STEP(F, c, d, a, b, SET(2), 11) - STEP(F, b, c, d, a, SET(3), 19) - STEP(F, a, b, c, d, SET(4), 3) - STEP(F, d, a, b, c, SET(5), 7) - STEP(F, c, d, a, b, SET(6), 11) - STEP(F, b, c, d, a, SET(7), 19) - STEP(F, a, b, c, d, SET(8), 3) - STEP(F, d, a, b, c, SET(9), 7) - STEP(F, c, d, a, b, SET(10), 11) - STEP(F, b, c, d, a, SET(11), 19) - STEP(F, a, b, c, d, SET(12), 3) - STEP(F, d, a, b, c, SET(13), 7) - STEP(F, c, d, a, b, SET(14), 11) - STEP(F, b, c, d, a, SET(15), 19) + MD4_STEP(MD4_F, a, b, c, d, MD4_SET(0), 3) + MD4_STEP(MD4_F, d, a, b, c, MD4_SET(1), 7) + MD4_STEP(MD4_F, c, d, a, b, MD4_SET(2), 11) + MD4_STEP(MD4_F, b, c, d, a, MD4_SET(3), 19) + MD4_STEP(MD4_F, a, b, c, d, MD4_SET(4), 3) + MD4_STEP(MD4_F, d, a, b, c, MD4_SET(5), 7) + MD4_STEP(MD4_F, c, d, a, b, MD4_SET(6), 11) + MD4_STEP(MD4_F, b, c, d, a, MD4_SET(7), 19) + MD4_STEP(MD4_F, a, b, c, d, MD4_SET(8), 3) + MD4_STEP(MD4_F, d, a, b, c, MD4_SET(9), 7) + MD4_STEP(MD4_F, c, d, a, b, MD4_SET(10), 11) + MD4_STEP(MD4_F, b, c, d, a, MD4_SET(11), 19) + MD4_STEP(MD4_F, a, b, c, d, MD4_SET(12), 3) + MD4_STEP(MD4_F, d, a, b, c, MD4_SET(13), 7) + MD4_STEP(MD4_F, c, d, a, b, MD4_SET(14), 11) + MD4_STEP(MD4_F, b, c, d, a, MD4_SET(15), 19) /* Round 2 */ - STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3) - STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5) - STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9) - STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13) - STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3) - STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5) - STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9) - STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13) - STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3) - STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5) - STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9) - STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13) - STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3) - STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5) - STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9) - STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13) + MD4_STEP(MD4_G, a, b, c, d, MD4_GET(0) + 0x5a827999, 3) + MD4_STEP(MD4_G, d, a, b, c, MD4_GET(4) + 0x5a827999, 5) + MD4_STEP(MD4_G, c, d, a, b, MD4_GET(8) + 0x5a827999, 9) + MD4_STEP(MD4_G, b, c, d, a, MD4_GET(12) + 0x5a827999, 13) + MD4_STEP(MD4_G, a, b, c, d, MD4_GET(1) + 0x5a827999, 3) + MD4_STEP(MD4_G, d, a, b, c, MD4_GET(5) + 0x5a827999, 5) + MD4_STEP(MD4_G, c, d, a, b, MD4_GET(9) + 0x5a827999, 9) + MD4_STEP(MD4_G, b, c, d, a, MD4_GET(13) + 0x5a827999, 13) + MD4_STEP(MD4_G, a, b, c, d, MD4_GET(2) + 0x5a827999, 3) + MD4_STEP(MD4_G, d, a, b, c, MD4_GET(6) + 0x5a827999, 5) + MD4_STEP(MD4_G, c, d, a, b, MD4_GET(10) + 0x5a827999, 9) + MD4_STEP(MD4_G, b, c, d, a, MD4_GET(14) + 0x5a827999, 13) + MD4_STEP(MD4_G, a, b, c, d, MD4_GET(3) + 0x5a827999, 3) + MD4_STEP(MD4_G, d, a, b, c, MD4_GET(7) + 0x5a827999, 5) + MD4_STEP(MD4_G, c, d, a, b, MD4_GET(11) + 0x5a827999, 9) + MD4_STEP(MD4_G, b, c, d, a, MD4_GET(15) + 0x5a827999, 13) /* Round 3 */ - STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3) - STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9) - STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11) - STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15) - STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3) - STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9) - STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11) - STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15) - STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3) - STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9) - STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11) - STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15) - STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3) - STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9) - STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11) - STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15) + MD4_STEP(MD4_H, a, b, c, d, MD4_GET(0) + 0x6ed9eba1, 3) + MD4_STEP(MD4_H, d, a, b, c, MD4_GET(8) + 0x6ed9eba1, 9) + MD4_STEP(MD4_H, c, d, a, b, MD4_GET(4) + 0x6ed9eba1, 11) + MD4_STEP(MD4_H, b, c, d, a, MD4_GET(12) + 0x6ed9eba1, 15) + MD4_STEP(MD4_H, a, b, c, d, MD4_GET(2) + 0x6ed9eba1, 3) + MD4_STEP(MD4_H, d, a, b, c, MD4_GET(10) + 0x6ed9eba1, 9) + MD4_STEP(MD4_H, c, d, a, b, MD4_GET(6) + 0x6ed9eba1, 11) + MD4_STEP(MD4_H, b, c, d, a, MD4_GET(14) + 0x6ed9eba1, 15) + MD4_STEP(MD4_H, a, b, c, d, MD4_GET(1) + 0x6ed9eba1, 3) + MD4_STEP(MD4_H, d, a, b, c, MD4_GET(9) + 0x6ed9eba1, 9) + MD4_STEP(MD4_H, c, d, a, b, MD4_GET(5) + 0x6ed9eba1, 11) + MD4_STEP(MD4_H, b, c, d, a, MD4_GET(13) + 0x6ed9eba1, 15) + MD4_STEP(MD4_H, a, b, c, d, MD4_GET(3) + 0x6ed9eba1, 3) + MD4_STEP(MD4_H, d, a, b, c, MD4_GET(11) + 0x6ed9eba1, 9) + MD4_STEP(MD4_H, c, d, a, b, MD4_GET(7) + 0x6ed9eba1, 11) + MD4_STEP(MD4_H, b, c, d, a, MD4_GET(15) + 0x6ed9eba1, 15) a += saved_a; b += saved_b; @@ -442,11 +446,11 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) memcpy(&ctx->buffer[used], data, available); data = (const unsigned char *)data + available; size -= available; - body(ctx, ctx->buffer, 64); + my_md4_body(ctx, ctx->buffer, 64); } if(size >= 64) { - data = body(ctx, data, size & ~(unsigned long)0x3f); + data = my_md4_body(ctx, data, size & ~(unsigned long)0x3f); size &= 0x3f; } @@ -465,7 +469,7 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) if(available < 8) { memset(&ctx->buffer[used], 0, available); - body(ctx, ctx->buffer, 64); + my_md4_body(ctx, ctx->buffer, 64); used = 0; available = 64; } @@ -482,7 +486,7 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff); ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24); - body(ctx, ctx->buffer, 64); + my_md4_body(ctx, ctx->buffer, 64); result[0] = curlx_ultouc((ctx->a)&0xff); result[1] = curlx_ultouc((ctx->a >> 8)&0xff); diff --git a/vendor/hydra/vendor/curl/lib/md5.c b/vendor/hydra/vendor/curl/lib/md5.c index 01415af9..7b51429b 100644 --- a/vendor/hydra/vendor/curl/lib/md5.c +++ b/vendor/hydra/vendor/curl/lib/md5.c @@ -172,7 +172,7 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) /* For Apple operating systems: CommonCrypto has the functions we need. These functions are available on Tiger and later, as well as iOS 2.0 - and later. If you're building for an older cat, well, sorry. + and later. If you are building for an older cat, well, sorry. Declaring the functions as static like this seems to be a bit more reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */ @@ -254,7 +254,7 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) * Author: * Alexander Peslyak, better known as Solar Designer * - * This software was written by Alexander Peslyak in 2001. No copyright is + * This software was written by Alexander Peslyak in 2001. No copyright is * claimed, and the software is hereby placed in the public domain. * In case this attempt to disclaim copyright and place the software in the * public domain is deemed null and void, then the software is @@ -264,19 +264,19 @@ static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) * Redistribution and use in source and binary forms, with or without * modification, are permitted. * - * There's ABSOLUTELY NO WARRANTY, express or implied. + * There is ABSOLUTELY NO WARRANTY, express or implied. * * (This is a heavily cut-down "BSD license".) * * This differs from Colin Plumb's older public domain implementation in that * no exactly 32-bit integer data type is required (any 32-bit or wider - * unsigned integer data type will do), there's no compile-time endianness - * configuration, and the function prototypes match OpenSSL's. No code from + * unsigned integer data type will do), there is no compile-time endianness + * configuration, and the function prototypes match OpenSSL's. No code from * Colin Plumb's implementation has been reused; this comment merely compares * the properties of the two independent implementations. * * The primary goals of this implementation are portability and ease of use. - * It is meant to be fast, but not as fast as possible. Some known + * It is meant to be fast, but not as fast as possible. Some known * optimizations are not included to reduce source code size and avoid * compile-time configuration. */ @@ -304,16 +304,16 @@ static void my_md5_final(unsigned char *result, my_md5_ctx *ctx); * architectures that lack an AND-NOT instruction, just like in Colin Plumb's * implementation. */ -#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) -#define H(x, y, z) (((x) ^ (y)) ^ (z)) -#define H2(x, y, z) ((x) ^ ((y) ^ (z))) -#define I(x, y, z) ((y) ^ ((x) | ~(z))) +#define MD5_F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define MD5_G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) +#define MD5_H(x, y, z) (((x) ^ (y)) ^ (z)) +#define MD5_H2(x, y, z) ((x) ^ ((y) ^ (z))) +#define MD5_I(x, y, z) ((y) ^ ((x) | ~(z))) /* * The MD5 transformation for all four rounds. */ -#define STEP(f, a, b, c, d, x, t, s) \ +#define MD5_STEP(f, a, b, c, d, x, t, s) \ (a) += f((b), (c), (d)) + (x) + (t); \ (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ (a) += (b); @@ -323,30 +323,31 @@ static void my_md5_final(unsigned char *result, my_md5_ctx *ctx); * in a properly aligned word in host byte order. * * The check for little-endian architectures that tolerate unaligned - * memory accesses is just an optimization. Nothing will break if it - * doesn't work. + * memory accesses is just an optimization. Nothing will break if it + * does not work. */ #if defined(__i386__) || defined(__x86_64__) || defined(__vax__) -#define SET(n) \ +#define MD5_SET(n) \ (*(MD5_u32plus *)(void *)&ptr[(n) * 4]) -#define GET(n) \ - SET(n) +#define MD5_GET(n) \ + MD5_SET(n) #else -#define SET(n) \ +#define MD5_SET(n) \ (ctx->block[(n)] = \ (MD5_u32plus)ptr[(n) * 4] | \ ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \ ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \ ((MD5_u32plus)ptr[(n) * 4 + 3] << 24)) -#define GET(n) \ +#define MD5_GET(n) \ (ctx->block[(n)]) #endif /* * This processes one or more 64-byte data blocks, but does NOT update - * the bit counters. There are no alignment requirements. + * the bit counters. There are no alignment requirements. */ -static const void *body(my_md5_ctx *ctx, const void *data, unsigned long size) +static const void *my_md5_body(my_md5_ctx *ctx, + const void *data, unsigned long size) { const unsigned char *ptr; MD5_u32plus a, b, c, d; @@ -367,76 +368,76 @@ static const void *body(my_md5_ctx *ctx, const void *data, unsigned long size) saved_d = d; /* Round 1 */ - STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) - STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) - STEP(F, c, d, a, b, SET(2), 0x242070db, 17) - STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) - STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) - STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) - STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) - STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) - STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) - STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) - STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) - STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) - STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) - STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) - STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) - STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) + MD5_STEP(MD5_F, a, b, c, d, MD5_SET(0), 0xd76aa478, 7) + MD5_STEP(MD5_F, d, a, b, c, MD5_SET(1), 0xe8c7b756, 12) + MD5_STEP(MD5_F, c, d, a, b, MD5_SET(2), 0x242070db, 17) + MD5_STEP(MD5_F, b, c, d, a, MD5_SET(3), 0xc1bdceee, 22) + MD5_STEP(MD5_F, a, b, c, d, MD5_SET(4), 0xf57c0faf, 7) + MD5_STEP(MD5_F, d, a, b, c, MD5_SET(5), 0x4787c62a, 12) + MD5_STEP(MD5_F, c, d, a, b, MD5_SET(6), 0xa8304613, 17) + MD5_STEP(MD5_F, b, c, d, a, MD5_SET(7), 0xfd469501, 22) + MD5_STEP(MD5_F, a, b, c, d, MD5_SET(8), 0x698098d8, 7) + MD5_STEP(MD5_F, d, a, b, c, MD5_SET(9), 0x8b44f7af, 12) + MD5_STEP(MD5_F, c, d, a, b, MD5_SET(10), 0xffff5bb1, 17) + MD5_STEP(MD5_F, b, c, d, a, MD5_SET(11), 0x895cd7be, 22) + MD5_STEP(MD5_F, a, b, c, d, MD5_SET(12), 0x6b901122, 7) + MD5_STEP(MD5_F, d, a, b, c, MD5_SET(13), 0xfd987193, 12) + MD5_STEP(MD5_F, c, d, a, b, MD5_SET(14), 0xa679438e, 17) + MD5_STEP(MD5_F, b, c, d, a, MD5_SET(15), 0x49b40821, 22) /* Round 2 */ - STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) - STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) - STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) - STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) - STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) - STEP(G, d, a, b, c, GET(10), 0x02441453, 9) - STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) - STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) - STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) - STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) - STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) - STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) - STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) - STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) - STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) - STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) + MD5_STEP(MD5_G, a, b, c, d, MD5_GET(1), 0xf61e2562, 5) + MD5_STEP(MD5_G, d, a, b, c, MD5_GET(6), 0xc040b340, 9) + MD5_STEP(MD5_G, c, d, a, b, MD5_GET(11), 0x265e5a51, 14) + MD5_STEP(MD5_G, b, c, d, a, MD5_GET(0), 0xe9b6c7aa, 20) + MD5_STEP(MD5_G, a, b, c, d, MD5_GET(5), 0xd62f105d, 5) + MD5_STEP(MD5_G, d, a, b, c, MD5_GET(10), 0x02441453, 9) + MD5_STEP(MD5_G, c, d, a, b, MD5_GET(15), 0xd8a1e681, 14) + MD5_STEP(MD5_G, b, c, d, a, MD5_GET(4), 0xe7d3fbc8, 20) + MD5_STEP(MD5_G, a, b, c, d, MD5_GET(9), 0x21e1cde6, 5) + MD5_STEP(MD5_G, d, a, b, c, MD5_GET(14), 0xc33707d6, 9) + MD5_STEP(MD5_G, c, d, a, b, MD5_GET(3), 0xf4d50d87, 14) + MD5_STEP(MD5_G, b, c, d, a, MD5_GET(8), 0x455a14ed, 20) + MD5_STEP(MD5_G, a, b, c, d, MD5_GET(13), 0xa9e3e905, 5) + MD5_STEP(MD5_G, d, a, b, c, MD5_GET(2), 0xfcefa3f8, 9) + MD5_STEP(MD5_G, c, d, a, b, MD5_GET(7), 0x676f02d9, 14) + MD5_STEP(MD5_G, b, c, d, a, MD5_GET(12), 0x8d2a4c8a, 20) /* Round 3 */ - STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) - STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11) - STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) - STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23) - STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) - STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11) - STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) - STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23) - STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) - STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11) - STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) - STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23) - STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) - STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11) - STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) - STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23) + MD5_STEP(MD5_H, a, b, c, d, MD5_GET(5), 0xfffa3942, 4) + MD5_STEP(MD5_H2, d, a, b, c, MD5_GET(8), 0x8771f681, 11) + MD5_STEP(MD5_H, c, d, a, b, MD5_GET(11), 0x6d9d6122, 16) + MD5_STEP(MD5_H2, b, c, d, a, MD5_GET(14), 0xfde5380c, 23) + MD5_STEP(MD5_H, a, b, c, d, MD5_GET(1), 0xa4beea44, 4) + MD5_STEP(MD5_H2, d, a, b, c, MD5_GET(4), 0x4bdecfa9, 11) + MD5_STEP(MD5_H, c, d, a, b, MD5_GET(7), 0xf6bb4b60, 16) + MD5_STEP(MD5_H2, b, c, d, a, MD5_GET(10), 0xbebfbc70, 23) + MD5_STEP(MD5_H, a, b, c, d, MD5_GET(13), 0x289b7ec6, 4) + MD5_STEP(MD5_H2, d, a, b, c, MD5_GET(0), 0xeaa127fa, 11) + MD5_STEP(MD5_H, c, d, a, b, MD5_GET(3), 0xd4ef3085, 16) + MD5_STEP(MD5_H2, b, c, d, a, MD5_GET(6), 0x04881d05, 23) + MD5_STEP(MD5_H, a, b, c, d, MD5_GET(9), 0xd9d4d039, 4) + MD5_STEP(MD5_H2, d, a, b, c, MD5_GET(12), 0xe6db99e5, 11) + MD5_STEP(MD5_H, c, d, a, b, MD5_GET(15), 0x1fa27cf8, 16) + MD5_STEP(MD5_H2, b, c, d, a, MD5_GET(2), 0xc4ac5665, 23) /* Round 4 */ - STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) - STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) - STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) - STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) - STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) - STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) - STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) - STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) - STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) - STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) - STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) - STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) - STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) - STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) - STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) - STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) + MD5_STEP(MD5_I, a, b, c, d, MD5_GET(0), 0xf4292244, 6) + MD5_STEP(MD5_I, d, a, b, c, MD5_GET(7), 0x432aff97, 10) + MD5_STEP(MD5_I, c, d, a, b, MD5_GET(14), 0xab9423a7, 15) + MD5_STEP(MD5_I, b, c, d, a, MD5_GET(5), 0xfc93a039, 21) + MD5_STEP(MD5_I, a, b, c, d, MD5_GET(12), 0x655b59c3, 6) + MD5_STEP(MD5_I, d, a, b, c, MD5_GET(3), 0x8f0ccc92, 10) + MD5_STEP(MD5_I, c, d, a, b, MD5_GET(10), 0xffeff47d, 15) + MD5_STEP(MD5_I, b, c, d, a, MD5_GET(1), 0x85845dd1, 21) + MD5_STEP(MD5_I, a, b, c, d, MD5_GET(8), 0x6fa87e4f, 6) + MD5_STEP(MD5_I, d, a, b, c, MD5_GET(15), 0xfe2ce6e0, 10) + MD5_STEP(MD5_I, c, d, a, b, MD5_GET(6), 0xa3014314, 15) + MD5_STEP(MD5_I, b, c, d, a, MD5_GET(13), 0x4e0811a1, 21) + MD5_STEP(MD5_I, a, b, c, d, MD5_GET(4), 0xf7537e82, 6) + MD5_STEP(MD5_I, d, a, b, c, MD5_GET(11), 0xbd3af235, 10) + MD5_STEP(MD5_I, c, d, a, b, MD5_GET(2), 0x2ad7d2bb, 15) + MD5_STEP(MD5_I, b, c, d, a, MD5_GET(9), 0xeb86d391, 21) a += saved_a; b += saved_b; @@ -492,11 +493,11 @@ static void my_md5_update(my_md5_ctx *ctx, const void *data, memcpy(&ctx->buffer[used], data, available); data = (const unsigned char *)data + available; size -= available; - body(ctx, ctx->buffer, 64); + my_md5_body(ctx, ctx->buffer, 64); } if(size >= 64) { - data = body(ctx, data, size & ~(unsigned long)0x3f); + data = my_md5_body(ctx, data, size & ~(unsigned long)0x3f); size &= 0x3f; } @@ -515,7 +516,7 @@ static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) if(available < 8) { memset(&ctx->buffer[used], 0, available); - body(ctx, ctx->buffer, 64); + my_md5_body(ctx, ctx->buffer, 64); used = 0; available = 64; } @@ -532,7 +533,7 @@ static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff); ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24); - body(ctx, ctx->buffer, 64); + my_md5_body(ctx, ctx->buffer, 64); result[0] = curlx_ultouc((ctx->a)&0xff); result[1] = curlx_ultouc((ctx->a >> 8)&0xff); diff --git a/vendor/hydra/vendor/curl/lib/memdebug.c b/vendor/hydra/vendor/curl/lib/memdebug.c index fce933a3..bc83d3ee 100644 --- a/vendor/hydra/vendor/curl/lib/memdebug.c +++ b/vendor/hydra/vendor/curl/lib/memdebug.c @@ -30,7 +30,7 @@ #include "urldata.h" -#define MEMDEBUG_NODEFINES /* don't redefine the standard functions */ +#define MEMDEBUG_NODEFINES /* do not redefine the standard functions */ /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -44,8 +44,8 @@ struct memdebug { double d; void *p; } mem[1]; - /* I'm hoping this is the thing with the strictest alignment - * requirements. That also means we waste some space :-( */ + /* I am hoping this is the thing with the strictest alignment + * requirements. That also means we waste some space :-( */ }; /* @@ -53,7 +53,7 @@ struct memdebug { * remain so. For advanced analysis, record a log file and write perl scripts * to analyze them! * - * Don't use these with multithreaded test programs! + * Do not use these with multithreaded test programs! */ FILE *curl_dbg_logfile = NULL; @@ -75,7 +75,7 @@ static void curl_dbg_cleanup(void) curl_dbg_logfile = NULL; } -/* this sets the log file name */ +/* this sets the log filename */ void curl_dbg_memdebug(const char *logname) { if(!curl_dbg_logfile) { @@ -84,7 +84,7 @@ void curl_dbg_memdebug(const char *logname) else curl_dbg_logfile = stderr; #ifdef MEMDEBUG_LOG_SYNC - /* Flush the log file after every line so the log isn't lost in a crash */ + /* Flush the log file after every line so the log is not lost in a crash */ if(curl_dbg_logfile) setbuf(curl_dbg_logfile, (char *)NULL); #endif @@ -103,7 +103,7 @@ void curl_dbg_memlimit(long limit) } } -/* returns TRUE if this isn't allowed! */ +/* returns TRUE if this is not allowed! */ static bool countcheck(const char *func, int line, const char *source) { /* if source is NULL, then the call is made internally and this check @@ -312,7 +312,7 @@ curl_socket_t curl_dbg_socket(int domain, int type, int protocol, sockfd = socket(domain, type, protocol); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log("FD %s:%d socket() = %" CURL_FORMAT_SOCKET_T "\n", + curl_dbg_log("FD %s:%d socket() = %" FMT_SOCKET_T "\n", source, line, sockfd); return sockfd; @@ -356,8 +356,8 @@ int curl_dbg_socketpair(int domain, int type, int protocol, if(source && (0 == res)) curl_dbg_log("FD %s:%d socketpair() = " - "%" CURL_FORMAT_SOCKET_T " %" CURL_FORMAT_SOCKET_T "\n", - source, line, socket_vector[0], socket_vector[1]); + "%" FMT_SOCKET_T " %" FMT_SOCKET_T "\n", + source, line, socket_vector[0], socket_vector[1]); return res; } @@ -372,7 +372,7 @@ curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, curl_socket_t sockfd = accept(s, addr, addrlen); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log("FD %s:%d accept() = %" CURL_FORMAT_SOCKET_T "\n", + curl_dbg_log("FD %s:%d accept() = %" FMT_SOCKET_T "\n", source, line, sockfd); return sockfd; @@ -382,7 +382,7 @@ curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, void curl_dbg_mark_sclose(curl_socket_t sockfd, int line, const char *source) { if(source) - curl_dbg_log("FD %s:%d sclose(%" CURL_FORMAT_SOCKET_T ")\n", + curl_dbg_log("FD %s:%d sclose(%" FMT_SOCKET_T ")\n", source, line, sockfd); } diff --git a/vendor/hydra/vendor/curl/lib/memdebug.h b/vendor/hydra/vendor/curl/lib/memdebug.h index 51147cdc..cabadbcc 100644 --- a/vendor/hydra/vendor/curl/lib/memdebug.h +++ b/vendor/hydra/vendor/curl/lib/memdebug.h @@ -34,9 +34,9 @@ #include "functypes.h" #if defined(__GNUC__) && __GNUC__ >= 3 -# define ALLOC_FUNC __attribute__((malloc)) -# define ALLOC_SIZE(s) __attribute__((alloc_size(s))) -# define ALLOC_SIZE2(n, s) __attribute__((alloc_size(n, s))) +# define ALLOC_FUNC __attribute__((__malloc__)) +# define ALLOC_SIZE(s) __attribute__((__alloc_size__(s))) +# define ALLOC_SIZE2(n, s) __attribute__((__alloc_size__(n, s))) #elif defined(_MSC_VER) # define ALLOC_FUNC __declspec(restrict) # define ALLOC_SIZE(s) @@ -114,11 +114,17 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); /* Set this symbol on the command-line, recompile all lib-sources */ #undef strdup #define strdup(ptr) curl_dbg_strdup(ptr, __LINE__, __FILE__) +#undef malloc #define malloc(size) curl_dbg_malloc(size, __LINE__, __FILE__) +#undef calloc #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__, __FILE__) +#undef realloc #define realloc(ptr,size) curl_dbg_realloc(ptr, size, __LINE__, __FILE__) +#undef free #define free(ptr) curl_dbg_free(ptr, __LINE__, __FILE__) +#undef send #define send(a,b,c,d) curl_dbg_send(a,b,c,d, __LINE__, __FILE__) +#undef recv #define recv(a,b,c,d) curl_dbg_recv(a,b,c,d, __LINE__, __FILE__) #ifdef _WIN32 @@ -137,13 +143,14 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); #undef socket #define socket(domain,type,protocol)\ - curl_dbg_socket(domain, type, protocol, __LINE__, __FILE__) + curl_dbg_socket((int)domain, type, protocol, __LINE__, __FILE__) #undef accept /* for those with accept as a macro */ #define accept(sock,addr,len)\ curl_dbg_accept(sock, addr, len, __LINE__, __FILE__) #ifdef HAVE_SOCKETPAIR #define socketpair(domain,type,protocol,socket_vector)\ - curl_dbg_socketpair(domain, type, protocol, socket_vector, __LINE__, __FILE__) + curl_dbg_socketpair((int)domain, type, protocol, socket_vector, \ + __LINE__, __FILE__) #endif #ifdef HAVE_GETADDRINFO diff --git a/vendor/hydra/vendor/curl/lib/mime.c b/vendor/hydra/vendor/curl/lib/mime.c index a2356c47..885eca62 100644 --- a/vendor/hydra/vendor/curl/lib/mime.c +++ b/vendor/hydra/vendor/curl/lib/mime.c @@ -92,7 +92,7 @@ static const char base64enc[] = /* Quoted-printable character class table. * * We cannot rely on ctype functions since quoted-printable input data - * is assumed to be ascii-compatible, even on non-ascii platforms. */ + * is assumed to be ASCII-compatible, even on non-ASCII platforms. */ #define QP_OK 1 /* Can be represented by itself. */ #define QP_SP 2 /* Space or tab. */ #define QP_CR 3 /* Carriage return. */ @@ -557,7 +557,7 @@ static size_t encoder_qp_read(char *buffer, size_t size, bool ateof, /* On all platforms, input is supposed to be ASCII compatible: for this reason, we use hexadecimal ASCII codes in this function rather than - character constants that can be interpreted as non-ascii on some + character constants that can be interpreted as non-ASCII on some platforms. Preserve ASCII encoding on output too. */ while(st->bufbeg < st->bufend) { size_t len = 1; @@ -1137,7 +1137,7 @@ static void cleanup_part_content(curl_mimepart *part) part->datasize = (curl_off_t) 0; /* No size yet. */ cleanup_encoder_state(&part->encstate); part->kind = MIMEKIND_NONE; - part->flags &= ~MIME_FAST_READ; + part->flags &= ~(unsigned int)MIME_FAST_READ; part->lastreadstatus = 1; /* Successful read status. */ part->state.state = MIMESTATE_BEGIN; } @@ -1147,7 +1147,7 @@ static void mime_subparts_free(void *ptr) curl_mime *mime = (curl_mime *) ptr; if(mime && mime->parent) { - mime->parent->freefunc = NULL; /* Be sure we won't be called again. */ + mime->parent->freefunc = NULL; /* Be sure we will not be called again. */ cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */ } curl_mime_free(mime); @@ -1159,7 +1159,7 @@ static void mime_subparts_unbind(void *ptr) curl_mime *mime = (curl_mime *) ptr; if(mime && mime->parent) { - mime->parent->freefunc = NULL; /* Be sure we won't be called again. */ + mime->parent->freefunc = NULL; /* Be sure we will not be called again. */ cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */ mime->parent = NULL; } @@ -1186,7 +1186,7 @@ void curl_mime_free(curl_mime *mime) curl_mimepart *part; if(mime) { - mime_subparts_unbind(mime); /* Be sure it's not referenced anymore. */ + mime_subparts_unbind(mime); /* Be sure it is not referenced anymore. */ while(mime->firstpart) { part = mime->firstpart; mime->firstpart = part->nextpart; @@ -1354,7 +1354,7 @@ CURLcode curl_mime_name(curl_mimepart *part, const char *name) return CURLE_OK; } -/* Set mime part remote file name. */ +/* Set mime part remote filename. */ CURLcode curl_mime_filename(curl_mimepart *part, const char *filename) { if(!part) @@ -1497,7 +1497,7 @@ CURLcode curl_mime_headers(curl_mimepart *part, if(part->flags & MIME_USERHEADERS_OWNER) { if(part->userheaders != headers) /* Allow setting twice the same list. */ curl_slist_free_all(part->userheaders); - part->flags &= ~MIME_USERHEADERS_OWNER; + part->flags &= ~(unsigned int)MIME_USERHEADERS_OWNER; } part->userheaders = headers; if(headers && take_ownership) @@ -1554,7 +1554,7 @@ CURLcode Curl_mime_set_subparts(curl_mimepart *part, while(root->parent && root->parent->parent) root = root->parent->parent; if(subparts == root) { - /* Can't add as a subpart of itself. */ + /* cannot add as a subpart of itself. */ return CURLE_BAD_FUNCTION_ARGUMENT; } } @@ -1587,6 +1587,8 @@ size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream) (void) size; /* Always 1. */ + /* TODO: this loop is broken. If `nitems` is <= 4, some encoders will + * return STOP_FILLING without adding any data and this loops infinitely. */ do { hasread = FALSE; ret = readback_part(part, buffer, nitems, &hasread); @@ -1662,7 +1664,8 @@ static curl_off_t mime_size(curl_mimepart *part) if(size >= 0 && !(part->flags & MIME_BODY_ONLY)) { /* Compute total part size. */ size += slist_size(part->curlheaders, 2, NULL, 0); - size += slist_size(part->userheaders, 2, STRCONST("Content-Type")); + size += slist_size(part->userheaders, 2, + STRCONST("Content-Type")); size += 2; /* CRLF after headers. */ } return size; @@ -1677,7 +1680,7 @@ CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) va_list ap; va_start(ap, fmt); - s = curl_mvaprintf(fmt, ap); + s = vaprintf(fmt, ap); va_end(ap); if(s) { @@ -1770,7 +1773,7 @@ CURLcode Curl_mime_prepare_headers(struct Curl_easy *data, curl_slist_free_all(part->curlheaders); part->curlheaders = NULL; - /* Be sure we won't access old headers later. */ + /* Be sure we will not access old headers later. */ if(part->state.state == MIMESTATE_CURLHEADERS) mimesetstate(&part->state, MIMESTATE_CURLHEADERS, NULL); @@ -1943,13 +1946,17 @@ static CURLcode cr_mime_read(struct Curl_easy *data, struct cr_mime_ctx *ctx = reader->ctx; size_t nread; + /* Once we have errored, we will return the same error forever */ if(ctx->errored) { + CURL_TRC_READ(data, "cr_mime_read(len=%zu) is errored -> %d, eos=0", + blen, ctx->error_result); *pnread = 0; *peos = FALSE; return ctx->error_result; } if(ctx->seen_eos) { + CURL_TRC_READ(data, "cr_mime_read(len=%zu) seen eos -> 0, eos=1", blen); *pnread = 0; *peos = TRUE; return CURLE_OK; @@ -1962,16 +1969,27 @@ static CURLcode cr_mime_read(struct Curl_easy *data, else if(remain < (curl_off_t)blen) blen = (size_t)remain; } - nread = 0; - if(blen) { - nread = Curl_mime_read(buf, 1, blen, ctx->part); + + if(blen <= 4) { + /* TODO: Curl_mime_read() may go into an infinite loop when reading + * such small lengths. Returning 0 bytes read is a fix that only works + * as request upload buffers will get flushed eventually and larger + * reads will happen again. */ + CURL_TRC_READ(data, "cr_mime_read(len=%zu), too small, return", blen); + *pnread = 0; + *peos = FALSE; + goto out; } + nread = Curl_mime_read(buf, 1, blen, ctx->part); + CURL_TRC_READ(data, "cr_mime_read(len=%zu), mime_read() -> %zd", + blen, nread); + switch(nread) { case 0: if((ctx->total_len >= 0) && (ctx->read_len < ctx->total_len)) { failf(data, "client mime read EOF fail, " - "only %"CURL_FORMAT_CURL_OFF_T"/%"CURL_FORMAT_CURL_OFF_T + "only %"FMT_OFF_T"/%"FMT_OFF_T " of needed bytes read", ctx->read_len, ctx->total_len); return CURLE_READ_ERROR; } @@ -1990,11 +2008,21 @@ static CURLcode cr_mime_read(struct Curl_easy *data, case CURL_READFUNC_PAUSE: /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */ + CURL_TRC_READ(data, "cr_mime_read(len=%zu), paused by callback", blen); data->req.keepon |= KEEP_SEND_PAUSE; /* mark socket send as paused */ *pnread = 0; *peos = FALSE; break; /* nothing was read */ + case STOP_FILLING: + case READ_ERROR: + failf(data, "read error getting mime data"); + *pnread = 0; + *peos = FALSE; + ctx->errored = TRUE; + ctx->error_result = CURLE_READ_ERROR; + return CURLE_READ_ERROR; + default: if(nread > blen) { /* the read function returned a too large value */ @@ -2012,9 +2040,11 @@ static CURLcode cr_mime_read(struct Curl_easy *data, *peos = ctx->seen_eos; break; } - DEBUGF(infof(data, "cr_mime_read(len=%zu, total=%"CURL_FORMAT_CURL_OFF_T - ", read=%"CURL_FORMAT_CURL_OFF_T") -> %d, %zu, %d", - blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos)); + +out: + CURL_TRC_READ(data, "cr_mime_read(len=%zu, total=%" FMT_OFF_T + ", read=%"FMT_OFF_T") -> %d, %zu, %d", + blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos); return CURLE_OK; } @@ -2056,7 +2086,7 @@ static CURLcode cr_mime_resume_from(struct Curl_easy *data, if((nread == 0) || (nread > readthisamountnow)) { /* this checks for greater-than only to make sure that the CURL_READFUNC_ABORT return code still aborts */ - failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T + failf(data, "Could only read %" FMT_OFF_T " bytes from the mime post", passed); return CURLE_READ_ERROR; } @@ -2071,7 +2101,7 @@ static CURLcode cr_mime_resume_from(struct Curl_easy *data, return CURLE_PARTIAL_FILE; } } - /* we've passed, proceed as normal */ + /* we have passed, proceed as normal */ } return CURLE_OK; } @@ -2095,6 +2125,14 @@ static CURLcode cr_mime_unpause(struct Curl_easy *data, return CURLE_OK; } +static bool cr_mime_is_paused(struct Curl_easy *data, + struct Curl_creader *reader) +{ + struct cr_mime_ctx *ctx = reader->ctx; + (void)data; + return (ctx->part && ctx->part->lastreadstatus == CURL_READFUNC_PAUSE); +} + static const struct Curl_crtype cr_mime = { "cr-mime", cr_mime_init, @@ -2105,6 +2143,7 @@ static const struct Curl_crtype cr_mime = { cr_mime_resume_from, cr_mime_rewind, cr_mime_unpause, + cr_mime_is_paused, Curl_creader_def_done, sizeof(struct cr_mime_ctx) }; diff --git a/vendor/hydra/vendor/curl/lib/mime.h b/vendor/hydra/vendor/curl/lib/mime.h index 954b3ccf..5073a38f 100644 --- a/vendor/hydra/vendor/curl/lib/mime.h +++ b/vendor/hydra/vendor/curl/lib/mime.h @@ -112,7 +112,7 @@ struct curl_mimepart { curl_mimepart *nextpart; /* Forward linked list. */ enum mimekind kind; /* The part kind. */ unsigned int flags; /* Flags. */ - char *data; /* Memory data or file name. */ + char *data; /* Memory data or filename. */ curl_read_callback readfunc; /* Read function. */ curl_seek_callback seekfunc; /* Seek function. */ curl_free_callback freefunc; /* Argument free function. */ @@ -121,7 +121,7 @@ struct curl_mimepart { struct curl_slist *curlheaders; /* Part headers. */ struct curl_slist *userheaders; /* Part headers. */ char *mimetype; /* Part mime type. */ - char *filename; /* Remote file name. */ + char *filename; /* Remote filename. */ char *name; /* Data name. */ curl_off_t datasize; /* Expected data size. */ struct mime_state state; /* Current readback state. */ diff --git a/vendor/hydra/vendor/curl/lib/mprintf.c b/vendor/hydra/vendor/curl/lib/mprintf.c index 1829abc7..42993c71 100644 --- a/vendor/hydra/vendor/curl/lib/mprintf.c +++ b/vendor/hydra/vendor/curl/lib/mprintf.c @@ -25,7 +25,6 @@ #include "curl_setup.h" #include "dynbuf.h" #include "curl_printf.h" -#include #include "curl_memory.h" /* The last #include file should be: */ @@ -863,7 +862,7 @@ static int formatf( str = (char *)iptr->val.str; if(!str) { - /* Write null string if there's space. */ + /* Write null string if there is space. */ if(prec == -1 || prec >= (int) sizeof(nilstr) - 1) { str = nilstr; len = sizeof(nilstr) - 1; @@ -1040,7 +1039,7 @@ static int addbyter(unsigned char outc, void *f) { struct nsprintf *infop = f; if(infop->length < infop->max) { - /* only do this if we haven't reached max length yet */ + /* only do this if we have not reached max length yet */ *infop->buffer++ = (char)outc; /* store */ infop->length++; /* we are now one byte larger */ return 0; /* fputc() returns like this on success */ @@ -1062,10 +1061,10 @@ int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, if(info.max) { /* we terminate this with a zero byte */ if(info.max == info.length) { - /* we're at maximum, scrap the last letter */ + /* we are at maximum, scrap the last letter */ info.buffer[-1] = 0; DEBUGASSERT(retcode); - retcode--; /* don't count the nul byte */ + retcode--; /* do not count the nul byte */ } else info.buffer[0] = 0; diff --git a/vendor/hydra/vendor/curl/lib/mqtt.c b/vendor/hydra/vendor/curl/lib/mqtt.c index 4ca24eb4..22d354a5 100644 --- a/vendor/hydra/vendor/curl/lib/mqtt.c +++ b/vendor/hydra/vendor/curl/lib/mqtt.c @@ -121,7 +121,7 @@ static CURLcode mqtt_send(struct Curl_easy *data, CURLcode result = CURLE_OK; struct MQTT *mq = data->req.p.mqtt; size_t n; - result = Curl_xfer_send(data, buf, len, &n); + result = Curl_xfer_send(data, buf, len, FALSE, &n); if(result) return result; Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n); @@ -154,15 +154,15 @@ static int mqtt_getsock(struct Curl_easy *data, static int mqtt_encode_len(char *buf, size_t len) { - unsigned char encoded; int i; for(i = 0; (len > 0) && (i<4); i++) { + unsigned char encoded; encoded = len % 0x80; len /= 0x80; if(len) encoded |= 0x80; - buf[i] = encoded; + buf[i] = (char)encoded; } return i; @@ -312,7 +312,7 @@ static CURLcode mqtt_connect(struct Curl_easy *data) start_user = pos + 3 + MQTT_CLIENTID_LEN; /* position where starts the password payload */ start_pwd = start_user + ulen; - /* if user name was provided, add it to the packet */ + /* if username was provided, add it to the packet */ if(ulen) { start_pwd += 2; @@ -585,7 +585,7 @@ static size_t mqtt_decode_len(unsigned char *buf, return len; } -#ifdef CURLDEBUG +#ifdef DEBUGBUILD static const char *statenames[]={ "MQTT_FIRST", "MQTT_REMAINING_LENGTH", @@ -606,7 +606,7 @@ static void mqstate(struct Curl_easy *data, { struct connectdata *conn = data->conn; struct mqtt_conn *mqtt = &conn->proto.mqtt; -#ifdef CURLDEBUG +#ifdef DEBUGBUILD infof(data, "%s (from %s) (next is %s)", statenames[state], statenames[mqtt->state], @@ -743,7 +743,7 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) struct mqtt_conn *mqtt = &conn->proto.mqtt; struct MQTT *mq = data->req.p.mqtt; ssize_t nread; - unsigned char byte; + unsigned char recvbyte; *done = FALSE; @@ -776,13 +776,13 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) FALLTHROUGH(); case MQTT_REMAINING_LENGTH: do { - result = Curl_xfer_recv(data, (char *)&byte, 1, &nread); + result = Curl_xfer_recv(data, (char *)&recvbyte, 1, &nread); if(result || !nread) break; - Curl_debug(data, CURLINFO_HEADER_IN, (char *)&byte, 1); - mq->pkt_hd[mq->npacket++] = byte; - } while((byte & 0x80) && (mq->npacket < 4)); - if(!result && nread && (byte & 0x80)) + Curl_debug(data, CURLINFO_HEADER_IN, (char *)&recvbyte, 1); + mq->pkt_hd[mq->npacket++] = recvbyte; + } while((recvbyte & 0x80) && (mq->npacket < 4)); + if(!result && nread && (recvbyte & 0x80)) /* MQTT supports up to 127 * 128^0 + 127 * 128^1 + 127 * 128^2 + 127 * 128^3 bytes. server tried to send more */ result = CURLE_WEIRD_SERVER_REPLY; diff --git a/vendor/hydra/vendor/curl/lib/multi.c b/vendor/hydra/vendor/curl/lib/multi.c index 6bbdfe26..78e5c0a1 100644 --- a/vendor/hydra/vendor/curl/lib/multi.c +++ b/vendor/hydra/vendor/curl/lib/multi.c @@ -57,7 +57,7 @@ /* CURL_SOCKET_HASH_TABLE_SIZE should be a prime number. Increasing it from 97 - to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes. Still, every + to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes. Still, every CURL handle takes 45-50 K memory, therefore this 3K are not significant. */ #ifndef CURL_SOCKET_HASH_TABLE_SIZE @@ -94,9 +94,12 @@ static CURLMcode add_next_timeout(struct curltime now, struct Curl_multi *multi, struct Curl_easy *d); static CURLMcode multi_timeout(struct Curl_multi *multi, + struct curltime *expire_time, long *timeout_ms); static void process_pending_handles(struct Curl_multi *multi); static void multi_xfer_bufs_free(struct Curl_multi *multi); +static void Curl_expire_ex(struct Curl_easy *data, const struct curltime *nowp, + timediff_t milli, expire_id id); #ifdef DEBUGBUILD static const char * const multi_statename[]={ @@ -135,7 +138,7 @@ static void init_completed(struct Curl_easy *data) { /* this is a completed transfer */ - /* Important: reset the conn pointer so that we don't point to memory + /* Important: reset the conn pointer so that we do not point to memory that could be freed anytime */ Curl_detach_connection(data); Curl_expire_clear(data); /* stop all timers */ @@ -175,7 +178,7 @@ static void mstate(struct Curl_easy *data, CURLMstate state #endif if(oldstate == state) - /* don't bother when the new state is the same as the old state */ + /* do not bother when the new state is the same as the old state */ return; data->mstate = state; @@ -191,7 +194,7 @@ static void mstate(struct Curl_easy *data, CURLMstate state #endif if(state == MSTATE_COMPLETED) { - /* changing to COMPLETED means there's one less easy handle 'alive' */ + /* changing to COMPLETED means there is one less easy handle 'alive' */ DEBUGASSERT(data->multi->num_alive > 0); data->multi->num_alive--; if(!data->multi->num_alive) { @@ -247,10 +250,8 @@ static size_t trhash(void *key, size_t key_length, size_t slots_num) static size_t trhash_compare(void *k1, size_t k1_len, void *k2, size_t k2_len) { - (void)k1_len; (void)k2_len; - - return *(struct Curl_easy **)k1 == *(struct Curl_easy **)k2; + return !memcmp(k1, k2, k1_len); } static void trhash_dtor(void *nada) @@ -343,7 +344,7 @@ static size_t hash_fd(void *key, size_t key_length, size_t slots_num) curl_socket_t fd = *((curl_socket_t *) key); (void) key_length; - return (fd % slots_num); + return (fd % (curl_socket_t)slots_num); } /* @@ -354,12 +355,12 @@ static size_t hash_fd(void *key, size_t key_length, size_t slots_num) * "Some tests at 7000 and 9000 connections showed that the socket hash lookup * is somewhat of a bottle neck. Its current implementation may be a bit too * limiting. It simply has a fixed-size array, and on each entry in the array - * it has a linked list with entries. So the hash only checks which list to - * scan through. The code I had used so for used a list with merely 7 slots - * (as that is what the DNS hash uses) but with 7000 connections that would - * make an average of 1000 nodes in each list to run through. I upped that to - * 97 slots (I believe a prime is suitable) and noticed a significant speed - * increase. I need to reconsider the hash implementation or use a rather + * it has a linked list with entries. The hash only checks which list to scan + * through. The code I had used so for used a list with merely 7 slots (as + * that is what the DNS hash uses) but with 7000 connections that would make + * an average of 1000 nodes in each list to run through. I upped that to 97 + * slots (I believe a prime is suitable) and noticed a significant speed + * increase. I need to reconsider the hash implementation or use a rather * large default value like this. At 9000 connections I was still below 10us * per call." * @@ -370,6 +371,17 @@ static void sh_init(struct Curl_hash *hash, size_t hashsize) sh_freeentry); } +/* multi->proto_hash destructor. Should never be called as elements + * MUST be added with their own destructor */ +static void ph_freeentry(void *p) +{ + (void)p; + /* Will always be FALSE. Cannot use a 0 assert here since compilers + * are not in agreement if they then want a NORETURN attribute or + * not. *sigh* */ + DEBUGASSERT(p == NULL); +} + /* * multi_addmsg() * @@ -396,15 +408,21 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* socket hash */ sh_init(&multi->sockhash, hashsize); - if(Curl_conncache_init(&multi->conn_cache, chashsize)) + Curl_hash_init(&multi->proto_hash, 23, + Curl_hash_str, Curl_str_key_compare, ph_freeentry); + + if(Curl_cpool_init(&multi->cpool, Curl_on_disconnect, + multi, NULL, chashsize)) goto error; Curl_llist_init(&multi->msglist, NULL); + Curl_llist_init(&multi->process, NULL); Curl_llist_init(&multi->pending, NULL); Curl_llist_init(&multi->msgsent, NULL); multi->multiplexing = TRUE; multi->max_concurrent_streams = 100; + multi->last_timeout_ms = -1; #ifdef USE_WINSOCK multi->wsa_event = WSACreateEvent(); @@ -412,14 +430,7 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* socket hash */ goto error; #else #ifdef ENABLE_WAKEUP - if(wakeup_create(multi->wakeup_pair) < 0) { - multi->wakeup_pair[0] = CURL_SOCKET_BAD; - multi->wakeup_pair[1] = CURL_SOCKET_BAD; - } - else if(curlx_nonblock(multi->wakeup_pair[0], TRUE) < 0 || - curlx_nonblock(multi->wakeup_pair[1], TRUE) < 0) { - wakeup_close(multi->wakeup_pair[0]); - wakeup_close(multi->wakeup_pair[1]); + if(wakeup_create(multi->wakeup_pair, TRUE) < 0) { multi->wakeup_pair[0] = CURL_SOCKET_BAD; multi->wakeup_pair[1] = CURL_SOCKET_BAD; } @@ -431,8 +442,9 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* socket hash */ error: sockhash_destroy(&multi->sockhash); + Curl_hash_destroy(&multi->proto_hash); Curl_hash_destroy(&multi->hostcache); - Curl_conncache_destroy(&multi->conn_cache); + Curl_cpool_destroy(&multi->cpool); free(multi); return NULL; } @@ -458,52 +470,6 @@ static void multi_warn_debug(struct Curl_multi *multi, struct Curl_easy *data) #define multi_warn_debug(x,y) Curl_nop_stmt #endif -/* returns TRUE if the easy handle is supposed to be present in the main link - list */ -static bool in_main_list(struct Curl_easy *data) -{ - return ((data->mstate != MSTATE_PENDING) && - (data->mstate != MSTATE_MSGSENT)); -} - -static void link_easy(struct Curl_multi *multi, - struct Curl_easy *data) -{ - /* We add the new easy entry last in the list. */ - data->next = NULL; /* end of the line */ - if(multi->easyp) { - struct Curl_easy *last = multi->easylp; - last->next = data; - data->prev = last; - multi->easylp = data; /* the new last node */ - } - else { - /* first node, make prev NULL! */ - data->prev = NULL; - multi->easylp = multi->easyp = data; /* both first and last */ - } -} - -/* unlink the given easy handle from the linked list of easy handles */ -static void unlink_easy(struct Curl_multi *multi, - struct Curl_easy *data) -{ - /* make the previous node point to our next */ - if(data->prev) - data->prev->next = data->next; - else - multi->easyp = data->next; /* point to first node */ - - /* make our next point to our previous node */ - if(data->next) - data->next->prev = data->prev; - else - multi->easylp = data->prev; /* point to last node */ - - data->prev = data->next = NULL; -} - - CURLMcode curl_multi_add_handle(struct Curl_multi *multi, struct Curl_easy *data) { @@ -544,10 +510,10 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, Curl_llist_init(&data->state.timeoutlist, NULL); /* - * No failure allowed in this function beyond this point. And no - * modification of easy nor multi handle allowed before this except for - * potential multi's connection cache growing which won't be undone in this - * function no matter what. + * No failure allowed in this function beyond this point. No modification of + * easy nor multi handle allowed before this except for potential multi's + * connection pool growing which will not be undone in this function no + * matter what. */ if(data->set.errorbuffer) data->set.errorbuffer[0] = 0; @@ -566,21 +532,11 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, happen. */ Curl_expire(data, 0, EXPIRE_RUN_NOW); - /* A somewhat crude work-around for a little glitch in Curl_update_timer() - that happens if the lastcall time is set to the same time when the handle - is removed as when the next handle is added, as then the check in - Curl_update_timer() that prevents calling the application multiple times - with the same timer info will not trigger and then the new handle's - timeout will not be notified to the app. - - The work-around is thus simply to clear the 'lastcall' variable to force - Curl_update_timer() to always trigger a callback to the app when a new - easy handle is added */ - memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); - rc = Curl_update_timer(multi); - if(rc) + if(rc) { + data->multi = NULL; /* not anymore */ return rc; + } /* set the easy handle */ multistate(data, MSTATE_INIT); @@ -593,13 +549,6 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, data->dns.hostcachetype = HCACHE_MULTI; } - /* Point to the shared or multi handle connection cache */ - if(data->share && (data->share->specifier & (1<< CURL_LOCK_DATA_CONNECT))) - data->state.conn_cache = &data->share->conn_cache; - else - data->state.conn_cache = &multi->conn_cache; - data->state.lastconnect_id = -1; - #ifdef USE_LIBPSL /* Do the same for PSL. */ if(data->share && (data->share->specifier & (1 << CURL_LOCK_DATA_PSL))) @@ -608,7 +557,8 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, data->psl = &multi->psl; #endif - link_easy(multi, data); + /* add the easy handle to the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); /* increase the node-counter */ multi->num_easy++; @@ -616,21 +566,12 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, /* increase the alive-counter */ multi->num_alive++; - CONNCACHE_LOCK(data); - /* The closure handle only ever has default timeouts set. To improve the - state somewhat we clone the timeouts from each added handle so that the - closure handle always has the same timeouts as the most recently added - easy handle. */ - data->state.conn_cache->closure_handle->set.timeout = data->set.timeout; - data->state.conn_cache->closure_handle->set.server_response_timeout = - data->set.server_response_timeout; - data->state.conn_cache->closure_handle->set.no_signal = - data->set.no_signal; - data->id = data->state.conn_cache->next_easy_id++; - if(data->state.conn_cache->next_easy_id <= 0) - data->state.conn_cache->next_easy_id = 0; - CONNCACHE_UNLOCK(data); + /* the identifier inside the multi instance */ + data->mid = multi->next_easy_mid++; + if(multi->next_easy_mid <= 0) + multi->next_easy_mid = 0; + Curl_cpool_xfer_init(data); multi_warn_debug(multi, data); return CURLM_OK; @@ -652,6 +593,91 @@ static void debug_print_sock_hash(void *p) } #endif +struct multi_done_ctx { + BIT(premature); +}; + +static void multi_done_locked(struct connectdata *conn, + struct Curl_easy *data, + void *userdata) +{ + struct multi_done_ctx *mdctx = userdata; + + Curl_detach_connection(data); + + if(CONN_INUSE(conn)) { + /* Stop if still used. */ + DEBUGF(infof(data, "Connection still in use %zu, " + "no more multi_done now!", + Curl_llist_count(&conn->easyq))); + return; + } + + data->state.done = TRUE; /* called just now! */ + data->state.recent_conn_id = conn->connection_id; + + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); /* done with this */ + Curl_hostcache_prune(data); + + /* if data->set.reuse_forbid is TRUE, it means the libcurl client has + forced us to close this connection. This is ignored for requests taking + place in a NTLM/NEGOTIATE authentication handshake + + if conn->bits.close is TRUE, it means that the connection should be + closed in spite of all our efforts to be nice, due to protocol + restrictions in our or the server's end + + if premature is TRUE, it means this connection was said to be DONE before + the entire request operation is complete and thus we cannot know in what + state it is for reusing, so we are forced to close it. In a perfect world + we can add code that keep track of if we really must close it here or not, + but currently we have no such detail knowledge. + */ + + if((data->set.reuse_forbid +#if defined(USE_NTLM) + && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 || + conn->proxy_ntlm_state == NTLMSTATE_TYPE2) +#endif +#if defined(USE_SPNEGO) + && !(conn->http_negotiate_state == GSS_AUTHRECV || + conn->proxy_negotiate_state == GSS_AUTHRECV) +#endif + ) || conn->bits.close + || (mdctx->premature && !Curl_conn_is_multiplex(conn, FIRSTSOCKET))) { + DEBUGF(infof(data, "multi_done, not reusing connection=%" + FMT_OFF_T ", forbid=%d" + ", close=%d, premature=%d, conn_multiplex=%d", + conn->connection_id, data->set.reuse_forbid, + conn->bits.close, mdctx->premature, + Curl_conn_is_multiplex(conn, FIRSTSOCKET))); + connclose(conn, "disconnecting"); + Curl_cpool_disconnect(data, conn, mdctx->premature); + } + else { + /* the connection is no longer in use by any transfer */ + if(Curl_cpool_conn_now_idle(data, conn)) { + /* connection kept in the cpool */ + const char *host = +#ifndef CURL_DISABLE_PROXY + conn->bits.socksproxy ? + conn->socks_proxy.host.dispname : + conn->bits.httpproxy ? conn->http_proxy.host.dispname : +#endif + conn->bits.conn_to_host ? conn->conn_to_host.dispname : + conn->host.dispname; + data->state.lastconnect_id = conn->connection_id; + infof(data, "Connection #%" FMT_OFF_T " to host %s left intact", + conn->connection_id, host); + } + else { + /* connection was removed from the cpool and destroyed. */ + data->state.lastconnect_id = -1; + } + } +} + static CURLcode multi_done(struct Curl_easy *data, CURLcode status, /* an error if this is called after an error was detected */ @@ -659,6 +685,9 @@ static CURLcode multi_done(struct Curl_easy *data, { CURLcode result, r2; struct connectdata *conn = data->conn; + struct multi_done_ctx mdctx; + + memset(&mdctx, 0, sizeof(mdctx)); #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) DEBUGF(infof(data, "multi_done[%s]: status: %d prem: %d done: %d", @@ -684,8 +713,8 @@ static CURLcode multi_done(struct Curl_easy *data, case CURLE_ABORTED_BY_CALLBACK: case CURLE_READ_ERROR: case CURLE_WRITE_ERROR: - /* When we're aborted due to a callback return code it basically have to - be counted as premature as there is trouble ahead if we don't. We have + /* When we are aborted due to a callback return code it basically have to + be counted as premature as there is trouble ahead if we do not. We have many callbacks and protocols work differently, we could potentially do this more fine-grained in the future. */ premature = TRUE; @@ -721,106 +750,22 @@ static CURLcode multi_done(struct Curl_easy *data, if(!result) result = Curl_req_done(&data->req, data, premature); - CONNCACHE_LOCK(data); - Curl_detach_connection(data); - if(CONN_INUSE(conn)) { - /* Stop if still used. */ - CONNCACHE_UNLOCK(data); - DEBUGF(infof(data, "Connection still in use %zu, " - "no more multi_done now!", - conn->easyq.size)); - return CURLE_OK; - } - - data->state.done = TRUE; /* called just now! */ - - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); /* done with this */ - conn->dns_entry = NULL; - } - Curl_hostcache_prune(data); - - /* if data->set.reuse_forbid is TRUE, it means the libcurl client has - forced us to close this connection. This is ignored for requests taking - place in a NTLM/NEGOTIATE authentication handshake - - if conn->bits.close is TRUE, it means that the connection should be - closed in spite of all our efforts to be nice, due to protocol - restrictions in our or the server's end - - if premature is TRUE, it means this connection was said to be DONE before - the entire request operation is complete and thus we can't know in what - state it is for reusing, so we're forced to close it. In a perfect world - we can add code that keep track of if we really must close it here or not, - but currently we have no such detail knowledge. - */ - - data->state.recent_conn_id = conn->connection_id; - if((data->set.reuse_forbid -#if defined(USE_NTLM) - && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 || - conn->proxy_ntlm_state == NTLMSTATE_TYPE2) -#endif -#if defined(USE_SPNEGO) - && !(conn->http_negotiate_state == GSS_AUTHRECV || - conn->proxy_negotiate_state == GSS_AUTHRECV) -#endif - ) || conn->bits.close - || (premature && !Curl_conn_is_multiplex(conn, FIRSTSOCKET))) { - DEBUGF(infof(data, "multi_done, not reusing connection=%" - CURL_FORMAT_CURL_OFF_T ", forbid=%d" - ", close=%d, premature=%d, conn_multiplex=%d", - conn->connection_id, - data->set.reuse_forbid, conn->bits.close, premature, - Curl_conn_is_multiplex(conn, FIRSTSOCKET))); - connclose(conn, "disconnecting"); - Curl_conncache_remove_conn(data, conn, FALSE); - CONNCACHE_UNLOCK(data); - Curl_disconnect(data, conn, premature); - } - else { - char buffer[256]; - const char *host = -#ifndef CURL_DISABLE_PROXY - conn->bits.socksproxy ? - conn->socks_proxy.host.dispname : - conn->bits.httpproxy ? conn->http_proxy.host.dispname : -#endif - conn->bits.conn_to_host ? conn->conn_to_host.dispname : - conn->host.dispname; - /* create string before returning the connection */ - curl_off_t connection_id = conn->connection_id; - msnprintf(buffer, sizeof(buffer), - "Connection #%" CURL_FORMAT_CURL_OFF_T " to host %s left intact", - connection_id, host); - /* the connection is no longer in use by this transfer */ - CONNCACHE_UNLOCK(data); - if(Curl_conncache_return_conn(data, conn)) { - /* remember the most recently used connection */ - data->state.lastconnect_id = connection_id; - data->state.recent_conn_id = connection_id; - infof(data, "%s", buffer); - } - else - data->state.lastconnect_id = -1; - } + /* Under the potential connection pool's share lock, decide what to + * do with the transfer's connection. */ + mdctx.premature = premature; + Curl_cpool_do_locked(data, data->conn, multi_done_locked, &mdctx); return result; } -static int close_connect_only(struct Curl_easy *data, - struct connectdata *conn, void *param) +static void close_connect_only(struct connectdata *conn, + struct Curl_easy *data, + void *userdata) { - (void)param; - if(data->state.lastconnect_id != conn->connection_id) - return 0; - - if(!conn->connect_only) - return 1; - - connclose(conn, "Removing connect-only easy handle"); - - return 1; + (void)userdata; + (void)data; + if(conn->connect_only) + connclose(conn, "Removing connect-only easy handle"); } CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, @@ -828,15 +773,16 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, { struct Curl_easy *easy = data; bool premature; - struct Curl_llist_element *e; + struct Curl_llist_node *e; CURLMcode rc; + bool removed_timer = FALSE; /* First, make some basic checks that the CURLM handle is a good handle */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; /* Verify that we got a somewhat good easy handle too */ - if(!GOOD_EASY_HANDLE(data)) + if(!GOOD_EASY_HANDLE(data) || !multi->num_easy) return CURLM_BAD_EASY_HANDLE; /* Prevent users from trying to remove same easy handle more than once */ @@ -863,7 +809,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, if(data->conn && data->mstate > MSTATE_DO && data->mstate < MSTATE_COMPLETED) { - /* Set connection owner so that the DONE function closes it. We can + /* Set connection owner so that the DONE function closes it. We can safely do this here since connection is killed. */ streamclose(data->conn, "Removed with partial response"); } @@ -872,7 +818,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* multi_done() clears the association between the easy handle and the connection. - Note that this ignores the return code simply because there's + Note that this ignores the return code simply because there is nothing really useful to do with it anyway! */ (void)multi_done(data, data->result, premature); } @@ -880,18 +826,10 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* The timer must be shut down before data->multi is set to NULL, else the timenode will remain in the splay tree after curl_easy_cleanup is called. Do it after multi_done() in case that sets another time! */ - Curl_expire_clear(data); + removed_timer = Curl_expire_clear(data); - if(data->connect_queue.ptr) { - /* the handle is in the pending or msgsent lists, so go ahead and remove - it */ - if(data->mstate == MSTATE_PENDING) - Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); - else - Curl_llist_remove(&multi->msgsent, &data->connect_queue, NULL); - } - if(in_main_list(data)) - unlink_easy(multi, data); + /* the handle is in a list, remove it from whichever it is */ + Curl_node_remove(&data->multi_queue); if(data->dns.hostcachetype == HCACHE_MULTI) { /* stop using the multi handle's DNS cache, *after* the possible @@ -906,7 +844,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, what we want */ data->mstate = MSTATE_COMPLETED; - /* This ignores the return code even in case of problems because there's + /* This ignores the return code even in case of problems because there is nothing more to do about that, here */ (void)singlesocket(multi, easy); /* to let the application know what sockets that vanish with this handle */ @@ -918,7 +856,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, /* This removes a handle that was part the multi interface that used CONNECT_ONLY, that connection is now left alive but since this handle has bits.close set nothing can use that transfer anymore and it is - forbidden from reuse. And this easy handle cannot find the connection + forbidden from reuse. This easy handle cannot find the connection anymore once removed from the multi handle Better close the connection here, at once. @@ -927,15 +865,14 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, curl_socket_t s; s = Curl_getconnectinfo(data, &c); if((s != CURL_SOCKET_BAD) && c) { - Curl_conncache_remove_conn(data, c, TRUE); - Curl_disconnect(data, c, TRUE); + Curl_cpool_disconnect(data, c, TRUE); } } if(data->state.lastconnect_id != -1) { /* Mark any connect-only connection for closure */ - Curl_conncache_foreach(data, data->state.conn_cache, - NULL, close_connect_only); + Curl_cpool_do_by_id(data, data->state.lastconnect_id, + close_connect_only, NULL); } #ifdef USE_LIBPSL @@ -944,33 +881,31 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, data->psl = NULL; #endif - /* as this was using a shared connection cache we clear the pointer to that - since we're not part of that multi handle anymore */ - data->state.conn_cache = NULL; - - data->multi = NULL; /* clear the association to this multi handle */ - - /* make sure there's no pending message in the queue sent from this easy + /* make sure there is no pending message in the queue sent from this easy handle */ - for(e = multi->msglist.head; e; e = e->next) { - struct Curl_message *msg = e->ptr; + for(e = Curl_llist_head(&multi->msglist); e; e = Curl_node_next(e)) { + struct Curl_message *msg = Curl_node_elem(e); if(msg->extmsg.easy_handle == easy) { - Curl_llist_remove(&multi->msglist, e, NULL); + Curl_node_remove(e); /* there can only be one from this specific handle */ break; } } + data->multi = NULL; /* clear the association to this multi handle */ + data->mid = -1; + /* NOTE NOTE NOTE We do not touch the easy handle here! */ multi->num_easy--; /* one less to care about now */ - process_pending_handles(multi); - rc = Curl_update_timer(multi); - if(rc) - return rc; + if(removed_timer) { + rc = Curl_update_timer(multi); + if(rc) + return rc; + } return CURLM_OK; } @@ -991,7 +926,7 @@ void Curl_detach_connection(struct Curl_easy *data) struct connectdata *conn = data->conn; if(conn) { Curl_conn_ev_data_detach(conn, data); - Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); + Curl_node_remove(&data->conn_queue); } data->conn = NULL; } @@ -1002,8 +937,9 @@ void Curl_detach_connection(struct Curl_easy *data) * This is the only function that should assign data->conn */ void Curl_attach_connection(struct Curl_easy *data, - struct connectdata *conn) + struct connectdata *conn) { + DEBUGASSERT(data); DEBUGASSERT(!data->conn); DEBUGASSERT(conn); data->conn = conn; @@ -1016,12 +952,14 @@ void Curl_attach_connection(struct Curl_easy *data, static int connecting_getsock(struct Curl_easy *data, curl_socket_t *socks) { struct connectdata *conn = data->conn; - (void)socks; - /* Not using `conn->sockfd` as `Curl_xfer_setup()` initializes - * that *after* the connect. */ - if(conn && conn->sock[FIRSTSOCKET] != CURL_SOCKET_BAD) { + curl_socket_t sockfd; + + if(!conn) + return GETSOCK_BLANK; + sockfd = Curl_conn_get_socket(data, FIRSTSOCKET); + if(sockfd != CURL_SOCKET_BAD) { /* Default is to wait to something from the server */ - socks[0] = conn->sock[FIRSTSOCKET]; + socks[0] = sockfd; return GETSOCK_READSOCK(0); } return GETSOCK_BLANK; @@ -1030,11 +968,16 @@ static int connecting_getsock(struct Curl_easy *data, curl_socket_t *socks) static int protocol_getsock(struct Curl_easy *data, curl_socket_t *socks) { struct connectdata *conn = data->conn; - if(conn && conn->handler->proto_getsock) + curl_socket_t sockfd; + + if(!conn) + return GETSOCK_BLANK; + if(conn->handler->proto_getsock) return conn->handler->proto_getsock(data, conn, socks); - else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + sockfd = Curl_conn_get_socket(data, FIRSTSOCKET); + if(sockfd != CURL_SOCKET_BAD) { /* Default is to wait to something from the server */ - socks[0] = conn->sockfd; + socks[0] = sockfd; return GETSOCK_READSOCK(0); } return GETSOCK_BLANK; @@ -1043,9 +986,11 @@ static int protocol_getsock(struct Curl_easy *data, curl_socket_t *socks) static int domore_getsock(struct Curl_easy *data, curl_socket_t *socks) { struct connectdata *conn = data->conn; - if(conn && conn->handler->domore_getsock) + if(!conn) + return GETSOCK_BLANK; + if(conn->handler->domore_getsock) return conn->handler->domore_getsock(data, conn, socks); - else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + else if(conn->sockfd != CURL_SOCKET_BAD) { /* Default is that we want to send something to the server */ socks[0] = conn->sockfd; return GETSOCK_WRITESOCK(0); @@ -1056,9 +1001,11 @@ static int domore_getsock(struct Curl_easy *data, curl_socket_t *socks) static int doing_getsock(struct Curl_easy *data, curl_socket_t *socks) { struct connectdata *conn = data->conn; - if(conn && conn->handler->doing_getsock) + if(!conn) + return GETSOCK_BLANK; + if(conn->handler->doing_getsock) return conn->handler->doing_getsock(data, conn, socks); - else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + else if(conn->sockfd != CURL_SOCKET_BAD) { /* Default is that we want to send something to the server */ socks[0] = conn->sockfd; return GETSOCK_WRITESOCK(0); @@ -1069,7 +1016,6 @@ static int doing_getsock(struct Curl_easy *data, curl_socket_t *socks) static int perform_getsock(struct Curl_easy *data, curl_socket_t *sock) { struct connectdata *conn = data->conn; - if(!conn) return GETSOCK_BLANK; else if(conn->handler->perform_getsock) @@ -1084,7 +1030,7 @@ static int perform_getsock(struct Curl_easy *data, curl_socket_t *sock) sock[sockindex] = conn->sockfd; } - if(CURL_WANT_SEND(data)) { + if(Curl_req_want_send(data)) { if((conn->sockfd != conn->writesockfd) || bitmap == GETSOCK_BLANK) { /* only if they are not the same socket and we have a readable @@ -1106,6 +1052,7 @@ static int perform_getsock(struct Curl_easy *data, curl_socket_t *sock) static void multi_getsock(struct Curl_easy *data, struct easy_pollset *ps) { + bool expect_sockets = TRUE; /* The no connection case can happen when this is called from curl_multi_remove_handle() => singlesocket() => multi_getsock(). */ @@ -1119,11 +1066,14 @@ static void multi_getsock(struct Curl_easy *data, case MSTATE_SETUP: case MSTATE_CONNECT: /* nothing to poll for yet */ + expect_sockets = FALSE; break; case MSTATE_RESOLVING: Curl_pollset_add_socks(data, ps, Curl_resolv_getsock); - /* connection filters are not involved in this phase */ + /* connection filters are not involved in this phase. It's ok if we get no + * sockets to wait for. Resolving can wake up from other sources. */ + expect_sockets = FALSE; break; case MSTATE_CONNECTING: @@ -1157,19 +1107,29 @@ static void multi_getsock(struct Curl_easy *data, case MSTATE_RATELIMITING: /* we need to let time pass, ignore socket(s) */ + expect_sockets = FALSE; break; case MSTATE_DONE: case MSTATE_COMPLETED: case MSTATE_MSGSENT: /* nothing more to poll for */ + expect_sockets = FALSE; break; default: failf(data, "multi_getsock: unexpected multi state %d", data->mstate); DEBUGASSERT(0); + expect_sockets = FALSE; break; } + + if(expect_sockets && !ps->num && + !(data->req.keepon & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) && + Curl_conn_is_ip_connected(data, FIRSTSOCKET)) { + infof(data, "WARNING: no socket in pollset, transfer may stall!"); + DEBUGASSERT(0); + } } CURLMcode curl_multi_fdset(struct Curl_multi *multi, @@ -1179,10 +1139,8 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, /* Scan through all the easy handles to get the file descriptors set. Some easy handles may not have connected to the remote host yet, and then we must make sure that is done. */ - struct Curl_easy *data; int this_max_fd = -1; - struct easy_pollset ps; - unsigned int i; + struct Curl_llist_node *e; (void)exc_fd_set; /* not used */ if(!GOOD_MULTI_HANDLE(multi)) @@ -1191,20 +1149,22 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - memset(&ps, 0, sizeof(ps)); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + unsigned int i; + + multi_getsock(data, &data->last_poll); - for(i = 0; i < ps.num; i++) { - if(!FDSET_SOCK(ps.sockets[i])) - /* pretend it doesn't exist */ + for(i = 0; i < data->last_poll.num; i++) { + if(!FDSET_SOCK(data->last_poll.sockets[i])) + /* pretend it does not exist */ continue; - if(ps.actions[i] & CURL_POLL_IN) - FD_SET(ps.sockets[i], read_fd_set); - if(ps.actions[i] & CURL_POLL_OUT) - FD_SET(ps.sockets[i], write_fd_set); - if((int)ps.sockets[i] > this_max_fd) - this_max_fd = (int)ps.sockets[i]; + if(data->last_poll.actions[i] & CURL_POLL_IN) + FD_SET(data->last_poll.sockets[i], read_fd_set); + if(data->last_poll.actions[i] & CURL_POLL_OUT) + FD_SET(data->last_poll.sockets[i], write_fd_set); + if((int)data->last_poll.sockets[i] > this_max_fd) + this_max_fd = (int)data->last_poll.sockets[i]; } } @@ -1218,13 +1178,9 @@ CURLMcode curl_multi_waitfds(struct Curl_multi *multi, unsigned int size, unsigned int *fd_count) { - struct Curl_easy *data; - unsigned int nfds = 0; - struct easy_pollset ps; - unsigned int i; + struct curl_waitfds cwfds; CURLMcode result = CURLM_OK; - struct curl_waitfd *ufd; - unsigned int j; + struct Curl_llist_node *e; if(!ufds) return CURLM_BAD_FUNCTION_ARGUMENT; @@ -1235,48 +1191,29 @@ CURLMcode curl_multi_waitfds(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - memset(&ps, 0, sizeof(ps)); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); - - for(i = 0; i < ps.num; i++) { - if(nfds < size) { - curl_socket_t fd = ps.sockets[i]; - int fd_idx = -1; - - /* Simple linear search to skip an already added descriptor */ - for(j = 0; j < nfds; j++) { - if(ufds[j].fd == fd) { - fd_idx = (int)j; - break; - } - } - - if(fd_idx < 0) { - ufd = &ufds[nfds++]; - ufd->fd = ps.sockets[i]; - ufd->events = 0; - } - else - ufd = &ufds[fd_idx]; - - if(ps.actions[i] & CURL_POLL_IN) - ufd->events |= CURL_WAIT_POLLIN; - if(ps.actions[i] & CURL_POLL_OUT) - ufd->events |= CURL_WAIT_POLLOUT; - } - else - return CURLM_OUT_OF_MEMORY; + Curl_waitfds_init(&cwfds, ufds, size); + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + multi_getsock(data, &data->last_poll); + if(Curl_waitfds_add_ps(&cwfds, &data->last_poll)) { + result = CURLM_OUT_OF_MEMORY; + goto out; } } + if(Curl_cpool_add_waitfds(&multi->cpool, &cwfds)) { + result = CURLM_OUT_OF_MEMORY; + goto out; + } + +out: if(fd_count) - *fd_count = nfds; + *fd_count = cwfds.n; return result; } #ifdef USE_WINSOCK -/* Reset FD_WRITE for TCP sockets. Nothing is actually sent. UDP sockets can't +/* Reset FD_WRITE for TCP sockets. Nothing is actually sent. UDP sockets cannot * be reset this way because an empty datagram would be sent. #9203 * * "On Windows the internal state of FD_WRITE as returned from @@ -1291,29 +1228,6 @@ static void reset_socket_fdwrite(curl_socket_t s) } #endif -static CURLMcode ufds_increase(struct pollfd **pfds, unsigned int *pfds_len, - unsigned int inc, bool *is_malloced) -{ - struct pollfd *new_fds, *old_fds = *pfds; - unsigned int new_len = *pfds_len + inc; - - new_fds = calloc(new_len, sizeof(struct pollfd)); - if(!new_fds) { - if(*is_malloced) - free(old_fds); - *pfds = NULL; - *pfds_len = 0; - return CURLM_OUT_OF_MEMORY; - } - memcpy(new_fds, old_fds, (*pfds_len) * sizeof(struct pollfd)); - if(*is_malloced) - free(old_fds); - *pfds = new_fds; - *pfds_len = new_len; - *is_malloced = TRUE; - return CURLM_OK; -} - #define NUM_POLLS_ON_STACK 10 static CURLMcode multi_wait(struct Curl_multi *multi, @@ -1324,16 +1238,16 @@ static CURLMcode multi_wait(struct Curl_multi *multi, bool extrawait, /* when no socket, wait */ bool use_wakeup) { - struct Curl_easy *data; - struct easy_pollset ps; size_t i; + struct curltime expire_time; long timeout_internal; int retcode = 0; struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK]; - struct pollfd *ufds = &a_few_on_stack[0]; - unsigned int ufds_len = NUM_POLLS_ON_STACK; - unsigned int nfds = 0, curl_nfds = 0; /* how many ufds are in use */ - bool ufds_malloc = FALSE; + struct curl_pollfds cpfds; + unsigned int curl_nfds = 0; /* how many pfds are for curl transfers */ + CURLMcode result = CURLM_OK; + struct Curl_llist_node *e; + #ifdef USE_WINSOCK WSANETWORKEVENTS wsa_events; DEBUGASSERT(multi->wsa_event != WSA_INVALID_EVENT); @@ -1351,141 +1265,108 @@ static CURLMcode multi_wait(struct Curl_multi *multi, if(timeout_ms < 0) return CURLM_BAD_FUNCTION_ARGUMENT; - /* If the internally desired timeout is actually shorter than requested from - the outside, then use the shorter time! But only if the internal timer - is actually larger than -1! */ - (void)multi_timeout(multi, &timeout_internal); - if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms)) - timeout_ms = (int)timeout_internal; - - memset(ufds, 0, ufds_len * sizeof(struct pollfd)); - memset(&ps, 0, sizeof(ps)); + Curl_pollfds_init(&cpfds, a_few_on_stack, NUM_POLLS_ON_STACK); /* Add the curl handles to our pollfds first */ - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); - for(i = 0; i < ps.num; i++) { - short events = 0; -#ifdef USE_WINSOCK - long mask = 0; -#endif - if(ps.actions[i] & CURL_POLL_IN) { -#ifdef USE_WINSOCK - mask |= FD_READ|FD_ACCEPT|FD_CLOSE; -#endif - events |= POLLIN; - } - if(ps.actions[i] & CURL_POLL_OUT) { -#ifdef USE_WINSOCK - mask |= FD_WRITE|FD_CONNECT|FD_CLOSE; - reset_socket_fdwrite(ps.sockets[i]); -#endif - events |= POLLOUT; - } - if(events) { - if(nfds && ps.sockets[i] == ufds[nfds-1].fd) { - ufds[nfds-1].events |= events; - } - else { - if(nfds >= ufds_len) { - if(ufds_increase(&ufds, &ufds_len, 100, &ufds_malloc)) - return CURLM_OUT_OF_MEMORY; - } - DEBUGASSERT(nfds < ufds_len); - ufds[nfds].fd = ps.sockets[i]; - ufds[nfds].events = events; - ++nfds; - } - } -#ifdef USE_WINSOCK - if(mask) { - if(WSAEventSelect(ps.sockets[i], multi->wsa_event, mask) != 0) { - if(ufds_malloc) - free(ufds); - return CURLM_INTERNAL_ERROR; - } - } -#endif + multi_getsock(data, &data->last_poll); + if(Curl_pollfds_add_ps(&cpfds, &data->last_poll)) { + result = CURLM_OUT_OF_MEMORY; + goto out; } } - curl_nfds = nfds; /* what curl internally used in ufds */ + if(Curl_cpool_add_pollfds(&multi->cpool, &cpfds)) { + result = CURLM_OUT_OF_MEMORY; + goto out; + } + curl_nfds = cpfds.n; /* what curl internally uses in cpfds */ /* Add external file descriptions from poll-like struct curl_waitfd */ for(i = 0; i < extra_nfds; i++) { + unsigned short events = 0; + if(extra_fds[i].events & CURL_WAIT_POLLIN) + events |= POLLIN; + if(extra_fds[i].events & CURL_WAIT_POLLPRI) + events |= POLLPRI; + if(extra_fds[i].events & CURL_WAIT_POLLOUT) + events |= POLLOUT; + if(Curl_pollfds_add_sock(&cpfds, extra_fds[i].fd, events)) { + result = CURLM_OUT_OF_MEMORY; + goto out; + } + } + #ifdef USE_WINSOCK + /* Set the WSA events based on the collected pollds */ + for(i = 0; i < cpfds.n; i++) { long mask = 0; - if(extra_fds[i].events & CURL_WAIT_POLLIN) + if(cpfds.pfds[i].events & POLLIN) mask |= FD_READ|FD_ACCEPT|FD_CLOSE; - if(extra_fds[i].events & CURL_WAIT_POLLPRI) + if(cpfds.pfds[i].events & POLLPRI) mask |= FD_OOB; - if(extra_fds[i].events & CURL_WAIT_POLLOUT) { + if(cpfds.pfds[i].events & POLLOUT) { mask |= FD_WRITE|FD_CONNECT|FD_CLOSE; - reset_socket_fdwrite(extra_fds[i].fd); - } - if(WSAEventSelect(extra_fds[i].fd, multi->wsa_event, mask) != 0) { - if(ufds_malloc) - free(ufds); - return CURLM_INTERNAL_ERROR; + reset_socket_fdwrite(cpfds.pfds[i].fd); } -#endif - if(nfds >= ufds_len) { - if(ufds_increase(&ufds, &ufds_len, 100, &ufds_malloc)) - return CURLM_OUT_OF_MEMORY; + if(mask) { + if(WSAEventSelect(cpfds.pfds[i].fd, multi->wsa_event, mask) != 0) { + result = CURLM_OUT_OF_MEMORY; + goto out; + } } - DEBUGASSERT(nfds < ufds_len); - ufds[nfds].fd = extra_fds[i].fd; - ufds[nfds].events = 0; - if(extra_fds[i].events & CURL_WAIT_POLLIN) - ufds[nfds].events |= POLLIN; - if(extra_fds[i].events & CURL_WAIT_POLLPRI) - ufds[nfds].events |= POLLPRI; - if(extra_fds[i].events & CURL_WAIT_POLLOUT) - ufds[nfds].events |= POLLOUT; - ++nfds; } +#endif #ifdef ENABLE_WAKEUP #ifndef USE_WINSOCK if(use_wakeup && multi->wakeup_pair[0] != CURL_SOCKET_BAD) { - if(nfds >= ufds_len) { - if(ufds_increase(&ufds, &ufds_len, 100, &ufds_malloc)) - return CURLM_OUT_OF_MEMORY; + if(Curl_pollfds_add_sock(&cpfds, multi->wakeup_pair[0], POLLIN)) { + result = CURLM_OUT_OF_MEMORY; + goto out; } - DEBUGASSERT(nfds < ufds_len); - ufds[nfds].fd = multi->wakeup_pair[0]; - ufds[nfds].events = POLLIN; - ++nfds; } #endif #endif + /* We check the internal timeout *AFTER* we collected all sockets to + * poll. Collecting the sockets may install new timers by protocols + * and connection filters. + * Use the shorter one of the internal and the caller requested timeout. */ + (void)multi_timeout(multi, &expire_time, &timeout_internal); + if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms)) + timeout_ms = (int)timeout_internal; + #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK) - if(nfds || use_wakeup) { + if(cpfds.n || use_wakeup) { #else - if(nfds) { + if(cpfds.n) { #endif int pollrc; #ifdef USE_WINSOCK - if(nfds) - pollrc = Curl_poll(ufds, nfds, 0); /* just pre-check with WinSock */ + if(cpfds.n) /* just pre-check with Winsock */ + pollrc = Curl_poll(cpfds.pfds, cpfds.n, 0); else pollrc = 0; #else - pollrc = Curl_poll(ufds, nfds, timeout_ms); /* wait... */ + pollrc = Curl_poll(cpfds.pfds, cpfds.n, timeout_ms); /* wait... */ #endif - if(pollrc < 0) - return CURLM_UNRECOVERABLE_POLL; + if(pollrc < 0) { + result = CURLM_UNRECOVERABLE_POLL; + goto out; + } if(pollrc > 0) { retcode = pollrc; #ifdef USE_WINSOCK } else { /* now wait... if not ready during the pre-check (pollrc == 0) */ - WSAWaitForMultipleEvents(1, &multi->wsa_event, FALSE, timeout_ms, FALSE); + WSAWaitForMultipleEvents(1, &multi->wsa_event, FALSE, (DWORD)timeout_ms, + FALSE); } - /* With WinSock, we have to run the following section unconditionally + /* With Winsock, we have to run the following section unconditionally to call WSAEventSelect(fd, event, 0) on all the sockets */ { #endif @@ -1493,7 +1374,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, struct, the bit values of the actual underlying poll() implementation may not be the same as the ones in the public libcurl API! */ for(i = 0; i < extra_nfds; i++) { - unsigned r = ufds[curl_nfds + i].revents; + unsigned r = (unsigned)cpfds.pfds[curl_nfds + i].revents; unsigned short mask = 0; #ifdef USE_WINSOCK curl_socket_t s = extra_fds[i].fd; @@ -1510,7 +1391,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, } WSAEventSelect(s, multi->wsa_event, 0); if(!pollrc) { - extra_fds[i].revents = mask; + extra_fds[i].revents = (short)mask; continue; } #endif @@ -1520,25 +1401,25 @@ static CURLMcode multi_wait(struct Curl_multi *multi, mask |= CURL_WAIT_POLLOUT; if(r & POLLPRI) mask |= CURL_WAIT_POLLPRI; - extra_fds[i].revents = mask; + extra_fds[i].revents = (short)mask; } #ifdef USE_WINSOCK /* Count up all our own sockets that had activity, and remove them from the event. */ if(curl_nfds) { + for(e = Curl_llist_head(&multi->process); e && !result; + e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); - for(data = multi->easyp; data; data = data->next) { - multi_getsock(data, &ps); - - for(i = 0; i < ps.num; i++) { + for(i = 0; i < data->last_poll.num; i++) { wsa_events.lNetworkEvents = 0; - if(WSAEnumNetworkEvents(ps.sockets[i], NULL, + if(WSAEnumNetworkEvents(data->last_poll.sockets[i], NULL, &wsa_events) == 0) { if(ret && !pollrc && wsa_events.lNetworkEvents) retcode++; } - WSAEventSelect(ps.sockets[i], multi->wsa_event, 0); + WSAEventSelect(data->last_poll.sockets[i], multi->wsa_event, 0); } } } @@ -1547,7 +1428,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi, #else #ifdef ENABLE_WAKEUP if(use_wakeup && multi->wakeup_pair[0] != CURL_SOCKET_BAD) { - if(ufds[curl_nfds + extra_nfds].revents & POLLIN) { + if(cpfds.pfds[curl_nfds + extra_nfds].revents & POLLIN) { char buf[64]; ssize_t nread; while(1) { @@ -1571,18 +1452,16 @@ static CURLMcode multi_wait(struct Curl_multi *multi, } } - if(ufds_malloc) - free(ufds); if(ret) *ret = retcode; #if defined(ENABLE_WAKEUP) && defined(USE_WINSOCK) - if(extrawait && !nfds && !use_wakeup) { + if(extrawait && !cpfds.n && !use_wakeup) { #else - if(extrawait && !nfds) { + if(extrawait && !cpfds.n) { #endif long sleep_ms = 0; - /* Avoid busy-looping when there's nothing particular to wait for */ + /* Avoid busy-looping when there is nothing particular to wait for */ if(!curl_multi_timeout(multi, &sleep_ms) && sleep_ms) { if(sleep_ms > timeout_ms) sleep_ms = timeout_ms; @@ -1594,7 +1473,9 @@ static CURLMcode multi_wait(struct Curl_multi *multi, } } - return CURLM_OK; +out: + Curl_pollfds_cleanup(&cpfds); + return result; } CURLMcode curl_multi_wait(struct Curl_multi *multi, @@ -1623,6 +1504,15 @@ CURLMcode curl_multi_wakeup(struct Curl_multi *multi) it has to be careful only to access parts of the Curl_multi struct that are constant */ +#if defined(ENABLE_WAKEUP) && !defined(USE_WINSOCK) +#ifdef USE_EVENTFD + const void *buf; + const uint64_t val = 1; +#else + char buf[1]; +#endif +#endif + /* GOOD_MULTI_HANDLE can be safely called */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -1636,8 +1526,11 @@ CURLMcode curl_multi_wakeup(struct Curl_multi *multi) making it safe to access from another thread after the init part and before cleanup */ if(multi->wakeup_pair[1] != CURL_SOCKET_BAD) { - char buf[1]; +#ifdef USE_EVENTFD + buf = &val; +#else buf[0] = 1; +#endif while(1) { /* swrite() is not thread-safe in general, because concurrent calls can have their messages interleaved, but in this case the content @@ -1646,7 +1539,7 @@ CURLMcode curl_multi_wakeup(struct Curl_multi *multi) The write socket is set to non-blocking, this way this function cannot block, making it safe to call even from the same thread that will call curl_multi_wait(). If swrite() returns that it - would block, it's considered successful because it means that + would block, it is considered successful because it means that previous calls to this function will wake up the poll(). */ if(wakeup_write(multi->wakeup_pair[1], buf, sizeof(buf)) < 0) { int err = SOCKERRNO; @@ -1710,7 +1603,7 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, if(!rc) { struct SingleRequest *k = &data->req; - /* pass in NULL for 'conn' here since we don't want to init the + /* pass in NULL for 'conn' here since we do not want to init the connection, only this transfer */ Curl_init_do(data, NULL); @@ -1742,7 +1635,7 @@ static CURLcode multi_do(struct Curl_easy *data, bool *done) * second connection. * * 'complete' can return 0 for incomplete, 1 for done and -1 for go back to - * DOING state there's more work to do! + * DOING state there is more work to do! */ static CURLcode multi_do_more(struct Curl_easy *data, int *complete) @@ -1776,23 +1669,23 @@ static bool multi_handle_timeout(struct Curl_easy *data, else since = data->progress.t_startop; if(data->mstate == MSTATE_RESOLVING) - failf(data, "Resolving timed out after %" CURL_FORMAT_TIMEDIFF_T + failf(data, "Resolving timed out after %" FMT_TIMEDIFF_T " milliseconds", Curl_timediff(*now, since)); else if(data->mstate == MSTATE_CONNECTING) - failf(data, "Connection timed out after %" CURL_FORMAT_TIMEDIFF_T + failf(data, "Connection timed out after %" FMT_TIMEDIFF_T " milliseconds", Curl_timediff(*now, since)); else { struct SingleRequest *k = &data->req; if(k->size != -1) { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" - CURL_FORMAT_CURL_OFF_T " bytes received", + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " out of %" + FMT_OFF_T " bytes received", Curl_timediff(*now, since), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T - " bytes received", Curl_timediff(*now, since), k->bytecount); + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " bytes received", + Curl_timediff(*now, since), k->bytecount); } } *result = CURLE_OPERATION_TIMEDOUT; @@ -1870,10 +1763,10 @@ static CURLcode protocol_connect(struct Curl_easy *data, && conn->bits.protoconnstart) { /* We already are connected, get back. This may happen when the connect worked fine in the first call, like when we connect to a local server - or proxy. Note that we don't know if the protocol is actually done. + or proxy. Note that we do not know if the protocol is actually done. - Unless this protocol doesn't have any protocol-connect callback, as - then we know we're done. */ + Unless this protocol does not have any protocol-connect callback, as + then we know we are done. */ if(!conn->handler->connecting) *protocol_done = TRUE; @@ -1890,7 +1783,7 @@ static CURLcode protocol_connect(struct Curl_easy *data, else *protocol_done = TRUE; - /* it has started, possibly even completed but that knowledge isn't stored + /* it has started, possibly even completed but that knowledge is not stored in this bit! */ if(!result) conn->bits.protoconnstart = TRUE; @@ -1904,6 +1797,20 @@ static void set_in_callback(struct Curl_multi *multi, bool value) multi->in_callback = value; } +/* + * posttransfer() is called immediately after a transfer ends + */ +static void multi_posttransfer(struct Curl_easy *data) +{ +#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL) + /* restore the signal handler for SIGPIPE before we get back */ + if(!data->set.no_signal) + signal(SIGPIPE, data->state.prev_signal); +#else + (void)data; /* unused parameter */ +#endif +} + static CURLMcode multi_runsingle(struct Curl_multi *multi, struct curltime *nowp, struct Curl_easy *data) @@ -1926,7 +1833,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* a multi-level callback returned error before, meaning every individual transfer now has failed */ result = CURLE_ABORTED_BY_CALLBACK; - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, FALSE); multistate(data, MSTATE_COMPLETED); } @@ -1995,11 +1902,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* There was no connection available. We will go to the pending state and wait for an available connection. */ multistate(data, MSTATE_PENDING); - - /* add this handle to the list of connect-pending handles */ - Curl_llist_append(&multi->pending, data, &data->connect_queue); - /* unlink from the main list */ - unlink_easy(multi, data); + /* unlink from process list */ + Curl_node_remove(&data->multi_queue); + /* add handle to pending list */ + Curl_llist_append(&multi->pending, data, &data->multi_queue); result = CURLE_OK; break; } @@ -2009,7 +1915,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(!result) { *nowp = Curl_pgrsTime(data, TIMER_POSTQUEUE); if(async) - /* We're now waiting for an asynchronous name lookup */ + /* We are now waiting for an asynchronous name lookup */ multistate(data, MSTATE_RESOLVING); else { /* after the connect has been sent off, go WAITCONNECT unless the @@ -2017,8 +1923,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, WAITDO or DO! */ rc = CURLM_CALL_MULTI_PERFORM; - if(connected) + if(connected) { + if(!data->conn->bits.reuse && + Curl_conn_is_multiplex(data->conn, FIRSTSOCKET)) { + /* new connection, can multiplex, wake pending handles */ + process_pending_handles(data->multi); + } multistate(data, MSTATE_PROTOCONNECT); + } else { multistate(data, MSTATE_CONNECTING); } @@ -2062,7 +1974,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* Update sockets here, because the socket(s) may have been closed and the application thus needs to be told, even if it is likely that the same socket(s) will again be used further - down. If the name has not yet been resolved, it is likely + down. If the name has not yet been resolved, it is likely that new sockets have been opened in an attempt to contact another resolver. */ rc = singlesocket(multi, data); @@ -2102,22 +2014,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */ DEBUGASSERT(data->conn); result = Curl_http_connect(data, &protocol_connected); -#ifndef CURL_DISABLE_PROXY - if(data->conn->bits.proxy_connect_closed) { + if(!result) { rc = CURLM_CALL_MULTI_PERFORM; - /* connect back to proxy again */ - result = CURLE_OK; - multi_done(data, CURLE_OK, FALSE); - multistate(data, MSTATE_CONNECT); + /* initiate protocol connect phase */ + multistate(data, MSTATE_PROTOCONNECT); } else -#endif - if(!result) { - rc = CURLM_CALL_MULTI_PERFORM; - /* initiate protocol connect phase */ - multistate(data, MSTATE_PROTOCONNECT); - } - else stream_error = TRUE; break; #endif @@ -2127,12 +2029,17 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, DEBUGASSERT(data->conn); result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &connected); if(connected && !result) { + if(!data->conn->bits.reuse && + Curl_conn_is_multiplex(data->conn, FIRSTSOCKET)) { + /* new connection, can multiplex, wake pending handles */ + process_pending_handles(data->multi); + } rc = CURLM_CALL_MULTI_PERFORM; multistate(data, MSTATE_PROTOCONNECT); } else if(result) { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, TRUE); stream_error = TRUE; break; @@ -2162,7 +2069,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } else { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, TRUE); stream_error = TRUE; } @@ -2178,7 +2085,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } else if(result) { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, TRUE); stream_error = TRUE; } @@ -2198,9 +2105,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, Curl_set_in_callback(data, false); if(prereq_rc != CURL_PREREQFUNC_OK) { failf(data, "operation aborted by pre-request callback"); - /* failure in pre-request callback - don't do any other processing */ + /* failure in pre-request callback - do not do any other + processing */ result = CURLE_ABORTED_BY_CALLBACK; - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, FALSE); stream_error = TRUE; break; @@ -2230,7 +2138,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* skip some states if it is important */ multi_done(data, CURLE_OK, FALSE); - /* if there's no connection left, skip the DONE state */ + /* if there is no connection left, skip the DONE state */ multistate(data, data->conn ? MSTATE_DONE : MSTATE_COMPLETED); rc = CURLM_CALL_MULTI_PERFORM; @@ -2246,13 +2154,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* after DO, go DO_DONE... or DO_MORE */ else if(data->conn->bits.do_more) { - /* we're supposed to do more, but we need to sit down, relax + /* we are supposed to do more, but we need to sit down, relax and wait a little while first */ multistate(data, MSTATE_DOING_MORE); rc = CURLM_CALL_MULTI_PERFORM; } else { - /* we're done with the DO, now DID */ + /* we are done with the DO, now DID */ multistate(data, MSTATE_DID); rc = CURLM_CALL_MULTI_PERFORM; } @@ -2261,7 +2169,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, data->conn->bits.reuse) { /* * In this situation, a connection that we were trying to use - * may have unexpectedly died. If possible, send the connection + * may have unexpectedly died. If possible, send the connection * back to the CONNECT phase so we can try again. */ char *newurl = NULL; @@ -2275,7 +2183,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, stream_error = TRUE; } - Curl_posttransfer(data); + multi_posttransfer(data); drc = multi_done(data, result, FALSE); /* When set to retry the connection, we must go back to the CONNECT @@ -2295,19 +2203,19 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } else { - /* done didn't return OK or SEND_ERROR */ + /* done did not return OK or SEND_ERROR */ result = drc; } } else { - /* Have error handler disconnect conn if we can't retry */ + /* Have error handler disconnect conn if we cannot retry */ stream_error = TRUE; } free(newurl); } else { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); if(data->conn) multi_done(data, result, FALSE); stream_error = TRUE; @@ -2329,7 +2237,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } else { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, FALSE); stream_error = TRUE; } @@ -2355,7 +2263,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } else { /* failure detected */ - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, FALSE); stream_error = TRUE; } @@ -2367,7 +2275,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* Check if we can move pending requests to send pipe */ process_pending_handles(multi); /* multiplexed */ - /* Only perform the transfer if there's a good socket to work with. + /* Only perform the transfer if there is a good socket to work with. Having both BAD is a signal to skip immediately to DONE */ if((data->conn->sockfd != CURL_SOCKET_BAD) || (data->conn->writesockfd != CURL_SOCKET_BAD)) @@ -2397,31 +2305,29 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, result != CURLE_HTTP2_STREAM) streamclose(data->conn, "Transfer returned error"); - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, TRUE); } else { send_timeout_ms = 0; if(data->set.max_send_speed) send_timeout_ms = - Curl_pgrsLimitWaitTime(data->progress.uploaded, - data->progress.ul_limit_size, + Curl_pgrsLimitWaitTime(&data->progress.ul, data->set.max_send_speed, - data->progress.ul_limit_start, *nowp); recv_timeout_ms = 0; if(data->set.max_recv_speed) recv_timeout_ms = - Curl_pgrsLimitWaitTime(data->progress.downloaded, - data->progress.dl_limit_size, + Curl_pgrsLimitWaitTime(&data->progress.dl, data->set.max_recv_speed, - data->progress.dl_limit_start, *nowp); if(!send_timeout_ms && !recv_timeout_ms) { multistate(data, MSTATE_PERFORMING); Curl_ratelimit(data, *nowp); + /* start performing again right away */ + rc = CURLM_CALL_MULTI_PERFORM; } else if(send_timeout_ms >= recv_timeout_ms) Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST); @@ -2437,19 +2343,15 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* check if over send speed */ send_timeout_ms = 0; if(data->set.max_send_speed) - send_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.uploaded, - data->progress.ul_limit_size, + send_timeout_ms = Curl_pgrsLimitWaitTime(&data->progress.ul, data->set.max_send_speed, - data->progress.ul_limit_start, *nowp); /* check if over recv speed */ recv_timeout_ms = 0; if(data->set.max_recv_speed) - recv_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.downloaded, - data->progress.dl_limit_size, + recv_timeout_ms = Curl_pgrsLimitWaitTime(&data->progress.dl, data->set.max_recv_speed, - data->progress.dl_limit_start, *nowp); if(send_timeout_ms || recv_timeout_ms) { @@ -2463,7 +2365,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } /* read/write data if it is ready to do so */ - result = Curl_readwrite(data); + result = Curl_sendrecv(data, nowp); if(data->req.done || (result == CURLE_RECV_ERROR)) { /* If CURLE_RECV_ERROR happens early enough, we assume it was a race @@ -2509,8 +2411,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(result) { /* * The transfer phase returned error, we mark the connection to get - * closed to prevent being reused. This is because we can't possibly - * know if the connection is in a good shape or not now. Unless it is + * closed to prevent being reused. This is because we cannot possibly + * know if the connection is in a good shape or not now. Unless it is * a protocol which uses two "channels" like FTP, as then the error * happened in the data connection. */ @@ -2519,13 +2421,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, result != CURLE_HTTP2_STREAM) streamclose(data->conn, "Transfer returned error"); - Curl_posttransfer(data); + multi_posttransfer(data); multi_done(data, result, TRUE); } else if(data->req.done && !Curl_cwriter_is_paused(data)) { /* call this even if the readwrite function returned error */ - Curl_posttransfer(data); + multi_posttransfer(data); /* When we follow redirects or is set to retry the connection, we must to go back to the CONNECT state */ @@ -2552,8 +2454,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, else { /* after the transfer is done, go DONE */ - /* but first check to see if we got a location info even though we're - not following redirects */ + /* but first check to see if we got a location info even though we + are not following redirects */ if(data->req.location) { free(newurl); newurl = data->req.location; @@ -2571,10 +2473,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } } - else if(data->state.select_bits) { + else if(data->state.select_bits && !Curl_xfer_is_blocked(data)) { /* This avoids CURLM_CALL_MULTI_PERFORM so that a very fast transfer - won't get stuck on this transfer at the expense of other concurrent - transfers */ + will not get stuck on this transfer at the expense of other + concurrent transfers */ Curl_expire(data, 0, EXPIRE_RUN_NOW); } free(newurl); @@ -2588,10 +2490,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(data->conn) { CURLcode res; - if(data->conn->bits.multiplex) - /* Check if we can move pending requests to connection */ - process_pending_handles(multi); /* multiplexing */ - /* post-transfer command */ res = multi_done(data, result, FALSE); @@ -2610,8 +2508,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } #endif - /* after we have DONE what we're supposed to do, go COMPLETED, and - it doesn't matter what the multi_done() returned! */ + /* after we have DONE what we are supposed to do, go COMPLETED, and + it does not matter what the multi_done() returned! */ multistate(data, MSTATE_COMPLETED); break; @@ -2646,7 +2544,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(data->mstate < MSTATE_COMPLETED) { if(result) { /* - * If an error was returned, and we aren't in completed state now, + * If an error was returned, and we are not in completed state now, * then we go to completed and consider this transfer aborted. */ @@ -2658,31 +2556,27 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, if(data->conn) { if(stream_error) { - /* Don't attempt to send data over a connection that timed out */ + /* Do not attempt to send data over a connection that timed out */ bool dead_connection = result == CURLE_OPERATION_TIMEDOUT; struct connectdata *conn = data->conn; /* This is where we make sure that the conn pointer is reset. - We don't have to do this in every case block above where a + We do not have to do this in every case block above where a failure is detected */ Curl_detach_connection(data); - - /* remove connection from cache */ - Curl_conncache_remove_conn(data, conn, TRUE); - - /* disconnect properly */ - Curl_disconnect(data, conn, dead_connection); + Curl_cpool_disconnect(data, conn, dead_connection); } } else if(data->mstate == MSTATE_CONNECT) { /* Curl_connect() failed */ - (void)Curl_posttransfer(data); + multi_posttransfer(data); + Curl_pgrsUpdate_nometer(data); } multistate(data, MSTATE_COMPLETED); rc = CURLM_CALL_MULTI_PERFORM; } - /* if there's still a connection to use, call the progress function */ + /* if there is still a connection to use, call the progress function */ else if(data->conn && Curl_pgrsUpdate(data)) { /* aborted due to progress callback return code must close the connection */ @@ -2714,10 +2608,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } multistate(data, MSTATE_MSGSENT); - /* add this handle to the list of msgsent handles */ - Curl_llist_append(&multi->msgsent, data, &data->connect_queue); - /* unlink from the main list */ - unlink_easy(multi, data); + /* unlink from the process list */ + Curl_node_remove(&data->multi_queue); + /* add this handle msgsent list */ + Curl_llist_append(&multi->msgsent, data, &data->multi_queue); return CURLM_OK; } } while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE)); @@ -2729,10 +2623,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) { - struct Curl_easy *data; CURLMcode returncode = CURLM_OK; - struct Curl_tree *t; + struct Curl_tree *t = NULL; struct curltime now = Curl_now(); + struct Curl_llist_node *e; + struct Curl_llist_node *n = NULL; + SIGPIPE_VARIABLE(pipe_st); if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -2740,31 +2636,31 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - data = multi->easyp; - if(data) { + sigpipe_init(&pipe_st); + for(e = Curl_llist_head(&multi->process); e; e = n) { + struct Curl_easy *data = Curl_node_elem(e); CURLMcode result; - bool nosig = data->set.no_signal; - SIGPIPE_VARIABLE(pipe_st); - sigpipe_ignore(data, &pipe_st); /* Do the loop and only alter the signal ignore state if the next handle has a different NO_SIGNAL state than the previous */ - do { - /* the current node might be unlinked in multi_runsingle(), get the next - pointer now */ - struct Curl_easy *datanext = data->next; - if(data->set.no_signal != nosig) { - sigpipe_restore(&pipe_st); - sigpipe_ignore(data, &pipe_st); - nosig = data->set.no_signal; - } + + /* the current node might be unlinked in multi_runsingle(), get the next + pointer now */ + n = Curl_node_next(e); + + if(data != multi->cpool.idata) { + /* connection pool handle is processed below */ + sigpipe_apply(data, &pipe_st); result = multi_runsingle(multi, &now, data); if(result) returncode = result; - data = datanext; /* operate on next handle */ - } while(data); - sigpipe_restore(&pipe_st); + } } + sigpipe_apply(multi->cpool.idata, &pipe_st); + Curl_cpool_multi_perform(multi); + + sigpipe_restore(&pipe_st); + /* * Simply remove all expired timers from the splay since handles are dealt * with unconditionally by this function and curl_multi_timeout() requires @@ -2779,7 +2675,7 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) multi->timetree = Curl_splaygetbest(now, multi->timetree, &t); if(t) { /* the removed may have another timeout in queue */ - data = t->payload; + struct Curl_easy *data = Curl_splayget(t); if(data->mstate == MSTATE_PENDING) { bool stream_unused; CURLcode result_unused; @@ -2789,11 +2685,12 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) move_pending_to_connect(multi, data); } } - (void)add_next_timeout(now, multi, t->payload); + (void)add_next_timeout(now, multi, Curl_splayget(t)); } } while(t); - *running_handles = multi->num_alive; + if(running_handles) + *running_handles = (int)multi->num_alive; if(CURLM_OK >= returncode) returncode = Curl_update_timer(multi); @@ -2801,35 +2698,45 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) return returncode; } -/* unlink_all_msgsent_handles() detaches all those easy handles from this - multi handle */ +/* unlink_all_msgsent_handles() moves all nodes back from the msgsent list to + the process list */ static void unlink_all_msgsent_handles(struct Curl_multi *multi) { - struct Curl_llist_element *e = multi->msgsent.head; - if(e) { - struct Curl_easy *data = e->ptr; - DEBUGASSERT(data->mstate == MSTATE_MSGSENT); - data->multi = NULL; + struct Curl_llist_node *e; + for(e = Curl_llist_head(&multi->msgsent); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); + if(data) { + DEBUGASSERT(data->mstate == MSTATE_MSGSENT); + Curl_node_remove(&data->multi_queue); + /* put it into the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); + } } } CURLMcode curl_multi_cleanup(struct Curl_multi *multi) { - struct Curl_easy *data; - struct Curl_easy *nextdata; - if(GOOD_MULTI_HANDLE(multi)) { + struct Curl_llist_node *e; + struct Curl_llist_node *n; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; multi->magic = 0; /* not good anymore */ + /* move the pending and msgsent entries back to process + so that there is just one list to iterate over */ unlink_all_msgsent_handles(multi); process_pending_handles(multi); + /* First remove all remaining easy handles */ - data = multi->easyp; - while(data) { - nextdata = data->next; + for(e = Curl_llist_head(&multi->process); e; e = n) { + struct Curl_easy *data = Curl_node_elem(e); + + if(!GOOD_EASY_HANDLE(data)) + return CURLM_BAD_HANDLE; + + n = Curl_node_next(e); if(!data->state.done && data->conn) /* if DONE was never called for this handle */ (void)multi_done(data, CURLE_OK, TRUE); @@ -2840,23 +2747,18 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) data->dns.hostcachetype = HCACHE_NONE; } - /* Clear the pointer to the connection cache */ - data->state.conn_cache = NULL; data->multi = NULL; /* clear the association */ #ifdef USE_LIBPSL if(data->psl == &multi->psl) data->psl = NULL; #endif - - data = nextdata; } - /* Close all the connections in the connection cache */ - Curl_conncache_close_all_connections(&multi->conn_cache); + Curl_cpool_destroy(&multi->cpool); sockhash_destroy(&multi->sockhash); - Curl_conncache_destroy(&multi->conn_cache); + Curl_hash_destroy(&multi->proto_hash); Curl_hash_destroy(&multi->hostcache); Curl_psl_destroy(&multi->psl); @@ -2865,12 +2767,10 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) #else #ifdef ENABLE_WAKEUP wakeup_close(multi->wakeup_pair[0]); +#ifndef USE_EVENTFD wakeup_close(multi->wakeup_pair[1]); #endif #endif - -#ifdef USE_SSL - Curl_free_multi_ssl_backend_data(multi->ssl_backend_data); #endif multi_xfer_bufs_free(multi); @@ -2901,15 +2801,15 @@ CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue) !multi->in_callback && Curl_llist_count(&multi->msglist)) { /* there is one or more messages in the list */ - struct Curl_llist_element *e; + struct Curl_llist_node *e; /* extract the head of the list to return */ - e = multi->msglist.head; + e = Curl_llist_head(&multi->msglist); - msg = e->ptr; + msg = Curl_node_elem(e); /* remove the extracted entry */ - Curl_llist_remove(&multi->msglist, e, NULL); + Curl_node_remove(e); *msgs_in_queue = curlx_uztosi(Curl_llist_count(&multi->msglist)); @@ -2927,41 +2827,54 @@ static CURLMcode singlesocket(struct Curl_multi *multi, struct Curl_easy *data) { struct easy_pollset cur_poll; - unsigned int i; - struct Curl_sh_entry *entry; - curl_socket_t s; - int rc; + CURLMcode mresult; /* Fill in the 'current' struct with the state as it is now: what sockets to supervise and for what actions */ multi_getsock(data, &cur_poll); + mresult = Curl_multi_pollset_ev(multi, data, &cur_poll, &data->last_poll); + + if(!mresult) /* Remember for next time */ + memcpy(&data->last_poll, &cur_poll, sizeof(cur_poll)); + return mresult; +} + +CURLMcode Curl_multi_pollset_ev(struct Curl_multi *multi, + struct Curl_easy *data, + struct easy_pollset *ps, + struct easy_pollset *last_ps) +{ + unsigned int i; + struct Curl_sh_entry *entry; + curl_socket_t s; + int rc; /* We have 0 .. N sockets already and we get to know about the 0 .. M sockets we should have from now on. Detect the differences, remove no longer supervised ones and add new ones */ /* walk over the sockets we got right now */ - for(i = 0; i < cur_poll.num; i++) { - unsigned char cur_action = cur_poll.actions[i]; + for(i = 0; i < ps->num; i++) { + unsigned char cur_action = ps->actions[i]; unsigned char last_action = 0; int comboaction; - s = cur_poll.sockets[i]; + s = ps->sockets[i]; /* get it from the hash */ entry = sh_getentry(&multi->sockhash, s); if(entry) { /* check if new for this transfer */ unsigned int j; - for(j = 0; j< data->last_poll.num; j++) { - if(s == data->last_poll.sockets[j]) { - last_action = data->last_poll.actions[j]; + for(j = 0; j< last_ps->num; j++) { + if(s == last_ps->sockets[j]) { + last_action = last_ps->actions[j]; break; } } } else { - /* this is a socket we didn't have before, add it to the hash! */ + /* this is a socket we did not have before, add it to the hash! */ entry = sh_addentry(&multi->sockhash, s); if(!entry) /* fatal */ @@ -2969,23 +2882,30 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } if(last_action && (last_action != cur_action)) { /* Socket was used already, but different action now */ - if(last_action & CURL_POLL_IN) + if(last_action & CURL_POLL_IN) { + DEBUGASSERT(entry->readers); entry->readers--; - if(last_action & CURL_POLL_OUT) + } + if(last_action & CURL_POLL_OUT) { + DEBUGASSERT(entry->writers); entry->writers--; - if(cur_action & CURL_POLL_IN) + } + if(cur_action & CURL_POLL_IN) { entry->readers++; + } if(cur_action & CURL_POLL_OUT) entry->writers++; } - else if(!last_action) { + else if(!last_action && + !Curl_hash_pick(&entry->transfers, (char *)&data, /* hash key */ + sizeof(struct Curl_easy *))) { + DEBUGASSERT(entry->users < 100000); /* detect weird values */ /* a new transfer using this socket */ entry->users++; if(cur_action & CURL_POLL_IN) entry->readers++; if(cur_action & CURL_POLL_OUT) entry->writers++; - /* add 'data' to the transfer hash on this socket! */ if(!Curl_hash_add(&entry->transfers, (char *)&data, /* hash key */ sizeof(struct Curl_easy *), data)) { @@ -3014,18 +2934,19 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } } - entry->action = comboaction; /* store the current action state */ + /* store the current action state */ + entry->action = (unsigned int)comboaction; } - /* Check for last_poll.sockets that no longer appear in cur_poll.sockets. + /* Check for last_poll.sockets that no longer appear in ps->sockets. * Need to remove the easy handle from the multi->sockhash->transfers and * remove multi->sockhash entry when this was the last transfer */ - for(i = 0; i< data->last_poll.num; i++) { + for(i = 0; i < last_ps->num; i++) { unsigned int j; bool stillused = FALSE; - s = data->last_poll.sockets[i]; - for(j = 0; j < cur_poll.num; j++) { - if(s == cur_poll.sockets[j]) { + s = last_ps->sockets[i]; + for(j = 0; j < ps->num; j++) { + if(s == ps->sockets[j]) { /* this is still supervised */ stillused = TRUE; break; @@ -3038,25 +2959,29 @@ static CURLMcode singlesocket(struct Curl_multi *multi, /* if this is NULL here, the socket has been closed and notified so already by Curl_multi_closed() */ if(entry) { - unsigned char oldactions = data->last_poll.actions[i]; + unsigned char oldactions = last_ps->actions[i]; /* this socket has been removed. Decrease user count */ + DEBUGASSERT(entry->users); entry->users--; if(oldactions & CURL_POLL_OUT) entry->writers--; if(oldactions & CURL_POLL_IN) entry->readers--; if(!entry->users) { + bool dead = FALSE; if(multi->socket_cb) { set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; - } + if(rc == -1) + dead = TRUE; } sh_delentry(entry, &multi->sockhash, s); + if(dead) { + multi->dead = TRUE; + return CURLM_ABORTED_BY_CALLBACK; + } } else { /* still users, but remove this handle as a user of this socket */ @@ -3068,8 +2993,6 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } } /* for loop over num */ - /* Remember for next time */ - memcpy(&data->last_poll, &cur_poll, sizeof(data->last_poll)); return CURLM_OK; } @@ -3085,7 +3008,7 @@ CURLcode Curl_updatesocket(struct Curl_easy *data) * Curl_multi_closed() * * Used by the connect code to tell the multi_socket code that one of the - * sockets we were using is about to be closed. This function will then + * sockets we were using is about to be closed. This function will then * remove it from the sockethash for this handle to make the multi_socket API * behave properly, especially for the case when libcurl will create another * socket again and it gets the same file descriptor number. @@ -3094,13 +3017,17 @@ CURLcode Curl_updatesocket(struct Curl_easy *data) void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) { if(data) { - /* if there's still an easy handle associated with this connection */ + /* if there is still an easy handle associated with this connection */ struct Curl_multi *multi = data->multi; + DEBUGF(infof(data, "Curl_multi_closed, fd=%" FMT_SOCKET_T + " multi is %p", s, (void *)multi)); if(multi) { /* this is set if this connection is part of a handle that is added to a multi handle, and only then this is necessary */ struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); + DEBUGF(infof(data, "Curl_multi_closed, fd=%" FMT_SOCKET_T + " entry is %p", s, (void *)entry)); if(entry) { int rc = 0; if(multi->socket_cb) { @@ -3140,26 +3067,24 @@ static CURLMcode add_next_timeout(struct curltime now, { struct curltime *tv = &d->state.expiretime; struct Curl_llist *list = &d->state.timeoutlist; - struct Curl_llist_element *e; - struct time_node *node = NULL; + struct Curl_llist_node *e; /* move over the timeout list for this specific handle and remove all timeouts that are now passed tense and store the next pending timeout in *tv */ - for(e = list->head; e;) { - struct Curl_llist_element *n = e->next; - timediff_t diff; - node = (struct time_node *)e->ptr; - diff = Curl_timediff_us(node->time, now); + for(e = Curl_llist_head(list); e;) { + struct Curl_llist_node *n = Curl_node_next(e); + struct time_node *node = Curl_node_elem(e); + timediff_t diff = Curl_timediff_us(node->time, now); if(diff <= 0) /* remove outdated entry */ - Curl_llist_remove(list, e, NULL); + Curl_node_remove(e); else /* the list is sorted so get out on the first mismatch */ break; e = n; } - e = list->head; + e = Curl_llist_head(list); if(!e) { /* clear the expire times within the handles that we remove from the splay tree */ @@ -3167,10 +3092,11 @@ static CURLMcode add_next_timeout(struct curltime now, tv->tv_usec = 0; } else { + struct time_node *node = Curl_node_elem(e); /* copy the first entry to 'tv' */ memcpy(tv, &node->time, sizeof(*tv)); - /* Insert this node again into the splay. Keep the timer in the list in + /* Insert this node again into the splay. Keep the timer in the list in case we need to recompute future timers. */ multi->timetree = Curl_splayinsert(*tv, multi->timetree, &d->state.timenode); @@ -3178,6 +3104,59 @@ static CURLMcode add_next_timeout(struct curltime now, return CURLM_OK; } +struct multi_run_ctx { + struct Curl_multi *multi; + struct curltime now; + size_t run_xfers; + SIGPIPE_MEMBER(pipe_st); + bool run_cpool; +}; + +static CURLMcode multi_run_expired(struct multi_run_ctx *mrc) +{ + struct Curl_multi *multi = mrc->multi; + struct Curl_easy *data = NULL; + struct Curl_tree *t = NULL; + CURLMcode result = CURLM_OK; + + /* + * The loop following here will go on as long as there are expire-times left + * to process (compared to mrc->now) in the splay and 'data' will be + * re-assigned for every expired handle we deal with. + */ + while(1) { + /* Check if there is one (more) expired timer to deal with! This function + extracts a matching node if there is one */ + multi->timetree = Curl_splaygetbest(mrc->now, multi->timetree, &t); + if(!t) + goto out; + + data = Curl_splayget(t); /* assign this for next loop */ + if(!data) + continue; + + (void)add_next_timeout(mrc->now, multi, data); + if(data == multi->cpool.idata) { + mrc->run_cpool = TRUE; + continue; + } + + mrc->run_xfers++; + sigpipe_apply(data, &mrc->pipe_st); + result = multi_runsingle(multi, &mrc->now, data); + + if(CURLM_OK >= result) { + /* get the socket(s) and check if the state has been changed since + last */ + result = singlesocket(multi, data); + if(result) + goto out; + } + } + +out: + return result; +} static CURLMcode multi_socket(struct Curl_multi *multi, bool checkall, curl_socket_t s, @@ -3186,39 +3165,44 @@ static CURLMcode multi_socket(struct Curl_multi *multi, { CURLMcode result = CURLM_OK; struct Curl_easy *data = NULL; - struct Curl_tree *t; - struct curltime now = Curl_now(); - bool first = FALSE; - bool nosig = FALSE; - SIGPIPE_VARIABLE(pipe_st); + struct multi_run_ctx mrc; + + (void)ev_bitmask; + memset(&mrc, 0, sizeof(mrc)); + mrc.multi = multi; + mrc.now = Curl_now(); + sigpipe_init(&mrc.pipe_st); if(checkall) { + struct Curl_llist_node *e; /* *perform() deals with running_handles on its own */ result = curl_multi_perform(multi, running_handles); /* walk through each easy handle and do the socket state change magic and callbacks */ if(result != CURLM_BAD_HANDLE) { - data = multi->easyp; - while(data && !result) { - result = singlesocket(multi, data); - data = data->next; + for(e = Curl_llist_head(&multi->process); e && !result; + e = Curl_node_next(e)) { + result = singlesocket(multi, Curl_node_elem(e)); } } - - /* or should we fall-through and do the timer-based stuff? */ - return result; + mrc.run_cpool = TRUE; + goto out; } + if(s != CURL_SOCKET_TIMEOUT) { struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); - if(!entry) - /* Unmatched socket, we can't act on it but we ignore this fact. In + if(!entry) { + /* Unmatched socket, we cannot act on it but we ignore this fact. In real-world tests it has been proved that libevent can in fact give the application actions even though the socket was just previously asked to get removed, so thus we better survive stray socket actions and just move on. */ - ; + /* The socket might come from a connection that is being shut down + * by the multi's connection pool. */ + Curl_cpool_multi_socket(multi, s, ev_bitmask); + } else { struct Curl_hash_iterator iter; struct Curl_hash_element *he; @@ -3231,75 +3215,43 @@ static CURLMcode multi_socket(struct Curl_multi *multi, DEBUGASSERT(data); DEBUGASSERT(data->magic == CURLEASY_MAGIC_NUMBER); - if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) - /* set socket event bitmask if they're not locked */ - data->state.select_bits |= (unsigned char)ev_bitmask; - - Curl_expire(data, 0, EXPIRE_RUN_NOW); + if(data == multi->cpool.idata) + mrc.run_cpool = TRUE; + else { + /* Expire with out current now, so we will get it below when + * asking the splaytree for expired transfers. */ + Curl_expire_ex(data, &mrc.now, 0, EXPIRE_RUN_NOW); + } } - - /* Now we fall-through and do the timer-based stuff, since we don't want - to force the user to have to deal with timeouts as long as at least - one connection in fact has traffic. */ - - data = NULL; /* set data to NULL again to avoid calling - multi_runsingle() in case there's no need to */ - now = Curl_now(); /* get a newer time since the multi_runsingle() loop - may have taken some time */ } } - else { - /* Asked to run due to time-out. Clear the 'lastcall' variable to force - Curl_update_timer() to trigger a callback to the app again even if the - same timeout is still the one to run after this call. That handles the - case when the application asks libcurl to run the timeout - prematurely. */ - memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); - } - /* - * The loop following here will go on as long as there are expire-times left - * to process in the splay and 'data' will be re-assigned for every expired - * handle we deal with. - */ - do { - /* the first loop lap 'data' can be NULL */ - if(data) { - if(!first) { - first = TRUE; - nosig = data->set.no_signal; /* initial state */ - sigpipe_ignore(data, &pipe_st); - } - else if(data->set.no_signal != nosig) { - sigpipe_restore(&pipe_st); - sigpipe_ignore(data, &pipe_st); - nosig = data->set.no_signal; /* remember new state */ - } - result = multi_runsingle(multi, &now, data); + result = multi_run_expired(&mrc); + if(result) + goto out; - if(CURLM_OK >= result) { - /* get the socket(s) and check if the state has been changed since - last */ - result = singlesocket(multi, data); - if(result) - break; - } - } - - /* Check if there's one (more) expired timer to deal with! This function - extracts a matching node if there is one */ + if(mrc.run_xfers) { + /* Running transfers takes time. With a new timestamp, we might catch + * other expires which are due now. Instead of telling the application + * to set a 0 timeout and call us again, we run them here. + * Do that only once or it might be unfair to transfers on other + * sockets. */ + mrc.now = Curl_now(); + result = multi_run_expired(&mrc); + } - multi->timetree = Curl_splaygetbest(now, multi->timetree, &t); - if(t) { - data = t->payload; /* assign this for next loop */ - (void)add_next_timeout(now, multi, t->payload); - } +out: + if(mrc.run_cpool) { + sigpipe_apply(multi->cpool.idata, &mrc.pipe_st); + Curl_cpool_multi_perform(multi); + } + sigpipe_restore(&mrc.pipe_st); - } while(t); - if(first) - sigpipe_restore(&pipe_st); + if(running_handles) + *running_handles = (int)multi->num_alive; - *running_handles = multi->num_alive; + if(CURLM_OK >= result) + result = Curl_update_timer(multi); return result; } @@ -3351,6 +3303,9 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, break; case CURLMOPT_MAX_TOTAL_CONNECTIONS: multi->max_total_connections = va_arg(param, long); + /* for now, let this also decide the max number of connections + * in shutdown handling */ + multi->max_shutdown_connections = va_arg(param, long); break; /* options formerly used for pipelining */ case CURLMOPT_MAX_PIPELINE_LENGTH: @@ -3385,39 +3340,28 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, CURLMcode curl_multi_socket(struct Curl_multi *multi, curl_socket_t s, int *running_handles) { - CURLMcode result; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, FALSE, s, 0, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, FALSE, s, 0, running_handles); } CURLMcode curl_multi_socket_action(struct Curl_multi *multi, curl_socket_t s, int ev_bitmask, int *running_handles) { - CURLMcode result; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, FALSE, s, ev_bitmask, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, FALSE, s, ev_bitmask, running_handles); } CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles) { - CURLMcode result; if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - result = multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0, running_handles); - if(CURLM_OK >= result) - result = Curl_update_timer(multi); - return result; + return multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0, running_handles); } static CURLMcode multi_timeout(struct Curl_multi *multi, + struct curltime *expire_time, long *timeout_ms) { static const struct curltime tv_zero = {0, 0}; @@ -3433,20 +3377,29 @@ static CURLMcode multi_timeout(struct Curl_multi *multi, /* splay the lowest to the bottom */ multi->timetree = Curl_splay(tv_zero, multi->timetree); - - if(Curl_splaycomparekeys(multi->timetree->key, now) > 0) { + /* this will not return NULL from a non-emtpy tree, but some compilers + * are not convinced of that. Analyzers are hard. */ + *expire_time = multi->timetree? multi->timetree->key : tv_zero; + + /* 'multi->timetree' will be non-NULL here but the compilers sometimes + yell at us if we assume so */ + if(multi->timetree && + Curl_timediff_us(multi->timetree->key, now) > 0) { /* some time left before expiration */ timediff_t diff = Curl_timediff_ceil(multi->timetree->key, now); - /* this should be safe even on 32 bit archs, as we don't use that + /* this should be safe even on 32-bit archs, as we do not use that overly long timeouts */ *timeout_ms = (long)diff; } - else + else { /* 0 means immediately */ *timeout_ms = 0; + } } - else + else { + *expire_time = tv_zero; *timeout_ms = -1; + } return CURLM_OK; } @@ -3454,6 +3407,8 @@ static CURLMcode multi_timeout(struct Curl_multi *multi, CURLMcode curl_multi_timeout(struct Curl_multi *multi, long *timeout_ms) { + struct curltime expire_time; + /* First, make some basic checks that the CURLM handle is a good handle */ if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -3461,56 +3416,79 @@ CURLMcode curl_multi_timeout(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - return multi_timeout(multi, timeout_ms); + return multi_timeout(multi, &expire_time, timeout_ms); } +#define DEBUG_UPDATE_TIMER 0 + /* * Tell the application it should update its timers, if it subscribes to the * update timer callback. */ CURLMcode Curl_update_timer(struct Curl_multi *multi) { + struct curltime expire_ts; long timeout_ms; int rc; + bool set_value = FALSE; if(!multi->timer_cb || multi->dead) return CURLM_OK; - if(multi_timeout(multi, &timeout_ms)) { - return CURLM_OK; - } - if(timeout_ms < 0) { - static const struct curltime none = {0, 0}; - if(Curl_splaycomparekeys(none, multi->timer_lastcall)) { - multi->timer_lastcall = none; - /* there's no timeout now but there was one previously, tell the app to - disable it */ - set_in_callback(multi, TRUE); - rc = multi->timer_cb(multi, -1, multi->timer_userp); - set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; - } - return CURLM_OK; - } + if(multi_timeout(multi, &expire_ts, &timeout_ms)) { return CURLM_OK; } - /* When multi_timeout() is done, multi->timetree points to the node with the - * timeout we got the (relative) time-out time for. We can thus easily check - * if this is the same (fixed) time as we got in a previous call and then - * avoid calling the callback again. */ - if(Curl_splaycomparekeys(multi->timetree->key, multi->timer_lastcall) == 0) - return CURLM_OK; - - multi->timer_lastcall = multi->timetree->key; + if(timeout_ms < 0 && multi->last_timeout_ms < 0) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), still no timeout, no change\n"); +#endif + } + else if(timeout_ms < 0) { + /* there is no timeout now but there was one previously */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), remove timeout, " + " last_timeout=%ldms\n", multi->last_timeout_ms); +#endif + timeout_ms = -1; /* normalize */ + set_value = TRUE; + } + else if(multi->last_timeout_ms < 0) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), had no timeout, set now\n"); +#endif + set_value = TRUE; + } + else if(Curl_timediff_us(multi->last_expire_ts, expire_ts)) { + /* We had a timeout before and have one now, the absolute timestamp + * differs. The relative timeout_ms may be the same, but the starting + * point differs. Let the application restart its timer. */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), expire timestamp changed\n"); +#endif + set_value = TRUE; + } + else { + /* We have same expire time as previously. Our relative 'timeout_ms' + * may be different now, but the application has the timer running + * and we do not to tell it to start this again. */ +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), same expire timestamp, no change\n"); +#endif + } - set_in_callback(multi, TRUE); - rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); - set_in_callback(multi, FALSE); - if(rc == -1) { - multi->dead = TRUE; - return CURLM_ABORTED_BY_CALLBACK; + if(set_value) { +#if DEBUG_UPDATE_TIMER + fprintf(stderr, "Curl_update_timer(), set timeout %ldms\n", timeout_ms); +#endif + multi->last_expire_ts = expire_ts; + multi->last_timeout_ms = timeout_ms; + set_in_callback(multi, TRUE); + rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); + set_in_callback(multi, FALSE); + if(rc == -1) { + multi->dead = TRUE; + return CURLM_ABORTED_BY_CALLBACK; + } } return CURLM_OK; } @@ -3523,13 +3501,13 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) static void multi_deltimeout(struct Curl_easy *data, expire_id eid) { - struct Curl_llist_element *e; + struct Curl_llist_node *e; struct Curl_llist *timeoutlist = &data->state.timeoutlist; /* find and remove the specific node from the list */ - for(e = timeoutlist->head; e; e = e->next) { - struct time_node *n = (struct time_node *)e->ptr; + for(e = Curl_llist_head(timeoutlist); e; e = Curl_node_next(e)) { + struct time_node *n = Curl_node_elem(e); if(n->eid == eid) { - Curl_llist_remove(timeoutlist, e, NULL); + Curl_node_remove(e); return; } } @@ -3547,9 +3525,9 @@ multi_addtimeout(struct Curl_easy *data, struct curltime *stamp, expire_id eid) { - struct Curl_llist_element *e; + struct Curl_llist_node *e; struct time_node *node; - struct Curl_llist_element *prev = NULL; + struct Curl_llist_node *prev = NULL; size_t n; struct Curl_llist *timeoutlist = &data->state.timeoutlist; @@ -3562,8 +3540,8 @@ multi_addtimeout(struct Curl_easy *data, n = Curl_llist_count(timeoutlist); if(n) { /* find the correct spot in the list */ - for(e = timeoutlist->head; e; e = e->next) { - struct time_node *check = (struct time_node *)e->ptr; + for(e = Curl_llist_head(timeoutlist); e; e = Curl_node_next(e)) { + struct time_node *check = Curl_node_elem(e); timediff_t diff = Curl_timediff(check->time, node->time); if(diff > 0) break; @@ -3589,10 +3567,12 @@ multi_addtimeout(struct Curl_easy *data, * * Expire replaces a former timeout using the same id if already set. */ -void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) +static void Curl_expire_ex(struct Curl_easy *data, + const struct curltime *nowp, + timediff_t milli, expire_id id) { struct Curl_multi *multi = data->multi; - struct curltime *nowp = &data->state.expiretime; + struct curltime *curr_expire = &data->state.expiretime; struct curltime set; /* this is only interesting while there is still an associated multi struct @@ -3602,9 +3582,9 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) DEBUGASSERT(id < EXPIRE_LAST); - set = Curl_now(); - set.tv_sec += (time_t)(milli/1000); /* might be a 64 to 32 bit conversion */ - set.tv_usec += (unsigned int)(milli%1000)*1000; + set = *nowp; + set.tv_sec += (time_t)(milli/1000); /* might be a 64 to 32 bits conversion */ + set.tv_usec += (int)(milli%1000)*1000; if(set.tv_usec >= 1000000) { set.tv_sec++; @@ -3614,20 +3594,20 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) /* Remove any timer with the same id just in case. */ multi_deltimeout(data, id); - /* Add it to the timer list. It must stay in the list until it has expired + /* Add it to the timer list. It must stay in the list until it has expired in case we need to recompute the minimum timer later. */ multi_addtimeout(data, &set, id); - if(nowp->tv_sec || nowp->tv_usec) { + if(curr_expire->tv_sec || curr_expire->tv_usec) { /* This means that the struct is added as a node in the splay tree. Compare if the new time is earlier, and only remove-old/add-new if it is. */ - timediff_t diff = Curl_timediff(set, *nowp); + timediff_t diff = Curl_timediff(set, *curr_expire); int rc; if(diff > 0) { /* The current splay tree entry is sooner than this new expiry time. - We don't need to update our splay tree entry. */ + We do not need to update our splay tree entry. */ return; } @@ -3641,12 +3621,18 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) /* Indicate that we are in the splay tree and insert the new timer expiry value since it is our local minimum. */ - *nowp = set; - data->state.timenode.payload = data; - multi->timetree = Curl_splayinsert(*nowp, multi->timetree, + *curr_expire = set; + Curl_splayset(&data->state.timenode, data); + multi->timetree = Curl_splayinsert(*curr_expire, multi->timetree, &data->state.timenode); } +void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id id) +{ + struct curltime now = Curl_now(); + Curl_expire_ex(data, &now, milli, id); +} + /* * Curl_expire_done() * @@ -3664,7 +3650,7 @@ void Curl_expire_done(struct Curl_easy *data, expire_id id) * * Clear ALL timeout values for this handle. */ -void Curl_expire_clear(struct Curl_easy *data) +bool Curl_expire_clear(struct Curl_easy *data) { struct Curl_multi *multi = data->multi; struct curltime *nowp = &data->state.expiretime; @@ -3672,7 +3658,7 @@ void Curl_expire_clear(struct Curl_easy *data) /* this is only interesting while there is still an associated multi struct remaining! */ if(!multi) - return; + return FALSE; if(nowp->tv_sec || nowp->tv_usec) { /* Since this is an cleared time, we must remove the previous entry from @@ -3685,26 +3671,25 @@ void Curl_expire_clear(struct Curl_easy *data) if(rc) infof(data, "Internal error clearing splay node = %d", rc); - /* flush the timeout list too */ - while(list->size > 0) { - Curl_llist_remove(list, list->tail, NULL); - } + /* clear the timeout list too */ + Curl_llist_destroy(list, NULL); #ifdef DEBUGBUILD infof(data, "Expire cleared"); #endif nowp->tv_sec = 0; nowp->tv_usec = 0; + return TRUE; } + return FALSE; } - - - CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, void *hashp) { struct Curl_sh_entry *there = NULL; + if(!GOOD_MULTI_HANDLE(multi)) + return CURLM_BAD_HANDLE; there = sh_getentry(&multi->sockhash, s); @@ -3716,52 +3701,24 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, return CURLM_OK; } -size_t Curl_multi_max_host_connections(struct Curl_multi *multi) -{ - return multi ? multi->max_host_connections : 0; -} - -size_t Curl_multi_max_total_connections(struct Curl_multi *multi) -{ - return multi ? multi->max_total_connections : 0; -} - -/* - * When information about a connection has appeared, call this! - */ - -void Curl_multiuse_state(struct Curl_easy *data, - int bundlestate) /* use BUNDLE_* defines */ -{ - struct connectdata *conn; - DEBUGASSERT(data); - DEBUGASSERT(data->multi); - conn = data->conn; - DEBUGASSERT(conn); - DEBUGASSERT(conn->bundle); - - conn->bundle->multiuse = bundlestate; - process_pending_handles(data->multi); -} - static void move_pending_to_connect(struct Curl_multi *multi, struct Curl_easy *data) { DEBUGASSERT(data->mstate == MSTATE_PENDING); - /* put it back into the main list */ - link_easy(multi, data); + /* Remove this node from the pending list */ + Curl_node_remove(&data->multi_queue); - multistate(data, MSTATE_CONNECT); + /* put it into the process list */ + Curl_llist_append(&multi->process, data, &data->multi_queue); - /* Remove this node from the pending list */ - Curl_llist_remove(&multi->pending, &data->connect_queue, NULL); + multistate(data, MSTATE_CONNECT); /* Make sure that the handle will be processed soonish. */ Curl_expire(data, 0, EXPIRE_RUN_NOW); } -/* process_pending_handles() moves a handle from PENDING back into the main +/* process_pending_handles() moves a handle from PENDING back into the process list and change state to CONNECT. We do not move all transfers because that can be a significant amount. @@ -3777,9 +3734,9 @@ static void move_pending_to_connect(struct Curl_multi *multi, */ static void process_pending_handles(struct Curl_multi *multi) { - struct Curl_llist_element *e = multi->pending.head; + struct Curl_llist_node *e = Curl_llist_head(&multi->pending); if(e) { - struct Curl_easy *data = e->ptr; + struct Curl_easy *data = Curl_node_elem(e); move_pending_to_connect(multi, data); } } @@ -3807,12 +3764,12 @@ struct Curl_easy **curl_multi_get_handles(struct Curl_multi *multi) (multi->num_easy + 1)); if(a) { unsigned int i = 0; - struct Curl_easy *e = multi->easyp; - while(e) { + struct Curl_llist_node *e; + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *data = Curl_node_elem(e); DEBUGASSERT(i < multi->num_easy); - if(!e->state.internal) - a[i++] = e; - e = e->next; + if(!data->state.internal) + a[i++] = data; } a[i] = NULL; /* last entry is a NULL */ } @@ -3935,3 +3892,32 @@ static void multi_xfer_bufs_free(struct Curl_multi *multi) multi->xfer_ulbuf_len = 0; multi->xfer_ulbuf_borrowed = FALSE; } + +struct Curl_easy *Curl_multi_get_handle(struct Curl_multi *multi, + curl_off_t mid) +{ + + if(mid >= 0) { + struct Curl_easy *data; + struct Curl_llist_node *e; + + for(e = Curl_llist_head(&multi->process); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + /* may be in msgsent queue */ + for(e = Curl_llist_head(&multi->msgsent); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + /* may be in pending queue */ + for(e = Curl_llist_head(&multi->pending); e; e = Curl_node_next(e)) { + data = Curl_node_elem(e); + if(data->mid == mid) + return data; + } + } + return NULL; +} diff --git a/vendor/hydra/vendor/curl/lib/multihandle.h b/vendor/hydra/vendor/curl/lib/multihandle.h index add9a051..fef117c0 100644 --- a/vendor/hydra/vendor/curl/lib/multihandle.h +++ b/vendor/hydra/vendor/curl/lib/multihandle.h @@ -33,7 +33,7 @@ struct connectdata; struct Curl_message { - struct Curl_llist_element list; + struct Curl_llist_node list; /* the 'CURLMsg' is the part that is visible to the external user */ struct CURLMsg extmsg; }; @@ -80,30 +80,23 @@ typedef enum { /* value for MAXIMUM CONCURRENT STREAMS upper limit */ #define INITIAL_MAX_CONCURRENT_STREAMS ((1U << 31) - 1) -/* Curl_multi SSL backend-specific data; declared differently by each SSL - backend */ -struct multi_ssl_backend_data; - /* This is the struct known as CURLM on the outside */ struct Curl_multi { /* First a simple identifier to easier detect if a user mix up this multi handle with an easy handle. Set this to CURL_MULTI_HANDLE. */ unsigned int magic; - /* We have a doubly-linked list with easy handles */ - struct Curl_easy *easyp; - struct Curl_easy *easylp; /* last node */ - unsigned int num_easy; /* amount of entries in the linked list above. */ unsigned int num_alive; /* amount of easy handles that are added but have not yet reached COMPLETE state */ struct Curl_llist msglist; /* a list of messages from completed transfers */ - struct Curl_llist pending; /* Curl_easys that are in the - MSTATE_PENDING state */ - struct Curl_llist msgsent; /* Curl_easys that are in the - MSTATE_MSGSENT state */ + /* Each added easy handle is added to ONE of these three lists */ + struct Curl_llist process; /* not in PENDING or MSGSENT */ + struct Curl_llist pending; /* in PENDING */ + struct Curl_llist msgsent; /* in MSGSENT */ + curl_off_t next_easy_mid; /* next multi-id for easy handle added */ /* callback function and user data pointer for the *socket() API */ curl_socket_callback socket_cb; @@ -132,40 +125,47 @@ struct Curl_multi { char *xfer_ulbuf; /* the actual buffer */ size_t xfer_ulbuf_len; /* the allocated length */ -#if defined(USE_SSL) - struct multi_ssl_backend_data *ssl_backend_data; -#endif - /* 'sockhash' is the lookup hash for socket descriptor => easy handles (note the pluralis form, there can be more than one easy handle waiting on the same actual socket) */ struct Curl_hash sockhash; + /* `proto_hash` is a general key-value store for protocol implementations + * with the lifetime of the multi handle. The number of elements kept here + * should be in the order of supported protocols (and sub-protocols like + * TLS), *not* in the order of connections or current transfers! + * Elements need to be added with their own destructor to be invoked when + * the multi handle is cleaned up (see Curl_hash_add2()).*/ + struct Curl_hash proto_hash; /* Shared connection cache (bundles)*/ - struct conncache conn_cache; + struct cpool cpool; long max_host_connections; /* if >0, a fixed limit of the maximum number of connections per host */ long max_total_connections; /* if >0, a fixed limit of the maximum number of connections in total */ + long max_shutdown_connections; /* if >0, a fixed limit of the maximum number + of connections in shutdown handling */ /* timer callback and user data pointer for the *socket() API */ curl_multi_timer_callback timer_cb; void *timer_userp; - struct curltime timer_lastcall; /* the fixed time for the timeout for the - previous callback */ + long last_timeout_ms; /* the last timeout value set via timer_cb */ + struct curltime last_expire_ts; /* timestamp of last expiry */ + #ifdef USE_WINSOCK - WSAEVENT wsa_event; /* winsock event used for waits */ + WSAEVENT wsa_event; /* Winsock event used for waits */ #else #ifdef ENABLE_WAKEUP - curl_socket_t wakeup_pair[2]; /* pipe()/socketpair() used for wakeup - 0 is used for read, 1 is used for write */ + curl_socket_t wakeup_pair[2]; /* eventfd()/pipe()/socketpair() used for + wakeup 0 is used for read, 1 is used + for write */ #endif #endif unsigned int max_concurrent_streams; unsigned int maxconnects; /* if >0, a fixed limit of the maximum number of - entries we're allowed to grow the connection + entries we are allowed to grow the connection cache to */ #define IPV6_UNKNOWN 0 #define IPV6_DEAD 1 diff --git a/vendor/hydra/vendor/curl/lib/multiif.h b/vendor/hydra/vendor/curl/lib/multiif.h index 59a30646..e5872cd6 100644 --- a/vendor/hydra/vendor/curl/lib/multiif.h +++ b/vendor/hydra/vendor/curl/lib/multiif.h @@ -30,7 +30,7 @@ CURLcode Curl_updatesocket(struct Curl_easy *data); void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id); -void Curl_expire_clear(struct Curl_easy *data); +bool Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); CURLMcode Curl_update_timer(struct Curl_multi *multi) WARN_UNUSED_RESULT; void Curl_attach_connection(struct Curl_easy *data, @@ -63,20 +63,11 @@ struct Curl_multi *Curl_multi_handle(size_t hashsize, /* mask for checking if read and/or write is set for index x */ #define GETSOCK_MASK_RW(x) (GETSOCK_READSOCK(x)|GETSOCK_WRITESOCK(x)) -/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */ -size_t Curl_multi_max_host_connections(struct Curl_multi *multi); - -/* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */ -size_t Curl_multi_max_total_connections(struct Curl_multi *multi); - -void Curl_multiuse_state(struct Curl_easy *data, - int bundlestate); /* use BUNDLE_* defines */ - /* * Curl_multi_closed() * * Used by the connect code to tell the multi_socket code that one of the - * sockets we were using is about to be closed. This function will then + * sockets we were using is about to be closed. This function will then * remove it from the sockethash for this handle to make the multi_socket API * behave properly, especially for the case when libcurl will create another * socket again and it gets the same file descriptor number. @@ -84,6 +75,15 @@ void Curl_multiuse_state(struct Curl_easy *data, void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s); +/* Compare the two pollsets to notify the multi_socket API of changes + * in socket polling, e.g calling multi->socket_cb() with the changes if + * differences are seen. + */ +CURLMcode Curl_multi_pollset_ev(struct Curl_multi *multi, + struct Curl_easy *data, + struct easy_pollset *ps, + struct easy_pollset *last_ps); + /* * Add a handle and move it into PERFORM state at once. For pushed streams. */ @@ -144,4 +144,10 @@ CURLcode Curl_multi_xfer_ulbuf_borrow(struct Curl_easy *data, */ void Curl_multi_xfer_ulbuf_release(struct Curl_easy *data, char *buf); +/** + * Get the transfer handle for the given id. Returns NULL if not found. + */ +struct Curl_easy *Curl_multi_get_handle(struct Curl_multi *multi, + curl_off_t id); + #endif /* HEADER_CURL_MULTIIF_H */ diff --git a/vendor/hydra/vendor/curl/lib/netrc.c b/vendor/hydra/vendor/curl/lib/netrc.c index cd2a2844..490efb64 100644 --- a/vendor/hydra/vendor/curl/lib/netrc.c +++ b/vendor/hydra/vendor/curl/lib/netrc.c @@ -237,7 +237,7 @@ static int parsenetrc(const char *host, else if(strcasecompare("password", tok)) state_password = 1; else if(strcasecompare("machine", tok)) { - /* ok, there's machine here go => */ + /* ok, there is machine here go => */ state = HOSTFOUND; state_our_login = FALSE; } @@ -277,7 +277,7 @@ static int parsenetrc(const char *host, /* * @unittest: 1304 * - * *loginp and *passwordp MUST be allocated if they aren't NULL when passed + * *loginp and *passwordp MUST be allocated if they are not NULL when passed * in. */ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, @@ -324,7 +324,7 @@ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, return retcode; /* no home directory found (or possibly out of memory) */ - filealloc = curl_maprintf("%s%s.netrc", home, DIR_CHAR); + filealloc = aprintf("%s%s.netrc", home, DIR_CHAR); if(!filealloc) { free(homea); return -1; @@ -334,7 +334,7 @@ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, #ifdef _WIN32 if(retcode == NETRC_FILE_MISSING) { /* fallback to the old-style "_netrc" file */ - filealloc = curl_maprintf("%s%s_netrc", home, DIR_CHAR); + filealloc = aprintf("%s%s_netrc", home, DIR_CHAR); if(!filealloc) { free(homea); return -1; diff --git a/vendor/hydra/vendor/curl/lib/netrc.h b/vendor/hydra/vendor/curl/lib/netrc.h index 9f2815f3..37c95db5 100644 --- a/vendor/hydra/vendor/curl/lib/netrc.h +++ b/vendor/hydra/vendor/curl/lib/netrc.h @@ -27,7 +27,7 @@ #include "curl_setup.h" #ifndef CURL_DISABLE_NETRC -/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */ +/* returns -1 on failure, 0 if the host is found, 1 is the host is not found */ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, char *filename); /* Assume: (*passwordp)[0]=0, host[0] != 0. diff --git a/vendor/hydra/vendor/curl/lib/nonblock.c b/vendor/hydra/vendor/curl/lib/nonblock.c index f4eb6561..6dcf42a7 100644 --- a/vendor/hydra/vendor/curl/lib/nonblock.c +++ b/vendor/hydra/vendor/curl/lib/nonblock.c @@ -47,16 +47,25 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ int nonblock /* TRUE or FALSE */) { #if defined(HAVE_FCNTL_O_NONBLOCK) - /* most recent unix versions */ + /* most recent Unix versions */ int flags; flags = sfcntl(sockfd, F_GETFL, 0); + if(flags < 0) + return -1; + /* Check if the current file status flags have already satisfied + * the request, if so, it is no need to call fcntl() to replicate it. + */ + if(!!(flags & O_NONBLOCK) == !!nonblock) + return 0; if(nonblock) - return sfcntl(sockfd, F_SETFL, flags | O_NONBLOCK); - return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK)); + flags |= O_NONBLOCK; + else + flags &= ~O_NONBLOCK; + return sfcntl(sockfd, F_SETFL, flags); #elif defined(HAVE_IOCTL_FIONBIO) - /* older unix versions */ + /* older Unix versions */ int flags = nonblock ? 1 : 0; return ioctl(sockfd, FIONBIO, &flags); @@ -64,7 +73,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ /* Windows */ unsigned long flags = nonblock ? 1UL : 0UL; - return ioctlsocket(sockfd, FIONBIO, &flags); + return ioctlsocket(sockfd, (long)FIONBIO, &flags); #elif defined(HAVE_IOCTLSOCKET_CAMEL_FIONBIO) diff --git a/vendor/hydra/vendor/curl/lib/noproxy.c b/vendor/hydra/vendor/curl/lib/noproxy.c index 62299e28..dbfafc93 100644 --- a/vendor/hydra/vendor/curl/lib/noproxy.c +++ b/vendor/hydra/vendor/curl/lib/noproxy.c @@ -79,22 +79,22 @@ UNITTEST bool Curl_cidr6_match(const char *ipv6, unsigned int bits) { #ifdef USE_IPV6 - int bytes; - int rest; + unsigned int bytes; + unsigned int rest; unsigned char address[16]; unsigned char check[16]; if(!bits) bits = 128; - bytes = bits/8; + bytes = bits / 8; rest = bits & 0x07; + if((bytes > 16) || ((bytes == 16) && rest)) + return FALSE; if(1 != Curl_inet_pton(AF_INET6, ipv6, address)) return FALSE; if(1 != Curl_inet_pton(AF_INET6, network, check)) return FALSE; - if((bytes > 16) || ((bytes == 16) && rest)) - return FALSE; if(bytes && memcmp(address, check, bytes)) return FALSE; if(rest && !((address[bytes] ^ check[bytes]) & (0xff << (8 - rest)))) @@ -119,13 +119,12 @@ enum nametype { * Checks if the host is in the noproxy list. returns TRUE if it matches and * therefore the proxy should NOT be used. ****************************************************************/ -bool Curl_check_noproxy(const char *name, const char *no_proxy, - bool *spacesep) +bool Curl_check_noproxy(const char *name, const char *no_proxy) { char hostip[128]; - *spacesep = FALSE; + /* - * If we don't have a hostname at all, like for example with a FILE + * If we do not have a hostname at all, like for example with a FILE * transfer, we have nothing to interrogate the noproxy list with. */ if(!name || name[0] == '\0') @@ -143,7 +142,7 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy, if(!strcmp("*", no_proxy)) return TRUE; - /* NO_PROXY was specified and it wasn't just an asterisk */ + /* NO_PROXY was specified and it was not just an asterisk */ if(name[0] == '[') { char *endptr; @@ -166,7 +165,7 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy, if(1 == Curl_inet_pton(AF_INET, name, &address)) type = TYPE_IPV4; else { - /* ignore trailing dots in the host name */ + /* ignore trailing dots in the hostname */ if(name[namelen - 1] == '.') namelen--; } @@ -232,7 +231,9 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy, slash = strchr(check, '/'); /* if the slash is part of this token, use it */ if(slash) { - bits = atoi(slash + 1); + /* if the bits variable gets a crazy value here, that is fine as + the value will then be rejected in the cidr function */ + bits = (unsigned int)atoi(slash + 1); *slash = 0; /* null terminate there */ } if(type == TYPE_IPV6) @@ -248,16 +249,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy, /* pass blanks after pattern */ while(ISBLANK(*p)) p++; - /* if not a comma! */ - if(*p && (*p != ',')) { - *spacesep = TRUE; - continue; - } + /* if not a comma, this ends the loop */ + if(*p != ',') + break; /* pass any number of commas */ while(*p == ',') p++; } /* while(*p) */ - } /* NO_PROXY was specified and it wasn't just an asterisk */ + } /* NO_PROXY was specified and it was not just an asterisk */ return FALSE; } diff --git a/vendor/hydra/vendor/curl/lib/noproxy.h b/vendor/hydra/vendor/curl/lib/noproxy.h index a3a68077..71ae7eaa 100644 --- a/vendor/hydra/vendor/curl/lib/noproxy.h +++ b/vendor/hydra/vendor/curl/lib/noproxy.h @@ -27,7 +27,7 @@ #ifndef CURL_DISABLE_PROXY -#ifdef DEBUGBUILD +#ifdef UNITTESTS UNITTEST bool Curl_cidr4_match(const char *ipv4, /* 1.2.3.4 address */ const char *network, /* 1.2.3.4 address */ @@ -37,9 +37,7 @@ UNITTEST bool Curl_cidr6_match(const char *ipv6, unsigned int bits); #endif -bool Curl_check_noproxy(const char *name, const char *no_proxy, - bool *spacesep); - +bool Curl_check_noproxy(const char *name, const char *no_proxy); #endif #endif /* HEADER_CURL_NOPROXY_H */ diff --git a/vendor/hydra/vendor/curl/lib/openldap.c b/vendor/hydra/vendor/curl/lib/openldap.c index 0348ef5b..f3e13ed5 100644 --- a/vendor/hydra/vendor/curl/lib/openldap.c +++ b/vendor/hydra/vendor/curl/lib/openldap.c @@ -921,7 +921,7 @@ static CURLcode oldap_do(struct Curl_easy *data, bool *done) else { lr->msgid = msgid; data->req.p.ldap = lr; - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); *done = TRUE; } } @@ -1152,7 +1152,7 @@ ldapsb_tls_remove(Sockbuf_IO_Desc *sbiod) return 0; } -/* We don't need to do anything because libcurl does it already */ +/* We do not need to do anything because libcurl does it already */ static int ldapsb_tls_close(Sockbuf_IO_Desc *sbiod) { @@ -1201,7 +1201,7 @@ ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) if(conn) { struct ldapconninfo *li = conn->proto.ldapc; CURLcode err = CURLE_SEND_ERROR; - ret = (li->send)(data, FIRSTSOCKET, buf, len, &err); + ret = (li->send)(data, FIRSTSOCKET, buf, len, FALSE, &err); if(ret < 0 && err == CURLE_AGAIN) { SET_SOCKERRNO(EWOULDBLOCK); } diff --git a/vendor/hydra/vendor/curl/lib/parsedate.c b/vendor/hydra/vendor/curl/lib/parsedate.c index 1a7195b1..d35b58b0 100644 --- a/vendor/hydra/vendor/curl/lib/parsedate.c +++ b/vendor/hydra/vendor/curl/lib/parsedate.c @@ -244,7 +244,7 @@ static int checkmonth(const char *check, size_t len) } /* return the time zone offset between GMT and the input one, in number - of seconds or -1 if the timezone wasn't found/legal */ + of seconds or -1 if the timezone was not found/legal */ static int checktz(const char *check, size_t len) { @@ -265,7 +265,7 @@ static int checktz(const char *check, size_t len) static void skip(const char **date) { - /* skip everything that aren't letters or digits */ + /* skip everything that are not letters or digits */ while(**date && !ISALNUM(**date)) (*date)++; } @@ -277,7 +277,7 @@ enum assume { }; /* - * time2epoch: time stamp to seconds since epoch in GMT time zone. Similar to + * time2epoch: time stamp to seconds since epoch in GMT time zone. Similar to * mktime but for GMT only. */ static time_t time2epoch(int sec, int min, int hour, @@ -445,7 +445,7 @@ static int parsedate(const char *date, time_t *output) ((date[-1] == '+' || date[-1] == '-'))) { /* four digits and a value less than or equal to 1400 (to take into account all sorts of funny time zone diffs) and it is preceded - with a plus or minus. This is a time zone indication. 1400 is + with a plus or minus. This is a time zone indication. 1400 is picked since +1300 is frequently used and +1400 is mentioned as an edge number in the document "ISO C 200X Proposal: Timezone Functions" at http://david.tribble.com/text/c0xtimezone.html If @@ -521,13 +521,13 @@ static int parsedate(const char *date, time_t *output) #if (SIZEOF_TIME_T < 5) #ifdef HAVE_TIME_T_UNSIGNED - /* an unsigned 32 bit time_t can only hold dates to 2106 */ + /* an unsigned 32-bit time_t can only hold dates to 2106 */ if(yearnum > 2105) { *output = TIME_T_MAX; return PARSEDATE_LATER; } #else - /* a signed 32 bit time_t can only hold dates to the beginning of 2038 */ + /* a signed 32-bit time_t can only hold dates to the beginning of 2038 */ if(yearnum > 2037) { *output = TIME_T_MAX; return PARSEDATE_LATER; @@ -549,7 +549,7 @@ static int parsedate(const char *date, time_t *output) return PARSEDATE_FAIL; /* clearly an illegal date */ /* time2epoch() returns a time_t. time_t is often 32 bits, sometimes even on - architectures that feature 64 bit 'long' but ultimately time_t is the + architectures that feature a 64 bits 'long' but ultimately time_t is the correct data type to use. */ t = time2epoch(secnum, minnum, hournum, mdaynum, monnum, yearnum); diff --git a/vendor/hydra/vendor/curl/lib/pingpong.c b/vendor/hydra/vendor/curl/lib/pingpong.c index 81576c08..817e3f69 100644 --- a/vendor/hydra/vendor/curl/lib/pingpong.c +++ b/vendor/hydra/vendor/curl/lib/pingpong.c @@ -119,7 +119,7 @@ CURLcode Curl_pp_statemach(struct Curl_easy *data, interval_ms); if(block) { - /* if we didn't wait, we don't have to spend time on this now */ + /* if we did not wait, we do not have to spend time on this now */ if(Curl_pgrsUpdate(data)) result = CURLE_ABORTED_BY_CALLBACK; else @@ -179,7 +179,7 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, DEBUGASSERT(pp->sendthis == NULL); if(!conn) - /* can't send without a connection! */ + /* cannot send without a connection! */ return CURLE_SEND_ERROR; Curl_dyn_reset(&pp->sendbuf); @@ -199,7 +199,8 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif - result = Curl_conn_send(data, FIRSTSOCKET, s, write_len, &bytes_written); + result = Curl_conn_send(data, FIRSTSOCKET, s, write_len, FALSE, + &bytes_written); if(result == CURLE_AGAIN) { bytes_written = 0; } @@ -285,94 +286,99 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, { struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; + ssize_t gotbytes; + char buffer[900]; *code = 0; /* 0 for errors or not done */ *size = 0; - if(pp->nfinal) { - /* a previous call left this many bytes in the beginning of the buffer as - that was the final line; now ditch that */ - size_t full = Curl_dyn_len(&pp->recvbuf); + do { + gotbytes = 0; + if(pp->nfinal) { + /* a previous call left this many bytes in the beginning of the buffer as + that was the final line; now ditch that */ + size_t full = Curl_dyn_len(&pp->recvbuf); - /* trim off the "final" leading part */ - Curl_dyn_tail(&pp->recvbuf, full - pp->nfinal); + /* trim off the "final" leading part */ + Curl_dyn_tail(&pp->recvbuf, full - pp->nfinal); - pp->nfinal = 0; /* now gone */ - } - if(!pp->overflow) { - ssize_t gotbytes = 0; - char buffer[900]; + pp->nfinal = 0; /* now gone */ + } + if(!pp->overflow) { + result = pingpong_read(data, sockindex, buffer, sizeof(buffer), + &gotbytes); + if(result == CURLE_AGAIN) + return CURLE_OK; - result = pingpong_read(data, sockindex, buffer, sizeof(buffer), &gotbytes); - if(result == CURLE_AGAIN) - return CURLE_OK; + if(result) + return result; - if(result) - return result; + if(gotbytes <= 0) { + failf(data, "response reading failed (errno: %d)", SOCKERRNO); + return CURLE_RECV_ERROR; + } - if(gotbytes <= 0) { - failf(data, "response reading failed (errno: %d)", SOCKERRNO); - return CURLE_RECV_ERROR; - } + result = Curl_dyn_addn(&pp->recvbuf, buffer, gotbytes); + if(result) + return result; - result = Curl_dyn_addn(&pp->recvbuf, buffer, gotbytes); - if(result) - return result; + data->req.headerbytecount += (unsigned int)gotbytes; - data->req.headerbytecount += (unsigned int)gotbytes; + pp->nread_resp += gotbytes; + } - pp->nread_resp += gotbytes; - } + do { + char *line = Curl_dyn_ptr(&pp->recvbuf); + char *nl = memchr(line, '\n', Curl_dyn_len(&pp->recvbuf)); + if(nl) { + /* a newline is CRLF in pp-talk, so the CR is ignored as + the line is not really terminated until the LF comes */ + size_t length = nl - line + 1; - do { - char *line = Curl_dyn_ptr(&pp->recvbuf); - char *nl = memchr(line, '\n', Curl_dyn_len(&pp->recvbuf)); - if(nl) { - /* a newline is CRLF in pp-talk, so the CR is ignored as - the line isn't really terminated until the LF comes */ - size_t length = nl - line + 1; - - /* output debug output if that is requested */ + /* output debug output if that is requested */ #ifdef HAVE_GSSAPI - if(!conn->sec_complete) + if(!conn->sec_complete) #endif - Curl_debug(data, CURLINFO_HEADER_IN, line, length); - - /* - * Pass all response-lines to the callback function registered for - * "headers". The response lines can be seen as a kind of headers. - */ - result = Curl_client_write(data, CLIENTWRITE_INFO, line, length); - if(result) - return result; - - if(pp->endofresp(data, conn, line, length, code)) { - /* When at "end of response", keep the endofresp line first in the - buffer since it will be accessed outside (by pingpong - parsers). Store the overflow counter to inform about additional - data in this buffer after the endofresp line. */ - pp->nfinal = length; + Curl_debug(data, CURLINFO_HEADER_IN, line, length); + + /* + * Pass all response-lines to the callback function registered for + * "headers". The response lines can be seen as a kind of headers. + */ + result = Curl_client_write(data, CLIENTWRITE_INFO, line, length); + if(result) + return result; + + if(pp->endofresp(data, conn, line, length, code)) { + /* When at "end of response", keep the endofresp line first in the + buffer since it will be accessed outside (by pingpong + parsers). Store the overflow counter to inform about additional + data in this buffer after the endofresp line. */ + pp->nfinal = length; + if(Curl_dyn_len(&pp->recvbuf) > length) + pp->overflow = Curl_dyn_len(&pp->recvbuf) - length; + else + pp->overflow = 0; + *size = pp->nread_resp; /* size of the response */ + pp->nread_resp = 0; /* restart */ + gotbytes = 0; /* force break out of outer loop */ + break; + } if(Curl_dyn_len(&pp->recvbuf) > length) - pp->overflow = Curl_dyn_len(&pp->recvbuf) - length; + /* keep the remaining piece */ + Curl_dyn_tail((&pp->recvbuf), Curl_dyn_len(&pp->recvbuf) - length); else - pp->overflow = 0; - *size = pp->nread_resp; /* size of the response */ - pp->nread_resp = 0; /* restart */ + Curl_dyn_reset(&pp->recvbuf); + } + else { + /* without a newline, there is no overflow */ + pp->overflow = 0; break; } - if(Curl_dyn_len(&pp->recvbuf) > length) - /* keep the remaining piece */ - Curl_dyn_tail((&pp->recvbuf), Curl_dyn_len(&pp->recvbuf) - length); - else - Curl_dyn_reset(&pp->recvbuf); - } - else { - /* without a newline, there is no overflow */ - pp->overflow = 0; - break; - } - } while(1); /* while there's buffer left to scan */ + } while(1); /* while there is buffer left to scan */ + + } while(gotbytes == sizeof(buffer)); pp->pending_resp = FALSE; @@ -394,6 +400,13 @@ int Curl_pp_getsock(struct Curl_easy *data, return GETSOCK_READSOCK(0); } +bool Curl_pp_needs_flush(struct Curl_easy *data, + struct pingpong *pp) +{ + (void)data; + return pp->sendleft > 0; +} + CURLcode Curl_pp_flushsend(struct Curl_easy *data, struct pingpong *pp) { @@ -401,9 +414,12 @@ CURLcode Curl_pp_flushsend(struct Curl_easy *data, size_t written; CURLcode result; + if(!Curl_pp_needs_flush(data, pp)) + return CURLE_OK; + result = Curl_conn_send(data, FIRSTSOCKET, pp->sendthis + pp->sendsize - pp->sendleft, - pp->sendleft, &written); + pp->sendleft, FALSE, &written); if(result == CURLE_AGAIN) { result = CURLE_OK; written = 0; diff --git a/vendor/hydra/vendor/curl/lib/pingpong.h b/vendor/hydra/vendor/curl/lib/pingpong.h index 28172c72..72239ff0 100644 --- a/vendor/hydra/vendor/curl/lib/pingpong.h +++ b/vendor/hydra/vendor/curl/lib/pingpong.h @@ -37,7 +37,7 @@ struct connectdata; typedef enum { PPTRANSFER_BODY, /* yes do transfer a body */ PPTRANSFER_INFO, /* do still go through to get info/headers */ - PPTRANSFER_NONE /* don't get anything and don't get info */ + PPTRANSFER_NONE /* do not get anything and do not get info */ } curl_pp_transfer; /* @@ -83,7 +83,7 @@ struct pingpong { * Curl_pp_statemach() * * called repeatedly until done. Set 'wait' to make it wait a while on the - * socket if there's no traffic. + * socket if there is no traffic. */ CURLcode Curl_pp_statemach(struct Curl_easy *data, struct pingpong *pp, bool block, bool disconnecting); @@ -137,6 +137,8 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, int *code, /* return the server code if done */ size_t *size); /* size of the response */ +bool Curl_pp_needs_flush(struct Curl_easy *data, + struct pingpong *pp); CURLcode Curl_pp_flushsend(struct Curl_easy *data, struct pingpong *pp); diff --git a/vendor/hydra/vendor/curl/lib/pop3.c b/vendor/hydra/vendor/curl/lib/pop3.c index 9a303315..1f5334d9 100644 --- a/vendor/hydra/vendor/curl/lib/pop3.c +++ b/vendor/hydra/vendor/curl/lib/pop3.c @@ -83,6 +83,10 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + /* Local API functions */ static CURLcode pop3_regular_transfer(struct Curl_easy *data, bool *done); static CURLcode pop3_do(struct Curl_easy *data, bool *done); @@ -107,6 +111,11 @@ static CURLcode pop3_continue_auth(struct Curl_easy *data, const char *mech, static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech); static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out); +/* This function scans the body after the end-of-body and writes everything + * until the end is found */ +static CURLcode pop3_write(struct Curl_easy *data, + const char *str, size_t nread, bool is_eos); + /* * POP3 protocol handler. */ @@ -125,7 +134,7 @@ const struct Curl_handler Curl_handler_pop3 = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* write_resp */ + pop3_write, /* write_resp */ ZERO_NULL, /* write_resp_hd */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ @@ -155,7 +164,7 @@ const struct Curl_handler Curl_handler_pop3s = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* write_resp */ + pop3_write, /* write_resp */ ZERO_NULL, /* write_resp_hd */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ @@ -194,6 +203,53 @@ static void pop3_to_pop3s(struct connectdata *conn) #define pop3_to_pop3s(x) Curl_nop_stmt #endif +struct pop3_cmd { + const char *name; + unsigned short nlen; + BIT(multiline); /* response is multi-line with last '.' line */ + BIT(multiline_with_args); /* is multi-line when command has args */ +}; + +static const struct pop3_cmd pop3cmds[] = { + { "APOP", 4, FALSE, FALSE }, + { "AUTH", 4, FALSE, FALSE }, + { "CAPA", 4, TRUE, TRUE }, + { "DELE", 4, FALSE, FALSE }, + { "LIST", 4, TRUE, FALSE }, + { "MSG", 3, TRUE, TRUE }, + { "NOOP", 4, FALSE, FALSE }, + { "PASS", 4, FALSE, FALSE }, + { "QUIT", 4, FALSE, FALSE }, + { "RETR", 4, TRUE, TRUE }, + { "RSET", 4, FALSE, FALSE }, + { "STAT", 4, FALSE, FALSE }, + { "STLS", 4, FALSE, FALSE }, + { "TOP", 3, TRUE, TRUE }, + { "UIDL", 4, TRUE, FALSE }, + { "USER", 4, FALSE, FALSE }, + { "UTF8", 4, FALSE, FALSE }, + { "XTND", 4, TRUE, TRUE }, +}; + +/* Return iff a command is defined as "multi-line" (RFC 1939), + * has a response terminated by a last line with a '.'. + */ +static bool pop3_is_multiline(const char *cmdline) +{ + size_t i; + for(i = 0; i < ARRAYSIZE(pop3cmds); ++i) { + if(strncasecompare(pop3cmds[i].name, cmdline, pop3cmds[i].nlen)) { + if(!cmdline[pop3cmds[i].nlen]) + return pop3cmds[i].multiline; + else if(cmdline[pop3cmds[i].nlen] == ' ') + return pop3cmds[i].multiline_with_args; + } + } + /* Unknown command, assume multi-line for backward compatibility with + * earlier curl versions that only could do multi-line responses. */ + return TRUE; +} + /*********************************************************************** * * pop3_endofresp() @@ -406,7 +462,7 @@ static CURLcode pop3_perform_user(struct Curl_easy *data, CURLcode result = CURLE_OK; /* Check we have a username and password to authenticate with and end the - connect phase if we don't */ + connect phase if we do not */ if(!data->state.aptr.user) { pop3_state(data, POP3_STOP); @@ -440,7 +496,7 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data, char secret[2 * MD5_DIGEST_LEN + 1]; /* Check we have a username and password to authenticate with and end the - connect phase if we don't */ + connect phase if we do not */ if(!data->state.aptr.user) { pop3_state(data, POP3_STOP); @@ -550,7 +606,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, saslprogress progress = SASL_IDLE; /* Check we have enough data to authenticate with and end the - connect phase if we don't */ + connect phase if we do not */ if(!Curl_sasl_can_authenticate(&pop3c->sasl, data)) { pop3_state(data, POP3_STOP); return result; @@ -609,18 +665,20 @@ static CURLcode pop3_perform_command(struct Curl_easy *data) else command = "RETR"; + if(pop3->custom && pop3->custom[0] != '\0') + command = pop3->custom; + /* Send the command */ if(pop3->id[0] != '\0') result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s %s", - (pop3->custom && pop3->custom[0] != '\0' ? - pop3->custom : command), pop3->id); + command, pop3->id); else - result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", - (pop3->custom && pop3->custom[0] != '\0' ? - pop3->custom : command)); + result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", command); - if(!result) + if(!result) { pop3_state(data, POP3_COMMAND); + data->req.no_body = !pop3_is_multiline(command); + } return result; } @@ -758,7 +816,7 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, } } else { - /* Clear text is supported when CAPA isn't recognised */ + /* Clear text is supported when CAPA is not recognised */ if(pop3code != '+') pop3c->authtypes |= POP3_TYPE_CLEARTEXT; @@ -931,12 +989,12 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, pop3c->eob = 2; /* But since this initial CR LF pair is not part of the actual body, we set - the strip counter here so that these bytes won't be delivered. */ + the strip counter here so that these bytes will not be delivered. */ pop3c->strip = 2; if(pop3->transfer == PPTRANSFER_BODY) { /* POP3 download */ - Curl_xfer_setup(data, FIRSTSOCKET, -1, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE); if(pp->overflow) { /* The recv buffer contains data that is actually body content so send @@ -948,8 +1006,8 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, pp->nfinal = 0; /* done */ if(!data->req.no_body) { - result = Curl_pop3_write(data, Curl_dyn_ptr(&pp->recvbuf), - Curl_dyn_len(&pp->recvbuf)); + result = pop3_write(data, Curl_dyn_ptr(&pp->recvbuf), + Curl_dyn_len(&pp->recvbuf), FALSE); if(result) return result; } @@ -1447,12 +1505,13 @@ static CURLcode pop3_parse_custom_request(struct Curl_easy *data) /*********************************************************************** * - * Curl_pop3_write() + * pop3_write() * * This function scans the body after the end-of-body and writes everything * until the end is found. */ -CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) +static CURLcode pop3_write(struct Curl_easy *data, const char *str, + size_t nread, bool is_eos) { /* This code could be made into a special function in the handler struct */ CURLcode result = CURLE_OK; @@ -1462,6 +1521,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) bool strip_dot = FALSE; size_t last = 0; size_t i; + (void)is_eos; /* Search through the buffer looking for the end-of-body marker which is 5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches @@ -1477,7 +1537,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) pop3c->eob++; if(i) { - /* Write out the body part that didn't match */ + /* Write out the body part that did not match */ result = Curl_client_write(data, CLIENTWRITE_BODY, &str[last], i - last); @@ -1490,7 +1550,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) else if(pop3c->eob == 3) pop3c->eob++; else - /* If the character match wasn't at position 0 or 3 then restart the + /* If the character match was not at position 0 or 3 then restart the pattern matching */ pop3c->eob = 1; break; @@ -1499,7 +1559,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) if(pop3c->eob == 1 || pop3c->eob == 4) pop3c->eob++; else - /* If the character match wasn't at position 1 or 4 then start the + /* If the character match was not at position 1 or 4 then start the search again */ pop3c->eob = 0; break; @@ -1513,7 +1573,7 @@ CURLcode Curl_pop3_write(struct Curl_easy *data, const char *str, size_t nread) pop3c->eob = 0; } else - /* If the character match wasn't at position 2 then start the search + /* If the character match was not at position 2 then start the search again */ pop3c->eob = 0; break; diff --git a/vendor/hydra/vendor/curl/lib/pop3.h b/vendor/hydra/vendor/curl/lib/pop3.h index e8e98db0..3d08dafa 100644 --- a/vendor/hydra/vendor/curl/lib/pop3.h +++ b/vendor/hydra/vendor/curl/lib/pop3.h @@ -90,9 +90,4 @@ extern const struct Curl_handler Curl_handler_pop3s; #define POP3_EOB "\x0d\x0a\x2e\x0d\x0a" #define POP3_EOB_LEN 5 -/* This function scans the body after the end-of-body and writes everything - * until the end is found */ -CURLcode Curl_pop3_write(struct Curl_easy *data, - const char *str, size_t nread); - #endif /* HEADER_CURL_POP3_H */ diff --git a/vendor/hydra/vendor/curl/lib/progress.c b/vendor/hydra/vendor/curl/lib/progress.c index d05fcc3e..cb9829c3 100644 --- a/vendor/hydra/vendor/curl/lib/progress.c +++ b/vendor/hydra/vendor/curl/lib/progress.c @@ -48,8 +48,7 @@ static void time2str(char *r, curl_off_t seconds) if(h <= CURL_OFF_T_C(99)) { curl_off_t m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60); curl_off_t s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60)); - msnprintf(r, 9, "%2" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T - ":%02" CURL_FORMAT_CURL_OFF_T, h, m, s); + msnprintf(r, 9, "%2" FMT_OFF_T ":%02" FMT_OFF_T ":%02" FMT_OFF_T, h, m, s); } else { /* this equals to more than 99 hours, switch to a more suitable output @@ -57,10 +56,9 @@ static void time2str(char *r, curl_off_t seconds) curl_off_t d = seconds / CURL_OFF_T_C(86400); h = (seconds - (d*CURL_OFF_T_C(86400))) / CURL_OFF_T_C(3600); if(d <= CURL_OFF_T_C(999)) - msnprintf(r, 9, "%3" CURL_FORMAT_CURL_OFF_T - "d %02" CURL_FORMAT_CURL_OFF_T "h", d, h); + msnprintf(r, 9, "%3" FMT_OFF_T "d %02" FMT_OFF_T "h", d, h); else - msnprintf(r, 9, "%7" CURL_FORMAT_CURL_OFF_T "d", d); + msnprintf(r, 9, "%7" FMT_OFF_T "d", d); } } @@ -76,40 +74,40 @@ static char *max5data(curl_off_t bytes, char *max5) #define ONE_PETABYTE (CURL_OFF_T_C(1024) * ONE_TERABYTE) if(bytes < CURL_OFF_T_C(100000)) - msnprintf(max5, 6, "%5" CURL_FORMAT_CURL_OFF_T, bytes); + msnprintf(max5, 6, "%5" FMT_OFF_T, bytes); else if(bytes < CURL_OFF_T_C(10000) * ONE_KILOBYTE) - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "k", bytes/ONE_KILOBYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "k", bytes/ONE_KILOBYTE); else if(bytes < CURL_OFF_T_C(100) * ONE_MEGABYTE) - /* 'XX.XM' is good as long as we're less than 100 megs */ - msnprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0" - CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE, + /* 'XX.XM' is good as long as we are less than 100 megs */ + msnprintf(max5, 6, "%2" FMT_OFF_T ".%0" + FMT_OFF_T "M", bytes/ONE_MEGABYTE, (bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) ); else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE) - /* 'XXXXM' is good until we're at 10000MB or above */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE); + /* 'XXXXM' is good until we are at 10000MB or above */ + msnprintf(max5, 6, "%4" FMT_OFF_T "M", bytes/ONE_MEGABYTE); else if(bytes < CURL_OFF_T_C(100) * ONE_GIGABYTE) /* 10000 MB - 100 GB, we show it as XX.XG */ - msnprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0" - CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE, + msnprintf(max5, 6, "%2" FMT_OFF_T ".%0" + FMT_OFF_T "G", bytes/ONE_GIGABYTE, (bytes%ONE_GIGABYTE) / (ONE_GIGABYTE/CURL_OFF_T_C(10)) ); else if(bytes < CURL_OFF_T_C(10000) * ONE_GIGABYTE) /* up to 10000GB, display without decimal: XXXXG */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "G", bytes/ONE_GIGABYTE); else if(bytes < CURL_OFF_T_C(10000) * ONE_TERABYTE) /* up to 10000TB, display without decimal: XXXXT */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "T", bytes/ONE_TERABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "T", bytes/ONE_TERABYTE); else /* up to 10000PB, display without decimal: XXXXP */ - msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE); + msnprintf(max5, 6, "%4" FMT_OFF_T "P", bytes/ONE_PETABYTE); - /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number can + /* 16384 petabytes (16 exabytes) is the maximum a 64-bit unsigned number can hold, but our data type is signed so 8192PB will be the maximum. */ return max5; @@ -140,7 +138,7 @@ int Curl_pgrsDone(struct Curl_easy *data) if(!(data->progress.flags & PGRS_HIDE) && !data->progress.callback) - /* only output if we don't use a progress callback and we're not + /* only output if we do not use a progress callback and we are not * hidden */ fprintf(data->set.err, "\n"); @@ -204,7 +202,7 @@ void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, case TIMER_STARTTRANSFER: delta = &data->progress.t_starttransfer; /* prevent updating t_starttransfer unless: - * 1) this is the first time we're setting t_starttransfer + * 1) this is the first time we are setting t_starttransfer * 2) a redirect has occurred since the last time t_starttransfer was set * This prevents repeated invocations of the function from incorrectly * changing the t_starttransfer time. @@ -217,7 +215,7 @@ void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, break; } case TIMER_POSTRANSFER: - /* this is the normal end-of-transfer thing */ + delta = &data->progress.t_posttransfer; break; case TIMER_REDIRECT: data->progress.t_redirect = Curl_timediff_us(timestamp, @@ -252,12 +250,12 @@ void Curl_pgrsStartNow(struct Curl_easy *data) data->progress.speeder_c = 0; /* reset the progress meter display */ data->progress.start = Curl_now(); data->progress.is_t_startransfer_set = false; - data->progress.ul_limit_start = data->progress.start; - data->progress.dl_limit_start = data->progress.start; - data->progress.ul_limit_size = 0; - data->progress.dl_limit_size = 0; - data->progress.downloaded = 0; - data->progress.uploaded = 0; + data->progress.ul.limit.start = data->progress.start; + data->progress.dl.limit.start = data->progress.start; + data->progress.ul.limit.start_size = 0; + data->progress.dl.limit.start_size = 0; + data->progress.dl.cur_size = 0; + data->progress.ul.cur_size = 0; /* clear all bits except HIDE and HEADERS_OUT */ data->progress.flags &= PGRS_HIDE|PGRS_HEADERS_OUT; Curl_ratelimit(data, data->progress.start); @@ -265,11 +263,11 @@ void Curl_pgrsStartNow(struct Curl_easy *data) /* * This is used to handle speed limits, calculating how many milliseconds to - * wait until we're back under the speed limit, if needed. + * wait until we are back under the speed limit, if needed. * * The way it works is by having a "starting point" (time & amount of data * transferred by then) used in the speed computation, to be used instead of - * the start of the transfer. This starting point is regularly moved as + * the start of the transfer. This starting point is regularly moved as * transfer goes on, to keep getting accurate values (instead of average over * the entire transfer). * @@ -281,17 +279,15 @@ void Curl_pgrsStartNow(struct Curl_easy *data) * starting point should be reset (to current); or the number of milliseconds * to wait to get back under the speed limit. */ -timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, - curl_off_t startsize, - curl_off_t limit, - struct curltime start, +timediff_t Curl_pgrsLimitWaitTime(struct pgrs_dir *d, + curl_off_t speed_limit, struct curltime now) { - curl_off_t size = cursize - startsize; + curl_off_t size = d->cur_size - d->limit.start_size; timediff_t minimum; timediff_t actual; - if(!limit || !size) + if(!speed_limit || !size) return 0; /* @@ -299,9 +295,9 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, * stay below 'limit'. */ if(size < CURL_OFF_T_MAX/1000) - minimum = (timediff_t) (CURL_OFF_T_C(1000) * size / limit); + minimum = (timediff_t) (CURL_OFF_T_C(1000) * size / speed_limit); else { - minimum = (timediff_t) (size / limit); + minimum = (timediff_t) (size / speed_limit); if(minimum < TIMEDIFF_T_MAX/1000) minimum *= 1000; else @@ -312,7 +308,7 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, * 'actual' is the time in milliseconds it took to actually download the * last 'size' bytes. */ - actual = Curl_timediff_ceil(now, start); + actual = Curl_timediff_ceil(now, d->limit.start); if(actual < minimum) { /* if it downloaded the data faster than the limit, make it wait the difference */ @@ -327,7 +323,7 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, */ CURLcode Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size) { - data->progress.downloaded = size; + data->progress.dl.cur_size = size; return CURLE_OK; } @@ -336,19 +332,19 @@ CURLcode Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size) */ void Curl_ratelimit(struct Curl_easy *data, struct curltime now) { - /* don't set a new stamp unless the time since last update is long enough */ + /* do not set a new stamp unless the time since last update is long enough */ if(data->set.max_recv_speed) { - if(Curl_timediff(now, data->progress.dl_limit_start) >= + if(Curl_timediff(now, data->progress.dl.limit.start) >= MIN_RATE_LIMIT_PERIOD) { - data->progress.dl_limit_start = now; - data->progress.dl_limit_size = data->progress.downloaded; + data->progress.dl.limit.start = now; + data->progress.dl.limit.start_size = data->progress.dl.cur_size; } } if(data->set.max_send_speed) { - if(Curl_timediff(now, data->progress.ul_limit_start) >= + if(Curl_timediff(now, data->progress.ul.limit.start) >= MIN_RATE_LIMIT_PERIOD) { - data->progress.ul_limit_start = now; - data->progress.ul_limit_size = data->progress.uploaded; + data->progress.ul.limit.start = now; + data->progress.ul.limit.start_size = data->progress.ul.cur_size; } } } @@ -358,17 +354,17 @@ void Curl_ratelimit(struct Curl_easy *data, struct curltime now) */ void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size) { - data->progress.uploaded = size; + data->progress.ul.cur_size = size; } void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size) { if(size >= 0) { - data->progress.size_dl = size; + data->progress.dl.total_size = size; data->progress.flags |= PGRS_DL_SIZE_KNOWN; } else { - data->progress.size_dl = 0; + data->progress.dl.total_size = 0; data->progress.flags &= ~PGRS_DL_SIZE_KNOWN; } } @@ -376,11 +372,11 @@ void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size) void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) { if(size >= 0) { - data->progress.size_ul = size; + data->progress.ul.total_size = size; data->progress.flags |= PGRS_UL_SIZE_KNOWN; } else { - data->progress.size_ul = 0; + data->progress.ul.total_size = 0; data->progress.flags &= ~PGRS_UL_SIZE_KNOWN; } } @@ -399,7 +395,7 @@ static curl_off_t trspeed(curl_off_t size, /* number of bytes */ return CURL_OFF_T_MAX; } -/* returns TRUE if it's time to show the progress meter */ +/* returns TRUE if it is time to show the progress meter */ static bool progress_calc(struct Curl_easy *data, struct curltime now) { bool timetoshow = FALSE; @@ -407,8 +403,8 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* The time spent so far (from the start) in microseconds */ p->timespent = Curl_timediff_us(now, p->start); - p->dlspeed = trspeed(p->downloaded, p->timespent); - p->ulspeed = trspeed(p->uploaded, p->timespent); + p->dl.speed = trspeed(p->dl.cur_size, p->timespent); + p->ul.speed = trspeed(p->ul.cur_size, p->timespent); /* Calculations done at most once a second, unless end is reached */ if(p->lastshow != now.tv_sec) { @@ -419,7 +415,7 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* Let's do the "current speed" thing, with the dl + ul speeds combined. Store the speed at entry 'nowindex'. */ - p->speeder[ nowindex ] = p->downloaded + p->uploaded; + p->speeder[ nowindex ] = p->dl.cur_size + p->ul.cur_size; /* remember the exact time for this moment */ p->speeder_time [ nowindex ] = now; @@ -431,10 +427,10 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) /* figure out how many index entries of data we have stored in our speeder array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of transfer. Imagine, after one second we have filled in two entries, - after two seconds we've filled in three entries etc. */ + after two seconds we have filled in three entries etc. */ countindex = ((p->speeder_c >= CURR_TIME)? CURR_TIME:p->speeder_c) - 1; - /* first of all, we don't do this if there's no counted seconds yet */ + /* first of all, we do not do this if there is no counted seconds yet */ if(countindex) { int checkindex; timediff_t span_ms; @@ -465,113 +461,107 @@ static bool progress_calc(struct Curl_easy *data, struct curltime now) } else /* the first second we use the average */ - p->current_speed = p->ulspeed + p->dlspeed; + p->current_speed = p->ul.speed + p->dl.speed; } /* Calculations end */ return timetoshow; } #ifndef CURL_DISABLE_PROGRESS_METER + +struct pgrs_estimate { + curl_off_t secs; + curl_off_t percent; +}; + +static curl_off_t pgrs_est_percent(curl_off_t total, curl_off_t cur) +{ + if(total > CURL_OFF_T_C(10000)) + return cur / (total/CURL_OFF_T_C(100)); + else if(total > CURL_OFF_T_C(0)) + return (cur*100) / total; + return 0; +} + +static void pgrs_estimates(struct pgrs_dir *d, + bool total_known, + struct pgrs_estimate *est) +{ + est->secs = 0; + est->percent = 0; + if(total_known && (d->speed > CURL_OFF_T_C(0))) { + est->secs = d->total_size / d->speed; + est->percent = pgrs_est_percent(d->total_size, d->cur_size); + } +} + static void progress_meter(struct Curl_easy *data) { + struct Progress *p = &data->progress; char max5[6][10]; - curl_off_t dlpercen = 0; - curl_off_t ulpercen = 0; - curl_off_t total_percen = 0; - curl_off_t total_transfer; - curl_off_t total_expected_transfer; + struct pgrs_estimate dl_estm; + struct pgrs_estimate ul_estm; + struct pgrs_estimate total_estm; + curl_off_t total_cur_size; + curl_off_t total_expected_size; char time_left[10]; char time_total[10]; char time_spent[10]; - curl_off_t ulestimate = 0; - curl_off_t dlestimate = 0; - curl_off_t total_estimate; - curl_off_t timespent = - (curl_off_t)data->progress.timespent/1000000; /* seconds */ + curl_off_t cur_secs = (curl_off_t)p->timespent/1000000; /* seconds */ - if(!(data->progress.flags & PGRS_HEADERS_OUT)) { + if(!(p->flags & PGRS_HEADERS_OUT)) { if(data->state.resume_from) { fprintf(data->set.err, - "** Resuming transfer from byte position %" - CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from); + "** Resuming transfer from byte position %" FMT_OFF_T "\n", + data->state.resume_from); } fprintf(data->set.err, " %% Total %% Received %% Xferd Average Speed " "Time Time Time Current\n" " Dload Upload " "Total Spent Left Speed\n"); - data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */ + p->flags |= PGRS_HEADERS_OUT; /* headers are shown */ } - /* Figure out the estimated time of arrival for the upload */ - if((data->progress.flags & PGRS_UL_SIZE_KNOWN) && - (data->progress.ulspeed > CURL_OFF_T_C(0))) { - ulestimate = data->progress.size_ul / data->progress.ulspeed; - - if(data->progress.size_ul > CURL_OFF_T_C(10000)) - ulpercen = data->progress.uploaded / - (data->progress.size_ul/CURL_OFF_T_C(100)); - else if(data->progress.size_ul > CURL_OFF_T_C(0)) - ulpercen = (data->progress.uploaded*100) / - data->progress.size_ul; - } - - /* ... and the download */ - if((data->progress.flags & PGRS_DL_SIZE_KNOWN) && - (data->progress.dlspeed > CURL_OFF_T_C(0))) { - dlestimate = data->progress.size_dl / data->progress.dlspeed; - - if(data->progress.size_dl > CURL_OFF_T_C(10000)) - dlpercen = data->progress.downloaded / - (data->progress.size_dl/CURL_OFF_T_C(100)); - else if(data->progress.size_dl > CURL_OFF_T_C(0)) - dlpercen = (data->progress.downloaded*100) / - data->progress.size_dl; - } - - /* Now figure out which of them is slower and use that one for the - total estimate! */ - total_estimate = ulestimate>dlestimate?ulestimate:dlestimate; + /* Figure out the estimated time of arrival for upload and download */ + pgrs_estimates(&p->ul, (p->flags & PGRS_UL_SIZE_KNOWN), &ul_estm); + pgrs_estimates(&p->dl, (p->flags & PGRS_DL_SIZE_KNOWN), &dl_estm); + /* Since both happen at the same time, total expected duration is max. */ + total_estm.secs = CURLMAX(ul_estm.secs, dl_estm.secs); /* create the three time strings */ - time2str(time_left, total_estimate > 0?(total_estimate - timespent):0); - time2str(time_total, total_estimate); - time2str(time_spent, timespent); + time2str(time_left, total_estm.secs > 0?(total_estm.secs - cur_secs):0); + time2str(time_total, total_estm.secs); + time2str(time_spent, cur_secs); /* Get the total amount of data expected to get transferred */ - total_expected_transfer = - ((data->progress.flags & PGRS_UL_SIZE_KNOWN)? - data->progress.size_ul:data->progress.uploaded)+ - ((data->progress.flags & PGRS_DL_SIZE_KNOWN)? - data->progress.size_dl:data->progress.downloaded); + total_expected_size = + ((p->flags & PGRS_UL_SIZE_KNOWN)? p->ul.total_size:p->ul.cur_size) + + ((p->flags & PGRS_DL_SIZE_KNOWN)? p->dl.total_size:p->dl.cur_size); /* We have transferred this much so far */ - total_transfer = data->progress.downloaded + data->progress.uploaded; + total_cur_size = p->dl.cur_size + p->ul.cur_size; /* Get the percentage of data transferred so far */ - if(total_expected_transfer > CURL_OFF_T_C(10000)) - total_percen = total_transfer / - (total_expected_transfer/CURL_OFF_T_C(100)); - else if(total_expected_transfer > CURL_OFF_T_C(0)) - total_percen = (total_transfer*100) / total_expected_transfer; + total_estm.percent = pgrs_est_percent(total_expected_size, total_cur_size); fprintf(data->set.err, "\r" - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s %s %s %s %s %s %s", - total_percen, /* 3 letters */ /* total % */ - max5data(total_expected_transfer, max5[2]), /* total size */ - dlpercen, /* 3 letters */ /* rcvd % */ - max5data(data->progress.downloaded, max5[0]), /* rcvd size */ - ulpercen, /* 3 letters */ /* xfer % */ - max5data(data->progress.uploaded, max5[1]), /* xfer size */ - max5data(data->progress.dlspeed, max5[3]), /* avrg dl speed */ - max5data(data->progress.ulspeed, max5[4]), /* avrg ul speed */ + "%3" FMT_OFF_T " %s " + "%3" FMT_OFF_T " %s " + "%3" FMT_OFF_T " %s %s %s %s %s %s %s", + total_estm.percent, /* 3 letters */ /* total % */ + max5data(total_expected_size, max5[2]), /* total size */ + dl_estm.percent, /* 3 letters */ /* rcvd % */ + max5data(p->dl.cur_size, max5[0]), /* rcvd size */ + ul_estm.percent, /* 3 letters */ /* xfer % */ + max5data(p->ul.cur_size, max5[1]), /* xfer size */ + max5data(p->dl.speed, max5[3]), /* avrg dl speed */ + max5data(p->ul.speed, max5[4]), /* avrg ul speed */ time_total, /* 8 letters */ /* total time */ time_spent, /* 8 letters */ /* time spent */ time_left, /* 8 letters */ /* time left */ - max5data(data->progress.current_speed, max5[5]) + max5data(p->current_speed, max5[5]) ); /* we flush the output stream to make it appear as soon as possible */ @@ -587,20 +577,18 @@ static void progress_meter(struct Curl_easy *data) * Curl_pgrsUpdate() returns 0 for success or the value returned by the * progress callback! */ -int Curl_pgrsUpdate(struct Curl_easy *data) +static int pgrsupdate(struct Curl_easy *data, bool showprogress) { - struct curltime now = Curl_now(); /* what time is it */ - bool showprogress = progress_calc(data, now); if(!(data->progress.flags & PGRS_HIDE)) { if(data->set.fxferinfo) { int result; - /* There's a callback set, call that */ + /* There is a callback set, call that */ Curl_set_in_callback(data, true); result = data->set.fxferinfo(data->set.progress_client, - data->progress.size_dl, - data->progress.downloaded, - data->progress.size_ul, - data->progress.uploaded); + data->progress.dl.total_size, + data->progress.dl.cur_size, + data->progress.ul.total_size, + data->progress.ul.cur_size); Curl_set_in_callback(data, false); if(result != CURL_PROGRESSFUNC_CONTINUE) { if(result) @@ -613,10 +601,10 @@ int Curl_pgrsUpdate(struct Curl_easy *data) /* The older deprecated callback is set, call that */ Curl_set_in_callback(data, true); result = data->set.fprogress(data->set.progress_client, - (double)data->progress.size_dl, - (double)data->progress.downloaded, - (double)data->progress.size_ul, - (double)data->progress.uploaded); + (double)data->progress.dl.total_size, + (double)data->progress.dl.cur_size, + (double)data->progress.ul.total_size, + (double)data->progress.ul.cur_size); Curl_set_in_callback(data, false); if(result != CURL_PROGRESSFUNC_CONTINUE) { if(result) @@ -631,3 +619,19 @@ int Curl_pgrsUpdate(struct Curl_easy *data) return 0; } + +int Curl_pgrsUpdate(struct Curl_easy *data) +{ + struct curltime now = Curl_now(); /* what time is it */ + bool showprogress = progress_calc(data, now); + return pgrsupdate(data, showprogress); +} + +/* + * Update all progress, do not do progress meter/callbacks. + */ +void Curl_pgrsUpdate_nometer(struct Curl_easy *data) +{ + struct curltime now = Curl_now(); /* what time is it */ + (void)progress_calc(data, now); +} diff --git a/vendor/hydra/vendor/curl/lib/progress.h b/vendor/hydra/vendor/curl/lib/progress.h index 73749419..04a8f5bc 100644 --- a/vendor/hydra/vendor/curl/lib/progress.h +++ b/vendor/hydra/vendor/curl/lib/progress.h @@ -54,12 +54,12 @@ CURLcode Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size); void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size); void Curl_ratelimit(struct Curl_easy *data, struct curltime now); int Curl_pgrsUpdate(struct Curl_easy *data); +void Curl_pgrsUpdate_nometer(struct Curl_easy *data); + void Curl_pgrsResetTransferSizes(struct Curl_easy *data); struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer); -timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, - curl_off_t startsize, - curl_off_t limit, - struct curltime start, +timediff_t Curl_pgrsLimitWaitTime(struct pgrs_dir *d, + curl_off_t speed_limit, struct curltime now); /** * Update progress timer with the elapsed time from its start to `timestamp`. diff --git a/vendor/hydra/vendor/curl/lib/rand.c b/vendor/hydra/vendor/curl/lib/rand.c index c62b1a40..63aebdc8 100644 --- a/vendor/hydra/vendor/curl/lib/rand.c +++ b/vendor/hydra/vendor/curl/lib/rand.c @@ -48,7 +48,8 @@ #ifdef _WIN32 -#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 && \ + !defined(CURL_WINDOWS_APP) # define HAVE_WIN_BCRYPTGENRANDOM # include # ifdef _MSC_VER @@ -99,86 +100,91 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) } #endif -static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) +#if !defined(USE_SSL) +/* ---- possibly non-cryptographic version following ---- */ +static CURLcode weak_random(struct Curl_easy *data, + unsigned char *entropy, + size_t length) /* always 4, size of int */ { - CURLcode result = CURLE_OK; - static unsigned int randseed; - static bool seeded = FALSE; - -#ifdef CURLDEBUG - char *force_entropy = getenv("CURL_ENTROPY"); - if(force_entropy) { - if(!seeded) { - unsigned int seed = 0; - size_t elen = strlen(force_entropy); - size_t clen = sizeof(seed); - size_t min = elen < clen ? elen : clen; - memcpy((char *)&seed, force_entropy, min); - randseed = ntohl(seed); - seeded = TRUE; - } - else - randseed++; - *rnd = randseed; - return CURLE_OK; - } -#endif - - /* data may be NULL! */ - result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd)); - if(result != CURLE_NOT_BUILT_IN) - /* only if there is no random function in the TLS backend do the non crypto - version, otherwise return result */ - return result; - - /* ---- non-cryptographic version following ---- */ + unsigned int r; + DEBUGASSERT(length == sizeof(int)); + /* Trying cryptographically secure functions first */ #ifdef _WIN32 - if(!seeded) { - result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); + (void)data; + { + CURLcode result = Curl_win32_random(entropy, length); if(result != CURLE_NOT_BUILT_IN) return result; } #endif -#if defined(HAVE_ARC4RANDOM) && !defined(USE_OPENSSL) - if(!seeded) { - *rnd = (unsigned int)arc4random(); - return CURLE_OK; +#if defined(HAVE_ARC4RANDOM) + (void)data; + r = (unsigned int)arc4random(); + memcpy(entropy, &r, length); +#else + infof(data, "WARNING: using weak random seed"); + { + static unsigned int randseed; + static bool seeded = FALSE; + unsigned int rnd; + if(!seeded) { + struct curltime now = Curl_now(); + randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; + randseed = randseed * 1103515245 + 12345; + randseed = randseed * 1103515245 + 12345; + randseed = randseed * 1103515245 + 12345; + seeded = TRUE; + } + + /* Return an unsigned 32-bit pseudo-random number. */ + r = randseed = randseed * 1103515245 + 12345; + rnd = (r << 16) | ((r >> 16) & 0xFFFF); + memcpy(entropy, &rnd, length); } +#endif + return CURLE_OK; +} +#endif + +#ifdef USE_SSL +#define _random(x,y,z) Curl_ssl_random(x,y,z) +#else +#define _random(x,y,z) weak_random(x,y,z) #endif -#if defined(RANDOM_FILE) && !defined(_WIN32) - if(!seeded) { - /* if there's a random file to read a seed from, use it */ - int fd = open(RANDOM_FILE, O_RDONLY); - if(fd > -1) { - /* read random data into the randseed variable */ - ssize_t nread = read(fd, &randseed, sizeof(randseed)); - if(nread == sizeof(randseed)) +static CURLcode randit(struct Curl_easy *data, unsigned int *rnd, + bool env_override) +{ +#ifdef DEBUGBUILD + if(env_override) { + char *force_entropy = getenv("CURL_ENTROPY"); + if(force_entropy) { + static unsigned int randseed; + static bool seeded = FALSE; + + if(!seeded) { + unsigned int seed = 0; + size_t elen = strlen(force_entropy); + size_t clen = sizeof(seed); + size_t min = elen < clen ? elen : clen; + memcpy((char *)&seed, force_entropy, min); + randseed = ntohl(seed); seeded = TRUE; - close(fd); + } + else + randseed++; + *rnd = randseed; + return CURLE_OK; } } +#else + (void)env_override; #endif - if(!seeded) { - struct curltime now = Curl_now(); - infof(data, "WARNING: using weak random seed"); - randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; - randseed = randseed * 1103515245 + 12345; - randseed = randseed * 1103515245 + 12345; - randseed = randseed * 1103515245 + 12345; - seeded = TRUE; - } - - { - unsigned int r; - /* Return an unsigned 32-bit pseudo-random number. */ - r = randseed = randseed * 1103515245 + 12345; - *rnd = (r << 16) | ((r >> 16) & 0xFFFF); - } - return CURLE_OK; + /* data may be NULL! */ + return _random(data, (unsigned char *)rnd, sizeof(*rnd)); } /* @@ -186,7 +192,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * 'rnd' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a - * proper random API (rustls or mbedTLS), this function will use "weak" + * proper random API (Rustls or mbedTLS), this function will use "weak" * random. * * When built *with* TLS support and a backend that offers strong random, it @@ -197,9 +203,16 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * */ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool env_override, +#endif + unsigned char *rnd, size_t num) { CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; +#ifndef DEBUGBUILD + const bool env_override = FALSE; +#endif DEBUGASSERT(num); @@ -207,7 +220,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) unsigned int r; size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int); - result = randit(data, &r); + result = randit(data, &r, env_override); if(result) return result; @@ -269,7 +282,7 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, size_t num) { CURLcode result = CURLE_OK; - const int alnumspace = sizeof(alnum) - 1; + const unsigned int alnumspace = sizeof(alnum) - 1; unsigned int r; DEBUGASSERT(num > 1); @@ -277,12 +290,12 @@ CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, while(num) { do { - result = randit(data, &r); + result = randit(data, &r, TRUE); if(result) return result; } while(r >= (UINT_MAX - UINT_MAX % alnumspace)); - *rnd++ = alnum[r % alnumspace]; + *rnd++ = (unsigned char)alnum[r % alnumspace]; num--; } *rnd = 0; diff --git a/vendor/hydra/vendor/curl/lib/rand.h b/vendor/hydra/vendor/curl/lib/rand.h index bc05239e..2ba60e72 100644 --- a/vendor/hydra/vendor/curl/lib/rand.h +++ b/vendor/hydra/vendor/curl/lib/rand.h @@ -24,7 +24,17 @@ * ***************************************************************************/ -CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num); +CURLcode Curl_rand_bytes(struct Curl_easy *data, +#ifdef DEBUGBUILD + bool allow_env_override, +#endif + unsigned char *rnd, size_t num); + +#ifdef DEBUGBUILD +#define Curl_rand(a,b,c) Curl_rand_bytes((a), TRUE, (b), (c)) +#else +#define Curl_rand(a,b,c) Curl_rand_bytes((a), (b), (c)) +#endif /* * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random diff --git a/vendor/hydra/vendor/curl/lib/rename.c b/vendor/hydra/vendor/curl/lib/rename.c index 4c886980..8715a430 100644 --- a/vendor/hydra/vendor/curl/lib/rename.c +++ b/vendor/hydra/vendor/curl/lib/rename.c @@ -41,7 +41,7 @@ int Curl_rename(const char *oldpath, const char *newpath) { #ifdef _WIN32 - /* rename() on Windows doesn't overwrite, so we can't use it here. + /* rename() on Windows does not overwrite, so we cannot use it here. MoveFileEx() will overwrite and is usually atomic, however it fails when there are open handles to the file. */ const int max_wait_ms = 1000; diff --git a/vendor/hydra/vendor/curl/lib/request.c b/vendor/hydra/vendor/curl/lib/request.c index 26741fa6..1ddbdc9d 100644 --- a/vendor/hydra/vendor/curl/lib/request.c +++ b/vendor/hydra/vendor/curl/lib/request.c @@ -52,8 +52,13 @@ CURLcode Curl_req_soft_reset(struct SingleRequest *req, req->done = FALSE; req->upload_done = FALSE; + req->upload_aborted = FALSE; req->download_done = FALSE; + req->eos_written = FALSE; + req->eos_read = FALSE; + req->eos_sent = FALSE; req->ignorebody = FALSE; + req->shutdown = FALSE; req->bytecount = 0; req->writebytecount = 0; req->header = TRUE; /* assume header */ @@ -99,6 +104,9 @@ CURLcode Curl_req_done(struct SingleRequest *req, if(!aborted) (void)req_flush(data); Curl_client_reset(data); +#ifndef CURL_DISABLE_DOH + Curl_doh_close(data); +#endif return CURLE_OK; } @@ -108,17 +116,14 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) /* This is a bit ugly. `req->p` is a union and we assume we can * free this safely without leaks. */ - Curl_safefree(req->p.http); + Curl_safefree(req->p.ftp); Curl_safefree(req->newurl); Curl_client_reset(data); if(req->sendbuf_init) Curl_bufq_reset(&req->sendbuf); #ifndef CURL_DISABLE_DOH - if(req->doh) { - Curl_close(&req->doh->probe[0].easy); - Curl_close(&req->doh->probe[1].easy); - } + Curl_doh_close(data); #endif /* Can no longer memset() this struct as we need to keep some state */ req->size = -1; @@ -135,7 +140,6 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->keepon = 0; req->upgr101 = UPGR101_INIT; req->timeofdoc = 0; - req->bodywrites = 0; req->location = NULL; req->newurl = NULL; #ifndef CURL_DISABLE_COOKIES @@ -146,6 +150,7 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->download_done = FALSE; req->eos_written = FALSE; req->eos_read = FALSE; + req->eos_sent = FALSE; req->upload_done = FALSE; req->upload_aborted = FALSE; req->ignorebody = FALSE; @@ -156,27 +161,24 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->getheader = FALSE; req->no_body = data->set.opt_no_body; req->authneg = FALSE; + req->shutdown = FALSE; +#ifdef USE_HYPER + req->bodywritten = FALSE; +#endif } void Curl_req_free(struct SingleRequest *req, struct Curl_easy *data) { /* This is a bit ugly. `req->p` is a union and we assume we can * free this safely without leaks. */ - Curl_safefree(req->p.http); + Curl_safefree(req->p.ftp); Curl_safefree(req->newurl); if(req->sendbuf_init) Curl_bufq_free(&req->sendbuf); Curl_client_cleanup(data); #ifndef CURL_DISABLE_DOH - if(req->doh) { - Curl_close(&req->doh->probe[0].easy); - Curl_close(&req->doh->probe[1].easy); - Curl_dyn_free(&req->doh->probe[0].serverdoh); - Curl_dyn_free(&req->doh->probe[1].serverdoh); - curl_slist_free_all(req->doh->headers); - Curl_safefree(req->doh); - } + Curl_doh_cleanup(data); #endif } @@ -185,22 +187,24 @@ static CURLcode xfer_send(struct Curl_easy *data, size_t hds_len, size_t *pnwritten) { CURLcode result = CURLE_OK; + bool eos = FALSE; *pnwritten = 0; -#ifdef CURLDEBUG + DEBUGASSERT(hds_len <= blen); +#ifdef DEBUGBUILD { /* Allow debug builds to override this logic to force short initial - sends - */ + sends */ + size_t body_len = blen - hds_len; char *p = getenv("CURL_SMALLREQSEND"); if(p) { - size_t altsize = (size_t)strtoul(p, NULL, 10); - if(altsize && altsize < blen) - blen = altsize; + size_t body_small = (size_t)strtoul(p, NULL, 10); + if(body_small && body_small < body_len) + blen = hds_len + body_small; } } #endif - /* Make sure this doesn't send more body bytes than what the max send + /* Make sure this does not send more body bytes than what the max send speed says. The headers do not count to the max speed. */ if(data->set.max_send_speed) { size_t body_bytes = blen - hds_len; @@ -208,16 +212,26 @@ static CURLcode xfer_send(struct Curl_easy *data, blen = hds_len + (size_t)data->set.max_send_speed; } - result = Curl_xfer_send(data, buf, blen, pnwritten); - if(!result && *pnwritten) { - if(hds_len) - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, - CURLMIN(hds_len, *pnwritten)); - if(*pnwritten > hds_len) { - size_t body_len = *pnwritten - hds_len; - Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); - data->req.writebytecount += body_len; - Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + if(data->req.eos_read && + (Curl_bufq_is_empty(&data->req.sendbuf) || + Curl_bufq_len(&data->req.sendbuf) == blen)) { + DEBUGF(infof(data, "sending last upload chunk of %zu bytes", blen)); + eos = TRUE; + } + result = Curl_xfer_send(data, buf, blen, eos, pnwritten); + if(!result) { + if(eos && (blen == *pnwritten)) + data->req.eos_sent = TRUE; + if(*pnwritten) { + if(hds_len) + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, + CURLMIN(hds_len, *pnwritten)); + if(*pnwritten > hds_len) { + size_t body_len = *pnwritten - hds_len; + Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); + data->req.writebytecount += body_len; + Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + } } } return result; @@ -247,28 +261,32 @@ static CURLcode req_send_buffer_flush(struct Curl_easy *data) return result; } -static CURLcode req_set_upload_done(struct Curl_easy *data) +CURLcode Curl_req_set_upload_done(struct Curl_easy *data) { DEBUGASSERT(!data->req.upload_done); data->req.upload_done = TRUE; - data->req.keepon &= ~(KEEP_SEND|KEEP_SEND_TIMED); /* we're done sending */ + data->req.keepon &= ~(KEEP_SEND|KEEP_SEND_TIMED); /* we are done sending */ + Curl_pgrsTime(data, TIMER_POSTRANSFER); Curl_creader_done(data, data->req.upload_aborted); if(data->req.upload_aborted) { + Curl_bufq_reset(&data->req.sendbuf); if(data->req.writebytecount) - infof(data, "abort upload after having sent %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.writebytecount); + infof(data, "abort upload after having sent %" FMT_OFF_T " bytes", + data->req.writebytecount); else infof(data, "abort upload"); } else if(data->req.writebytecount) - infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T - " bytes", data->req.writebytecount); - else if(!data->req.download_done) + infof(data, "upload completely sent off: %" FMT_OFF_T " bytes", + data->req.writebytecount); + else if(!data->req.download_done) { + DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); infof(data, Curl_creader_total_length(data)? "We are completely uploaded and fine" : "Request completely sent off"); + } return Curl_xfer_send_close(data); } @@ -285,13 +303,36 @@ static CURLcode req_flush(struct Curl_easy *data) if(result) return result; if(!Curl_bufq_is_empty(&data->req.sendbuf)) { + DEBUGF(infof(data, "Curl_req_flush(len=%zu) -> EAGAIN", + Curl_bufq_len(&data->req.sendbuf))); return CURLE_AGAIN; } } + else if(Curl_xfer_needs_flush(data)) { + DEBUGF(infof(data, "Curl_req_flush(), xfer send_pending")); + return Curl_xfer_flush(data); + } - if(!data->req.upload_done && data->req.eos_read && - Curl_bufq_is_empty(&data->req.sendbuf)) { - return req_set_upload_done(data); + if(data->req.eos_read && !data->req.eos_sent) { + char tmp; + size_t nwritten; + result = xfer_send(data, &tmp, 0, 0, &nwritten); + if(result) + return result; + DEBUGASSERT(data->req.eos_sent); + } + + if(!data->req.upload_done && data->req.eos_read && data->req.eos_sent) { + DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); + if(data->req.shutdown) { + bool done; + result = Curl_xfer_send_shutdown(data, &done); + if(result) + return result; + if(!done) + return CURLE_AGAIN; + } + return Curl_req_set_upload_done(data); } return CURLE_OK; } @@ -365,18 +406,26 @@ CURLcode Curl_req_send(struct Curl_easy *data, struct dynbuf *req) } #endif /* !USE_HYPER */ +bool Curl_req_sendbuf_empty(struct Curl_easy *data) +{ + return !data->req.sendbuf_init || Curl_bufq_is_empty(&data->req.sendbuf); +} + bool Curl_req_want_send(struct Curl_easy *data) { - return data->req.sendbuf_init && !Curl_bufq_is_empty(&data->req.sendbuf); + /* Not done and + * - KEEP_SEND and not PAUSEd. + * - or request has buffered data to send + * - or transfer connection has pending data to send */ + return !data->req.done && + (((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) || + !Curl_req_sendbuf_empty(data) || + Curl_xfer_needs_flush(data)); } bool Curl_req_done_sending(struct Curl_easy *data) { - if(data->req.upload_done) { - DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); - return TRUE; - } - return FALSE; + return data->req.upload_done && !Curl_req_want_send(data); } CURLcode Curl_req_send_more(struct Curl_easy *data) @@ -384,7 +433,10 @@ CURLcode Curl_req_send_more(struct Curl_easy *data) CURLcode result; /* Fill our send buffer if more from client can be read. */ - if(!data->req.eos_read && !Curl_bufq_is_full(&data->req.sendbuf)) { + if(!data->req.upload_aborted && + !data->req.eos_read && + !(data->req.keepon & KEEP_SEND_PAUSE) && + !Curl_bufq_is_full(&data->req.sendbuf)) { ssize_t nread = Curl_bufq_sipn(&data->req.sendbuf, 0, add_from_client, data, &result); if(nread < 0 && result != CURLE_AGAIN) @@ -403,7 +455,18 @@ CURLcode Curl_req_abort_sending(struct Curl_easy *data) if(!data->req.upload_done) { Curl_bufq_reset(&data->req.sendbuf); data->req.upload_aborted = TRUE; - return req_set_upload_done(data); + /* no longer KEEP_SEND and KEEP_SEND_PAUSE */ + data->req.keepon &= ~KEEP_SENDBITS; + return Curl_req_set_upload_done(data); } return CURLE_OK; } + +CURLcode Curl_req_stop_send_recv(struct Curl_easy *data) +{ + /* stop receiving and ALL sending as well, including PAUSE and HOLD. + * We might still be paused on receive client writes though, so + * keep those bits around. */ + data->req.keepon &= ~(KEEP_RECV|KEEP_SENDBITS); + return Curl_req_abort_sending(data); +} diff --git a/vendor/hydra/vendor/curl/lib/request.h b/vendor/hydra/vendor/curl/lib/request.h index f9be6f29..c53c3eb5 100644 --- a/vendor/hydra/vendor/curl/lib/request.h +++ b/vendor/hydra/vendor/curl/lib/request.h @@ -32,6 +32,9 @@ /* forward declarations */ struct UserDefined; +#ifndef CURL_DISABLE_DOH +struct doh_probes; +#endif enum expect100 { EXP100_SEND_DATA, /* enough waiting, just send the body now */ @@ -51,10 +54,10 @@ enum upgrade101 { /* - * Request specific data in the easy handle (Curl_easy). Previously, + * Request specific data in the easy handle (Curl_easy). Previously, * these members were on the connectdata struct but since a conn struct may * now be shared between different Curl_easys, we store connection-specific - * data here. This struct only keeps stuff that's interesting for *this* + * data here. This struct only keeps stuff that is interesting for *this* * request, as it will be cleared between multiple ones */ struct SingleRequest { @@ -68,7 +71,7 @@ struct SingleRequest { unsigned int headerbytecount; /* received server headers (not CONNECT headers) */ unsigned int allheadercount; /* all received headers (server + CONNECT) */ - unsigned int deductheadercount; /* this amount of bytes doesn't count when + unsigned int deductheadercount; /* this amount of bytes does not count when we check if anything has been transferred at the end of a connection. We use this counter to make only a 100 reply (without @@ -93,7 +96,6 @@ struct SingleRequest { struct bufq sendbuf; /* data which needs to be send to the server */ size_t sendbuf_hds_len; /* amount of header bytes in sendbuf */ time_t timeofdoc; - long bodywrites; char *location; /* This points to an allocated version of the Location: header data */ char *newurl; /* Set to the new URL to use when a redirect or a retry is @@ -104,7 +106,6 @@ struct SingleRequest { union { struct FILEPROTO *file; struct FTP *ftp; - struct HTTP *http; struct IMAP *imap; struct ldapreqinfo *ldap; struct MQTT *mqtt; @@ -116,7 +117,7 @@ struct SingleRequest { struct TELNET *telnet; } p; #ifndef CURL_DISABLE_DOH - struct dohdata *doh; /* DoH specific data for this request */ + struct doh_probes *doh; /* DoH specific data for this request */ #endif #ifndef CURL_DISABLE_COOKIES unsigned char setcookies; @@ -129,6 +130,7 @@ struct SingleRequest { BIT(download_done); /* set to TRUE when download is complete */ BIT(eos_written); /* iff EOS has been written to client */ BIT(eos_read); /* iff EOS has been read from the client */ + BIT(eos_sent); /* iff EOS has been sent to the server */ BIT(rewind_read); /* iff reader needs rewind at next start */ BIT(upload_done); /* set to TRUE when all request data has been sent */ BIT(upload_aborted); /* set to TRUE when upload was aborted. Will also @@ -137,6 +139,7 @@ struct SingleRequest { BIT(http_bodyless); /* HTTP response status code is between 100 and 199, 204 or 304 */ BIT(chunk); /* if set, this is a chunked transfer-encoding */ + BIT(resp_trailer); /* response carried 'Trailer:' header field */ BIT(ignore_cl); /* ignore content-length */ BIT(upload_chunky); /* set TRUE if we are doing chunked transfer-encoding on upload */ @@ -147,6 +150,10 @@ struct SingleRequest { but it is not the final request in the auth negotiation. */ BIT(sendbuf_init); /* sendbuf is initialized */ + BIT(shutdown); /* request end will shutdown connection */ +#ifdef USE_HYPER + BIT(bodywritten); +#endif }; /** @@ -218,10 +225,26 @@ CURLcode Curl_req_send_more(struct Curl_easy *data); */ bool Curl_req_want_send(struct Curl_easy *data); +/** + * TRUE iff the request has no buffered bytes yet to send. + */ +bool Curl_req_sendbuf_empty(struct Curl_easy *data); + /** * Stop sending any more request data to the server. * Will clear the send buffer and mark request sending as done. */ CURLcode Curl_req_abort_sending(struct Curl_easy *data); +/** + * Stop sending and receiving any more request data. + * Will abort sending if not done. + */ +CURLcode Curl_req_stop_send_recv(struct Curl_easy *data); + +/** + * Invoked when all request data has been uploaded. + */ +CURLcode Curl_req_set_upload_done(struct Curl_easy *data); + #endif /* HEADER_CURL_REQUEST_H */ diff --git a/vendor/hydra/vendor/curl/lib/rtsp.c b/vendor/hydra/vendor/curl/lib/rtsp.c index 1f162daa..c9b1bc0d 100644 --- a/vendor/hydra/vendor/curl/lib/rtsp.c +++ b/vendor/hydra/vendor/curl/lib/rtsp.c @@ -79,7 +79,7 @@ static unsigned int rtsp_conncheck(struct Curl_easy *data, unsigned int checks_to_perform); /* this returns the socket to wait for in the DO and DOING state for the multi - interface and then we're always _sending_ a request and thus we wait for + interface and then we are always _sending_ a request and thus we wait for the single socket to become writable only */ static int rtsp_getsock_do(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *socks) @@ -261,7 +261,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) * Since all RTSP requests are included here, there is no need to * support custom requests like HTTP. **/ - data->req.no_body = TRUE; /* most requests don't contain a body */ + data->req.no_body = TRUE; /* most requests do not contain a body */ switch(rtspreq) { default: failf(data, "Got invalid RTSP request"); @@ -310,13 +310,15 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) } if(rtspreq == RTSPREQ_RECEIVE) { - Curl_xfer_setup(data, FIRSTSOCKET, -1, TRUE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, -1, TRUE); goto out; } p_session_id = data->set.str[STRING_RTSP_SESSION_ID]; if(!p_session_id && - (rtspreq & ~(RTSPREQ_OPTIONS | RTSPREQ_DESCRIBE | RTSPREQ_SETUP))) { + (rtspreq & ~(Curl_RtspReq)(RTSPREQ_OPTIONS | + RTSPREQ_DESCRIBE | + RTSPREQ_SETUP))) { failf(data, "Refusing to issue an RTSP request [%s] without a session ID.", p_request); result = CURLE_BAD_FUNCTION_ARGUMENT; @@ -531,8 +533,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) * actually set a custom Content-Length in the headers */ if(!Curl_checkheaders(data, STRCONST("Content-Length"))) { result = - Curl_dyn_addf(&req_buffer, - "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", + Curl_dyn_addf(&req_buffer, "Content-Length: %" FMT_OFF_T"\r\n", req_clen); if(result) goto out; @@ -576,7 +577,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(result) goto out; - Curl_xfer_setup(data, FIRSTSOCKET, -1, TRUE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SENDRECV, -1, TRUE); /* issue the request */ result = Curl_req_send(data, &req_buffer); @@ -852,7 +853,7 @@ static CURLcode rtsp_rtp_write_resp(struct Curl_easy *data, * In which case we write out the left over bytes, letting the client * writer deal with it (it will report EXCESS and fail the transfer). */ DEBUGF(infof(data, "rtsp_rtp_write_resp(len=%zu, in_header=%d, done=%d " - " rtspc->state=%d, req.size=%" CURL_FORMAT_CURL_OFF_T ")", + " rtspc->state=%d, req.size=%" FMT_OFF_T ")", blen, rtspc->in_header, data->req.done, rtspc->state, data->req.size)); if(!result && (is_eos || blen)) { @@ -950,7 +951,7 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, const char *header) /* Find the end of Session ID * * Allow any non whitespace content, up to the field separator or end of - * line. RFC 2326 isn't 100% clear on the session ID and for example + * line. RFC 2326 is not 100% clear on the session ID and for example * gstreamer does url-encoded session ID's not covered by the standard. */ end = start; diff --git a/vendor/hydra/vendor/curl/lib/rtsp.h b/vendor/hydra/vendor/curl/lib/rtsp.h index b1ffa5c7..41b09503 100644 --- a/vendor/hydra/vendor/curl/lib/rtsp.h +++ b/vendor/hydra/vendor/curl/lib/rtsp.h @@ -62,16 +62,6 @@ struct rtsp_conn { * RTSP unique setup ***************************************************************************/ struct RTSP { - /* - * http_wrapper MUST be the first element of this structure for the wrap - * logic to work. In this way, we get a cheap polymorphism because - * &(data->state.proto.rtsp) == &(data->state.proto.http) per the C spec - * - * HTTP functions can safely treat this as an HTTP struct, but RTSP aware - * functions can also index into the later elements. - */ - struct HTTP http_wrapper; /* wrap HTTP to do the heavy lifting */ - long CSeq_sent; /* CSeq of this request */ long CSeq_recv; /* CSeq received */ }; diff --git a/vendor/hydra/vendor/curl/lib/select.c b/vendor/hydra/vendor/curl/lib/select.c index d92e745a..dae736b0 100644 --- a/vendor/hydra/vendor/curl/lib/select.c +++ b/vendor/hydra/vendor/curl/lib/select.c @@ -33,7 +33,7 @@ #endif #if !defined(HAVE_SELECT) && !defined(HAVE_POLL_FINE) -#error "We can't compile without select() or poll() support." +#error "We cannot compile without select() or poll() support." #endif #ifdef MSDOS @@ -47,12 +47,16 @@ #include "select.h" #include "timediff.h" #include "warnless.h" +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" /* * Internal function used for waiting a specific amount of ms * in Curl_socket_check() and Curl_poll() when no file descriptor * is provided to wait on, just being used to delay execution. - * WinSock select() and poll() timeout mechanisms need a valid + * Winsock select() and poll() timeout mechanisms need a valid * socket descriptor in a not null file descriptor set to work. * Waiting indefinitely with this function is not allowed, a * zero or negative timeout value will return immediately. @@ -81,7 +85,7 @@ int Curl_wait_ms(timediff_t timeout_ms) #if TIMEDIFF_T_MAX >= ULONG_MAX if(timeout_ms >= ULONG_MAX) timeout_ms = ULONG_MAX-1; - /* don't use ULONG_MAX, because that is equal to INFINITE */ + /* do not use ULONG_MAX, because that is equal to INFINITE */ #endif Sleep((ULONG)timeout_ms); #else @@ -131,7 +135,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ struct timeval *ptimeout; #ifdef USE_WINSOCK - /* WinSock select() can't handle zero events. See the comment below. */ + /* Winsock select() cannot handle zero events. See the comment below. */ if((!fds_read || fds_read->fd_count == 0) && (!fds_write || fds_write->fd_count == 0) && (!fds_err || fds_err->fd_count == 0)) { @@ -143,16 +147,16 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ ptimeout = curlx_mstotv(&pending_tv, timeout_ms); #ifdef USE_WINSOCK - /* WinSock select() must not be called with an fd_set that contains zero - fd flags, or it will return WSAEINVAL. But, it also can't be called + /* Winsock select() must not be called with an fd_set that contains zero + fd flags, or it will return WSAEINVAL. But, it also cannot be called with no fd_sets at all! From the documentation: Any two of the parameters, readfds, writefds, or exceptfds, can be given as null. At least one must be non-null, and any non-null descriptor set must contain at least one handle to a socket. - It is unclear why WinSock doesn't just handle this for us instead of - calling this an error. Luckily, with WinSock, we can _also_ ask how + It is unclear why Winsock does not just handle this for us instead of + calling this an error. Luckily, with Winsock, we can _also_ ask how many bits are set on an fd_set. So, let's just check it beforehand. */ return select((int)maxfd + 1, @@ -169,7 +173,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ /* * Wait for read or write events on a set of file descriptors. It uses poll() * when a fine poll() is available, in order to avoid limits with FD_SETSIZE, - * otherwise select() is used. An error is returned if select() is being used + * otherwise select() is used. An error is returned if select() is being used * and a file descriptor is too large for FD_SETSIZE. * * A negative timeout value makes this function wait indefinitely, @@ -226,7 +230,7 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ num++; } - r = Curl_poll(pfd, num, timeout_ms); + r = Curl_poll(pfd, (unsigned int)num, timeout_ms); if(r <= 0) return r; @@ -257,8 +261,8 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */ } /* - * This is a wrapper around poll(). If poll() does not exist, then - * select() is used instead. An error is returned if select() is + * This is a wrapper around poll(). If poll() does not exist, then + * select() is used instead. An error is returned if select() is * being used and a file descriptor is too large for FD_SETSIZE. * A negative timeout value makes this function wait indefinitely, * unless no valid file descriptor is given, when this happens the @@ -357,8 +361,8 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) } /* - Note also that WinSock ignores the first argument, so we don't worry - about the fact that maxfd is computed incorrectly with WinSock (since + Note also that Winsock ignores the first argument, so we do not worry + about the fact that maxfd is computed incorrectly with Winsock (since curl_socket_t is unsigned in such cases and thus -1 is the largest value). */ @@ -401,3 +405,147 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) return r; } + +void Curl_pollfds_init(struct curl_pollfds *cpfds, + struct pollfd *static_pfds, + unsigned int static_count) +{ + DEBUGASSERT(cpfds); + memset(cpfds, 0, sizeof(*cpfds)); + if(static_pfds && static_count) { + cpfds->pfds = static_pfds; + cpfds->count = static_count; + } +} + +void Curl_pollfds_cleanup(struct curl_pollfds *cpfds) +{ + DEBUGASSERT(cpfds); + if(cpfds->allocated_pfds) { + free(cpfds->pfds); + } + memset(cpfds, 0, sizeof(*cpfds)); +} + +static CURLcode cpfds_increase(struct curl_pollfds *cpfds, unsigned int inc) +{ + struct pollfd *new_fds; + unsigned int new_count = cpfds->count + inc; + + new_fds = calloc(new_count, sizeof(struct pollfd)); + if(!new_fds) + return CURLE_OUT_OF_MEMORY; + + memcpy(new_fds, cpfds->pfds, cpfds->count * sizeof(struct pollfd)); + if(cpfds->allocated_pfds) + free(cpfds->pfds); + cpfds->pfds = new_fds; + cpfds->count = new_count; + cpfds->allocated_pfds = TRUE; + return CURLE_OK; +} + +static CURLcode cpfds_add_sock(struct curl_pollfds *cpfds, + curl_socket_t sock, short events, bool fold) +{ + int i; + + if(fold && cpfds->n <= INT_MAX) { + for(i = (int)cpfds->n - 1; i >= 0; --i) { + if(sock == cpfds->pfds[i].fd) { + cpfds->pfds[i].events |= events; + return CURLE_OK; + } + } + } + /* not folded, add new entry */ + if(cpfds->n >= cpfds->count) { + if(cpfds_increase(cpfds, 100)) + return CURLE_OUT_OF_MEMORY; + } + cpfds->pfds[cpfds->n].fd = sock; + cpfds->pfds[cpfds->n].events = events; + ++cpfds->n; + return CURLE_OK; +} + +CURLcode Curl_pollfds_add_sock(struct curl_pollfds *cpfds, + curl_socket_t sock, short events) +{ + return cpfds_add_sock(cpfds, sock, events, FALSE); +} + +CURLcode Curl_pollfds_add_ps(struct curl_pollfds *cpfds, + struct easy_pollset *ps) +{ + size_t i; + + DEBUGASSERT(cpfds); + DEBUGASSERT(ps); + for(i = 0; i < ps->num; i++) { + short events = 0; + if(ps->actions[i] & CURL_POLL_IN) + events |= POLLIN; + if(ps->actions[i] & CURL_POLL_OUT) + events |= POLLOUT; + if(events) { + if(cpfds_add_sock(cpfds, ps->sockets[i], events, TRUE)) + return CURLE_OUT_OF_MEMORY; + } + } + return CURLE_OK; +} + +void Curl_waitfds_init(struct curl_waitfds *cwfds, + struct curl_waitfd *static_wfds, + unsigned int static_count) +{ + DEBUGASSERT(cwfds); + DEBUGASSERT(static_wfds); + memset(cwfds, 0, sizeof(*cwfds)); + cwfds->wfds = static_wfds; + cwfds->count = static_count; +} + +static CURLcode cwfds_add_sock(struct curl_waitfds *cwfds, + curl_socket_t sock, short events) +{ + int i; + + if(cwfds->n <= INT_MAX) { + for(i = (int)cwfds->n - 1; i >= 0; --i) { + if(sock == cwfds->wfds[i].fd) { + cwfds->wfds[i].events |= events; + return CURLE_OK; + } + } + } + /* not folded, add new entry */ + if(cwfds->n >= cwfds->count) + return CURLE_OUT_OF_MEMORY; + cwfds->wfds[cwfds->n].fd = sock; + cwfds->wfds[cwfds->n].events = events; + ++cwfds->n; + return CURLE_OK; +} + +CURLcode Curl_waitfds_add_ps(struct curl_waitfds *cwfds, + struct easy_pollset *ps) +{ + size_t i; + + DEBUGASSERT(cwfds); + DEBUGASSERT(ps); + for(i = 0; i < ps->num; i++) { + short events = 0; + if(ps->actions[i] & CURL_POLL_IN) + events |= CURL_WAIT_POLLIN; + if(ps->actions[i] & CURL_POLL_OUT) + events |= CURL_WAIT_POLLOUT; + if(events) { + if(cwfds_add_sock(cwfds, ps->sockets[i], events)) + return CURLE_OUT_OF_MEMORY; + } + } + return CURLE_OK; +} diff --git a/vendor/hydra/vendor/curl/lib/select.h b/vendor/hydra/vendor/curl/lib/select.h index 5b1ca23e..f01acbde 100644 --- a/vendor/hydra/vendor/curl/lib/select.h +++ b/vendor/hydra/vendor/curl/lib/select.h @@ -111,4 +111,37 @@ int Curl_wait_ms(timediff_t timeout_ms); } while(0) #endif +struct curl_pollfds { + struct pollfd *pfds; + unsigned int n; + unsigned int count; + BIT(allocated_pfds); +}; + +void Curl_pollfds_init(struct curl_pollfds *cpfds, + struct pollfd *static_pfds, + unsigned int static_count); + +void Curl_pollfds_cleanup(struct curl_pollfds *cpfds); + +CURLcode Curl_pollfds_add_ps(struct curl_pollfds *cpfds, + struct easy_pollset *ps); + +CURLcode Curl_pollfds_add_sock(struct curl_pollfds *cpfds, + curl_socket_t sock, short events); + +struct curl_waitfds { + struct curl_waitfd *wfds; + unsigned int n; + unsigned int count; +}; + +void Curl_waitfds_init(struct curl_waitfds *cwfds, + struct curl_waitfd *static_wfds, + unsigned int static_count); + +CURLcode Curl_waitfds_add_ps(struct curl_waitfds *cwfds, + struct easy_pollset *ps); + + #endif /* HEADER_CURL_SELECT_H */ diff --git a/vendor/hydra/vendor/curl/lib/sendf.c b/vendor/hydra/vendor/curl/lib/sendf.c index 68a8bf3b..6f566622 100644 --- a/vendor/hydra/vendor/curl/lib/sendf.c +++ b/vendor/hydra/vendor/curl/lib/sendf.c @@ -289,6 +289,13 @@ static CURLcode cw_download_write(struct Curl_easy *data, if(nwrite == wmax) { data->req.download_done = TRUE; } + + if((type & CLIENTWRITE_EOS) && !data->req.no_body && + (data->req.maxdownload > data->req.bytecount)) { + failf(data, "end of response with %" FMT_OFF_T " bytes missing", + data->req.maxdownload - data->req.bytecount); + return CURLE_PARTIAL_FILE; + } } /* Error on too large filesize is handled below, after writing @@ -309,7 +316,9 @@ static CURLcode cw_download_write(struct Curl_easy *data, } /* Update stats, write and report progress */ data->req.bytecount += nwrite; - ++data->req.bodywrites; +#ifdef USE_HYPER + data->req.bodywritten = TRUE; +#endif result = Curl_pgrsSetDownloadCounter(data, data->req.bytecount); if(result) return result; @@ -319,18 +328,17 @@ static CURLcode cw_download_write(struct Curl_easy *data, infof(data, "Excess found writing body:" " excess = %zu" - ", size = %" CURL_FORMAT_CURL_OFF_T - ", maxdownload = %" CURL_FORMAT_CURL_OFF_T - ", bytecount = %" CURL_FORMAT_CURL_OFF_T, + ", size = %" FMT_OFF_T + ", maxdownload = %" FMT_OFF_T + ", bytecount = %" FMT_OFF_T, excess_len, data->req.size, data->req.maxdownload, data->req.bytecount); connclose(data->conn, "excess found in a read"); } } - else if(nwrite < nbytes) { + else if((nwrite < nbytes) && !data->req.ignorebody) { failf(data, "Exceeded the maximum allowed file size " - "(%" CURL_FORMAT_CURL_OFF_T ") with %" - CURL_FORMAT_CURL_OFF_T " bytes", + "(%" FMT_OFF_T ") with %" FMT_OFF_T " bytes", data->set.max_filesize, data->req.bytecount); return CURLE_FILESIZE_EXCEEDED; } @@ -597,6 +605,14 @@ CURLcode Curl_creader_def_unpause(struct Curl_easy *data, return CURLE_OK; } +bool Curl_creader_def_is_paused(struct Curl_easy *data, + struct Curl_creader *reader) +{ + (void)data; + (void)reader; + return FALSE; +} + void Curl_creader_def_done(struct Curl_easy *data, struct Curl_creader *reader, int premature) { @@ -615,6 +631,7 @@ struct cr_in_ctx { BIT(seen_eos); BIT(errored); BIT(has_used_cb); + BIT(is_paused); }; static CURLcode cr_in_init(struct Curl_easy *data, struct Curl_creader *reader) @@ -637,6 +654,8 @@ static CURLcode cr_in_read(struct Curl_easy *data, struct cr_in_ctx *ctx = reader->ctx; size_t nread; + ctx->is_paused = FALSE; + /* Once we have errored, we will return the same error forever */ if(ctx->errored) { *pnread = 0; @@ -668,8 +687,8 @@ static CURLcode cr_in_read(struct Curl_easy *data, case 0: if((ctx->total_len >= 0) && (ctx->read_len < ctx->total_len)) { failf(data, "client read function EOF fail, " - "only %"CURL_FORMAT_CURL_OFF_T"/%"CURL_FORMAT_CURL_OFF_T - " of needed bytes read", ctx->read_len, ctx->total_len); + "only %"FMT_OFF_T"/%"FMT_OFF_T " of needed bytes read", + ctx->read_len, ctx->total_len); return CURLE_READ_ERROR; } *pnread = 0; @@ -688,12 +707,14 @@ static CURLcode cr_in_read(struct Curl_easy *data, case CURL_READFUNC_PAUSE: if(data->conn->handler->flags & PROTOPT_NONETWORK) { /* protocols that work without network cannot be paused. This is - actually only FILE:// just now, and it can't pause since the transfer - isn't done using the "normal" procedure. */ + actually only FILE:// just now, and it cannot pause since the transfer + is not done using the "normal" procedure. */ failf(data, "Read callback asked for PAUSE when not supported"); return CURLE_READ_ERROR; } /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */ + CURL_TRC_READ(data, "cr_in_read, callback returned CURL_READFUNC_PAUSE"); + ctx->is_paused = TRUE; data->req.keepon |= KEEP_SEND_PAUSE; /* mark socket send as paused */ *pnread = 0; *peos = FALSE; @@ -716,8 +737,8 @@ static CURLcode cr_in_read(struct Curl_easy *data, *peos = ctx->seen_eos; break; } - CURL_TRC_READ(data, "cr_in_read(len=%zu, total=%"CURL_FORMAT_CURL_OFF_T - ", read=%"CURL_FORMAT_CURL_OFF_T") -> %d, nread=%zu, eos=%d", + CURL_TRC_READ(data, "cr_in_read(len=%zu, total=%"FMT_OFF_T + ", read=%"FMT_OFF_T") -> %d, nread=%zu, eos=%d", blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos); return CURLE_OK; @@ -764,7 +785,7 @@ static CURLcode cr_in_resume_from(struct Curl_easy *data, failf(data, "Could not seek stream"); return CURLE_READ_ERROR; } - /* when seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + /* when seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { char scratch[4*1024]; size_t readthisamountnow = @@ -782,8 +803,8 @@ static CURLcode cr_in_resume_from(struct Curl_easy *data, if((actuallyread == 0) || (actuallyread > readthisamountnow)) { /* this checks for greater-than only to make sure that the CURL_READFUNC_ABORT return code still aborts */ - failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T - " bytes from the input", passed); + failf(data, "Could only read %" FMT_OFF_T " bytes from the input", + passed); return CURLE_READ_ERROR; } } while(passed < offset); @@ -798,7 +819,7 @@ static CURLcode cr_in_resume_from(struct Curl_easy *data, return CURLE_PARTIAL_FILE; } } - /* we've passed, proceed as normal */ + /* we have passed, proceed as normal */ return CURLE_OK; } @@ -850,12 +871,28 @@ static CURLcode cr_in_rewind(struct Curl_easy *data, } /* no callback set or failure above, makes us fail at once */ - failf(data, "necessary data rewind wasn't possible"); + failf(data, "necessary data rewind was not possible"); return CURLE_SEND_FAIL_REWIND; } return CURLE_OK; } +static CURLcode cr_in_unpause(struct Curl_easy *data, + struct Curl_creader *reader) +{ + struct cr_in_ctx *ctx = reader->ctx; + (void)data; + ctx->is_paused = FALSE; + return CURLE_OK; +} + +static bool cr_in_is_paused(struct Curl_easy *data, + struct Curl_creader *reader) +{ + struct cr_in_ctx *ctx = reader->ctx; + (void)data; + return ctx->is_paused; +} static const struct Curl_crtype cr_in = { "cr-in", @@ -866,7 +903,8 @@ static const struct Curl_crtype cr_in = { cr_in_total_length, cr_in_resume_from, cr_in_rewind, - Curl_creader_def_unpause, + cr_in_unpause, + cr_in_is_paused, Curl_creader_def_done, sizeof(struct cr_in_ctx) }; @@ -911,6 +949,7 @@ struct cr_lc_ctx { struct bufq buf; BIT(read_eos); /* we read an EOS from the next reader */ BIT(eos); /* we have returned an EOS */ + BIT(prev_cr); /* the last byte was a CR */ }; static CURLcode cr_lc_init(struct Curl_easy *data, struct Curl_creader *reader) @@ -967,10 +1006,15 @@ static CURLcode cr_lc_read(struct Curl_easy *data, goto out; } - /* at least one \n needs conversion to '\r\n', place into ctx->buf */ + /* at least one \n might need conversion to '\r\n', place into ctx->buf */ for(i = start = 0; i < nread; ++i) { - if(buf[i] != '\n') + /* if this byte is not an LF character, or if the preceding character is + a CR (meaning this already is a CRLF pair), go to next */ + if((buf[i] != '\n') || ctx->prev_cr) { + ctx->prev_cr = (buf[i] == '\r'); continue; + } + ctx->prev_cr = false; /* on a soft limit bufq, we do not need to check length */ result = Curl_bufq_cwrite(&ctx->buf, buf + start, i - start, &n); if(!result) @@ -979,13 +1023,19 @@ static CURLcode cr_lc_read(struct Curl_easy *data, return result; start = i + 1; if(!data->set.crlf && (data->state.infilesize != -1)) { - /* we're here only because FTP is in ASCII mode... + /* we are here only because FTP is in ASCII mode... bump infilesize for the LF we just added */ data->state.infilesize++; /* comment: this might work for FTP, but in HTTP we could not change * the content length after having started the request... */ } } + + if(start < i) { /* leftover */ + result = Curl_bufq_cwrite(&ctx->buf, buf + start, i - start, &n); + if(result) + return result; + } } DEBUGASSERT(!Curl_bufq_is_empty(&ctx->buf)); @@ -1022,6 +1072,7 @@ static const struct Curl_crtype cr_lc = { Curl_creader_def_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct cr_lc_ctx) }; @@ -1057,7 +1108,7 @@ static CURLcode do_init_reader_stack(struct Curl_easy *data, /* if we do not have 0 length init, and crlf conversion is wanted, * add the reader for it */ if(clen && (data->set.crlf -#ifdef CURL_DO_LINEEND_CONV +#ifdef CURL_PREFER_LF_LINEENDS || data->state.prefer_ascii #endif )) { @@ -1084,8 +1135,8 @@ CURLcode Curl_creader_set_fread(struct Curl_easy *data, curl_off_t len) cl_reset_reader(data); result = do_init_reader_stack(data, r); out: - CURL_TRC_READ(data, "add fread reader, len=%"CURL_FORMAT_CURL_OFF_T - " -> %d", len, result); + CURL_TRC_READ(data, "add fread reader, len=%"FMT_OFF_T " -> %d", + len, result); return result; } @@ -1195,6 +1246,7 @@ static const struct Curl_crtype cr_null = { Curl_creader_def_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct Curl_creader) }; @@ -1294,6 +1346,7 @@ static const struct Curl_crtype cr_buf = { cr_buf_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct cr_buf_ctx) }; @@ -1356,6 +1409,18 @@ CURLcode Curl_creader_unpause(struct Curl_easy *data) return result; } +bool Curl_creader_is_paused(struct Curl_easy *data) +{ + struct Curl_creader *reader = data->req.reader_stack; + + while(reader) { + if(reader->crt->is_paused(data, reader)) + return TRUE; + reader = reader->next; + } + return FALSE; +} + void Curl_creader_done(struct Curl_easy *data, int premature) { struct Curl_creader *reader = data->req.reader_stack; diff --git a/vendor/hydra/vendor/curl/lib/sendf.h b/vendor/hydra/vendor/curl/lib/sendf.h index 82a29025..dc1b82ed 100644 --- a/vendor/hydra/vendor/curl/lib/sendf.h +++ b/vendor/hydra/vendor/curl/lib/sendf.h @@ -218,6 +218,7 @@ struct Curl_crtype { struct Curl_creader *reader, curl_off_t offset); CURLcode (*rewind)(struct Curl_easy *data, struct Curl_creader *reader); CURLcode (*unpause)(struct Curl_easy *data, struct Curl_creader *reader); + bool (*is_paused)(struct Curl_easy *data, struct Curl_creader *reader); void (*done)(struct Curl_easy *data, struct Curl_creader *reader, int premature); size_t creader_size; /* sizeof() allocated struct Curl_creader */ @@ -268,6 +269,8 @@ CURLcode Curl_creader_def_rewind(struct Curl_easy *data, struct Curl_creader *reader); CURLcode Curl_creader_def_unpause(struct Curl_easy *data, struct Curl_creader *reader); +bool Curl_creader_def_is_paused(struct Curl_easy *data, + struct Curl_creader *reader); void Curl_creader_def_done(struct Curl_easy *data, struct Curl_creader *reader, int premature); @@ -375,6 +378,11 @@ CURLcode Curl_creader_resume_from(struct Curl_easy *data, curl_off_t offset); */ CURLcode Curl_creader_unpause(struct Curl_easy *data); +/** + * Return TRUE iff any of the installed readers is paused. + */ +bool Curl_creader_is_paused(struct Curl_easy *data); + /** * Tell all client readers that they are done. */ diff --git a/vendor/hydra/vendor/curl/lib/setopt.c b/vendor/hydra/vendor/curl/lib/setopt.c index e8b25454..5b9a4cba 100644 --- a/vendor/hydra/vendor/curl/lib/setopt.c +++ b/vendor/hydra/vendor/curl/lib/setopt.c @@ -139,8 +139,38 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) return CURLE_OK; } +static CURLcode setstropt_interface(char *option, char **devp, + char **ifacep, char **hostp) +{ + char *dev = NULL; + char *iface = NULL; + char *host = NULL; + CURLcode result; + + DEBUGASSERT(devp); + DEBUGASSERT(ifacep); + DEBUGASSERT(hostp); + + if(option) { + /* Parse the interface details if set, otherwise clear them all */ + result = Curl_parse_interface(option, &dev, &iface, &host); + if(result) + return result; + } + free(*devp); + *devp = dev; + + free(*ifacep); + *ifacep = iface; + + free(*hostp); + *hostp = host; + + return CURLE_OK; +} + #define C_SSLVERSION_VALUE(x) (x & 0xffff) -#define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000) +#define C_SSLVERSION_MAX_VALUE(x) ((unsigned long)x & 0xffff0000) static CURLcode protocol2num(const char *str, curl_prot_t *val) { @@ -203,27 +233,39 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.dns_cache_timeout = (int)arg; break; case CURLOPT_CA_CACHE_TIMEOUT: - arg = va_arg(param, long); - if(arg < -1) - return CURLE_BAD_FUNCTION_ARGUMENT; - else if(arg > INT_MAX) - arg = INT_MAX; + if(Curl_ssl_supports(data, SSLSUPP_CA_CACHE)) { + arg = va_arg(param, long); + if(arg < -1) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(arg > INT_MAX) + arg = INT_MAX; - data->set.general_ssl.ca_cache_timeout = (int)arg; + data->set.general_ssl.ca_cache_timeout = (int)arg; + } + else + return CURLE_NOT_BUILT_IN; break; case CURLOPT_DNS_USE_GLOBAL_CACHE: /* deprecated */ break; case CURLOPT_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST], - va_arg(param, char *)); + if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) { + /* set a list of cipher we want to use in the SSL connection */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST], + va_arg(param, char *)); + } + else + return CURLE_NOT_BUILT_IN; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_CIPHER_LIST: - /* set a list of cipher we want to use in the SSL connection for proxy */ - result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], - va_arg(param, char *)); + if(Curl_ssl_supports(data, SSLSUPP_CIPHER_LIST)) { + /* set a list of cipher we want to use in the SSL connection for proxy */ + result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY], + va_arg(param, char *)); + } + else + return CURLE_NOT_BUILT_IN; break; #endif case CURLOPT_TLS13_CIPHERS: @@ -312,7 +354,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_FAILONERROR: /* - * Don't output the >=400 error code HTML-page, but instead only + * Do not output the >=400 error code HTML-page, but instead only * return error. */ data->set.http_fail_on_error = (0 != va_arg(param, long)); @@ -383,8 +425,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * TFTP option that specifies the block size to use for data transmission. */ arg = va_arg(param, long); - if(arg > TFTP_BLKSIZE_MAX || arg < TFTP_BLKSIZE_MIN) - return CURLE_BAD_FUNCTION_ARGUMENT; + if(arg < TFTP_BLKSIZE_MIN) + arg = 512; + else if(arg > TFTP_BLKSIZE_MAX) + arg = TFTP_BLKSIZE_MAX; data->set.tftp_blksize = arg; break; #endif @@ -461,7 +505,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); version = C_SSLVERSION_VALUE(arg); - version_max = C_SSLVERSION_MAX_VALUE(arg); + version_max = (long)C_SSLVERSION_MAX_VALUE(arg); if(version < CURL_SSLVERSION_DEFAULT || version == CURL_SSLVERSION_SSLv2 || @@ -582,7 +626,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * * If the encoding is set to "" we use an Accept-Encoding header that * encompasses all the encodings we support. - * If the encoding is set to NULL we don't send an Accept-Encoding header + * If the encoding is set to NULL we do not send an Accept-Encoding header * and ignore an received Content-Encoding header. * */ @@ -646,7 +690,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_POST: /* Does this option serve a purpose anymore? Yes it does, when - CURLOPT_POSTFIELDS isn't used and the POST data is read off the + CURLOPT_POSTFIELDS is not used and the POST data is read off the callback! */ if(va_arg(param, long)) { data->set.method = HTTPREQ_POST; @@ -749,7 +793,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* general protection against mistakes and abuse */ if(strlen(argptr) > CURL_MAX_INPUT_LENGTH) return CURLE_BAD_FUNCTION_ARGUMENT; - /* append the cookie file name to the list of file names, and deal with + /* append the cookie filename to the list of filenames, and deal with them later */ cl = curl_slist_append(data->state.cookielist, argptr); if(!cl) { @@ -765,7 +809,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->state.cookielist = NULL; if(!data->share || !data->share->cookies) { - /* throw away all existing cookies if this isn't a shared cookie + /* throw away all existing cookies if this is not a shared cookie container */ Curl_cookie_clearall(data->cookies); Curl_cookie_cleanup(data->cookies); @@ -777,7 +821,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_COOKIEJAR: /* - * Set cookie file name to dump all cookies to when we're done. + * Set cookie filename to dump all cookies to when we are done. */ result = Curl_setstropt(&data->set.str[STRING_COOKIEJAR], va_arg(param, char *)); @@ -928,7 +972,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_HTTP09_ALLOWED: - arg = va_arg(param, unsigned long); + arg = (long)va_arg(param, unsigned long); if(arg > 1L) return CURLE_BAD_FUNCTION_ARGUMENT; #ifdef USE_HYPER @@ -1007,7 +1051,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ } - /* switch off bits we can't support */ + /* switch off bits we cannot support */ #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM support */ #endif @@ -1039,7 +1083,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) result = Curl_setstropt(&data->set.str[STRING_CUSTOMREQUEST], va_arg(param, char *)); - /* we don't set + /* we do not set data->set.method = HTTPREQ_CUSTOM; here, we continue as if we were using the already set type and this just changes the actual request keyword */ @@ -1085,7 +1129,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) auth |= CURLAUTH_DIGEST; /* set standard digest bit */ auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */ } - /* switch off bits we can't support */ + /* switch off bits we cannot support */ #ifndef USE_NTLM auth &= ~CURLAUTH_NTLM; /* no NTLM support */ #endif @@ -1115,7 +1159,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Set proxy server:port to use as proxy. * * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL) - * we explicitly say that we don't want to use a proxy + * we explicitly say that we do not want to use a proxy * (even though there might be environment variables saying so). * * Setting it to NULL, means no proxy but allows the environment variables @@ -1129,7 +1173,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Set proxy server:port to use as SOCKS proxy. * - * If the proxy is set to "" or NULL we explicitly say that we don't want + * If the proxy is set to "" or NULL we explicitly say that we do not want * to use the socks proxy. */ result = Curl_setstropt(&data->set.str[STRING_PRE_PROXY], @@ -1500,7 +1544,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_USERNAME: /* - * authentication user name to use in the operation + * authentication username to use in the operation */ result = Curl_setstropt(&data->set.str[STRING_USERNAME], va_arg(param, char *)); @@ -1541,7 +1585,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Prefix the HOST with dash (-) to _remove_ the entry from the cache. * * This API can remove any entry from the DNS cache, but only entries - * that aren't actually in use right now will be pruned immediately. + * that are not actually in use right now will be pruned immediately. */ data->set.resolve = va_arg(param, struct curl_slist *); data->state.resolve = data->set.resolve; @@ -1598,7 +1642,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_PROXYUSERNAME: /* - * authentication user name to use in the operation + * authentication username to use in the operation */ result = Curl_setstropt(&data->set.str[STRING_PROXYUSERNAME], va_arg(param, char *)); @@ -1650,7 +1694,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ data->set.fdebug = va_arg(param, curl_debug_callback); /* - * if the callback provided is NULL, it'll use the default callback + * if the callback provided is NULL, it will use the default callback */ break; case CURLOPT_DEBUGDATA: @@ -1723,7 +1767,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_SSLCERT: /* - * String that holds file name of the SSL certificate to use + * String that holds filename of the SSL certificate to use */ result = Curl_setstropt(&data->set.str[STRING_CERT], va_arg(param, char *)); @@ -1738,7 +1782,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSLCERT: /* - * String that holds file name of the SSL certificate to use for proxy + * String that holds filename of the SSL certificate to use for proxy */ result = Curl_setstropt(&data->set.str[STRING_CERT_PROXY], va_arg(param, char *)); @@ -1769,7 +1813,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_SSLKEY: /* - * String that holds file name of the SSL key to use + * String that holds filename of the SSL key to use */ result = Curl_setstropt(&data->set.str[STRING_KEY], va_arg(param, char *)); @@ -1784,7 +1828,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSLKEY: /* - * String that holds file name of the SSL key to use for proxy + * String that holds filename of the SSL key to use for proxy */ result = Curl_setstropt(&data->set.str[STRING_KEY_PROXY], va_arg(param, char *)); @@ -1877,8 +1921,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Set what interface or address/hostname to bind the socket to when * performing an operation and thus what from-IP your connection will use. */ - result = Curl_setstropt(&data->set.str[STRING_DEVICE], - va_arg(param, char *)); + result = setstropt_interface(va_arg(param, char *), + &data->set.str[STRING_DEVICE], + &data->set.str[STRING_INTERFACE], + &data->set.str[STRING_BINDHOST]); break; #ifndef CURL_DISABLE_BINDLOCAL case CURLOPT_LOCALPORT: @@ -1931,7 +1977,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Enable peer SSL verifying for proxy. */ data->set.proxy_ssl.primary.verifypeer = - (0 != va_arg(param, long))?TRUE:FALSE; + (0 != va_arg(param, long)); /* Update the current connection proxy_ssl_config. */ Curl_ssl_conn_config_update(data, TRUE); @@ -1939,12 +1985,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_SSL_VERIFYHOST: /* - * Enable verification of the host name in the peer certificate + * Enable verification of the hostname in the peer certificate */ arg = va_arg(param, long); /* Obviously people are not reading documentation and too many thought - this argument took a boolean when it wasn't and misused it. + this argument took a boolean when it was not and misused it. Treat 1 and 2 the same */ data->set.ssl.primary.verifyhost = !!(arg & 3); @@ -1954,7 +2000,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYHOST: /* - * Enable verification of the host name in the peer certificate for DoH + * Enable verification of the hostname in the peer certificate for DoH */ arg = va_arg(param, long); @@ -1965,12 +2011,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_VERIFYHOST: /* - * Enable verification of the host name in the peer certificate for proxy + * Enable verification of the hostname in the peer certificate for proxy */ arg = va_arg(param, long); /* Treat both 1 and 2 as TRUE */ - data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE); + data->set.proxy_ssl.primary.verifyhost = !!(arg & 3); /* Update the current connection proxy_ssl_config. */ Curl_ssl_conn_config_update(data, TRUE); break; @@ -2046,7 +2092,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_PINNEDPUBLICKEY: /* * Set pinned public key for SSL connection. - * Specify file name of the public key in DER format. + * Specify filename of the public key in DER format. */ #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) @@ -2060,7 +2106,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_PROXY_PINNEDPUBLICKEY: /* * Set pinned public key for SSL connection. - * Specify file name of the public key in DER format. + * Specify filename of the public key in DER format. */ #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_PINNEDPUBKEY)) @@ -2073,7 +2119,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_CAINFO: /* - * Set CA info for SSL connection. Specify file name of the CA certificate + * Set CA info for SSL connection. Specify filename of the CA certificate */ result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE], va_arg(param, char *)); @@ -2095,7 +2141,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_CAINFO: /* - * Set CA info SSL connection for proxy. Specify file name of the + * Set CA info SSL connection for proxy. Specify filename of the * CA certificate */ result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], @@ -2123,7 +2169,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) - /* This does not work on windows. */ + /* This does not work on Windows. */ result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH], va_arg(param, char *)); else @@ -2138,7 +2184,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_CA_PATH)) - /* This does not work on windows. */ + /* This does not work on Windows. */ result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY], va_arg(param, char *)); else @@ -2148,7 +2194,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_CRLFILE: /* - * Set CRL file info for SSL connection. Specify file name of the CRL + * Set CRL file info for SSL connection. Specify filename of the CRL * to check certificates revocation */ result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE], @@ -2157,7 +2203,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_CRLFILE: /* - * Set CRL file info for SSL connection for proxy. Specify file name of the + * Set CRL file info for SSL connection for proxy. Specify filename of the * CRL to check certificates revocation */ result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY], @@ -2207,7 +2253,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_BUFFERSIZE: /* * The application kindly asks for a differently sized receive buffer. - * If it seems reasonable, we'll use it. + * If it seems reasonable, we will use it. */ arg = va_arg(param, long); @@ -2495,16 +2541,17 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_SSL_SESSIONID_CACHE: - data->set.ssl.primary.sessionid = (0 != va_arg(param, long)); + data->set.ssl.primary.cache_session = (0 != va_arg(param, long)); #ifndef CURL_DISABLE_PROXY - data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; + data->set.proxy_ssl.primary.cache_session = + data->set.ssl.primary.cache_session; #endif break; #ifdef USE_SSH /* we only include SSH options if explicitly built to support SSH */ case CURLOPT_SSH_AUTH_TYPES: - data->set.ssh_auth_types = (unsigned int)va_arg(param, long); + data->set.ssh_auth_types = (int)va_arg(param, long); break; case CURLOPT_SSH_PUBLIC_KEYFILE: @@ -2533,7 +2580,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_SSH_KNOWNHOSTS: /* - * Store the file name to read known hosts from. + * Store the filename to read known hosts from. */ result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS], va_arg(param, char *)); @@ -2575,7 +2622,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_SSH_COMPRESSION: - data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.ssh_compression = (0 != va_arg(param, long)); break; #endif /* USE_SSH */ @@ -2587,7 +2634,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.http_te_skip = (0 == va_arg(param, long)); break; #else - return CURLE_NOT_BUILT_IN; /* hyper doesn't support */ + return CURLE_NOT_BUILT_IN; /* hyper does not support */ #endif case CURLOPT_HTTP_CONTENT_DECODING: @@ -2625,7 +2672,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Use this scope id when using IPv6 * We always get longs when passed plain numericals so we should check - * that the value fits into an unsigned 32 bit integer. + * that the value fits into an unsigned 32-bit integer. */ uarg = va_arg(param, unsigned long); #if SIZEOF_LONG > 4 @@ -2653,22 +2700,32 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_PROTOCOLS_STR: { argptr = va_arg(param, char *); - result = protocol2num(argptr, &data->set.allowed_protocols); - if(result) - return result; + if(argptr) { + result = protocol2num(argptr, &data->set.allowed_protocols); + if(result) + return result; + } + else + /* make a NULL argument reset to default */ + data->set.allowed_protocols = (curl_prot_t) CURLPROTO_ALL; break; } case CURLOPT_REDIR_PROTOCOLS_STR: { argptr = va_arg(param, char *); - result = protocol2num(argptr, &data->set.redir_protocols); - if(result) - return result; + if(argptr) { + result = protocol2num(argptr, &data->set.redir_protocols); + if(result) + return result; + } + else + /* make a NULL argument reset to default */ + data->set.redir_protocols = (curl_prot_t) CURLPROTO_REDIR; break; } case CURLOPT_DEFAULT_PROTOCOL: - /* Set the protocol to use when the URL doesn't include any protocol */ + /* Set the protocol to use when the URL does not include any protocol */ result = Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL], va_arg(param, char *)); break; @@ -2918,10 +2975,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = INT_MAX; data->set.tcp_keepintvl = (int)arg; break; + case CURLOPT_TCP_KEEPCNT: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + else if(arg > INT_MAX) + arg = INT_MAX; + data->set.tcp_keepcnt = (int)arg; + break; case CURLOPT_TCP_FASTOPEN: #if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \ defined(TCP_FASTOPEN_CONNECT) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.tcp_fastopen = (0 != va_arg(param, long)); #else result = CURLE_NOT_BUILT_IN; #endif @@ -2973,7 +3038,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.connect_to = va_arg(param, struct curl_slist *); break; case CURLOPT_SUPPRESS_CONNECT_HEADERS: - data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.suppress_connect_headers = (0 != va_arg(param, long)); break; case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS: uarg = va_arg(param, unsigned long); @@ -2993,7 +3058,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_DOH_URL: result = Curl_setstropt(&data->set.str[STRING_DOH], va_arg(param, char *)); - data->set.doh = data->set.str[STRING_DOH]?TRUE:FALSE; + data->set.doh = !!(data->set.str[STRING_DOH]); break; #endif case CURLOPT_UPKEEP_INTERVAL_MS: @@ -3049,7 +3114,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr); if(result) return result; - /* this needs to build a list of file names to read from, so that it can + /* this needs to build a list of filenames to read from, so that it can read them later, as we might get a shared HSTS handle to load them into */ h = curl_slist_append(data->state.hstslist, argptr); @@ -3135,8 +3200,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) argptr = va_arg(param, char *); if(!argptr) { data->set.tls_ech = CURLECH_DISABLE; - result = CURLE_BAD_FUNCTION_ARGUMENT; - return result; + return CURLE_OK; } plen = strlen(argptr); if(plen > CURL_MAX_INPUT_LENGTH) { diff --git a/vendor/hydra/vendor/curl/lib/setup-os400.h b/vendor/hydra/vendor/curl/lib/setup-os400.h index 53e91777..ef7baca6 100644 --- a/vendor/hydra/vendor/curl/lib/setup-os400.h +++ b/vendor/hydra/vendor/curl/lib/setup-os400.h @@ -38,6 +38,15 @@ typedef unsigned long u_int32_t; #define isatty(fd) 0 +/* Workaround bug in IBM QADRT runtime library: + * function puts() does not output the implicit trailing newline. + */ + +#include /* Be sure it is loaded. */ +#undef puts +#define puts(s) (fputs((s), stdout) == EOF? EOF: putchar('\n')) + + /* System API wrapper prototypes & definitions to support ASCII parameters. */ #include @@ -46,6 +55,8 @@ typedef unsigned long u_int32_t; #include #include +#ifdef BUILDING_LIBCURL + extern int Curl_getaddrinfo_a(const char *nodename, const char *servname, const struct addrinfo *hints, @@ -141,4 +152,6 @@ extern int Curl_os400_getsockname(int sd, struct sockaddr *addr, int *addrlen); #define inflateEnd Curl_os400_inflateEnd #endif +#endif /* BUILDING_LIBCURL */ + #endif /* HEADER_CURL_SETUP_OS400_H */ diff --git a/vendor/hydra/vendor/curl/lib/setup-vms.h b/vendor/hydra/vendor/curl/lib/setup-vms.h index ea3936c7..33b74db3 100644 --- a/vendor/hydra/vendor/curl/lib/setup-vms.h +++ b/vendor/hydra/vendor/curl/lib/setup-vms.h @@ -101,7 +101,7 @@ static char *vms_translate_path(const char *path) } } # else - /* VMS translate path is actually not needed on the current 64 bit */ + /* VMS translate path is actually not needed on the current 64-bit */ /* VMS platforms, so instead of figuring out the pointer settings */ /* Change it to a noop */ # define vms_translate_path(__path) __path @@ -144,7 +144,7 @@ static struct passwd *vms_getpwuid(uid_t uid) { struct passwd *my_passwd; -/* Hack needed to support 64 bit builds, decc_getpwnam is 32 bit only */ +/* Hack needed to support 64-bit builds, decc_getpwnam is 32-bit only */ #ifdef __DECC # if __INITIAL_POINTER_SIZE __char_ptr32 unix_path; diff --git a/vendor/hydra/vendor/curl/lib/setup-win32.h b/vendor/hydra/vendor/curl/lib/setup-win32.h index d7e2e6be..a297bdcf 100644 --- a/vendor/hydra/vendor/curl/lib/setup-win32.h +++ b/vendor/hydra/vendor/curl/lib/setup-win32.h @@ -62,11 +62,11 @@ #endif /* - * Include header files for windows builds before redefining anything. + * Include header files for Windows builds before redefining anything. * Use this preprocessor block only to include or exclude windows.h, - * winsock2.h or ws2tcpip.h. Any other windows thing belongs - * to any other further and independent block. Under Cygwin things work - * just as under linux (e.g. ) and the winsock headers should + * winsock2.h or ws2tcpip.h. Any other Windows thing belongs + * to any other further and independent block. Under Cygwin things work + * just as under Linux (e.g. ) and the Winsock headers should * never be included when __CYGWIN__ is defined. */ @@ -78,7 +78,7 @@ # error "_UNICODE is defined but UNICODE is not defined" # endif /* - * Don't include unneeded stuff in Windows headers to avoid compiler + * Do not include unneeded stuff in Windows headers to avoid compiler * warnings and macro clashes. * Make sure to define this macro before including any Windows headers. */ diff --git a/vendor/hydra/vendor/curl/lib/sha256.c b/vendor/hydra/vendor/curl/lib/sha256.c index 4a02045d..91dc9501 100644 --- a/vendor/hydra/vendor/curl/lib/sha256.c +++ b/vendor/hydra/vendor/curl/lib/sha256.c @@ -100,10 +100,10 @@ #if defined(USE_OPENSSL_SHA256) -struct sha256_ctx { +struct ossl_sha256_ctx { EVP_MD_CTX *openssl_ctx; }; -typedef struct sha256_ctx my_sha256_ctx; +typedef struct ossl_sha256_ctx my_sha256_ctx; static CURLcode my_sha256_init(my_sha256_ctx *ctx) { @@ -247,7 +247,7 @@ static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); - if(length == SHA256_DIGEST_LENGTH) + if(length == CURL_SHA256_DIGEST_LENGTH) CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0); if(ctx->hHash) @@ -334,14 +334,14 @@ static const unsigned long K[64] = { #define RORc(x, y) \ (((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y) & 31)) | \ ((unsigned long)(x) << (unsigned long)(32 - ((y) & 31)))) & 0xFFFFFFFFUL) -#define Ch(x,y,z) (z ^ (x & (y ^ z))) -#define Maj(x,y,z) (((x | y) & z) | (x & y)) -#define S(x, n) RORc((x), (n)) -#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) -#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) -#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) -#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) -#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) +#define Sha256_Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Sha256_Maj(x,y,z) (((x | y) & z) | (x & y)) +#define Sha256_S(x, n) RORc((x), (n)) +#define Sha256_R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) +#define Sigma0(x) (Sha256_S(x, 2) ^ Sha256_S(x, 13) ^ Sha256_S(x, 22)) +#define Sigma1(x) (Sha256_S(x, 6) ^ Sha256_S(x, 11) ^ Sha256_S(x, 25)) +#define Gamma0(x) (Sha256_S(x, 7) ^ Sha256_S(x, 18) ^ Sha256_R(x, 3)) +#define Gamma1(x) (Sha256_S(x, 17) ^ Sha256_S(x, 19) ^ Sha256_R(x, 10)) /* Compress 512-bits */ static int sha256_compress(struct sha256_state *md, @@ -364,12 +364,12 @@ static int sha256_compress(struct sha256_state *md, } /* Compress */ -#define RND(a,b,c,d,e,f,g,h,i) \ - do { \ - unsigned long t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ - unsigned long t1 = Sigma0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; \ +#define RND(a,b,c,d,e,f,g,h,i) \ + do { \ + unsigned long t0 = h + Sigma1(e) + Sha256_Ch(e, f, g) + K[i] + W[i]; \ + unsigned long t1 = Sigma0(a) + Sha256_Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; \ } while(0) for(i = 0; i < 64; ++i) { @@ -467,7 +467,7 @@ static int my_sha256_final(unsigned char *out, md->buf[md->curlen++] = (unsigned char)0x80; /* If the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length + * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if(md->curlen > 56) { @@ -542,4 +542,4 @@ const struct HMAC_params Curl_HMAC_SHA256[] = { }; -#endif /* AWS, DIGEST, or libSSH2 */ +#endif /* AWS, DIGEST, or libssh2 */ diff --git a/vendor/hydra/vendor/curl/lib/share.c b/vendor/hydra/vendor/curl/lib/share.c index 8fa5cda0..2ddaba6d 100644 --- a/vendor/hydra/vendor/curl/lib/share.c +++ b/vendor/hydra/vendor/curl/lib/share.c @@ -26,10 +26,12 @@ #include #include "urldata.h" +#include "connect.h" #include "share.h" #include "psl.h" #include "vtls/vtls.h" #include "hsts.h" +#include "url.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -64,7 +66,7 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) return CURLSHE_INVALID; if(share->dirty) - /* don't allow setting options while one or more handles are already + /* do not allow setting options while one or more handles are already using this share */ return CURLSHE_IN_USE; @@ -119,8 +121,12 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) break; case CURL_LOCK_DATA_CONNECT: - if(Curl_conncache_init(&share->conn_cache, 103)) - res = CURLSHE_NOMEM; + /* It is safe to set this option several times on a share. */ + if(!share->cpool.idata) { + if(Curl_cpool_init(&share->cpool, Curl_on_disconnect, + NULL, share, 103)) + res = CURLSHE_NOMEM; + } break; case CURL_LOCK_DATA_PSL: @@ -223,8 +229,9 @@ curl_share_cleanup(struct Curl_share *share) return CURLSHE_IN_USE; } - Curl_conncache_close_all_connections(&share->conn_cache); - Curl_conncache_destroy(&share->conn_cache); + if(share->specifier & (1 << CURL_LOCK_DATA_CONNECT)) { + Curl_cpool_destroy(&share->cpool); + } Curl_hash_destroy(&share->hostcache); #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) @@ -268,7 +275,7 @@ Curl_share_lock(struct Curl_easy *data, curl_lock_data type, if(share->lockfunc) /* only call this if set! */ share->lockfunc(data, type, accesstype, share->clientdata); } - /* else if we don't share this, pretend successful lock */ + /* else if we do not share this, pretend successful lock */ return CURLSHE_OK; } diff --git a/vendor/hydra/vendor/curl/lib/share.h b/vendor/hydra/vendor/curl/lib/share.h index 632d9198..124f7049 100644 --- a/vendor/hydra/vendor/curl/lib/share.h +++ b/vendor/hydra/vendor/curl/lib/share.h @@ -34,7 +34,10 @@ #define CURL_GOOD_SHARE 0x7e117a1e #define GOOD_SHARE_HANDLE(x) ((x) && (x)->magic == CURL_GOOD_SHARE) -/* this struct is libcurl-private, don't export details */ +#define CURL_SHARE_KEEP_CONNECT(s) \ + ((s) && ((s)->specifier & (1<< CURL_LOCK_DATA_CONNECT))) + +/* this struct is libcurl-private, do not export details */ struct Curl_share { unsigned int magic; /* CURL_GOOD_SHARE */ unsigned int specifier; @@ -43,7 +46,7 @@ struct Curl_share { curl_lock_function lockfunc; curl_unlock_function unlockfunc; void *clientdata; - struct conncache conn_cache; + struct cpool cpool; struct Curl_hash hostcache; #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) struct CookieInfo *cookies; diff --git a/vendor/hydra/vendor/curl/lib/sigpipe.h b/vendor/hydra/vendor/curl/lib/sigpipe.h index 9b29403c..c57580f4 100644 --- a/vendor/hydra/vendor/curl/lib/sigpipe.h +++ b/vendor/hydra/vendor/curl/lib/sigpipe.h @@ -35,6 +35,13 @@ struct sigpipe_ignore { }; #define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x +#define SIGPIPE_MEMBER(x) struct sigpipe_ignore x + +static void sigpipe_init(struct sigpipe_ignore *ig) +{ + memset(ig, 0, sizeof(*ig)); + ig->no_signal = TRUE; +} /* * sigpipe_ignore() makes sure we ignore SIGPIPE while running libcurl @@ -70,11 +77,23 @@ static void sigpipe_restore(struct sigpipe_ignore *ig) sigaction(SIGPIPE, &ig->old_pipe_act, NULL); } +static void sigpipe_apply(struct Curl_easy *data, + struct sigpipe_ignore *ig) +{ + if(data->set.no_signal != ig->no_signal) { + sigpipe_restore(ig); + sigpipe_ignore(data, ig); + } +} + #else /* for systems without sigaction */ #define sigpipe_ignore(x,y) Curl_nop_stmt +#define sigpipe_apply(x,y) Curl_nop_stmt +#define sigpipe_init(x) Curl_nop_stmt #define sigpipe_restore(x) Curl_nop_stmt #define SIGPIPE_VARIABLE(x) +#define SIGPIPE_MEMBER(x) bool x #endif #endif /* HEADER_CURL_SIGPIPE_H */ diff --git a/vendor/hydra/vendor/curl/lib/smb.c b/vendor/hydra/vendor/curl/lib/smb.c index cab1e757..f4fff9e6 100644 --- a/vendor/hydra/vendor/curl/lib/smb.c +++ b/vendor/hydra/vendor/curl/lib/smb.c @@ -559,7 +559,7 @@ static void smb_format_message(struct Curl_easy *data, struct smb_header *h, h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME); h->uid = smb_swap16(smbc->uid); h->tid = smb_swap16(req->tid); - pid = getpid(); + pid = (unsigned int)getpid(); h->pid_high = smb_swap16((unsigned short)(pid >> 16)); h->pid = smb_swap16((unsigned short) pid); } @@ -572,7 +572,7 @@ static CURLcode smb_send(struct Curl_easy *data, size_t len, size_t bytes_written; CURLcode result; - result = Curl_xfer_send(data, smbc->send_buf, len, &bytes_written); + result = Curl_xfer_send(data, smbc->send_buf, len, FALSE, &bytes_written); if(result) return result; @@ -597,7 +597,7 @@ static CURLcode smb_flush(struct Curl_easy *data) if(!smbc->send_size) return CURLE_OK; - result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len, + result = Curl_xfer_send(data, smbc->send_buf + smbc->sent, len, FALSE, &bytes_written); if(result) return result; @@ -642,9 +642,9 @@ static CURLcode smb_send_setup(struct Curl_easy *data) unsigned char nt_hash[21]; unsigned char nt[24]; - size_t byte_count = sizeof(lm) + sizeof(nt); - byte_count += strlen(smbc->user) + strlen(smbc->domain); - byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */ + const size_t byte_count = sizeof(lm) + sizeof(nt) + + strlen(smbc->user) + strlen(smbc->domain) + + strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */ if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; @@ -653,7 +653,7 @@ static CURLcode smb_send_setup(struct Curl_easy *data) Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash); Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt); - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_SETUP_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; msg.max_buffer_size = smb_swap16(MAX_MESSAGE_SIZE); @@ -671,7 +671,7 @@ static CURLcode smb_send_setup(struct Curl_easy *data) MSGCATNULL(smbc->domain); MSGCATNULL(OS); MSGCATNULL(CLIENTNAME); - byte_count = p - msg.bytes; + DEBUGASSERT(byte_count == (size_t)(p - msg.bytes)); msg.byte_count = smb_swap16((unsigned short)byte_count); return smb_send_message(data, SMB_COM_SETUP_ANDX, &msg, @@ -685,12 +685,12 @@ static CURLcode smb_send_tree_connect(struct Curl_easy *data) struct smb_conn *smbc = &conn->proto.smbc; char *p = msg.bytes; - size_t byte_count = strlen(conn->host.name) + strlen(smbc->share); - byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */ + const size_t byte_count = strlen(conn->host.name) + strlen(smbc->share) + + strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */ if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_TREE_CONNECT_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; msg.pw_len = 0; @@ -699,7 +699,7 @@ static CURLcode smb_send_tree_connect(struct Curl_easy *data) MSGCAT("\\"); MSGCATNULL(smbc->share); MSGCATNULL(SERVICENAME); /* Match any type of service */ - byte_count = p - msg.bytes; + DEBUGASSERT(byte_count == (size_t)(p - msg.bytes)); msg.byte_count = smb_swap16((unsigned short)byte_count); return smb_send_message(data, SMB_COM_TREE_CONNECT_ANDX, &msg, @@ -710,16 +710,15 @@ static CURLcode smb_send_open(struct Curl_easy *data) { struct smb_request *req = data->req.p.smb; struct smb_nt_create msg; - size_t byte_count; + const size_t byte_count = strlen(req->path) + 1; - if((strlen(req->path) + 1) > sizeof(msg.bytes)) + if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - memset(&msg, 0, sizeof(msg)); + memset(&msg, 0, sizeof(msg) - sizeof(msg.bytes)); msg.word_count = SMB_WC_NT_CREATE_ANDX; msg.andx.command = SMB_COM_NO_ANDX_COMMAND; - byte_count = strlen(req->path); - msg.name_length = smb_swap16((unsigned short)byte_count); + msg.name_length = smb_swap16((unsigned short)(byte_count - 1)); msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); if(data->state.upload) { msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); @@ -729,7 +728,7 @@ static CURLcode smb_send_open(struct Curl_easy *data) msg.access = smb_swap32(SMB_GENERIC_READ); msg.create_disposition = smb_swap32(SMB_FILE_OPEN); } - msg.byte_count = smb_swap16((unsigned short) ++byte_count); + msg.byte_count = smb_swap16((unsigned short) byte_count); strcpy(msg.bytes, req->path); return smb_send_message(data, SMB_COM_NT_CREATE_ANDX, &msg, @@ -924,7 +923,7 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done) /* * Convert a timestamp from the Windows world (100 nsec units from 1 Jan 1601) - * to Posix time. Cap the output to fit within a time_t. + * to POSIX time. Cap the output to fit within a time_t. */ static void get_posix_time(time_t *out, curl_off_t timestamp) { @@ -1071,7 +1070,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) break; case SMB_CLOSE: - /* We don't care if the close failed, proceed to tree disconnect anyway */ + /* We do not care if the close failed, proceed to tree disconnect anyway */ next_state = SMB_TREE_DISCONNECT; break; diff --git a/vendor/hydra/vendor/curl/lib/smtp.c b/vendor/hydra/vendor/curl/lib/smtp.c index dd231a52..3c589328 100644 --- a/vendor/hydra/vendor/curl/lib/smtp.c +++ b/vendor/hydra/vendor/curl/lib/smtp.c @@ -288,7 +288,7 @@ static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out) static void smtp_state(struct Curl_easy *data, smtpstate newstate) { struct smtp_conn *smtpc = &data->conn->proto.smtpc; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) /* for debug purposes */ static const char * const names[] = { "STOP", @@ -308,8 +308,8 @@ static void smtp_state(struct Curl_easy *data, smtpstate newstate) }; if(smtpc->state != newstate) - infof(data, "SMTP %p state change from %s to %s", - (void *)smtpc, names[smtpc->state], names[newstate]); + CURL_TRC_SMTP(data, "state change from %s to %s", + names[smtpc->state], names[newstate]); #endif smtpc->state = newstate; @@ -534,16 +534,16 @@ static CURLcode smtp_perform_command(struct Curl_easy *data) if(smtp->rcpt) { /* We notify the server we are sending UTF-8 data if a) it supports the SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in - either the local address or host name parts. This is regardless of - whether the host name is encoded using IDN ACE */ + either the local address or hostname parts. This is regardless of + whether the hostname is encoded using IDN ACE */ bool utf8 = FALSE; if((!smtp->custom) || (!smtp->custom[0])) { char *address = NULL; struct hostname host = { NULL, NULL, NULL, NULL }; - /* Parse the mailbox to verify into the local address and host name - parts, converting the host name to an IDN A-label if necessary */ + /* Parse the mailbox to verify into the local address and hostname + parts, converting the hostname to an IDN A-label if necessary */ result = smtp_parse_address(smtp->rcpt->data, &address, &host); if(result) @@ -555,7 +555,7 @@ static CURLcode smtp_perform_command(struct Curl_easy *data) ((host.encalloc) || (!Curl_is_ASCII_name(address)) || (!Curl_is_ASCII_name(host.name))); - /* Send the VRFY command (Note: The host name part may be absent when the + /* Send the VRFY command (Note: The hostname part may be absent when the host is a local system) */ result = Curl_pp_sendf(data, &conn->proto.smtpc.pp, "VRFY %s%s%s%s", address, @@ -607,8 +607,8 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) /* We notify the server we are sending UTF-8 data if a) it supports the SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in - either the local address or host name parts. This is regardless of - whether the host name is encoded using IDN ACE */ + either the local address or hostname parts. This is regardless of + whether the hostname is encoded using IDN ACE */ bool utf8 = FALSE; /* Calculate the FROM parameter */ @@ -616,8 +616,8 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) char *address = NULL; struct hostname host = { NULL, NULL, NULL, NULL }; - /* Parse the FROM mailbox into the local address and host name parts, - converting the host name to an IDN A-label if necessary */ + /* Parse the FROM mailbox into the local address and hostname parts, + converting the hostname to an IDN A-label if necessary */ result = smtp_parse_address(data->set.str[STRING_MAIL_FROM], &address, &host); if(result) @@ -635,8 +635,8 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) Curl_free_idnconverted_hostname(&host); } else - /* An invalid mailbox was provided but we'll simply let the server worry - about that and reply with a 501 error */ + /* An invalid mailbox was provided but we will simply let the server + worry about that and reply with a 501 error */ from = aprintf("<%s>", address); free(address); @@ -656,8 +656,8 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) char *address = NULL; struct hostname host = { NULL, NULL, NULL, NULL }; - /* Parse the AUTH mailbox into the local address and host name parts, - converting the host name to an IDN A-label if necessary */ + /* Parse the AUTH mailbox into the local address and hostname parts, + converting the hostname to an IDN A-label if necessary */ result = smtp_parse_address(data->set.str[STRING_MAIL_AUTH], &address, &host); if(result) @@ -676,7 +676,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) Curl_free_idnconverted_hostname(&host); } else - /* An invalid mailbox was provided but we'll simply let the server + /* An invalid mailbox was provided but we will simply let the server worry about it */ auth = aprintf("<%s>", address); free(address); @@ -695,7 +695,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) /* Prepare the mime data if some. */ if(data->set.mimepost.kind != MIMEKIND_NONE) { /* Use the whole structure as data. */ - data->set.mimepost.flags &= ~MIME_BODY_ONLY; + data->set.mimepost.flags &= ~(unsigned int)MIME_BODY_ONLY; /* Add external headers and mime version. */ curl_mime_headers(&data->set.mimepost, data->set.headers, 0); @@ -723,7 +723,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) /* Calculate the optional SIZE parameter */ if(conn->proto.smtpc.size_supported && data->state.infilesize > 0) { - size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize); + size = aprintf("%" FMT_OFF_T, data->state.infilesize); if(!size) { result = CURLE_OUT_OF_MEMORY; @@ -731,7 +731,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) } } - /* If the mailboxes in the FROM and AUTH parameters don't include a UTF-8 + /* If the mailboxes in the FROM and AUTH parameters do not include a UTF-8 based address then quickly scan through the recipient list and check if any there do, as we need to correctly identify our support for SMTPUTF8 in the envelope, as per RFC-6531 sect. 3.4 */ @@ -740,7 +740,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) struct curl_slist *rcpt = smtp->rcpt; while(rcpt && !utf8) { - /* Does the host name contain non-ASCII characters? */ + /* Does the hostname contain non-ASCII characters? */ if(!Curl_is_ASCII_name(rcpt->data)) utf8 = TRUE; @@ -790,8 +790,8 @@ static CURLcode smtp_perform_rcpt_to(struct Curl_easy *data) char *address = NULL; struct hostname host = { NULL, NULL, NULL, NULL }; - /* Parse the recipient mailbox into the local address and host name parts, - converting the host name to an IDN A-label if necessary */ + /* Parse the recipient mailbox into the local address and hostname parts, + converting the hostname to an IDN A-label if necessary */ result = smtp_parse_address(smtp->rcpt->data, &address, &host); if(result) @@ -802,7 +802,7 @@ static CURLcode smtp_perform_rcpt_to(struct Curl_easy *data) result = Curl_pp_sendf(data, &conn->proto.smtpc.pp, "RCPT TO:<%s@%s>", address, host.name); else - /* An invalid mailbox was provided but we'll simply let the server worry + /* An invalid mailbox was provided but we will simply let the server worry about that and reply with a 501 error */ result = Curl_pp_sendf(data, &conn->proto.smtpc.pp, "RCPT TO:<%s>", address); @@ -958,7 +958,7 @@ static CURLcode smtp_state_ehlo_resp(struct Curl_easy *data, if(smtpcode != 1) { if(data->set.use_ssl && !Curl_conn_is_ssl(conn, FIRSTSOCKET)) { - /* We don't have a SSL/TLS connection yet, but SSL is requested */ + /* We do not have a SSL/TLS connection yet, but SSL is requested */ if(smtpc->tls_supported) /* Switch to TLS connection now */ result = smtp_perform_starttls(data, conn); @@ -1102,7 +1102,7 @@ static CURLcode smtp_state_rcpt_resp(struct Curl_easy *data, is_smtp_err = (smtpcode/100 != 2) ? TRUE : FALSE; - /* If there's multiple RCPT TO to be issued, it's possible to ignore errors + /* If there is multiple RCPT TO to be issued, it is possible to ignore errors and proceed with only the valid addresses. */ is_smtp_blocking_err = (is_smtp_err && !data->set.mail_rcpt_allowfails) ? TRUE : FALSE; @@ -1129,7 +1129,7 @@ static CURLcode smtp_state_rcpt_resp(struct Curl_easy *data, /* Send the next RCPT TO command */ result = smtp_perform_rcpt_to(data); else { - /* We weren't able to issue a successful RCPT TO command while going + /* We were not able to issue a successful RCPT TO command while going over recipients (potentially multiple). Sending back last error. */ if(!smtp->rcpt_had_ok) { failf(data, "RCPT failed: %d (last error)", smtp->rcpt_last_error); @@ -1164,7 +1164,7 @@ static CURLcode smtp_state_data_resp(struct Curl_easy *data, int smtpcode, Curl_pgrsSetUploadSize(data, data->state.infilesize); /* SMTP upload */ - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* End of DO phase */ smtp_state(data, SMTP_STOP); @@ -1202,6 +1202,7 @@ static CURLcode smtp_statemachine(struct Curl_easy *data, size_t nread = 0; /* Busy upgrading the connection; right now all I/O is SSL/TLS, not SMTP */ +upgrade_tls: if(smtpc->state == SMTP_UPGRADETLS) return smtp_perform_upgrade_tls(data); @@ -1238,6 +1239,10 @@ static CURLcode smtp_statemachine(struct Curl_easy *data, case SMTP_STARTTLS: result = smtp_state_starttls_resp(data, smtpcode, smtpc->state); + /* During UPGRADETLS, leave the read loop as we need to connect + * (e.g. TLS handshake) before we continue sending/receiving. */ + if(!result && (smtpc->state == SMTP_UPGRADETLS)) + goto upgrade_tls; break; case SMTP_AUTH: @@ -1417,7 +1422,8 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status, /* Clear the transfer mode for the next request */ smtp->transfer = PPTRANSFER_BODY; - + CURL_TRC_SMTP(data, "smtp_done(status=%d, premature=%d) -> %d", + status, premature, result); return result; } @@ -1435,7 +1441,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, CURLcode result = CURLE_OK; struct SMTP *smtp = data->req.p.smtp; - DEBUGF(infof(data, "DO phase starts")); + CURL_TRC_SMTP(data, "smtp_perform(), start"); if(data->req.no_body) { /* Requested no body means no transfer */ @@ -1447,10 +1453,10 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, /* Store the first recipient (or NULL if not specified) */ smtp->rcpt = data->set.mail_rcpt; - /* Track of whether we've successfully sent at least one RCPT TO command */ + /* Track of whether we have successfully sent at least one RCPT TO command */ smtp->rcpt_had_ok = FALSE; - /* Track of the last error we've received by sending RCPT TO command */ + /* Track of the last error we have received by sending RCPT TO command */ smtp->rcpt_last_error = 0; /* Initial data character is the first character in line: it is implicitly @@ -1467,16 +1473,16 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, result = smtp_perform_command(data); if(result) - return result; + goto out; /* Run the state-machine */ result = smtp_multi_statemach(data, dophase_done); *connected = Curl_conn_is_connected(data->conn, FIRSTSOCKET); - if(*dophase_done) - DEBUGF(infof(data, "DO phase is complete")); - +out: + CURL_TRC_SMTP(data, "smtp_perform() -> %d, connected=%d, done=%d", + result, *connected, *dophase_done); return result; } @@ -1502,7 +1508,7 @@ static CURLcode smtp_do(struct Curl_easy *data, bool *done) return result; result = smtp_regular_transfer(data, done); - + CURL_TRC_SMTP(data, "smtp_do() -> %d, done=%d", result, *done); return result; } @@ -1537,6 +1543,7 @@ static CURLcode smtp_disconnect(struct Curl_easy *data, /* Cleanup our connection based variables */ Curl_safefree(smtpc->domain); + CURL_TRC_SMTP(data, "smtp_disconnect(), finished"); return CURLE_OK; } @@ -1550,7 +1557,7 @@ static CURLcode smtp_dophase_done(struct Curl_easy *data, bool connected) if(smtp->transfer != PPTRANSFER_BODY) /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); return CURLE_OK; } @@ -1568,6 +1575,7 @@ static CURLcode smtp_doing(struct Curl_easy *data, bool *dophase_done) DEBUGF(infof(data, "DO phase is complete")); } + CURL_TRC_SMTP(data, "smtp_doing() -> %d, done=%d", result, *dophase_done); return result; } @@ -1602,6 +1610,8 @@ static CURLcode smtp_regular_transfer(struct Curl_easy *data, if(!result && *dophase_done) result = smtp_dophase_done(data, connected); + CURL_TRC_SMTP(data, "smtp_regular_transfer() -> %d, done=%d", + result, *dophase_done); return result; } @@ -1615,10 +1625,8 @@ static CURLcode smtp_setup_connection(struct Curl_easy *data, /* Initialise the SMTP layer */ result = smtp_init(data); - if(result) - return result; - - return CURLE_OK; + CURL_TRC_SMTP(data, "smtp_setup_connection() -> %d", result); + return result; } /*********************************************************************** @@ -1708,7 +1716,7 @@ static CURLcode smtp_parse_custom_request(struct Curl_easy *data) * smtp_parse_address() * * Parse the fully qualified mailbox address into a local address part and the - * host name, converting the host name to an IDN A-label, as per RFC-5890, if + * hostname, converting the hostname to an IDN A-label, as per RFC-5890, if * necessary. * * Parameters: @@ -1719,8 +1727,8 @@ static CURLcode smtp_parse_custom_request(struct Curl_easy *data) * address [in/out] - A new allocated buffer which holds the local * address part of the mailbox. This buffer must be * free'ed by the caller. - * host [in/out] - The host name structure that holds the original, - * and optionally encoded, host name. + * host [in/out] - The hostname structure that holds the original, + * and optionally encoded, hostname. * Curl_free_idnconverted_hostname() must be called * once the caller has finished with the structure. * @@ -1728,14 +1736,14 @@ static CURLcode smtp_parse_custom_request(struct Curl_easy *data) * * Notes: * - * Should a UTF-8 host name require conversion to IDN ACE and we cannot honor + * Should a UTF-8 hostname require conversion to IDN ACE and we cannot honor * that conversion then we shall return success. This allow the caller to send * the data to the server as a U-label (as per RFC-6531 sect. 3.2). * * If an mailbox '@' separator cannot be located then the mailbox is considered * to be either a local mailbox or an invalid mailbox (depending on what the * calling function deems it to be) then the input will simply be returned in - * the address part with the host name being NULL. + * the address part with the hostname being NULL. */ static CURLcode smtp_parse_address(const char *fqma, char **address, struct hostname *host) @@ -1744,7 +1752,7 @@ static CURLcode smtp_parse_address(const char *fqma, char **address, size_t length; /* Duplicate the fully qualified email address so we can manipulate it, - ensuring it doesn't contain the delimiters if specified */ + ensuring it does not contain the delimiters if specified */ char *dup = strdup(fqma[0] == '<' ? fqma + 1 : fqma); if(!dup) return CURLE_OUT_OF_MEMORY; @@ -1755,17 +1763,17 @@ static CURLcode smtp_parse_address(const char *fqma, char **address, dup[length - 1] = '\0'; } - /* Extract the host name from the address (if we can) */ + /* Extract the hostname from the address (if we can) */ host->name = strpbrk(dup, "@"); if(host->name) { *host->name = '\0'; host->name = host->name + 1; - /* Attempt to convert the host name to IDN ACE */ + /* Attempt to convert the hostname to IDN ACE */ (void) Curl_idnconvert_hostname(host); /* If Curl_idnconvert_hostname() fails then we shall attempt to continue - and send the host name using UTF-8 rather than as 7-bit ACE (which is + and send the hostname using UTF-8 rather than as 7-bit ACE (which is our preference) */ } @@ -1925,6 +1933,7 @@ static const struct Curl_crtype cr_eob = { Curl_creader_def_resume_from, Curl_creader_def_rewind, Curl_creader_def_unpause, + Curl_creader_def_is_paused, Curl_creader_def_done, sizeof(struct cr_eob_ctx) }; diff --git a/vendor/hydra/vendor/curl/lib/socketpair.c b/vendor/hydra/vendor/curl/lib/socketpair.c index d7e3afd8..b14f5a5f 100644 --- a/vendor/hydra/vendor/curl/lib/socketpair.c +++ b/vendor/hydra/vendor/curl/lib/socketpair.c @@ -27,14 +27,31 @@ #include "urldata.h" #include "rand.h" -#if defined(HAVE_PIPE) && defined(HAVE_FCNTL) +#if defined(USE_EVENTFD) +#ifdef HAVE_SYS_EVENTFD_H +#include +#endif + +int Curl_eventfd(curl_socket_t socks[2], bool nonblocking) +{ + int efd = eventfd(0, nonblocking ? EFD_CLOEXEC | EFD_NONBLOCK : EFD_CLOEXEC); + if(efd == -1) { + socks[0] = socks[1] = CURL_SOCKET_BAD; + return -1; + } + socks[0] = socks[1] = efd; + return 0; +} +#elif defined(HAVE_PIPE) +#ifdef HAVE_FCNTL #include +#endif -int Curl_pipe(curl_socket_t socks[2]) +int Curl_pipe(curl_socket_t socks[2], bool nonblocking) { if(pipe(socks)) return -1; - +#ifdef HAVE_FCNTL if(fcntl(socks[0], F_SETFD, FD_CLOEXEC) || fcntl(socks[1], F_SETFD, FD_CLOEXEC) ) { close(socks[0]); @@ -42,13 +59,45 @@ int Curl_pipe(curl_socket_t socks[2]) socks[0] = socks[1] = CURL_SOCKET_BAD; return -1; } +#endif + if(nonblocking) { + if(curlx_nonblock(socks[0], TRUE) < 0 || + curlx_nonblock(socks[1], TRUE) < 0) { + close(socks[0]); + close(socks[1]); + socks[0] = socks[1] = CURL_SOCKET_BAD; + return -1; + } + } return 0; } #endif -#if !defined(HAVE_SOCKETPAIR) && !defined(CURL_DISABLE_SOCKETPAIR) +#ifndef CURL_DISABLE_SOCKETPAIR +#ifdef HAVE_SOCKETPAIR +int Curl_socketpair(int domain, int type, int protocol, + curl_socket_t socks[2], bool nonblocking) +{ +#ifdef SOCK_NONBLOCK + type = nonblocking ? type | SOCK_NONBLOCK : type; +#endif + if(socketpair(domain, type, protocol, socks)) + return -1; +#ifndef SOCK_NONBLOCK + if(nonblocking) { + if(curlx_nonblock(socks[0], TRUE) < 0 || + curlx_nonblock(socks[1], TRUE) < 0) { + close(socks[0]); + close(socks[1]); + return -1; + } + } +#endif + return 0; +} +#else /* !HAVE_SOCKETPAIR */ #ifdef _WIN32 /* * This is a socketpair() implementation for Windows. @@ -80,7 +129,7 @@ int Curl_pipe(curl_socket_t socks[2]) #include "memdebug.h" int Curl_socketpair(int domain, int type, int protocol, - curl_socket_t socks[2]) + curl_socket_t socks[2], bool nonblocking) { union { struct sockaddr_in inaddr; @@ -106,7 +155,7 @@ int Curl_socketpair(int domain, int type, int protocol, socks[0] = socks[1] = CURL_SOCKET_BAD; #if defined(_WIN32) || defined(__CYGWIN__) - /* don't set SO_REUSEADDR on Windows */ + /* do not set SO_REUSEADDR on Windows */ (void)reuse; #ifdef SO_EXCLUSIVEADDRUSE { @@ -134,7 +183,7 @@ int Curl_socketpair(int domain, int type, int protocol, if(connect(socks[0], &a.addr, sizeof(a.inaddr)) == -1) goto error; - /* use non-blocking accept to make sure we don't block forever */ + /* use non-blocking accept to make sure we do not block forever */ if(curlx_nonblock(listener, TRUE) < 0) goto error; pfd[0].fd = listener; @@ -168,7 +217,7 @@ int Curl_socketpair(int domain, int type, int protocol, nread = sread(socks[1], p, s); if(nread == -1) { int sockerr = SOCKERRNO; - /* Don't block forever */ + /* Do not block forever */ if(Curl_timediff(Curl_now(), start) > (60 * 1000)) goto error; if( @@ -198,6 +247,10 @@ int Curl_socketpair(int domain, int type, int protocol, } while(1); } + if(nonblocking) + if(curlx_nonblock(socks[0], TRUE) < 0 || + curlx_nonblock(socks[1], TRUE) < 0) + goto error; sclose(listener); return 0; @@ -207,5 +260,5 @@ int Curl_socketpair(int domain, int type, int protocol, sclose(socks[1]); return -1; } - -#endif /* ! HAVE_SOCKETPAIR */ +#endif +#endif /* !CURL_DISABLE_SOCKETPAIR */ diff --git a/vendor/hydra/vendor/curl/lib/socketpair.h b/vendor/hydra/vendor/curl/lib/socketpair.h index ddd44374..3044f112 100644 --- a/vendor/hydra/vendor/curl/lib/socketpair.h +++ b/vendor/hydra/vendor/curl/lib/socketpair.h @@ -26,21 +26,44 @@ #include "curl_setup.h" -#ifdef HAVE_PIPE +#if defined(HAVE_EVENTFD) && \ + defined(__x86_64__) && \ + defined(__aarch64__) && \ + defined(__ia64__) && \ + defined(__ppc64__) && \ + defined(__mips64) && \ + defined(__sparc64__) && \ + defined(__riscv_64e) && \ + defined(__s390x__) + +/* Use eventfd only with 64-bit CPU architectures because eventfd has a + * stringent rule of requiring the 8-byte buffer when calling read(2) and + * write(2) on it. In some rare cases, the C standard library implementation + * on a 32-bit system might choose to define uint64_t as a 32-bit type for + * various reasons (memory limitations, compatibility with older code), + * which makes eventfd broken. + */ +#define USE_EVENTFD 1 #define wakeup_write write #define wakeup_read read #define wakeup_close close -#define wakeup_create(p) Curl_pipe(p) +#define wakeup_create(p,nb) Curl_eventfd(p,nb) -#ifdef HAVE_FCNTL #include -int Curl_pipe(curl_socket_t socks[2]); -#else -#define Curl_pipe(p) pipe(p) -#endif +int Curl_eventfd(curl_socket_t socks[2], bool nonblocking); + +#elif defined(HAVE_PIPE) + +#define wakeup_write write +#define wakeup_read read +#define wakeup_close close +#define wakeup_create(p,nb) Curl_pipe(p,nb) + +#include +int Curl_pipe(curl_socket_t socks[2], bool nonblocking); -#else /* HAVE_PIPE */ +#else /* !USE_EVENTFD && !HAVE_PIPE */ #define wakeup_write swrite #define wakeup_read sread @@ -51,7 +74,7 @@ int Curl_pipe(curl_socket_t socks[2]); #elif !defined(HAVE_SOCKETPAIR) #define SOCKETPAIR_FAMILY 0 /* not used */ #else -#error "unsupported unix domain and socketpair build combo" +#error "unsupported Unix domain and socketpair build combo" #endif #ifdef SOCK_CLOEXEC @@ -60,19 +83,16 @@ int Curl_pipe(curl_socket_t socks[2]); #define SOCKETPAIR_TYPE SOCK_STREAM #endif -#define wakeup_create(p)\ -Curl_socketpair(SOCKETPAIR_FAMILY, SOCKETPAIR_TYPE, 0, p) - -#endif /* HAVE_PIPE */ +#define wakeup_create(p,nb)\ +Curl_socketpair(SOCKETPAIR_FAMILY, SOCKETPAIR_TYPE, 0, p, nb) +#endif /* USE_EVENTFD */ -#ifndef HAVE_SOCKETPAIR +#ifndef CURL_DISABLE_SOCKETPAIR #include int Curl_socketpair(int domain, int type, int protocol, - curl_socket_t socks[2]); -#else -#define Curl_socketpair(a,b,c,d) socketpair(a,b,c,d) + curl_socket_t socks[2], bool nonblocking); #endif #endif /* HEADER_CURL_SOCKETPAIR_H */ diff --git a/vendor/hydra/vendor/curl/lib/socks.c b/vendor/hydra/vendor/curl/lib/socks.c index 4ade4eb0..1f2b7b60 100644 --- a/vendor/hydra/vendor/curl/lib/socks.c +++ b/vendor/hydra/vendor/curl/lib/socks.c @@ -125,7 +125,7 @@ int Curl_blockread_all(struct Curl_cfilter *cf, } nread = Curl_conn_cf_recv(cf->next, data, buf, buffersize, &err); if(nread <= 0) { - result = err; + result = (int)err; if(CURLE_AGAIN == err) continue; if(err) { @@ -194,7 +194,7 @@ static void socksstate(struct socks_state *sx, struct Curl_easy *data, (void)data; if(oldstate == state) - /* don't bother when the new state is the same as the old state */ + /* do not bother when the new state is the same as the old state */ return; sx->state = state; @@ -217,7 +217,7 @@ static CURLproxycode socks_state_send(struct Curl_cfilter *cf, CURLcode result; nwritten = Curl_conn_cf_send(cf->next, data, (char *)sx->outp, - sx->outstanding, &result); + sx->outstanding, FALSE, &result); if(nwritten <= 0) { if(CURLE_AGAIN == result) { return CURLPX_OK; @@ -335,7 +335,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, goto CONNECT_RESOLVED; } - /* socks4a doesn't resolve anything locally */ + /* socks4a does not resolve anything locally */ sxstate(sx, data, CONNECT_REQ_INIT); goto CONNECT_REQ_INIT; @@ -365,7 +365,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, { struct Curl_addrinfo *hp = NULL; /* - * We cannot use 'hostent' as a struct that Curl_resolv() returns. It + * We cannot use 'hostent' as a struct that Curl_resolv() returns. It * returns a Curl_addrinfo pointer that may not always look the same. */ if(dns) { @@ -388,7 +388,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, infof(data, "SOCKS4 connect to IPv4 %s (locally resolved)", buf); - Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + Curl_resolv_unlink(data, &dns); /* not used anymore from now on */ } else failf(data, "SOCKS4 connection to %s not supported", sx->hostname); @@ -413,7 +413,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, /* there is no real size limit to this field in the protocol, but SOCKS5 limits the proxy user field to 255 bytes and it seems likely that a longer field is either a mistake or malicious input */ - failf(data, "Too long SOCKS proxy user name"); + failf(data, "Too long SOCKS proxy username"); return CURLPX_LONG_USER; } /* copy the proxy name WITH trailing zero */ @@ -440,7 +440,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, (packetsize + hostnamelen < sizeof(sx->buffer))) strcpy((char *)socksreq + packetsize, sx->hostname); else { - failf(data, "SOCKS4: too long host name"); + failf(data, "SOCKS4: too long hostname"); return CURLPX_LONG_HOSTNAME; } packetsize += hostnamelen; @@ -516,7 +516,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, break; case 91: failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + "cannot complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" ", request rejected or failed.", socksreq[4], socksreq[5], socksreq[6], socksreq[7], (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), @@ -524,7 +524,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, return CURLPX_REQUEST_FAILED; case 92: failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + "cannot complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" ", request rejected because SOCKS server cannot connect to " "identd on the client.", socksreq[4], socksreq[5], socksreq[6], socksreq[7], @@ -533,7 +533,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, return CURLPX_IDENTD; case 93: failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + "cannot complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" ", request rejected because the client program and identd " "report different user-ids.", socksreq[4], socksreq[5], socksreq[6], socksreq[7], @@ -542,7 +542,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, return CURLPX_IDENTD_DIFFER; default: failf(data, - "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" + "cannot complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)" ", Unknown.", socksreq[4], socksreq[5], socksreq[6], socksreq[7], (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]), @@ -562,7 +562,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, struct Curl_easy *data) { /* - According to the RFC1928, section "6. Replies". This is what a SOCK5 + According to the RFC1928, section "6. Replies". This is what a SOCK5 replies: +----+-----+-------+------+----------+----------+ @@ -714,7 +714,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, CONNECT_AUTH_INIT: case CONNECT_AUTH_INIT: { - /* Needs user name and password */ + /* Needs username and password */ size_t proxy_user_len, proxy_password_len; if(sx->proxy_user && sx->proxy_password) { proxy_user_len = strlen(sx->proxy_user); @@ -738,7 +738,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, if(sx->proxy_user && proxy_user_len) { /* the length must fit in a single byte */ if(proxy_user_len > 255) { - failf(data, "Excessive user name length for proxy auth"); + failf(data, "Excessive username length for proxy auth"); return CURLPX_LONG_USER; } memcpy(socksreq + len, sx->proxy_user, proxy_user_len); @@ -893,7 +893,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, failf(data, "SOCKS5 connection to %s not supported", dest); } - Curl_resolv_unlock(data, dns); /* not used anymore from now on */ + Curl_resolv_unlink(data, &dns); /* not used anymore from now on */ goto CONNECT_REQ_SEND; } CONNECT_RESOLVE_REMOTE: @@ -990,7 +990,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, else if(socksreq[1]) { /* Anything besides 0 is an error */ CURLproxycode rc = CURLPX_REPLY_UNASSIGNED; int code = socksreq[1]; - failf(data, "Can't complete SOCKS5 connection to %s. (%d)", + failf(data, "cannot complete SOCKS5 connection to %s. (%d)", sx->hostname, (unsigned char)socksreq[1]); if(code < 9) { /* RFC 1928 section 6 lists: */ @@ -1120,7 +1120,7 @@ static void socks_proxy_cf_free(struct Curl_cfilter *cf) } /* After a TCP connection to the proxy has been verified, this function does - the next magic steps. If 'done' isn't set TRUE, it is not done yet and + the next magic steps. If 'done' is not set TRUE, it is not done yet and must be called again. Note: this function's sub-functions call failf() @@ -1249,6 +1249,7 @@ struct Curl_cftype Curl_cft_socks_proxy = { socks_proxy_cf_destroy, socks_proxy_cf_connect, socks_proxy_cf_close, + Curl_cf_def_shutdown, socks_cf_get_host, socks_cf_adjust_pollset, Curl_cf_def_data_pending, diff --git a/vendor/hydra/vendor/curl/lib/socks_gssapi.c b/vendor/hydra/vendor/curl/lib/socks_gssapi.c index c0b42b87..f83db977 100644 --- a/vendor/hydra/vendor/curl/lib/socks_gssapi.c +++ b/vendor/hydra/vendor/curl/lib/socks_gssapi.c @@ -172,7 +172,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, (void)curlx_nonblock(sock, FALSE); - /* As long as we need to keep sending some context info, and there's no */ + /* As long as we need to keep sending some context info, and there is no */ /* errors, keep sending it... */ for(;;) { gss_major_status = Curl_gss_init_sec_context(data, @@ -201,10 +201,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(gss_send_token.length) { socksreq[0] = 1; /* GSS-API subnegotiation version */ socksreq[1] = 1; /* authentication message type */ - us_length = htons((short)gss_send_token.length); + us_length = htons((unsigned short)gss_send_token.length); memcpy(socksreq + 2, &us_length, sizeof(short)); - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, + FALSE, &code); if(code || (4 != nwritten)) { failf(data, "Failed to send GSS-API authentication request."); gss_release_name(&gss_status, &server); @@ -216,7 +217,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, nwritten = Curl_conn_cf_send(cf->next, data, (char *)gss_send_token.value, - gss_send_token.length, &code); + gss_send_token.length, FALSE, &code); if(code || ((ssize_t)gss_send_token.length != nwritten)) { failf(data, "Failed to send GSS-API authentication token."); gss_release_name(&gss_status, &server); @@ -306,7 +307,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, gss_minor_status, "gss_inquire_context")) { gss_delete_sec_context(&gss_status, &gss_context, NULL); gss_release_name(&gss_status, &gss_client_name); - failf(data, "Failed to determine user name."); + failf(data, "Failed to determine username."); return CURLE_COULDNT_CONNECT; } gss_major_status = gss_display_name(&gss_minor_status, gss_client_name, @@ -316,7 +317,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, gss_delete_sec_context(&gss_status, &gss_context, NULL); gss_release_name(&gss_status, &gss_client_name); gss_release_buffer(&gss_status, &gss_send_token); - failf(data, "Failed to determine user name."); + failf(data, "Failed to determine username."); return CURLE_COULDNT_CONNECT; } user = malloc(gss_send_token.length + 1); @@ -377,7 +378,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, * * The token is produced by encapsulating an octet containing the * required protection level using gss_seal()/gss_wrap() with conf_req - * set to FALSE. The token is verified using gss_unseal()/ + * set to FALSE. The token is verified using gss_unseal()/ * gss_unwrap(). * */ @@ -406,11 +407,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, } gss_release_buffer(&gss_status, &gss_send_token); - us_length = htons((short)gss_w_token.length); + us_length = htons((unsigned short)gss_w_token.length); memcpy(socksreq + 2, &us_length, sizeof(short)); } - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != nwritten)) { failf(data, "Failed to send GSS-API encryption request."); gss_release_buffer(&gss_status, &gss_w_token); @@ -420,7 +422,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(data->set.socks5_gssapi_nec) { memcpy(socksreq, &gss_enc, 1); - nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, FALSE, + &code); if(code || ( 1 != nwritten)) { failf(data, "Failed to send GSS-API encryption type."); gss_delete_sec_context(&gss_status, &gss_context, NULL); @@ -430,7 +433,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, else { nwritten = Curl_conn_cf_send(cf->next, data, (char *)gss_w_token.value, - gss_w_token.length, &code); + gss_w_token.length, FALSE, &code); if(code || ((ssize_t)gss_w_token.length != nwritten)) { failf(data, "Failed to send GSS-API encryption type."); gss_release_buffer(&gss_status, &gss_w_token); diff --git a/vendor/hydra/vendor/curl/lib/socks_sspi.c b/vendor/hydra/vendor/curl/lib/socks_sspi.c index 2baae2c2..a76d2618 100644 --- a/vendor/hydra/vendor/curl/lib/socks_sspi.c +++ b/vendor/hydra/vendor/curl/lib/socks_sspi.c @@ -139,7 +139,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, cred_handle.dwLower = 0; cred_handle.dwUpper = 0; - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT("Kerberos"), SECPKG_CRED_OUTBOUND, NULL, @@ -152,13 +152,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(check_sspi_err(data, status, "AcquireCredentialsHandle")) { failf(data, "Failed to acquire credentials."); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); return CURLE_COULDNT_CONNECT; } (void)curlx_nonblock(sock, FALSE); - /* As long as we need to keep sending some context info, and there's no */ + /* As long as we need to keep sending some context info, and there is no */ /* errors, keep sending it... */ for(;;) { TCHAR *sname; @@ -167,7 +167,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(!sname) return CURLE_OUT_OF_MEMORY; - status = s_pSecFn->InitializeSecurityContext(&cred_handle, + status = Curl_pSecFn->InitializeSecurityContext(&cred_handle, context_handle, sname, ISC_REQ_MUTUAL_AUTH | @@ -186,17 +186,17 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, curlx_unicodefree(sname); if(sspi_recv_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); sspi_recv_token.pvBuffer = NULL; sspi_recv_token.cbBuffer = 0; } if(check_sspi_err(data, status, "InitializeSecurityContext")) { free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); failf(data, "Failed to initialise security context."); return CURLE_COULDNT_CONNECT; } @@ -204,47 +204,48 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(sspi_send_token.cbBuffer) { socksreq[0] = 1; /* GSS-API subnegotiation version */ socksreq[1] = 1; /* authentication message type */ - us_length = htons((short)sspi_send_token.cbBuffer); + us_length = htons((unsigned short)sspi_send_token.cbBuffer); memcpy(socksreq + 2, &us_length, sizeof(short)); - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != written)) { failf(data, "Failed to send SSPI authentication request."); free(service_name); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } written = Curl_conn_cf_send(cf->next, data, (char *)sspi_send_token.pvBuffer, - sspi_send_token.cbBuffer, &code); + sspi_send_token.cbBuffer, FALSE, &code); if(code || (sspi_send_token.cbBuffer != (size_t)written)) { failf(data, "Failed to send SSPI authentication token."); free(service_name); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } } if(sspi_send_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); sspi_send_token.pvBuffer = NULL; } sspi_send_token.cbBuffer = 0; if(sspi_recv_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); sspi_recv_token.pvBuffer = NULL; } sspi_recv_token.cbBuffer = 0; @@ -266,8 +267,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(result || (actualread != 4)) { failf(data, "Failed to receive SSPI authentication response."); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -276,8 +277,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "User was rejected by the SOCKS5 server (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -285,8 +286,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Invalid SSPI authentication response type (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -298,8 +299,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(!sspi_recv_token.pvBuffer) { free(service_name); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } result = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer, @@ -309,9 +310,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Failed to receive SSPI authentication token."); free(service_name); if(sspi_recv_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); - s_pSecFn->FreeCredentialsHandle(&cred_handle); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -321,14 +322,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, free(service_name); /* Everything is good so far, user was authenticated! */ - status = s_pSecFn->QueryCredentialsAttributes(&cred_handle, + status = Curl_pSecFn->QueryCredentialsAttributes(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names); - s_pSecFn->FreeCredentialsHandle(&cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred_handle); if(check_sspi_err(data, status, "QueryCredentialAttributes")) { - s_pSecFn->DeleteSecurityContext(&sspi_context); - s_pSecFn->FreeContextBuffer(names.sUserName); - failf(data, "Failed to determine user name."); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(names.sUserName); + failf(data, "Failed to determine username."); return CURLE_COULDNT_CONNECT; } else { @@ -338,7 +339,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, (user_utf8 ? user_utf8 : "(unknown)")); curlx_unicodefree(user_utf8); #endif - s_pSecFn->FreeContextBuffer(names.sUserName); + Curl_pSecFn->FreeContextBuffer(names.sUserName); } /* Do encryption */ @@ -383,21 +384,21 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, * * The token is produced by encapsulating an octet containing the * required protection level using gss_seal()/gss_wrap() with conf_req - * set to FALSE. The token is verified using gss_unseal()/ + * set to FALSE. The token is verified using gss_unseal()/ * gss_unwrap(). * */ if(data->set.socks5_gssapi_nec) { - us_length = htons((short)1); + us_length = htons((unsigned short)1); memcpy(socksreq + 2, &us_length, sizeof(short)); } else { - status = s_pSecFn->QueryContextAttributes(&sspi_context, + status = Curl_pSecFn->QueryContextAttributes(&sspi_context, SECPKG_ATTR_SIZES, &sspi_sizes); if(check_sspi_err(data, status, "QueryContextAttributes")) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -407,15 +408,15 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[0].pvBuffer = malloc(sspi_sizes.cbSecurityTrailer); if(!sspi_w_token[0].pvBuffer) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } sspi_w_token[1].cbBuffer = 1; sspi_w_token[1].pvBuffer = malloc(1); if(!sspi_w_token[1].pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -424,20 +425,20 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[2].cbBuffer = sspi_sizes.cbBlockSize; sspi_w_token[2].pvBuffer = malloc(sspi_sizes.cbBlockSize); if(!sspi_w_token[2].pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } - status = s_pSecFn->EncryptMessage(&sspi_context, + status = Curl_pSecFn->EncryptMessage(&sspi_context, KERB_WRAP_NO_ENCRYPT, &wrap_desc, 0); if(check_sspi_err(data, status, "EncryptMessage")) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -446,10 +447,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, + sspi_w_token[2].cbBuffer; sspi_send_token.pvBuffer = malloc(sspi_send_token.cbBuffer); if(!sspi_send_token.pvBuffer) { - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -462,57 +463,59 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, + sspi_w_token[1].cbBuffer, sspi_w_token[2].pvBuffer, sspi_w_token[2].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); sspi_w_token[0].pvBuffer = NULL; sspi_w_token[0].cbBuffer = 0; - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); sspi_w_token[1].pvBuffer = NULL; sspi_w_token[1].cbBuffer = 0; - s_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[2].pvBuffer); sspi_w_token[2].pvBuffer = NULL; sspi_w_token[2].cbBuffer = 0; - us_length = htons((short)sspi_send_token.cbBuffer); + us_length = htons((unsigned short)sspi_send_token.cbBuffer); memcpy(socksreq + 2, &us_length, sizeof(short)); } - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, FALSE, + &code); if(code || (4 != written)) { failf(data, "Failed to send SSPI encryption request."); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(data->set.socks5_gssapi_nec) { memcpy(socksreq, &gss_enc, 1); - written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code); + written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, FALSE, + &code); if(code || (1 != written)) { failf(data, "Failed to send SSPI encryption type."); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } } else { written = Curl_conn_cf_send(cf->next, data, (char *)sspi_send_token.pvBuffer, - sspi_send_token.cbBuffer, &code); + sspi_send_token.cbBuffer, FALSE, &code); if(code || (sspi_send_token.cbBuffer != (size_t)written)) { failf(data, "Failed to send SSPI encryption type."); if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(sspi_send_token.pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer); } result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread); if(result || (actualread != 4)) { failf(data, "Failed to receive SSPI encryption response."); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -520,14 +523,14 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(socksreq[1] == 255) { /* status / message type */ failf(data, "User was rejected by the SOCKS5 server (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } if(socksreq[1] != 2) { /* status / message type */ failf(data, "Invalid SSPI encryption response type (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -537,7 +540,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[0].cbBuffer = us_length; sspi_w_token[0].pvBuffer = malloc(us_length); if(!sspi_w_token[0].pvBuffer) { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_OUT_OF_MEMORY; } @@ -546,8 +549,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(result || (actualread != us_length)) { failf(data, "Failed to receive SSPI encryption type."); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } @@ -559,17 +562,17 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, sspi_w_token[1].cbBuffer = 0; sspi_w_token[1].pvBuffer = NULL; - status = s_pSecFn->DecryptMessage(&sspi_context, + status = Curl_pSecFn->DecryptMessage(&sspi_context, &wrap_desc, 0, &qop); if(check_sspi_err(data, status, "DecryptMessage")) { if(sspi_w_token[0].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); if(sspi_w_token[1].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); failf(data, "Failed to query security context attributes."); return CURLE_COULDNT_CONNECT; } @@ -578,27 +581,27 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Invalid SSPI encryption response length (%lu).", (unsigned long)sspi_w_token[1].cbBuffer); if(sspi_w_token[0].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); if(sspi_w_token[1].pvBuffer) - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer); } else { if(sspi_w_token[0].cbBuffer != 1) { failf(data, "Invalid SSPI encryption response length (%lu).", (unsigned long)sspi_w_token[0].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); return CURLE_COULDNT_CONNECT; } memcpy(socksreq, sspi_w_token[0].pvBuffer, sspi_w_token[0].cbBuffer); - s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); + Curl_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer); } (void)curlx_nonblock(sock, TRUE); @@ -611,7 +614,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, if(socksreq[0] != 0) conn->socks5_sspi_context = sspi_context; else { - s_pSecFn->DeleteSecurityContext(&sspi_context); + Curl_pSecFn->DeleteSecurityContext(&sspi_context); conn->socks5_sspi_context = sspi_context; } */ diff --git a/vendor/hydra/vendor/curl/lib/splay.c b/vendor/hydra/vendor/curl/lib/splay.c index 48e079b3..5e27b08a 100644 --- a/vendor/hydra/vendor/curl/lib/splay.c +++ b/vendor/hydra/vendor/curl/lib/splay.c @@ -24,6 +24,7 @@ #include "curl_setup.h" +#include "timeval.h" #include "splay.h" /* @@ -33,7 +34,7 @@ * zero : when i is equal to j * positive when : when i is larger than j */ -#define compare(i,j) Curl_splaycomparekeys((i),(j)) +#define compare(i,j) Curl_timediff_us(i,j) /* * Splay using the key i (which may or may not be in the tree.) The starting @@ -45,12 +46,12 @@ struct Curl_tree *Curl_splay(struct curltime i, struct Curl_tree N, *l, *r, *y; if(!t) - return t; + return NULL; N.smaller = N.larger = NULL; l = r = &N; for(;;) { - long comp = compare(i, t->key); + timediff_t comp = compare(i, t->key); if(comp < 0) { if(!t->smaller) break; @@ -93,7 +94,7 @@ struct Curl_tree *Curl_splay(struct curltime i, return t; } -/* Insert key i into the tree t. Return a pointer to the resulting tree or +/* Insert key i into the tree t. Return a pointer to the resulting tree or * NULL if something went wrong. * * @unittest: 1309 @@ -106,11 +107,11 @@ struct Curl_tree *Curl_splayinsert(struct curltime i, ~0, -1 }; /* will *NEVER* appear */ - if(!node) - return t; + DEBUGASSERT(node); if(t) { t = Curl_splay(i, t); + DEBUGASSERT(t); if(compare(i, t->key) == 0) { /* There already exists a node in the tree with the very same key. Build a doubly-linked circular list of nodes. We add the new 'node' struct @@ -150,7 +151,7 @@ struct Curl_tree *Curl_splayinsert(struct curltime i, } /* Finds and deletes the best-fit node from the tree. Return a pointer to the - resulting tree. best-fit means the smallest node if it is not larger than + resulting tree. best-fit means the smallest node if it is not larger than the key */ struct Curl_tree *Curl_splaygetbest(struct curltime i, struct Curl_tree *t, @@ -166,6 +167,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i, /* find smallest */ t = Curl_splay(tv_zero, t); + DEBUGASSERT(t); if(compare(i, t->key) < 0) { /* even the smallest is too big */ *removed = NULL; @@ -197,13 +199,13 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i, } -/* Deletes the very node we point out from the tree if it's there. Stores a +/* Deletes the very node we point out from the tree if it is there. Stores a * pointer to the new resulting tree in 'newroot'. * * Returns zero on success and non-zero on errors! * When returning error, it does not touch the 'newroot' pointer. * - * NOTE: when the last node of the tree is removed, there's no tree left so + * NOTE: when the last node of the tree is removed, there is no tree left so * 'newroot' will be made to point to NULL. * * @unittest: 1309 @@ -217,9 +219,11 @@ int Curl_splayremove(struct Curl_tree *t, }; /* will *NEVER* appear */ struct Curl_tree *x; - if(!t || !removenode) + if(!t) return 1; + DEBUGASSERT(removenode); + if(compare(KEY_NOTUSED, removenode->key) == 0) { /* Key set to NOTUSED means it is a subnode within a 'same' linked list and thus we can unlink it easily. */ @@ -238,10 +242,11 @@ int Curl_splayremove(struct Curl_tree *t, } t = Curl_splay(removenode->key, t); + DEBUGASSERT(t); /* First make sure that we got the same root node as the one we want to remove, as otherwise we might be trying to remove a node that - isn't actually in the tree. + is not actually in the tree. We cannot just compare the keys here as a double remove in quick succession of a node with key != KEY_NOTUSED && same != NULL @@ -249,7 +254,7 @@ int Curl_splayremove(struct Curl_tree *t, if(t != removenode) return 2; - /* Check if there is a list with identical sizes, as then we're trying to + /* Check if there is a list with identical sizes, as then we are trying to remove the root node of a list of nodes with identical keys. */ x = t->samen; if(x != t) { @@ -268,6 +273,7 @@ int Curl_splayremove(struct Curl_tree *t, x = t->larger; else { x = Curl_splay(removenode->key, t->smaller); + DEBUGASSERT(x); x->larger = t->larger; } } @@ -276,3 +282,16 @@ int Curl_splayremove(struct Curl_tree *t, return 0; } + +/* set and get the custom payload for this tree node */ +void Curl_splayset(struct Curl_tree *node, void *payload) +{ + DEBUGASSERT(node); + node->ptr = payload; +} + +void *Curl_splayget(struct Curl_tree *node) +{ + DEBUGASSERT(node); + return node->ptr; +} diff --git a/vendor/hydra/vendor/curl/lib/splay.h b/vendor/hydra/vendor/curl/lib/splay.h index dd1d07ac..b8c9360e 100644 --- a/vendor/hydra/vendor/curl/lib/splay.h +++ b/vendor/hydra/vendor/curl/lib/splay.h @@ -26,13 +26,14 @@ #include "curl_setup.h" #include "timeval.h" +/* only use function calls to access this struct */ struct Curl_tree { struct Curl_tree *smaller; /* smaller node */ struct Curl_tree *larger; /* larger node */ struct Curl_tree *samen; /* points to the next node with identical key */ struct Curl_tree *samep; /* points to the prev node with identical key */ - struct curltime key; /* this node's "sort" key */ - void *payload; /* data the splay code doesn't care about */ + struct curltime key; /* this node's "sort" key */ + void *ptr; /* data the splay code does not care about */ }; struct Curl_tree *Curl_splay(struct curltime i, @@ -50,9 +51,8 @@ int Curl_splayremove(struct Curl_tree *t, struct Curl_tree *removenode, struct Curl_tree **newroot); -#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \ - ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \ - ( ((i.tv_usec) < (j.tv_usec)) ? -1 : \ - ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0)))) +/* set and get the custom payload for this tree node */ +void Curl_splayset(struct Curl_tree *node, void *payload); +void *Curl_splayget(struct Curl_tree *node); #endif /* HEADER_CURL_SPLAY_H */ diff --git a/vendor/hydra/vendor/curl/lib/strcase.c b/vendor/hydra/vendor/curl/lib/strcase.c index 14d76f78..b22dd31f 100644 --- a/vendor/hydra/vendor/curl/lib/strcase.c +++ b/vendor/hydra/vendor/curl/lib/strcase.c @@ -93,12 +93,12 @@ static int casecompare(const char *first, const char *second) { while(*first && *second) { if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) - /* get out of the loop as soon as they don't match */ + /* get out of the loop as soon as they do not match */ return 0; first++; second++; } - /* If we're here either the strings are the same or the length is different. + /* If we are here either the strings are the same or the length is different. We can just test if the "current" character is non-zero for one and zero for the other. Note that the characters may not be exactly the same even if they match, we only want to compare zero-ness. */ @@ -141,8 +141,8 @@ int curl_strnequal(const char *first, const char *second, size_t max) /* if both pointers are NULL then treat them as equal if max is non-zero */ return (NULL == first && NULL == second && max); } -/* Copy an upper case version of the string from src to dest. The - * strings may overlap. No more than n characters of the string are copied +/* Copy an upper case version of the string from src to dest. The + * strings may overlap. No more than n characters of the string are copied * (including any NUL) and the destination string will NOT be * NUL-terminated if that limit is reached. */ @@ -156,8 +156,8 @@ void Curl_strntoupper(char *dest, const char *src, size_t n) } while(*src++ && --n); } -/* Copy a lower case version of the string from src to dest. The - * strings may overlap. No more than n characters of the string are copied +/* Copy a lower case version of the string from src to dest. The + * strings may overlap. No more than n characters of the string are copied * (including any NUL) and the destination string will NOT be * NUL-terminated if that limit is reached. */ diff --git a/vendor/hydra/vendor/curl/lib/strerror.c b/vendor/hydra/vendor/curl/lib/strerror.c index f142cf18..76a8ba2d 100644 --- a/vendor/hydra/vendor/curl/lib/strerror.c +++ b/vendor/hydra/vendor/curl/lib/strerror.c @@ -74,13 +74,13 @@ curl_easy_strerror(CURLcode error) " this libcurl due to a build-time decision."; case CURLE_COULDNT_RESOLVE_PROXY: - return "Couldn't resolve proxy name"; + return "Could not resolve proxy name"; case CURLE_COULDNT_RESOLVE_HOST: - return "Couldn't resolve host name"; + return "Could not resolve hostname"; case CURLE_COULDNT_CONNECT: - return "Couldn't connect to server"; + return "Could not connect to server"; case CURLE_WEIRD_SERVER_REPLY: return "Weird server reply"; @@ -107,19 +107,19 @@ curl_easy_strerror(CURLcode error) return "FTP: unknown 227 response format"; case CURLE_FTP_CANT_GET_HOST: - return "FTP: can't figure out the host in the PASV response"; + return "FTP: cannot figure out the host in the PASV response"; case CURLE_HTTP2: return "Error in the HTTP2 framing layer"; case CURLE_FTP_COULDNT_SET_TYPE: - return "FTP: couldn't set file type"; + return "FTP: could not set file type"; case CURLE_PARTIAL_FILE: return "Transferred a partial file"; case CURLE_FTP_COULDNT_RETR_FILE: - return "FTP: couldn't retrieve (RETR failed) the specified file"; + return "FTP: could not retrieve (RETR failed) the specified file"; case CURLE_QUOTE_ERROR: return "Quote command returned error"; @@ -158,10 +158,10 @@ curl_easy_strerror(CURLcode error) return "SSL connect error"; case CURLE_BAD_DOWNLOAD_RESUME: - return "Couldn't resume download"; + return "Could not resume download"; case CURLE_FILE_COULDNT_READ_FILE: - return "Couldn't read a file:// file"; + return "Could not read a file:// file"; case CURLE_LDAP_CANNOT_BIND: return "LDAP: cannot bind"; @@ -212,7 +212,7 @@ curl_easy_strerror(CURLcode error) return "Problem with the local SSL certificate"; case CURLE_SSL_CIPHER: - return "Couldn't use specified SSL cipher"; + return "Could not use specified SSL cipher"; case CURLE_PEER_FAILED_VERIFICATION: return "SSL peer certificate or SSH remote key was not OK"; @@ -345,16 +345,15 @@ curl_easy_strerror(CURLcode error) /* * By using a switch, gcc -Wall will complain about enum values * which do not appear, helping keep this function up-to-date. - * By using gcc -Wall -Werror, you can't forget. + * By using gcc -Wall -Werror, you cannot forget. * - * A table would not have the same benefit. Most compilers will - * generate code very similar to a table in any case, so there - * is little performance gain from a table. And something is broken - * for the user's application, anyways, so does it matter how fast - * it _doesn't_ work? + * A table would not have the same benefit. Most compilers will generate + * code very similar to a table in any case, so there is little performance + * gain from a table. Something is broken for the user's application, + * anyways, so does it matter how fast it _does not_ work? * - * The line number for the error will be near this comment, which - * is why it is here, and not at the start of the switch. + * The line number for the error will be near this comment, which is why it + * is here, and not at the start of the switch. */ return "Unknown error"; #else @@ -795,7 +794,7 @@ get_winapi_error(int err, char *buf, size_t buflen) expect the local codepage (eg fprintf, failf, infof). FormatMessageW -> wcstombs is used for Windows CE compatibility. */ if(FormatMessageW((FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS), NULL, err, + FORMAT_MESSAGE_IGNORE_INSERTS), NULL, (DWORD)err, LANG_NEUTRAL, wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL)) { size_t written = wcstombs(buf, wbuf, buflen - 1); if(written != (size_t)-1) @@ -823,9 +822,9 @@ get_winapi_error(int err, char *buf, size_t buflen) * The 'err' argument passed in to this function MUST be a true errno number * as reported on this system. We do no range checking on the number before * we pass it to the "number-to-message" conversion function and there might - * be systems that don't do proper range checking in there themselves. + * be systems that do not do proper range checking in there themselves. * - * We don't do range checking (on systems other than Windows) since there is + * We do not do range checking (on systems other than Windows) since there is * no good reliable and portable way to do it. * * On Windows different types of error codes overlap. This function has an @@ -865,7 +864,7 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) #ifdef USE_WINSOCK !get_winsock_error(err, buf, buflen) && #endif - !get_winapi_error((DWORD)err, buf, buflen)) + !get_winapi_error(err, buf, buflen)) msnprintf(buf, buflen, "Unknown error %d (%#x)", err, err); } #else /* not Windows coming up */ @@ -944,7 +943,7 @@ const char *Curl_winapi_strerror(DWORD err, char *buf, size_t buflen) *buf = '\0'; #ifndef CURL_DISABLE_VERBOSE_STRINGS - if(!get_winapi_error(err, buf, buflen)) { + if(!get_winapi_error((int)err, buf, buflen)) { msnprintf(buf, buflen, "Unknown error %lu (0x%08lX)", err, err); } #else diff --git a/vendor/hydra/vendor/curl/lib/strtok.c b/vendor/hydra/vendor/curl/lib/strtok.c index d8e1e818..d2cc71c4 100644 --- a/vendor/hydra/vendor/curl/lib/strtok.c +++ b/vendor/hydra/vendor/curl/lib/strtok.c @@ -65,4 +65,4 @@ Curl_strtok_r(char *ptr, const char *sep, char **end) return NULL; } -#endif /* this was only compiled if strtok_r wasn't present */ +#endif /* this was only compiled if strtok_r was not present */ diff --git a/vendor/hydra/vendor/curl/lib/strtoofft.c b/vendor/hydra/vendor/curl/lib/strtoofft.c index 580fd23b..f1c7ba27 100644 --- a/vendor/hydra/vendor/curl/lib/strtoofft.c +++ b/vendor/hydra/vendor/curl/lib/strtoofft.c @@ -31,7 +31,7 @@ * NOTE: * * In the ISO C standard (IEEE Std 1003.1), there is a strtoimax() function we - * could use in case strtoll() doesn't exist... See + * could use in case strtoll() does not exist... See * https://www.opengroup.org/onlinepubs/009695399/functions/strtoimax.html */ @@ -73,7 +73,7 @@ static const char valchars[] = static int get_char(char c, int base); /** - * Custom version of the strtooff function. This extracts a curl_off_t + * Custom version of the strtooff function. This extracts a curl_off_t * value from the given input string and returns it. */ static curl_off_t strtooff(const char *nptr, char **endptr, int base) @@ -120,8 +120,8 @@ static curl_off_t strtooff(const char *nptr, char **endptr, int base) } } - /* Matching strtol, if the base is 0 and it doesn't look like - * the number is octal or hex, we assume it's base 10. + /* Matching strtol, if the base is 0 and it does not look like + * the number is octal or hex, we assume it is base 10. */ if(base == 0) { base = 10; @@ -168,7 +168,7 @@ static curl_off_t strtooff(const char *nptr, char **endptr, int base) * @param c the character to interpret according to base * @param base the base in which to interpret c * - * @return the value of c in base, or -1 if c isn't in range + * @return the value of c in base, or -1 if c is not in range */ static int get_char(char c, int base) { @@ -204,10 +204,10 @@ static int get_char(char c, int base) return value; } -#endif /* Only present if we need strtoll, but don't have it. */ +#endif /* Only present if we need strtoll, but do not have it. */ /* - * Parse a *positive* up to 64 bit number written in ascii. + * Parse a *positive* up to 64-bit number written in ASCII. */ CURLofft curlx_strtoofft(const char *str, char **endp, int base, curl_off_t *num) @@ -222,7 +222,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base, str++; if(('-' == *str) || (ISSPACE(*str))) { if(endp) - *endp = (char *)str; /* didn't actually move */ + *endp = (char *)str; /* did not actually move */ return CURL_OFFT_INVAL; /* nothing parsed */ } number = strtooff(str, &end, base); diff --git a/vendor/hydra/vendor/curl/lib/strtoofft.h b/vendor/hydra/vendor/curl/lib/strtoofft.h index 34d293ba..71808b71 100644 --- a/vendor/hydra/vendor/curl/lib/strtoofft.h +++ b/vendor/hydra/vendor/curl/lib/strtoofft.h @@ -30,7 +30,7 @@ * Determine which string to integral data type conversion function we use * to implement string conversion to our curl_off_t integral data type. * - * Notice that curl_off_t might be 64 or 32 bit wide, and that it might use + * Notice that curl_off_t might be 64 or 32 bits wide, and that it might use * an underlying data type which might be 'long', 'int64_t', 'long long' or * '__int64' and more remotely other data types. * diff --git a/vendor/hydra/vendor/curl/lib/system_win32.c b/vendor/hydra/vendor/curl/lib/system_win32.c index d2862de9..f4dbe031 100644 --- a/vendor/hydra/vendor/curl/lib/system_win32.c +++ b/vendor/hydra/vendor/curl/lib/system_win32.c @@ -38,25 +38,18 @@ LARGE_INTEGER Curl_freq; bool Curl_isVistaOrGreater; -bool Curl_isWindows8OrGreater; /* Handle of iphlpapp.dll */ static HMODULE s_hIpHlpApiDll = NULL; -/* Function pointers */ +/* Pointer to the if_nametoindex function */ IF_NAMETOINDEX_FN Curl_if_nametoindex = NULL; -FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW = NULL; -GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel = NULL; -GETADDRINFOEXW_FN Curl_GetAddrInfoExW = NULL; -/* Curl_win32_init() performs win32 global initialization */ +/* Curl_win32_init() performs Win32 global initialization */ CURLcode Curl_win32_init(long flags) { -#ifdef USE_WINSOCK - HMODULE ws2_32Dll; -#endif /* CURL_GLOBAL_WIN32 controls the *optional* part of the initialization which - is just for Winsock at the moment. Any required win32 initialization + is just for Winsock at the moment. Any required Win32 initialization should take place after this block. */ if(flags & CURL_GLOBAL_WIN32) { #ifdef USE_WINSOCK @@ -68,7 +61,7 @@ CURLcode Curl_win32_init(long flags) res = WSAStartup(wVersionRequested, &wsaData); if(res) - /* Tell the user that we couldn't find a usable */ + /* Tell the user that we could not find a usable */ /* winsock.dll. */ return CURLE_FAILED_INIT; @@ -80,7 +73,7 @@ CURLcode Curl_win32_init(long flags) if(LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) || HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested) ) { - /* Tell the user that we couldn't find a usable */ + /* Tell the user that we could not find a usable */ /* winsock.dll. */ WSACleanup(); @@ -111,18 +104,6 @@ CURLcode Curl_win32_init(long flags) Curl_if_nametoindex = pIfNameToIndex; } -#ifdef USE_WINSOCK - ws2_32Dll = GetModuleHandleA("ws2_32"); - if(ws2_32Dll) { - Curl_FreeAddrInfoExW = CURLX_FUNCTION_CAST(FREEADDRINFOEXW_FN, - GetProcAddress(ws2_32Dll, "FreeAddrInfoExW")); - Curl_GetAddrInfoExCancel = CURLX_FUNCTION_CAST(GETADDRINFOEXCANCEL_FN, - GetProcAddress(ws2_32Dll, "GetAddrInfoExCancel")); - Curl_GetAddrInfoExW = CURLX_FUNCTION_CAST(GETADDRINFOEXW_FN, - GetProcAddress(ws2_32Dll, "GetAddrInfoExW")); - } -#endif - /* curlx_verify_windows_version must be called during init at least once because it has its own initialization routine. */ if(curlx_verify_windows_version(6, 0, 0, PLATFORM_WINNT, @@ -132,13 +113,6 @@ CURLcode Curl_win32_init(long flags) else Curl_isVistaOrGreater = FALSE; - if(curlx_verify_windows_version(6, 2, 0, PLATFORM_WINNT, - VERSION_GREATER_THAN_EQUAL)) { - Curl_isWindows8OrGreater = TRUE; - } - else - Curl_isWindows8OrGreater = FALSE; - QueryPerformanceFrequency(&Curl_freq); return CURLE_OK; } @@ -146,9 +120,6 @@ CURLcode Curl_win32_init(long flags) /* Curl_win32_cleanup() is the opposite of Curl_win32_init() */ void Curl_win32_cleanup(long init_flags) { - Curl_FreeAddrInfoExW = NULL; - Curl_GetAddrInfoExCancel = NULL; - Curl_GetAddrInfoExW = NULL; if(s_hIpHlpApiDll) { FreeLibrary(s_hIpHlpApiDll); s_hIpHlpApiDll = NULL; @@ -208,7 +179,7 @@ HMODULE Curl_load_library(LPCTSTR filename) HMODULE hModule = NULL; LOADLIBRARYEX_FN pLoadLibraryEx = NULL; - /* Get a handle to kernel32 so we can access it's functions at runtime */ + /* Get a handle to kernel32 so we can access its functions at runtime */ HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32")); if(!hKernel32) return NULL; @@ -219,7 +190,7 @@ HMODULE Curl_load_library(LPCTSTR filename) CURLX_FUNCTION_CAST(LOADLIBRARYEX_FN, (GetProcAddress(hKernel32, LOADLIBARYEX))); - /* Detect if there's already a path in the filename and load the library if + /* Detect if there is already a path in the filename and load the library if there is. Note: Both back slashes and forward slashes have been supported since the earlier days of DOS at an API level although they are not supported by command prompt */ @@ -261,7 +232,7 @@ HMODULE Curl_load_library(LPCTSTR filename) } return hModule; #else - /* the Universal Windows Platform (UWP) can't do this */ + /* the Universal Windows Platform (UWP) cannot do this */ (void)filename; return NULL; #endif diff --git a/vendor/hydra/vendor/curl/lib/system_win32.h b/vendor/hydra/vendor/curl/lib/system_win32.h index bd490cab..024d959f 100644 --- a/vendor/hydra/vendor/curl/lib/system_win32.h +++ b/vendor/hydra/vendor/curl/lib/system_win32.h @@ -26,11 +26,12 @@ #include "curl_setup.h" -#ifdef _WIN32 +#if defined(_WIN32) + +#include extern LARGE_INTEGER Curl_freq; extern bool Curl_isVistaOrGreater; -extern bool Curl_isWindows8OrGreater; CURLcode Curl_win32_init(long flags); void Curl_win32_cleanup(long init_flags); @@ -41,33 +42,6 @@ typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); /* This is used instead of if_nametoindex if available on Windows */ extern IF_NAMETOINDEX_FN Curl_if_nametoindex; -/* Identical copy of addrinfoexW/ADDRINFOEXW */ -typedef struct addrinfoexW_ -{ - int ai_flags; - int ai_family; - int ai_socktype; - int ai_protocol; - size_t ai_addrlen; - PWSTR ai_canonname; - struct sockaddr *ai_addr; - void *ai_blob; - size_t ai_bloblen; - LPGUID ai_provider; - struct addrinfoexW_ *ai_next; -} ADDRINFOEXW_; - -typedef void (CALLBACK *LOOKUP_COMPLETION_FN)(DWORD, DWORD, LPWSAOVERLAPPED); -typedef void (WSAAPI *FREEADDRINFOEXW_FN)(ADDRINFOEXW_*); -typedef int (WSAAPI *GETADDRINFOEXCANCEL_FN)(LPHANDLE); -typedef int (WSAAPI *GETADDRINFOEXW_FN)(PCWSTR, PCWSTR, DWORD, LPGUID, - const ADDRINFOEXW_*, ADDRINFOEXW_**, struct timeval*, LPOVERLAPPED, - LOOKUP_COMPLETION_FN, LPHANDLE); - -extern FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW; -extern GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel; -extern GETADDRINFOEXW_FN Curl_GetAddrInfoExW; - /* This is used to dynamically load DLLs */ HMODULE Curl_load_library(LPCTSTR filename); #else /* _WIN32 */ diff --git a/vendor/hydra/vendor/curl/lib/telnet.c b/vendor/hydra/vendor/curl/lib/telnet.c index 227a166f..8cd19b1b 100644 --- a/vendor/hydra/vendor/curl/lib/telnet.c +++ b/vendor/hydra/vendor/curl/lib/telnet.c @@ -798,12 +798,12 @@ static CURLcode check_telnet_options(struct Curl_easy *data) struct TELNET *tn = data->req.p.telnet; CURLcode result = CURLE_OK; - /* Add the user name as an environment variable if it + /* Add the username as an environment variable if it was given on the command line */ if(data->state.aptr.user) { char buffer[256]; if(str_is_nonascii(data->conn->user)) { - DEBUGF(infof(data, "set a non ASCII user name in telnet")); + DEBUGF(infof(data, "set a non ASCII username in telnet")); return CURLE_BAD_FUNCTION_ARGUMENT; } msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user); @@ -1191,12 +1191,12 @@ CURLcode telrcv(struct Curl_easy *data, if(c != CURL_SE) { if(c != CURL_IAC) { /* - * This is an error. We only expect to get "IAC IAC" or "IAC SE". - * Several things may have happened. An IAC was not doubled, the + * This is an error. We only expect to get "IAC IAC" or "IAC SE". + * Several things may have happened. An IAC was not doubled, the * IAC SE was left off, or another option got inserted into the - * suboption are all possibilities. If we assume that the IAC was + * suboption are all possibilities. If we assume that the IAC was * not doubled, and really the IAC SE was left off, we could get - * into an infinite loop here. So, instead, we terminate the + * into an infinite loop here. So, instead, we terminate the * suboption, and process the partial suboption if we can. */ CURL_SB_ACCUM(tn, CURL_IAC); @@ -1276,7 +1276,7 @@ static CURLcode send_telnet_data(struct Curl_easy *data, default: /* write! */ bytes_written = 0; result = Curl_xfer_send(data, outbuf + total_written, - outlen - total_written, &bytes_written); + outlen - total_written, FALSE, &bytes_written); total_written += bytes_written; break; } @@ -1342,7 +1342,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) #ifdef USE_WINSOCK /* We want to wait for both stdin and the socket. Since - ** the select() function in winsock only works on sockets + ** the select() function in Winsock only works on sockets ** we have to use the WaitForMultipleObjects() call. */ @@ -1353,7 +1353,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) return CURLE_FAILED_INIT; } - /* Tell winsock what events we want to listen to */ + /* Tell Winsock what events we want to listen to */ if(WSAEventSelect(sockfd, event_handle, FD_READ|FD_CLOSE) == SOCKET_ERROR) { WSACloseEvent(event_handle); return CURLE_OK; @@ -1370,7 +1370,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) else use the old WaitForMultipleObjects() way */ if(GetFileType(stdin_handle) == FILE_TYPE_PIPE || data->set.is_fread_set) { - /* Don't wait for stdin_handle, just wait for event_handle */ + /* Do not wait for stdin_handle, just wait for event_handle */ obj_count = 1; /* Check stdin_handle per 100 milliseconds */ wait_timeout = 100; @@ -1470,7 +1470,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) if(events.lNetworkEvents & FD_READ) { /* read data from network */ result = Curl_xfer_recv(data, buffer, sizeof(buffer), &nread); - /* read would've blocked. Loop again */ + /* read would have blocked. Loop again */ if(result == CURLE_AGAIN) break; /* returned not-zero, this an error */ @@ -1492,7 +1492,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } /* Negotiate if the peer has started negotiating, - otherwise don't. We don't want to speak telnet with + otherwise do not. We do not want to speak telnet with non-telnet servers, like POP or SMTP. */ if(tn->please_negotiate && !tn->already_negotiated) { negotiate(data); @@ -1544,7 +1544,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) while(keepon) { DEBUGF(infof(data, "telnet_do, poll %d fds", poll_cnt)); - switch(Curl_poll(pfd, poll_cnt, interval_ms)) { + switch(Curl_poll(pfd, (unsigned int)poll_cnt, interval_ms)) { case -1: /* error, stop reading */ keepon = FALSE; continue; @@ -1556,7 +1556,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) if(pfd[0].revents & POLLIN) { /* read data from network */ result = Curl_xfer_recv(data, buffer, sizeof(buffer), &nread); - /* read would've blocked. Loop again */ + /* read would have blocked. Loop again */ if(result == CURLE_AGAIN) break; /* returned not-zero, this an error */ @@ -1588,7 +1588,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } /* Negotiate if the peer has started negotiating, - otherwise don't. We don't want to speak telnet with + otherwise do not. We do not want to speak telnet with non-telnet servers, like POP or SMTP. */ if(tn->please_negotiate && !tn->already_negotiated) { negotiate(data); @@ -1645,7 +1645,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } #endif /* mark this as "no further transfer wanted" */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); return result; } diff --git a/vendor/hydra/vendor/curl/lib/tftp.c b/vendor/hydra/vendor/curl/lib/tftp.c index 310a0fab..dbae202d 100644 --- a/vendor/hydra/vendor/curl/lib/tftp.c +++ b/vendor/hydra/vendor/curl/lib/tftp.c @@ -240,12 +240,11 @@ static CURLcode tftp_set_timeouts(struct tftp_state_data *state) state->retry_time = 1; infof(state->data, - "set timeouts for state %d; Total % " CURL_FORMAT_CURL_OFF_T - ", retry %d maxtry %d", + "set timeouts for state %d; Total % " FMT_OFF_T ", retry %d maxtry %d", (int)state->state, timeout_ms, state->retry_time, state->retry_max); /* init RX time */ - time(&state->rx_time); + state->rx_time = time(NULL); return CURLE_OK; } @@ -315,7 +314,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, const char *tmp = ptr; struct Curl_easy *data = state->data; - /* if OACK doesn't contain blksize option, the default (512) must be used */ + /* if OACK does not contain blksize option, the default (512) must be used */ state->blksize = TFTP_BLKSIZE_DEFAULT; while(tmp < ptr + len) { @@ -349,7 +348,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, return CURLE_TFTP_ILLEGAL; } else if(blksize > state->requested_blksize) { - /* could realloc pkt buffers here, but the spec doesn't call out + /* could realloc pkt buffers here, but the spec does not call out * support for the server requesting a bigger blksize than the client * requests */ failf(data, "%s (%ld)", @@ -434,7 +433,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, struct Curl_easy *data = state->data; CURLcode result = CURLE_OK; - /* Set ascii mode if -B flag was used */ + /* Set ASCII mode if -B flag was used */ if(data->state.prefer_ascii) mode = "netascii"; @@ -461,7 +460,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, setpacketevent(&state->spacket, TFTP_EVENT_RRQ); } /* As RFC3617 describes the separator slash is not actually part of the - file name so we skip the always-present first letter of the path + filename so we skip the always-present first letter of the path string. */ result = Curl_urldecode(&state->data->state.up.path[1], 0, &filename, NULL, REJECT_ZERO); @@ -469,9 +468,9 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, return result; if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { - failf(data, "TFTP file name too long"); + failf(data, "TFTP filename too long"); free(filename); - return CURLE_TFTP_ILLEGAL; /* too long file name field */ + return CURLE_TFTP_ILLEGAL; /* too long filename field */ } msnprintf((char *)state->spacket.data + 2, @@ -484,7 +483,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, char buf[64]; /* add tsize option */ if(data->state.upload && (data->state.infilesize != -1)) - msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, + msnprintf(buf, sizeof(buf), "%" FMT_OFF_T, data->state.infilesize); else strcpy(buf, "0"); /* the destination is large enough */ @@ -528,7 +527,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, senddata = sendto(state->sockfd, (void *)state->spacket.data, (SEND_TYPE_ARG3)sbytes, 0, &data->conn->remote_addr->sa_addr, - data->conn->remote_addr->addrlen); + (curl_socklen_t)data->conn->remote_addr->addrlen); if(senddata != (ssize_t)sbytes) { char buffer[STRERROR_LEN]; failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer))); @@ -590,7 +589,7 @@ static CURLcode tftp_rx(struct tftp_state_data *state, /* Is this the block we expect? */ rblock = getrpacketblock(&state->rpacket); if(NEXT_BLOCKNUM(state->block) == rblock) { - /* This is the expected block. Reset counters and ACK it. */ + /* This is the expected block. Reset counters and ACK it. */ state->retries = 0; } else if(state->block == rblock) { @@ -626,7 +625,7 @@ static CURLcode tftp_rx(struct tftp_state_data *state, else { state->state = TFTP_STATE_RX; } - time(&state->rx_time); + state->rx_time = time(NULL); break; case TFTP_EVENT_OACK: @@ -644,16 +643,16 @@ static CURLcode tftp_rx(struct tftp_state_data *state, return CURLE_SEND_ERROR; } - /* we're ready to RX data */ + /* we are ready to RX data */ state->state = TFTP_STATE_RX; - time(&state->rx_time); + state->rx_time = time(NULL); break; case TFTP_EVENT_TIMEOUT: /* Increment the retry count and fail if over the limit */ state->retries++; infof(data, - "Timeout waiting for block %d ACK. Retries = %d", + "Timeout waiting for block %d ACK. Retries = %d", NEXT_BLOCKNUM(state->block), state->retries); if(state->retries > state->retry_max) { state->error = TFTP_ERR_TIMEOUT; @@ -679,8 +678,8 @@ static CURLcode tftp_rx(struct tftp_state_data *state, 4, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); - /* don't bother with the return code, but if the socket is still up we - * should be a good TFTP client and let the server know we're done */ + /* do not bother with the return code, but if the socket is still up we + * should be a good TFTP client and let the server know we are done */ state->state = TFTP_STATE_FIN; break; @@ -719,13 +718,13 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) int rblock = getrpacketblock(&state->rpacket); if(rblock != state->block && - /* There's a bug in tftpd-hpa that causes it to send us an ack for - * 65535 when the block number wraps to 0. So when we're expecting + /* There is a bug in tftpd-hpa that causes it to send us an ack for + * 65535 when the block number wraps to 0. So when we are expecting * 0, also accept 65535. See * https://www.syslinux.org/archives/2010-September/015612.html * */ !(state->block == 0 && rblock == 65535)) { - /* This isn't the expected block. Log it and up the retry counter */ + /* This is not the expected block. Log it and up the retry counter */ infof(data, "Received ACK for block %d, expecting %d", rblock, state->block); state->retries++; @@ -738,7 +737,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) else { /* Re-send the data packet */ sbytes = sendto(state->sockfd, (void *)state->spacket.data, - 4 + state->sbytes, SEND_4TH_ARG, + 4 + (SEND_TYPE_ARG3)state->sbytes, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ @@ -751,9 +750,9 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) return result; } - /* This is the expected packet. Reset the counters and send the next + /* This is the expected packet. Reset the counters and send the next block */ - time(&state->rx_time); + state->rx_time = time(NULL); state->block++; } else @@ -783,7 +782,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) } while(state->sbytes < state->blksize && cb); sbytes = sendto(state->sockfd, (void *) state->spacket.data, - 4 + state->sbytes, SEND_4TH_ARG, + 4 + (SEND_TYPE_ARG3)state->sbytes, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ @@ -801,7 +800,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) state->retries++; infof(data, "Timeout waiting for block %d ACK. " " Retries = %d", NEXT_BLOCKNUM(state->block), state->retries); - /* Decide if we've had enough */ + /* Decide if we have had enough */ if(state->retries > state->retry_max) { state->error = TFTP_ERR_TIMEOUT; state->state = TFTP_STATE_FIN; @@ -809,7 +808,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) else { /* Re-send the data packet */ sbytes = sendto(state->sockfd, (void *)state->spacket.data, - 4 + state->sbytes, SEND_4TH_ARG, + 4 + (SEND_TYPE_ARG3)state->sbytes, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); /* Check all sbytes were sent */ @@ -829,8 +828,8 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) (void)sendto(state->sockfd, (void *)state->spacket.data, 4, SEND_4TH_ARG, (struct sockaddr *)&state->remote_addr, state->remote_addrlen); - /* don't bother with the return code, but if the socket is still up we - * should be a good TFTP client and let the server know we're done */ + /* do not bother with the return code, but if the socket is still up we + * should be a good TFTP client and let the server know we are done */ state->state = TFTP_STATE_FIN; break; @@ -1001,7 +1000,7 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done) return CURLE_OUT_OF_MEMORY; } - /* we don't keep TFTP connections up basically because there's none or very + /* we do not keep TFTP connections up basically because there is none or very * little gain for UDP */ connclose(conn, "TFTP"); @@ -1032,7 +1031,7 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done) * IPv4 and IPv6... */ int rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr, - conn->remote_addr->addrlen); + (curl_socklen_t)conn->remote_addr->addrlen); if(rc) { char buffer[STRERROR_LEN]; failf(data, "bind() failed; %s", @@ -1110,7 +1109,7 @@ static CURLcode tftp_receive_packet(struct Curl_easy *data) fromlen = sizeof(fromaddr); state->rbytes = (int)recvfrom(state->sockfd, (void *)state->rpacket.data, - state->blksize + 4, + (RECV_TYPE_ARG3)state->blksize + 4, 0, (struct sockaddr *)&fromaddr, &fromlen); @@ -1132,7 +1131,7 @@ static CURLcode tftp_receive_packet(struct Curl_easy *data) switch(state->event) { case TFTP_EVENT_DATA: - /* Don't pass to the client empty or retransmitted packets */ + /* Do not pass to the client empty or retransmitted packets */ if(state->rbytes > 4 && (NEXT_BLOCKNUM(state->block) == getrpacketblock(&state->rpacket))) { result = Curl_client_write(data, CLIENTWRITE_BODY, @@ -1208,7 +1207,7 @@ static timediff_t tftp_state_timeout(struct Curl_easy *data, if(current > state->rx_time + state->retry_time) { if(event) *event = TFTP_EVENT_TIMEOUT; - time(&state->rx_time); /* update even though we received nothing */ + state->rx_time = time(NULL); /* update even though we received nothing */ } return timeout_ms; @@ -1241,8 +1240,8 @@ static CURLcode tftp_multi_statemach(struct Curl_easy *data, bool *done) return result; *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE; if(*done) - /* Tell curl we're done */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + /* Tell curl we are done */ + Curl_xfer_setup_nop(data); } else { /* no timeouts to handle, check our socket */ @@ -1264,8 +1263,8 @@ static CURLcode tftp_multi_statemach(struct Curl_easy *data, bool *done) return result; *done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE; if(*done) - /* Tell curl we're done */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + /* Tell curl we are done */ + Curl_xfer_setup_nop(data); } /* if rc == 0, then select() timed out */ } @@ -1289,7 +1288,7 @@ static CURLcode tftp_doing(struct Curl_easy *data, bool *dophase_done) DEBUGF(infof(data, "DO phase is complete")); } else if(!result) { - /* The multi code doesn't have this logic for the DOING state so we + /* The multi code does not have this logic for the DOING state so we provide it for TFTP since it may do the entire transfer in this state. */ if(Curl_pgrsUpdate(data)) @@ -1376,7 +1375,7 @@ static CURLcode tftp_setup_connection(struct Curl_easy *data, conn->transport = TRNSPRT_UDP; /* TFTP URLs support an extension like ";mode=" that - * we'll try to get now! */ + * we will try to get now! */ type = strstr(data->state.up.path, ";mode="); if(!type) diff --git a/vendor/hydra/vendor/curl/lib/timediff.h b/vendor/hydra/vendor/curl/lib/timediff.h index fb318d4f..75f996c5 100644 --- a/vendor/hydra/vendor/curl/lib/timediff.h +++ b/vendor/hydra/vendor/curl/lib/timediff.h @@ -26,10 +26,10 @@ #include "curl_setup.h" -/* Use a larger type even for 32 bit time_t systems so that we can keep +/* Use a larger type even for 32-bit time_t systems so that we can keep microsecond accuracy in it */ typedef curl_off_t timediff_t; -#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T +#define FMT_TIMEDIFF_T FMT_OFF_T #define TIMEDIFF_T_MAX CURL_OFF_T_MAX #define TIMEDIFF_T_MIN CURL_OFF_T_MIN diff --git a/vendor/hydra/vendor/curl/lib/timeval.c b/vendor/hydra/vendor/curl/lib/timeval.c index 5a6727cb..bb29bfdf 100644 --- a/vendor/hydra/vendor/curl/lib/timeval.c +++ b/vendor/hydra/vendor/curl/lib/timeval.c @@ -51,8 +51,8 @@ struct curltime Curl_now(void) #pragma warning(pop) #endif - now.tv_sec = milliseconds / 1000; - now.tv_usec = (milliseconds % 1000) * 1000; + now.tv_sec = (time_t)(milliseconds / 1000); + now.tv_usec = (int)((milliseconds % 1000) * 1000); } return now; } @@ -77,7 +77,7 @@ struct curltime Curl_now(void) /* ** clock_gettime() may be defined by Apple's SDK as weak symbol thus - ** code compiles but fails during run-time if clock_gettime() is + ** code compiles but fails during runtime if clock_gettime() is ** called on unsupported OS version. */ #if defined(__APPLE__) && defined(HAVE_BUILTIN_AVAILABLE) && \ @@ -95,7 +95,7 @@ struct curltime Curl_now(void) #endif (0 == clock_gettime(CLOCK_MONOTONIC_RAW, &tsnow))) { cnow.tv_sec = tsnow.tv_sec; - cnow.tv_usec = (unsigned int)(tsnow.tv_nsec / 1000); + cnow.tv_usec = (int)(tsnow.tv_nsec / 1000); } else #endif @@ -107,18 +107,18 @@ struct curltime Curl_now(void) #endif (0 == clock_gettime(CLOCK_MONOTONIC, &tsnow))) { cnow.tv_sec = tsnow.tv_sec; - cnow.tv_usec = (unsigned int)(tsnow.tv_nsec / 1000); + cnow.tv_usec = (int)(tsnow.tv_nsec / 1000); } /* ** Even when the configure process has truly detected monotonic clock ** availability, it might happen that it is not actually available at - ** run-time. When this occurs simply fallback to other time source. + ** runtime. When this occurs simply fallback to other time source. */ #ifdef HAVE_GETTIMEOFDAY else { (void)gettimeofday(&now, NULL); cnow.tv_sec = now.tv_sec; - cnow.tv_usec = (unsigned int)now.tv_usec; + cnow.tv_usec = (int)now.tv_usec; } #else else { @@ -137,7 +137,7 @@ struct curltime Curl_now(void) struct curltime Curl_now(void) { /* - ** Monotonic timer on Mac OS is provided by mach_absolute_time(), which + ** Monotonic timer on macOS is provided by mach_absolute_time(), which ** returns time in Mach "absolute time units," which are platform-dependent. ** To convert to nanoseconds, one must use conversion factors specified by ** mach_timebase_info(). diff --git a/vendor/hydra/vendor/curl/lib/transfer.c b/vendor/hydra/vendor/curl/lib/transfer.c index 744227eb..b6600544 100644 --- a/vendor/hydra/vendor/curl/lib/transfer.c +++ b/vendor/hydra/vendor/curl/lib/transfer.c @@ -53,7 +53,7 @@ #endif #ifndef HAVE_SOCKET -#error "We can't compile without socket() support!" +#error "We cannot compile without socket() support!" #endif #include "urldata.h" @@ -160,6 +160,42 @@ bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc) return TRUE; } +static CURLcode xfer_recv_shutdown(struct Curl_easy *data, bool *done) +{ + int sockindex; + + if(!data || !data->conn) + return CURLE_FAILED_INIT; + if(data->conn->sockfd == CURL_SOCKET_BAD) + return CURLE_FAILED_INIT; + sockindex = (data->conn->sockfd == data->conn->sock[SECONDARYSOCKET]); + return Curl_conn_shutdown(data, sockindex, done); +} + +static bool xfer_recv_shutdown_started(struct Curl_easy *data) +{ + int sockindex; + + if(!data || !data->conn) + return CURLE_FAILED_INIT; + if(data->conn->sockfd == CURL_SOCKET_BAD) + return CURLE_FAILED_INIT; + sockindex = (data->conn->sockfd == data->conn->sock[SECONDARYSOCKET]); + return Curl_shutdown_started(data, sockindex); +} + +CURLcode Curl_xfer_send_shutdown(struct Curl_easy *data, bool *done) +{ + int sockindex; + + if(!data || !data->conn) + return CURLE_FAILED_INIT; + if(data->conn->writesockfd == CURL_SOCKET_BAD) + return CURLE_FAILED_INIT; + sockindex = (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET]); + return Curl_conn_shutdown(data, sockindex, done); +} + /** * Receive raw response data for the transfer. * @param data the transfer @@ -186,17 +222,35 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, else if(totalleft < (curl_off_t)blen) blen = (size_t)totalleft; } + else if(xfer_recv_shutdown_started(data)) { + /* we already reveived everything. Do not try more. */ + blen = 0; + } if(!blen) { - /* want nothing - continue as if read nothing. */ - DEBUGF(infof(data, "readwrite_data: we're done")); + /* want nothing more */ *err = CURLE_OK; - return 0; + nread = 0; + } + else { + *err = Curl_xfer_recv(data, buf, blen, &nread); } - *err = Curl_xfer_recv(data, buf, blen, &nread); if(*err) return -1; + if(nread == 0) { + if(data->req.shutdown) { + bool done; + *err = xfer_recv_shutdown(data, &done); + if(*err) + return -1; + if(!done) { + *err = CURLE_AGAIN; + return -1; + } + } + DEBUGF(infof(data, "sendrecv_dl: we are done")); + } DEBUGASSERT(nread >= 0); return nread; } @@ -206,9 +260,9 @@ static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, * the stream was rewound (in which case we have data in a * buffer) */ -static CURLcode readwrite_data(struct Curl_easy *data, - struct SingleRequest *k, - int *didwhat) +static CURLcode sendrecv_dl(struct Curl_easy *data, + struct SingleRequest *k, + int *didwhat) { struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; @@ -239,24 +293,31 @@ static CURLcode readwrite_data(struct Curl_easy *data, buf = xfer_buf; bytestoread = xfer_blen; - if(bytestoread && data->set.max_recv_speed) { + if(bytestoread && data->set.max_recv_speed > 0) { /* In case of speed limit on receiving: if this loop already got * data, break out. If not, limit the amount of bytes to receive. * The overall, timed, speed limiting is done in multi.c */ if(total_received) break; - if((size_t)data->set.max_recv_speed < bytestoread) + if(data->set.max_recv_speed < (curl_off_t)bytestoread) bytestoread = (size_t)data->set.max_recv_speed; } nread = Curl_xfer_recv_resp(data, buf, bytestoread, is_multiplex, &result); if(nread < 0) { - if(CURLE_AGAIN == result) { - result = CURLE_OK; - break; /* get out of loop */ + if(CURLE_AGAIN != result) + goto out; /* real error */ + result = CURLE_OK; + if(data->req.download_done && data->req.no_body && + !data->req.resp_trailer) { + DEBUGF(infof(data, "EAGAIN, download done, no trailer announced, " + "not waiting for EOS")); + nread = 0; + /* continue as if we read the EOS */ } - goto out; /* real error */ + else + break; /* get out of loop */ } /* We only get a 0-length read on EndOfStream */ @@ -271,7 +332,9 @@ static CURLcode readwrite_data(struct Curl_easy *data, DEBUGF(infof(data, "nread == 0, stream closed, bailing")); else DEBUGF(infof(data, "nread <= 0, server closed connection, bailing")); - k->keepon &= ~(KEEP_RECV|KEEP_SEND); /* stop sending as well */ + result = Curl_req_stop_send_recv(data); + if(result) + goto out; if(k->eos_written) /* already did write this to client, leave */ break; } @@ -291,10 +354,11 @@ static CURLcode readwrite_data(struct Curl_easy *data, if((k->keepon & KEEP_RECV_PAUSE) || !(k->keepon & KEEP_RECV)) break; - } while(maxloops-- && data_pending(data)); + } while(maxloops--); - if(maxloops <= 0) { - /* did not read until EAGAIN, mark read-again-please */ + if((maxloops <= 0) || data_pending(data)) { + /* did not read until EAGAIN or there is still pending data, mark as + read-again-please */ data->state.select_bits = CURL_CSELECT_IN; if((k->keepon & KEEP_SENDBITS) == KEEP_SEND) data->state.select_bits |= CURL_CSELECT_OUT; @@ -302,55 +366,25 @@ static CURLcode readwrite_data(struct Curl_easy *data, if(((k->keepon & (KEEP_RECV|KEEP_SEND)) == KEEP_SEND) && (conn->bits.close || is_multiplex)) { - /* When we've read the entire thing and the close bit is set, the server - may now close the connection. If there's now any kind of sending going + /* When we have read the entire thing and the close bit is set, the server + may now close the connection. If there is now any kind of sending going on from our side, we need to stop that immediately. */ infof(data, "we are done reading and this is set to close, stop send"); - k->keepon &= ~KEEP_SEND; /* no writing anymore either */ - k->keepon &= ~KEEP_SEND_PAUSE; /* no pausing anymore either */ + Curl_req_abort_sending(data); } out: Curl_multi_xfer_buf_release(data, xfer_buf); if(result) - DEBUGF(infof(data, "readwrite_data() -> %d", result)); + DEBUGF(infof(data, "sendrecv_dl() -> %d", result)); return result; } -#if defined(_WIN32) && defined(USE_WINSOCK) -#ifndef SIO_IDEAL_SEND_BACKLOG_QUERY -#define SIO_IDEAL_SEND_BACKLOG_QUERY 0x4004747B -#endif - -static void win_update_buffer_size(curl_socket_t sockfd) -{ - int result; - ULONG ideal; - DWORD ideallen; - result = WSAIoctl(sockfd, SIO_IDEAL_SEND_BACKLOG_QUERY, 0, 0, - &ideal, sizeof(ideal), &ideallen, 0, 0); - if(result == 0) { - setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, - (const char *)&ideal, sizeof(ideal)); - } -} -#else -#define win_update_buffer_size(x) -#endif - -#define curl_upload_refill_watermark(data) \ - ((size_t)((data)->set.upload_buffer_size >> 5)) - /* * Send data to upload to the server, when the socket is writable. */ -static CURLcode readwrite_upload(struct Curl_easy *data, int *didwhat) +static CURLcode sendrecv_ul(struct Curl_easy *data, int *didwhat) { - CURLcode result = CURLE_OK; - - if((data->req.keepon & KEEP_SEND_PAUSE)) - return CURLE_OK; - /* We should not get here when the sending is already done. It * probably means that someone set `data-req.keepon |= KEEP_SEND` * when it should not. */ @@ -358,23 +392,9 @@ static CURLcode readwrite_upload(struct Curl_easy *data, int *didwhat) if(!Curl_req_done_sending(data)) { *didwhat |= KEEP_SEND; - result = Curl_req_send_more(data); - if(result) - return result; - -#if defined(_WIN32) && defined(USE_WINSOCK) - /* FIXME: this looks like it would fit better into cf-socket.c - * but then I do not know enough Windows to say... */ - { - struct curltime n = Curl_now(); - if(Curl_timediff(n, data->conn->last_sndbuf_update) > 1000) { - win_update_buffer_size(data->conn->writesockfd); - data->conn->last_sndbuf_update = n; - } - } -#endif + return Curl_req_send_more(data); } - return result; + return CURLE_OK; } static int select_bits_paused(struct Curl_easy *data, int select_bits) @@ -396,84 +416,46 @@ static int select_bits_paused(struct Curl_easy *data, int select_bits) } /* - * Curl_readwrite() is the low-level function to be called when data is to + * Curl_sendrecv() is the low-level function to be called when data is to * be read and written to/from the connection. */ -CURLcode Curl_readwrite(struct Curl_easy *data) +CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) { - struct connectdata *conn = data->conn; struct SingleRequest *k = &data->req; - CURLcode result; - struct curltime now; + CURLcode result = CURLE_OK; int didwhat = 0; - int select_bits; - - /* Check if client writes had been paused and can resume now. */ - if(!(k->keepon & KEEP_RECV_PAUSE) && Curl_cwriter_is_paused(data)) { - Curl_conn_ev_data_pause(data, FALSE); - result = Curl_cwriter_unpause(data); - if(result) - goto out; - } + DEBUGASSERT(nowp); if(data->state.select_bits) { if(select_bits_paused(data, data->state.select_bits)) { /* leave the bits unchanged, so they'll tell us what to do when * this transfer gets unpaused. */ - DEBUGF(infof(data, "readwrite, select_bits, early return on PAUSED")); result = CURLE_OK; goto out; } - select_bits = data->state.select_bits; data->state.select_bits = 0; } - else { - curl_socket_t fd_read; - curl_socket_t fd_write; - /* only use the proper socket if the *_HOLD bit is not set simultaneously - as then we are in rate limiting state in that transfer direction */ - if((k->keepon & KEEP_RECVBITS) == KEEP_RECV) - fd_read = conn->sockfd; - else - fd_read = CURL_SOCKET_BAD; - - if((k->keepon & KEEP_SENDBITS) == KEEP_SEND) - fd_write = conn->writesockfd; - else - fd_write = CURL_SOCKET_BAD; - - select_bits = Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, 0); - } - - if(select_bits == CURL_CSELECT_ERR) { - failf(data, "select/poll returned error"); - result = CURLE_SEND_ERROR; - goto out; - } #ifdef USE_HYPER - if(conn->datastream) { - result = conn->datastream(data, conn, &didwhat, select_bits); + if(data->conn->datastream) { + result = data->conn->datastream(data, data->conn, &didwhat, + CURL_CSELECT_OUT|CURL_CSELECT_IN); if(result || data->req.done) goto out; } else { #endif - /* We go ahead and do a read if we have a readable socket or if - the stream was rewound (in which case we have data in a - buffer) */ - if((k->keepon & KEEP_RECV) && (select_bits & CURL_CSELECT_IN)) { - result = readwrite_data(data, k, &didwhat); + /* We go ahead and do a read if we have a readable socket or if the stream + was rewound (in which case we have data in a buffer) */ + if(k->keepon & KEEP_RECV) { + result = sendrecv_dl(data, k, &didwhat); if(result || data->req.done) goto out; } /* If we still have writing to do, we check if we have a writable socket. */ - if(((k->keepon & KEEP_SEND) && (select_bits & CURL_CSELECT_OUT)) || - (k->keepon & KEEP_SEND_TIMED)) { - /* write */ - - result = readwrite_upload(data, &didwhat); + if(Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) { + result = sendrecv_ul(data, &didwhat); if(result) goto out; } @@ -481,8 +463,8 @@ CURLcode Curl_readwrite(struct Curl_easy *data) } #endif - now = Curl_now(); if(!didwhat) { + /* Transfer wanted to send/recv, but nothing was possible. */ result = Curl_conn_ev_data_idle(data); if(result) goto out; @@ -491,23 +473,23 @@ CURLcode Curl_readwrite(struct Curl_easy *data) if(Curl_pgrsUpdate(data)) result = CURLE_ABORTED_BY_CALLBACK; else - result = Curl_speedcheck(data, now); + result = Curl_speedcheck(data, *nowp); if(result) goto out; if(k->keepon) { - if(0 > Curl_timeleft(data, &now, FALSE)) { + if(0 > Curl_timeleft(data, nowp, FALSE)) { if(k->size != -1) { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %" - CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_timediff(now, data->progress.t_startsingle), + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " out of %" + FMT_OFF_T " bytes received", + Curl_timediff(*nowp, data->progress.t_startsingle), k->bytecount, k->size); } else { - failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T - " milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received", - Curl_timediff(now, data->progress.t_startsingle), + failf(data, "Operation timed out after %" FMT_TIMEDIFF_T + " milliseconds with %" FMT_OFF_T " bytes received", + Curl_timediff(*nowp, data->progress.t_startsingle), k->bytecount); } result = CURLE_OPERATION_TIMEDOUT; @@ -520,16 +502,8 @@ CURLcode Curl_readwrite(struct Curl_easy *data) * returning. */ if(!(data->req.no_body) && (k->size != -1) && - (k->bytecount != k->size) && -#ifdef CURL_DO_LINEEND_CONV - /* Most FTP servers don't adjust their file SIZE response for CRLFs, - so we'll check to see if the discrepancy can be explained - by the number of CRLFs we've changed to LFs. - */ - (k->bytecount != (k->size + data->state.crlf_conversions)) && -#endif /* CURL_DO_LINEEND_CONV */ - !k->newurl) { - failf(data, "transfer closed with %" CURL_FORMAT_CURL_OFF_T + (k->bytecount != k->size) && !k->newurl) { + failf(data, "transfer closed with %" FMT_OFF_T " bytes remaining to read", k->size - k->bytecount); result = CURLE_PARTIAL_FILE; goto out; @@ -546,7 +520,7 @@ CURLcode Curl_readwrite(struct Curl_easy *data) out: if(result) - DEBUGF(infof(data, "Curl_readwrite() -> %d", result)); + DEBUGF(infof(data, "Curl_sendrecv() -> %d", result)); return result; } @@ -569,7 +543,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) CURLcode result; if(!data->state.url && !data->set.uh) { - /* we can't do anything without URL */ + /* we cannot do anything without URL */ failf(data, "No URL set"); return CURLE_URL_MALFORMAT; } @@ -593,7 +567,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) } if(data->set.postfields && data->set.set_resume_from) { - /* we can't */ + /* we cannot */ failf(data, "cannot mix POSTFIELDS with RESUME_FROM"); return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -695,7 +669,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) /* * Set user-agent. Used for HTTP, but since we can attempt to tunnel - * basically anything through an HTTP proxy we can't limit this based on + * basically anything through an HTTP proxy we cannot limit this based on * protocol. */ if(data->set.str[STRING_USERAGENT]) { @@ -726,22 +700,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) return result; } -/* - * Curl_posttransfer() is called immediately after a transfer ends - */ -CURLcode Curl_posttransfer(struct Curl_easy *data) -{ -#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL) - /* restore the signal handler for SIGPIPE before we get back */ - if(!data->set.no_signal) - signal(SIGPIPE, data->state.prev_signal); -#else - (void)data; /* unused parameter */ -#endif - - return CURLE_OK; -} - /* * Curl_follow() handles the URL redirect magic. Pass in the 'newurl' string * as given by the remote server and set up the new URL to request. @@ -823,16 +781,16 @@ CURLcode Curl_follow(struct Curl_easy *data, (data->req.httpcode != 401) && (data->req.httpcode != 407) && Curl_is_absolute_url(newurl, NULL, 0, FALSE)) { /* If this is not redirect due to a 401 or 407 response and an absolute - URL: don't allow a custom port number */ + URL: do not allow a custom port number */ disallowport = TRUE; } DEBUGASSERT(data->state.uh); - uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl, - (type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : - ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) | - CURLU_ALLOW_SPACE | - (data->set.path_as_is ? CURLU_PATH_AS_IS : 0)); + uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl, (unsigned int) + ((type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : + ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) | + CURLU_ALLOW_SPACE | + (data->set.path_as_is ? CURLU_PATH_AS_IS : 0))); if(uc) { if(type != FOLLOW_FAKE) { failf(data, "The redirect target URL could not be parsed: %s", @@ -901,8 +859,8 @@ CURLcode Curl_follow(struct Curl_easy *data, } if(type == FOLLOW_FAKE) { - /* we're only figuring out the new url if we would've followed locations - but now we're done so we can get out! */ + /* we are only figuring out the new URL if we would have followed locations + but now we are done so we can get out! */ data->info.wouldredirect = newurl; if(reachedmax) { @@ -939,15 +897,15 @@ CURLcode Curl_follow(struct Curl_easy *data, /* 306 - Not used */ /* 307 - Temporary Redirect */ default: /* for all above (and the unknown ones) */ - /* Some codes are explicitly mentioned since I've checked RFC2616 and they - * seem to be OK to POST to. + /* Some codes are explicitly mentioned since I have checked RFC2616 and + * they seem to be OK to POST to. */ break; case 301: /* Moved Permanently */ /* (quote from RFC7231, section 6.4.2) * * Note: For historical reasons, a user agent MAY change the request - * method from POST to GET for the subsequent request. If this + * method from POST to GET for the subsequent request. If this * behavior is undesired, the 307 (Temporary Redirect) status code * can be used instead. * @@ -973,7 +931,7 @@ CURLcode Curl_follow(struct Curl_easy *data, /* (quote from RFC7231, section 6.4.3) * * Note: For historical reasons, a user agent MAY change the request - * method from POST to GET for the subsequent request. If this + * method from POST to GET for the subsequent request. If this * behavior is undesired, the 307 (Temporary Redirect) status code * can be used instead. * @@ -1014,14 +972,14 @@ CURLcode Curl_follow(struct Curl_easy *data, break; case 304: /* Not Modified */ /* 304 means we did a conditional request and it was "Not modified". - * We shouldn't get any Location: header in this response! + * We should not get any Location: header in this response! */ break; case 305: /* Use Proxy */ /* (quote from RFC2616, section 10.3.6): * "The requested resource MUST be accessed through the proxy given * by the Location field. The Location field gives the URI of the - * proxy. The recipient is expected to repeat this single request + * proxy. The recipient is expected to repeat this single request * via the proxy. 305 responses MUST only be generated by origin * servers." */ @@ -1043,8 +1001,9 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url) bool retry = FALSE; *url = NULL; - /* if we're talking upload, we can't do the checks below, unless the protocol - is HTTP as when uploading over HTTP we will still get a response */ + /* if we are talking upload, we cannot do the checks below, unless the + protocol is HTTP as when uploading over HTTP we will still get a + response */ if(data->state.upload && !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) return CURLE_OK; @@ -1090,7 +1049,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url) return CURLE_OUT_OF_MEMORY; connclose(conn, "retry"); /* close this connection */ - conn->bits.retry = TRUE; /* mark this as a connection we're about + conn->bits.retry = TRUE; /* mark this as a connection we are about to retry. Marking it this way should prevent i.e HTTP transfers to return error just because nothing has been @@ -1101,16 +1060,17 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url) } /* - * Curl_xfer_setup() is called to setup some basic properties for the - * upcoming transfer. + * xfer_setup() is called to setup basic properties for the transfer. */ -void Curl_xfer_setup( +static void xfer_setup( struct Curl_easy *data, /* transfer */ int sockindex, /* socket index to read from or -1 */ curl_off_t size, /* -1 if unknown at this point */ bool getheader, /* TRUE if header parsing is wanted */ - int writesockindex /* socket index to write to, it may very well be + int writesockindex, /* socket index to write to, it may very well be the same we read from. -1 disables */ + bool shutdown /* shutdown connection at transfer end. Only + * supported when sending OR receiving. */ ) { struct SingleRequest *k = &data->req; @@ -1120,6 +1080,7 @@ void Curl_xfer_setup( DEBUGASSERT(conn != NULL); DEBUGASSERT((sockindex <= 1) && (sockindex >= -1)); DEBUGASSERT((writesockindex <= 1) && (writesockindex >= -1)); + DEBUGASSERT(!shutdown || (sockindex == -1) || (writesockindex == -1)); if(conn->bits.multiplex || conn->httpversion >= 20 || want_send) { /* when multiplexing, the read/write sockets need to be the same! */ @@ -1137,9 +1098,10 @@ void Curl_xfer_setup( conn->writesockfd = writesockindex == -1 ? CURL_SOCKET_BAD:conn->sock[writesockindex]; } - k->getheader = getheader; + k->getheader = getheader; k->size = size; + k->shutdown = shutdown; /* The code sequence below is placed in this function just because all necessary input is not always known in do_complete() as this function may @@ -1150,7 +1112,7 @@ void Curl_xfer_setup( if(size > 0) Curl_pgrsSetDownloadSize(data, size); } - /* we want header and/or body, if neither then don't do this! */ + /* we want header and/or body, if neither then do not do this! */ if(k->getheader || !data->req.no_body) { if(sockindex != -1) @@ -1162,6 +1124,33 @@ void Curl_xfer_setup( } +void Curl_xfer_setup_nop(struct Curl_easy *data) +{ + xfer_setup(data, -1, -1, FALSE, -1, FALSE); +} + +void Curl_xfer_setup1(struct Curl_easy *data, + int send_recv, + curl_off_t recv_size, + bool getheader) +{ + int recv_index = (send_recv & CURL_XFER_RECV)? FIRSTSOCKET : -1; + int send_index = (send_recv & CURL_XFER_SEND)? FIRSTSOCKET : -1; + DEBUGASSERT((recv_index >= 0) || (recv_size == -1)); + xfer_setup(data, recv_index, recv_size, getheader, send_index, FALSE); +} + +void Curl_xfer_setup2(struct Curl_easy *data, + int send_recv, + curl_off_t recv_size, + bool shutdown) +{ + int recv_index = (send_recv & CURL_XFER_RECV)? SECONDARYSOCKET : -1; + int send_index = (send_recv & CURL_XFER_SEND)? SECONDARYSOCKET : -1; + DEBUGASSERT((recv_index >= 0) || (recv_size == -1)); + xfer_setup(data, recv_index, recv_size, FALSE, send_index, shutdown); +} + CURLcode Curl_xfer_write_resp(struct Curl_easy *data, const char *buf, size_t blen, bool is_eos) @@ -1180,15 +1169,7 @@ CURLcode Curl_xfer_write_resp(struct Curl_easy *data, int cwtype = CLIENTWRITE_BODY; if(is_eos) cwtype |= CLIENTWRITE_EOS; - -#ifndef CURL_DISABLE_POP3 - if(blen && data->conn->handler->protocol & PROTO_FAMILY_POP3) { - result = data->req.ignorebody? CURLE_OK : - Curl_pop3_write(data, buf, blen); - } - else -#endif /* CURL_DISABLE_POP3 */ - result = Curl_client_write(data, cwtype, buf, blen); + result = Curl_client_write(data, cwtype, buf, blen); } } @@ -1220,25 +1201,35 @@ CURLcode Curl_xfer_write_done(struct Curl_easy *data, bool premature) return Curl_cw_out_done(data); } +bool Curl_xfer_needs_flush(struct Curl_easy *data) +{ + int sockindex; + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && + (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); + return Curl_conn_needs_flush(data, sockindex); +} + +CURLcode Curl_xfer_flush(struct Curl_easy *data) +{ + int sockindex; + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && + (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); + return Curl_conn_flush(data, sockindex); +} + CURLcode Curl_xfer_send(struct Curl_easy *data, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten) { CURLcode result; int sockindex; - if(!data || !data->conn) - return CURLE_FAILED_INIT; - /* FIXME: would like to enable this, but some protocols (MQTT) do not - * setup the transfer correctly, it seems - if(data->conn->writesockfd == CURL_SOCKET_BAD) { - failf(data, "transfer not setup for sending"); - DEBUGASSERT(0); - return CURLE_SEND_ERROR; - } */ + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + sockindex = ((data->conn->writesockfd != CURL_SOCKET_BAD) && (data->conn->writesockfd == data->conn->sock[SECONDARYSOCKET])); - result = Curl_conn_send(data, sockindex, buf, blen, pnwritten); + result = Curl_conn_send(data, sockindex, buf, blen, eos, pnwritten); if(result == CURLE_AGAIN) { result = CURLE_OK; *pnwritten = 0; @@ -1246,6 +1237,8 @@ CURLcode Curl_xfer_send(struct Curl_easy *data, else if(!result && *pnwritten) data->info.request_size += *pnwritten; + DEBUGF(infof(data, "Curl_xfer_send(len=%zu, eos=%d) -> %d, %zu", + blen, eos, result, *pnwritten)); return result; } @@ -1255,18 +1248,13 @@ CURLcode Curl_xfer_recv(struct Curl_easy *data, { int sockindex; - if(!data || !data->conn) - return CURLE_FAILED_INIT; - /* FIXME: would like to enable this, but some protocols (MQTT) do not - * setup the transfer correctly, it seems - if(data->conn->sockfd == CURL_SOCKET_BAD) { - failf(data, "transfer not setup for receiving"); - DEBUGASSERT(0); - return CURLE_RECV_ERROR; - } */ + DEBUGASSERT(data); + DEBUGASSERT(data->conn); + DEBUGASSERT(data->set.buffer_size > 0); + sockindex = ((data->conn->sockfd != CURL_SOCKET_BAD) && (data->conn->sockfd == data->conn->sock[SECONDARYSOCKET])); - if(data->set.buffer_size > 0 && (size_t)data->set.buffer_size < blen) + if((size_t)data->set.buffer_size < blen) blen = (size_t)data->set.buffer_size; return Curl_conn_recv(data, sockindex, buf, blen, pnrcvd); } @@ -1276,3 +1264,15 @@ CURLcode Curl_xfer_send_close(struct Curl_easy *data) Curl_conn_ev_data_done_send(data); return CURLE_OK; } + +bool Curl_xfer_is_blocked(struct Curl_easy *data) +{ + bool want_send = ((data)->req.keepon & KEEP_SEND); + bool want_recv = ((data)->req.keepon & KEEP_RECV); + if(!want_send) + return (want_recv && Curl_cwriter_is_paused(data)); + else if(!want_recv) + return (want_send && Curl_creader_is_paused(data)); + else + return Curl_creader_is_paused(data) && Curl_cwriter_is_paused(data); +} diff --git a/vendor/hydra/vendor/curl/lib/transfer.h b/vendor/hydra/vendor/curl/lib/transfer.h index ad0f3a20..8d6f98d7 100644 --- a/vendor/hydra/vendor/curl/lib/transfer.h +++ b/vendor/hydra/vendor/curl/lib/transfer.h @@ -32,7 +32,6 @@ char *Curl_checkheaders(const struct Curl_easy *data, void Curl_init_CONNECT(struct Curl_easy *data); CURLcode Curl_pretransfer(struct Curl_easy *data); -CURLcode Curl_posttransfer(struct Curl_easy *data); typedef enum { FOLLOW_NONE, /* not used within the function, just a placeholder to @@ -45,7 +44,7 @@ typedef enum { CURLcode Curl_follow(struct Curl_easy *data, char *newurl, followtype type); -CURLcode Curl_readwrite(struct Curl_easy *data); +CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp); int Curl_single_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *socks); CURLcode Curl_retry_request(struct Curl_easy *data, char **url); @@ -76,15 +75,37 @@ CURLcode Curl_xfer_write_resp(struct Curl_easy *data, CURLcode Curl_xfer_write_resp_hd(struct Curl_easy *data, const char *hd0, size_t hdlen, bool is_eos); -/* This sets up a forthcoming transfer */ -void Curl_xfer_setup(struct Curl_easy *data, - int sockindex, /* socket index to read from or -1 */ - curl_off_t size, /* -1 if unknown at this point */ - bool getheader, /* TRUE if header parsing is wanted */ - int writesockindex /* socket index to write to. May be - the same we read from. -1 - disables */ - ); +#define CURL_XFER_NOP (0) +#define CURL_XFER_RECV (1<<(0)) +#define CURL_XFER_SEND (1<<(1)) +#define CURL_XFER_SENDRECV (CURL_XFER_RECV|CURL_XFER_SEND) + +/** + * The transfer is neither receiving nor sending now. + */ +void Curl_xfer_setup_nop(struct Curl_easy *data); + +/** + * The transfer will use socket 1 to send/recv. `recv_size` is + * the amount to receive or -1 if unknown. `getheader` indicates + * response header processing is expected. + */ +void Curl_xfer_setup1(struct Curl_easy *data, + int send_recv, + curl_off_t recv_size, + bool getheader); + +/** + * The transfer will use socket 2 to send/recv. `recv_size` is + * the amount to receive or -1 if unknown. With `shutdown` being + * set, the transfer is only allowed to either send OR receive + * and the socket 2 connection will be shutdown at the end of + * the transfer. An unclean shutdown will fail the transfer. + */ +void Curl_xfer_setup2(struct Curl_easy *data, + int send_recv, + curl_off_t recv_size, + bool shutdown); /** * Multi has set transfer to DONE. Last chance to trigger @@ -92,13 +113,24 @@ void Curl_xfer_setup(struct Curl_easy *data, */ CURLcode Curl_xfer_write_done(struct Curl_easy *data, bool premature); +/** + * Return TRUE iff transfer has pending data to send. Checks involved + * connection filters. + */ +bool Curl_xfer_needs_flush(struct Curl_easy *data); + +/** + * Flush any pending send data on the transfer connection. + */ +CURLcode Curl_xfer_flush(struct Curl_easy *data); + /** * Send data on the socket/connection filter designated * for transfer's outgoing data. * Will return CURLE_OK on blocking with (*pnwritten == 0). */ CURLcode Curl_xfer_send(struct Curl_easy *data, - const void *buf, size_t blen, + const void *buf, size_t blen, bool eos, size_t *pnwritten); /** @@ -111,5 +143,13 @@ CURLcode Curl_xfer_recv(struct Curl_easy *data, ssize_t *pnrcvd); CURLcode Curl_xfer_send_close(struct Curl_easy *data); +CURLcode Curl_xfer_send_shutdown(struct Curl_easy *data, bool *done); + +/** + * Return TRUE iff the transfer is not done, but further progress + * is blocked. For example when it is only receiving and its writer + * is PAUSED. + */ +bool Curl_xfer_is_blocked(struct Curl_easy *data); #endif /* HEADER_CURL_TRANSFER_H */ diff --git a/vendor/hydra/vendor/curl/lib/url.c b/vendor/hydra/vendor/curl/lib/url.c index 2814d31a..3bf0c059 100644 --- a/vendor/hydra/vendor/curl/lib/url.c +++ b/vendor/hydra/vendor/curl/lib/url.c @@ -56,7 +56,7 @@ #endif #ifndef HAVE_SOCKET -#error "We can't compile without socket() support!" +#error "We cannot compile without socket() support!" #endif #include @@ -136,7 +136,7 @@ static void data_priority_cleanup(struct Curl_easy *data); #endif /* Some parts of the code (e.g. chunked encoding) assume this buffer has at - * more than just a few bytes to play with. Don't let it become too small or + * more than just a few bytes to play with. Do not let it become too small or * bad things will happen. */ #if READBUFFER_SIZE < READBUFFER_MIN @@ -234,8 +234,6 @@ CURLcode Curl_close(struct Curl_easy **datap) data = *datap; *datap = NULL; - Curl_expire_clear(data); /* shut off timers */ - /* Detach connection if any is left. This should not be normal, but can be the case for example with CONNECT_ONLY + recv/send (test 556) */ Curl_detach_connection(data); @@ -253,6 +251,8 @@ CURLcode Curl_close(struct Curl_easy **datap) } } + Curl_expire_clear(data); /* shut off any timers left */ + data->magic = 0; /* force a clear AFTER the possibly enforced removal from the multi handle, since that function uses the magic field! */ @@ -260,13 +260,12 @@ CURLcode Curl_close(struct Curl_easy **datap) if(data->state.rangestringalloc) free(data->state.range); - /* freed here just in case DONE wasn't called */ + /* freed here just in case DONE was not called */ Curl_req_free(&data->req, data); /* Close down all open SSL info and sessions */ Curl_ssl_close_all(data); Curl_safefree(data->state.first_host); - Curl_safefree(data->state.scratch); Curl_ssl_free_certinfo(data); if(data->state.referer_alloc) { @@ -365,7 +364,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->seek_client = ZERO_NULL; - set->filesize = -1; /* we don't know the size */ + set->filesize = -1; /* we do not know the size */ set->postfieldsize = -1; /* unknown size */ set->maxredirs = 30; /* sensible default */ @@ -415,8 +414,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->new_file_perms = 0644; /* Default permissions */ set->allowed_protocols = (curl_prot_t) CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | - CURLPROTO_FTPS; + set->redir_protocols = CURLPROTO_REDIR; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* @@ -467,6 +465,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->tcp_keepalive = FALSE; set->tcp_keepintvl = 60; set->tcp_keepidle = 60; + set->tcp_keepcnt = 9; set->tcp_fastopen = FALSE; set->tcp_nodelay = TRUE; set->ssl_enable_alpn = TRUE; @@ -536,9 +535,16 @@ CURLcode Curl_open(struct Curl_easy **curl) data->state.recent_conn_id = -1; /* and not assigned an id yet */ data->id = -1; + data->mid = -1; +#ifndef CURL_DISABLE_DOH + data->set.dohfor_mid = -1; +#endif data->progress.flags |= PGRS_HIDE; data->state.current_speed = -1; /* init to negative == impossible */ +#ifndef CURL_DISABLE_HTTP + Curl_llist_init(&data->state.httphdrs, NULL); +#endif } if(result) { @@ -551,23 +557,10 @@ CURLcode Curl_open(struct Curl_easy **curl) } else *curl = data; - return result; } -static void conn_shutdown(struct Curl_easy *data) -{ - DEBUGASSERT(data); - infof(data, "Closing connection"); - - /* possible left-overs from the async name resolvers */ - Curl_resolver_cancel(data); - - Curl_conn_close(data, SECONDARYSOCKET); - Curl_conn_close(data, FIRSTSOCKET); -} - -static void conn_free(struct Curl_easy *data, struct connectdata *conn) +void Curl_conn_free(struct Curl_easy *data, struct connectdata *conn) { size_t i; @@ -594,8 +587,8 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn) Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); Curl_safefree(conn->oauth_bearer); - Curl_safefree(conn->host.rawalloc); /* host name buffer */ - Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ + Curl_safefree(conn->host.rawalloc); /* hostname buffer */ + Curl_safefree(conn->conn_to_host.rawalloc); /* hostname buffer */ Curl_safefree(conn->hostname_resolve); Curl_safefree(conn->secondaryhostname); Curl_safefree(conn->localdev); @@ -604,13 +597,14 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn) #ifdef USE_UNIX_SOCKETS Curl_safefree(conn->unix_domain_socket); #endif + Curl_safefree(conn->destination); free(conn); /* free all the connection oriented data */ } /* * Disconnects the given connection. Note the connection may not be the - * primary connection, like when freeing room in the connection cache or + * primary connection, like when freeing room in the connection pool or * killing of a dead old connection. * * A connection needs an easy handle when closing down. We support this passed @@ -618,18 +612,16 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn) * disassociated from an easy handle. * * This function MUST NOT reset state in the Curl_easy struct if that - * isn't strictly bound to the life-time of *this* particular connection. - * + * is not strictly bound to the life-time of *this* particular connection. */ - -void Curl_disconnect(struct Curl_easy *data, - struct connectdata *conn, bool dead_connection) +bool Curl_on_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool aborted) { /* there must be a connection to close */ DEBUGASSERT(conn); - /* it must be removed from the connection cache */ - DEBUGASSERT(!conn->bundle); + /* it must be removed from the connection pool */ + DEBUGASSERT(!conn->bits.in_cpool); /* there must be an associated transfer */ DEBUGASSERT(data); @@ -637,22 +629,11 @@ void Curl_disconnect(struct Curl_easy *data, /* the transfer must be detached from the connection */ DEBUGASSERT(!data->conn); - DEBUGF(infof(data, "Curl_disconnect(conn #%" - CURL_FORMAT_CURL_OFF_T ", dead=%d)", - conn->connection_id, dead_connection)); - /* - * If this connection isn't marked to force-close, leave it open if there - * are other users of it - */ - if(CONN_INUSE(conn) && !dead_connection) { - DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); - return; - } + DEBUGF(infof(data, "Curl_disconnect(conn #%" FMT_OFF_T ", aborted=%d)", + conn->connection_id, aborted)); - if(conn->dns_entry) { - Curl_resolv_unlock(data, conn->dns_entry); - conn->dns_entry = NULL; - } + if(conn->dns_entry) + Curl_resolv_unlink(data, &conn->dns_entry); /* Cleanup NTLM connection-related data */ Curl_http_auth_cleanup_ntlm(conn); @@ -661,46 +642,31 @@ void Curl_disconnect(struct Curl_easy *data, Curl_http_auth_cleanup_negotiate(conn); if(conn->connect_only) - /* treat the connection as dead in CONNECT_ONLY situations */ - dead_connection = TRUE; + /* treat the connection as aborted in CONNECT_ONLY situations */ + aborted = TRUE; - /* temporarily attach the connection to this transfer handle for the - disconnect and shutdown */ - Curl_attach_connection(data, conn); - - if(conn->handler && conn->handler->disconnect) - /* This is set if protocol-specific cleanups should be made */ - conn->handler->disconnect(data, conn, dead_connection); - - conn_shutdown(data); - - /* detach it again */ - Curl_detach_connection(data); - - conn_free(data, conn); + return aborted; } /* - * IsMultiplexingPossible() + * Curl_xfer_may_multiplex() * - * Return a bitmask with the available multiplexing options for the given - * requested connection. + * Return a TRUE, iff the transfer can be done over an (appropriate) + * multiplexed connection. */ -static int IsMultiplexingPossible(const struct Curl_easy *handle, - const struct connectdata *conn) +static bool Curl_xfer_may_multiplex(const struct Curl_easy *data, + const struct connectdata *conn) { - int avail = 0; - /* If an HTTP protocol and multiplexing is enabled */ if((conn->handler->protocol & PROTO_FAMILY_HTTP) && (!conn->bits.protoconnstart || !conn->bits.close)) { - if(Curl_multiplex_wanted(handle->multi) && - (handle->state.httpwant >= CURL_HTTP_VERSION_2)) - /* allows HTTP/2 */ - avail |= CURLPIPE_MULTIPLEX; + if(Curl_multiplex_wanted(data->multi) && + (data->state.httpwant >= CURL_HTTP_VERSION_2)) + /* allows HTTP/2 or newer */ + return TRUE; } - return avail; + return FALSE; } #ifndef CURL_DISABLE_PROXY @@ -735,7 +701,7 @@ socks_proxy_info_matches(const struct proxy_info *data, return TRUE; } #else -/* disabled, won't get called */ +/* disabled, will not get called */ #define proxy_info_matches(x,y) FALSE #define socks_proxy_info_matches(x,y) FALSE #endif @@ -754,7 +720,7 @@ static bool conn_maxage(struct Curl_easy *data, idletime /= 1000; /* integer seconds is fine */ if(idletime > data->set.maxage_conn) { - infof(data, "Too old connection (%" CURL_FORMAT_TIMEDIFF_T + infof(data, "Too old connection (%" FMT_TIMEDIFF_T " seconds idle), disconnect it", idletime); return TRUE; } @@ -764,7 +730,7 @@ static bool conn_maxage(struct Curl_easy *data, if(data->set.maxlifetime_conn && lifetime > data->set.maxlifetime_conn) { infof(data, - "Too old connection (%" CURL_FORMAT_TIMEDIFF_T + "Too old connection (%" FMT_TIMEDIFF_T " seconds since creation), disconnect it", lifetime); return TRUE; } @@ -774,23 +740,24 @@ static bool conn_maxage(struct Curl_easy *data, } /* - * This function checks if the given connection is dead and prunes it from - * the connection cache if so. - * - * When this is called as a Curl_conncache_foreach() callback, the connection - * cache lock is held! - * - * Returns TRUE if the connection was dead and pruned. + * Return TRUE iff the given connection is considered dead. */ -static bool prune_if_dead(struct connectdata *conn, - struct Curl_easy *data) +bool Curl_conn_seems_dead(struct connectdata *conn, + struct Curl_easy *data, + struct curltime *pnow) { + DEBUGASSERT(!data->conn); if(!CONN_INUSE(conn)) { - /* The check for a dead socket makes sense only if the connection isn't in + /* The check for a dead socket makes sense only if the connection is not in use */ bool dead; - struct curltime now = Curl_now(); - if(conn_maxage(data, conn, now)) { + struct curltime now; + if(!pnow) { + now = Curl_now(); + pnow = &now; + } + + if(conn_maxage(data, conn, *pnow)) { /* avoid check if already too old */ dead = TRUE; } @@ -823,70 +790,47 @@ static bool prune_if_dead(struct connectdata *conn, * any time (HTTP/2 PING for example), the protocol handler needs * to install its own `connection_check` callback. */ + DEBUGF(infof(data, "connection has input pending, not reusable")); dead = TRUE; } Curl_detach_connection(data); } if(dead) { - /* remove connection from cache */ - infof(data, "Connection %" CURL_FORMAT_CURL_OFF_T " seems to be dead", + /* remove connection from cpool */ + infof(data, "Connection %" FMT_OFF_T " seems to be dead", conn->connection_id); - Curl_conncache_remove_conn(data, conn, FALSE); return TRUE; } } return FALSE; } -/* - * Wrapper to use prune_if_dead() function in Curl_conncache_foreach() - * - */ -static int call_prune_if_dead(struct Curl_easy *data, - struct connectdata *conn, void *param) +CURLcode Curl_conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + struct curltime *now) { - struct connectdata **pruned = (struct connectdata **)param; - if(prune_if_dead(conn, data)) { - /* stop the iteration here, pass back the connection that was pruned */ - *pruned = conn; - return 1; - } - return 0; /* continue iteration */ -} - -/* - * This function scans the connection cache for half-open/dead connections, - * closes and removes them. The cleanup is done at most once per second. - * - * When called, this transfer has no connection attached. - */ -static void prune_dead_connections(struct Curl_easy *data) -{ - struct curltime now = Curl_now(); - timediff_t elapsed; - - DEBUGASSERT(!data->conn); /* no connection */ - CONNCACHE_LOCK(data); - elapsed = - Curl_timediff(now, data->state.conn_cache->last_cleanup); - CONNCACHE_UNLOCK(data); - - if(elapsed >= 1000L) { - struct connectdata *pruned = NULL; - while(Curl_conncache_foreach(data, data->state.conn_cache, &pruned, - call_prune_if_dead)) { - /* unlocked */ - - /* connection previously removed from cache in prune_if_dead() */ + CURLcode result = CURLE_OK; + if(Curl_timediff(*now, conn->keepalive) <= data->set.upkeep_interval_ms) + return result; - /* disconnect it */ - Curl_disconnect(data, pruned, TRUE); - } - CONNCACHE_LOCK(data); - data->state.conn_cache->last_cleanup = now; - CONNCACHE_UNLOCK(data); + /* briefly attach for action */ + Curl_attach_connection(data, conn); + if(conn->handler->connection_check) { + /* Do a protocol-specific keepalive check on the connection. */ + unsigned int rc; + rc = conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE); + if(rc & CONNRESULT_DEAD) + result = CURLE_RECV_ERROR; } + else { + /* Do the generic action on the FIRSTSOCKET filter chain */ + result = Curl_conn_keep_alive(data, conn, FIRSTSOCKET); + } + Curl_detach_connection(data); + + conn->keepalive = *now; + return result; } #ifdef USE_SSH @@ -900,425 +844,420 @@ static bool ssh_config_matches(struct connectdata *one, #define ssh_config_matches(x,y) FALSE #endif -/* - * Given one filled in connection struct (named needle), this function should - * detect if there already is one that has all the significant details - * exactly the same and thus should be used instead. - * - * If there is a match, this function returns TRUE - and has marked the - * connection as 'in-use'. It must later be called with ConnectionDone() to - * return back to 'idle' (unused) state. - * - * The force_reuse flag is set if the connection must be used. - */ -static bool -ConnectionExists(struct Curl_easy *data, - struct connectdata *needle, - struct connectdata **usethis, - bool *force_reuse, - bool *waitpipe) +struct url_conn_match { + struct connectdata *found; + struct Curl_easy *data; + struct connectdata *needle; + BIT(may_multiplex); + BIT(want_ntlm_http); + BIT(want_proxy_ntlm_http); + + BIT(wait_pipe); + BIT(force_reuse); + BIT(seen_pending_conn); + BIT(seen_single_use_conn); + BIT(seen_multiplex_conn); +}; + +static bool url_match_conn(struct connectdata *conn, void *userdata) { - struct connectdata *chosen = NULL; - bool foundPendingCandidate = FALSE; - bool canmultiplex = FALSE; - struct connectbundle *bundle; - struct Curl_llist_element *curr; + struct url_conn_match *match = userdata; + struct Curl_easy *data = match->data; + struct connectdata *needle = match->needle; -#ifdef USE_NTLM - bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) && - (needle->handler->protocol & PROTO_FAMILY_HTTP)); -#ifndef CURL_DISABLE_PROXY - bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd && - ((data->state.authproxy.want & - CURLAUTH_NTLM) && - (needle->handler->protocol & PROTO_FAMILY_HTTP))); -#else - bool wantProxyNTLMhttp = FALSE; -#endif -#endif - /* plain HTTP with upgrade */ - bool h2upgrade = (data->state.httpwant == CURL_HTTP_VERSION_2_0) && - (needle->handler->protocol & CURLPROTO_HTTP); + /* Check if `conn` can be used for transfer `data` */ - *usethis = NULL; - *force_reuse = FALSE; - *waitpipe = FALSE; + if(conn->connect_only || conn->bits.close) + /* connect-only or to-be-closed connections will not be reused */ + return FALSE; - /* Look up the bundle with all the connections to this particular host. - Locks the connection cache, beware of early returns! */ - bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache); - if(!bundle) { - CONNCACHE_UNLOCK(data); + if(data->set.ipver != CURL_IPRESOLVE_WHATEVER + && data->set.ipver != conn->ip_version) { + /* skip because the connection is not via the requested IP version */ return FALSE; } - infof(data, "Found bundle for host: %p [%s]", - (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); - - /* We can only multiplex iff the transfer allows it AND we know - * that the server we want to talk to supports it as well. */ - canmultiplex = FALSE; - if(IsMultiplexingPossible(data, needle)) { - if(bundle->multiuse == BUNDLE_UNKNOWN) { - if(data->set.pipewait) { - infof(data, "Server doesn't support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - infof(data, "Server doesn't support multiplex (yet)"); - } - else if(bundle->multiuse == BUNDLE_MULTIPLEX) { - if(Curl_multiplex_wanted(data->multi)) - canmultiplex = TRUE; - else - infof(data, "Could multiplex, but not asked to"); - } - else if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { - infof(data, "Can not multiplex, even if we wanted to"); - } - } - - curr = bundle->conn_list.head; - while(curr) { - struct connectdata *check = curr->ptr; - /* Get next node now. We might remove a dead `check` connection which - * would invalidate `curr` as well. */ - curr = curr->next; - /* Note that if we use an HTTP proxy in normal mode (no tunneling), we - * check connections to that proxy and not to the actual remote server. - */ - if(check->connect_only || check->bits.close) - /* connect-only or to-be-closed connections will not be reused */ - continue; + if(needle->localdev || needle->localport) { + /* If we are bound to a specific local end (IP+port), we must not + reuse a random other one, although if we did not ask for a + particular one we can reuse one that was bound. + + This comparison is a bit rough and too strict. Since the input + parameters can be specified in numerous ways and still end up the + same it would take a lot of processing to make it really accurate. + Instead, this matching will assume that reuses of bound connections + will most likely also reuse the exact same binding parameters and + missing out a few edge cases should not hurt anyone very much. + */ + if((conn->localport != needle->localport) || + (conn->localportrange != needle->localportrange) || + (needle->localdev && + (!conn->localdev || strcmp(conn->localdev, needle->localdev)))) + return FALSE; + } + + if(needle->bits.conn_to_host != conn->bits.conn_to_host) + /* do not mix connections that use the "connect to host" feature and + * connections that do not use this feature */ + return FALSE; - if(data->set.ipver != CURL_IPRESOLVE_WHATEVER - && data->set.ipver != check->ip_version) { - /* skip because the connection is not via the requested IP version */ - continue; - } + if(needle->bits.conn_to_port != conn->bits.conn_to_port) + /* do not mix connections that use the "connect to port" feature and + * connections that do not use this feature */ + return FALSE; - if(!canmultiplex) { - if(Curl_resolver_asynch() && - /* remote_ip[0] is NUL only if the resolving of the name hasn't - completed yet and until then we don't reuse this connection */ - !check->primary.remote_ip[0]) - continue; - } + if(!Curl_conn_is_connected(conn, FIRSTSOCKET) || + conn->bits.asks_multiplex) { + /* Not yet connected, or not yet decided if it multiplexes. The later + * happens for HTTP/2 Upgrade: requests that need a response. */ + if(match->may_multiplex) { + match->seen_pending_conn = TRUE; + /* Do not pick a connection that has not connected yet */ + infof(data, "Connection #%" FMT_OFF_T + " is not open enough, cannot reuse", conn->connection_id); + } + /* Do not pick a connection that has not connected yet */ + return FALSE; + } + /* `conn` is connected. If it has transfers, can we add ours to it? */ - if(CONN_INUSE(check)) { - if(!canmultiplex) { - /* transfer can't be multiplexed and check is in use */ - continue; - } - else { - /* Could multiplex, but not when check belongs to another multi */ - struct Curl_llist_element *e = check->easyq.head; - struct Curl_easy *entry = e->ptr; - if(entry->multi != data->multi) - continue; - } + if(CONN_INUSE(conn)) { + if(!conn->bits.multiplex) { + /* conn busy and conn cannot take more transfers */ + match->seen_single_use_conn = TRUE; + return FALSE; } - - if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { - foundPendingCandidate = TRUE; - /* Don't pick a connection that hasn't connected yet */ - infof(data, "Connection #%" CURL_FORMAT_CURL_OFF_T - " isn't open enough, can't reuse", check->connection_id); - continue; + match->seen_multiplex_conn = TRUE; + if(!match->may_multiplex) + /* conn busy and transfer cannot be multiplexed */ + return FALSE; + else { + /* transfer and conn multiplex. Are they on the same multi? */ + struct Curl_llist_node *e = Curl_llist_head(&conn->easyq); + struct Curl_easy *entry = Curl_node_elem(e); + if(entry->multi != data->multi) + return FALSE; } + } + /* `conn` is connected and we could add the transfer to it, if + * all the other criteria do match. */ - /* `check` is connected. if it is in use and does not support multiplex, - * we cannot use it. */ - if(!check->bits.multiplex && CONN_INUSE(check)) - continue; - + /* Does `conn` use the correct protocol? */ #ifdef USE_UNIX_SOCKETS - if(needle->unix_domain_socket) { - if(!check->unix_domain_socket) - continue; - if(strcmp(needle->unix_domain_socket, check->unix_domain_socket)) - continue; - if(needle->bits.abstract_unix_socket != - check->bits.abstract_unix_socket) - continue; - } - else if(check->unix_domain_socket) - continue; -#endif - - if((needle->handler->flags&PROTOPT_SSL) != - (check->handler->flags&PROTOPT_SSL)) - /* don't do mixed SSL and non-SSL connections */ - if(get_protocol_family(check->handler) != - needle->handler->protocol || !check->bits.tls_upgraded) - /* except protocols that have been upgraded via TLS */ - continue; - - if(needle->bits.conn_to_host != check->bits.conn_to_host) - /* don't mix connections that use the "connect to host" feature and - * connections that don't use this feature */ - continue; - - if(needle->bits.conn_to_port != check->bits.conn_to_port) - /* don't mix connections that use the "connect to port" feature and - * connections that don't use this feature */ - continue; + if(needle->unix_domain_socket) { + if(!conn->unix_domain_socket) + return FALSE; + if(strcmp(needle->unix_domain_socket, conn->unix_domain_socket)) + return FALSE; + if(needle->bits.abstract_unix_socket != conn->bits.abstract_unix_socket) + return FALSE; + } + else if(conn->unix_domain_socket) + return FALSE; +#endif + + if((needle->handler->flags&PROTOPT_SSL) != + (conn->handler->flags&PROTOPT_SSL)) + /* do not do mixed SSL and non-SSL connections */ + if(get_protocol_family(conn->handler) != + needle->handler->protocol || !conn->bits.tls_upgraded) + /* except protocols that have been upgraded via TLS */ + return FALSE; #ifndef CURL_DISABLE_PROXY - if(needle->bits.httpproxy != check->bits.httpproxy || - needle->bits.socksproxy != check->bits.socksproxy) - continue; - - if(needle->bits.socksproxy && - !socks_proxy_info_matches(&needle->socks_proxy, - &check->socks_proxy)) - continue; - - if(needle->bits.httpproxy) { - if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy) - continue; - - if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy)) - continue; - - if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { - /* https proxies come in different types, http/1.1, h2, ... */ - if(needle->http_proxy.proxytype != check->http_proxy.proxytype) - continue; - /* match SSL config to proxy */ - if(!Curl_ssl_conn_config_match(data, check, TRUE)) { - DEBUGF(infof(data, - "Connection #%" CURL_FORMAT_CURL_OFF_T - " has different SSL proxy parameters, can't reuse", - check->connection_id)); - continue; - } - /* the SSL config to the server, which may apply here is checked - * further below */ + if(needle->bits.httpproxy != conn->bits.httpproxy || + needle->bits.socksproxy != conn->bits.socksproxy) + return FALSE; + + if(needle->bits.socksproxy && + !socks_proxy_info_matches(&needle->socks_proxy, + &conn->socks_proxy)) + return FALSE; + + if(needle->bits.httpproxy) { + if(needle->bits.tunnel_proxy != conn->bits.tunnel_proxy) + return FALSE; + + if(!proxy_info_matches(&needle->http_proxy, &conn->http_proxy)) + return FALSE; + + if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { + /* https proxies come in different types, http/1.1, h2, ... */ + if(needle->http_proxy.proxytype != conn->http_proxy.proxytype) + return FALSE; + /* match SSL config to proxy */ + if(!Curl_ssl_conn_config_match(data, conn, TRUE)) { + DEBUGF(infof(data, + "Connection #%" FMT_OFF_T + " has different SSL proxy parameters, cannot reuse", + conn->connection_id)); + return FALSE; } + /* the SSL config to the server, which may apply here is checked + * further below */ } + } #endif - if(h2upgrade && !check->httpversion && canmultiplex) { - if(data->set.pipewait) { - infof(data, "Server upgrade doesn't support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - infof(data, "Server upgrade cannot be used"); - continue; /* can't be used atm */ - } - - if(needle->localdev || needle->localport) { - /* If we are bound to a specific local end (IP+port), we must not - reuse a random other one, although if we didn't ask for a - particular one we can reuse one that was bound. - - This comparison is a bit rough and too strict. Since the input - parameters can be specified in numerous ways and still end up the - same it would take a lot of processing to make it really accurate. - Instead, this matching will assume that reuses of bound connections - will most likely also reuse the exact same binding parameters and - missing out a few edge cases shouldn't hurt anyone very much. - */ - if((check->localport != needle->localport) || - (check->localportrange != needle->localportrange) || - (needle->localdev && - (!check->localdev || strcmp(check->localdev, needle->localdev)))) - continue; - } - - if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { - /* This protocol requires credentials per connection, - so verify that we're using the same name and password as well */ - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd) || - Curl_timestrcmp(needle->sasl_authzid, check->sasl_authzid) || - Curl_timestrcmp(needle->oauth_bearer, check->oauth_bearer)) { - /* one of them was different */ - continue; - } + if(match->may_multiplex && + (data->state.httpwant == CURL_HTTP_VERSION_2_0) && + (needle->handler->protocol & CURLPROTO_HTTP) && + !conn->httpversion) { + if(data->set.pipewait) { + infof(data, "Server upgrade does not support multiplex yet, wait"); + match->found = NULL; + match->wait_pipe = TRUE; + return TRUE; /* stop searching, we want to wait */ + } + infof(data, "Server upgrade cannot be used"); + return FALSE; + } + + if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { + /* This protocol requires credentials per connection, + so verify that we are using the same name and password as well */ + if(Curl_timestrcmp(needle->user, conn->user) || + Curl_timestrcmp(needle->passwd, conn->passwd) || + Curl_timestrcmp(needle->sasl_authzid, conn->sasl_authzid) || + Curl_timestrcmp(needle->oauth_bearer, conn->oauth_bearer)) { + /* one of them was different */ + return FALSE; } + } - /* GSS delegation differences do not actually affect every connection - and auth method, but this check takes precaution before efficiency */ - if(needle->gssapi_delegation != check->gssapi_delegation) - continue; + /* GSS delegation differences do not actually affect every connection + and auth method, but this check takes precaution before efficiency */ + if(needle->gssapi_delegation != conn->gssapi_delegation) + return FALSE; - /* If looking for HTTP and the HTTP version we want is less - * than the HTTP version of the check connection, continue looking */ - if((needle->handler->protocol & PROTO_FAMILY_HTTP) && - (((check->httpversion >= 20) && - (data->state.httpwant < CURL_HTTP_VERSION_2_0)) - || ((check->httpversion >= 30) && - (data->state.httpwant < CURL_HTTP_VERSION_3)))) - continue; + /* If looking for HTTP and the HTTP version we want is less + * than the HTTP version of conn, continue looking */ + if((needle->handler->protocol & PROTO_FAMILY_HTTP) && + (((conn->httpversion >= 20) && + (data->state.httpwant < CURL_HTTP_VERSION_2_0)) + || ((conn->httpversion >= 30) && + (data->state.httpwant < CURL_HTTP_VERSION_3)))) + return FALSE; #ifdef USE_SSH - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { - if(!ssh_config_matches(needle, check)) - continue; - } + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, conn)) + return FALSE; + } #endif #ifndef CURL_DISABLE_FTP - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { - /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ - if(Curl_timestrcmp(needle->proto.ftpc.account, - check->proto.ftpc.account) || - Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, - check->proto.ftpc.alternative_to_user) || - (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || - (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) - continue; - } + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ + if(Curl_timestrcmp(needle->proto.ftpc.account, + conn->proto.ftpc.account) || + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, + conn->proto.ftpc.alternative_to_user) || + (needle->proto.ftpc.use_ssl != conn->proto.ftpc.use_ssl) || + (needle->proto.ftpc.ccc != conn->proto.ftpc.ccc)) + return FALSE; + } #endif - /* Additional match requirements if talking TLS OR - * not talking to a HTTP proxy OR using a tunnel through a proxy */ - if((needle->handler->flags&PROTOPT_SSL) + /* Additional match requirements if talking TLS OR + * not talking to an HTTP proxy OR using a tunnel through a proxy */ + if((needle->handler->flags&PROTOPT_SSL) #ifndef CURL_DISABLE_PROXY - || !needle->bits.httpproxy || needle->bits.tunnel_proxy -#endif - ) { - /* Talking the same protocol scheme or a TLS upgraded protocol in the - * same protocol family? */ - if(!strcasecompare(needle->handler->scheme, check->handler->scheme) && - (get_protocol_family(check->handler) != - needle->handler->protocol || !check->bits.tls_upgraded)) - continue; - - /* If needle has "conn_to_*" set, check must match this */ - if((needle->bits.conn_to_host && !strcasecompare( - needle->conn_to_host.name, check->conn_to_host.name)) || - (needle->bits.conn_to_port && - needle->conn_to_port != check->conn_to_port)) - continue; - - /* hostname and port must match */ - if(!strcasecompare(needle->host.name, check->host.name) || - needle->remote_port != check->remote_port) - continue; - - /* If talking TLS, check needs to use the same SSL options. */ - if((needle->handler->flags & PROTOPT_SSL) && - !Curl_ssl_conn_config_match(data, check, FALSE)) { - DEBUGF(infof(data, - "Connection #%" CURL_FORMAT_CURL_OFF_T - " has different SSL parameters, can't reuse", - check->connection_id)); - continue; - } + || !needle->bits.httpproxy || needle->bits.tunnel_proxy +#endif + ) { + /* Talking the same protocol scheme or a TLS upgraded protocol in the + * same protocol family? */ + if(!strcasecompare(needle->handler->scheme, conn->handler->scheme) && + (get_protocol_family(conn->handler) != + needle->handler->protocol || !conn->bits.tls_upgraded)) + return FALSE; + + /* If needle has "conn_to_*" set, conn must match this */ + if((needle->bits.conn_to_host && !strcasecompare( + needle->conn_to_host.name, conn->conn_to_host.name)) || + (needle->bits.conn_to_port && + needle->conn_to_port != conn->conn_to_port)) + return FALSE; + + /* hostname and port must match */ + if(!strcasecompare(needle->host.name, conn->host.name) || + needle->remote_port != conn->remote_port) + return FALSE; + + /* If talking TLS, conn needs to use the same SSL options. */ + if((needle->handler->flags & PROTOPT_SSL) && + !Curl_ssl_conn_config_match(data, conn, FALSE)) { + DEBUGF(infof(data, + "Connection #%" FMT_OFF_T + " has different SSL parameters, cannot reuse", + conn->connection_id)); + return FALSE; } + } #if defined(USE_NTLM) - /* If we are looking for an HTTP+NTLM connection, check if this is - already authenticating with the right credentials. If not, keep - looking so that we can reuse NTLM connections if - possible. (Especially we must not reuse the same connection if - partway through a handshake!) */ - if(wantNTLMhttp) { - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd)) { - - /* we prefer a credential match, but this is at least a connection - that can be reused and "upgraded" to NTLM */ - if(check->http_ntlm_state == NTLMSTATE_NONE) - chosen = check; - continue; - } - } - else if(check->http_ntlm_state != NTLMSTATE_NONE) { - /* Connection is using NTLM auth but we don't want NTLM */ - continue; - } + /* If we are looking for an HTTP+NTLM connection, check if this is + already authenticating with the right credentials. If not, keep + looking so that we can reuse NTLM connections if + possible. (Especially we must not reuse the same connection if + partway through a handshake!) */ + if(match->want_ntlm_http) { + if(Curl_timestrcmp(needle->user, conn->user) || + Curl_timestrcmp(needle->passwd, conn->passwd)) { + + /* we prefer a credential match, but this is at least a connection + that can be reused and "upgraded" to NTLM */ + if(conn->http_ntlm_state == NTLMSTATE_NONE) + match->found = conn; + return FALSE; + } + } + else if(conn->http_ntlm_state != NTLMSTATE_NONE) { + /* Connection is using NTLM auth but we do not want NTLM */ + return FALSE; + } #ifndef CURL_DISABLE_PROXY - /* Same for Proxy NTLM authentication */ - if(wantProxyNTLMhttp) { - /* Both check->http_proxy.user and check->http_proxy.passwd can be - * NULL */ - if(!check->http_proxy.user || !check->http_proxy.passwd) - continue; - - if(Curl_timestrcmp(needle->http_proxy.user, - check->http_proxy.user) || - Curl_timestrcmp(needle->http_proxy.passwd, - check->http_proxy.passwd)) - continue; - } - else if(check->proxy_ntlm_state != NTLMSTATE_NONE) { - /* Proxy connection is using NTLM auth but we don't want NTLM */ - continue; - } -#endif - if(wantNTLMhttp || wantProxyNTLMhttp) { - /* Credentials are already checked, we may use this connection. - * With NTLM being weird as it is, we MUST use a - * connection where it has already been fully negotiated. - * If it has not, we keep on looking for a better one. */ - chosen = check; - - if((wantNTLMhttp && - (check->http_ntlm_state != NTLMSTATE_NONE)) || - (wantProxyNTLMhttp && - (check->proxy_ntlm_state != NTLMSTATE_NONE))) { - /* We must use this connection, no other */ - *force_reuse = TRUE; - break; - } - /* Continue look up for a better connection */ - continue; + /* Same for Proxy NTLM authentication */ + if(match->want_proxy_ntlm_http) { + /* Both conn->http_proxy.user and conn->http_proxy.passwd can be + * NULL */ + if(!conn->http_proxy.user || !conn->http_proxy.passwd) + return FALSE; + + if(Curl_timestrcmp(needle->http_proxy.user, + conn->http_proxy.user) || + Curl_timestrcmp(needle->http_proxy.passwd, + conn->http_proxy.passwd)) + return FALSE; + } + else if(conn->proxy_ntlm_state != NTLMSTATE_NONE) { + /* Proxy connection is using NTLM auth but we do not want NTLM */ + return FALSE; + } +#endif + if(match->want_ntlm_http || match->want_proxy_ntlm_http) { + /* Credentials are already checked, we may use this connection. + * With NTLM being weird as it is, we MUST use a + * connection where it has already been fully negotiated. + * If it has not, we keep on looking for a better one. */ + match->found = conn; + + if((match->want_ntlm_http && + (conn->http_ntlm_state != NTLMSTATE_NONE)) || + (match->want_proxy_ntlm_http && + (conn->proxy_ntlm_state != NTLMSTATE_NONE))) { + /* We must use this connection, no other */ + match->force_reuse = TRUE; + return TRUE; } + /* Continue look up for a better connection */ + return FALSE; + } #endif - if(CONN_INUSE(check)) { - DEBUGASSERT(canmultiplex); - DEBUGASSERT(check->bits.multiplex); - /* If multiplexed, make sure we don't go over concurrency limit */ - if(CONN_INUSE(check) >= - Curl_multi_max_concurrent_streams(data->multi)) { - infof(data, "client side MAX_CONCURRENT_STREAMS reached" - ", skip (%zu)", CONN_INUSE(check)); - continue; - } - if(CONN_INUSE(check) >= - Curl_conn_get_max_concurrent(data, check, FIRSTSOCKET)) { - infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", - CONN_INUSE(check)); - continue; - } - /* When not multiplexed, we have a match here! */ - infof(data, "Multiplexed connection found"); + if(CONN_INUSE(conn)) { + DEBUGASSERT(match->may_multiplex); + DEBUGASSERT(conn->bits.multiplex); + /* If multiplexed, make sure we do not go over concurrency limit */ + if(CONN_INUSE(conn) >= + Curl_multi_max_concurrent_streams(data->multi)) { + infof(data, "client side MAX_CONCURRENT_STREAMS reached" + ", skip (%zu)", CONN_INUSE(conn)); + return FALSE; } - else if(prune_if_dead(check, data)) { - /* disconnect it */ - Curl_disconnect(data, check, TRUE); - continue; + if(CONN_INUSE(conn) >= + Curl_conn_get_max_concurrent(data, conn, FIRSTSOCKET)) { + infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", + CONN_INUSE(conn)); + return FALSE; } + /* When not multiplexed, we have a match here! */ + infof(data, "Multiplexed connection found"); + } + else if(Curl_conn_seems_dead(conn, data, NULL)) { + /* removed and disconnect. Do not treat as aborted. */ + Curl_cpool_disconnect(data, conn, FALSE); + return FALSE; + } - /* We have found a connection. Let's stop searching. */ - chosen = check; - break; - } /* loop over connection bundle */ + /* We have found a connection. Let's stop searching. */ + match->found = conn; + return TRUE; +} - if(chosen) { - /* mark it as used before releasing the lock */ - Curl_attach_connection(data, chosen); - CONNCACHE_UNLOCK(data); - *usethis = chosen; - return TRUE; /* yes, we found one to use! */ +static bool url_match_result(bool result, void *userdata) +{ + struct url_conn_match *match = userdata; + (void)result; + if(match->found) { + /* Attach it now while still under lock, so the connection does + * no longer appear idle and can be reaped. */ + Curl_attach_connection(match->data, match->found); + return TRUE; } - CONNCACHE_UNLOCK(data); - - if(foundPendingCandidate && data->set.pipewait) { - infof(data, + else if(match->seen_single_use_conn && !match->seen_multiplex_conn) { + /* We've seen a single-use, existing connection to the destination and + * no multiplexed one. It seems safe to assume that the server does + * not support multiplexing. */ + match->wait_pipe = FALSE; + } + else if(match->seen_pending_conn && match->data->set.pipewait) { + infof(match->data, "Found pending candidate for reuse and CURLOPT_PIPEWAIT is set"); - *waitpipe = TRUE; + match->wait_pipe = TRUE; } + match->force_reuse = FALSE; + return FALSE; +} - return FALSE; /* no matching connecting exists */ +/* + * Given one filled in connection struct (named needle), this function should + * detect if there already is one that has all the significant details + * exactly the same and thus should be used instead. + * + * If there is a match, this function returns TRUE - and has marked the + * connection as 'in-use'. It must later be called with ConnectionDone() to + * return back to 'idle' (unused) state. + * + * The force_reuse flag is set if the connection must be used. + */ +static bool +ConnectionExists(struct Curl_easy *data, + struct connectdata *needle, + struct connectdata **usethis, + bool *force_reuse, + bool *waitpipe) +{ + struct url_conn_match match; + bool result; + + memset(&match, 0, sizeof(match)); + match.data = data; + match.needle = needle; + match.may_multiplex = Curl_xfer_may_multiplex(data, needle); + +#ifdef USE_NTLM + match.want_ntlm_http = ((data->state.authhost.want & CURLAUTH_NTLM) && + (needle->handler->protocol & PROTO_FAMILY_HTTP)); +#ifndef CURL_DISABLE_PROXY + match.want_proxy_ntlm_http = + (needle->bits.proxy_user_passwd && + (data->state.authproxy.want & CURLAUTH_NTLM) && + (needle->handler->protocol & PROTO_FAMILY_HTTP)); +#endif +#endif + + /* Find a connection in the pool that matches what "data + needle" + * requires. If a suitable candidate is found, it is attached to "data". */ + result = Curl_cpool_find(data, needle->destination, needle->destination_len, + url_match_conn, url_match_result, &match); + + /* wait_pipe is TRUE if we encounter a bundle that is undecided. There + * is no matching connection then, yet. */ + *usethis = match.found; + *force_reuse = match.force_reuse; + *waitpipe = match.wait_pipe; + return result; } /* @@ -1335,6 +1274,21 @@ void Curl_verboseconnect(struct Curl_easy *data, infof(data, "Connected to %s (%s) port %u", CURL_CONN_HOST_DISPNAME(conn), conn->primary.remote_ip, conn->primary.remote_port); +#if !defined(CURL_DISABLE_HTTP) + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + switch(conn->alpn) { + case CURL_HTTP_VERSION_3: + infof(data, "using HTTP/3"); + break; + case CURL_HTTP_VERSION_2: + infof(data, "using HTTP/2"); + break; + default: + infof(data, "using HTTP/1.x"); + break; + } + } +#endif } #endif @@ -1357,7 +1311,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->primary.remote_port = -1; /* unknown at this point */ conn->remote_port = -1; /* unknown at this point */ - /* Default protocol-independent behavior doesn't support persistent + /* Default protocol-independent behavior does not support persistent connections, so we set this to force-close. Protocols that support this need to set this to FALSE in their "curl_do" functions. */ connclose(conn, "Default to force-close"); @@ -1643,7 +1597,7 @@ const struct Curl_handler *Curl_getn_scheme_handler(const char *scheme, unsigned int c = 978; while(l) { c <<= 5; - c += Curl_raw_tolower(*s); + c += (unsigned int)Curl_raw_tolower(*s); s++; l--; } @@ -1678,7 +1632,7 @@ static CURLcode findprotocol(struct Curl_easy *data, } } - /* The protocol was not found in the table, but we don't have to assign it + /* The protocol was not found in the table, but we do not have to assign it to anything since it is already assigned to a dummy-struct in the create_conn() function when the connectdata struct is allocated. */ failf(data, "Protocol \"%s\" %s%s", protostr, @@ -1796,12 +1750,12 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, if(!use_set_uh) { char *newurl; - uc = curl_url_set(uh, CURLUPART_URL, data->state.url, - CURLU_GUESS_SCHEME | - CURLU_NON_SUPPORT_SCHEME | - (data->set.disallow_username_in_url ? - CURLU_DISALLOW_USER : 0) | - (data->set.path_as_is ? CURLU_PATH_AS_IS : 0)); + uc = curl_url_set(uh, CURLUPART_URL, data->state.url, (unsigned int) + (CURLU_GUESS_SCHEME | + CURLU_NON_SUPPORT_SCHEME | + (data->set.disallow_username_in_url ? + CURLU_DISALLOW_USER : 0) | + (data->set.path_as_is ? CURLU_PATH_AS_IS : 0))); if(uc) { failf(data, "URL rejected: %s", curl_url_strerror(uc)); return Curl_uc_to_curlcode(uc); @@ -1827,7 +1781,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } else if(strlen(data->state.up.hostname) > MAX_URL_LEN) { - failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN); + failf(data, "Too long hostname (maximum is %d)", MAX_URL_LEN); return CURLE_URL_MALFORMAT; } hostname = data->state.up.hostname; @@ -1845,7 +1799,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, zonefrom_url(uh, data, conn); } - /* make sure the connect struct gets its own copy of the host name */ + /* make sure the connect struct gets its own copy of the hostname */ conn->host.rawalloc = strdup(hostname ? hostname : ""); if(!conn->host.rawalloc) return CURLE_OUT_OF_MEMORY; @@ -1892,7 +1846,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return result; /* - * User name and password set with their own options override the + * username and password set with their own options override the * credentials possibly set in the URL. */ if(!data->set.str[STRING_PASSWORD]) { @@ -1914,7 +1868,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, } if(!data->set.str[STRING_USERNAME]) { - /* we don't use the URL API's URL decoder option here since it rejects + /* we do not use the URL API's URL decoder option here since it rejects control codes and we want to allow them for some schemes in the user and password fields */ uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0); @@ -1979,7 +1933,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, /* - * If we're doing a resumed transfer, we need to setup our stuff + * If we are doing a resumed transfer, we need to setup our stuff * properly. */ static CURLcode setup_range(struct Curl_easy *data) @@ -1991,7 +1945,7 @@ static CURLcode setup_range(struct Curl_easy *data) free(s->range); if(s->resume_from) - s->range = aprintf("%" CURL_FORMAT_CURL_OFF_T "-", s->resume_from); + s->range = aprintf("%" FMT_OFF_T "-", s->resume_from); else s->range = strdup(data->set.str[STRING_SET_RANGE]); @@ -2023,6 +1977,8 @@ static CURLcode setup_connection_internals(struct Curl_easy *data, struct connectdata *conn) { const struct Curl_handler *p; + const char *hostname; + int port; CURLcode result; /* Perform setup complement if some. */ @@ -2042,6 +1998,34 @@ static CURLcode setup_connection_internals(struct Curl_easy *data, was very likely already set to the proxy port */ conn->primary.remote_port = p->defport; + /* Now create the destination name */ +#ifndef CURL_DISABLE_PROXY + if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { + hostname = conn->http_proxy.host.name; + port = conn->primary.remote_port; + } + else +#endif + { + port = conn->remote_port; + if(conn->bits.conn_to_host) + hostname = conn->conn_to_host.name; + else + hostname = conn->host.name; + } + +#ifdef USE_IPV6 + conn->destination = aprintf("%u/%d/%s", conn->scope_id, port, hostname); +#else + conn->destination = aprintf("%d/%s", port, hostname); +#endif + if(!conn->destination) + return CURLE_OUT_OF_MEMORY; + + conn->destination_len = strlen(conn->destination) + 1; + Curl_strntolower(conn->destination, conn->destination, + conn->destination_len - 1); + return CURLE_OK; } @@ -2074,7 +2058,7 @@ static char *detect_proxy(struct Curl_easy *data, * the first to check for.) * * For compatibility, the all-uppercase versions of these variables are - * checked if the lowercase versions don't exist. + * checked if the lowercase versions do not exist. */ char proxy_env[20]; char *envp = proxy_env; @@ -2088,7 +2072,7 @@ static char *detect_proxy(struct Curl_easy *data, proxy = curl_getenv(proxy_env); /* - * We don't try the uppercase version of HTTP_PROXY because of + * We do not try the uppercase version of HTTP_PROXY because of * security reasons: * * When curl is used in a webserver application @@ -2137,7 +2121,7 @@ static char *detect_proxy(struct Curl_easy *data, /* * If this is supposed to use a proxy, we need to figure out the proxy - * host name, so that we can reuse an existing connection + * hostname, so that we can reuse an existing connection * that may exist registered to the same proxy host. */ static CURLcode parse_proxy(struct Curl_easy *data, @@ -2284,7 +2268,7 @@ static CURLcode parse_proxy(struct Curl_easy *data, conn->primary.remote_port = port; } - /* now, clone the proxy host name */ + /* now, clone the proxy hostname */ uc = curl_url_get(uhp, CURLUPART_HOST, &host, CURLU_URLDECODE); if(uc) { result = CURLE_OUT_OF_MEMORY; @@ -2365,7 +2349,7 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data, return result; } -/* create_conn helper to parse and init proxy values. to be called after unix +/* create_conn helper to parse and init proxy values. to be called after Unix socket init but before any proxy vars are evaluated. */ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, struct connectdata *conn) @@ -2374,7 +2358,6 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, char *socksproxy = NULL; char *no_proxy = NULL; CURLcode result = CURLE_OK; - bool spacesep = FALSE; /************************************************************* * Extract the user and password from the authentication string @@ -2421,8 +2404,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, } if(Curl_check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ? - data->set.str[STRING_NOPROXY] : no_proxy, - &spacesep)) { + data->set.str[STRING_NOPROXY] : no_proxy)) { Curl_safefree(proxy); Curl_safefree(socksproxy); } @@ -2431,13 +2413,10 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, /* if the host is not in the noproxy list, detect proxy. */ proxy = detect_proxy(data, conn); #endif /* CURL_DISABLE_HTTP */ - if(spacesep) - infof(data, "space-separated NOPROXY patterns are deprecated"); - Curl_safefree(no_proxy); #ifdef USE_UNIX_SOCKETS - /* For the time being do not mix proxy and unix domain sockets. See #1274 */ + /* For the time being do not mix proxy and Unix domain sockets. See #1274 */ if(proxy && conn->unix_domain_socket) { free(proxy); proxy = NULL; @@ -2445,14 +2424,14 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, #endif if(proxy && (!*proxy || (conn->handler->flags & PROTOPT_NONETWORK))) { - free(proxy); /* Don't bother with an empty proxy string or if the - protocol doesn't work with network */ + free(proxy); /* Do not bother with an empty proxy string or if the + protocol does not work with network */ proxy = NULL; } if(socksproxy && (!*socksproxy || (conn->handler->flags & PROTOPT_NONETWORK))) { - free(socksproxy); /* Don't bother with an empty socks proxy string or if - the protocol doesn't work with network */ + free(socksproxy); /* Do not bother with an empty socks proxy string or if + the protocol does not work with network */ socksproxy = NULL; } @@ -2524,7 +2503,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, conn->bits.proxy = conn->bits.httpproxy || conn->bits.socksproxy; if(!conn->bits.proxy) { - /* we aren't using the proxy after all... */ + /* we are not using the proxy after all... */ conn->bits.proxy = FALSE; conn->bits.httpproxy = FALSE; conn->bits.socksproxy = FALSE; @@ -2546,7 +2525,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data, /* * Curl_parse_login_details() * - * This is used to parse a login string for user name, password and options in + * This is used to parse a login string for username, password and options in * the following formats: * * user @@ -2693,7 +2672,7 @@ static CURLcode override_login(struct Curl_easy *data, bool url_provided = FALSE; if(data->state.aptr.user) { - /* there was a user name in the URL. Use the URL decoded version */ + /* there was a username in the URL. Use the URL decoded version */ userp = &data->state.aptr.user; url_provided = TRUE; } @@ -2774,7 +2753,7 @@ static CURLcode override_login(struct Curl_easy *data, } /* - * Set the login details so they're available in the connection + * Set the login details so they are available in the connection */ static CURLcode set_login(struct Curl_easy *data, struct connectdata *conn) @@ -2865,8 +2844,8 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data, else infof(data, "Invalid IPv6 address format"); portptr = ptr; - /* Note that if this didn't end with a bracket, we still advanced the - * hostptr first, but I can't see anything wrong with that as no host + /* Note that if this did not end with a bracket, we still advanced the + * hostptr first, but I cannot see anything wrong with that as no host * name nor a numeric can legally start with a bracket. */ #else @@ -2880,7 +2859,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data, host_portno = strchr(portptr, ':'); if(host_portno) { char *endp = NULL; - *host_portno = '\0'; /* cut off number from host name */ + *host_portno = '\0'; /* cut off number from hostname */ host_portno++; if(*host_portno) { long portparse = strtol(host_portno, &endp, 10); @@ -2895,7 +2874,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data, } } - /* now, clone the cleaned host name */ + /* now, clone the cleaned hostname */ DEBUGASSERT(hostptr); *hostname_result = strdup(hostptr); if(!*hostname_result) { @@ -3028,7 +3007,7 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, #ifndef CURL_DISABLE_ALTSVC if(data->asi && !host && (port == -1) && ((conn->handler->protocol == CURLPROTO_HTTPS) || -#ifdef CURLDEBUG +#ifdef DEBUGBUILD /* allow debug builds to circumvent the HTTPS restriction */ getenv("CURL_ALTSVC_HTTP") #else @@ -3091,7 +3070,7 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, conn->transport = TRNSPRT_QUIC; conn->httpversion = 30; break; - default: /* shouldn't be possible */ + default: /* should not be possible */ break; } } @@ -3130,143 +3109,85 @@ static CURLcode resolve_unix(struct Curl_easy *data, return longpath ? CURLE_COULDNT_RESOLVE_HOST : CURLE_OUT_OF_MEMORY; } - hostaddr->inuse++; + hostaddr->refcount = 1; /* connection is the only one holding this */ conn->dns_entry = hostaddr; return CURLE_OK; } #endif -#ifndef CURL_DISABLE_PROXY -static CURLcode resolve_proxy(struct Curl_easy *data, - struct connectdata *conn, - bool *async) +/************************************************************* + * Resolve the address of the server or proxy + *************************************************************/ +static CURLcode resolve_server(struct Curl_easy *data, + struct connectdata *conn, + bool *async) { - struct Curl_dns_entry *hostaddr = NULL; - struct hostname *host; + struct hostname *ehost; timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); + const char *peertype = "host"; int rc; +#ifdef USE_UNIX_SOCKETS + char *unix_path = conn->unix_domain_socket; - DEBUGASSERT(conn->dns_entry == NULL); - - host = conn->bits.socksproxy ? &conn->socks_proxy.host : - &conn->http_proxy.host; - - conn->hostname_resolve = strdup(host->name); - if(!conn->hostname_resolve) - return CURLE_OUT_OF_MEMORY; +#ifndef CURL_DISABLE_PROXY + if(!unix_path && CONN_IS_PROXIED(conn) && conn->socks_proxy.host.name && + !strncmp(UNIX_SOCKET_PREFIX"/", + conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) + unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; +#endif - rc = Curl_resolv_timeout(data, conn->hostname_resolve, - conn->primary.remote_port, &hostaddr, timeout_ms); - conn->dns_entry = hostaddr; - if(rc == CURLRESOLV_PENDING) - *async = TRUE; - else if(rc == CURLRESOLV_TIMEDOUT) - return CURLE_OPERATION_TIMEDOUT; - else if(!hostaddr) { - failf(data, "Couldn't resolve proxy '%s'", host->dispname); - return CURLE_COULDNT_RESOLVE_PROXY; + if(unix_path) { + /* TODO, this only works if previous transport is TRNSPRT_TCP. Check it? */ + conn->transport = TRNSPRT_UNIX; + return resolve_unix(data, conn, unix_path); } - - return CURLE_OK; -} #endif -static CURLcode resolve_host(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ - struct Curl_dns_entry *hostaddr = NULL; - struct hostname *connhost; - timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); - int rc; - DEBUGASSERT(conn->dns_entry == NULL); - connhost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host; - - /* If not connecting via a proxy, extract the port from the URL, if it is - * there, thus overriding any defaults that might have been set above. */ - conn->primary.remote_port = conn->bits.conn_to_port ? conn->conn_to_port : - conn->remote_port; +#ifndef CURL_DISABLE_PROXY + if(CONN_IS_PROXIED(conn)) { + ehost = conn->bits.socksproxy ? &conn->socks_proxy.host : + &conn->http_proxy.host; + peertype = "proxy"; + } + else +#endif + { + ehost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host; + /* If not connecting via a proxy, extract the port from the URL, if it is + * there, thus overriding any defaults that might have been set above. */ + conn->primary.remote_port = conn->bits.conn_to_port ? conn->conn_to_port : + conn->remote_port; + } /* Resolve target host right on */ - conn->hostname_resolve = strdup(connhost->name); + conn->hostname_resolve = strdup(ehost->name); if(!conn->hostname_resolve) return CURLE_OUT_OF_MEMORY; rc = Curl_resolv_timeout(data, conn->hostname_resolve, - conn->primary.remote_port, &hostaddr, timeout_ms); - conn->dns_entry = hostaddr; + conn->primary.remote_port, + &conn->dns_entry, timeout_ms); if(rc == CURLRESOLV_PENDING) *async = TRUE; else if(rc == CURLRESOLV_TIMEDOUT) { - failf(data, "Failed to resolve host '%s' with timeout after %" - CURL_FORMAT_TIMEDIFF_T " ms", connhost->dispname, + failf(data, "Failed to resolve %s '%s' with timeout after %" + FMT_TIMEDIFF_T " ms", peertype, ehost->dispname, Curl_timediff(Curl_now(), data->progress.t_startsingle)); return CURLE_OPERATION_TIMEDOUT; } - else if(!hostaddr) { - failf(data, "Could not resolve host: %s", connhost->dispname); + else if(!conn->dns_entry) { + failf(data, "Could not resolve %s: %s", peertype, ehost->dispname); return CURLE_COULDNT_RESOLVE_HOST; } return CURLE_OK; } -/* Perform a fresh resolve */ -static CURLcode resolve_fresh(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ -#ifdef USE_UNIX_SOCKETS - char *unix_path = conn->unix_domain_socket; - -#ifndef CURL_DISABLE_PROXY - if(!unix_path && conn->socks_proxy.host.name && - !strncmp(UNIX_SOCKET_PREFIX"/", - conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX))) - unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - 1; -#endif - - if(unix_path) { - conn->transport = TRNSPRT_UNIX; - return resolve_unix(data, conn, unix_path); - } -#endif - -#ifndef CURL_DISABLE_PROXY - if(CONN_IS_PROXIED(conn)) - return resolve_proxy(data, conn, async); -#endif - - return resolve_host(data, conn, async); -} - -/************************************************************* - * Resolve the address of the server or proxy - *************************************************************/ -static CURLcode resolve_server(struct Curl_easy *data, - struct connectdata *conn, - bool *async) -{ - DEBUGASSERT(conn); - DEBUGASSERT(data); - - /* Resolve the name of the server or proxy */ - if(conn->bits.reuse) { - /* We're reusing the connection - no need to resolve anything, and - idnconvert_hostname() was called already in create_conn() for the reuse - case. */ - *async = FALSE; - return CURLE_OK; - } - - return resolve_fresh(data, conn, async); -} - /* * Cleanup the connection `temp`, just allocated for `data`, before using the - * previously `existing` one for `data`. All relevant info is copied over + * previously `existing` one for `data`. All relevant info is copied over * and `temp` is freed. */ static void reuse_conn(struct Curl_easy *data, @@ -3276,7 +3197,7 @@ static void reuse_conn(struct Curl_easy *data, /* get the user+password information from the temp struct since it may * be new for this request even when we reuse an existing connection */ if(temp->user) { - /* use the new user name and password though */ + /* use the new username and password though */ Curl_safefree(existing->user); Curl_safefree(existing->passwd); existing->user = temp->user; @@ -3288,7 +3209,7 @@ static void reuse_conn(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY existing->bits.proxy_user_passwd = temp->bits.proxy_user_passwd; if(existing->bits.proxy_user_passwd) { - /* use the new proxy user name and proxy password though */ + /* use the new proxy username and proxy password though */ Curl_safefree(existing->http_proxy.user); Curl_safefree(existing->socks_proxy.user); Curl_safefree(existing->http_proxy.passwd); @@ -3304,7 +3225,7 @@ static void reuse_conn(struct Curl_easy *data, } #endif - /* Finding a connection for reuse in the cache matches, among other + /* Finding a connection for reuse in the cpool matches, among other * things on the "remote-relevant" hostname. This is not necessarily * the authority of the URL, e.g. conn->host. For example: * - we use a proxy (not tunneling). we want to send all requests @@ -3335,14 +3256,14 @@ static void reuse_conn(struct Curl_easy *data, temp->hostname_resolve = NULL; /* reuse init */ - existing->bits.reuse = TRUE; /* yes, we're reusing here */ + existing->bits.reuse = TRUE; /* yes, we are reusing here */ - conn_free(data, temp); + Curl_conn_free(data, temp); } /** * create_conn() sets up a new connectdata struct, or reuses an already - * existing one, and resolves host name. + * existing one, and resolves hostname. * * if this function returns CURLE_OK and *async is set to TRUE, the resolve * response will be coming asynchronously. If *async is FALSE, the name is @@ -3366,8 +3287,6 @@ static CURLcode create_conn(struct Curl_easy *data, bool connections_available = TRUE; bool force_reuse = FALSE; bool waitpipe = FALSE; - size_t max_host_connections = Curl_multi_max_host_connections(data->multi); - size_t max_total_connections = Curl_multi_max_total_connections(data->multi); *async = FALSE; *in_connect = NULL; @@ -3427,7 +3346,7 @@ static CURLcode create_conn(struct Curl_easy *data, } #endif - /* After the unix socket init but before the proxy vars are used, parse and + /* After the Unix socket init but before the proxy vars are used, parse and initialize the proxy vars */ #ifndef CURL_DISABLE_PROXY result = create_conn_helper_init_proxy(data, conn); @@ -3524,7 +3443,7 @@ static CURLcode create_conn(struct Curl_easy *data, goto out; /*********************************************************************** - * file: is a special case in that it doesn't need a network connection + * file: is a special case in that it does not need a network connection ***********************************************************************/ #ifndef CURL_DISABLE_FILE if(conn->handler->flags & PROTOPT_NONETWORK) { @@ -3532,13 +3451,15 @@ static CURLcode create_conn(struct Curl_easy *data, /* this is supposed to be the connect function so we better at least check that the file is present here! */ DEBUGASSERT(conn->handler->connect_it); - Curl_persistconninfo(data, conn, NULL); + data->info.conn_scheme = conn->handler->scheme; + /* conn_protocol can only provide "old" protocols */ + data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; result = conn->handler->connect_it(data, &done); - /* Setup a "faked" transfer that'll do nothing */ + /* Setup a "faked" transfer that will do nothing */ if(!result) { Curl_attach_connection(data, conn); - result = Curl_conncache_add_conn(data); + result = Curl_cpool_add_conn(data, conn); if(result) goto out; @@ -3552,7 +3473,7 @@ static CURLcode create_conn(struct Curl_easy *data, (void)conn->handler->done(data, result, FALSE); goto out; } - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); } /* since we skip do_init() */ @@ -3574,7 +3495,8 @@ static CURLcode create_conn(struct Curl_easy *data, if(result) goto out; - prune_dead_connections(data); + /* FIXME: do we really want to run this every time we add a transfer? */ + Curl_cpool_prune_dead(data); /************************************************************* * Check the current list of connections to see if we can @@ -3633,50 +3555,31 @@ static CURLcode create_conn(struct Curl_easy *data, "soon", and we wait for that */ connections_available = FALSE; else { - /* this gets a lock on the conncache */ - struct connectbundle *bundle = - Curl_conncache_find_bundle(data, conn, data->state.conn_cache); - - if(max_host_connections > 0 && bundle && - (bundle->num_connections >= max_host_connections)) { - struct connectdata *conn_candidate; - - /* The bundle is full. Extract the oldest connection. */ - conn_candidate = Curl_conncache_extract_bundle(data, bundle); - CONNCACHE_UNLOCK(data); - - if(conn_candidate) - Curl_disconnect(data, conn_candidate, FALSE); - else { - infof(data, "No more connections allowed to host: %zu", - max_host_connections); + switch(Curl_cpool_check_limits(data, conn)) { + case CPOOL_LIMIT_DEST: + infof(data, "No more connections allowed to host"); + connections_available = FALSE; + break; + case CPOOL_LIMIT_TOTAL: +#ifndef CURL_DISABLE_DOH + if(data->set.dohfor_mid >= 0) + infof(data, "Allowing DoH to override max connection limit"); + else +#endif + { + infof(data, "No connections available in cache"); connections_available = FALSE; } - } - else - CONNCACHE_UNLOCK(data); - - } - - if(connections_available && - (max_total_connections > 0) && - (Curl_conncache_size(data) >= max_total_connections)) { - struct connectdata *conn_candidate; - - /* The cache is full. Let's see if we can kill a connection. */ - conn_candidate = Curl_conncache_extract_oldest(data); - if(conn_candidate) - Curl_disconnect(data, conn_candidate, FALSE); - else { - infof(data, "No connections available in cache"); - connections_available = FALSE; + break; + default: + break; } } if(!connections_available) { infof(data, "No connections available."); - conn_free(data, conn); + Curl_conn_free(data, conn); *in_connect = NULL; result = CURLE_NO_CONNECTION_AVAILABLE; @@ -3694,13 +3597,13 @@ static CURLcode create_conn(struct Curl_easy *data, } Curl_attach_connection(data, conn); - result = Curl_conncache_add_conn(data); + result = Curl_cpool_add_conn(data, conn); if(result) goto out; } #if defined(USE_NTLM) - /* If NTLM is requested in a part of this connection, make sure we don't + /* If NTLM is requested in a part of this connection, make sure we do not assume the state is fine as this is a fresh connection and NTLM is connection based. */ if((data->state.authhost.picked & CURLAUTH_NTLM) && @@ -3731,16 +3634,35 @@ static CURLcode create_conn(struct Curl_easy *data, /* Continue connectdata initialization here. */ - /************************************************************* - * Resolve the address of the server or proxy - *************************************************************/ - result = resolve_server(data, conn, async); - if(result) - goto out; + if(conn->bits.reuse) { + /* We are reusing the connection - no need to resolve anything, and + idnconvert_hostname() was called already in create_conn() for the reuse + case. */ + *async = FALSE; + } + else { + /************************************************************* + * Resolve the address of the server or proxy + *************************************************************/ + result = resolve_server(data, conn, async); + if(result) + goto out; + } + + /* persist the scheme and handler the transfer is using */ + data->info.conn_scheme = conn->handler->scheme; + /* conn_protocol can only provide "old" protocols */ + data->info.conn_protocol = (conn->handler->protocol) & CURLPROTO_MASK; + data->info.used_proxy = +#ifdef CURL_DISABLE_PROXY + 0 +#else + conn->bits.proxy +#endif + ; /* Everything general done, inform filters that they need - * to prepare for a data transfer. - */ + * to prepare for a data transfer. */ result = Curl_conn_ev_data_setup(data); out: @@ -3766,18 +3688,6 @@ CURLcode Curl_setup_conn(struct Curl_easy *data, return result; } -#ifndef CURL_DISABLE_PROXY - /* set proxy_connect_closed to false unconditionally already here since it - is used strictly to provide extra information to a parent function in the - case of proxy CONNECT failures and we must make sure we don't have it - lingering set from a previous invoke */ - conn->bits.proxy_connect_closed = FALSE; -#endif - -#ifdef CURL_DO_LINEEND_CONV - data->state.crlf_conversions = 0; /* reset CRLF conversion counter */ -#endif /* CURL_DO_LINEEND_CONV */ - /* set start time here for timeout purposes in the connect procedure, it is later set again for the progress meter purpose */ conn->now = Curl_now(); @@ -3812,7 +3722,7 @@ CURLcode Curl_connect(struct Curl_easy *data, /* multiplexed */ *protocol_done = TRUE; else if(!*asyncp) { - /* DNS resolution is done: that's either because this is a reused + /* DNS resolution is done: that is either because this is a reused connection, in which case DNS was unnecessary, or because DNS really did finish already (synch resolver/fast async resolve) */ result = Curl_setup_conn(data, protocol_done); @@ -3823,11 +3733,10 @@ CURLcode Curl_connect(struct Curl_easy *data, return result; } else if(result && conn) { - /* We're not allowed to return failure with memory left allocated in the + /* We are not allowed to return failure with memory left allocated in the connectdata struct, free those here */ Curl_detach_connection(data); - Curl_conncache_remove_conn(data, conn, TRUE); - Curl_disconnect(data, conn, TRUE); + Curl_cpool_disconnect(data, conn, TRUE); } return result; @@ -3849,9 +3758,9 @@ CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn) CURLcode result; if(conn) { - conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to + conn->bits.do_more = FALSE; /* by default there is no curl_do_more() to use */ - /* if the protocol used doesn't support wildcards, switch it off */ + /* if the protocol used does not support wildcards, switch it off */ if(data->state.wildcardmatch && !(conn->handler->flags & PROTOPT_WILDCARD)) data->state.wildcardmatch = FALSE; diff --git a/vendor/hydra/vendor/curl/lib/url.h b/vendor/hydra/vendor/curl/lib/url.h index 198a00ad..47c1db44 100644 --- a/vendor/hydra/vendor/curl/lib/url.h +++ b/vendor/hydra/vendor/curl/lib/url.h @@ -37,10 +37,11 @@ void Curl_freeset(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy **datap); /* opposite of curl_open() */ CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); -void Curl_disconnect(struct Curl_easy *data, - struct connectdata *, bool dead_connection); +bool Curl_on_disconnect(struct Curl_easy *data, + struct connectdata *, bool aborted); CURLcode Curl_setup_conn(struct Curl_easy *data, bool *protocol_done); +void Curl_conn_free(struct Curl_easy *data, struct connectdata *conn); CURLcode Curl_parse_login_details(const char *login, const size_t len, char **userptr, char **passwdptr, char **optionsptr); @@ -64,6 +65,21 @@ void Curl_verboseconnect(struct Curl_easy *data, struct connectdata *conn, int sockindex); #endif +/** + * Return TRUE iff the given connection is considered dead. + * @param nowp NULL or pointer to time being checked against. + */ +bool Curl_conn_seems_dead(struct connectdata *conn, + struct Curl_easy *data, + struct curltime *nowp); + +/** + * Perform upkeep operations on the connection. + */ +CURLcode Curl_conn_upkeep(struct Curl_easy *data, + struct connectdata *conn, + struct curltime *now); + #if defined(USE_HTTP2) || defined(USE_HTTP3) void Curl_data_priority_clear_state(struct Curl_easy *data); #else diff --git a/vendor/hydra/vendor/curl/lib/urlapi-int.h b/vendor/hydra/vendor/curl/lib/urlapi-int.h index c40281a8..fcffab2e 100644 --- a/vendor/hydra/vendor/curl/lib/urlapi-int.h +++ b/vendor/hydra/vendor/curl/lib/urlapi-int.h @@ -30,9 +30,9 @@ size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen, CURLUcode Curl_url_set_authority(CURLU *u, const char *authority); -#ifdef DEBUGBUILD -CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host, - bool has_scheme); +#ifdef UNITTESTS +UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host, + bool has_scheme); #endif #endif /* HEADER_CURL_URLAPI_INT_H */ diff --git a/vendor/hydra/vendor/curl/lib/urlapi.c b/vendor/hydra/vendor/curl/lib/urlapi.c index eb039668..3d4a3f94 100644 --- a/vendor/hydra/vendor/curl/lib/urlapi.c +++ b/vendor/hydra/vendor/curl/lib/urlapi.c @@ -41,13 +41,13 @@ #include "curl_memory.h" #include "memdebug.h" - /* MSDOS/Windows style drive prefix, eg c: in c:foo */ + /* MS-DOS/Windows style drive prefix, eg c: in c:foo */ #define STARTS_WITH_DRIVE_PREFIX(str) \ ((('a' <= str[0] && str[0] <= 'z') || \ ('A' <= str[0] && str[0] <= 'Z')) && \ (str[1] == ':')) - /* MSDOS/Windows style drive prefix, optionally with + /* MS-DOS/Windows style drive prefix, optionally with * a '|' instead of ':', followed by a slash or NUL */ #define STARTS_WITH_URL_DRIVE_PREFIX(str) \ ((('a' <= (str)[0] && (str)[0] <= 'z') || \ @@ -82,6 +82,7 @@ struct Curl_URL { unsigned short portnum; /* the numerical version (if 'port' is set) */ BIT(query_present); /* to support blank */ BIT(fragment_present); /* to support blank */ + BIT(guessed_scheme); /* when a URL without scheme is parsed */ }; #define DEFAULT_SCHEME "https" @@ -101,7 +102,7 @@ static void free_urlhandle(struct Curl_URL *u) } /* - * Find the separator at the end of the host name, or the '?' in cases like + * Find the separator at the end of the hostname, or the '?' in cases like * http://www.example.com?id=2380 */ static const char *find_host_sep(const char *url) @@ -140,7 +141,7 @@ static const char hexdigits[] = "0123456789abcdef"; /* urlencode_str() writes data into an output dynbuf and URL-encodes the * spaces in the source URL accordingly. * - * URL encoding should be skipped for host names, otherwise IDN resolution + * URL encoding should be skipped for hostnames, otherwise IDN resolution * will fail. */ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, @@ -205,7 +206,7 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen, bool guess_scheme) { - int i = 0; + size_t i = 0; DEBUGASSERT(!buf || (buflen > MAX_SCHEME_LEN)); (void)buflen; /* only used in debug-builds */ if(buf) @@ -229,7 +230,7 @@ size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen, if(i && (url[i] == ':') && ((url[i + 1] == '/') || !guess_scheme)) { /* If this does not guess scheme, the scheme always ends with the colon so that this also detects data: URLs etc. In guessing mode, data: could - be the host name "data" with a specified port number. */ + be the hostname "data" with a specified port number. */ /* the length of the scheme is the name part only */ size_t len = i; @@ -267,7 +268,7 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) bool skip_slash = FALSE; *newurl = NULL; - /* protsep points to the start of the host name */ + /* protsep points to the start of the hostname */ protsep = strstr(base, "//"); if(!protsep) protsep = base; @@ -277,13 +278,13 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) if('/' != relurl[0]) { int level = 0; - /* First we need to find out if there's a ?-letter in the URL, + /* First we need to find out if there is a ?-letter in the URL, and cut it and the right-side of that off */ pathsep = strchr(protsep, '?'); if(pathsep) *pathsep = 0; - /* we have a relative path to append to the last slash if there's one + /* we have a relative path to append to the last slash if there is one available, or the new URL is just a query string (starts with a '?') or a fragment (starts with '#') we append the new one at the end of the current URL */ @@ -292,7 +293,7 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) if(pathsep) *pathsep = 0; - /* Check if there's any slash after the host name, and if so, remember + /* Check if there is any slash after the hostname, and if so, remember that position instead */ pathsep = strchr(protsep, '/'); if(pathsep) @@ -347,7 +348,7 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) if(pathsep) { /* When people use badly formatted URLs, such as "http://www.example.com?dir=/home/daniel" we must not use the first - slash, if there's a ?-letter before it! */ + slash, if there is a ?-letter before it! */ char *sep = strchr(protsep, '?'); if(sep && (sep < pathsep)) pathsep = sep; @@ -355,8 +356,8 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) } else { /* There was no slash. Now, since we might be operating on a badly - formatted URL, such as "http://www.example.com?id=2380" which - doesn't use a slash separator as it is supposed to, we need to check + formatted URL, such as "http://www.example.com?id=2380" which does + not use a slash separator as it is supposed to, we need to check for a ?-letter as well! */ pathsep = strchr(protsep, '?'); if(pathsep) @@ -367,7 +368,7 @@ static CURLcode concat_url(char *base, const char *relurl, char **newurl) Curl_dyn_init(&newest, CURL_MAX_INPUT_LENGTH); - /* copy over the root url part */ + /* copy over the root URL part */ result = Curl_dyn_add(&newest, base); if(result) return result; @@ -420,15 +421,15 @@ static CURLUcode junkscan(const char *url, size_t *urllen, unsigned int flags) /* * parse_hostname_login() * - * Parse the login details (user name, password and options) from the URL and - * strip them out of the host name + * Parse the login details (username, password and options) from the URL and + * strip them out of the hostname * */ static CURLUcode parse_hostname_login(struct Curl_URL *u, const char *login, size_t len, unsigned int flags, - size_t *offset) /* to the host name */ + size_t *offset) /* to the hostname */ { CURLUcode result = CURLUE_OK; CURLcode ccode; @@ -475,7 +476,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, if(userp) { if(flags & CURLU_DISALLOW_USER) { - /* Option DISALLOW_USER is set and url contains username. */ + /* Option DISALLOW_USER is set and URL contains username. */ result = CURLUE_USER_NOT_ALLOWED; goto out; } @@ -493,7 +494,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, u->options = optionsp; } - /* the host name starts at this offset */ + /* the hostname starts at this offset */ *offset = ptr - login; return CURLUE_OK; @@ -538,11 +539,11 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host, unsigned long port; size_t keep = portptr - hostname; - /* Browser behavior adaptation. If there's a colon with no digits after, + /* Browser behavior adaptation. If there is a colon with no digits after, just cut off the name there which makes us ignore the colon and just use the default port. Firefox, Chrome and Safari all do that. - Don't do it if the URL has no scheme, to make something that looks like + Do not do it if the URL has no scheme, to make something that looks like a scheme not work! */ Curl_dyn_setlen(host, keep); @@ -591,7 +592,7 @@ static CURLUcode ipv6_parse(struct Curl_URL *u, char *hostname, char zoneid[16]; int i = 0; char *h = &hostname[len + 1]; - /* pass '25' if present and is a url encoded percent sign */ + /* pass '25' if present and is a URL encoded percent sign */ if(!strncmp(h, "25", 2) && h[2] && (h[2] != ']')) h += 2; while(*h && (*h != ']') && (i < 15)) @@ -664,7 +665,6 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname, */ #define HOST_ERROR -1 /* out of memory */ -#define HOST_BAD -2 /* bad IPv4 address */ #define HOST_NAME 1 #define HOST_IPV4 2 @@ -686,7 +686,7 @@ static int ipv4_normalize(struct dynbuf *host) char *endp = NULL; unsigned long l; if(!ISDIGIT(*c)) - /* most importantly this doesn't allow a leading plus or minus */ + /* most importantly this does not allow a leading plus or minus */ return HOST_NAME; l = strtoul(c, &endp, 0); if(errno) @@ -802,7 +802,7 @@ static CURLUcode parse_authority(struct Curl_URL *u, CURLcode result; /* - * Parse the login details and strip them out of the host name. + * Parse the login details and strip them out of the hostname. */ uc = parse_hostname_login(u, auth, authlen, flags, &offset); if(uc) @@ -835,7 +835,6 @@ static CURLUcode parse_authority(struct Curl_URL *u, case HOST_ERROR: uc = CURLUE_OUT_OF_MEMORY; break; - case HOST_BAD: default: uc = CURLUE_BAD_HOSTNAME; /* Bad IPv4 address even */ break; @@ -907,7 +906,7 @@ UNITTEST int dedotdotify(const char *input, size_t clen, char **outp) do { bool dotdot = TRUE; if(*input == '.') { - /* A. If the input buffer begins with a prefix of "../" or "./", then + /* A. If the input buffer begins with a prefix of "../" or "./", then remove that prefix from the input buffer; otherwise, */ if(!strncmp("./", input, 2)) { @@ -918,7 +917,7 @@ UNITTEST int dedotdotify(const char *input, size_t clen, char **outp) input += 3; clen -= 3; } - /* D. if the input buffer consists only of "." or "..", then remove + /* D. if the input buffer consists only of "." or "..", then remove that from the input buffer; otherwise, */ else if(!strcmp(".", input) || !strcmp("..", input) || @@ -930,7 +929,7 @@ UNITTEST int dedotdotify(const char *input, size_t clen, char **outp) dotdot = FALSE; } else if(*input == '/') { - /* B. if the input buffer begins with a prefix of "/./" or "/.", where + /* B. if the input buffer begins with a prefix of "/./" or "/.", where "." is a complete path segment, then replace that prefix with "/" in the input buffer; otherwise, */ if(!strncmp("/./", input, 3)) { @@ -943,7 +942,7 @@ UNITTEST int dedotdotify(const char *input, size_t clen, char **outp) break; } - /* C. if the input buffer begins with a prefix of "/../" or "/..", + /* C. if the input buffer begins with a prefix of "/../" or "/..", where ".." is a complete path segment, then replace that prefix with "/" in the input buffer and remove the last segment and its preceding "/" (if any) from the output buffer; otherwise, */ @@ -977,7 +976,7 @@ UNITTEST int dedotdotify(const char *input, size_t clen, char **outp) dotdot = FALSE; if(!dotdot) { - /* E. move the first path segment in the input buffer to the end of + /* E. move the first path segment in the input buffer to the end of the output buffer, including the initial "/" character (if any) and any subsequent characters up to, but not including, the next "/" character or the end of the input buffer. */ @@ -1070,7 +1069,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) * Appendix E, but believe me, it was meant to be there. --MK) */ if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) { - /* the URL includes a host name, it must match "localhost" or + /* the URL includes a hostname, it must match "localhost" or "127.0.0.1" to be valid */ if(checkprefix("localhost/", ptr) || checkprefix("127.0.0.1/", ptr)) { @@ -1080,9 +1079,9 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) #if defined(_WIN32) size_t len; - /* the host name, NetBIOS computer name, can not contain disallowed + /* the hostname, NetBIOS computer name, can not contain disallowed chars, and the delimiting slash character must be appended to the - host name */ + hostname */ path = strpbrk(ptr, "/\\:*?\"<>|"); if(!path || *path != '/') { result = CURLUE_BAD_FILE_URL; @@ -1118,11 +1117,11 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) Curl_dyn_reset(&host); #if !defined(_WIN32) && !defined(MSDOS) && !defined(__CYGWIN__) - /* Don't allow Windows drive letters when not in Windows. + /* Do not allow Windows drive letters when not in Windows. * This catches both "file:/c:" and "file:c:" */ if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) || STARTS_WITH_URL_DRIVE_PREFIX(path)) { - /* File drive letters are only accepted in MSDOS/Windows */ + /* File drive letters are only accepted in MS-DOS/Windows */ result = CURLUE_BAD_FILE_URL; goto fail; } @@ -1162,7 +1161,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) result = CURLUE_BAD_SLASHES; goto fail; } - hostp = p; /* host name starts here */ + hostp = p; /* hostname starts here */ } else { /* no scheme! */ @@ -1188,7 +1187,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } } - /* find the end of the host name + port number */ + /* find the end of the hostname + port number */ hostlen = strcspn(hostp, "/?#"); path = &hostp[hostlen]; @@ -1202,7 +1201,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) if((flags & CURLU_GUESS_SCHEME) && !schemep) { const char *hostname = Curl_dyn_ptr(&host); - /* legacy curl-style guess based on host name */ + /* legacy curl-style guess based on hostname */ if(checkprefix("ftp.", hostname)) schemep = "ftp"; else if(checkprefix("dict.", hostname)) @@ -1223,6 +1222,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) result = CURLUE_OUT_OF_MEMORY; goto fail; } + u->guessed_scheme = TRUE; } } else if(flags & CURLU_NO_AUTHORITY) { @@ -1437,6 +1437,8 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, ptr = u->scheme; ifmissing = CURLUE_NO_SCHEME; urldecode = FALSE; /* never for schemes */ + if((flags & CURLU_NO_GUESS_SCHEME) && u->guessed_scheme) + return CURLUE_NO_SCHEME; break; case CURLUPART_USER: ptr = u->user; @@ -1465,7 +1467,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, ifmissing = CURLUE_NO_PORT; urldecode = FALSE; /* never for port */ if(!ptr && (flags & CURLU_DEFAULT_PORT) && u->scheme) { - /* there's no stored port number, but asked to deliver + /* there is no stored port number, but asked to deliver a default one for the scheme */ const struct Curl_handler *h = Curl_get_scheme_handler(u->scheme); if(h) { @@ -1525,6 +1527,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, return CURLUE_NO_HOST; else { const struct Curl_handler *h = NULL; + char schemebuf[MAX_SCHEME_LEN + 5]; if(u->scheme) scheme = u->scheme; else if(flags & CURLU_DEFAULT_SCHEME) @@ -1534,7 +1537,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, h = Curl_get_scheme_handler(scheme); if(!port && (flags & CURLU_DEFAULT_PORT)) { - /* there's no stored port number, but asked to deliver + /* there is no stored port number, but asked to deliver a default one for the scheme */ if(h) { msnprintf(portbuf, sizeof(portbuf), "%u", h->defport); @@ -1595,8 +1598,13 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, } } - url = aprintf("%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s", - scheme, + if(!(flags & CURLU_NO_GUESS_SCHEME) || !u->guessed_scheme) + msnprintf(schemebuf, sizeof(schemebuf), "%s://", scheme); + else + schemebuf[0] = 0; + + url = aprintf("%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", + schemebuf, u->user ? u->user : "", u->password ? ":": "", u->password ? u->password : "", @@ -1718,6 +1726,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, break; case CURLUPART_SCHEME: storep = &u->scheme; + u->guessed_scheme = FALSE; break; case CURLUPART_USER: storep = &u->user; @@ -1790,6 +1799,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, } else return CURLUE_BAD_SCHEME; + u->guessed_scheme = FALSE; break; } case CURLUPART_USER: @@ -1862,7 +1872,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, return CURLUE_MALFORMED_INPUT; /* if the new thing is absolute or the old one is not - * (we could not get an absolute url in 'oldurl'), + * (we could not get an absolute URL in 'oldurl'), * then replace the existing with the new. */ if(Curl_is_absolute_url(part, NULL, 0, flags & (CURLU_GUESS_SCHEME| @@ -1978,10 +1988,26 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, else if(what == CURLUPART_HOST) { size_t n = Curl_dyn_len(&enc); if(!n && (flags & CURLU_NO_AUTHORITY)) { - /* Skip hostname check, it's allowed to be empty. */ + /* Skip hostname check, it is allowed to be empty. */ } else { - if(!n || hostname_check(u, (char *)newp, n)) { + bool bad = FALSE; + if(!n) + bad = TRUE; /* empty hostname is not okay */ + else if(!urlencode) { + /* if the host name part was not URL encoded here, it was set ready + URL encoded so we need to decode it to check */ + size_t dlen; + char *decoded = NULL; + CURLcode result = + Curl_urldecode(newp, n, &decoded, &dlen, REJECT_CTRL); + if(result || hostname_check(u, decoded, dlen)) + bad = TRUE; + free(decoded); + } + else if(hostname_check(u, (char *)newp, n)) + bad = TRUE; + if(bad) { Curl_dyn_free(&enc); return CURLUE_BAD_HOSTNAME; } diff --git a/vendor/hydra/vendor/curl/lib/urldata.h b/vendor/hydra/vendor/curl/lib/urldata.h index 8b1bd65d..22dceeed 100644 --- a/vendor/hydra/vendor/curl/lib/urldata.h +++ b/vendor/hydra/vendor/curl/lib/urldata.h @@ -67,7 +67,7 @@ struct curl_trc_featt; #ifdef USE_WEBSOCKETS /* CURLPROTO_GOPHERS (29) is the highest publicly used protocol bit number, * the rest are internal information. If we use higher bits we only do this on - * platforms that have a >= 64 bit type and then we use such a type for the + * platforms that have a >= 64-bit type and then we use such a type for the * protocol fields in the protocol handler. */ #define CURLPROTO_WS (1<<30) @@ -77,6 +77,10 @@ struct curl_trc_featt; #define CURLPROTO_WSS 0 #endif +/* the default protocols accepting a redirect to */ +#define CURLPROTO_REDIR (CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | \ + CURLPROTO_FTPS) + /* This should be undefined once we need bit 32 or higher */ #define PROTO_TYPE_SMALL @@ -101,6 +105,12 @@ typedef unsigned int curl_prot_t; #define CURL_DEFAULT_USER "anonymous" #define CURL_DEFAULT_PASSWORD "ftp@example.com" +#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) +/* do FTP line-end CRLF => LF conversions on platforms that prefer LF-only. It + also means: keep CRLF line endings on the CRLF platforms */ +#define CURL_PREFER_LF_LINEENDS +#endif + /* Convenience defines for checking protocols or their SSL based version. Each protocol handler should only ever have a single CURLPROTO_ in its protocol field. */ @@ -159,6 +169,7 @@ typedef ssize_t (Curl_send)(struct Curl_easy *data, /* transfer */ int sockindex, /* socketindex */ const void *buf, /* data to write */ size_t len, /* max amount to write */ + bool eos, /* last chunk */ CURLcode *err); /* error to return */ /* return the count of bytes read, or -1 on error */ @@ -257,22 +268,6 @@ enum protection_level { }; #endif -/* enum for the nonblocking SSL connection state machine */ -typedef enum { - ssl_connect_1, - ssl_connect_2, - ssl_connect_2_reading, - ssl_connect_2_writing, - ssl_connect_3, - ssl_connect_done -} ssl_connect_state; - -typedef enum { - ssl_connection_none, - ssl_connection_negotiating, - ssl_connection_complete -} ssl_connection_state; - /* SSL backend-specific data; declared differently by each SSL backend */ struct ssl_backend_data; @@ -288,11 +283,11 @@ struct ssl_peer { char *sni; /* SNI version of hostname or NULL if not usable */ ssl_peer_type type; /* type of the peer information */ int port; /* port we are talking to */ - int transport; /* TCP or QUIC */ + int transport; /* one of TRNSPRT_* defines */ }; struct ssl_primary_config { - char *CApath; /* certificate dir (doesn't work on windows) */ + char *CApath; /* certificate dir (does not work on Windows) */ char *CAfile; /* certificate to verify peer against */ char *issuercert; /* optional issuer certificate filename */ char *clientcert; @@ -314,7 +309,7 @@ struct ssl_primary_config { BIT(verifypeer); /* set TRUE if this is desired */ BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ BIT(verifystatus); /* set TRUE if certificate status must be checked */ - BIT(sessionid); /* cache session IDs or not */ + BIT(cache_session); /* cache session or not */ }; struct ssl_config_data { @@ -323,7 +318,7 @@ struct ssl_config_data { curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ void *fsslctxp; /* parameter for call back */ char *cert_type; /* format for certificate (default: PEM)*/ - char *key; /* private key file name */ + char *key; /* private key filename */ struct curl_blob *key_blob; char *key_type; /* format for private key (default: PEM) */ char *key_passwd; /* plain text private key password */ @@ -331,7 +326,7 @@ struct ssl_config_data { BIT(falsestart); BIT(enable_beast); /* allow this flaw for interoperability's sake */ BIT(no_revoke); /* disable SSL certificate revocation checks */ - BIT(no_partialchain); /* don't accept partial certificate chains */ + BIT(no_partialchain); /* do not accept partial certificate chains */ BIT(revoke_best_effort); /* ignore SSL revocation offline/missing revocation list errors */ BIT(native_ca_store); /* use the native ca store of operating system */ @@ -348,8 +343,8 @@ typedef void Curl_ssl_sessionid_dtor(void *sessionid, size_t idsize); /* information stored about one single SSL session */ struct Curl_ssl_session { - char *name; /* host name for which this ID was used */ - char *conn_to_host; /* host name for the connection (may be NULL) */ + char *name; /* hostname for which this ID was used */ + char *conn_to_host; /* hostname for the connection (may be NULL) */ const char *scheme; /* protocol scheme used */ void *sessionid; /* as returned from the SSL layer */ size_t idsize; /* if known, otherwise 0 */ @@ -457,7 +452,7 @@ struct ntlmdata { unsigned int flags; unsigned char nonce[8]; unsigned int target_info_len; - void *target_info; /* TargetInfo received in the ntlm type-2 message */ + void *target_info; /* TargetInfo received in the NTLM type-2 message */ #endif }; #endif @@ -470,6 +465,7 @@ struct negotiatedata { gss_ctx_id_t context; gss_name_t spn; gss_buffer_desc output_token; + struct dynbuf channel_binding_data; #else #ifdef USE_WINDOWS_SSPI #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS @@ -511,9 +507,6 @@ struct ConnectBits { This is implicit when SSL-protocols are used through proxies, but can also be enabled explicitly by apps */ - BIT(proxy_connect_closed); /* TRUE if a proxy disconnected the connection - in a CONNECT request with auth, so that - libcurl should reconnect and continue. */ BIT(proxy); /* if set, this transfer is done through a proxy - any type */ #endif /* always modify bits.close with the connclose() and connkeep() macros! */ @@ -535,10 +528,10 @@ struct ConnectBits { re-attempted at another connection. */ #ifndef CURL_DISABLE_FTP BIT(ftp_use_epsv); /* As set with CURLOPT_FTP_USE_EPSV, but if we find out - EPSV doesn't work we disable it for the forthcoming + EPSV does not work we disable it for the forthcoming requests */ BIT(ftp_use_eprt); /* As set with CURLOPT_FTP_USE_EPRT, but if we find out - EPRT doesn't work we disable it for the forthcoming + EPRT does not work we disable it for the forthcoming requests */ BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */ BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */ @@ -548,6 +541,7 @@ struct ConnectBits { #endif BIT(bound); /* set true if bind() has already been done on this socket/ connection */ + BIT(asks_multiplex); /* connection asks for multiplexing, but is not yet */ BIT(multiplex); /* connection is multiplexed */ BIT(tcp_fastopen); /* use TCP Fast Open */ BIT(tls_enable_alpn); /* TLS ALPN extension? */ @@ -562,6 +556,10 @@ struct ConnectBits { accept() */ BIT(parallel_connect); /* set TRUE when a parallel connect attempt has started (happy eyeballs) */ + BIT(aborted); /* connection was aborted, e.g. in unclean state */ + BIT(shutdown_handler); /* connection shutdown: handler shut down */ + BIT(shutdown_filters); /* connection shutdown: filters shut down */ + BIT(in_cpool); /* connection is kept in a connection pool */ }; struct hostname { @@ -630,27 +628,6 @@ struct easy_pollset { unsigned char actions[MAX_SOCKSPEREASYHANDLE]; }; -enum doh_slots { - /* Explicit values for first two symbols so as to match hard-coded - * constants in existing code - */ - DOH_PROBE_SLOT_IPADDR_V4 = 0, /* make 'V4' stand out for readability */ - DOH_PROBE_SLOT_IPADDR_V6 = 1, /* 'V6' likewise */ - - /* Space here for (possibly build-specific) additional slot definitions */ -#ifdef USE_HTTPSRR - DOH_PROBE_SLOT_HTTPS = 2, /* for HTTPS RR */ -#endif - - /* for example */ - /* #ifdef WANT_DOH_FOOBAR_TXT */ - /* DOH_PROBE_SLOT_FOOBAR_TXT, */ - /* #endif */ - - /* AFTER all slot definitions, establish how many we have */ - DOH_PROBE_SLOTS -}; - /* * Specific protocol handler. */ @@ -676,7 +653,7 @@ struct Curl_handler { /* This function *MAY* be set to a protocol-dependent function that is run * after the connect() and everything is done, as a step in the connection. * The 'done' pointer points to a bool that should be set to TRUE if the - * function completes before return. If it doesn't complete, the caller + * function completes before return. If it does not complete, the caller * should call the ->connecting() function until it is. */ CURLcode (*connect_it)(struct Curl_easy *data, bool *done); @@ -707,7 +684,7 @@ struct Curl_handler { struct connectdata *conn, curl_socket_t *socks); /* This function *MAY* be set to a protocol-dependent function that is run - * by the curl_disconnect(), as a step in the disconnection. If the handler + * by the curl_disconnect(), as a step in the disconnection. If the handler * is called because the connection has been considered dead, * dead_connection is set to TRUE. The connection is (again) associated with * the transfer here. @@ -755,11 +732,11 @@ struct Curl_handler { the send function might need to be called while uploading, or vice versa. */ #define PROTOPT_DIRLOCK (1<<3) -#define PROTOPT_NONETWORK (1<<4) /* protocol doesn't use the network! */ +#define PROTOPT_NONETWORK (1<<4) /* protocol does not use the network! */ #define PROTOPT_NEEDSPWD (1<<5) /* needs a password, and if none is set it gets a default */ -#define PROTOPT_NOURLQUERY (1<<6) /* protocol can't handle - url query strings (?foo=bar) ! */ +#define PROTOPT_NOURLQUERY (1<<6) /* protocol cannot handle + URL query strings (?foo=bar) ! */ #define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per request instead of per connection */ #define PROTOPT_ALPN (1<<8) /* set ALPN for this */ @@ -770,9 +747,9 @@ struct Curl_handler { HTTP proxy as HTTP proxies may know this protocol and act as a gateway */ #define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */ -#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ascii) in - user name and password */ -#define PROTOPT_NOTCPPROXY (1<<14) /* this protocol can't proxy over TCP */ +#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ASCII) in + username and password */ +#define PROTOPT_NOTCPPROXY (1<<14) /* this protocol cannot proxy over TCP */ #define CONNCHECK_NONE 0 /* No checks */ #define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */ @@ -793,7 +770,7 @@ struct proxy_info { int port; unsigned char proxytype; /* curl_proxytype: what kind of proxy that is in use */ - char *user; /* proxy user name string, allocated */ + char *user; /* proxy username string, allocated */ char *passwd; /* proxy password string, allocated */ }; @@ -809,20 +786,22 @@ struct ldapconninfo; * unique for an entire connection. */ struct connectdata { - struct Curl_llist_element bundle_node; /* conncache */ + struct Curl_llist_node cpool_node; /* conncache lists */ curl_closesocket_callback fclosesocket; /* function closing the socket(s) */ void *closesocket_client; - /* This is used by the connection cache logic. If this returns TRUE, this + /* This is used by the connection pool logic. If this returns TRUE, this handle is still used by one or more easy handles and can only used by any other easy handle without careful consideration (== only for multiplexing) and it cannot be used by another multi handle! */ -#define CONN_INUSE(c) ((c)->easyq.size) +#define CONN_INUSE(c) Curl_llist_count(&(c)->easyq) /**** Fields set when inited and not modified again */ curl_off_t connection_id; /* Contains a unique number to make it easier to track the connections in the log output */ + char *destination; /* string carrying normalized hostname+port+scope */ + size_t destination_len; /* strlen(destination) + 1 */ /* 'dns_entry' is the particular host we use. This points to an entry in the DNS cache and it will not get pruned while locked. It gets unlocked in @@ -835,8 +814,8 @@ struct connectdata { const struct Curl_sockaddr_ex *remote_addr; struct hostname host; - char *hostname_resolve; /* host name to resolve to address, allocated */ - char *secondaryhostname; /* secondary socket host name (ftp) */ + char *hostname_resolve; /* hostname to resolve to address, allocated */ + char *secondaryhostname; /* secondary socket hostname (ftp) */ struct hostname conn_to_host; /* the host to connect to. valid only if bits.conn_to_host is set */ #ifndef CURL_DISABLE_PROXY @@ -844,25 +823,33 @@ struct connectdata { struct proxy_info http_proxy; #endif /* 'primary' and 'secondary' get filled with IP quadruple - (local/remote numerical ip address and port) whenever a is *attempted*. + (local/remote numerical ip address and port) whenever a connect is + *attempted*. When more than one address is tried for a connection these will hold data for the last attempt. When the connection is actually established these are updated with data which comes directly from the socket. */ struct ip_quadruple primary; struct ip_quadruple secondary; - char *user; /* user name string, allocated */ + char *user; /* username string, allocated */ char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ char *sasl_authzid; /* authorization identity string, allocated */ char *oauth_bearer; /* OAUTH2 bearer, allocated */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ - struct curltime lastused; /* when returned to the connection cache */ + struct curltime lastused; /* when returned to the connection poolas idle */ curl_socket_t sock[2]; /* two sockets, the second is used for the data transfer when doing FTP */ Curl_recv *recv[2]; Curl_send *send[2]; struct Curl_cfilter *cfilter[2]; /* connection filters */ + struct { + struct curltime start[2]; /* when filter shutdown started */ + unsigned int timeout_ms; /* 0 means no timeout */ + } shutdown; + /* Last pollset used in connection shutdown. Used to detect changes + * for multi_socket API. */ + struct easy_pollset shutdown_poll; struct ssl_primary_config ssl_config; #ifndef CURL_DISABLE_PROXY @@ -908,11 +895,6 @@ struct connectdata { CtxtHandle *sslContext; #endif -#if defined(_WIN32) && defined(USE_WINSOCK) - struct curltime last_sndbuf_update; /* last time readwrite_upload called - win_update_buffer_size */ -#endif - #ifdef USE_GSASL struct gsasldata gsasl; #endif @@ -975,7 +957,6 @@ struct connectdata { unsigned int unused:1; /* avoids empty union */ } proto; - struct connectbundle *bundle; /* The bundle we are member of */ #ifdef USE_UNIX_SOCKETS char *unix_domain_socket; #endif @@ -986,7 +967,7 @@ struct connectdata { /* When this connection is created, store the conditions for the local end bind. This is stored before the actual bind and before any connection is made and will serve the purpose of being used for comparison reasons so - that subsequent bound-requested connections aren't accidentally reusing + that subsequent bound-requested connections are not accidentally reusing wrong connections. */ char *localdev; unsigned short localportrange; @@ -1045,7 +1026,7 @@ struct PureInfo { unsigned long httpauthavail; /* what host auth types were announced */ long numconnects; /* how many new connection did libcurl created */ char *contenttype; /* the content type of the object */ - char *wouldredirect; /* URL this would've been redirected to if asked to */ + char *wouldredirect; /* URL this would have been redirected to if asked to */ curl_off_t retry_after; /* info from Retry-After: header */ unsigned int header_size; /* size of read header(s) in bytes */ @@ -1054,7 +1035,7 @@ struct PureInfo { even when the session handle is no longer associated with a connection, and also allow curl_easy_reset() to clear this information from the session handle without disturbing information which is still alive, and - that might be reused, in the connection cache. */ + that might be reused, in the connection pool. */ struct ip_quadruple primary; int conn_remote_port; /* this is the "remote port", which is the port number of the used URL, independent of proxy or @@ -1064,19 +1045,28 @@ struct PureInfo { struct curl_certinfo certs; /* info about the certs. Asked for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ CURLproxycode pxcode; - BIT(timecond); /* set to TRUE if the time condition didn't match, which + BIT(timecond); /* set to TRUE if the time condition did not match, which thus made the document NOT get fetched */ BIT(used_proxy); /* the transfer used a proxy */ }; +struct pgrs_measure { + struct curltime start; /* when measure started */ + curl_off_t start_size; /* the 'cur_size' the measure started at */ +}; + +struct pgrs_dir { + curl_off_t total_size; /* total expected bytes */ + curl_off_t cur_size; /* transferred bytes so far */ + curl_off_t speed; /* bytes per second transferred */ + struct pgrs_measure limit; +}; struct Progress { time_t lastshow; /* time() of the last displayed progress meter or NULL to force redraw at next call */ - curl_off_t size_dl; /* total expected size */ - curl_off_t size_ul; /* total expected size */ - curl_off_t downloaded; /* transferred so far */ - curl_off_t uploaded; /* transferred so far */ + struct pgrs_dir ul; + struct pgrs_dir dl; curl_off_t current_speed; /* uses the currently fastest transfer */ @@ -1085,14 +1075,12 @@ struct Progress { timediff_t timespent; - curl_off_t dlspeed; - curl_off_t ulspeed; - timediff_t t_postqueue; timediff_t t_nslookup; timediff_t t_connect; timediff_t t_appconnect; timediff_t t_pretransfer; + timediff_t t_posttransfer; timediff_t t_starttransfer; timediff_t t_redirect; @@ -1101,14 +1089,6 @@ struct Progress { struct curltime t_startop; struct curltime t_acceptdata; - - /* upload speed limit */ - struct curltime ul_limit_start; - curl_off_t ul_limit_size; - /* download speed limit */ - struct curltime dl_limit_start; - curl_off_t dl_limit_size; - #define CURR_TIME (5 + 1) /* 6 entries for 5 seconds */ curl_off_t speeder[ CURR_TIME ]; @@ -1205,7 +1185,7 @@ typedef enum { * One instance for each timeout an easy handle can set. */ struct time_node { - struct Curl_llist_element list; + struct Curl_llist_node list; struct curltime time; expire_id eid; }; @@ -1223,8 +1203,6 @@ struct urlpieces { }; struct UrlState { - /* Points to the connection cache */ - struct conncache *conn_cache; /* buffers to store authentication data in, as parsed from input options */ struct curltime keeps_speed; /* for the progress meter really */ @@ -1237,8 +1215,8 @@ struct UrlState { curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ - /* host name, port number and protocol of the first (not followed) request. - if set, this should be the host name that we will sent authorization to, + /* hostname, port number and protocol of the first (not followed) request. + if set, this should be the hostname that we will sent authorization to, no else. Used to make Location: following not keep sending user+password. This is strdup()ed data. */ char *first_host; @@ -1249,7 +1227,6 @@ struct UrlState { struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ int os_errno; /* filled in with errno whenever an error occurs */ - char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */ long followlocation; /* redirect counter */ int requests; /* request counter: redirects + authentication retakes */ #ifdef HAVE_SIGNAL @@ -1277,12 +1254,6 @@ struct UrlState { /* a place to store the most recently set (S)FTP entrypath */ char *most_recent_ftp_entrypath; -#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) -/* do FTP line-end conversions on most platforms */ -#define CURL_DO_LINEEND_CONV - /* for FTP downloads: how many CRLFs did we converted to LFs? */ - curl_off_t crlf_conversions; -#endif char *range; /* range, if used. See README for detailed specification on this syntax. */ curl_off_t resume_from; /* continue [ftp] transfer from here */ @@ -1375,9 +1346,6 @@ struct UrlState { unsigned char select_bits; /* != 0 -> bitmask of socket events for this transfer overriding anything the socket may report */ -#ifdef CURLDEBUG - BIT(conncache_lock); -#endif /* when curl_easy_perform() is called, the multi handle is "owned" by the easy handle so curl_easy_cleanup() on such an easy handle will also close the multi handle! */ @@ -1390,7 +1358,7 @@ struct UrlState { called. */ BIT(allow_port); /* Is set.use_port allowed to take effect or not. This is always set TRUE when curl_easy_perform() is called. */ - BIT(authproblem); /* TRUE if there's some problem authenticating */ + BIT(authproblem); /* TRUE if there is some problem authenticating */ /* set after initial USER failure, to prevent an authentication loop */ BIT(wildcardmatch); /* enable wildcard matching */ BIT(disableexpect); /* TRUE if Expect: is disabled due to a previous @@ -1428,12 +1396,12 @@ struct UrlState { struct Curl_multi; /* declared in multihandle.c */ enum dupstring { - STRING_CERT, /* client certificate file name */ + STRING_CERT, /* client certificate filename */ STRING_CERT_TYPE, /* format for certificate (default: PEM)*/ - STRING_KEY, /* private key file name */ + STRING_KEY, /* private key filename */ STRING_KEY_PASSWD, /* plain text private key password */ STRING_KEY_TYPE, /* format for private key (default: PEM) */ - STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */ + STRING_SSL_CAPATH, /* CA directory name (does not work on Windows) */ STRING_SSL_CAFILE, /* certificate file to verify peer against */ STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */ STRING_SSL_CIPHER_LIST, /* list of ciphers to use */ @@ -1442,12 +1410,12 @@ enum dupstring { STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */ STRING_SERVICE_NAME, /* Service name */ #ifndef CURL_DISABLE_PROXY - STRING_CERT_PROXY, /* client certificate file name */ + STRING_CERT_PROXY, /* client certificate filename */ STRING_CERT_TYPE_PROXY, /* format for certificate (default: PEM)*/ - STRING_KEY_PROXY, /* private key file name */ + STRING_KEY_PROXY, /* private key filename */ STRING_KEY_PASSWD_PROXY, /* plain text private key password */ STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */ - STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */ + STRING_SSL_CAPATH_PROXY, /* CA directory name (does not work on Windows) */ STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */ STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */ STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */ @@ -1461,8 +1429,10 @@ enum dupstring { STRING_COOKIEJAR, /* dump all cookies to this file */ #endif STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */ - STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL doesn't specify */ + STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL does not specify */ STRING_DEVICE, /* local network interface/address to use */ + STRING_INTERFACE, /* local network interface to use */ + STRING_BINDHOST, /* local address to use */ STRING_ENCODING, /* Accept-Encoding string */ #ifndef CURL_DISABLE_FTP STRING_FTP_ACCOUNT, /* ftp account data */ @@ -1502,9 +1472,9 @@ enum dupstring { #ifdef USE_SSH STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */ STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */ - STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */ + STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ASCII hex */ STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */ - STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */ + STRING_SSH_KNOWNHOSTS, /* filename of knownhosts file */ #endif #ifndef CURL_DISABLE_SMTP STRING_MAIL_FROM, @@ -1575,7 +1545,7 @@ enum dupblob { }; /* callback that gets called when this easy handle is completed within a multi - handle. Only used for internally created transfers, like for example + handle. Only used for internally created transfers, like for example DoH. */ typedef int (*multidone_func)(struct Curl_easy *easy, CURLcode result); @@ -1600,7 +1570,7 @@ struct UserDefined { #ifndef CURL_DISABLE_BINDLOCAL unsigned short localport; /* local port number to bind to */ unsigned short localportrange; /* number of additional port numbers to test - in case the 'localport' one can't be + in case the 'localport' one cannot be bind()ed */ #endif curl_write_callback fwrite_func; /* function that stores the output */ @@ -1633,9 +1603,10 @@ struct UserDefined { void *progress_client; /* pointer to pass to the progress callback */ void *ioctl_client; /* pointer to pass to the ioctl callback */ unsigned int timeout; /* ms, 0 means no timeout */ - unsigned int connecttimeout; /* ms, 0 means no timeout */ + unsigned int connecttimeout; /* ms, 0 means default timeout */ unsigned int happy_eyeballs_timeout; /* ms, 0 is a valid value */ unsigned int server_response_timeout; /* ms, 0 means no timeout */ + unsigned int shutdowntimeout; /* ms, 0 means default timeout */ long maxage_conn; /* in seconds, max idle time to allow a connection that is to be reused */ long maxlifetime_conn; /* in seconds, max time since creation to allow a @@ -1700,7 +1671,7 @@ struct UserDefined { struct curl_slist *postquote; /* after the transfer */ struct curl_slist *prequote; /* before the transfer, after type */ /* Despite the name, ftp_create_missing_dirs is for FTP(S) and SFTP - 1 - create directories that don't exist + 1 - create directories that do not exist 2 - the same but also allow MKD to fail once */ unsigned char ftp_create_missing_dirs; @@ -1747,6 +1718,7 @@ struct UserDefined { int tcp_keepidle; /* seconds in idle before sending keepalive probe */ int tcp_keepintvl; /* seconds between TCP keepalive probes */ + int tcp_keepcnt; /* maximum number of keepalive probes */ long expect_100_timeout; /* in milliseconds */ #if defined(USE_HTTP2) || defined(USE_HTTP3) @@ -1758,7 +1730,7 @@ struct UserDefined { long upkeep_interval_ms; /* Time between calls for connection upkeep. */ multidone_func fmultidone; #ifndef CURL_DISABLE_DOH - struct Curl_easy *dohfor; /* this is a DoH request for that transfer */ + curl_off_t dohfor_mid; /* this is a DoH request for that transfer */ #endif CURLU *uh; /* URL handle for the current parsed URL */ #ifndef CURL_DISABLE_HTTP @@ -1795,10 +1767,10 @@ struct UserDefined { /* Here follows boolean settings that define how to behave during this session. They are STATIC, set by libcurl users or at least initially - and they don't change during operations. */ + and they do not change during operations. */ BIT(quick_exit); /* set 1L when it is okay to leak things (like - threads), as we're about to exit() anyway and - don't want lengthy cleanups to delay termination, + threads), as we are about to exit() anyway and + do not want lengthy cleanups to delay termination, e.g. after a DNS timeout */ BIT(get_filetime); /* get the time and get of the remote file */ #ifndef CURL_DISABLE_PROXY @@ -1818,7 +1790,7 @@ struct UserDefined { us */ BIT(wildcard_enabled); /* enable wildcard matching */ #endif - BIT(hide_progress); /* don't use the progress meter */ + BIT(hide_progress); /* do not use the progress meter */ BIT(http_fail_on_error); /* fail on HTTP error codes >= 400 */ BIT(http_keep_sending_on_error); /* for HTTP status codes >= 300 */ BIT(http_follow_location); /* follow HTTP redirects */ @@ -1864,7 +1836,7 @@ struct UserDefined { #ifdef USE_UNIX_SOCKETS BIT(abstract_unix_socket); #endif - BIT(disallow_username_in_url); /* disallow username in url */ + BIT(disallow_username_in_url); /* disallow username in URL */ #ifndef CURL_DISABLE_DOH BIT(doh); /* DNS-over-HTTPS enabled */ BIT(doh_verifypeer); /* DoH certificate peer verification */ @@ -1909,22 +1881,23 @@ struct Curl_easy { /* First a simple identifier to easier detect if a user mix up this easy handle with a multi handle. Set this to CURLEASY_MAGIC_NUMBER */ unsigned int magic; - /* once an easy handle is tied to a connection cache + /* once an easy handle is tied to a connection pool a non-negative number to distinguish this transfer from - other using the same cache. For easier tracking + other using the same pool. For easier tracking in log output. This may wrap around after LONG_MAX to 0 again, so it - has no uniqueness guarantee for very large processings. */ + has no uniqueness guarantee for very large processings. + Note: it has no uniqueness either IFF more than one connection pool + is used by the libcurl application. */ curl_off_t id; - - /* first, two fields for the linked list of these */ - struct Curl_easy *next; - struct Curl_easy *prev; + /* once an easy handle is added to a multi, either explicitly by the + * libcurl application or implicitly during `curl_easy_perform()`, + * a unique identifier inside this one multi instance. */ + curl_off_t mid; struct connectdata *conn; - struct Curl_llist_element connect_queue; /* for the pending and msgsent - lists */ - struct Curl_llist_element conn_queue; /* list per connectdata */ + struct Curl_llist_node multi_queue; /* for multihandle list management */ + struct Curl_llist_node conn_queue; /* list per connectdata */ CURLMstate mstate; /* the handle's state */ CURLcode result; /* previous result */ diff --git a/vendor/hydra/vendor/curl/lib/vauth/cleartext.c b/vendor/hydra/vendor/curl/lib/vauth/cleartext.c index 29389c2c..cf8108ac 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/cleartext.c +++ b/vendor/hydra/vendor/curl/lib/vauth/cleartext.c @@ -100,11 +100,11 @@ CURLcode Curl_auth_create_plain_message(const char *authzid, * Curl_auth_create_login_message() * * This is used to generate an already encoded LOGIN message containing the - * user name or password ready for sending to the recipient. + * username or password ready for sending to the recipient. * * Parameters: * - * valuep [in] - The user name or user's password. + * valuep [in] - The username or user's password. * out [out] - The result storage. * * Returns void. @@ -118,11 +118,11 @@ void Curl_auth_create_login_message(const char *valuep, struct bufref *out) * Curl_auth_create_external_message() * * This is used to generate an already encoded EXTERNAL message containing - * the user name ready for sending to the recipient. + * the username ready for sending to the recipient. * * Parameters: * - * user [in] - The user name. + * user [in] - The username. * out [out] - The result storage. * * Returns void. diff --git a/vendor/hydra/vendor/curl/lib/vauth/cram.c b/vendor/hydra/vendor/curl/lib/vauth/cram.c index 91fb261c..f8bdd545 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/cram.c +++ b/vendor/hydra/vendor/curl/lib/vauth/cram.c @@ -51,7 +51,7 @@ * Parameters: * * chlg [in] - The challenge. - * userp [in] - The user name. + * userp [in] - The username. * passwdp [in] - The user's password. * out [out] - The result storage. * diff --git a/vendor/hydra/vendor/curl/lib/vauth/digest.c b/vendor/hydra/vendor/curl/lib/vauth/digest.c index a742cce2..4fc5b1c2 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/digest.c +++ b/vendor/hydra/vendor/curl/lib/vauth/digest.c @@ -103,7 +103,7 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, case ',': if(!starts_with_quote) { - /* This signals the end of the content if we didn't get a starting + /* This signals the end of the content if we did not get a starting quote and then we do "sloppy" parsing */ c = 0; /* the end */ continue; @@ -142,7 +142,7 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, } #if !defined(USE_WINDOWS_SSPI) -/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string */ +/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ unsigned char *dest) /* 33 bytes */ { @@ -151,7 +151,7 @@ static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */ msnprintf((char *) &dest[i * 2], 3, "%02x", source[i]); } -/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ascii string */ +/* Convert sha256 or SHA-512/256 chunk to RFC7616 -suitable ASCII string */ static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */ unsigned char *dest) /* 65 bytes */ { @@ -326,7 +326,7 @@ bool Curl_auth_is_digest_supported(void) * * data [in] - The session handle. * chlg [in] - The challenge message. - * userp [in] - The user name. + * userp [in] - The username. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. * out [out] - The result storage. @@ -629,7 +629,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, } } else - break; /* We're done here */ + break; /* We are done here */ /* Pass all additional spaces here */ while(*chlg && ISBLANK(*chlg)) @@ -646,7 +646,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, if(before && !digest->stale) return CURLE_BAD_CONTENT_ENCODING; - /* We got this header without a nonce, that's a bad Digest line! */ + /* We got this header without a nonce, that is a bad Digest line! */ if(!digest->nonce) return CURLE_BAD_CONTENT_ENCODING; @@ -666,7 +666,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, * Parameters: * * data [in] - The session handle. - * userp [in] - The user name. + * userp [in] - The username. * passwdp [in] - The user's password. * request [in] - The HTTP request. * uripath [in] - The path of the HTTP uri. @@ -788,7 +788,7 @@ static CURLcode auth_create_digest_http_message( return CURLE_OUT_OF_MEMORY; if(digest->qop && strcasecompare(digest->qop, "auth-int")) { - /* We don't support auth-int for PUT or POST */ + /* We do not support auth-int for PUT or POST */ char hashed[65]; char *hashthis2; @@ -835,12 +835,12 @@ static CURLcode auth_create_digest_http_message( Authorization: Digest username="testuser", realm="testrealm", \ nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca" - Digest parameters are all quoted strings. Username which is provided by + Digest parameters are all quoted strings. Username which is provided by the user will need double quotes and backslashes within it escaped. realm, nonce, and opaque will need backslashes as well as they were - de-escaped when copied from request header. cnonce is generated with - web-safe characters. uri is already percent encoded. nc is 8 hex - characters. algorithm and qop with standard values only contain web-safe + de-escaped when copied from request header. cnonce is generated with + web-safe characters. uri is already percent encoded. nc is 8 hex + characters. algorithm and qop with standard values only contain web-safe characters. */ userp_quoted = auth_digest_string_quoted(digest->userhash ? userh : userp); @@ -957,7 +957,7 @@ static CURLcode auth_create_digest_http_message( * Parameters: * * data [in] - The session handle. - * userp [in] - The user name. + * userp [in] - The username. * passwdp [in] - The user's password. * request [in] - The HTTP request. * uripath [in] - The path of the HTTP uri. diff --git a/vendor/hydra/vendor/curl/lib/vauth/digest_sspi.c b/vendor/hydra/vendor/curl/lib/vauth/digest_sspi.c index 4696f29a..39a0c306 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/digest_sspi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/digest_sspi.c @@ -60,12 +60,13 @@ bool Curl_auth_is_digest_supported(void) SECURITY_STATUS status; /* Query the security package for Digest */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } return (status == SEC_E_OK ? TRUE : FALSE); @@ -81,7 +82,7 @@ bool Curl_auth_is_digest_supported(void) * * data [in] - The session handle. * chlg [in] - The challenge message. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. * out [out] - The result storage. @@ -119,17 +120,18 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, } /* Query the security package for DigestSSP */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); if(status != SEC_E_OK) { - failf(data, "SSPI: couldn't get auth info"); + failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; } token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our response buffer */ output_token = malloc(token_max); @@ -160,7 +162,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, p_identity = NULL; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_DIGEST), SECPKG_CRED_OUTBOUND, NULL, p_identity, NULL, NULL, @@ -190,20 +192,20 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(token_max); /* Generate our response message */ - status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, + status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, 0, 0, 0, &chlg_desc, 0, &context, &resp_desc, &attrs, &expiry); if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); + Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc); else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { #if !defined(CURL_DISABLE_VERBOSE_STRINGS) char buffer[STRERROR_LEN]; #endif - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(spn); free(output_token); @@ -223,8 +225,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, Curl_bufref_set(out, output_token, resp_buf.cbBuffer, curl_free); /* Free our handles */ - s_pSecFn->DeleteSecurityContext(&context); - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->DeleteSecurityContext(&context); + Curl_pSecFn->FreeCredentialsHandle(&credentials); /* Free the identity structure */ Curl_sspi_free_identity(p_identity); @@ -291,7 +293,7 @@ CURLcode Curl_override_sspi_http_realm(const char *chlg, } } else - break; /* We're done here */ + break; /* We are done here */ /* Pass all additional spaces here */ while(*chlg && ISBLANK(*chlg)) @@ -324,8 +326,8 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, { size_t chlglen = strlen(chlg); - /* We had an input token before so if there's another one now that means we - provided bad credentials in the previous request or it's stale. */ + /* We had an input token before so if there is another one now that means we + provided bad credentials in the previous request or it is stale. */ if(digest->input_token) { bool stale = false; const char *p = chlg; @@ -379,7 +381,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * request [in] - The HTTP request. * uripath [in] - The path of the HTTP uri. @@ -410,17 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, (void) data; /* Query the security package for DigestSSP */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), - &SecurityPackage); + status = + Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST), + &SecurityPackage); if(status != SEC_E_OK) { - failf(data, "SSPI: couldn't get auth info"); + failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; } token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate the output buffer according to the max token size as indicated by the security package */ @@ -436,7 +439,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, (userp && digest->user && Curl_timestrcmp(userp, digest->user)) || (passwdp && digest->passwd && Curl_timestrcmp(passwdp, digest->passwd))) { if(digest->http_context) { - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } Curl_safefree(digest->user); @@ -463,13 +466,14 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, chlg_buf[4].pvBuffer = output_token; chlg_buf[4].cbBuffer = curlx_uztoul(token_max); - status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0); + status = Curl_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, + 0); if(status == SEC_E_OK) output_token_len = chlg_buf[4].cbBuffer; else { /* delete the context so a new one can be made */ infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx", (long)status); - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } } @@ -529,7 +533,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, } /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_DIGEST), SECPKG_CRED_OUTBOUND, NULL, p_identity, NULL, NULL, @@ -565,7 +569,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, spn = curlx_convert_UTF8_to_tchar((char *) uripath); if(!spn) { - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(output_token); @@ -579,7 +583,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Generate our response message */ - status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, + status = Curl_pSecFn->InitializeSecurityContext(&credentials, NULL, spn, ISC_REQ_USE_HTTP_STYLE, 0, 0, &chlg_desc, 0, @@ -589,13 +593,13 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); + Curl_pSecFn->CompleteAuthToken(&credentials, &resp_desc); else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { #if !defined(CURL_DISABLE_VERBOSE_STRINGS) char buffer[STRERROR_LEN]; #endif - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); free(output_token); @@ -615,7 +619,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, output_token_len = resp_buf.cbBuffer; - s_pSecFn->FreeCredentialsHandle(&credentials); + Curl_pSecFn->FreeCredentialsHandle(&credentials); Curl_sspi_free_identity(p_identity); } @@ -660,7 +664,7 @@ void Curl_auth_digest_cleanup(struct digestdata *digest) /* Delete security context */ if(digest->http_context) { - s_pSecFn->DeleteSecurityContext(digest->http_context); + Curl_pSecFn->DeleteSecurityContext(digest->http_context); Curl_safefree(digest->http_context); } diff --git a/vendor/hydra/vendor/curl/lib/vauth/krb5_gssapi.c b/vendor/hydra/vendor/curl/lib/vauth/krb5_gssapi.c index 16b6e403..748cdf93 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/krb5_gssapi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/krb5_gssapi.c @@ -65,10 +65,10 @@ bool Curl_auth_is_gssapi_supported(void) * Parameters: * * data [in] - The session handle. - * userp [in] - The user name. + * userp [in] - The username. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in[ - The host name. + * host [in[ - The hostname. * mutual_auth [in] - Flag specifying whether or not mutual authentication * is enabled. * chlg [in] - Optional challenge message. @@ -243,7 +243,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Process the maximum message size the server can receive */ if(max_size > 0) { /* The server has told us it supports a maximum receive buffer, however, as - we don't require one unless we are encrypting data, we tell the server + we do not require one unless we are encrypting data, we tell the server our receive buffer is zero. */ max_size = 0; } diff --git a/vendor/hydra/vendor/curl/lib/vauth/krb5_sspi.c b/vendor/hydra/vendor/curl/lib/vauth/krb5_sspi.c index 17a517a9..b168a27a 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/krb5_sspi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/krb5_sspi.c @@ -55,13 +55,13 @@ bool Curl_auth_is_gssapi_supported(void) SECURITY_STATUS status; /* Query the security package for Kerberos */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_KERBEROS), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } return (status == SEC_E_OK ? TRUE : FALSE); @@ -76,10 +76,10 @@ bool Curl_auth_is_gssapi_supported(void) * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * mutual_auth [in] - Flag specifying whether or not mutual authentication * is enabled. * chlg [in] - Optional challenge message. @@ -118,18 +118,18 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, if(!krb5->output_token) { /* Query the security package for Kerberos */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_KERBEROS), &SecurityPackage); if(status != SEC_E_OK) { - failf(data, "SSPI: couldn't get auth info"); + failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; } krb5->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our response buffer */ krb5->output_token = malloc(krb5->token_max); @@ -158,7 +158,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_KERBEROS), SECPKG_CRED_OUTBOUND, NULL, @@ -197,7 +197,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(krb5->token_max); /* Generate our challenge-response message */ - status = s_pSecFn->InitializeSecurityContext(krb5->credentials, + status = Curl_pSecFn->InitializeSecurityContext(krb5->credentials, chlg ? krb5->context : NULL, krb5->spn, (mutual_auth ? @@ -215,7 +215,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, return CURLE_AUTH_ERROR; if(memcmp(&context, krb5->context, sizeof(context))) { - s_pSecFn->DeleteSecurityContext(krb5->context); + Curl_pSecFn->DeleteSecurityContext(krb5->context); memcpy(krb5->context, &context, sizeof(context)); } @@ -282,7 +282,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, } /* Get our response size information */ - status = s_pSecFn->QueryContextAttributes(krb5->context, + status = Curl_pSecFn->QueryContextAttributes(krb5->context, SECPKG_ATTR_SIZES, &sizes); @@ -304,7 +304,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, input_buf[1].cbBuffer = 0; /* Decrypt the inbound challenge and obtain the qop */ - status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop); + status = Curl_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop); if(status != SEC_E_OK) { infof(data, "GSSAPI handshake failure (empty security message)"); return CURLE_BAD_CONTENT_ENCODING; @@ -323,7 +323,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, ((unsigned long)indata[2] << 8) | indata[3]; /* Free the challenge as it is not required anymore */ - s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); + Curl_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); /* Process the security layer */ if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) { @@ -335,7 +335,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Process the maximum message size the server can receive */ if(max_size > 0) { /* The server has told us it supports a maximum receive buffer, however, as - we don't require one unless we are encrypting data, we tell the server + we do not require one unless we are encrypting data, we tell the server our receive buffer is zero. */ max_size = 0; } @@ -392,7 +392,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, wrap_buf[2].cbBuffer = sizes.cbBlockSize; /* Encrypt the data */ - status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT, + status = Curl_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT, &wrap_desc, 0); if(status != SEC_E_OK) { free(padding); @@ -448,14 +448,14 @@ void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5) { /* Free our security context */ if(krb5->context) { - s_pSecFn->DeleteSecurityContext(krb5->context); + Curl_pSecFn->DeleteSecurityContext(krb5->context); free(krb5->context); krb5->context = NULL; } /* Free our credentials handle */ if(krb5->credentials) { - s_pSecFn->FreeCredentialsHandle(krb5->credentials); + Curl_pSecFn->FreeCredentialsHandle(krb5->credentials); free(krb5->credentials); krb5->credentials = NULL; } diff --git a/vendor/hydra/vendor/curl/lib/vauth/ntlm.c b/vendor/hydra/vendor/curl/lib/vauth/ntlm.c index 018e6a67..0050b413 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/ntlm.c +++ b/vendor/hydra/vendor/curl/lib/vauth/ntlm.c @@ -59,10 +59,6 @@ /* "NTLMSSP" signature is always in ASCII regardless of the platform */ #define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" -/* The fixed host name we provide, in order to not leak our real local host - name. Copy the name used by Firefox. */ -#define NTLM_HOSTNAME "WORKSTATION" - #if DEBUG_ME # define DEBUG_OUT(x) x static void ntlm_print_flags(FILE *handle, unsigned long flags) @@ -325,10 +321,10 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length) * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * ntlm [in/out] - The NTLM data struct being used and modified. * out [out] - The result storage. * @@ -384,9 +380,9 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, "%c%c" /* 2 zeroes */ "%c%c" /* host length */ "%c%c" /* host allocated space */ - "%c%c" /* host name offset */ + "%c%c" /* hostname offset */ "%c%c" /* 2 zeroes */ - "%s" /* host name */ + "%s" /* hostname */ "%s", /* domain string */ 0, /* trailing zero */ 0, 0, 0, /* part of type-1 long */ @@ -448,7 +444,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * ntlm [in/out] - The NTLM data struct being used and modified. * out [out] - The result storage. @@ -470,7 +466,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, 12 LM/LMv2 Response security buffer 20 NTLM/NTLMv2 Response security buffer 28 Target Name security buffer - 36 User Name security buffer + 36 username security buffer 44 Workstation Name security buffer (52) Session Key security buffer (*) (60) Flags long (*) @@ -482,15 +478,17 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, CURLcode result = CURLE_OK; size_t size; unsigned char ntlmbuf[NTLM_BUFSIZE]; - int lmrespoff; + unsigned int lmrespoff; unsigned char lmresp[24]; /* fixed-size */ - int ntrespoff; + unsigned int ntrespoff; unsigned int ntresplen = 24; unsigned char ntresp[24]; /* fixed-size */ unsigned char *ptr_ntresp = &ntresp[0]; unsigned char *ntlmv2resp = NULL; bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE; - char host[HOSTNAME_MAX + 1] = ""; + /* The fixed hostname we provide, in order to not leak our real local host + name. Copy the name used by Firefox. */ + static const char host[] = "WORKSTATION"; const char *user; const char *domain = ""; size_t hostoff = 0; @@ -515,21 +513,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, user = userp; userlen = strlen(user); - -#ifndef NTLM_HOSTNAME - /* Get the machine's un-qualified host name as NTLM doesn't like the fully - qualified domain name */ - if(Curl_gethostname(host, sizeof(host))) { - infof(data, "gethostname() failed, continuing without"); - hostlen = 0; - } - else { - hostlen = strlen(host); - } -#else - (void)msnprintf(host, sizeof(host), "%s", NTLM_HOSTNAME); - hostlen = sizeof(NTLM_HOSTNAME)-1; -#endif + hostlen = sizeof(host) - 1; if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { unsigned char ntbuffer[0x18]; @@ -585,7 +569,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, return result; Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp); - ntlm->flags &= ~NTLMFLAG_NEGOTIATE_NTLM2_KEY; + ntlm->flags &= ~(unsigned int)NTLMFLAG_NEGOTIATE_NTLM2_KEY; /* A safer but less compatible alternative is: * Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp); @@ -722,7 +706,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, /* Make sure that the domain, user and host strings fit in the buffer before we copy them there. */ if(size + userlen + domlen + hostlen >= NTLM_BUFSIZE) { - failf(data, "user + domain + host name too big"); + failf(data, "user + domain + hostname too big"); return CURLE_OUT_OF_MEMORY; } diff --git a/vendor/hydra/vendor/curl/lib/vauth/ntlm_sspi.c b/vendor/hydra/vendor/curl/lib/vauth/ntlm_sspi.c index 92054316..55ec8201 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/ntlm_sspi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/ntlm_sspi.c @@ -55,12 +55,12 @@ bool Curl_auth_is_ntlm_supported(void) SECURITY_STATUS status; /* Query the security package for NTLM */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } return (status == SEC_E_OK ? TRUE : FALSE); @@ -75,10 +75,10 @@ bool Curl_auth_is_ntlm_supported(void) * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * ntlm [in/out] - The NTLM data struct being used and modified. * out [out] - The result storage. * @@ -103,17 +103,17 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, Curl_auth_cleanup_ntlm(ntlm); /* Query the security package for NTLM */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM), &SecurityPackage); if(status != SEC_E_OK) { - failf(data, "SSPI: couldn't get auth info"); + failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; } ntlm->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our output buffer */ ntlm->output_token = malloc(ntlm->token_max); @@ -141,7 +141,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Acquire our credentials handle */ - status = s_pSecFn->AcquireCredentialsHandle(NULL, + status = Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *) TEXT(SP_NAME_NTLM), SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity, NULL, NULL, @@ -167,7 +167,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max); /* Generate our type-1 message */ - status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL, + status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL, ntlm->spn, 0, 0, SECURITY_NETWORK_DREP, NULL, 0, @@ -175,7 +175,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, &attrs, &expiry); if(status == SEC_I_COMPLETE_NEEDED || status == SEC_I_COMPLETE_AND_CONTINUE) - s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); + Curl_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc); else if(status == SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) @@ -233,7 +233,7 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * ntlm [in/out] - The NTLM data struct being used and modified. * out [out] - The result storage. @@ -282,7 +282,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; pkgBindings.Bindings = &channelBindings; - status = s_pSecFn->QueryContextAttributes( + status = Curl_pSecFn->QueryContextAttributes( ntlm->sslContext, SECPKG_ATTR_ENDPOINT_BINDINGS, &pkgBindings @@ -305,7 +305,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max); /* Generate our type-3 message */ - status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, + status = Curl_pSecFn->InitializeSecurityContext(ntlm->credentials, ntlm->context, ntlm->spn, 0, 0, SECURITY_NETWORK_DREP, @@ -343,14 +343,14 @@ void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm) { /* Free our security context */ if(ntlm->context) { - s_pSecFn->DeleteSecurityContext(ntlm->context); + Curl_pSecFn->DeleteSecurityContext(ntlm->context); free(ntlm->context); ntlm->context = NULL; } /* Free our credentials handle */ if(ntlm->credentials) { - s_pSecFn->FreeCredentialsHandle(ntlm->credentials); + Curl_pSecFn->FreeCredentialsHandle(ntlm->credentials); free(ntlm->credentials); ntlm->credentials = NULL; } diff --git a/vendor/hydra/vendor/curl/lib/vauth/oauth2.c b/vendor/hydra/vendor/curl/lib/vauth/oauth2.c index a4adbdcf..dc94afa3 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/oauth2.c +++ b/vendor/hydra/vendor/curl/lib/vauth/oauth2.c @@ -49,8 +49,8 @@ * * Parameters: * - * user[in] - The user name. - * host[in] - The host name. + * user[in] - The username. + * host[in] - The hostname. * port[in] - The port(when not Port 80). * bearer[in] - The bearer token. * out[out] - The result storage. @@ -87,7 +87,7 @@ CURLcode Curl_auth_create_oauth_bearer_message(const char *user, * * Parameters: * - * user[in] - The user name. + * user[in] - The username. * bearer[in] - The bearer token. * out[out] - The result storage. * diff --git a/vendor/hydra/vendor/curl/lib/vauth/spnego_gssapi.c b/vendor/hydra/vendor/curl/lib/vauth/spnego_gssapi.c index e1d52b75..f48d9b70 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/spnego_gssapi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/spnego_gssapi.c @@ -65,10 +65,10 @@ bool Curl_auth_is_spnego_supported(void) * Parameters: * * data [in] - The session handle. - * userp [in] - The user name in the format User or Domain\User. + * userp [in] - The username in the format User or Domain\User. * passwdp [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * chlg64 [in] - The optional base64 encoded challenge message. * nego [in/out] - The Negotiate data struct being used and modified. * @@ -91,14 +91,16 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; + gss_channel_bindings_t chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; + struct gss_channel_bindings_struct chan; (void) user; (void) password; if(nego->context && nego->status == GSS_S_COMPLETE) { /* We finished successfully our part of authentication, but server - * rejected it (since we're again here). Exit with an error since we - * can't invent anything better */ + * rejected it (since we are again here). Exit with an error since we + * cannot invent anything better */ Curl_auth_cleanup_spnego(nego); return CURLE_LOGIN_DENIED; } @@ -148,13 +150,21 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, input_token.length = chlglen; } + /* Set channel binding data if available */ + if(nego->channel_binding_data.leng > 0) { + memset(&chan, 0, sizeof(struct gss_channel_bindings_struct)); + chan.application_data.length = nego->channel_binding_data.leng; + chan.application_data.value = nego->channel_binding_data.bufr; + chan_bindings = &chan; + } + /* Generate our challenge-response message */ major_status = Curl_gss_init_sec_context(data, &minor_status, &nego->context, nego->spn, &Curl_spnego_mech_oid, - GSS_C_NO_CHANNEL_BINDINGS, + chan_bindings, &input_token, &output_token, TRUE, diff --git a/vendor/hydra/vendor/curl/lib/vauth/spnego_sspi.c b/vendor/hydra/vendor/curl/lib/vauth/spnego_sspi.c index d3245d0b..38b26ab9 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/spnego_sspi.c +++ b/vendor/hydra/vendor/curl/lib/vauth/spnego_sspi.c @@ -57,13 +57,13 @@ bool Curl_auth_is_spnego_supported(void) SECURITY_STATUS status; /* Query the security package for Negotiate */ - status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) + status = Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NEGOTIATE), &SecurityPackage); /* Release the package buffer as it is not required anymore */ if(status == SEC_E_OK) { - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); } @@ -79,10 +79,10 @@ bool Curl_auth_is_spnego_supported(void) * Parameters: * * data [in] - The session handle. - * user [in] - The user name in the format User or Domain\User. + * user [in] - The username in the format User or Domain\User. * password [in] - The user's password. * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * chlg64 [in] - The optional base64 encoded challenge message. * nego [in/out] - The Negotiate data struct being used and modified. * @@ -113,8 +113,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(nego->context && nego->status == SEC_E_OK) { /* We finished successfully our part of authentication, but server - * rejected it (since we're again here). Exit with an error since we - * can't invent anything better */ + * rejected it (since we are again here). Exit with an error since we + * cannot invent anything better */ Curl_auth_cleanup_spnego(nego); return CURLE_LOGIN_DENIED; } @@ -128,18 +128,18 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(!nego->output_token) { /* Query the security package for Negotiate */ - nego->status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) - TEXT(SP_NAME_NEGOTIATE), - &SecurityPackage); + nego->status = (DWORD)Curl_pSecFn->QuerySecurityPackageInfo((TCHAR *) + TEXT(SP_NAME_NEGOTIATE), + &SecurityPackage); if(nego->status != SEC_E_OK) { - failf(data, "SSPI: couldn't get auth info"); + failf(data, "SSPI: could not get auth info"); return CURLE_AUTH_ERROR; } nego->token_max = SecurityPackage->cbMaxToken; /* Release the package buffer as it is not required anymore */ - s_pSecFn->FreeContextBuffer(SecurityPackage); + Curl_pSecFn->FreeContextBuffer(SecurityPackage); /* Allocate our output buffer */ nego->output_token = malloc(nego->token_max); @@ -168,8 +168,8 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; /* Acquire our credentials handle */ - nego->status = - s_pSecFn->AcquireCredentialsHandle(NULL, + nego->status = (DWORD) + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)TEXT(SP_NAME_NEGOTIATE), SECPKG_CRED_OUTBOUND, NULL, nego->p_identity, NULL, NULL, @@ -218,7 +218,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, SEC_CHANNEL_BINDINGS channelBindings; SecPkgContext_Bindings pkgBindings; pkgBindings.Bindings = &channelBindings; - nego->status = s_pSecFn->QueryContextAttributes( + nego->status = (DWORD)Curl_pSecFn->QueryContextAttributes( nego->sslContext, SECPKG_ATTR_ENDPOINT_BINDINGS, &pkgBindings @@ -242,16 +242,16 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, resp_buf.cbBuffer = curlx_uztoul(nego->token_max); /* Generate our challenge-response message */ - nego->status = s_pSecFn->InitializeSecurityContext(nego->credentials, - chlg ? nego->context : - NULL, - nego->spn, - ISC_REQ_CONFIDENTIALITY, - 0, SECURITY_NATIVE_DREP, - chlg ? &chlg_desc : NULL, - 0, nego->context, - &resp_desc, &attrs, - &expiry); + nego->status = + (DWORD)Curl_pSecFn->InitializeSecurityContext(nego->credentials, + chlg ? nego->context : NULL, + nego->spn, + ISC_REQ_CONFIDENTIALITY, + 0, SECURITY_NATIVE_DREP, + chlg ? &chlg_desc : NULL, + 0, nego->context, + &resp_desc, &attrs, + &expiry); /* Free the decoded challenge as it is not required anymore */ free(chlg); @@ -259,7 +259,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(GSS_ERROR(nego->status)) { char buffer[STRERROR_LEN]; failf(data, "InitializeSecurityContext failed: %s", - Curl_sspi_strerror(nego->status, buffer, sizeof(buffer))); + Curl_sspi_strerror((int)nego->status, buffer, sizeof(buffer))); if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; @@ -269,11 +269,12 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, if(nego->status == SEC_I_COMPLETE_NEEDED || nego->status == SEC_I_COMPLETE_AND_CONTINUE) { - nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc); + nego->status = (DWORD)Curl_pSecFn->CompleteAuthToken(nego->context, + &resp_desc); if(GSS_ERROR(nego->status)) { char buffer[STRERROR_LEN]; failf(data, "CompleteAuthToken failed: %s", - Curl_sspi_strerror(nego->status, buffer, sizeof(buffer))); + Curl_sspi_strerror((int)nego->status, buffer, sizeof(buffer))); if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; @@ -332,14 +333,14 @@ void Curl_auth_cleanup_spnego(struct negotiatedata *nego) { /* Free our security context */ if(nego->context) { - s_pSecFn->DeleteSecurityContext(nego->context); + Curl_pSecFn->DeleteSecurityContext(nego->context); free(nego->context); nego->context = NULL; } /* Free our credentials handle */ if(nego->credentials) { - s_pSecFn->FreeCredentialsHandle(nego->credentials); + Curl_pSecFn->FreeCredentialsHandle(nego->credentials); free(nego->credentials); nego->credentials = NULL; } diff --git a/vendor/hydra/vendor/curl/lib/vauth/vauth.c b/vendor/hydra/vendor/curl/lib/vauth/vauth.c index 62fc7c40..ace43c47 100644 --- a/vendor/hydra/vendor/curl/lib/vauth/vauth.c +++ b/vendor/hydra/vendor/curl/lib/vauth/vauth.c @@ -48,7 +48,7 @@ * Parameters: * * service [in] - The service type such as http, smtp, pop or imap. - * host [in] - The host name. + * host [in] - The hostname. * realm [in] - The realm. * * Returns a pointer to the newly allocated SPN. @@ -93,7 +93,7 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host, return NULL; /* Allocate and return a TCHAR based SPN. Since curlx_convert_UTF8_to_tchar - must be freed by curlx_unicodefree we'll dupe the result so that the + must be freed by curlx_unicodefree we will dupe the result so that the pointer this function returns can be normally free'd. */ tchar_spn = curlx_convert_UTF8_to_tchar(utf8_spn); free(utf8_spn); @@ -115,14 +115,14 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host, * Domain/User (curl Down-level format - for compatibility with existing code) * User@Domain (User Principal Name) * - * Note: The user name may be empty when using a GSS-API library or Windows + * Note: The username may be empty when using a GSS-API library or Windows * SSPI as the user and domain are either obtained from the credentials cache * when using GSS-API or via the currently logged in user's credentials when * using Windows SSPI. * * Parameters: * - * user [in] - The user name. + * user [in] - The username. * * Returns TRUE on success; otherwise FALSE. */ diff --git a/vendor/hydra/vendor/curl/lib/version.c b/vendor/hydra/vendor/curl/lib/version.c index a5c8c4e6..4f6d23dc 100644 --- a/vendor/hydra/vendor/curl/lib/version.c +++ b/vendor/hydra/vendor/curl/lib/version.c @@ -258,10 +258,11 @@ char *curl_version(void) api.ldapai_info_version = LDAP_API_INFO_VERSION; if(ldap_get_option(NULL, LDAP_OPT_API_INFO, &api) == LDAP_OPT_SUCCESS) { - unsigned int patch = api.ldapai_vendor_version % 100; - unsigned int major = api.ldapai_vendor_version / 10000; + unsigned int patch = (unsigned int)(api.ldapai_vendor_version % 100); + unsigned int major = (unsigned int)(api.ldapai_vendor_version / 10000); unsigned int minor = - ((api.ldapai_vendor_version - major * 10000) - patch) / 100; + (((unsigned int)api.ldapai_vendor_version - major * 10000) + - patch) / 100; msnprintf(ldap_buf, sizeof(ldap_buf), "%s/%u.%u.%u", api.ldapai_vendor_name, major, minor, patch); src[i++] = ldap_buf; @@ -394,7 +395,7 @@ static const char * const supported_protocols[] = { }; /* - * Feature presence run-time check functions. + * Feature presence runtime check functions. * * Warning: the value returned by these should not change between * curl_global_init() and curl_global_cleanup() calls. @@ -540,7 +541,7 @@ static curl_version_info_data version_info = { LIBCURL_VERSION, LIBCURL_VERSION_NUM, OS, /* as found by configure or set by hand at build-time */ - 0, /* features bitmask is built at run-time */ + 0, /* features bitmask is built at runtime */ NULL, /* ssl_version */ 0, /* ssl_version_num, this is kept at zero */ NULL, /* zlib_version */ @@ -580,7 +581,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) int features = 0; #if defined(USE_SSH) - static char ssh_buffer[80]; + static char ssh_buf[80]; /* 'ssh_buffer' clashes with libssh/libssh.h */ #endif #ifdef USE_SSL #ifdef CURL_WITH_MULTI_SSL @@ -596,7 +597,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) static char zstd_buffer[80]; #endif - (void)stamp; /* avoid compiler warnings, we don't use this */ + (void)stamp; /* avoid compiler warnings, we do not use this */ #ifdef USE_SSL Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer)); @@ -621,8 +622,8 @@ curl_version_info_data *curl_version_info(CURLversion stamp) #endif #if defined(USE_SSH) - Curl_ssh_version(ssh_buffer, sizeof(ssh_buffer)); - version_info.libssh_version = ssh_buffer; + Curl_ssh_version(ssh_buf, sizeof(ssh_buf)); + version_info.libssh_version = ssh_buf; #endif #ifdef HAVE_BROTLI @@ -640,7 +641,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) #ifdef USE_NGHTTP2 { nghttp2_info *h2 = nghttp2_version(0); - version_info.nghttp2_ver_num = h2->version_num; + version_info.nghttp2_ver_num = (unsigned int)h2->version_num; version_info.nghttp2_version = h2->version_str; } #endif diff --git a/vendor/hydra/vendor/curl/lib/version_win32.c b/vendor/hydra/vendor/curl/lib/version_win32.c index e0f239e1..25ec8274 100644 --- a/vendor/hydra/vendor/curl/lib/version_win32.c +++ b/vendor/hydra/vendor/curl/lib/version_win32.c @@ -30,8 +30,10 @@ #include "version_win32.h" #include "warnless.h" -/* The last #include files should be: */ +/* The last 2 #include files should be in this order */ +#ifdef BUILDING_LIBCURL #include "curl_memory.h" +#endif #include "memdebug.h" /* This Unicode version struct works for VerifyVersionInfoW (OSVERSIONINFOEXW) @@ -53,7 +55,7 @@ struct OUR_OSVERSIONINFOEXW { /* * curlx_verify_windows_version() * - * This is used to verify if we are running on a specific windows version. + * This is used to verify if we are running on a specific Windows version. * * Parameters: * @@ -63,7 +65,7 @@ struct OUR_OSVERSIONINFOEXW { * ignored. * platform [in] - The optional platform identifier. * condition [in] - The test condition used to specifier whether we are - * checking a version less then, equal to or greater than + * checking a version less than, equal to or greater than * what is specified in the major and minor version * numbers. * @@ -78,13 +80,13 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, bool matched = FALSE; #if defined(CURL_WINDOWS_APP) - (void)buildVersion; - /* We have no way to determine the Windows version from Windows apps, - so let's assume we're running on the target Windows version. */ + so let's assume we are running on the target Windows version. */ const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); const WORD targetVersion = (WORD)_WIN32_WINNT; + (void)buildVersion; + switch(condition) { case VERSION_LESS_THAN: matched = targetVersion < fullVersion; @@ -108,7 +110,7 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, } if(matched && (platform == PLATFORM_WINDOWS)) { - /* we're always running on PLATFORM_WINNT */ + /* we are always running on PLATFORM_WINNT */ matched = FALSE; } #elif !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \ diff --git a/vendor/hydra/vendor/curl/lib/version_win32.h b/vendor/hydra/vendor/curl/lib/version_win32.h index 95c06611..95a9e7f2 100644 --- a/vendor/hydra/vendor/curl/lib/version_win32.h +++ b/vendor/hydra/vendor/curl/lib/version_win32.h @@ -44,7 +44,7 @@ typedef enum { PLATFORM_WINNT } PlatformIdentifier; -/* This is used to verify if we are running on a specific windows version */ +/* This is used to verify if we are running on a specific Windows version */ bool curlx_verify_windows_version(const unsigned int majorVersion, const unsigned int minorVersion, const unsigned int buildVersion, diff --git a/vendor/hydra/vendor/curl/lib/vquic/curl_msh3.c b/vendor/hydra/vendor/curl/lib/vquic/curl_msh3.c index d49af6ea..ac7865c1 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/curl_msh3.c +++ b/vendor/hydra/vendor/curl/lib/vquic/curl_msh3.c @@ -119,16 +119,38 @@ struct cf_msh3_ctx { struct cf_call_data call_data; struct curltime connect_started; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct Curl_hash streams; /* hash `data->id` to `stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */ /* Flags written by msh3/msquic thread */ bool handshake_complete; bool handshake_succeeded; bool connected; + BIT(initialized); /* Flags written by curl thread */ BIT(verbose); BIT(active); }; +static void h3_stream_hash_free(void *stream); + +static void cf_msh3_ctx_init(struct cf_msh3_ctx *ctx, + const struct Curl_addrinfo *ai) +{ + DEBUGASSERT(!ctx->initialized); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + Curl_sock_assign_addr(&ctx->addr, ai, TRNSPRT_QUIC); + ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD; + ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD; + ctx->initialized = TRUE; +} + +static void cf_msh3_ctx_free(struct cf_msh3_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_hash_destroy(&ctx->streams); + } + free(ctx); +} + static struct cf_msh3_ctx *h3_get_msh3_ctx(struct Curl_easy *data); /* How to access `call_data` from a cf_msh3 filter */ @@ -158,7 +180,7 @@ struct stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct stream_ctx *)((data && ctx)? \ - Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct stream_ctx *stream) { @@ -191,7 +213,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT); CURL_TRC_CF(data, cf, "data setup"); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -207,7 +229,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { CURL_TRC_CF(data, cf, "easy handle is done"); - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -293,7 +315,7 @@ static const MSH3_REQUEST_IF msh3_request_if = { msh3_data_sent }; -/* Decode HTTP status code. Returns -1 if no valid status code was +/* Decode HTTP status code. Returns -1 if no valid status code was decoded. (duplicate from http2.c) */ static int decode_status_code(const char *value, size_t len) { @@ -593,7 +615,8 @@ static ssize_t cf_msh3_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_msh3_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -603,7 +626,6 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, size_t nheader, i; ssize_t nwritten = -1; struct cf_call_data save; - bool eos; CF_DATA_SAVE(save, cf, data); @@ -646,21 +668,6 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, nva[i].ValueLength = e->valuelen; } - switch(data->state.httpreq) { - case HTTPREQ_POST: - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - case HTTPREQ_PUT: - /* known request body size or -1 */ - eos = FALSE; - break; - default: - /* there is not request body */ - eos = TRUE; - stream->upload_done = TRUE; - break; - } - CURL_TRC_CF(data, cf, "req: send %zu headers", nheader); stream->req = MsH3RequestOpen(ctx->qconn, &msh3_request_if, data, nva, nheader, @@ -689,7 +696,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, } /* TODO - msh3/msquic will hold onto this memory until the send complete - event. How do we make sure curl doesn't free it until then? */ + event. How do we make sure curl does not free it until then? */ *err = CURLE_OK; nwritten = len; } @@ -813,7 +820,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, CURLcode result; bool verify; - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + DEBUGASSERT(ctx->initialized); conn_config = Curl_ssl_cf_get_primary_config(cf); if(!conn_config) return CURLE_FAILED_INIT; @@ -840,7 +847,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, ctx->api = MsH3ApiOpen(); if(!ctx->api) { - failf(data, "can't create msh3 api"); + failf(data, "cannot create msh3 api"); return CURLE_FAILED_INIT; } @@ -851,7 +858,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, &addr, !verify); if(!ctx->qconn) { - failf(data, "can't create msh3 connection"); + failf(data, "cannot create msh3 connection"); if(ctx->api) { MsH3ApiClose(ctx->api); ctx->api = NULL; @@ -883,7 +890,7 @@ static CURLcode cf_msh3_connect(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data); if(ctx->sock[SP_LOCAL] == CURL_SOCKET_BAD) { - if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, &ctx->sock[0]) < 0) { + if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, &ctx->sock[0], FALSE) < 0) { ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD; ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD; return CURLE_COULDNT_CONNECT; @@ -904,7 +911,6 @@ static CURLcode cf_msh3_connect(struct Curl_cfilter *cf, CURL_TRC_CF(data, cf, "handshake succeeded"); cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; cf->connected = TRUE; cf->conn->alpn = CURL_HTTP_VERSION_3; *done = TRUE; @@ -940,7 +946,6 @@ static void cf_msh3_close(struct Curl_cfilter *cf, struct Curl_easy *data) MsH3ApiClose(ctx->api); ctx->api = NULL; } - Curl_hash_destroy(&ctx->streams); if(ctx->active) { /* We share our socket at cf->conn->sock[cf->sockindex] when active. @@ -979,10 +984,11 @@ static void cf_msh3_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); cf_msh3_close(cf, data); - free(cf->ctx); - cf->ctx = NULL; + if(cf->ctx) { + cf_msh3_ctx_free(cf->ctx); + cf->ctx = NULL; + } /* no CF_DATA_RESTORE(cf, save); its gone */ - } static CURLcode cf_msh3_query(struct Curl_cfilter *cf, @@ -1038,6 +1044,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_msh3_destroy, cf_msh3_connect, cf_msh3_close, + Curl_cf_def_shutdown, Curl_cf_def_get_host, cf_msh3_adjust_pollset, cf_msh3_data_pending, @@ -1080,9 +1087,7 @@ CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - Curl_sock_assign_addr(&ctx->addr, ai, TRNSPRT_QUIC); - ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD; - ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD; + cf_msh3_ctx_init(ctx, ai); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); @@ -1090,7 +1095,7 @@ CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf, *pcf = (!result)? cf : NULL; if(result) { Curl_safefree(cf); - Curl_safefree(ctx); + cf_msh3_ctx_free(ctx); } return result; diff --git a/vendor/hydra/vendor/curl/lib/vquic/curl_ngtcp2.c b/vendor/hydra/vendor/curl/lib/vquic/curl_ngtcp2.c index 0d9d87f3..3b958e22 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/curl_ngtcp2.c +++ b/vendor/hydra/vendor/curl/lib/vquic/curl_ngtcp2.c @@ -88,7 +88,7 @@ /* The pool keeps spares around and half of a full stream windows * seems good. More does not seem to improve performance. * The benefit of the pool is that stream buffer to not keep - * spares. So memory consumption goes down when streams run empty, + * spares. Memory consumption goes down when streams run empty, * have a large upload done, etc. */ #define H3_STREAM_POOL_SPARES \ (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2 @@ -129,16 +129,16 @@ struct cf_ngtcp2_ctx { nghttp3_settings h3settings; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ struct dynbuf scratch; /* temp buffer for header construction */ - struct Curl_hash streams; /* hash `data->id` to `h3_stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ size_t max_stream_window; /* max flow window for one stream */ uint64_t max_idle_ms; /* max idle time for QUIC connection */ uint64_t used_bidi_streams; /* bidi streams we have opened */ uint64_t max_bidi_streams; /* max bidi streams we can open */ int qlogfd; - BIT(conn_closed); /* connection is closed */ + BIT(initialized); + BIT(shutdown_started); /* queued shutdown packets */ }; /* How to access `call_data` from a cf_ngtcp2 filter */ @@ -146,6 +146,34 @@ struct cf_ngtcp2_ctx { #define CF_CTX_CALL_DATA(cf) \ ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data +static void h3_stream_hash_free(void *stream); + +static void cf_ngtcp2_ctx_init(struct cf_ngtcp2_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); + ctx->qlogfd = -1; + ctx->version = NGTCP2_PROTO_VER_MAX; + ctx->max_stream_window = H3_STREAM_WINDOW_SIZE; + ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->initialized = TRUE; +} + +static void cf_ngtcp2_ctx_free(struct cf_ngtcp2_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_dyn_free(&ctx->scratch); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + Curl_ssl_peer_cleanup(&ctx->peer); + } + free(ctx); +} + struct pkt_io_ctx; static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -162,7 +190,6 @@ struct h3_stream_ctx { struct bufq sendbuf; /* h3 request body */ struct h1_req_parser h1; /* h1 request parsing */ size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */ - size_t upload_blocked_len; /* the amount written last and EGAINed */ curl_uint64_t error3; /* HTTP/3 stream error code */ curl_off_t upload_left; /* number of request bytes left to upload */ int status_code; /* HTTP status code */ @@ -175,7 +202,7 @@ struct h3_stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) #define H3_STREAM_CTX_ID(ctx,id) ((struct h3_stream_ctx *)(\ Curl_hash_offt_get(&(ctx)->streams, (id)))) @@ -198,10 +225,8 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, struct cf_ngtcp2_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - if(!data || !data->req.p.http) { - failf(data, "initialization failure, transfer not http initialized"); + if(!data) return CURLE_FAILED_INIT; - } if(stream) return CURLE_OK; @@ -217,7 +242,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, stream->sendbuf_len_in_flight = 0; Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -242,7 +267,7 @@ static void cf_ngtcp2_stream_close(struct Curl_cfilter *cf, NGHTTP3_H3_REQUEST_CANCELLED); result = cf_progress_egress(cf, data, NULL); if(result) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cancel stream -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cancel stream -> %d", stream->id, result); } } @@ -253,10 +278,10 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] easy handle is done", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] easy handle is done", stream->id); cf_ngtcp2_stream_close(cf, data, stream); - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -266,7 +291,6 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, struct h3_stream_ctx **pstream) { struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct h3_stream_ctx *stream; (void)cf; @@ -276,8 +300,10 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, return data; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -326,8 +352,8 @@ static void pktx_update_time(struct pkt_io_ctx *pktx, struct cf_ngtcp2_ctx *ctx = cf->ctx; vquic_ctx_update_time(&ctx->q); - pktx->ts = ctx->q.last_op.tv_sec * NGTCP2_SECONDS + - ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS; + pktx->ts = (ngtcp2_tstamp)ctx->q.last_op.tv_sec * NGTCP2_SECONDS + + (ngtcp2_tstamp)ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS; } static void pktx_init(struct pkt_io_ctx *pktx, @@ -417,7 +443,7 @@ static void quic_settings(struct cf_ngtcp2_ctx *ctx, } } -static int init_ngh3_conn(struct Curl_cfilter *cf); +static CURLcode init_ngh3_conn(struct Curl_cfilter *cf); static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data) { @@ -491,12 +517,12 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags, if(!data) data = CF_DATA_CURRENT(cf); if(data) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read_stream(len=%zu) -> %zd", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read_stream(len=%zu) -> %zd", stream_id, buflen, nconsumed); if(nconsumed < 0) { struct h3_stream_ctx *stream = H3_STREAM_CTX_ID(ctx, stream_id); if(data && stream) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] error on known stream, " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] error on known stream, " "reset=%d, closed=%d", stream_id, stream->reset, stream->closed); } @@ -506,8 +532,8 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags, /* number of bytes inside buflen which consists of framing overhead * including QPACK HEADERS. In other words, it does not consume payload of * DATA frame. */ - ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, nconsumed); - ngtcp2_conn_extend_max_offset(tconn, nconsumed); + ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, (uint64_t)nconsumed); + ngtcp2_conn_extend_max_offset(tconn, (uint64_t)nconsumed); return 0; } @@ -556,8 +582,8 @@ static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags, } rv = nghttp3_conn_close_stream(ctx->h3conn, stream_id, app_error_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] quic close(app_error=%" - CURL_PRIu64 ") -> %d", stream_id, (curl_uint64_t)app_error_code, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] quic close(app_error=%" + FMT_PRIu64 ") -> %d", stream_id, (curl_uint64_t)app_error_code, rv); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { cf_ngtcp2_h3_err_set(cf, data, rv); @@ -582,7 +608,7 @@ static int cb_stream_reset(ngtcp2_conn *tconn, int64_t sid, (void)data; rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -620,8 +646,8 @@ static int cb_extend_max_local_streams_bidi(ngtcp2_conn *tconn, (void)tconn; ctx->max_bidi_streams = max_streams; if(data) - CURL_TRC_CF(data, cf, "max bidi streams now %" CURL_PRIu64 - ", used %" CURL_PRIu64, (curl_uint64_t)ctx->max_bidi_streams, + CURL_TRC_CF(data, cf, "max bidi streams now %" FMT_PRIu64 + ", used %" FMT_PRIu64, (curl_uint64_t)ctx->max_bidi_streams, (curl_uint64_t)ctx->used_bidi_streams); return 0; } @@ -647,8 +673,7 @@ static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t sid, } s_data = get_stream_easy(cf, data, stream_id, &stream); if(s_data && stream && stream->quic_flow_blocked) { - CURL_TRC_CF(s_data, cf, "[%" CURL_PRId64 "] unblock quic flow", - stream_id); + CURL_TRC_CF(s_data, cf, "[%" FMT_PRId64 "] unblock quic flow", stream_id); stream->quic_flow_blocked = FALSE; h3_drain_stream(cf, s_data); } @@ -663,7 +688,7 @@ static void cb_rand(uint8_t *dest, size_t destlen, result = Curl_rand(NULL, dest, destlen); if(result) { - /* cb_rand is only used for non-cryptographic context. If Curl_rand + /* cb_rand is only used for non-cryptographic context. If Curl_rand failed, just fill 0 and call it *random*. */ memset(dest, 0, destlen); } @@ -706,6 +731,11 @@ static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_encryption_level level, return 0; } +#if defined(_MSC_VER) && defined(_DLL) +# pragma warning(push) +# pragma warning(disable:4232) /* MSVC extension, dllimport identity */ +#endif + static ngtcp2_callbacks ng_callbacks = { ngtcp2_crypto_client_initial_cb, NULL, /* recv_client_initial */ @@ -749,6 +779,10 @@ static ngtcp2_callbacks ng_callbacks = { NULL, /* early_data_rejected */ }; +#if defined(_MSC_VER) && defined(_DLL) +# pragma warning(pop) +#endif + /** * Connection maintenance like timeouts on packet ACKs etc. are done by us, not * the OS like for TCP. POLL events on the socket therefore are not @@ -798,7 +832,8 @@ static CURLcode check_and_set_expiry(struct Curl_cfilter *cf, if(timeout % NGTCP2_MILLISECONDS) { timeout += NGTCP2_MILLISECONDS; } - Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC); + Curl_expire(data, (timediff_t)(timeout / NGTCP2_MILLISECONDS), + EXPIRE_QUIC); } } return CURLE_OK; @@ -815,6 +850,9 @@ static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf, return; Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send); + if(!want_send && !Curl_bufq_is_empty(&ctx->q.sendbuf)) + want_send = TRUE; + if(want_recv || want_send) { struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); struct cf_call_data save; @@ -855,11 +893,11 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t sid, if(stream->error3 != NGHTTP3_H3_NO_ERROR) { stream->reset = TRUE; stream->send_closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] RESET: error %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64, stream->id, stream->error3); } else { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] CLOSED", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->id); } h3_drain_stream(cf, data); return 0; @@ -875,7 +913,7 @@ static void h3_xfer_write_resp_hd(struct Curl_cfilter *cf, if(!stream->xfer_result) { stream->xfer_result = Curl_xfer_write_resp_hd(data, buf, blen, eos); if(stream->xfer_result) - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] error %d writing %zu " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] error %d writing %zu " "bytes of headers", stream->id, stream->xfer_result, blen); } } @@ -891,7 +929,7 @@ static void h3_xfer_write_resp(struct Curl_cfilter *cf, stream->xfer_result = Curl_xfer_write_resp(data, buf, blen, eos); /* If the transfer write is errored, we do not want any more data */ if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] error %d writing %zu bytes " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] error %d writing %zu bytes " "of data", stream->id, stream->xfer_result, blen); } } @@ -914,12 +952,12 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, h3_xfer_write_resp(cf, data, stream, (char *)buf, blen, FALSE); if(blen) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] ACK %zu bytes of DATA", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] ACK %zu bytes of DATA", stream->id, blen); ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream->id, blen); ngtcp2_conn_extend_max_offset(ctx->qconn, blen); } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu", stream->id, blen); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu", stream->id, blen); return 0; } @@ -954,10 +992,10 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid, if(!stream) return 0; - /* add a CRLF only if we've received some headers */ + /* add a CRLF only if we have received some headers */ h3_xfer_write_resp_hd(cf, data, stream, STRCONST("\r\n"), stream->closed); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] end_headers, status=%d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d", stream_id, stream->status_code); if(stream->status_code / 100 != 1) { stream->resp_hds_complete = TRUE; @@ -1005,7 +1043,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, if(!result) h3_xfer_write_resp_hd(cf, data, stream, Curl_dyn_ptr(&ctx->scratch), Curl_dyn_len(&ctx->scratch), FALSE); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] status: %s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, Curl_dyn_ptr(&ctx->scratch)); if(result) { return -1; @@ -1013,7 +1051,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, } else { /* store as an HTTP1-style header */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] header: %.*s: %.*s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s", stream_id, (int)h3name.len, h3name.base, (int)h3val.len, h3val.base); Curl_dyn_reset(&ctx->scratch); @@ -1046,7 +1084,7 @@ static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id, rv = ngtcp2_conn_shutdown_stream_read(ctx->qconn, 0, stream_id, app_error_code); if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } return 0; @@ -1065,9 +1103,9 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid, rv = ngtcp2_conn_shutdown_stream_write(ctx->qconn, 0, stream_id, app_error_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } return 0; @@ -1091,7 +1129,7 @@ static nghttp3_callbacks ngh3_callbacks = { NULL /* recv_settings */ }; -static int init_ngh3_conn(struct Curl_cfilter *cf) +static CURLcode init_ngh3_conn(struct Curl_cfilter *cf) { struct cf_ngtcp2_ctx *ctx = cf->ctx; CURLcode result; @@ -1160,14 +1198,13 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, (void)cf; if(stream->reset) { - failf(data, - "HTTP/3 stream %" CURL_PRId64 " reset by server", stream->id); + failf(data, "HTTP/3 stream %" FMT_PRId64 " reset by server", stream->id); *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; goto out; } else if(!stream->resp_hds_complete) { failf(data, - "HTTP/3 stream %" CURL_PRId64 " was closed cleanly, but before " + "HTTP/3 stream %" FMT_PRId64 " was closed cleanly, but before " "getting all response header fields, treated as error", stream->id); *err = CURLE_HTTP3; @@ -1202,7 +1239,7 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, pktx_init(&pktx, cf, data); - if(!stream || ctx->conn_closed) { + if(!stream || ctx->shutdown_started) { *err = CURLE_RECV_ERROR; goto out; } @@ -1214,7 +1251,7 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] xfer write failed", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] xfer write failed", stream->id); cf_ngtcp2_stream_close(cf, data, stream); *err = stream->xfer_result; nread = -1; @@ -1239,7 +1276,7 @@ static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = -1; } } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_recv(blen=%zu) -> %zd, %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(blen=%zu) -> %zd, %d", stream? stream->id : -1, blen, nread, *err); CF_DATA_RESTORE(cf, save); return nread; @@ -1268,11 +1305,11 @@ static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id, Curl_bufq_skip(&stream->sendbuf, skiplen); stream->sendbuf_len_in_flight -= skiplen; - /* Everything ACKed, we resume upload processing */ - if(!stream->sendbuf_len_in_flight) { + /* Resume upload processing if we have more data to send */ + if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) { int rv = nghttp3_conn_resume_stream(conn, stream_id); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { - return NGTCP2_ERR_CALLBACK_FAILURE; + return NGHTTP3_ERR_CALLBACK_FAILURE; } } return 0; @@ -1330,14 +1367,13 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, } else if(!nwritten) { /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> AGAIN", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN", stream->id); return NGHTTP3_ERR_WOULDBLOCK; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> " - "%d vecs%s with %zu (buffered=%zu, left=%" - CURL_FORMAT_CURL_OFF_T ")", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> " + "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")", stream->id, (int)nvecs, *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"", nwritten, Curl_bufq_len(&stream->sendbuf), @@ -1451,12 +1487,12 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, if(rc) { switch(rc) { case NGHTTP3_ERR_CONN_CLOSING: - CURL_TRC_CF(data, cf, "h3sid[%" CURL_PRId64 "] failed to send, " + CURL_TRC_CF(data, cf, "h3sid[%" FMT_PRId64 "] failed to send, " "connection is closing", stream->id); break; default: - CURL_TRC_CF(data, cf, "h3sid[%" CURL_PRId64 "] failed to send -> " - "%d (%s)", stream->id, rc, ngtcp2_strerror(rc)); + CURL_TRC_CF(data, cf, "h3sid[%" FMT_PRId64 "] failed to send -> " + "%d (%s)", stream->id, rc, nghttp3_strerror(rc)); break; } *err = CURLE_SEND_ERROR; @@ -1465,10 +1501,10 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s", stream->id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] [%.*s: %.*s]", stream->id, + infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]", stream->id, (int)nva[i].namelen, nva[i].name, (int)nva[i].valuelen, nva[i].value); } @@ -1481,7 +1517,8 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_ngtcp2_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1497,6 +1534,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, pktx_init(&pktx, cf, data); *err = CURLE_OK; + (void)eos; /* TODO: use for stream EOF and block handling */ result = cf_progress_ingress(cf, data, &pktx); if(result) { *err = result; @@ -1504,7 +1542,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, } if(!stream || stream->id < 0) { - if(ctx->conn_closed) { + if(ctx->shutdown_started) { CURL_TRC_CF(data, cf, "cannot open stream on closed connection"); *err = CURLE_SEND_ERROR; sent = -1; @@ -1518,27 +1556,12 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, stream = H3_STREAM_CTX(ctx, data); } else if(stream->xfer_result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] xfer write failed", stream->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] xfer write failed", stream->id); cf_ngtcp2_stream_close(cf, data, stream); *err = stream->xfer_result; sent = -1; goto out; } - else if(stream->upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - DEBUGASSERT(len >= stream->upload_blocked_len); - if(len < stream->upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/3 send again with decreased length"); - *err = CURLE_HTTP3; - sent = -1; - goto out; - } - sent = (ssize_t)stream->upload_blocked_len; - stream->upload_blocked_len = 0; - } else if(stream->closed) { if(stream->resp_hds_complete) { /* Server decided to close the stream after having sent us a final @@ -1546,19 +1569,19 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, * body. This happens on 30x or 40x responses. * We silently discard the data sent, since this is not a transport * error situation. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data" "on closed stream with response", stream->id); *err = CURLE_OK; sent = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) " "-> stream closed", stream->id, len); *err = CURLE_HTTP3; sent = -1; goto out; } - else if(ctx->conn_closed) { + else if(ctx->shutdown_started) { CURL_TRC_CF(data, cf, "cannot send on closed connection"); *err = CURLE_SEND_ERROR; sent = -1; @@ -1566,7 +1589,7 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, } else { sent = Curl_bufq_write(&stream->sendbuf, buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send, add to " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to " "sendbuf(len=%zu) -> %zd, %d", stream->id, len, sent, *err); if(sent < 0) { @@ -1582,25 +1605,13 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, sent = -1; } - if(stream && sent > 0 && stream->sendbuf_len_in_flight) { - /* We have unacknowledged DATA and cannot report success to our - * caller. Instead we EAGAIN and remember how much we have already - * "written" into our various internal connection buffers. */ - stream->upload_blocked_len = sent; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu), " - "%zu bytes in flight -> EGAIN", stream->id, len, - stream->sendbuf_len_in_flight); - *err = CURLE_AGAIN; - sent = -1; - } - out: result = check_and_set_expiry(cf, data, &pktx); if(result) { *err = result; sent = -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu) -> %zd, %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d", stream? stream->id : -1, len, sent, *err); CF_DATA_RESTORE(cf, save); return sent; @@ -1613,7 +1624,6 @@ static CURLcode qng_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -1631,7 +1641,7 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen, ++pktx->pkt_count; ngtcp2_addr_init(&path.local, (struct sockaddr *)&ctx->q.local_addr, - ctx->q.local_addrlen); + (socklen_t)ctx->q.local_addrlen); ngtcp2_addr_init(&path.remote, (struct sockaddr *)remote_addr, remote_addrlen); pi.ecn = (uint8_t)ecn; @@ -1747,7 +1757,7 @@ static ssize_t read_pkt_to_send(void *userp, struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, x->data); DEBUGASSERT(ndatalen == -1); nghttp3_conn_block_stream(ctx->h3conn, stream_id); - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] block quic flow", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] block quic flow", (curl_int64_t)stream_id); DEBUGASSERT(stream); if(stream) @@ -1867,7 +1877,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf, DEBUGASSERT(nread > 0); if(pktcnt == 0) { /* first packet in buffer. This is either of a known, "good" - * payload size or it is a PMTUD. We'll see. */ + * payload size or it is a PMTUD. We will see. */ gsolen = (size_t)nread; } else if((size_t)nread > gsolen || @@ -1961,7 +1971,8 @@ static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf, struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); if(stream && !stream->send_closed) { stream->send_closed = TRUE; - stream->upload_left = Curl_bufq_len(&stream->sendbuf); + stream->upload_left = Curl_bufq_len(&stream->sendbuf) - + stream->sendbuf_len_in_flight; (void)nghttp3_conn_resume_stream(ctx->h3conn, stream->id); } break; @@ -1983,53 +1994,116 @@ static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf, return result; } -static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx) +static void cf_ngtcp2_ctx_close(struct cf_ngtcp2_ctx *ctx) { struct cf_call_data save = ctx->call_data; + if(!ctx->initialized) + return; if(ctx->qlogfd != -1) { close(ctx->qlogfd); } + ctx->qlogfd = -1; Curl_vquic_tls_cleanup(&ctx->tls); vquic_ctx_free(&ctx->q); if(ctx->h3conn) nghttp3_conn_del(ctx->h3conn); if(ctx->qconn) ngtcp2_conn_del(ctx->qconn); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_dyn_free(&ctx->scratch); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - Curl_ssl_peer_cleanup(&ctx->peer); - - memset(ctx, 0, sizeof(*ctx)); - ctx->qlogfd = -1; ctx->call_data = save; } -static void cf_ngtcp2_conn_close(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode cf_ngtcp2_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) { struct cf_ngtcp2_ctx *ctx = cf->ctx; - if(ctx && ctx->qconn && !ctx->conn_closed) { + struct cf_call_data save; + struct pkt_io_ctx pktx; + CURLcode result = CURLE_OK; + + if(cf->shutdown || !ctx->qconn) { + *done = TRUE; + return CURLE_OK; + } + + CF_DATA_SAVE(save, cf, data); + *done = FALSE; + pktx_init(&pktx, cf, data); + + if(!ctx->shutdown_started) { char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; - struct pkt_io_ctx pktx; - ngtcp2_ssize rc; - - ctx->conn_closed = TRUE; - pktx_init(&pktx, cf, data); - rc = ngtcp2_conn_write_connection_close(ctx->qconn, NULL, /* path */ - NULL, /* pkt_info */ - (uint8_t *)buffer, sizeof(buffer), - &ctx->last_error, pktx.ts); - CURL_TRC_CF(data, cf, "closing connection(err_type=%d, err_code=%" - CURL_PRIu64 ") -> %d", ctx->last_error.type, - (curl_uint64_t)ctx->last_error.error_code, (int)rc); - if(rc > 0) { - while((send(ctx->q.sockfd, buffer, (SEND_TYPE_ARG3)rc, 0) == -1) && - SOCKERRNO == EINTR); + ngtcp2_ssize nwritten; + + if(!Curl_bufq_is_empty(&ctx->q.sendbuf)) { + CURL_TRC_CF(data, cf, "shutdown, flushing sendbuf"); + result = cf_progress_egress(cf, data, &pktx); + if(!Curl_bufq_is_empty(&ctx->q.sendbuf)) { + CURL_TRC_CF(data, cf, "sending shutdown packets blocked"); + result = CURLE_OK; + goto out; + } + else if(result) { + CURL_TRC_CF(data, cf, "shutdown, error %d flushing sendbuf", result); + *done = TRUE; + goto out; + } } + + ctx->shutdown_started = TRUE; + nwritten = ngtcp2_conn_write_connection_close( + ctx->qconn, NULL, /* path */ + NULL, /* pkt_info */ + (uint8_t *)buffer, sizeof(buffer), + &ctx->last_error, pktx.ts); + CURL_TRC_CF(data, cf, "start shutdown(err_type=%d, err_code=%" + FMT_PRIu64 ") -> %d", ctx->last_error.type, + (curl_uint64_t)ctx->last_error.error_code, (int)nwritten); + if(nwritten > 0) { + Curl_bufq_write(&ctx->q.sendbuf, (const unsigned char *)buffer, + (size_t)nwritten, &result); + if(result) { + CURL_TRC_CF(data, cf, "error %d adding shutdown packets to sendbuf, " + "aborting shutdown", result); + goto out; + } + ctx->q.no_gso = TRUE; + ctx->q.gsolen = (size_t)nwritten; + ctx->q.split_len = 0; + } + } + + if(!Curl_bufq_is_empty(&ctx->q.sendbuf)) { + CURL_TRC_CF(data, cf, "shutdown, flushing egress"); + result = vquic_flush(cf, data, &ctx->q); + if(result == CURLE_AGAIN) { + CURL_TRC_CF(data, cf, "sending shutdown packets blocked"); + result = CURLE_OK; + goto out; + } + else if(result) { + CURL_TRC_CF(data, cf, "shutdown, error %d flushing sendbuf", result); + *done = TRUE; + goto out; + } + } + + if(Curl_bufq_is_empty(&ctx->q.sendbuf)) { + /* Sent everything off. ngtcp2 seems to have no support for graceful + * shutdowns. So, we are done. */ + CURL_TRC_CF(data, cf, "shutdown completely sent off, done"); + *done = TRUE; + result = CURLE_OK; } +out: + CF_DATA_RESTORE(cf, save); + return result; +} + +static void cf_ngtcp2_conn_close(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + bool done; + cf_ngtcp2_shutdown(cf, data, &done); } static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -2040,7 +2114,7 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); if(ctx && ctx->qconn) { cf_ngtcp2_conn_close(cf, data); - cf_ngtcp2_ctx_clear(ctx); + cf_ngtcp2_ctx_close(ctx); CURL_TRC_CF(data, cf, "close"); } cf->connected = FALSE; @@ -2049,18 +2123,11 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct cf_call_data save; - - CF_DATA_SAVE(save, cf, data); CURL_TRC_CF(data, cf, "destroy"); - if(ctx) { - cf_ngtcp2_ctx_clear(ctx); - free(ctx); + if(cf->ctx) { + cf_ngtcp2_ctx_free(cf->ctx); + cf->ctx = NULL; } - cf->ctx = NULL; - /* No CF_DATA_RESTORE(cf, save) possible */ - (void)save; } #ifdef USE_OPENSSL @@ -2105,7 +2172,7 @@ static CURLcode tls_ctx_setup(struct Curl_cfilter *cf, return CURLE_FAILED_INIT; } #endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */ - /* Enable the session cache because it's a prerequisite for the + /* Enable the session cache because it is a prerequisite for the * "new session" callback. Use the "external storage" mode to prevent * OpenSSL from creating an internal session cache. */ @@ -2120,7 +2187,7 @@ static CURLcode tls_ctx_setup(struct Curl_cfilter *cf, return CURLE_FAILED_INIT; } #elif defined(USE_WOLFSSL) - if(ngtcp2_crypto_wolfssl_configure_client_context(ctx->ssl_ctx) != 0) { + if(ngtcp2_crypto_wolfssl_configure_client_context(ctx->wssl.ctx) != 0) { failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed"); return CURLE_FAILED_INIT; } @@ -2142,14 +2209,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, const struct Curl_sockaddr_ex *sockaddr = NULL; int qfd; - ctx->version = NGTCP2_PROTO_VER_MAX; - ctx->max_stream_window = H3_STREAM_WINDOW_SIZE; - ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_dyn_init(&ctx->scratch, CURL_MAX_HTTP_HEADER); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); - + DEBUGASSERT(ctx->initialized); result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC); if(result) return result; @@ -2196,7 +2256,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, (struct sockaddr *)&ctx->q.local_addr, ctx->q.local_addrlen); ngtcp2_addr_init(&ctx->connected_path.remote, - &sockaddr->sa_addr, sockaddr->addrlen); + &sockaddr->sa_addr, (socklen_t)sockaddr->addrlen); rc = ngtcp2_conn_client_new(&ctx->qconn, &ctx->dcid, &ctx->scid, &ctx->connected_path, @@ -2211,7 +2271,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, #elif defined(USE_GNUTLS) ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.gtls.session); #else - ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.ssl); + ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.wssl.handle); #endif ngtcp2_ccerr_default(&ctx->last_error); @@ -2250,12 +2310,6 @@ static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { ctx->started_at = now; result = cf_connect_start(cf, data, &pktx); @@ -2331,7 +2385,7 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, * by callback. QUIC counts the number over the lifetime of the * connection, ever increasing. * We count the *open* transfers plus the budget for new ones. */ - if(!ctx->qconn || ctx->conn_closed) { + if(!ctx->qconn || ctx->shutdown_started) { *pres1 = 0; } else if(ctx->max_bidi_streams) { @@ -2343,8 +2397,8 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, *pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams; } else /* transport params not arrived yet? take our default. */ - *pres1 = Curl_multi_max_concurrent_streams(data->multi); - CURL_TRC_CF(data, cf, "query conn[%" CURL_FORMAT_CURL_OFF_T "]: " + *pres1 = (int)Curl_multi_max_concurrent_streams(data->multi); + CURL_TRC_CF(data, cf, "query conn[%" FMT_OFF_T "]: " "MAX_CONCURRENT -> %d (%zu in use)", cf->conn->connection_id, *pres1, CONN_INUSE(cf->conn)); CF_DATA_RESTORE(cf, save); @@ -2389,7 +2443,7 @@ static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data); *input_pending = FALSE; - if(!ctx->qconn || ctx->conn_closed) + if(!ctx->qconn || ctx->shutdown_started) goto out; /* Both sides of the QUIC connection announce they max idle times in @@ -2416,8 +2470,8 @@ static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf, alive = TRUE; if(*input_pending) { CURLcode result; - /* This happens before we've sent off a request and the connection is - not in use by any other transfer, there shouldn't be any data here, + /* This happens before we have sent off a request and the connection is + not in use by any other transfer, there should not be any data here, only "protocol frames" */ *input_pending = FALSE; result = cf_progress_ingress(cf, data, NULL); @@ -2437,6 +2491,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_ngtcp2_destroy, cf_ngtcp2_connect, cf_ngtcp2_close, + cf_ngtcp2_shutdown, Curl_cf_def_get_host, cf_ngtcp2_adjust_pollset, cf_ngtcp2_data_pending, @@ -2463,8 +2518,7 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - ctx->qlogfd = -1; - cf_ngtcp2_ctx_clear(ctx); + cf_ngtcp2_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -2485,7 +2539,7 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf, if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_ngtcp2_ctx_free(ctx); } return result; } diff --git a/vendor/hydra/vendor/curl/lib/vquic/curl_osslq.c b/vendor/hydra/vendor/curl/lib/vquic/curl_osslq.c index 8b9e889d..6121b2f8 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/curl_osslq.c +++ b/vendor/hydra/vendor/curl/lib/vquic/curl_osslq.c @@ -71,7 +71,7 @@ /* The pool keeps spares around and half of a full stream window * seems good. More does not seem to improve performance. * The benefit of the pool is that stream buffer to not keep - * spares. So memory consumption goes down when streams run empty, + * spares. Memory consumption goes down when streams run empty, * have a large upload done, etc. */ #define H3_STREAM_POOL_SPARES \ (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2 @@ -232,7 +232,7 @@ static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s, if(!s->ssl) { return CURLE_FAILED_INIT; } - s->id = SSL_get_stream_id(s->ssl); + s->id = (curl_int64_t)SSL_get_stream_id(s->ssl); SSL_set_app_data(s->ssl, user_data); return CURLE_OK; } @@ -288,34 +288,121 @@ struct cf_osslq_ctx { struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ struct curltime first_byte_at; /* when first byte was recvd */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ - struct Curl_hash streams; /* hash `data->id` to `h3_stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ size_t max_stream_window; /* max flow window for one stream */ uint64_t max_idle_ms; /* max idle time for QUIC connection */ + BIT(initialized); BIT(got_first_byte); /* if first byte was received */ -#ifdef USE_OPENSSL BIT(x509_store_setup); /* if x509 store has been set up */ BIT(protocol_shutdown); /* QUIC connection is shut down */ -#endif + BIT(need_recv); /* QUIC connection needs to receive */ + BIT(need_send); /* QUIC connection needs to send */ }; -static void cf_osslq_ctx_clear(struct cf_osslq_ctx *ctx) +static void h3_stream_hash_free(void *stream); + +static void cf_osslq_ctx_init(struct cf_osslq_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->initialized = TRUE; +} + +static void cf_osslq_ctx_free(struct cf_osslq_ctx *ctx) +{ + if(ctx && ctx->initialized) { + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_hash_clean(&ctx->streams); + Curl_hash_destroy(&ctx->streams); + Curl_ssl_peer_cleanup(&ctx->peer); + } + free(ctx); +} + +static void cf_osslq_ctx_close(struct cf_osslq_ctx *ctx) { struct cf_call_data save = ctx->call_data; cf_osslq_h3conn_cleanup(&ctx->h3); Curl_vquic_tls_cleanup(&ctx->tls); vquic_ctx_free(&ctx->q); - Curl_bufcp_free(&ctx->stream_bufcp); - Curl_hash_clean(&ctx->streams); - Curl_hash_destroy(&ctx->streams); - Curl_ssl_peer_cleanup(&ctx->peer); - - memset(ctx, 0, sizeof(*ctx)); ctx->call_data = save; } +static CURLcode cf_osslq_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct cf_call_data save; + CURLcode result = CURLE_OK; + int rc; + + CF_DATA_SAVE(save, cf, data); + + if(cf->shutdown || ctx->protocol_shutdown) { + *done = TRUE; + return CURLE_OK; + } + + CF_DATA_SAVE(save, cf, data); + *done = FALSE; + ctx->need_send = FALSE; + ctx->need_recv = FALSE; + + rc = SSL_shutdown_ex(ctx->tls.ossl.ssl, + SSL_SHUTDOWN_FLAG_NO_BLOCK, NULL, 0); + if(rc == 0) { /* ongoing */ + CURL_TRC_CF(data, cf, "shutdown ongoing"); + ctx->need_recv = TRUE; + goto out; + } + else if(rc == 1) { /* done */ + CURL_TRC_CF(data, cf, "shutdown finished"); + *done = TRUE; + goto out; + } + else { + long sslerr; + char err_buffer[256]; + int err = SSL_get_error(ctx->tls.ossl.ssl, rc); + + switch(err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + CURL_TRC_CF(data, cf, "shutdown not received, but closed"); + *done = TRUE; + goto out; + case SSL_ERROR_WANT_READ: + /* SSL has send its notify and now wants to read the reply + * from the server. We are not really interested in that. */ + CURL_TRC_CF(data, cf, "shutdown sent, want receive"); + ctx->need_recv = TRUE; + goto out; + case SSL_ERROR_WANT_WRITE: + CURL_TRC_CF(data, cf, "shutdown send blocked"); + ctx->need_send = TRUE; + goto out; + default: + /* We give up on this. */ + sslerr = ERR_get_error(); + CURL_TRC_CF(data, cf, "shutdown, ignore recv error: '%s', errno %d", + (sslerr ? + osslq_strerror(sslerr, err_buffer, sizeof(err_buffer)) : + osslq_SSL_ERROR_to_str(err)), + SOCKERRNO); + *done = TRUE; + result = CURLE_OK; + goto out; + } + } +out: + CF_DATA_RESTORE(cf, save); + return result; +} + static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_osslq_ctx *ctx = cf->ctx; @@ -323,9 +410,14 @@ static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); if(ctx && ctx->tls.ossl.ssl) { - /* TODO: send connection close */ CURL_TRC_CF(data, cf, "cf_osslq_close()"); - cf_osslq_ctx_clear(ctx); + if(!cf->shutdown && !ctx->protocol_shutdown) { + /* last best effort, which OpenSSL calls a "rapid" shutdown. */ + SSL_shutdown_ex(ctx->tls.ossl.ssl, + (SSL_SHUTDOWN_FLAG_NO_BLOCK | SSL_SHUTDOWN_FLAG_RAPID), + NULL, 0); + } + cf_osslq_ctx_close(ctx); } cf->connected = FALSE; @@ -341,8 +433,9 @@ static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) CURL_TRC_CF(data, cf, "destroy"); if(ctx) { CURL_TRC_CF(data, cf, "cf_osslq_destroy()"); - cf_osslq_ctx_clear(ctx); - free(ctx); + if(ctx->tls.ossl.ssl) + cf_osslq_ctx_close(ctx); + cf_osslq_ctx_free(ctx); } cf->ctx = NULL; /* No CF_DATA_RESTORE(cf, save) possible */ @@ -355,12 +448,12 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, struct Curl_easy *data) { struct cf_osslq_ctx *ctx = cf->ctx; - int64_t stream_id = SSL_get_stream_id(stream_ssl); + curl_int64_t stream_id = (curl_int64_t)SSL_get_stream_id(stream_ssl); if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) { /* rejected, we are full */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] rejecting remote stream", - (curl_int64_t)stream_id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] rejecting remote stream", + stream_id); SSL_free(stream_ssl); return CURLE_FAILED_INIT; } @@ -370,13 +463,13 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, nstream->id = stream_id; nstream->ssl = stream_ssl; Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] accepted remote uni stream", - (curl_int64_t)stream_id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] accepted remote uni stream", + stream_id); break; } default: - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reject remote non-uni-read" - " stream", (curl_int64_t)stream_id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reject remote non-uni-read" + " stream", stream_id); SSL_free(stream_ssl); return CURLE_FAILED_INIT; } @@ -440,7 +533,7 @@ static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf, /* detail is already set to the SSL error above */ - /* If we e.g. use SSLv2 request-method and the server doesn't like us + /* If we e.g. use SSLv2 request-method and the server does not like us * (RST connection, etc.), OpenSSL gives no explanation whatsoever and * the SO_ERROR is also lost. */ @@ -470,7 +563,6 @@ static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -484,7 +576,6 @@ struct h3_stream_ctx { struct bufq recvbuf; /* h3 response body */ struct h1_req_parser h1; /* h1 request parsing */ size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */ - size_t upload_blocked_len; /* the amount written last and EGAINed */ size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */ curl_uint64_t error3; /* HTTP/3 stream error code */ curl_off_t upload_left; /* number of request bytes left to upload */ @@ -498,7 +589,7 @@ struct h3_stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct h3_stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct h3_stream_ctx *stream) { @@ -521,10 +612,8 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - if(!data || !data->req.p.http) { - failf(data, "initialization failure, transfer not http initialized"); + if(!data) return CURLE_FAILED_INIT; - } if(stream) return CURLE_OK; @@ -545,7 +634,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, stream->recv_buf_nonflow = 0; Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -560,7 +649,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%"CURL_PRId64"] easy handle is done", + CURL_TRC_CF(data, cf, "[%"FMT_PRId64"] easy handle is done", stream->s.id); if(ctx->h3.conn && !stream->closed) { nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); @@ -570,7 +659,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) stream->closed = TRUE; } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -580,7 +669,6 @@ static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf, { struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); - struct Curl_easy *sdata; if(stream && stream->s.id == stream_id) { return &stream->s; @@ -595,8 +683,10 @@ static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf, return &ctx->h3.s_qpack_dec; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -657,11 +747,11 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, if(stream->error3 != NGHTTP3_H3_NO_ERROR) { stream->reset = TRUE; stream->send_closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] RESET: error %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] RESET: error %" FMT_PRIu64, stream->s.id, stream->error3); } else { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] CLOSED", stream->s.id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] CLOSED", stream->s.id); } h3_drain_stream(cf, data); return 0; @@ -721,12 +811,12 @@ static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, result = write_resp_raw(cf, data, buf, buflen, TRUE); if(result) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu, ERROR %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, ERROR %d", stream->s.id, buflen, result); return NGHTTP3_ERR_CALLBACK_FAILURE; } stream->download_recvd += (curl_off_t)buflen; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] DATA len=%zu, total=%zd", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] DATA len=%zu, total=%zd", stream->s.id, buflen, stream->download_recvd); h3_drain_stream(cf, data); return 0; @@ -744,7 +834,7 @@ static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id, (void)conn; (void)stream_id; if(stream) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] deferred consume %zu bytes", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] deferred consume %zu bytes", stream->s.id, consumed); return 0; } @@ -782,7 +872,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, return -1; ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", stream->status_code); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] status: %s", stream_id, line); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] status: %s", stream_id, line); result = write_resp_raw(cf, data, line, ncopy, FALSE); if(result) { return -1; @@ -790,7 +880,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t sid, } else { /* store as an HTTP1-style header */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] header: %.*s: %.*s", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] header: %.*s: %.*s", stream_id, (int)h3name.len, h3name.base, (int)h3val.len, h3val.base); result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE); @@ -829,13 +919,13 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t sid, if(!stream) return 0; - /* add a CRLF only if we've received some headers */ + /* add a CRLF only if we have received some headers */ result = write_resp_raw(cf, data, "\r\n", 2, FALSE); if(result) { return -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] end_headers, status=%d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] end_headers, status=%d", stream_id, stream->status_code); if(stream->status_code / 100 != 1) { stream->resp_hds_complete = TRUE; @@ -859,7 +949,7 @@ static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t sid, if(!stream || !stream->s.ssl) return 0; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] stop_sending", stream_id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] stop_sending", stream_id); cf_osslq_stream_close(&stream->s); return 0; } @@ -879,7 +969,7 @@ static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t sid, SSL_STREAM_RESET_ARGS args = {0}; args.quic_error_code = app_error_code; rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args)); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reset -> %d", stream_id, rv); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] reset -> %d", stream_id, rv); if(!rv) { return NGHTTP3_ERR_CALLBACK_FAILURE; } @@ -939,14 +1029,13 @@ cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, } else if(!nwritten) { /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> AGAIN", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> AGAIN", stream->s.id); return NGHTTP3_ERR_WOULDBLOCK; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read req body -> " - "%d vecs%s with %zu (buffered=%zu, left=%" - CURL_FORMAT_CURL_OFF_T ")", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read req body -> " + "%d vecs%s with %zu (buffered=%zu, left=%" FMT_OFF_T ")", stream->s.id, (int)nvecs, *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"", nwritten, Curl_bufq_len(&stream->sendbuf), @@ -977,8 +1066,8 @@ static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id, Curl_bufq_skip(&stream->sendbuf, skiplen); stream->sendbuf_len_in_flight -= skiplen; - /* Everything ACKed, we resume upload processing */ - if(!stream->sendbuf_len_in_flight) { + /* Resume upload processing if we have more data to send */ + if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) { int rv = nghttp3_conn_resume_stream(conn, stream_id); if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGHTTP3_ERR_CALLBACK_FAILURE; @@ -1072,9 +1161,7 @@ static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf, BIO *bio = NULL; BIO_ADDR *baddr = NULL; - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + DEBUGASSERT(ctx->initialized); result = Curl_ssl_peer_init(&ctx->peer, cf, TRNSPRT_QUIC); if(result) goto out; @@ -1188,7 +1275,7 @@ static ssize_t h3_quic_recv(void *reader_ctx, return -1; } else if(detail == SSL_ERROR_ZERO_RETURN) { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] h3_quic_recv -> EOS", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> EOS", x->s->id); x->s->recvd_eos = TRUE; return 0; @@ -1197,8 +1284,8 @@ static ssize_t h3_quic_recv(void *reader_ctx, SSL_STREAM_STATE_RESET_REMOTE) { uint64_t app_error_code = NGHTTP3_H3_NO_ERROR; SSL_get_stream_read_error_code(x->s->ssl, &app_error_code); - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRId64 "] h3_quic_recv -> RESET, " - "rv=%d, app_err=%" CURL_PRIu64, + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, " + "rv=%d, app_err=%" FMT_PRIu64, x->s->id, rv, (curl_uint64_t)app_error_code); if(app_error_code != NGHTTP3_H3_NO_ERROR) { x->s->reset = TRUE; @@ -1254,7 +1341,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) { nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id, buf, blen, 0); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] forward %zu bytes " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forward %zu bytes " "to nghttp3 -> %zd", s->id, blen, nread); if(nread < 0) { failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s", @@ -1293,7 +1380,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, NGHTTP3_H3_NO_ERROR); s->closed = TRUE; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] close nghttp3 stream -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] close nghttp3 stream -> %d", s->id, rv); if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { failf(data, "nghttp3_conn_close_stream returned error: %s", @@ -1306,7 +1393,7 @@ static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, } out: if(result) - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_osslq_stream_recv -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_osslq_stream_recv -> %d", s->id, result); return result; } @@ -1347,11 +1434,12 @@ static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, } if(ctx->h3.conn) { - struct Curl_easy *sdata; + struct Curl_llist_node *e; struct h3_stream_ctx *stream; /* PULL all open streams */ DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) { stream = H3_STREAM_CTX(ctx, sdata); if(stream && !stream->closed && @@ -1374,11 +1462,12 @@ static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_osslq_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct h3_stream_ctx *stream; if(ctx->h3.conn) { - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + struct Curl_llist_node *e; + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn) { stream = H3_STREAM_CTX(ctx, sdata); if(stream && stream->s.ssl && stream->s.send_blocked && @@ -1430,7 +1519,7 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, s = cf_osslq_get_qstream(cf, data, stream_id); if(!s) { failf(data, "nghttp3_conn_writev_stream gave unknown stream %" - CURL_PRId64, (curl_int64_t)stream_id); + FMT_PRId64, (curl_int64_t)stream_id); result = CURLE_SEND_ERROR; goto out; } @@ -1442,23 +1531,16 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, for(i = 0; (i < n) && !blocked; ++i) { /* Without stream->s.ssl, we closed that already, so * pretend the write did succeed. */ -#ifdef SSL_WRITE_FLAG_CONCLUDE - /* Since OpenSSL v3.3.x, on last chunk set EOS if needed */ uint64_t flags = (eos && ((i + 1) == n))? SSL_WRITE_FLAG_CONCLUDE : 0; written = vec[i].len; ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags, &written); if(ok && flags & SSL_WRITE_FLAG_CONCLUDE) eos_written = TRUE; -#else - written = vec[i].len; - ok = !s->ssl || SSL_write_ex(s->ssl, vec[i].base, vec[i].len, - &written); -#endif if(ok) { /* As OpenSSL buffers the data, we count this as acknowledged * from nghttp3's point of view */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send %zu bytes to QUIC ok", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send %zu bytes to QUIC ok", s->id, vec[i].len); acked_len += vec[i].len; } @@ -1468,14 +1550,14 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: /* QUIC blocked us from writing more */ - CURL_TRC_CF(data, cf, "[%"CURL_PRId64 "] send %zu bytes to " + CURL_TRC_CF(data, cf, "[%"FMT_PRId64 "] send %zu bytes to " "QUIC blocked", s->id, vec[i].len); written = 0; nghttp3_conn_block_stream(ctx->h3.conn, s->id); s->send_blocked = blocked = TRUE; break; default: - failf(data, "[%"CURL_PRId64 "] send %zu bytes to QUIC, SSL error %d", + failf(data, "[%"FMT_PRId64 "] send %zu bytes to QUIC, SSL error %d", s->id, vec[i].len, detail); result = cf_osslq_ssl_err(cf, data, detail, CURLE_HTTP3); goto out; @@ -1501,13 +1583,13 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf, result = CURLE_SEND_ERROR; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] forwarded %zu/%zu h3 bytes " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] forwarded %zu/%zu h3 bytes " "to QUIC, eos=%d", s->id, acked_len, total_len, eos); } if(eos && !s->send_blocked && !eos_written) { /* wrote everything and H3 indicates end of stream */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] closing QUIC stream", s->id); + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] closing QUIC stream", s->id); SSL_stream_conclude(s->ssl, 0); } } @@ -1603,12 +1685,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, now = Curl_now(); CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->tls.ossl.ssl) { ctx->started_at = now; result = cf_osslq_ctx_start(cf, data); @@ -1766,7 +1842,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, *err = cf_osslq_stream_open(&stream->s, ctx->tls.ossl.ssl, 0, &ctx->stream_bufcp, data); if(*err) { - failf(data, "can't get bidi streams"); + failf(data, "cannot get bidi streams"); *err = CURLE_SEND_ERROR; goto out; } @@ -1800,11 +1876,11 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, if(rc) { switch(rc) { case NGHTTP3_ERR_CONN_CLOSING: - CURL_TRC_CF(data, cf, "h3sid[%"CURL_PRId64"] failed to send, " + CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64"] failed to send, " "connection is closing", stream->s.id); break; default: - CURL_TRC_CF(data, cf, "h3sid[%"CURL_PRId64 "] failed to send -> %d (%s)", + CURL_TRC_CF(data, cf, "h3sid[%"FMT_PRId64 "] failed to send -> %d (%s)", stream->s.id, rc, nghttp3_strerror(rc)); break; } @@ -1814,10 +1890,10 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] OPENED stream for %s", stream->s.id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRId64 "] [%.*s: %.*s]", + infof(data, "[HTTP/3] [%" FMT_PRId64 "] [%.*s: %.*s]", stream->s.id, (int)nva[i].namelen, nva[i].name, (int)nva[i].valuelen, nva[i].value); @@ -1831,7 +1907,8 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, } static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_osslq_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1839,6 +1916,7 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, ssize_t nwritten; CURLcode result; + (void)eos; /* TODO: use to end stream */ CF_DATA_SAVE(save, cf, data); DEBUGASSERT(cf->connected); DEBUGASSERT(ctx->tls.ossl.ssl); @@ -1867,21 +1945,6 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, } stream = H3_STREAM_CTX(ctx, data); } - else if(stream->upload_blocked_len) { - /* the data in `buf` has already been submitted or added to the - * buffers, but have been EAGAINed on the last invocation. */ - DEBUGASSERT(len >= stream->upload_blocked_len); - if(len < stream->upload_blocked_len) { - /* Did we get called again with a smaller `len`? This should not - * happen. We are not prepared to handle that. */ - failf(data, "HTTP/3 send again with decreased length"); - *err = CURLE_HTTP3; - nwritten = -1; - goto out; - } - nwritten = (ssize_t)stream->upload_blocked_len; - stream->upload_blocked_len = 0; - } else if(stream->closed) { if(stream->resp_hds_complete) { /* Server decided to close the stream after having sent us a final @@ -1889,13 +1952,13 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, * body. This happens on 30x or 40x responses. * We silently discard the data sent, since this is not a transport * error situation. */ - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] discarding data" "on closed stream with response", stream->s.id); *err = CURLE_OK; nwritten = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] send_body(len=%zu) " "-> stream closed", stream->s.id, len); *err = CURLE_HTTP3; nwritten = -1; @@ -1903,7 +1966,7 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, } else { nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send, add to " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send, add to " "sendbuf(len=%zu) -> %zd, %d", stream->s.id, len, nwritten, *err); if(nwritten < 0) { @@ -1919,21 +1982,9 @@ static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, nwritten = -1; } - if(stream && nwritten > 0 && stream->sendbuf_len_in_flight) { - /* We have unacknowledged DATA and cannot report success to our - * caller. Instead we EAGAIN and remember how much we have already - * "written" into our various internal connection buffers. */ - stream->upload_blocked_len = nwritten; - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu), " - "%zu bytes in flight -> EGAIN", stream->s.id, len, - stream->sendbuf_len_in_flight); - *err = CURLE_AGAIN; - nwritten = -1; - } - out: result = check_and_set_expiry(cf, data); - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_send(len=%zu) -> %zd, %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %zd, %d", stream? stream->s.id : -1, len, nwritten, *err); CF_DATA_RESTORE(cf, save); return nwritten; @@ -1949,14 +2000,14 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, (void)cf; if(stream->reset) { failf(data, - "HTTP/3 stream %" CURL_PRId64 " reset by server", + "HTTP/3 stream %" FMT_PRId64 " reset by server", stream->s.id); *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; goto out; } else if(!stream->resp_hds_complete) { failf(data, - "HTTP/3 stream %" CURL_PRId64 + "HTTP/3 stream %" FMT_PRId64 " was closed cleanly, but before getting" " all response header fields, treated as error", stream->s.id); @@ -1996,7 +2047,7 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); if(nread < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->s.id, len, nread, *err); goto out; } @@ -2014,7 +2065,7 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); if(nread < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->s.id, len, nread, *err); goto out; } @@ -2044,7 +2095,7 @@ static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, nread = -1; } } - CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] cf_recv(len=%zu) -> %zd, %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(len=%zu) -> %zd, %d", stream? stream->s.id : -1, len, nread, *err); CF_DATA_RESTORE(cf, save); return nread; @@ -2090,7 +2141,8 @@ static CURLcode cf_osslq_data_event(struct Curl_cfilter *cf, struct h3_stream_ctx *stream = H3_STREAM_CTX(ctx, data); if(stream && !stream->send_closed) { stream->send_closed = TRUE; - stream->upload_left = Curl_bufq_len(&stream->sendbuf); + stream->upload_left = Curl_bufq_len(&stream->sendbuf) - + stream->sendbuf_len_in_flight; (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id); } break; @@ -2149,8 +2201,8 @@ static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf, alive = TRUE; if(*input_pending) { CURLcode result; - /* This happens before we've sent off a request and the connection is - not in use by any other transfer, there shouldn't be any data here, + /* This happens before we have sent off a request and the connection is + not in use by any other transfer, there should not be any data here, only "protocol frames" */ *input_pending = FALSE; result = cf_progress_ingress(cf, data); @@ -2189,6 +2241,10 @@ static void cf_osslq_adjust_pollset(struct Curl_cfilter *cf, SSL_net_read_desired(ctx->tls.ossl.ssl), SSL_net_write_desired(ctx->tls.ossl.ssl)); } + else if(ctx->need_recv || ctx->need_send) { + Curl_pollset_set(data, ps, ctx->q.sockfd, + ctx->need_recv, ctx->need_send); + } } } @@ -2252,6 +2308,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_osslq_destroy, cf_osslq_connect, cf_osslq_close, + cf_osslq_shutdown, Curl_cf_def_get_host, cf_osslq_adjust_pollset, cf_osslq_data_pending, @@ -2278,7 +2335,7 @@ CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } - cf_osslq_ctx_clear(ctx); + cf_osslq_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -2299,7 +2356,7 @@ CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_osslq_ctx_free(ctx); } return result; } diff --git a/vendor/hydra/vendor/curl/lib/vquic/curl_quiche.c b/vendor/hydra/vendor/curl/lib/vquic/curl_quiche.c index a68fc643..768a5f2a 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/curl_quiche.c +++ b/vendor/hydra/vendor/curl/lib/vquic/curl_quiche.c @@ -64,11 +64,10 @@ #define H3_STREAM_WINDOW_SIZE (128 * 1024) #define H3_STREAM_CHUNK_SIZE (16 * 1024) -/* The pool keeps spares around and half of a full stream windows - * seems good. More does not seem to improve performance. - * The benefit of the pool is that stream buffer to not keep - * spares. So memory consumption goes down when streams run empty, - * have a large upload done, etc. */ +/* The pool keeps spares around and half of a full stream windows seems good. + * More does not seem to improve performance. The benefit of the pool is that + * stream buffer to not keep spares. Memory consumption goes down when streams + * run empty, have a large upload done, etc. */ #define H3_STREAM_POOL_SPARES \ (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2 /* Receive and Send max number of chunks just follows from the @@ -97,15 +96,18 @@ struct cf_quiche_ctx { uint8_t scid[QUICHE_MAX_CONN_ID_LEN]; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ - struct Curl_hash streams; /* hash `data->id` to `stream_ctx` */ + struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */ curl_off_t data_recvd; + BIT(initialized); BIT(goaway); /* got GOAWAY from server */ BIT(x509_store_setup); /* if x509 store has been set up */ + BIT(shutdown_started); /* queued shutdown packets */ }; #ifdef DEBUG_QUICHE +/* initialize debug log callback only once */ +static int debug_log_init = 0; static void quiche_debug_log(const char *line, void *argp) { (void)argp; @@ -113,17 +115,27 @@ static void quiche_debug_log(const char *line, void *argp) } #endif -static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx) +static void h3_stream_hash_free(void *stream); + +static void cf_quiche_ctx_init(struct cf_quiche_ctx *ctx) +{ + DEBUGASSERT(!ctx->initialized); +#ifdef DEBUG_QUICHE + if(!debug_log_init) { + quiche_enable_debug_logging(quiche_debug_log, NULL); + debug_log_init = 1; + } +#endif + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); + ctx->data_recvd = 0; + ctx->initialized = TRUE; +} + +static void cf_quiche_ctx_free(struct cf_quiche_ctx *ctx) { - if(ctx) { - if(ctx->h3c) - quiche_h3_conn_free(ctx->h3c); - if(ctx->h3config) - quiche_h3_config_free(ctx->h3config); - if(ctx->qconn) - quiche_conn_free(ctx->qconn); - if(ctx->cfg) - quiche_config_free(ctx->cfg); + if(ctx && ctx->initialized) { /* quiche just freed it */ ctx->tls.ossl.ssl = NULL; Curl_vquic_tls_cleanup(&ctx->tls); @@ -132,9 +144,20 @@ static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx) Curl_bufcp_free(&ctx->stream_bufcp); Curl_hash_clean(&ctx->streams); Curl_hash_destroy(&ctx->streams); - - memset(ctx, 0, sizeof(*ctx)); } + free(ctx); +} + +static void cf_quiche_ctx_close(struct cf_quiche_ctx *ctx) +{ + if(ctx->h3c) + quiche_h3_conn_free(ctx->h3c); + if(ctx->h3config) + quiche_h3_config_free(ctx->h3config); + if(ctx->qconn) + quiche_conn_free(ctx->qconn); + if(ctx->cfg) + quiche_config_free(ctx->cfg); } static CURLcode cf_flush_egress(struct Curl_cfilter *cf, @@ -148,7 +171,6 @@ struct stream_ctx { struct bufq recvbuf; /* h3 response */ struct h1_req_parser h1; /* h1 request parsing */ curl_uint64_t error3; /* HTTP/3 stream error code */ - curl_off_t upload_left; /* number of request bytes left to upload */ BIT(opened); /* TRUE after stream has been opened */ BIT(closed); /* TRUE on stream close */ BIT(reset); /* TRUE on stream reset */ @@ -159,7 +181,7 @@ struct stream_ctx { }; #define H3_STREAM_CTX(ctx,data) ((struct stream_ctx *)(\ - data? Curl_hash_offt_get(&(ctx)->streams, (data)->id) : NULL)) + data? Curl_hash_offt_get(&(ctx)->streams, (data)->mid) : NULL)) static void h3_stream_ctx_free(struct stream_ctx *stream) { @@ -178,17 +200,17 @@ static void check_resumes(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_quiche_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; - struct stream_ctx *stream; + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn == data->conn) { - stream = H3_STREAM_CTX(ctx, sdata); + struct stream_ctx *stream = H3_STREAM_CTX(ctx, sdata); if(stream && stream->quic_flow_blocked) { stream->quic_flow_blocked = FALSE; Curl_expire(data, 0, EXPIRE_RUN_NOW); - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] unblock", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] unblock", stream->id); } } } @@ -212,7 +234,7 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT); Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); - if(!Curl_hash_offt_set(&ctx->streams, data->id, stream)) { + if(!Curl_hash_offt_set(&ctx->streams, data->mid, stream)) { h3_stream_ctx_free(stream); return CURLE_OUT_OF_MEMORY; } @@ -228,7 +250,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] easy handle is done", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] easy handle is done", stream->id); if(ctx->qconn && !stream->closed) { quiche_conn_stream_shutdown(ctx->qconn, stream->id, QUICHE_SHUTDOWN_READ, CURL_H3_NO_ERROR); @@ -242,7 +264,7 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) if(result) CURL_TRC_CF(data, cf, "data_done, flush egress -> %d", result); } - Curl_hash_offt_remove(&ctx->streams, data->id); + Curl_hash_offt_remove(&ctx->streams, data->mid); } } @@ -255,7 +277,7 @@ static void drain_stream(struct Curl_cfilter *cf, (void)cf; bits = CURL_CSELECT_IN; - if(stream && !stream->send_closed && stream->upload_left) + if(stream && !stream->send_closed) bits |= CURL_CSELECT_OUT; if(data->state.select_bits != bits) { data->state.select_bits = bits; @@ -269,7 +291,6 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, struct stream_ctx **pstream) { struct cf_quiche_ctx *ctx = cf->ctx; - struct Curl_easy *sdata; struct stream_ctx *stream; (void)cf; @@ -279,8 +300,10 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, return data; } else { + struct Curl_llist_node *e; DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata->conn != data->conn) continue; stream = H3_STREAM_CTX(ctx, sdata); @@ -297,11 +320,12 @@ static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, static void cf_quiche_expire_conn_closed(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct Curl_easy *sdata; + struct Curl_llist_node *e; DEBUGASSERT(data->multi); CURL_TRC_CF(data, cf, "conn closed, expire all transfers"); - for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + for(e = Curl_llist_head(&data->multi->process); e; e = Curl_node_next(e)) { + struct Curl_easy *sdata = Curl_node_elem(e); if(sdata == data || sdata->conn != data->conn) continue; CURL_TRC_CF(sdata, cf, "conn closed, expire transfer"); @@ -357,7 +381,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, return CURLE_OK; if((name_len == 7) && !strncmp(HTTP_PSEUDO_STATUS, (char *)name, 7)) { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRIu64 "] status: %.*s", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRIu64 "] status: %.*s", stream->id, (int)value_len, value); result = write_resp_raw(x->cf, x->data, "HTTP/3 ", sizeof("HTTP/3 ") - 1); if(!result) @@ -366,7 +390,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, result = write_resp_raw(x->cf, x->data, " \r\n", 3); } else { - CURL_TRC_CF(x->data, x->cf, "[%" CURL_PRIu64 "] header: %.*s: %.*s", + CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRIu64 "] header: %.*s: %.*s", stream->id, (int)name_len, name, (int)value_len, value); result = write_resp_raw(x->cf, x->data, name, name_len); @@ -378,7 +402,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, result = write_resp_raw(x->cf, x->data, "\r\n", 2); } if(result) { - CURL_TRC_CF(x->data, x->cf, "[%"CURL_PRIu64"] on header error %d", + CURL_TRC_CF(x->data, x->cf, "[%"FMT_PRIu64"] on header error %d", stream->id, result); } return result; @@ -435,9 +459,9 @@ static CURLcode cf_recv_body(struct Curl_cfilter *cf, stream_resp_read, &cb_ctx, &result); if(nwritten < 0 && result != CURLE_AGAIN) { - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] recv_body error %zd", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] recv_body error %zd", stream->id, nwritten); - failf(data, "Error %d in HTTP/3 response body for stream[%"CURL_PRIu64"]", + failf(data, "Error %d in HTTP/3 response body for stream[%"FMT_PRIu64"]", result, stream->id); stream->closed = TRUE; stream->reset = TRUE; @@ -489,10 +513,10 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, rc = quiche_h3_event_for_each_header(ev, cb_each_header, &cb_ctx); if(rc) { failf(data, "Error %d in HTTP/3 response header for stream[%" - CURL_PRIu64"]", rc, stream->id); + FMT_PRIu64"]", rc, stream->id); return CURLE_RECV_ERROR; } - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] <- [HEADERS]", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] <- [HEADERS]", stream->id); break; case QUICHE_H3_EVENT_DATA: @@ -502,7 +526,7 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_RESET: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] RESET", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] RESET", stream->id); stream->closed = TRUE; stream->reset = TRUE; stream->send_closed = TRUE; @@ -510,7 +534,7 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_FINISHED: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] CLOSED", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] CLOSED", stream->id); if(!stream->resp_hds_complete) { result = write_resp_raw(cf, data, "\r\n", 2); if(result) @@ -522,11 +546,11 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, break; case QUICHE_H3_EVENT_GOAWAY: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] <- [GOAWAY]", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] <- [GOAWAY]", stream->id); break; default: - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] recv, unhandled event %d", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] recv, unhandled event %d", stream->id, quiche_h3_event_type(ev)); break; } @@ -549,13 +573,13 @@ static CURLcode cf_poll_events(struct Curl_cfilter *cf, break; } else if(stream3_id < 0) { - CURL_TRC_CF(data, cf, "error poll: %"CURL_PRId64, stream3_id); + CURL_TRC_CF(data, cf, "error poll: %"FMT_PRId64, stream3_id); return CURLE_HTTP3; } sdata = get_stream_easy(cf, data, stream3_id, &stream); if(!sdata || !stream) { - CURL_TRC_CF(data, cf, "discard event %s for unknown [%"CURL_PRId64"]", + CURL_TRC_CF(data, cf, "discard event %s for unknown [%"FMT_PRId64"]", cf_ev_name(ev), stream3_id); } else { @@ -563,7 +587,7 @@ static CURLcode cf_poll_events(struct Curl_cfilter *cf, drain_stream(cf, sdata); if(result) { CURL_TRC_CF(data, cf, "error processing event %s " - "for [%"CURL_PRIu64"] -> %d", cf_ev_name(ev), + "for [%"FMT_PRIu64"] -> %d", cf_ev_name(ev), stream3_id, result); if(data == sdata) { /* Only report this error to the caller if it is about the @@ -793,19 +817,19 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, DEBUGASSERT(stream); if(stream->reset) { failf(data, - "HTTP/3 stream %" CURL_PRIu64 " reset by server", stream->id); + "HTTP/3 stream %" FMT_PRIu64 " reset by server", stream->id); *err = data->req.bytecount? CURLE_PARTIAL_FILE : CURLE_HTTP3; - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_recv, was reset -> %d", + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_recv, was reset -> %d", stream->id, *err); } else if(!stream->resp_got_header) { failf(data, - "HTTP/3 stream %" CURL_PRIu64 " was closed cleanly, but before " + "HTTP/3 stream %" FMT_PRIu64 " was closed cleanly, but before " "getting all response header fields, treated as error", stream->id); /* *err = CURLE_PARTIAL_FILE; */ *err = CURLE_HTTP3; - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_recv, closed incomplete" + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_recv, closed incomplete" " -> %d", stream->id, *err); } else { @@ -833,7 +857,7 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(!Curl_bufq_is_empty(&stream->recvbuf)) { nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->id, len, nread, *err); if(nread < 0) goto out; @@ -850,7 +874,7 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) { nread = Curl_bufq_read(&stream->recvbuf, (unsigned char *)buf, len, err); - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] read recvbuf(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] read recvbuf(len=%zu) " "-> %zd, %d", stream->id, len, nread, *err); if(nread < 0) goto out; @@ -884,19 +908,70 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } if(nread > 0) ctx->data_recvd += nread; - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] cf_recv(total=%" - CURL_FORMAT_CURL_OFF_T ") -> %zd, %d", + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] cf_recv(total=%" + FMT_OFF_T ") -> %zd, %d", stream->id, ctx->data_recvd, nread, *err); return nread; } +static ssize_t cf_quiche_send_body(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct stream_ctx *stream, + const void *buf, size_t len, bool eos, + CURLcode *err) +{ + struct cf_quiche_ctx *ctx = cf->ctx; + ssize_t nwritten; + + nwritten = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->id, + (uint8_t *)buf, len, eos); + if(nwritten == QUICHE_H3_ERR_DONE || (nwritten == 0 && len > 0)) { + /* TODO: we seem to be blocked on flow control and should HOLD + * sending. But when do we open again? */ + if(!quiche_conn_stream_writable(ctx->qconn, stream->id, len)) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> window exhausted", stream->id, len); + stream->quic_flow_blocked = TRUE; + } + *err = CURLE_AGAIN; + return -1; + } + else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> invalid stream state", stream->id, len); + *err = CURLE_HTTP3; + return -1; + } + else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> exceeds size", stream->id, len); + *err = CURLE_SEND_ERROR; + return -1; + } + else if(nwritten < 0) { + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " + "-> quiche err %zd", stream->id, len, nwritten); + *err = CURLE_SEND_ERROR; + return -1; + } + else { + if(eos && (len == (size_t)nwritten)) + stream->send_closed = TRUE; + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send body(len=%zu, " + "eos=%d) -> %zd", + stream->id, len, stream->send_closed, nwritten); + *err = CURLE_OK; + return nwritten; + } +} + /* Index where :authority header field will appear in request header field list. */ #define AUTHORITY_DST_IDX 3 static ssize_t h3_open_stream(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, + const char *buf, size_t len, bool eos, CURLcode *err) { struct cf_quiche_ctx *ctx = cf->ctx; @@ -952,23 +1027,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, nva[i].value_len = e->valuelen; } - switch(data->state.httpreq) { - case HTTPREQ_POST: - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - case HTTPREQ_PUT: - if(data->state.infilesize != -1) - stream->upload_left = data->state.infilesize; - else - /* data sending without specifying the data amount up front */ - stream->upload_left = -1; /* unknown */ - break; - default: - stream->upload_left = 0; /* no request body */ - break; - } - - if(stream->upload_left == 0) + if(eos && ((size_t)nwritten == len)) stream->send_closed = TRUE; stream3_id = quiche_h3_send_request(ctx->h3c, ctx->qconn, nva, nheader, @@ -977,14 +1036,14 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, if(QUICHE_H3_ERR_STREAM_BLOCKED == stream3_id) { /* quiche seems to report this error if the connection window is * exhausted. Which happens frequently and intermittent. */ - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] blocked", stream->id); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] blocked", stream->id); stream->quic_flow_blocked = TRUE; *err = CURLE_AGAIN; nwritten = -1; goto out; } else { - CURL_TRC_CF(data, cf, "send_request(%s) -> %" CURL_PRIu64, + CURL_TRC_CF(data, cf, "send_request(%s) -> %" FMT_PRIu64, data->state.url, stream3_id); } *err = CURLE_SEND_ERROR; @@ -1000,15 +1059,31 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, stream->reset = FALSE; if(Curl_trc_is_verbose(data)) { - infof(data, "[HTTP/3] [%" CURL_PRIu64 "] OPENED stream for %s", + infof(data, "[HTTP/3] [%" FMT_PRIu64 "] OPENED stream for %s", stream->id, data->state.url); for(i = 0; i < nheader; ++i) { - infof(data, "[HTTP/3] [%" CURL_PRIu64 "] [%.*s: %.*s]", stream->id, + infof(data, "[HTTP/3] [%" FMT_PRIu64 "] [%.*s: %.*s]", stream->id, (int)nva[i].name_len, nva[i].name, (int)nva[i].value_len, nva[i].value); } } + if(nwritten > 0 && ((size_t)nwritten < len)) { + /* after the headers, there was request BODY data */ + size_t hds_len = (size_t)nwritten; + ssize_t bwritten; + + bwritten = cf_quiche_send_body(cf, data, stream, + buf + hds_len, len - hds_len, eos, err); + if((bwritten < 0) && (CURLE_AGAIN != *err)) { + /* real error, fail */ + nwritten = -1; + } + else if(bwritten > 0) { + nwritten += bwritten; + } + } + out: free(nva); Curl_dynhds_free(&h2_headers); @@ -1016,7 +1091,8 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, } static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *buf, size_t len, CURLcode *err) + const void *buf, size_t len, bool eos, + CURLcode *err) { struct cf_quiche_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(ctx, data); @@ -1032,7 +1108,7 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, } if(!stream || !stream->opened) { - nwritten = h3_open_stream(cf, data, buf, len, err); + nwritten = h3_open_stream(cf, data, buf, len, eos, err); if(nwritten < 0) goto out; stream = H3_STREAM_CTX(ctx, data); @@ -1047,70 +1123,20 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, * sending the 30x response. * This is sort of a race: had the transfer loop called recv first, * it would see the response and stop/discard sending on its own- */ - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] discarding data" + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] discarding data" "on closed stream with response", stream->id); *err = CURLE_OK; nwritten = (ssize_t)len; goto out; } - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] send_body(len=%zu) " "-> stream closed", stream->id, len); *err = CURLE_HTTP3; nwritten = -1; goto out; } else { - bool eof = (stream->upload_left >= 0 && - (curl_off_t)len >= stream->upload_left); - nwritten = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->id, - (uint8_t *)buf, len, eof); - if(nwritten == QUICHE_H3_ERR_DONE || (nwritten == 0 && len > 0)) { - /* TODO: we seem to be blocked on flow control and should HOLD - * sending. But when do we open again? */ - if(!quiche_conn_stream_writable(ctx->qconn, stream->id, len)) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> window exhausted", stream->id, len); - stream->quic_flow_blocked = TRUE; - } - *err = CURLE_AGAIN; - nwritten = -1; - goto out; - } - else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> invalid stream state", stream->id, len); - *err = CURLE_HTTP3; - nwritten = -1; - goto out; - } - else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> exceeds size", stream->id, len); - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - else if(nwritten < 0) { - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send_body(len=%zu) " - "-> quiche err %zd", stream->id, len, nwritten); - *err = CURLE_SEND_ERROR; - nwritten = -1; - goto out; - } - else { - /* quiche accepted all or at least a part of the buf */ - if(stream->upload_left > 0) { - stream->upload_left = (nwritten < stream->upload_left)? - (stream->upload_left - nwritten) : 0; - } - if(stream->upload_left == 0) - stream->send_closed = TRUE; - - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] send body(len=%zu, " - "left=%" CURL_FORMAT_CURL_OFF_T ") -> %zd", - stream->id, len, stream->upload_left, nwritten); - *err = CURLE_OK; - } + nwritten = cf_quiche_send_body(cf, data, stream, buf, len, eos, err); } out: @@ -1119,8 +1145,8 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, *err = result; nwritten = -1; } - CURL_TRC_CF(data, cf, "[%" CURL_PRIu64 "] cf_send(len=%zu) -> %zd, %d", - stream? stream->id : -1, len, nwritten, *err); + CURL_TRC_CF(data, cf, "[%" FMT_PRIu64 "] cf_send(len=%zu) -> %zd, %d", + stream? stream->id : (curl_uint64_t)~0, len, nwritten, *err); return nwritten; } @@ -1215,10 +1241,9 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, ssize_t sent; stream->send_closed = TRUE; - stream->upload_left = 0; body[0] = 'X'; - sent = cf_quiche_send(cf, data, body, 0, &result); - CURL_TRC_CF(data, cf, "[%"CURL_PRIu64"] DONE_SEND -> %zd, %d", + sent = cf_quiche_send(cf, data, body, 0, TRUE, &result); + CURL_TRC_CF(data, cf, "[%"FMT_PRIu64"] DONE_SEND -> %zd, %d", stream->id, sent, result); } break; @@ -1238,8 +1263,8 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, return result; } -static CURLcode cf_connect_start(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode cf_quiche_ctx_open(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct cf_quiche_ctx *ctx = cf->ctx; int rv; @@ -1247,19 +1272,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, const struct Curl_sockaddr_ex *sockaddr; DEBUGASSERT(ctx->q.sockfd != CURL_SOCKET_BAD); - -#ifdef DEBUG_QUICHE - /* initialize debug log callback only once */ - static int debug_log_init = 0; - if(!debug_log_init) { - quiche_enable_debug_logging(quiche_debug_log, NULL); - debug_log_init = 1; - } -#endif - Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, - H3_STREAM_POOL_SPARES); - Curl_hash_offt_init(&ctx->streams, 63, h3_stream_hash_free); - ctx->data_recvd = 0; + DEBUGASSERT(ctx->initialized); result = vquic_ctx_init(&ctx->q); if(result) @@ -1271,7 +1284,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, ctx->cfg = quiche_config_new(QUICHE_PROTOCOL_VERSION); if(!ctx->cfg) { - failf(data, "can't create quiche config"); + failf(data, "cannot create quiche config"); return CURLE_FAILED_INIT; } quiche_config_enable_pacing(ctx->cfg, false); @@ -1322,7 +1335,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, &sockaddr->sa_addr, sockaddr->addrlen, ctx->cfg, ctx->tls.ossl.ssl, false); if(!ctx->qconn) { - failf(data, "can't create quiche connection"); + failf(data, "cannot create quiche connection"); return CURLE_OUT_OF_MEMORY; } @@ -1366,7 +1379,6 @@ static CURLcode cf_quiche_verify_peer(struct Curl_cfilter *cf, cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } @@ -1393,15 +1405,8 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, *done = FALSE; vquic_ctx_update_time(&ctx->q); - if(ctx->reconnect_at.tv_sec && - Curl_timediff(ctx->q.last_op, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { - result = cf_connect_start(cf, data); + result = cf_quiche_ctx_open(cf, data); if(result) goto out; ctx->started_at = ctx->q.last_op; @@ -1464,30 +1469,69 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, return result; } -static void cf_quiche_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode cf_quiche_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) { struct cf_quiche_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(cf->shutdown || !ctx || !ctx->qconn) { + *done = TRUE; + return CURLE_OK; + } - if(ctx) { - if(ctx->qconn) { - vquic_ctx_update_time(&ctx->q); - (void)quiche_conn_close(ctx->qconn, TRUE, 0, NULL, 0); - /* flushing the egress is not a failsafe way to deliver all the - outstanding packets, but we also don't want to get stuck here... */ - (void)cf_flush_egress(cf, data); + *done = FALSE; + if(!ctx->shutdown_started) { + int err; + + ctx->shutdown_started = TRUE; + vquic_ctx_update_time(&ctx->q); + err = quiche_conn_close(ctx->qconn, TRUE, 0, NULL, 0); + if(err) { + CURL_TRC_CF(data, cf, "error %d adding shutdown packet, " + "aborting shutdown", err); + result = CURLE_SEND_ERROR; + goto out; } - cf_quiche_ctx_clear(ctx); } + + if(!Curl_bufq_is_empty(&ctx->q.sendbuf)) { + CURL_TRC_CF(data, cf, "shutdown, flushing sendbuf"); + result = cf_flush_egress(cf, data); + if(result) + goto out; + } + + if(Curl_bufq_is_empty(&ctx->q.sendbuf)) { + /* sent everything, quiche does not seem to support a graceful + * shutdown waiting for a reply, so ware done. */ + CURL_TRC_CF(data, cf, "shutdown completely sent off, done"); + *done = TRUE; + } + else { + CURL_TRC_CF(data, cf, "shutdown sending blocked"); + } + +out: + return result; } -static void cf_quiche_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) +static void cf_quiche_close(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_quiche_ctx *ctx = cf->ctx; + if(cf->ctx) { + bool done; + (void)cf_quiche_shutdown(cf, data, &done); + cf_quiche_ctx_close(cf->ctx); + } +} +static void cf_quiche_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) +{ (void)data; - cf_quiche_ctx_clear(ctx); - free(ctx); - cf->ctx = NULL; + if(cf->ctx) { + cf_quiche_ctx_free(cf->ctx); + cf->ctx = NULL; + } } static CURLcode cf_quiche_query(struct Curl_cfilter *cf, @@ -1503,7 +1547,7 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, max_streams += quiche_conn_peer_streams_left_bidi(ctx->qconn); } *pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams; - CURL_TRC_CF(data, cf, "query conn[%" CURL_FORMAT_CURL_OFF_T "]: " + CURL_TRC_CF(data, cf, "query conn[%" FMT_OFF_T "]: " "MAX_CONCURRENT -> %d (%zu in use)", cf->conn->connection_id, *pres1, CONN_INUSE(cf->conn)); return CURLE_OK; @@ -1559,8 +1603,8 @@ static bool cf_quiche_conn_is_alive(struct Curl_cfilter *cf, return FALSE; if(*input_pending) { - /* This happens before we've sent off a request and the connection is - not in use by any other transfer, there shouldn't be any data here, + /* This happens before we have sent off a request and the connection is + not in use by any other transfer, there should not be any data here, only "protocol frames" */ *input_pending = FALSE; if(cf_process_ingress(cf, data)) @@ -1580,6 +1624,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_quiche_destroy, cf_quiche_connect, cf_quiche_close, + cf_quiche_shutdown, Curl_cf_def_get_host, cf_quiche_adjust_pollset, cf_quiche_data_pending, @@ -1607,6 +1652,7 @@ CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf, result = CURLE_OUT_OF_MEMORY; goto out; } + cf_quiche_ctx_init(ctx); result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); if(result) @@ -1626,7 +1672,7 @@ CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf, if(udp_cf) Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); Curl_safefree(cf); - Curl_safefree(ctx); + cf_quiche_ctx_free(ctx); } return result; diff --git a/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.c b/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.c index aca18b45..cc8c22d7 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.c +++ b/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.c @@ -76,7 +76,7 @@ static void keylog_callback(const WOLFSSL *ssl, const char *line) } #endif -static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, +static CURLcode Curl_wssl_init_ctx(struct curl_tls_ctx *ctx, struct Curl_cfilter *cf, struct Curl_easy *data, Curl_vquic_tls_ctx_setup *cb_setup, @@ -91,8 +91,8 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, goto out; } - ctx->ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); - if(!ctx->ssl_ctx) { + ctx->wssl.ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + if(!ctx->wssl.ctx) { result = CURLE_OUT_OF_MEMORY; goto out; } @@ -103,9 +103,9 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, goto out; } - wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); + wolfSSL_CTX_set_default_verify_paths(ctx->wssl.ctx); - if(wolfSSL_CTX_set_cipher_list(ctx->ssl_ctx, conn_config->cipher_list13 ? + if(wolfSSL_CTX_set_cipher_list(ctx->wssl.ctx, conn_config->cipher_list13 ? conn_config->cipher_list13 : QUIC_CIPHERS) != 1) { char error_buffer[256]; @@ -115,7 +115,7 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, goto out; } - if(wolfSSL_CTX_set1_groups_list(ctx->ssl_ctx, conn_config->curves ? + if(wolfSSL_CTX_set1_groups_list(ctx->wssl.ctx, conn_config->curves ? conn_config->curves : (char *)QUIC_GROUPS) != 1) { failf(data, "wolfSSL failed to set curves"); @@ -127,7 +127,7 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, Curl_tls_keylog_open(); if(Curl_tls_keylog_enabled()) { #if defined(HAVE_SECRET_CALLBACK) - wolfSSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback); + wolfSSL_CTX_set_keylog_callback(ctx->wssl.ctx, keylog_callback); #else failf(data, "wolfSSL was built without keylog callback"); result = CURLE_NOT_BUILT_IN; @@ -139,12 +139,12 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, const char * const ssl_cafile = conn_config->CAfile; const char * const ssl_capath = conn_config->CApath; - wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL); + wolfSSL_CTX_set_verify(ctx->wssl.ctx, SSL_VERIFY_PEER, NULL); if(ssl_cafile || ssl_capath) { /* tell wolfSSL where to find CA certificates that are used to verify the server's certificate. */ int rc = - wolfSSL_CTX_load_verify_locations_ex(ctx->ssl_ctx, ssl_cafile, + wolfSSL_CTX_load_verify_locations_ex(ctx->wssl.ctx, ssl_cafile, ssl_capath, WOLFSSL_LOAD_FLAG_IGNORE_ERR); if(SSL_SUCCESS != rc) { @@ -161,20 +161,20 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, } #ifdef CURL_CA_FALLBACK else { - /* verifying the peer without any CA certificates won't work so - use wolfssl's built-in default as fallback */ - wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); + /* verifying the peer without any CA certificates will not work so + use wolfSSL's built-in default as fallback */ + wolfSSL_CTX_set_default_verify_paths(ctx->wssl.ctx); } #endif } else { - wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_NONE, NULL); + wolfSSL_CTX_set_verify(ctx->wssl.ctx, SSL_VERIFY_NONE, NULL); } /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { Curl_set_in_callback(data, true); - result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx, + result = (*data->set.ssl.fsslctx)(data, ctx->wssl.ctx, data->set.ssl.fsslctxp); Curl_set_in_callback(data, false); if(result) { @@ -185,36 +185,36 @@ static CURLcode curl_wssl_init_ctx(struct curl_tls_ctx *ctx, result = CURLE_OK; out: - if(result && ctx->ssl_ctx) { - SSL_CTX_free(ctx->ssl_ctx); - ctx->ssl_ctx = NULL; + if(result && ctx->wssl.ctx) { + SSL_CTX_free(ctx->wssl.ctx); + ctx->wssl.ctx = NULL; } return result; } /** SSL callbacks ***/ -static CURLcode curl_wssl_init_ssl(struct curl_tls_ctx *ctx, +static CURLcode Curl_wssl_init_ssl(struct curl_tls_ctx *ctx, struct Curl_easy *data, struct ssl_peer *peer, const char *alpn, size_t alpn_len, void *user_data) { (void)data; - DEBUGASSERT(!ctx->ssl); - DEBUGASSERT(ctx->ssl_ctx); - ctx->ssl = wolfSSL_new(ctx->ssl_ctx); + DEBUGASSERT(!ctx->wssl.handle); + DEBUGASSERT(ctx->wssl.ctx); + ctx->wssl.handle = wolfSSL_new(ctx->wssl.ctx); - wolfSSL_set_app_data(ctx->ssl, user_data); - wolfSSL_set_connect_state(ctx->ssl); - wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); + wolfSSL_set_app_data(ctx->wssl.handle, user_data); + wolfSSL_set_connect_state(ctx->wssl.handle); + wolfSSL_set_quic_use_legacy_codepoint(ctx->wssl.handle, 0); if(alpn) - wolfSSL_set_alpn_protos(ctx->ssl, (const unsigned char *)alpn, - (int)alpn_len); + wolfSSL_set_alpn_protos(ctx->wssl.handle, (const unsigned char *)alpn, + (unsigned int)alpn_len); if(peer->sni) { - wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME, + wolfSSL_UseSNI(ctx->wssl.handle, WOLFSSL_SNI_HOST_NAME, peer->sni, (unsigned short)strlen(peer->sni)); } @@ -243,11 +243,11 @@ CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx, (const unsigned char *)alpn, alpn_len, cb_setup, cb_user_data, ssl_user_data); #elif defined(USE_WOLFSSL) - result = curl_wssl_init_ctx(ctx, cf, data, cb_setup, cb_user_data); + result = Curl_wssl_init_ctx(ctx, cf, data, cb_setup, cb_user_data); if(result) return result; - return curl_wssl_init_ssl(ctx, data, peer, alpn, alpn_len, ssl_user_data); + return Curl_wssl_init_ssl(ctx, data, peer, alpn, alpn_len, ssl_user_data); #else #error "no TLS lib in used, should not happen" return CURLE_FAILED_INIT; @@ -262,15 +262,14 @@ void Curl_vquic_tls_cleanup(struct curl_tls_ctx *ctx) if(ctx->ossl.ssl_ctx) SSL_CTX_free(ctx->ossl.ssl_ctx); #elif defined(USE_GNUTLS) - if(ctx->gtls.cred) - gnutls_certificate_free_credentials(ctx->gtls.cred); if(ctx->gtls.session) gnutls_deinit(ctx->gtls.session); + Curl_gtls_shared_creds_free(&ctx->gtls.shared_creds); #elif defined(USE_WOLFSSL) - if(ctx->ssl) - wolfSSL_free(ctx->ssl); - if(ctx->ssl_ctx) - wolfSSL_CTX_free(ctx->ssl_ctx); + if(ctx->wssl.handle) + wolfSSL_free(ctx->wssl.handle); + if(ctx->wssl.ctx) + wolfSSL_CTX_free(ctx->wssl.ctx); #endif memset(ctx, 0, sizeof(*ctx)); } @@ -286,8 +285,14 @@ CURLcode Curl_vquic_tls_before_recv(struct curl_tls_ctx *ctx, return result; ctx->ossl.x509_store_setup = TRUE; } +#elif defined(USE_WOLFSSL) + if(!ctx->wssl.x509_store_setup) { + CURLcode result = Curl_wssl_setup_x509_store(cf, data, &ctx->wssl); + if(result) + return result; + } #elif defined(USE_GNUTLS) - if(!ctx->gtls.trust_setup) { + if(!ctx->gtls.shared_creds->trust_setup) { CURLcode result = Curl_gtls_client_trust_setup(cf, data, &ctx->gtls); if(result) return result; @@ -325,7 +330,7 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx, (void)data; if(conn_config->verifyhost) { if(peer->sni) { - WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->ssl); + WOLFSSL_X509* cert = wolfSSL_get_peer_certificate(ctx->wssl.handle); if(wolfSSL_X509_check_host(cert, peer->sni, strlen(peer->sni), 0, NULL) == WOLFSSL_FAILURE) { result = CURLE_PEER_FAILED_VERIFICATION; diff --git a/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.h b/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.h index 1d35fd0e..0ec74bfb 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.h +++ b/vendor/hydra/vendor/curl/lib/vquic/vquic-tls.h @@ -31,14 +31,15 @@ #if defined(USE_HTTP3) && \ (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL)) +#include "vtls/wolfssl.h" + struct curl_tls_ctx { #ifdef USE_OPENSSL struct ossl_ctx ossl; #elif defined(USE_GNUTLS) struct gtls_ctx gtls; #elif defined(USE_WOLFSSL) - WOLFSSL_CTX *ssl_ctx; - WOLFSSL *ssl; + struct wolfssl_ctx wssl; #endif }; diff --git a/vendor/hydra/vendor/curl/lib/vquic/vquic.c b/vendor/hydra/vendor/curl/lib/vquic/vquic.c index 9ce1e462..4648b5a0 100644 --- a/vendor/hydra/vendor/curl/lib/vquic/vquic.c +++ b/vendor/hydra/vendor/curl/lib/vquic/vquic.c @@ -22,7 +22,7 @@ * ***************************************************************************/ -/* WIP, experimental: use recvmmsg() on linux +/* WIP, experimental: use recvmmsg() on Linux * we have no configure check, yet * and also it is only available for _GNU_SOURCE, which * we do not use otherwise. @@ -36,6 +36,9 @@ #include "curl_setup.h" +#ifdef HAVE_NETINET_UDP_H +#include +#endif #ifdef HAVE_FCNTL_H #include #endif @@ -329,6 +332,36 @@ CURLcode vquic_send_tail_split(struct Curl_cfilter *cf, struct Curl_easy *data, return vquic_flush(cf, data, qctx); } +#if defined(HAVE_SENDMMSG) || defined(HAVE_SENDMSG) +static size_t msghdr_get_udp_gro(struct msghdr *msg) +{ + int gso_size = 0; +#if defined(__linux__) && defined(UDP_GRO) + struct cmsghdr *cmsg; + + /* Workaround musl CMSG_NXTHDR issue */ +#ifndef __GLIBC__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wsign-compare" +#pragma clang diagnostic ignored "-Wcast-align" +#endif + for(cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { +#ifndef __GLIBC__ +#pragma clang diagnostic pop +#endif + if(cmsg->cmsg_level == SOL_UDP && cmsg->cmsg_type == UDP_GRO) { + memcpy(&gso_size, CMSG_DATA(cmsg), sizeof(gso_size)); + + break; + } + } +#endif + (void)msg; + + return (size_t)gso_size; +} +#endif + #ifdef HAVE_SENDMMSG static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -339,12 +372,16 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, #define MMSG_NUM 64 struct iovec msg_iov[MMSG_NUM]; struct mmsghdr mmsg[MMSG_NUM]; + uint8_t msg_ctrl[MMSG_NUM * CMSG_SPACE(sizeof(uint16_t))]; uint8_t bufs[MMSG_NUM][2*1024]; struct sockaddr_storage remote_addr[MMSG_NUM]; size_t total_nread, pkts; int mcount, i, n; char errstr[STRERROR_LEN]; CURLcode result = CURLE_OK; + size_t gso_size; + size_t pktlen; + size_t offset, to; DEBUGASSERT(max_pkts > 0); pkts = 0; @@ -359,6 +396,8 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, mmsg[i].msg_hdr.msg_iovlen = 1; mmsg[i].msg_hdr.msg_name = &remote_addr[i]; mmsg[i].msg_hdr.msg_namelen = sizeof(remote_addr[i]); + mmsg[i].msg_hdr.msg_control = &msg_ctrl[i]; + mmsg[i].msg_hdr.msg_controllen = CMSG_SPACE(sizeof(uint16_t)); } while((mcount = recvmmsg(qctx->sockfd, mmsg, n, 0, NULL)) == -1 && @@ -385,14 +424,30 @@ static CURLcode recvmmsg_packets(struct Curl_cfilter *cf, } CURL_TRC_CF(data, cf, "recvmmsg() -> %d packets", mcount); - pkts += mcount; for(i = 0; i < mcount; ++i) { total_nread += mmsg[i].msg_len; - result = recv_cb(bufs[i], mmsg[i].msg_len, - mmsg[i].msg_hdr.msg_name, mmsg[i].msg_hdr.msg_namelen, - 0, userp); - if(result) - goto out; + + gso_size = msghdr_get_udp_gro(&mmsg[i].msg_hdr); + if(gso_size == 0) { + gso_size = mmsg[i].msg_len; + } + + for(offset = 0; offset < mmsg[i].msg_len; offset = to) { + ++pkts; + + to = offset + gso_size; + if(to > mmsg[i].msg_len) { + pktlen = mmsg[i].msg_len - offset; + } + else { + pktlen = gso_size; + } + + result = recv_cb(bufs[i] + offset, pktlen, mmsg[i].msg_hdr.msg_name, + mmsg[i].msg_hdr.msg_namelen, 0, userp); + if(result) + goto out; + } } } @@ -418,6 +473,10 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, ssize_t nread; char errstr[STRERROR_LEN]; CURLcode result = CURLE_OK; + uint8_t msg_ctrl[CMSG_SPACE(sizeof(uint16_t))]; + size_t gso_size; + size_t pktlen; + size_t offset, to; msg_iov.iov_base = buf; msg_iov.iov_len = (int)sizeof(buf); @@ -425,11 +484,13 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, memset(&msg, 0, sizeof(msg)); msg.msg_iov = &msg_iov; msg.msg_iovlen = 1; + msg.msg_control = msg_ctrl; DEBUGASSERT(max_pkts > 0); for(pkts = 0, total_nread = 0; pkts < max_pkts;) { msg.msg_name = &remote_addr; msg.msg_namelen = sizeof(remote_addr); + msg.msg_controllen = sizeof(msg_ctrl); while((nread = recvmsg(qctx->sockfd, &msg, 0)) == -1 && SOCKERRNO == EINTR) ; @@ -452,12 +513,29 @@ static CURLcode recvmsg_packets(struct Curl_cfilter *cf, goto out; } - ++pkts; total_nread += (size_t)nread; - result = recv_cb(buf, (size_t)nread, msg.msg_name, msg.msg_namelen, - 0, userp); - if(result) - goto out; + + gso_size = msghdr_get_udp_gro(&msg); + if(gso_size == 0) { + gso_size = (size_t)nread; + } + + for(offset = 0; offset < (size_t)nread; offset = to) { + ++pkts; + + to = offset + gso_size; + if(to > (size_t)nread) { + pktlen = (size_t)nread - offset; + } + else { + pktlen = gso_size; + } + + result = + recv_cb(buf + offset, pktlen, msg.msg_name, msg.msg_namelen, 0, userp); + if(result) + goto out; + } } out: @@ -642,7 +720,7 @@ CURLcode Curl_conn_may_http3(struct Curl_easy *data, const struct connectdata *conn) { if(conn->transport == TRNSPRT_UNIX) { - /* cannot do QUIC over a unix domain socket */ + /* cannot do QUIC over a Unix domain socket */ return CURLE_QUIC_CONNECT_ERROR; } if(!(conn->handler->flags & PROTOPT_SSL)) { @@ -655,7 +733,7 @@ CURLcode Curl_conn_may_http3(struct Curl_easy *data, return CURLE_URL_MALFORMAT; } if(conn->bits.httpproxy && conn->bits.tunnel_proxy) { - failf(data, "HTTP/3 is not supported over a HTTP proxy"); + failf(data, "HTTP/3 is not supported over an HTTP proxy"); return CURLE_URL_MALFORMAT; } #endif diff --git a/vendor/hydra/vendor/curl/lib/vssh/libssh.c b/vendor/hydra/vendor/curl/lib/vssh/libssh.c index d6ba987f..230fddce 100644 --- a/vendor/hydra/vendor/curl/lib/vssh/libssh.c +++ b/vendor/hydra/vendor/curl/lib/vssh/libssh.c @@ -31,11 +31,6 @@ #include -/* in 0.10.0 or later, ignore deprecated warnings */ -#define SSH_SUPPRESS_DEPRECATED -#include -#include - #ifdef HAVE_NETINET_IN_H #include #endif @@ -388,28 +383,25 @@ static int myssh_is_known(struct Curl_easy *data) goto cleanup; } - if(data->set.ssl.primary.verifyhost != TRUE) { - rc = SSH_OK; - goto cleanup; - } + if(data->set.str[STRING_SSH_KNOWNHOSTS]) { #if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0) - /* Get the known_key from the known hosts file */ - vstate = ssh_session_get_known_hosts_entry(sshc->ssh_session, - &knownhostsentry); - - /* Case an entry was found in a known hosts file */ - if(knownhostsentry) { - if(knownhostsentry->publickey) { - rc = ssh_pki_export_pubkey_base64(knownhostsentry->publickey, - &known_base64); - if(rc != SSH_OK) { - goto cleanup; - } - knownkey.key = known_base64; - knownkey.len = strlen(known_base64); + /* Get the known_key from the known hosts file */ + vstate = ssh_session_get_known_hosts_entry(sshc->ssh_session, + &knownhostsentry); + + /* Case an entry was found in a known hosts file */ + if(knownhostsentry) { + if(knownhostsentry->publickey) { + rc = ssh_pki_export_pubkey_base64(knownhostsentry->publickey, + &known_base64); + if(rc != SSH_OK) { + goto cleanup; + } + knownkey.key = known_base64; + knownkey.len = strlen(known_base64); - switch(ssh_key_type(knownhostsentry->publickey)) { + switch(ssh_key_type(knownhostsentry->publickey)) { case SSH_KEYTYPE_RSA: knownkey.keytype = CURLKHTYPE_RSA; break; @@ -431,12 +423,12 @@ static int myssh_is_known(struct Curl_easy *data) default: rc = SSH_ERROR; goto cleanup; + } + knownkeyp = &knownkey; } - knownkeyp = &knownkey; } - } - switch(vstate) { + switch(vstate) { case SSH_KNOWN_HOSTS_OK: keymatch = CURLKHMATCH_OK; break; @@ -446,14 +438,14 @@ static int myssh_is_known(struct Curl_easy *data) case SSH_KNOWN_HOSTS_ERROR: keymatch = CURLKHMATCH_MISSING; break; - default: + default: keymatch = CURLKHMATCH_MISMATCH; break; - } + } #else - vstate = ssh_is_server_known(sshc->ssh_session); - switch(vstate) { + vstate = ssh_is_server_known(sshc->ssh_session); + switch(vstate) { case SSH_SERVER_KNOWN_OK: keymatch = CURLKHMATCH_OK; break; @@ -461,21 +453,21 @@ static int myssh_is_known(struct Curl_easy *data) case SSH_SERVER_NOT_KNOWN: keymatch = CURLKHMATCH_MISSING; break; - default: + default: keymatch = CURLKHMATCH_MISMATCH; break; - } + } #endif - if(func) { /* use callback to determine action */ - rc = ssh_pki_export_pubkey_base64(pubkey, &found_base64); - if(rc != SSH_OK) - goto cleanup; + if(func) { /* use callback to determine action */ + rc = ssh_pki_export_pubkey_base64(pubkey, &found_base64); + if(rc != SSH_OK) + goto cleanup; - foundkey.key = found_base64; - foundkey.len = strlen(found_base64); + foundkey.key = found_base64; + foundkey.len = strlen(found_base64); - switch(ssh_key_type(pubkey)) { + switch(ssh_key_type(pubkey)) { case SSH_KEYTYPE_RSA: foundkey.keytype = CURLKHTYPE_RSA; break; @@ -501,15 +493,15 @@ static int myssh_is_known(struct Curl_easy *data) default: rc = SSH_ERROR; goto cleanup; - } + } - Curl_set_in_callback(data, true); - rc = func(data, knownkeyp, /* from the knownhosts file */ - &foundkey, /* from the remote host */ - keymatch, data->set.ssh_keyfunc_userp); - Curl_set_in_callback(data, false); + Curl_set_in_callback(data, true); + rc = func(data, knownkeyp, /* from the knownhosts file */ + &foundkey, /* from the remote host */ + keymatch, data->set.ssh_keyfunc_userp); + Curl_set_in_callback(data, false); - switch(rc) { + switch(rc) { case CURLKHSTAT_FINE_ADD_TO_FILE: #if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,8,0) rc = ssh_session_update_known_hosts(sshc->ssh_session); @@ -525,12 +517,13 @@ static int myssh_is_known(struct Curl_easy *data) default: /* REJECT/DEFER */ rc = SSH_ERROR; goto cleanup; + } } - } - else { - if(keymatch != CURLKHMATCH_OK) { - rc = SSH_ERROR; - goto cleanup; + else { + if(keymatch != CURLKHMATCH_OK) { + rc = SSH_ERROR; + goto cleanup; + } } } rc = SSH_OK; @@ -663,7 +656,7 @@ int myssh_auth_interactive(struct connectdata *conn) /* * ssh_statemach_act() runs the SSH state machine as far as it can without - * blocking and without reaching the end. The data the pointer 'block' points + * blocking and without reaching the end. The data the pointer 'block' points * to will be set to TRUE if the libssh function returns SSH_AGAIN * meaning it wants to be called again when the socket is ready */ @@ -677,7 +670,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) int rc = SSH_NO_ERROR, err; int seekerr = CURL_SEEKFUNC_OK; const char *err_msg; - *block = 0; /* we're not blocking by default */ + *block = 0; /* we are not blocking by default */ do { @@ -742,7 +735,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; } - sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); + sshc->auth_methods = + (unsigned int)ssh_userauth_list(sshc->ssh_session, NULL); if(sshc->auth_methods) infof(data, "SSH authentication methods available: %s%s%s%s", sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY ? @@ -1242,7 +1236,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) if(attrs) { curl_off_t size = attrs->size; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); MOVE_TO_ERROR_STATE(CURLE_BAD_DOWNLOAD_RESUME); break; } @@ -1308,7 +1302,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) failf(data, "Could not seek stream"); return CURLE_FTP_COULDNT_USE_REST; } - /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { char scratch[4*1024]; size_t readthisamountnow = @@ -1351,12 +1345,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) Curl_pgrsSetUploadSize(data, data->state.infilesize); } /* upload data */ - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->sockfd = conn->writesockfd; - /* store this original bitmask setup to use later on if we can't + /* store this original bitmask setup to use later on if we cannot figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; @@ -1365,7 +1359,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) with both accordingly */ data->state.select_bits = CURL_CSELECT_OUT; - /* since we don't really wait for anything at this point, we want the + /* since we do not really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short timeout here */ Curl_expire(data, 0, EXPIRE_RUN_NOW); @@ -1404,7 +1398,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) ++sshc->slash_pos; if(rc < 0) { /* - * Abort if failure wasn't that the dir already exists or the + * Abort if failure was not that the dir already exists or the * permission was denied (creation might succeed further down the * path) - retry on unspecific FAILURE also */ @@ -1577,7 +1571,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) sshc->sftp_dir = NULL; /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); state(data, SSH_STOP); break; @@ -1611,9 +1605,9 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) !(attrs->flags & SSH_FILEXFER_ATTR_SIZE) || (attrs->size == 0)) { /* - * sftp_fstat didn't return an error, so maybe the server - * just doesn't support stat() - * OR the server doesn't return a file size with a stat() + * sftp_fstat did not return an error, so maybe the server + * just does not support stat() + * OR the server does not return a file size with a stat() * OR file size is 0 */ data->req.size = -1; @@ -1627,7 +1621,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) sftp_attributes_free(attrs); if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } if(data->state.use_range) { @@ -1657,9 +1651,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) to = size - 1; } if(from > size) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", from, size); + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", from, size); return CURLE_BAD_DOWNLOAD_RESUME; } if(from > to) { @@ -1686,12 +1679,10 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* We can resume if we can seek to the resume position */ if(data->state.resume_from) { if(data->state.resume_from < 0) { - /* We're supposed to download the last abs(from) bytes */ + /* We are supposed to download the last abs(from) bytes */ if((curl_off_t)size < -data->state.resume_from) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", - data->state.resume_from, size); + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", data->state.resume_from, size); return CURLE_BAD_DOWNLOAD_RESUME; } /* download from where? */ @@ -1699,8 +1690,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } else { if((curl_off_t)size < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, size); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -1722,12 +1713,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* Setup the actual download */ if(data->req.size == 0) { /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); infof(data, "File already completely downloaded"); state(data, SSH_STOP); break; } - Curl_xfer_setup(data, FIRSTSOCKET, data->req.size, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, data->req.size, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->writesockfd = conn->sockfd; @@ -1851,12 +1842,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } /* upload data */ - Curl_xfer_setup(data, -1, data->req.size, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->sockfd = conn->writesockfd; - /* store this original bitmask setup to use later on if we can't + /* store this original bitmask setup to use later on if we cannot figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; @@ -1895,7 +1886,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* download data */ bytecount = ssh_scp_request_get_size(sshc->scp_session); data->req.maxdownload = (curl_off_t) bytecount; - Curl_xfer_setup(data, FIRSTSOCKET, bytecount, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, bytecount, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->writesockfd = conn->sockfd; @@ -1946,7 +1937,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) FALLTHROUGH(); case SSH_SESSION_DISCONNECT: - /* during weird times when we've been prematurely aborted, the channel + /* during weird times when we have been prematurely aborted, the channel is still alive when we reach this state and we MUST kill the channel properly first */ if(sshc->scp_session) { @@ -2063,7 +2054,7 @@ static void myssh_block2waitfor(struct connectdata *conn, bool block) { struct ssh_conn *sshc = &conn->proto.sshc; - /* If it didn't block, or nothing was returned by ssh_get_poll_flags + /* If it did not block, or nothing was returned by ssh_get_poll_flags * have the original set */ conn->waitfor = sshc->orig_waitfor; @@ -2358,7 +2349,7 @@ static CURLcode scp_disconnect(struct Curl_easy *data, (void) dead_connection; if(ssh->ssh_session) { - /* only if there's a session still around to use! */ + /* only if there is a session still around to use! */ state(data, SSH_SESSION_DISCONNECT); @@ -2405,12 +2396,13 @@ static CURLcode scp_done(struct Curl_easy *data, CURLcode status, } static ssize_t scp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { int rc; struct connectdata *conn = data->conn; (void) sockindex; /* we only support SCP on the fixed known primary socket */ (void) err; + (void)eos; rc = ssh_scp_write(conn->proto.sshc.scp_session, mem, len); @@ -2523,7 +2515,7 @@ static CURLcode sftp_disconnect(struct Curl_easy *data, DEBUGF(infof(data, "SSH DISCONNECT starts now")); if(conn->proto.sshc.ssh_session) { - /* only if there's a session still around to use! */ + /* only if there is a session still around to use! */ state(data, SSH_SFTP_SHUTDOWN); result = myssh_block_statemach(data, TRUE); } @@ -2553,11 +2545,13 @@ static CURLcode sftp_done(struct Curl_easy *data, CURLcode status, /* return number of sent bytes */ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, + CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; (void)sockindex; + (void)eos; /* limit the writes to the maximum specified in Section 3 of * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02 @@ -2613,7 +2607,7 @@ static ssize_t sftp_recv(struct Curl_easy *data, int sockindex, nread = sftp_async_read(conn->proto.sshc.sftp_file, mem, (uint32_t)len, - conn->proto.sshc.sftp_file_index); + (uint32_t)conn->proto.sshc.sftp_file_index); myssh_block2waitfor(conn, (nread == SSH_AGAIN)?TRUE:FALSE); @@ -2717,7 +2711,7 @@ static void sftp_quote(struct Curl_easy *data) } /* - * SFTP is a binary protocol, so we don't send text commands + * SFTP is a binary protocol, so we do not send text commands * to the server. Instead, we scan for commands used by * OpenSSH's sftp program and call the appropriate libssh * functions. diff --git a/vendor/hydra/vendor/curl/lib/vssh/libssh2.c b/vendor/hydra/vendor/curl/lib/vssh/libssh2.c index abdf42e5..83e356c0 100644 --- a/vendor/hydra/vendor/curl/lib/vssh/libssh2.c +++ b/vendor/hydra/vendor/curl/lib/vssh/libssh2.c @@ -30,9 +30,6 @@ #include -#include -#include - #ifdef HAVE_FCNTL_H #include #endif @@ -405,8 +402,8 @@ static int sshkeycallback(struct Curl_easy *easy, #endif /* - * Earlier libssh2 versions didn't have the ability to seek to 64bit positions - * with 32bit size_t. + * Earlier libssh2 versions did not have the ability to seek to 64-bit + * positions with 32-bit size_t. */ #ifdef HAVE_LIBSSH2_SFTP_SEEK64 #define SFTP_SEEK(x,y) libssh2_sftp_seek64(x, (libssh2_uint64_t)y) @@ -415,27 +412,27 @@ static int sshkeycallback(struct Curl_easy *easy, #endif /* - * Earlier libssh2 versions didn't do SCP properly beyond 32bit sizes on 32bit - * architectures so we check of the necessary function is present. + * Earlier libssh2 versions did not do SCP properly beyond 32-bit sizes on + * 32-bit architectures so we check of the necessary function is present. */ #ifndef HAVE_LIBSSH2_SCP_SEND64 #define SCP_SEND(a,b,c,d) libssh2_scp_send_ex(a, b, (int)(c), (size_t)d, 0, 0) #else #define SCP_SEND(a,b,c,d) libssh2_scp_send64(a, b, (int)(c), \ - (libssh2_uint64_t)d, 0, 0) + (libssh2_int64_t)d, 0, 0) #endif /* - * libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64. + * libssh2 1.2.8 fixed the problem with 32-bit ints used for sockets on win64. */ #ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE #define session_startup(x,y) libssh2_session_handshake(x, y) #else #define session_startup(x,y) libssh2_session_startup(x, (int)y) #endif -static int convert_ssh2_keytype(int sshkeytype) +static enum curl_khtype convert_ssh2_keytype(int sshkeytype) { - int keytype = CURLKHTYPE_UNKNOWN; + enum curl_khtype keytype = CURLKHTYPE_UNKNOWN; switch(sshkeytype) { case LIBSSH2_HOSTKEY_TYPE_RSA: keytype = CURLKHTYPE_RSA; @@ -476,7 +473,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) #ifdef HAVE_LIBSSH2_KNOWNHOST_API if(data->set.str[STRING_SSH_KNOWNHOSTS]) { - /* we're asked to verify the host against a file */ + /* we are asked to verify the host against a file */ struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; struct libssh2_knownhost *host = NULL; @@ -487,8 +484,8 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) if(remotekey) { /* - * A subject to figure out is what host name we need to pass in here. - * What host name does OpenSSH store in its file if an IDN name is + * A subject to figure out is what hostname we need to pass in here. + * What hostname does OpenSSH store in its file if an IDN name is * used? */ enum curl_khmatch keymatch; @@ -526,7 +523,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) break; #endif default: - infof(data, "unsupported key type, can't check knownhosts"); + infof(data, "unsupported key type, cannot check knownhosts"); keybit = 0; break; } @@ -600,7 +597,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; break; case CURLKHSTAT_FINE_REPLACE: - /* remove old host+key that doesn't match */ + /* remove old host+key that does not match */ if(host) libssh2_knownhost_del(sshc->kh, host); FALLTHROUGH(); @@ -608,7 +605,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) case CURLKHSTAT_FINE_ADD_TO_FILE: /* proceed */ if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) { - /* the found host+key didn't match but has been told to be fine + /* the found host+key did not match but has been told to be fine anyway so we add it in memory */ int addrc = libssh2_knownhost_add(sshc->kh, conn->host.name, NULL, @@ -662,7 +659,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) size_t b64_pos = 0; #ifdef LIBSSH2_HOSTKEY_HASH_SHA256 - /* The fingerprint points to static storage (!), don't free() it. */ + /* The fingerprint points to static storage (!), do not free() it. */ fingerprint = libssh2_hostkey_hash(sshc->ssh_session, LIBSSH2_HOSTKEY_HASH_SHA256); #else @@ -742,7 +739,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) LIBSSH2_HOSTKEY_HASH_MD5); if(fingerprint) { - /* The fingerprint points to static storage (!), don't free() it. */ + /* The fingerprint points to static storage (!), do not free() it. */ int i; for(i = 0; i < 16; i++) { msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); @@ -780,10 +777,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) const char *remotekey = libssh2_session_hostkey(sshc->ssh_session, &keylen, &sshkeytype); if(remotekey) { - int keytype = convert_ssh2_keytype(sshkeytype); + enum curl_khtype keytype = convert_ssh2_keytype(sshkeytype); Curl_set_in_callback(data, true); rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp, - keytype, remotekey, keylen); + (int)keytype, remotekey, keylen); Curl_set_in_callback(data, false); if(rc!= CURLKHMATCH_OK) { state(data, SSH_SESSION_FREE); @@ -960,7 +957,7 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data) /* * ssh_statemach_act() runs the SSH state machine as far as it can without - * blocking and without reaching the end. The data the pointer 'block' points + * blocking and without reaching the end. The data the pointer 'block' points * to will be set to TRUE if the libssh2 function returns LIBSSH2_ERROR_EAGAIN * meaning it wants to be called again when the socket is ready */ @@ -977,7 +974,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) unsigned long sftperr; int seekerr = CURL_SEEKFUNC_OK; size_t readdir_len; - *block = 0; /* we're not blocking by default */ + *block = 0; /* we are not blocking by default */ do { switch(sshc->state) { @@ -1037,7 +1034,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) * must never change it later. Thus, always specify the correct username * here, even though the libssh2 docs kind of indicate that it should be * possible to get a 'generic' list (not user-specific) of authentication - * methods, presumably with a blank username. That won't work in my + * methods, presumably with a blank username. That will not work in my * experience. * So always specify it here. */ @@ -1440,7 +1437,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) if(sftperr) result = sftp_libssh2_error_to_CURLE(sftperr); else - /* in this case, the error wasn't in the SFTP level but for example + /* in this case, the error was not in the SFTP level but for example a time-out or similar */ result = CURLE_SSH; sshc->actualcode = result; @@ -1571,7 +1568,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } /* - * SFTP is a binary protocol, so we don't send text commands + * SFTP is a binary protocol, so we do not send text commands * to the server. Instead, we scan for commands used by * OpenSSH's sftp program and call the appropriate libssh2 * functions. @@ -1709,7 +1706,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) if(!strncasecompare(cmd, "chmod", 5)) { /* Since chown and chgrp only set owner OR group but libssh2 wants to * set them both at once, we need to obtain the current ownership - * first. This takes an extra protocol round trip. + * first. This takes an extra protocol round trip. */ rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2, curlx_uztoui(strlen(sshc->quote_path2)), @@ -1786,7 +1783,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } #if SIZEOF_TIME_T > SIZEOF_LONG if(date > 0xffffffff) { - /* if 'long' can't old >32bit, this date cannot be sent */ + /* if 'long' cannot old >32-bit, this date cannot be sent */ failf(data, "date overflow"); fail = TRUE; } @@ -1860,7 +1857,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) case SSH_SFTP_QUOTE_MKDIR: rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1, curlx_uztoui(strlen(sshc->quote_path1)), - data->set.new_directory_perms); + (long)data->set.new_directory_perms); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } @@ -2026,7 +2023,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } if(rc == 0) { - data->info.filetime = attrs.mtime; + data->info.filetime = (time_t)attrs.mtime; } state(data, SSH_SFTP_TRANS_INIT); @@ -2069,7 +2066,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) else { curl_off_t size = attrs.filesize; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } data->state.resume_from = attrs.filesize; @@ -2090,7 +2087,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sshc->sftp_handle = libssh2_sftp_open_ex(sshc->sftp_session, sshp->path, curlx_uztoui(strlen(sshp->path)), - flags, data->set.new_file_perms, + flags, (long)data->set.new_file_perms, LIBSSH2_SFTP_OPENFILE); if(!sshc->sftp_handle) { @@ -2160,7 +2157,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) failf(data, "Could not seek stream"); return CURLE_FTP_COULDNT_USE_REST; } - /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { char scratch[4*1024]; size_t readthisamountnow = @@ -2199,7 +2196,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) Curl_pgrsSetUploadSize(data, data->state.infilesize); } /* upload data */ - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->sockfd = conn->writesockfd; @@ -2209,7 +2206,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sshc->actualcode = result; } else { - /* store this original bitmask setup to use later on if we can't + /* store this original bitmask setup to use later on if we cannot figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; @@ -2218,7 +2215,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) with both accordingly */ data->state.select_bits = CURL_CSELECT_OUT; - /* since we don't really wait for anything at this point, we want the + /* since we do not really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short timeout here */ Curl_expire(data, 0, EXPIRE_RUN_NOW); @@ -2254,7 +2251,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* 'mode' - parameter is preliminary - default to 0644 */ rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshp->path, curlx_uztoui(strlen(sshp->path)), - data->set.new_directory_perms); + (long)data->set.new_directory_perms); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } @@ -2262,7 +2259,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) ++sshc->slash_pos; if(rc < 0) { /* - * Abort if failure wasn't that the dir already exists or the + * Abort if failure was not that the dir already exists or the * permission was denied (creation might succeed further down the * path) - retry on unspecific FAILURE also */ @@ -2402,7 +2399,8 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) rc = libssh2_sftp_symlink_ex(sshc->sftp_session, Curl_dyn_ptr(&sshp->readdir_link), - (int)Curl_dyn_len(&sshp->readdir_link), + (unsigned int) + Curl_dyn_len(&sshp->readdir_link), sshp->readdir_filename, PATH_MAX, LIBSSH2_SFTP_READLINK); if(rc == LIBSSH2_ERROR_EAGAIN) { @@ -2452,7 +2450,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) Curl_safefree(sshp->readdir_longentry); /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); state(data, SSH_STOP); break; @@ -2463,7 +2461,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sshc->sftp_handle = libssh2_sftp_open_ex(sshc->sftp_session, sshp->path, curlx_uztoui(strlen(sshp->path)), - LIBSSH2_FXF_READ, data->set.new_file_perms, + LIBSSH2_FXF_READ, (long)data->set.new_file_perms, LIBSSH2_SFTP_OPENFILE); if(!sshc->sftp_handle) { if(libssh2_session_last_errno(sshc->ssh_session) == @@ -2496,9 +2494,9 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) || (attrs.filesize == 0)) { /* - * libssh2_sftp_open() didn't return an error, so maybe the server - * just doesn't support stat() - * OR the server doesn't return a file size with a stat() + * libssh2_sftp_open() did not return an error, so maybe the server + * just does not support stat() + * OR the server does not return a file size with a stat() * OR file size is 0 */ data->req.size = -1; @@ -2509,7 +2507,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) curl_off_t size = attrs.filesize; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } if(data->state.use_range) { @@ -2537,10 +2535,8 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) to = size - 1; } if(from > size) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", from, - (curl_off_t)attrs.filesize); + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", from, (curl_off_t)attrs.filesize); return CURLE_BAD_DOWNLOAD_RESUME; } if(from > to) { @@ -2563,11 +2559,10 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* We can resume if we can seek to the resume position */ if(data->state.resume_from) { if(data->state.resume_from < 0) { - /* We're supposed to download the last abs(from) bytes */ + /* We are supposed to download the last abs(from) bytes */ if((curl_off_t)attrs.filesize < -data->state.resume_from) { - failf(data, "Offset (%" - CURL_FORMAT_CURL_OFF_T ") was beyond file size (%" - CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T ") was beyond file size (%" + FMT_OFF_T ")", data->state.resume_from, (curl_off_t)attrs.filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2576,8 +2571,8 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } else { if((curl_off_t)attrs.filesize < data->state.resume_from) { - failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T - ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")", + failf(data, "Offset (%" FMT_OFF_T + ") was beyond file size (%" FMT_OFF_T ")", data->state.resume_from, (curl_off_t)attrs.filesize); return CURLE_BAD_DOWNLOAD_RESUME; } @@ -2594,12 +2589,12 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* Setup the actual download */ if(data->req.size == 0) { /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); infof(data, "File already completely downloaded"); state(data, SSH_STOP); break; } - Curl_xfer_setup(data, FIRSTSOCKET, data->req.size, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, data->req.size, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->writesockfd = conn->sockfd; @@ -2713,7 +2708,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) case SSH_SCP_UPLOAD_INIT: /* * libssh2 requires that the destination path is a full path that - * includes the destination file and name OR ends in a "/" . If this is + * includes the destination file and name OR ends in a "/" . If this is * not done the destination file will be named the same name as the last * directory in the path. */ @@ -2745,7 +2740,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* upload data */ data->req.size = data->state.infilesize; Curl_pgrsSetUploadSize(data, data->state.infilesize); - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->sockfd = conn->writesockfd; @@ -2755,7 +2750,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) sshc->actualcode = result; } else { - /* store this original bitmask setup to use later on if we can't + /* store this original bitmask setup to use later on if we cannot figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; @@ -2816,7 +2811,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* download data */ bytecount = (curl_off_t)sb.st_size; data->req.maxdownload = (curl_off_t)sb.st_size; - Curl_xfer_setup(data, FIRSTSOCKET, bytecount, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, bytecount, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->writesockfd = conn->sockfd; @@ -2915,7 +2910,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_SESSION_DISCONNECT: - /* during weird times when we've been prematurely aborted, the channel + /* during weird times when we have been prematurely aborted, the channel is still alive when we reach this state and we MUST kill the channel properly first */ if(sshc->ssh_channel) { @@ -3071,7 +3066,7 @@ static int ssh_getsock(struct Curl_easy *data, * When one of the libssh2 functions has returned LIBSSH2_ERROR_EAGAIN this * function is used to figure out in what direction and stores this info so * that the multi interface can take advantage of it. Make sure to call this - * function in all cases so that when it _doesn't_ return EAGAIN we can + * function in all cases so that when it _does not_ return EAGAIN we can * restore the default wait bits. */ static void ssh_block2waitfor(struct Curl_easy *data, bool block) @@ -3088,7 +3083,7 @@ static void ssh_block2waitfor(struct Curl_easy *data, bool block) } } if(!dir) - /* It didn't block or libssh2 didn't reveal in which direction, put back + /* It did not block or libssh2 did not reveal in which direction, put back the original set */ conn->waitfor = sshc->orig_waitfor; } @@ -3104,7 +3099,7 @@ static CURLcode ssh_multi_statemach(struct Curl_easy *data, bool *done) do { result = ssh_statemach_act(data, &block); *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; - /* if there's no error, it isn't done and it didn't EWOULDBLOCK, then + /* if there is no error, it is not done and it did not EWOULDBLOCK, then try again */ } while(!result && !*done && !block); ssh_block2waitfor(data, block); @@ -3228,7 +3223,7 @@ static ssize_t ssh_tls_send(libssh2_socket_t sock, const void *buffer, /* swap in the TLS writer function for this call only, and then swap back the SSH one again */ conn->send[0] = ssh->tls_send; - result = Curl_conn_send(data, socknum, buffer, length, &nwrite); + result = Curl_conn_send(data, socknum, buffer, length, FALSE, &nwrite); conn->send[0] = backup; if(result == CURLE_AGAIN) return -EAGAIN; /* magic return code for libssh2 */ @@ -3290,7 +3285,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) #if LIBSSH2_VERSION_NUM >= 0x010B00 if(data->set.server_response_timeout > 0) { libssh2_session_set_read_timeout(sshc->ssh_session, - data->set.server_response_timeout / 1000); + (long)(data->set.server_response_timeout / 1000)); } #endif @@ -3491,7 +3486,7 @@ static CURLcode scp_disconnect(struct Curl_easy *data, (void) dead_connection; if(sshc->ssh_session) { - /* only if there's a session still around to use! */ + /* only if there is a session still around to use! */ state(data, SSH_SESSION_DISCONNECT); result = ssh_block_statemach(data, conn, TRUE); } @@ -3539,12 +3534,13 @@ static CURLcode scp_done(struct Curl_easy *data, CURLcode status, } static ssize_t scp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; (void)sockindex; /* we only support SCP on the fixed known primary socket */ + (void)eos; /* libssh2_channel_write() returns int! */ nwrite = (ssize_t) libssh2_channel_write(sshc->ssh_channel, mem, len); @@ -3647,7 +3643,7 @@ static CURLcode sftp_disconnect(struct Curl_easy *data, DEBUGF(infof(data, "SSH DISCONNECT starts now")); if(sshc->ssh_session) { - /* only if there's a session still around to use! */ + /* only if there is a session still around to use! */ state(data, SSH_SFTP_SHUTDOWN); result = ssh_block_statemach(data, conn, TRUE); } @@ -3677,12 +3673,13 @@ static CURLcode sftp_done(struct Curl_easy *data, CURLcode status, /* return number of sent bytes */ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { ssize_t nwrite; struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; (void)sockindex; + (void)eos; nwrite = libssh2_sftp_write(sshc->sftp_handle, mem, len); diff --git a/vendor/hydra/vendor/curl/lib/vssh/ssh.h b/vendor/hydra/vendor/curl/lib/vssh/ssh.h index ca0533aa..2ed78649 100644 --- a/vendor/hydra/vendor/curl/lib/vssh/ssh.h +++ b/vendor/hydra/vendor/curl/lib/vssh/ssh.h @@ -30,6 +30,8 @@ #include #include #elif defined(USE_LIBSSH) +/* in 0.10.0 or later, ignore deprecated warnings */ +#define SSH_SUPPRESS_DEPRECATED #include #include #elif defined(USE_WOLFSSH) @@ -163,7 +165,7 @@ struct ssh_conn { unsigned kbd_state; /* 0 or 1 */ ssh_key privkey; ssh_key pubkey; - int auth_methods; + unsigned int auth_methods; ssh_session ssh_session; ssh_scp scp_session; sftp_session sftp_session; @@ -243,10 +245,10 @@ struct ssh_conn { #endif #ifdef HAVE_LIBSSH2_VERSION -/* get it run-time if possible */ +/* get it runtime if possible */ #define CURL_LIBSSH2_VERSION libssh2_version(0) #else -/* use build-time if run-time not possible */ +/* use build-time if runtime not possible */ #define CURL_LIBSSH2_VERSION LIBSSH2_VERSION #endif diff --git a/vendor/hydra/vendor/curl/lib/vssh/wolfssh.c b/vendor/hydra/vendor/curl/lib/vssh/wolfssh.c index 6a5aed88..1d01bcdb 100644 --- a/vendor/hydra/vendor/curl/lib/vssh/wolfssh.c +++ b/vendor/hydra/vendor/curl/lib/vssh/wolfssh.c @@ -28,8 +28,6 @@ #include -#include -#include #include "urldata.h" #include "cfilters.h" #include "connect.h" @@ -220,13 +218,15 @@ static void state(struct Curl_easy *data, sshstate nowstate) } static ssize_t wscp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, + CURLcode *err) { ssize_t nwrite = 0; (void)data; (void)sockindex; /* we only support SCP on the fixed known primary socket */ (void)mem; (void)len; + (void)eos; (void)err; return nwrite; @@ -247,13 +247,14 @@ static ssize_t wscp_recv(struct Curl_easy *data, int sockindex, /* return number of sent bytes */ static ssize_t wsftp_send(struct Curl_easy *data, int sockindex, - const void *mem, size_t len, CURLcode *err) + const void *mem, size_t len, bool eos, CURLcode *err) { struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; word32 offset[2]; int rc; (void)sockindex; + (void)eos; offset[0] = (word32)sshc->offset&0xFFFFFFFF; offset[1] = (word32)(sshc->offset>>32)&0xFFFFFFFF; @@ -280,7 +281,7 @@ static ssize_t wsftp_send(struct Curl_easy *data, int sockindex, return -1; } DEBUGASSERT(rc == (int)len); - infof(data, "sent %zu bytes SFTP from offset %" CURL_FORMAT_CURL_OFF_T, + infof(data, "sent %zu bytes SFTP from offset %" FMT_OFF_T, len, sshc->offset); sshc->offset += len; return (ssize_t)rc; @@ -400,7 +401,7 @@ static CURLcode wssh_connect(struct Curl_easy *data, bool *done) rc = wolfSSH_SetUsername(sshc->ssh_session, conn->user); if(rc != WS_SUCCESS) { - failf(data, "wolfSSH failed to set user name"); + failf(data, "wolfSSH failed to set username"); goto error; } @@ -433,7 +434,7 @@ static CURLcode wssh_connect(struct Curl_easy *data, bool *done) /* * wssh_statemach_act() runs the SSH state machine as far as it can without - * blocking and without reaching the end. The data the pointer 'block' points + * blocking and without reaching the end. The data the pointer 'block' points * to will be set to TRUE if the wolfssh function returns EAGAIN meaning it * wants to be called again when the socket is ready */ @@ -446,7 +447,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) struct SSHPROTO *sftp_scp = data->req.p.ssh; WS_SFTPNAME *name; int rc = 0; - *block = FALSE; /* we're not blocking by default */ + *block = FALSE; /* we are not blocking by default */ do { switch(sshc->state) { @@ -577,7 +578,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) else { curl_off_t size = ((curl_off_t)attrs.sz[1] << 32) | attrs.sz[0]; if(size < 0) { - failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size); + failf(data, "Bad file size (%" FMT_OFF_T ")", size); return CURLE_BAD_DOWNLOAD_RESUME; } data->state.resume_from = size; @@ -641,7 +642,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) failf(data, "Could not seek stream"); return CURLE_FTP_COULDNT_USE_REST; } - /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + /* seekerr == CURL_SEEKFUNC_CANTSEEK (cannot seek to offset) */ do { char scratch[4*1024]; size_t readthisamountnow = @@ -680,7 +681,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) Curl_pgrsSetUploadSize(data, data->state.infilesize); } /* upload data */ - Curl_xfer_setup(data, -1, -1, FALSE, FIRSTSOCKET); + Curl_xfer_setup1(data, CURL_XFER_SEND, -1, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->sockfd = conn->writesockfd; @@ -690,7 +691,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) sshc->actualcode = result; } else { - /* store this original bitmask setup to use later on if we can't + /* store this original bitmask setup to use later on if we cannot figure out a "real" bitmask */ sshc->orig_waitfor = data->req.keepon; @@ -699,7 +700,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) with both accordingly */ data->state.select_bits = CURL_CSELECT_OUT; - /* since we don't really wait for anything at this point, we want the + /* since we do not really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short timeout here */ Curl_expire(data, 0, EXPIRE_RUN_NOW); @@ -768,7 +769,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) data->req.maxdownload = size; Curl_pgrsSetDownloadSize(data, size); - infof(data, "SFTP download %" CURL_FORMAT_CURL_OFF_T " bytes", size); + infof(data, "SFTP download %" FMT_OFF_T " bytes", size); /* We cannot seek with wolfSSH so resuming and range requests are not possible */ @@ -780,12 +781,12 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) /* Setup the actual download */ if(data->req.size == 0) { /* no data to transfer */ - Curl_xfer_setup(data, -1, -1, FALSE, -1); + Curl_xfer_setup_nop(data); infof(data, "File already completely downloaded"); state(data, SSH_STOP); break; } - Curl_xfer_setup(data, FIRSTSOCKET, data->req.size, FALSE, -1); + Curl_xfer_setup1(data, CURL_XFER_RECV, data->req.size, FALSE); /* not set by Curl_xfer_setup to preserve keepon bits */ conn->writesockfd = conn->sockfd; @@ -908,7 +909,7 @@ static CURLcode wssh_multi_statemach(struct Curl_easy *data, bool *done) do { result = wssh_statemach_act(data, &block); *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; - /* if there's no error, it isn't done and it didn't EWOULDBLOCK, then + /* if there is no error, it is not done and it did not EWOULDBLOCK, then try again */ if(*done) { DEBUGF(infof(data, "wssh_statemach_act says DONE")); @@ -1121,7 +1122,7 @@ static CURLcode wsftp_disconnect(struct Curl_easy *data, DEBUGF(infof(data, "SSH DISCONNECT starts now")); if(conn->proto.sshc.ssh_session) { - /* only if there's a session still around to use! */ + /* only if there is a session still around to use! */ state(data, SSH_SFTP_SHUTDOWN); result = wssh_block_statemach(data, TRUE); } diff --git a/vendor/hydra/vendor/curl/lib/vtls/bearssl.c b/vendor/hydra/vendor/curl/lib/vtls/bearssl.c index a595f54a..0199d6b4 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/bearssl.c +++ b/vendor/hydra/vendor/curl/lib/vtls/bearssl.c @@ -63,6 +63,7 @@ struct bearssl_ssl_backend_data { bool active; /* size of pending write, yet to be flushed */ size_t pending_write; + BIT(sent_shutdown); }; struct cafile_parser { @@ -327,7 +328,7 @@ static unsigned x509_end_chain(const br_x509_class **ctx) struct x509_context *x509 = (struct x509_context *)ctx; if(!x509->verifypeer) { - return br_x509_decoder_last_error(&x509->decoder); + return (unsigned)br_x509_decoder_last_error(&x509->decoder); } return x509->minimal.vtable->end_chain(&x509->minimal.vtable); @@ -360,6 +361,56 @@ static const br_x509_class x509_vtable = { x509_get_pkey }; +static CURLcode +bearssl_set_ssl_version_min_max(struct Curl_easy *data, + br_ssl_engine_context *ssl_eng, + struct ssl_primary_config *conn_config) +{ + unsigned version_min, version_max; + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + version_min = BR_TLS10; + break; + case CURL_SSLVERSION_TLSv1_1: + version_min = BR_TLS11; + break; + case CURL_SSLVERSION_TLSv1_2: + version_min = BR_TLS12; + break; + case CURL_SSLVERSION_TLSv1_3: + failf(data, "BearSSL: does not support TLS 1.3"); + return CURLE_SSL_CONNECT_ERROR; + default: + failf(data, "BearSSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + case CURL_SSLVERSION_MAX_TLSv1_2: + version_max = BR_TLS12; + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + version_max = BR_TLS11; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + version_max = BR_TLS10; + break; + default: + failf(data, "BearSSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + + br_ssl_engine_set_versions(ssl_eng, version_min, version_max); + + return CURLE_OK; +} + static const uint16_t ciphertable[] = { /* RFC 2246 TLS 1.0 */ BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ @@ -494,41 +545,11 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, const bool verifypeer = conn_config->verifypeer; const bool verifyhost = conn_config->verifyhost; CURLcode ret; - unsigned version_min, version_max; int session_set = 0; DEBUGASSERT(backend); CURL_TRC_CF(data, cf, "connect_step1"); - switch(conn_config->version) { - case CURL_SSLVERSION_SSLv2: - failf(data, "BearSSL does not support SSLv2"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_SSLv3: - failf(data, "BearSSL does not support SSLv3"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_0: - version_min = BR_TLS10; - version_max = BR_TLS10; - break; - case CURL_SSLVERSION_TLSv1_1: - version_min = BR_TLS11; - version_max = BR_TLS11; - break; - case CURL_SSLVERSION_TLSv1_2: - version_min = BR_TLS12; - version_max = BR_TLS12; - break; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - version_min = BR_TLS10; - version_max = BR_TLS12; - break; - default: - failf(data, "BearSSL: unknown CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - if(verifypeer) { if(ca_info_blob) { struct cafile_source source; @@ -563,7 +584,11 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, /* initialize SSL context */ br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal, backend->anchors, backend->anchors_len); - br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max); + + ret = bearssl_set_ssl_version_min_max(data, &backend->ctx.eng, conn_config); + if(ret != CURLE_OK) + return ret; + br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf, sizeof(backend->buf), 1); @@ -583,7 +608,7 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, backend->x509.verifyhost = verifyhost; br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable); - if(ssl_config->primary.sessionid) { + if(ssl_config->primary.cache_session) { void *session; CURL_TRC_CF(data, cf, "connect_step1, check session cache"); @@ -647,28 +672,6 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, return CURLE_OK; } -static void bearssl_adjust_pollset(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct easy_pollset *ps) -{ - if(!cf->connected) { - curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); - if(sock != CURL_SOCKET_BAD) { - struct ssl_connect_data *connssl = cf->ctx; - struct bearssl_ssl_backend_data *backend = - (struct bearssl_ssl_backend_data *)connssl->backend; - unsigned state = br_ssl_engine_current_state(&backend->ctx.eng); - - if(state & BR_SSL_SENDREC) { - Curl_pollset_set_out_only(data, ps, sock); - } - else { - Curl_pollset_set_in_only(data, ps, sock); - } - } - } -} - static CURLcode bearssl_run_until(struct Curl_cfilter *cf, struct Curl_easy *data, unsigned target) @@ -685,6 +688,7 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, DEBUGASSERT(backend); + connssl->io_need = CURL_SSL_IO_NEED_NONE; for(;;) { state = br_ssl_engine_current_state(&backend->ctx.eng); if(state & BR_SSL_CLOSED) { @@ -709,7 +713,9 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, failf(data, "SSL: X.509 verification: " "chain could not be linked to a trust anchor"); return CURLE_PEER_FAILED_VERIFICATION; + default:; } + failf(data, "BearSSL: connection error 0x%04x", err); /* X.509 errors are documented to have the range 32..63 */ if(err >= 32 && err < 64) return CURLE_PEER_FAILED_VERIFICATION; @@ -719,9 +725,12 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, return CURLE_OK; if(state & BR_SSL_SENDREC) { buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len); - ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, &result); + ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, FALSE, + &result); CURL_TRC_CF(data, cf, "ssl_send(len=%zu) -> %zd, %d", len, ret, result); if(ret <= 0) { + if(result == CURLE_AGAIN) + connssl->io_need |= CURL_SSL_IO_NEED_SEND; return result; } br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret); @@ -735,6 +744,8 @@ static CURLcode bearssl_run_until(struct Curl_cfilter *cf, return CURLE_RECV_ERROR; } if(ret <= 0) { + if(result == CURLE_AGAIN) + connssl->io_need |= CURL_SSL_IO_NEED_RECV; return result; } br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret); @@ -813,9 +824,7 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf, proto? strlen(proto) : 0); } - if(ssl_config->primary.sessionid) { - bool incache; - void *oldsession; + if(ssl_config->primary.cache_session) { br_ssl_session_parameters *session; session = malloc(sizeof(*session)); @@ -823,13 +832,8 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf, return CURLE_OUT_OF_MEMORY; br_ssl_engine_get_session_parameters(&backend->ctx.eng, session); Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(cf, data, &connssl->peer, - &oldsession, NULL)); - if(incache) - Curl_ssl_delsessionid(data, oldsession); - - ret = Curl_ssl_addsessionid(cf, data, &connssl->peer, session, 0, - bearssl_session_free); + ret = Curl_ssl_set_sessionid(cf, data, &connssl->peer, session, 0, + bearssl_session_free); Curl_ssl_sessionid_unlock(data); if(ret) return ret; @@ -925,9 +929,7 @@ static CURLcode bearssl_connect_common(struct Curl_cfilter *cf, return ret; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -937,14 +939,13 @@ static CURLcode bearssl_connect_common(struct Curl_cfilter *cf, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; CURL_TRC_CF(data, cf, "connect_common, check socket"); what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, @@ -975,11 +976,9 @@ static CURLcode bearssl_connect_common(struct Curl_cfilter *cf, * before step2 has completed while ensuring that a client using select() * or epoll() will always have a valid fdset to wait on. */ + connssl->io_need = CURL_SSL_IO_NEED_NONE; ret = bearssl_connect_step2(cf, data); - if(ret || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(ret || (nonblocking && (ssl_connect_2 == connssl->connecting_state))) return ret; } @@ -1070,20 +1069,54 @@ static void *bearssl_get_internals(struct ssl_connect_data *connssl, return &backend->ctx; } -static void bearssl_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode bearssl_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct bearssl_ssl_backend_data *backend = (struct bearssl_ssl_backend_data *)connssl->backend; - size_t i; + CURLcode result; DEBUGASSERT(backend); + if(!backend->active || cf->shutdown) { + *done = TRUE; + return CURLE_OK; + } - if(backend->active) { - backend->active = FALSE; + *done = FALSE; + if(!backend->sent_shutdown) { + (void)send_shutdown; /* unknown how to suppress our close notify */ br_ssl_engine_close(&backend->ctx.eng); - (void)bearssl_run_until(cf, data, BR_SSL_CLOSED); + backend->sent_shutdown = TRUE; + } + + result = bearssl_run_until(cf, data, BR_SSL_CLOSED); + if(result == CURLE_OK) { + *done = TRUE; + } + else if(result == CURLE_AGAIN) { + CURL_TRC_CF(data, cf, "shutdown EAGAIN, io_need=%x", connssl->io_need); + result = CURLE_OK; } + else + CURL_TRC_CF(data, cf, "shutdown error: %d", result); + + cf->shutdown = (result || *done); + return result; +} + +static void bearssl_close(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct bearssl_ssl_backend_data *backend = + (struct bearssl_ssl_backend_data *)connssl->backend; + size_t i; + + (void)data; + DEBUGASSERT(backend); + + backend->active = FALSE; if(backend->anchors) { for(i = 0; i < backend->anchors_len; ++i) free(backend->anchors[i].dn.data); @@ -1106,20 +1139,25 @@ static CURLcode bearssl_sha256sum(const unsigned char *input, const struct Curl_ssl Curl_ssl_bearssl = { { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */ - SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX | SSLSUPP_HTTPS_PROXY, + + SSLSUPP_CAINFO_BLOB | + SSLSUPP_SSL_CTX | + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, + sizeof(struct bearssl_ssl_backend_data), Curl_none_init, /* init */ Curl_none_cleanup, /* cleanup */ bearssl_version, /* version */ Curl_none_check_cxn, /* check_cxn */ - Curl_none_shutdown, /* shutdown */ + bearssl_shutdown, /* shutdown */ bearssl_data_pending, /* data_pending */ bearssl_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ bearssl_connect, /* connect */ bearssl_connect_nonblocking, /* connect_nonblocking */ - bearssl_adjust_pollset, /* adjust_pollset */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ bearssl_get_internals, /* get_internals */ bearssl_close, /* close_one */ Curl_none_close_all, /* close_all */ @@ -1130,9 +1168,9 @@ const struct Curl_ssl Curl_ssl_bearssl = { bearssl_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ bearssl_recv, /* recv decrypted data */ bearssl_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_BEARSSL */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.c b/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.c index a78838d1..c025b53e 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.c +++ b/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.c @@ -23,7 +23,8 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(USE_MBEDTLS) || defined(USE_BEARSSL) +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) #include "cipher_suite.h" #include "curl_printf.h" #include "strcase.h" @@ -33,7 +34,7 @@ * To support the CURLOPT_SSL_CIPHER_LIST option on SSL backends * that do not support it natively, but do support setting a list of * IANA ids, we need a list of all supported cipher suite names - * (openssl and IANA) to be able to look up the IANA ids. + * (OpenSSL and IANA) to be able to look up the IANA ids. * * To keep the binary size of this list down we compress each entry * down to 2 + 6 bytes using the C preprocessor. @@ -42,7 +43,7 @@ /* * mbedTLS NOTE: mbedTLS has mbedtls_ssl_get_ciphersuite_id() to * convert a string representation to an IANA id, we do not use that - * because it does not support "standard" openssl cipher suite + * because it does not support "standard" OpenSSL cipher suite * names, nor IANA names. */ @@ -89,6 +90,21 @@ static const char *cs_txt = "CAMELLIA128" "\0" "CAMELLIA256" "\0" #endif +#if defined(USE_SECTRANSP) + "40" "\0" + "ADH" "\0" + "AECDH" "\0" + "anon" "\0" + "DES40" "\0" + "DH" "\0" + "DSS" "\0" + "EDH" "\0" + "EXP" "\0" + "EXPORT" "\0" + "IDEA" "\0" + "RC2" "\0" + "RC4" "\0" +#endif ; /* Indexes of above cs_txt */ enum { @@ -129,28 +145,43 @@ enum { CS_TXT_IDX_CAMELLIA, CS_TXT_IDX_CAMELLIA128, CS_TXT_IDX_CAMELLIA256, +#endif +#if defined(USE_SECTRANSP) + CS_TXT_IDX_40, + CS_TXT_IDX_ADH, + CS_TXT_IDX_AECDH, + CS_TXT_IDX_anon, + CS_TXT_IDX_DES40, + CS_TXT_IDX_DH, + CS_TXT_IDX_DSS, + CS_TXT_IDX_EDH, + CS_TXT_IDX_EXP, + CS_TXT_IDX_EXPORT, + CS_TXT_IDX_IDEA, + CS_TXT_IDX_RC2, + CS_TXT_IDX_RC4, #endif CS_TXT_LEN, }; -#define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \ -{ \ - (uint8_t) ((a) << 2 | ((b) & 0x3F) >> 4), \ - (uint8_t) ((b) << 4 | ((c) & 0x3F) >> 2), \ - (uint8_t) ((c) << 6 | ((d) & 0x3F)), \ - (uint8_t) ((e) << 2 | ((f) & 0x3F) >> 4), \ - (uint8_t) ((f) << 4 | ((g) & 0x3F) >> 2), \ - (uint8_t) ((g) << 6 | ((h) & 0x3F)) \ +#define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \ +{ \ + (uint8_t) ((((a) << 2) & 0xFF) | ((b) & 0x3F) >> 4), \ + (uint8_t) ((((b) << 4) & 0xFF) | ((c) & 0x3F) >> 2), \ + (uint8_t) ((((c) << 6) & 0xFF) | ((d) & 0x3F)), \ + (uint8_t) ((((e) << 2) & 0xFF) | ((f) & 0x3F) >> 4), \ + (uint8_t) ((((f) << 4) & 0xFF) | ((g) & 0x3F) >> 2), \ + (uint8_t) ((((g) << 6) & 0xFF) | ((h) & 0x3F)) \ } -#define CS_ENTRY(id, a, b, c, d, e, f, g, h) \ -{ \ - id, \ - CS_ZIP_IDX( \ - CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \ - CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \ - CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \ - CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \ - ) \ +#define CS_ENTRY(id, a, b, c, d, e, f, g, h) \ +{ \ + id, \ + CS_ZIP_IDX( \ + CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \ + CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \ + CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \ + CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \ + ) \ } struct cs_entry { @@ -160,6 +191,28 @@ struct cs_entry { /* !checksrc! disable COMMANOSPACE all */ static const struct cs_entry cs_list [] = { + /* TLS 1.3 ciphers */ +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_RUSTLS) + CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,), + CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,), + CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,), + CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,), + CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,), +#endif + /* TLS 1.2 ciphers */ + CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,), + CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,), + CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,), + CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,), + CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), + CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,), + CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,), + CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,), +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_BEARSSL) CS_ENTRY(0x002F, TLS,RSA,WITH,AES,128,CBC,SHA,), CS_ENTRY(0x002F, AES128,SHA,,,,,,), CS_ENTRY(0x0035, TLS,RSA,WITH,AES,256,CBC,SHA,), @@ -204,27 +257,16 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0xC029, ECDH,RSA,AES128,SHA256,,,,), CS_ENTRY(0xC02A, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA384), CS_ENTRY(0xC02A, ECDH,RSA,AES256,SHA384,,,,), - CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256), - CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,), - CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384), - CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,), CS_ENTRY(0xC02D, TLS,ECDH,ECDSA,WITH,AES,128,GCM,SHA256), CS_ENTRY(0xC02D, ECDH,ECDSA,AES128,GCM,SHA256,,,), CS_ENTRY(0xC02E, TLS,ECDH,ECDSA,WITH,AES,256,GCM,SHA384), CS_ENTRY(0xC02E, ECDH,ECDSA,AES256,GCM,SHA384,,,), - CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256), - CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,), - CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384), - CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,), CS_ENTRY(0xC031, TLS,ECDH,RSA,WITH,AES,128,GCM,SHA256), CS_ENTRY(0xC031, ECDH,RSA,AES128,GCM,SHA256,,,), CS_ENTRY(0xC032, TLS,ECDH,RSA,WITH,AES,256,GCM,SHA384), CS_ENTRY(0xC032, ECDH,RSA,AES256,GCM,SHA384,,,), - CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), - CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,), - CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,), - CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,), -#if defined(USE_MBEDTLS) +#endif +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) CS_ENTRY(0x0001, TLS,RSA,WITH,NULL,MD5,,,), CS_ENTRY(0x0001, NULL,MD5,,,,,,), CS_ENTRY(0x0002, TLS,RSA,WITH,NULL,SHA,,,), @@ -297,11 +339,6 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0x00B8, RSA,PSK,NULL,SHA256,,,,), CS_ENTRY(0x00B9, TLS,RSA,PSK,WITH,NULL,SHA384,,), CS_ENTRY(0x00B9, RSA,PSK,NULL,SHA384,,,,), - CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,), - CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,), - CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,), - CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,), - CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,), CS_ENTRY(0xC001, TLS,ECDH,ECDSA,WITH,NULL,SHA,,), CS_ENTRY(0xC001, ECDH,ECDSA,NULL,SHA,,,,), CS_ENTRY(0xC006, TLS,ECDHE,ECDSA,WITH,NULL,SHA,,), @@ -317,7 +354,7 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0xCCAB, TLS,PSK,WITH,CHACHA20,POLY1305,SHA256,,), CS_ENTRY(0xCCAB, PSK,CHACHA20,POLY1305,,,,,), #endif -#if defined(USE_BEARSSL) +#if defined(USE_SECTRANSP) || defined(USE_BEARSSL) CS_ENTRY(0x000A, TLS,RSA,WITH,3DES,EDE,CBC,SHA,), CS_ENTRY(0x000A, DES,CBC3,SHA,,,,,), CS_ENTRY(0xC003, TLS,ECDH,ECDSA,WITH,3DES,EDE,CBC,SHA), @@ -329,6 +366,7 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0xC012, TLS,ECDHE,RSA,WITH,3DES,EDE,CBC,SHA), CS_ENTRY(0xC012, ECDHE,RSA,DES,CBC3,SHA,,,), #endif +#if defined(USE_MBEDTLS) || defined(USE_BEARSSL) CS_ENTRY(0xC09C, TLS,RSA,WITH,AES,128,CCM,,), CS_ENTRY(0xC09C, AES128,CCM,,,,,,), CS_ENTRY(0xC09D, TLS,RSA,WITH,AES,256,CCM,,), @@ -345,8 +383,144 @@ static const struct cs_entry cs_list [] = { CS_ENTRY(0xC0AE, ECDHE,ECDSA,AES128,CCM8,,,,), CS_ENTRY(0xC0AF, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,8), CS_ENTRY(0xC0AF, ECDHE,ECDSA,AES256,CCM8,,,,), +#endif +#if defined(USE_SECTRANSP) + /* entries marked bc are backward compatible aliases for old OpenSSL names */ + CS_ENTRY(0x0003, TLS,RSA,EXPORT,WITH,RC4,40,MD5,), + CS_ENTRY(0x0003, EXP,RC4,MD5,,,,,), + CS_ENTRY(0x0004, TLS,RSA,WITH,RC4,128,MD5,,), + CS_ENTRY(0x0004, RC4,MD5,,,,,,), + CS_ENTRY(0x0005, TLS,RSA,WITH,RC4,128,SHA,,), + CS_ENTRY(0x0005, RC4,SHA,,,,,,), + CS_ENTRY(0x0006, TLS,RSA,EXPORT,WITH,RC2,CBC,40,MD5), + CS_ENTRY(0x0006, EXP,RC2,CBC,MD5,,,,), + CS_ENTRY(0x0007, TLS,RSA,WITH,IDEA,CBC,SHA,,), + CS_ENTRY(0x0007, IDEA,CBC,SHA,,,,,), + CS_ENTRY(0x0008, TLS,RSA,EXPORT,WITH,DES40,CBC,SHA,), + CS_ENTRY(0x0008, EXP,DES,CBC,SHA,,,,), + CS_ENTRY(0x0009, TLS,RSA,WITH,DES,CBC,SHA,,), + CS_ENTRY(0x0009, DES,CBC,SHA,,,,,), + CS_ENTRY(0x000B, TLS,DH,DSS,EXPORT,WITH,DES40,CBC,SHA), + CS_ENTRY(0x000B, EXP,DH,DSS,DES,CBC,SHA,,), + CS_ENTRY(0x000C, TLS,DH,DSS,WITH,DES,CBC,SHA,), + CS_ENTRY(0x000C, DH,DSS,DES,CBC,SHA,,,), + CS_ENTRY(0x000D, TLS,DH,DSS,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x000D, DH,DSS,DES,CBC3,SHA,,,), + CS_ENTRY(0x000E, TLS,DH,RSA,EXPORT,WITH,DES40,CBC,SHA), + CS_ENTRY(0x000E, EXP,DH,RSA,DES,CBC,SHA,,), + CS_ENTRY(0x000F, TLS,DH,RSA,WITH,DES,CBC,SHA,), + CS_ENTRY(0x000F, DH,RSA,DES,CBC,SHA,,,), + CS_ENTRY(0x0010, TLS,DH,RSA,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x0010, DH,RSA,DES,CBC3,SHA,,,), + CS_ENTRY(0x0011, TLS,DHE,DSS,EXPORT,WITH,DES40,CBC,SHA), + CS_ENTRY(0x0011, EXP,DHE,DSS,DES,CBC,SHA,,), + CS_ENTRY(0x0011, EXP,EDH,DSS,DES,CBC,SHA,,), /* bc */ + CS_ENTRY(0x0012, TLS,DHE,DSS,WITH,DES,CBC,SHA,), + CS_ENTRY(0x0012, DHE,DSS,DES,CBC,SHA,,,), + CS_ENTRY(0x0012, EDH,DSS,DES,CBC,SHA,,,), /* bc */ + CS_ENTRY(0x0013, TLS,DHE,DSS,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x0013, DHE,DSS,DES,CBC3,SHA,,,), + CS_ENTRY(0x0013, EDH,DSS,DES,CBC3,SHA,,,), /* bc */ + CS_ENTRY(0x0014, TLS,DHE,RSA,EXPORT,WITH,DES40,CBC,SHA), + CS_ENTRY(0x0014, EXP,DHE,RSA,DES,CBC,SHA,,), + CS_ENTRY(0x0014, EXP,EDH,RSA,DES,CBC,SHA,,), /* bc */ + CS_ENTRY(0x0015, TLS,DHE,RSA,WITH,DES,CBC,SHA,), + CS_ENTRY(0x0015, DHE,RSA,DES,CBC,SHA,,,), + CS_ENTRY(0x0015, EDH,RSA,DES,CBC,SHA,,,), /* bc */ + CS_ENTRY(0x0016, TLS,DHE,RSA,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x0016, DHE,RSA,DES,CBC3,SHA,,,), + CS_ENTRY(0x0016, EDH,RSA,DES,CBC3,SHA,,,), /* bc */ + CS_ENTRY(0x0017, TLS,DH,anon,EXPORT,WITH,RC4,40,MD5), + CS_ENTRY(0x0017, EXP,ADH,RC4,MD5,,,,), + CS_ENTRY(0x0018, TLS,DH,anon,WITH,RC4,128,MD5,), + CS_ENTRY(0x0018, ADH,RC4,MD5,,,,,), + CS_ENTRY(0x0019, TLS,DH,anon,EXPORT,WITH,DES40,CBC,SHA), + CS_ENTRY(0x0019, EXP,ADH,DES,CBC,SHA,,,), + CS_ENTRY(0x001A, TLS,DH,anon,WITH,DES,CBC,SHA,), + CS_ENTRY(0x001A, ADH,DES,CBC,SHA,,,,), + CS_ENTRY(0x001B, TLS,DH,anon,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x001B, ADH,DES,CBC3,SHA,,,,), + CS_ENTRY(0x0030, TLS,DH,DSS,WITH,AES,128,CBC,SHA), + CS_ENTRY(0x0030, DH,DSS,AES128,SHA,,,,), + CS_ENTRY(0x0031, TLS,DH,RSA,WITH,AES,128,CBC,SHA), + CS_ENTRY(0x0031, DH,RSA,AES128,SHA,,,,), + CS_ENTRY(0x0032, TLS,DHE,DSS,WITH,AES,128,CBC,SHA), + CS_ENTRY(0x0032, DHE,DSS,AES128,SHA,,,,), + CS_ENTRY(0x0034, TLS,DH,anon,WITH,AES,128,CBC,SHA), + CS_ENTRY(0x0034, ADH,AES128,SHA,,,,,), + CS_ENTRY(0x0036, TLS,DH,DSS,WITH,AES,256,CBC,SHA), + CS_ENTRY(0x0036, DH,DSS,AES256,SHA,,,,), + CS_ENTRY(0x0037, TLS,DH,RSA,WITH,AES,256,CBC,SHA), + CS_ENTRY(0x0037, DH,RSA,AES256,SHA,,,,), + CS_ENTRY(0x0038, TLS,DHE,DSS,WITH,AES,256,CBC,SHA), + CS_ENTRY(0x0038, DHE,DSS,AES256,SHA,,,,), + CS_ENTRY(0x003A, TLS,DH,anon,WITH,AES,256,CBC,SHA), + CS_ENTRY(0x003A, ADH,AES256,SHA,,,,,), + CS_ENTRY(0x003E, TLS,DH,DSS,WITH,AES,128,CBC,SHA256), + CS_ENTRY(0x003E, DH,DSS,AES128,SHA256,,,,), + CS_ENTRY(0x003F, TLS,DH,RSA,WITH,AES,128,CBC,SHA256), + CS_ENTRY(0x003F, DH,RSA,AES128,SHA256,,,,), + CS_ENTRY(0x0040, TLS,DHE,DSS,WITH,AES,128,CBC,SHA256), + CS_ENTRY(0x0040, DHE,DSS,AES128,SHA256,,,,), + CS_ENTRY(0x0068, TLS,DH,DSS,WITH,AES,256,CBC,SHA256), + CS_ENTRY(0x0068, DH,DSS,AES256,SHA256,,,,), + CS_ENTRY(0x0069, TLS,DH,RSA,WITH,AES,256,CBC,SHA256), + CS_ENTRY(0x0069, DH,RSA,AES256,SHA256,,,,), + CS_ENTRY(0x006A, TLS,DHE,DSS,WITH,AES,256,CBC,SHA256), + CS_ENTRY(0x006A, DHE,DSS,AES256,SHA256,,,,), + CS_ENTRY(0x006C, TLS,DH,anon,WITH,AES,128,CBC,SHA256), + CS_ENTRY(0x006C, ADH,AES128,SHA256,,,,,), + CS_ENTRY(0x006D, TLS,DH,anon,WITH,AES,256,CBC,SHA256), + CS_ENTRY(0x006D, ADH,AES256,SHA256,,,,,), + CS_ENTRY(0x008A, TLS,PSK,WITH,RC4,128,SHA,,), + CS_ENTRY(0x008A, PSK,RC4,SHA,,,,,), + CS_ENTRY(0x008B, TLS,PSK,WITH,3DES,EDE,CBC,SHA,), + CS_ENTRY(0x008B, PSK,3DES,EDE,CBC,SHA,,,), + CS_ENTRY(0x008E, TLS,DHE,PSK,WITH,RC4,128,SHA,), + CS_ENTRY(0x008E, DHE,PSK,RC4,SHA,,,,), + CS_ENTRY(0x008F, TLS,DHE,PSK,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x008F, DHE,PSK,3DES,EDE,CBC,SHA,,), + CS_ENTRY(0x0092, TLS,RSA,PSK,WITH,RC4,128,SHA,), + CS_ENTRY(0x0092, RSA,PSK,RC4,SHA,,,,), + CS_ENTRY(0x0093, TLS,RSA,PSK,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0x0093, RSA,PSK,3DES,EDE,CBC,SHA,,), + CS_ENTRY(0x00A0, TLS,DH,RSA,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0x00A0, DH,RSA,AES128,GCM,SHA256,,,), + CS_ENTRY(0x00A1, TLS,DH,RSA,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0x00A1, DH,RSA,AES256,GCM,SHA384,,,), + CS_ENTRY(0x00A2, TLS,DHE,DSS,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0x00A2, DHE,DSS,AES128,GCM,SHA256,,,), + CS_ENTRY(0x00A3, TLS,DHE,DSS,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0x00A3, DHE,DSS,AES256,GCM,SHA384,,,), + CS_ENTRY(0x00A4, TLS,DH,DSS,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0x00A4, DH,DSS,AES128,GCM,SHA256,,,), + CS_ENTRY(0x00A5, TLS,DH,DSS,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0x00A5, DH,DSS,AES256,GCM,SHA384,,,), + CS_ENTRY(0x00A6, TLS,DH,anon,WITH,AES,128,GCM,SHA256), + CS_ENTRY(0x00A6, ADH,AES128,GCM,SHA256,,,,), + CS_ENTRY(0x00A7, TLS,DH,anon,WITH,AES,256,GCM,SHA384), + CS_ENTRY(0x00A7, ADH,AES256,GCM,SHA384,,,,), + CS_ENTRY(0xC002, TLS,ECDH,ECDSA,WITH,RC4,128,SHA,), + CS_ENTRY(0xC002, ECDH,ECDSA,RC4,SHA,,,,), + CS_ENTRY(0xC007, TLS,ECDHE,ECDSA,WITH,RC4,128,SHA,), + CS_ENTRY(0xC007, ECDHE,ECDSA,RC4,SHA,,,,), + CS_ENTRY(0xC00C, TLS,ECDH,RSA,WITH,RC4,128,SHA,), + CS_ENTRY(0xC00C, ECDH,RSA,RC4,SHA,,,,), + CS_ENTRY(0xC011, TLS,ECDHE,RSA,WITH,RC4,128,SHA,), + CS_ENTRY(0xC011, ECDHE,RSA,RC4,SHA,,,,), + CS_ENTRY(0xC015, TLS,ECDH,anon,WITH,NULL,SHA,,), + CS_ENTRY(0xC015, AECDH,NULL,SHA,,,,,), + CS_ENTRY(0xC016, TLS,ECDH,anon,WITH,RC4,128,SHA,), + CS_ENTRY(0xC016, AECDH,RC4,SHA,,,,,), + CS_ENTRY(0xC017, TLS,ECDH,anon,WITH,3DES,EDE,CBC,SHA), + CS_ENTRY(0xC017, AECDH,DES,CBC3,SHA,,,,), + CS_ENTRY(0xC018, TLS,ECDH,anon,WITH,AES,128,CBC,SHA), + CS_ENTRY(0xC018, AECDH,AES128,SHA,,,,,), + CS_ENTRY(0xC019, TLS,ECDH,anon,WITH,AES,256,CBC,SHA), + CS_ENTRY(0xC019, AECDH,AES256,SHA,,,,,), +#endif #if defined(USE_MBEDTLS) - /* entries marked ns are "non-standard", they are not in openssl */ + /* entries marked ns are "non-standard", they are not in OpenSSL */ CS_ENTRY(0x0041, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA,), CS_ENTRY(0x0041, CAMELLIA128,SHA,,,,,,), CS_ENTRY(0x0045, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA), @@ -713,4 +887,5 @@ int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, return r; } -#endif /* defined(USE_MBEDTLS) || defined(USE_BEARSSL) */ +#endif /* defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.h b/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.h index c1399794..6d980103 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.h +++ b/vendor/hydra/vendor/curl/lib/vtls/cipher_suite.h @@ -26,7 +26,8 @@ #include "curl_setup.h" -#if defined(USE_MBEDTLS) || defined(USE_BEARSSL) +#if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) #include /* Lookup IANA id for cipher suite string, returns 0 if not recognized */ @@ -42,5 +43,6 @@ uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end); int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, bool prefer_rfc); -#endif /* defined(USE_MBEDTLS) || defined(USE_BEARSSL) */ +#endif /* defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \ + defined(USE_BEARSSL) || defined(USE_RUSTLS) */ #endif /* HEADER_CURL_CIPHER_SUITE_H */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/gtls.c b/vendor/hydra/vendor/curl/lib/vtls/gtls.c index 5cf3bf95..ad9a6b92 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/gtls.c +++ b/vendor/hydra/vendor/curl/lib/vtls/gtls.c @@ -26,7 +26,7 @@ * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code * but vtls.c should ever call or use these functions. * - * Note: don't use the GnuTLS' *_t variable type names in this source code, + * Note: do not use the GnuTLS' *_t variable type names in this source code, * since they were not present in 1.0.X. */ @@ -102,7 +102,7 @@ static ssize_t gtls_push(void *s, const void *buf, size_t blen) CURLcode result; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); + nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, FALSE, &result); CURL_TRC_CF(data, cf, "gtls_push(len=%zu) -> %zd, err=%d", blen, nwritten, result); backend->gtls.io_result = result; @@ -125,7 +125,7 @@ static ssize_t gtls_pull(void *s, void *buf, size_t blen) CURLcode result; DEBUGASSERT(data); - if(!backend->gtls.trust_setup) { + if(!backend->gtls.shared_creds->trust_setup) { result = Curl_gtls_client_trust_setup(cf, data, &backend->gtls); if(result) { gnutls_transport_set_errno(backend->gtls.session, EINVAL); @@ -251,6 +251,7 @@ static CURLcode handshake(struct Curl_cfilter *cf, DEBUGASSERT(backend); session = backend->gtls.session; + connssl->connecting_state = ssl_connect_2; for(;;) { timediff_t timeout_ms; @@ -265,14 +266,13 @@ static CURLcode handshake(struct Curl_cfilter *cf, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading - || connssl->connecting_state == ssl_connect_2_writing) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { int what; - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking?0: @@ -294,10 +294,11 @@ static CURLcode handshake(struct Curl_cfilter *cf, /* socket is readable or writable */ } + connssl->io_need = CURL_SSL_IO_NEED_NONE; backend->gtls.io_result = CURLE_OK; rc = gnutls_handshake(session); - if(!backend->gtls.trust_setup) { + if(!backend->gtls.shared_creds->trust_setup) { /* After having send off the ClientHello, we prepare the trust * store to verify the coming certificate from the server */ CURLcode result = Curl_gtls_client_trust_setup(cf, data, &backend->gtls); @@ -306,16 +307,16 @@ static CURLcode handshake(struct Curl_cfilter *cf, } if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) { - connssl->connecting_state = + connssl->io_need = gnutls_record_get_direction(session)? - ssl_connect_2_writing:ssl_connect_2_reading; + CURL_SSL_IO_NEED_SEND:CURL_SSL_IO_NEED_RECV; continue; } else if((rc < 0) && !gnutls_error_is_fatal(rc)) { const char *strerr = NULL; if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) { - int alert = gnutls_alert_get(session); + gnutls_alert_description_t alert = gnutls_alert_get(session); strerr = gnutls_alert_get_name(alert); } @@ -332,14 +333,14 @@ static CURLcode handshake(struct Curl_cfilter *cf, const char *strerr = NULL; if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) { - int alert = gnutls_alert_get(session); + gnutls_alert_description_t alert = gnutls_alert_get(session); strerr = gnutls_alert_get_name(alert); } if(!strerr) strerr = gnutls_strerror(rc); - failf(data, "gnutls_handshake() failed: %s", strerr); + failf(data, "GnuTLS, handshake failed: %s", strerr); return CURLE_SSL_CONNECT_ERROR; } @@ -349,7 +350,7 @@ static CURLcode handshake(struct Curl_cfilter *cf, } } -static gnutls_x509_crt_fmt_t do_file_type(const char *type) +static gnutls_x509_crt_fmt_t gnutls_do_file_type(const char *type) { if(!type || !type[0]) return GNUTLS_X509_FMT_PEM; @@ -367,18 +368,24 @@ static gnutls_x509_crt_fmt_t do_file_type(const char *type) #define GNUTLS_SRP "+SRP" static CURLcode -set_ssl_version_min_max(struct Curl_easy *data, - struct ssl_peer *peer, - struct ssl_primary_config *conn_config, - const char **prioritylist, - const char *tls13support) +gnutls_set_ssl_version_min_max(struct Curl_easy *data, + struct ssl_peer *peer, + struct ssl_primary_config *conn_config, + const char **prioritylist, + const char *tls13support) { long ssl_version = conn_config->version; long ssl_version_max = conn_config->version_max; + if((ssl_version == CURL_SSLVERSION_DEFAULT) || + (ssl_version == CURL_SSLVERSION_TLSv1)) + ssl_version = CURL_SSLVERSION_TLSv1_0; + if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) + ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT; + if(peer->transport == TRNSPRT_QUIC) { - if((ssl_version != CURL_SSLVERSION_DEFAULT) && - (ssl_version < CURL_SSLVERSION_TLSv1_3)) { + if((ssl_version_max != CURL_SSLVERSION_MAX_DEFAULT) && + (ssl_version_max < CURL_SSLVERSION_MAX_TLSv1_3)) { failf(data, "QUIC needs at least TLS version 1.3"); return CURLE_SSL_CONNECT_ERROR; } @@ -386,13 +393,8 @@ set_ssl_version_min_max(struct Curl_easy *data, return CURLE_OK; } - if((ssl_version == CURL_SSLVERSION_DEFAULT) || - (ssl_version == CURL_SSLVERSION_TLSv1)) - ssl_version = CURL_SSLVERSION_TLSv1_0; - if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) - ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT; if(!tls13support) { - /* If the running GnuTLS doesn't support TLS 1.3, we must not specify a + /* If the running GnuTLS does not support TLS 1.3, we must not specify a prioritylist involving that since it will make GnuTLS return an en error back at us */ if((ssl_version_max == CURL_SSLVERSION_MAX_TLSv1_3) || @@ -450,20 +452,67 @@ set_ssl_version_min_max(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } -CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct gtls_ctx *gtls) +CURLcode Curl_gtls_shared_creds_create(struct Curl_easy *data, + struct gtls_shared_creds **pcreds) +{ + struct gtls_shared_creds *shared; + int rc; + + *pcreds = NULL; + shared = calloc(1, sizeof(*shared)); + if(!shared) + return CURLE_OUT_OF_MEMORY; + + rc = gnutls_certificate_allocate_credentials(&shared->creds); + if(rc != GNUTLS_E_SUCCESS) { + failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); + free(shared); + return CURLE_SSL_CONNECT_ERROR; + } + + shared->refcount = 1; + shared->time = Curl_now(); + *pcreds = shared; + return CURLE_OK; +} + +CURLcode Curl_gtls_shared_creds_up_ref(struct gtls_shared_creds *creds) +{ + DEBUGASSERT(creds); + if(creds->refcount < SIZE_T_MAX) { + ++creds->refcount; + return CURLE_OK; + } + return CURLE_BAD_FUNCTION_ARGUMENT; +} + +void Curl_gtls_shared_creds_free(struct gtls_shared_creds **pcreds) +{ + struct gtls_shared_creds *shared = *pcreds; + *pcreds = NULL; + if(shared) { + --shared->refcount; + if(!shared->refcount) { + gnutls_certificate_free_credentials(shared->creds); + free(shared->CAfile); + free(shared); + } + } +} + +static CURLcode gtls_populate_creds(struct Curl_cfilter *cf, + struct Curl_easy *data, + gnutls_certificate_credentials_t creds) { struct ssl_primary_config *config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); int rc; - CURL_TRC_CF(data, cf, "setup trust anchors and CRLs"); if(config->verifypeer) { bool imported_native_ca = false; if(ssl_config->native_ca_store) { - rc = gnutls_certificate_set_x509_system_trust(gtls->cred); + rc = gnutls_certificate_set_x509_system_trust(creds); if(rc < 0) infof(data, "error reading native ca store (%s), continuing anyway", gnutls_strerror(rc)); @@ -476,10 +525,10 @@ CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, if(config->CAfile) { /* set the trusted CA cert bundle file */ - gnutls_certificate_set_verify_flags(gtls->cred, + gnutls_certificate_set_verify_flags(creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); - rc = gnutls_certificate_set_x509_trust_file(gtls->cred, + rc = gnutls_certificate_set_x509_trust_file(creds, config->CAfile, GNUTLS_X509_FMT_PEM); if(rc < 0) { @@ -497,8 +546,7 @@ CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, if(config->CApath) { /* set the trusted CA cert directory */ - rc = gnutls_certificate_set_x509_trust_dir(gtls->cred, - config->CApath, + rc = gnutls_certificate_set_x509_trust_dir(creds, config->CApath, GNUTLS_X509_FMT_PEM); if(rc < 0) { infof(data, "error reading ca cert file %s (%s)%s", @@ -516,8 +564,7 @@ CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, if(config->CRLfile) { /* set the CRL list file */ - rc = gnutls_certificate_set_x509_crl_file(gtls->cred, - config->CRLfile, + rc = gnutls_certificate_set_x509_crl_file(creds, config->CRLfile, GNUTLS_X509_FMT_PEM); if(rc < 0) { failf(data, "error reading crl file %s (%s)", @@ -528,7 +575,141 @@ CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, infof(data, "found %d CRL in %s", rc, config->CRLfile); } - gtls->trust_setup = TRUE; + return CURLE_OK; +} + +/* key to use at `multi->proto_hash` */ +#define MPROTO_GTLS_X509_KEY "tls:gtls:x509:share" + +static bool gtls_shared_creds_expired(const struct Curl_easy *data, + const struct gtls_shared_creds *sc) +{ + const struct ssl_general_config *cfg = &data->set.general_ssl; + struct curltime now = Curl_now(); + timediff_t elapsed_ms = Curl_timediff(now, sc->time); + timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; + + if(timeout_ms < 0) + return false; + + return elapsed_ms >= timeout_ms; +} + +static bool gtls_shared_creds_different(struct Curl_cfilter *cf, + const struct gtls_shared_creds *sc) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!sc->CAfile || !conn_config->CAfile) + return sc->CAfile != conn_config->CAfile; + + return strcmp(sc->CAfile, conn_config->CAfile); +} + +static struct gtls_shared_creds* +gtls_get_cached_creds(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct gtls_shared_creds *shared_creds; + + if(data->multi) { + shared_creds = Curl_hash_pick(&data->multi->proto_hash, + (void *)MPROTO_GTLS_X509_KEY, + sizeof(MPROTO_GTLS_X509_KEY)-1); + if(shared_creds && shared_creds->creds && + !gtls_shared_creds_expired(data, shared_creds) && + !gtls_shared_creds_different(cf, shared_creds)) { + return shared_creds; + } + } + return NULL; +} + +static void gtls_shared_creds_hash_free(void *key, size_t key_len, void *p) +{ + struct gtls_shared_creds *sc = p; + DEBUGASSERT(key_len == (sizeof(MPROTO_GTLS_X509_KEY)-1)); + DEBUGASSERT(!memcmp(MPROTO_GTLS_X509_KEY, key, key_len)); + (void)key; + (void)key_len; + Curl_gtls_shared_creds_free(&sc); /* down reference */ +} + +static void gtls_set_cached_creds(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct gtls_shared_creds *sc) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + + DEBUGASSERT(sc); + DEBUGASSERT(sc->creds); + DEBUGASSERT(!sc->CAfile); + DEBUGASSERT(sc->refcount == 1); + if(!data->multi) + return; + + if(conn_config->CAfile) { + sc->CAfile = strdup(conn_config->CAfile); + if(!sc->CAfile) + return; + } + + if(Curl_gtls_shared_creds_up_ref(sc)) + return; + + if(!Curl_hash_add2(&data->multi->proto_hash, + (void *)MPROTO_GTLS_X509_KEY, + sizeof(MPROTO_GTLS_X509_KEY)-1, + sc, gtls_shared_creds_hash_free)) { + Curl_gtls_shared_creds_free(&sc); /* down reference again */ + return; + } +} + +CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct gtls_ctx *gtls) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + struct gtls_shared_creds *cached_creds = NULL; + bool cache_criteria_met; + CURLcode result; + int rc; + + + /* Consider the X509 store cacheable if it comes exclusively from a CAfile, + or no source is provided and we are falling back to OpenSSL's built-in + default. */ + cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) && + conn_config->verifypeer && + !conn_config->CApath && + !conn_config->ca_info_blob && + !ssl_config->primary.CRLfile && + !ssl_config->native_ca_store && + !conn_config->clientcert; /* GnuTLS adds client cert to its credentials! */ + + if(cache_criteria_met) + cached_creds = gtls_get_cached_creds(cf, data); + + if(cached_creds && !Curl_gtls_shared_creds_up_ref(cached_creds)) { + CURL_TRC_CF(data, cf, "using shared trust anchors and CRLs"); + Curl_gtls_shared_creds_free(>ls->shared_creds); + gtls->shared_creds = cached_creds; + rc = gnutls_credentials_set(gtls->session, GNUTLS_CRD_CERTIFICATE, + gtls->shared_creds->creds); + if(rc != GNUTLS_E_SUCCESS) { + failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); + return CURLE_SSL_CONNECT_ERROR; + } + } + else { + CURL_TRC_CF(data, cf, "loading trust anchors and CRLs"); + result = gtls_populate_creds(cf, data, gtls->shared_creds->creds); + if(result) + return result; + gtls->shared_creds->trust_setup = TRUE; + if(cache_criteria_met) + gtls_set_cached_creds(cf, data, gtls->shared_creds); + } return CURLE_OK; } @@ -546,7 +727,7 @@ static CURLcode gtls_update_session_id(struct Curl_cfilter *cf, struct ssl_connect_data *connssl = cf->ctx; CURLcode result = CURLE_OK; - if(ssl_config->primary.sessionid) { + if(ssl_config->primary.cache_session) { /* we always unconditionally get the session id here, as even if we already got it from the cache and asked to use it in the connection, it might've been rejected and then a new one is in use now and we need to @@ -561,27 +742,16 @@ static CURLcode gtls_update_session_id(struct Curl_cfilter *cf, return CURLE_OUT_OF_MEMORY; } else { - bool incache; - void *ssl_sessionid; - /* extract session ID to the allocated buffer */ gnutls_session_get_data(session, connect_sessionid, &connect_idsize); - DEBUGF(infof(data, "get session id (len=%zu) and store in cache", - connect_idsize)); + CURL_TRC_CF(data, cf, "get session id (len=%zu) and store in cache", + connect_idsize); Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(cf, data, &connssl->peer, - &ssl_sessionid, NULL)); - if(incache) { - /* there was one before in the cache, so instead of risking that the - previous one was rejected, we just kill that and store the new */ - Curl_ssl_delsessionid(data, ssl_sessionid); - } - /* store this session id, takes ownership */ - result = Curl_ssl_addsessionid(cf, data, &connssl->peer, - connect_sessionid, connect_idsize, - gtls_sessionid_free); + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, + connect_sessionid, connect_idsize, + gtls_sessionid_free); Curl_ssl_sessionid_unlock(data); } } @@ -599,8 +769,8 @@ static int gtls_handshake_cb(gnutls_session_t session, unsigned int htype, if(when) { /* after message has been processed */ struct Curl_easy *data = CF_DATA_CURRENT(cf); if(data) { - DEBUGF(infof(data, "handshake: %s message type %d", - incoming? "incoming" : "outgoing", htype)); + CURL_TRC_CF(data, cf, "handshake: %s message type %d", + incoming? "incoming" : "outgoing", htype); switch(htype) { case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: { gtls_update_session_id(cf, data, session); @@ -639,12 +809,10 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, else if(config->version == CURL_SSLVERSION_SSLv3) sni = FALSE; /* SSLv3 has no SNI */ - /* allocate a cred struct */ - rc = gnutls_certificate_allocate_credentials(>ls->cred); - if(rc != GNUTLS_E_SUCCESS) { - failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc)); - return CURLE_SSL_CONNECT_ERROR; - } + /* allocate a shared creds struct */ + result = Curl_gtls_shared_creds_create(data, >ls->shared_creds); + if(result) + return result; #ifdef USE_GNUTLS_SRP if(config->username && Curl_auth_allowed_to_host(data)) { @@ -682,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, init_flags |= GNUTLS_NO_TICKETS; #endif +#if defined(GNUTLS_NO_STATUS_REQUEST) + if(!config->verifystatus) + /* Disable the "status_request" TLS extension, enabled by default since + GnuTLS 3.8.0. */ + init_flags |= GNUTLS_NO_STATUS_REQUEST; +#endif + rc = gnutls_init(>ls->session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); @@ -705,7 +880,7 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, tls13support = gnutls_check_version("3.6.5"); /* Ensure +SRP comes at the *end* of all relevant strings so that it can be - * removed if a run-time error indicates that SRP is not supported by this + * removed if a runtime error indicates that SRP is not supported by this * GnuTLS version */ if(config->version == CURL_SSLVERSION_SSLv2 || @@ -722,8 +897,8 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, } /* At this point we know we have a supported TLS version, so set it */ - result = set_ssl_version_min_max(data, peer, - config, &prioritylist, tls13support); + result = gnutls_set_ssl_version_min_max(data, peer, + config, &prioritylist, tls13support); if(result) return result; @@ -756,7 +931,7 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, } if(config->clientcert) { - if(!gtls->trust_setup) { + if(!gtls->shared_creds->trust_setup) { result = Curl_gtls_client_trust_setup(cf, data, gtls); if(result) return result; @@ -768,10 +943,10 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 | GNUTLS_PKCS_USE_PBES2_AES_256; rc = gnutls_certificate_set_x509_key_file2( - gtls->cred, + gtls->shared_creds->creds, config->clientcert, ssl_config->key ? ssl_config->key : config->clientcert, - do_file_type(ssl_config->cert_type), + gnutls_do_file_type(ssl_config->cert_type), ssl_config->key_passwd, supported_key_encryption_algorithms); if(rc != GNUTLS_E_SUCCESS) { @@ -783,10 +958,10 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, } else { if(gnutls_certificate_set_x509_key_file( - gtls->cred, + gtls->shared_creds->creds, config->clientcert, ssl_config->key ? ssl_config->key : config->clientcert, - do_file_type(ssl_config->cert_type) ) != + gnutls_do_file_type(ssl_config->cert_type) ) != GNUTLS_E_SUCCESS) { failf(data, "error reading X.509 key or certificate file"); return CURLE_SSL_CONNECT_ERROR; @@ -808,7 +983,7 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, #endif { rc = gnutls_credentials_set(gtls->session, GNUTLS_CRD_CERTIFICATE, - gtls->cred); + gtls->shared_creds->creds); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; @@ -903,7 +1078,7 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx, /* This might be a reconnect, so we check for a session ID in the cache to speed up things */ - if(conn_config->sessionid) { + if(conn_config->cache_session) { void *ssl_sessionid; size_t ssl_idsize; @@ -979,7 +1154,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - /* if a path wasn't specified, don't pin */ + /* if a path was not specified, do not pin */ if(!pinnedpubkey) return CURLE_OK; @@ -1045,7 +1220,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, CURLcode result = CURLE_OK; #ifndef CURL_DISABLE_VERBOSE_STRINGS const char *ptr; - unsigned int algo; + int algo; unsigned int bits; gnutls_protocol_t version = gnutls_protocol_get_version(session); #endif @@ -1087,13 +1262,13 @@ Curl_gtls_verifyserver(struct Curl_easy *data, } #endif } - infof(data, " common name: WARNING couldn't obtain"); + infof(data, " common name: WARNING could not obtain"); } if(data->set.ssl.certinfo && chainp) { unsigned int i; - result = Curl_ssl_init_certinfo(data, cert_list_size); + result = Curl_ssl_init_certinfo(data, (int)cert_list_size); if(result) return result; @@ -1101,7 +1276,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, const char *beg = (const char *) chainp[i].data; const char *end = beg + chainp[i].size; - result = Curl_extract_certinfo(data, i, beg, end); + result = Curl_extract_certinfo(data, (int)i, beg, end); if(result) return result; } @@ -1127,9 +1302,18 @@ Curl_gtls_verifyserver(struct Curl_easy *data, /* verify_status is a bitmask of gnutls_certificate_status bits */ if(verify_status & GNUTLS_CERT_INVALID) { if(config->verifypeer) { - failf(data, "server certificate verification failed. CAfile: %s " - "CRLfile: %s", config->CAfile ? config->CAfile: - "none", + const char *cause = "certificate error, no details available"; + if(verify_status & GNUTLS_CERT_EXPIRED) + cause = "certificate has expired"; + else if(verify_status & GNUTLS_CERT_SIGNER_NOT_FOUND) + cause = "certificate signer not trusted"; + else if(verify_status & GNUTLS_CERT_INSECURE_ALGORITHM) + cause = "certificate uses insecure algorithm"; + else if(verify_status & GNUTLS_CERT_INVALID_OCSP_STATUS) + cause = "attached OCSP status response is invalid"; + failf(data, "server verification failed: %s. (CAfile: %s " + "CRLfile: %s)", cause, + config->CAfile ? config->CAfile: "none", ssl_config->primary.CRLfile ? ssl_config->primary.CRLfile : "none"); return CURLE_PEER_FAILED_VERIFICATION; @@ -1144,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, infof(data, " server certificate verification SKIPPED"); if(config->verifystatus) { - if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { - gnutls_datum_t status_request; - gnutls_ocsp_resp_t ocsp_resp; + gnutls_datum_t status_request; + gnutls_ocsp_resp_t ocsp_resp; + gnutls_ocsp_cert_status_t status; + gnutls_x509_crl_reason_t reason; - gnutls_ocsp_cert_status_t status; - gnutls_x509_crl_reason_t reason; + rc = gnutls_ocsp_status_request_get(session, &status_request); - rc = gnutls_ocsp_status_request_get(session, &status_request); + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + failf(data, "No OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - infof(data, " server certificate status verification FAILED"); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - failf(data, "No OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + gnutls_ocsp_resp_init(&ocsp_resp); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } - gnutls_ocsp_resp_init(&ocsp_resp); + (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, + &status, NULL, NULL, NULL, &reason); - rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); - if(rc < 0) { - failf(data, "Invalid OCSP response received"); - return CURLE_SSL_INVALIDCERTSTATUS; - } + switch(status) { + case GNUTLS_OCSP_CERT_GOOD: + break; - (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, - &status, NULL, NULL, NULL, &reason); + case GNUTLS_OCSP_CERT_REVOKED: { + const char *crl_reason; - switch(status) { - case GNUTLS_OCSP_CERT_GOOD: + switch(reason) { + default: + case GNUTLS_X509_CRLREASON_UNSPECIFIED: + crl_reason = "unspecified reason"; break; - case GNUTLS_OCSP_CERT_REVOKED: { - const char *crl_reason; - - switch(reason) { - default: - case GNUTLS_X509_CRLREASON_UNSPECIFIED: - crl_reason = "unspecified reason"; - break; - - case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: - crl_reason = "private key compromised"; - break; - - case GNUTLS_X509_CRLREASON_CACOMPROMISE: - crl_reason = "CA compromised"; - break; - - case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: - crl_reason = "affiliation has changed"; - break; + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: + crl_reason = "private key compromised"; + break; - case GNUTLS_X509_CRLREASON_SUPERSEDED: - crl_reason = "certificate superseded"; - break; + case GNUTLS_X509_CRLREASON_CACOMPROMISE: + crl_reason = "CA compromised"; + break; - case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: - crl_reason = "operation has ceased"; - break; + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: + crl_reason = "affiliation has changed"; + break; - case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: - crl_reason = "certificate is on hold"; - break; + case GNUTLS_X509_CRLREASON_SUPERSEDED: + crl_reason = "certificate superseded"; + break; - case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: - crl_reason = "will be removed from delta CRL"; - break; + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: + crl_reason = "operation has ceased"; + break; - case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: - crl_reason = "privilege withdrawn"; - break; + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: + crl_reason = "certificate is on hold"; + break; - case GNUTLS_X509_CRLREASON_AACOMPROMISE: - crl_reason = "AA compromised"; - break; - } + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: + crl_reason = "will be removed from delta CRL"; + break; - failf(data, "Server certificate was revoked: %s", crl_reason); + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: + crl_reason = "privilege withdrawn"; break; - } - default: - case GNUTLS_OCSP_CERT_UNKNOWN: - failf(data, "Server certificate status is unknown"); + case GNUTLS_X509_CRLREASON_AACOMPROMISE: + crl_reason = "AA compromised"; break; } - gnutls_ocsp_resp_deinit(ocsp_resp); + failf(data, "Server certificate was revoked: %s", crl_reason); + break; + } - return CURLE_SSL_INVALIDCERTSTATUS; + default: + case GNUTLS_OCSP_CERT_UNKNOWN: + failf(data, "Server certificate status is unknown"); + break; } - else - infof(data, " server certificate status verification OK"); + + gnutls_ocsp_resp_deinit(ocsp_resp); + if(status != GNUTLS_OCSP_CERT_GOOD) + return CURLE_SSL_INVALIDCERTSTATUS; } else infof(data, " server certificate status verification SKIPPED"); @@ -1258,7 +1435,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, gnutls_x509_crt_init(&x509_issuer); issuerp = load_file(config->issuercert); gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM); - rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer); + rc = (int)gnutls_x509_crt_check_issuer(x509_cert, x509_issuer); gnutls_x509_crt_deinit(x509_issuer); unload_file(issuerp); if(rc <= 0) { @@ -1287,9 +1464,15 @@ Curl_gtls_verifyserver(struct Curl_easy *data, in RFC2818 (HTTPS), which takes into account wildcards, and the subject alternative name PKIX extension. Returns non zero on success, and zero on failure. */ - rc = gnutls_x509_crt_check_hostname(x509_cert, peer->hostname); + + /* This function does not handle trailing dots, so if we have an SNI name + use that and fallback to the hostname only if there is no SNI (like for + IP addresses) */ + rc = (int)gnutls_x509_crt_check_hostname(x509_cert, + peer->sni ? peer->sni : + peer->hostname); #if GNUTLS_VERSION_NUMBER < 0x030306 - /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP + /* Before 3.3.6, gnutls_x509_crt_check_hostname() did not check IP addresses. */ if(!rc) { #ifdef USE_IPV6 @@ -1315,7 +1498,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, size_t certaddrlen = sizeof(certaddr); int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, &certaddrlen, NULL); - /* If this happens, it wasn't an IP address. */ + /* If this happens, it was not an IP address. */ if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER) continue; if(ret < 0) @@ -1333,7 +1516,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(!rc) { if(config->verifyhost) { failf(data, "SSL: certificate subject name (%s) does not match " - "target host name '%s'", certname, peer->dispname); + "target hostname '%s'", certname, peer->dispname); gnutls_x509_crt_deinit(x509_cert); return CURLE_PEER_FAILED_VERIFICATION; } @@ -1422,7 +1605,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, /* public key algorithm's parameters */ algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits); infof(data, " certificate public key: %s", - gnutls_pk_algorithm_get_name(algo)); + gnutls_pk_algorithm_get_name((gnutls_pk_algorithm_t)algo)); /* version of the X.509 certificate. */ infof(data, " certificate version: #%d", @@ -1506,8 +1689,8 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf, */ /* We use connssl->connecting_state to keep track of the connection status; there are three states: 'ssl_connect_1' (not started yet or complete), - 'ssl_connect_2_reading' (waiting for data from server), and - 'ssl_connect_2_writing' (waiting to be able to write). + 'ssl_connect_2' (doing handshake with the server), and + 'ssl_connect_3' (verifying and getting stats). */ static CURLcode gtls_connect_common(struct Curl_cfilter *cf, @@ -1516,7 +1699,7 @@ gtls_connect_common(struct Curl_cfilter *cf, bool *done) { struct ssl_connect_data *connssl = cf->ctx; - int rc; + CURLcode rc; CURLcode result = CURLE_OK; /* Initiate the connection, if not already done */ @@ -1595,143 +1778,146 @@ static bool gtls_data_pending(struct Curl_cfilter *cf, static ssize_t gtls_send(struct Curl_cfilter *cf, struct Curl_easy *data, - const void *mem, - size_t len, + const void *buf, + size_t blen, CURLcode *curlcode) { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = (struct gtls_ssl_backend_data *)connssl->backend; ssize_t rc; + size_t nwritten, total_written = 0; (void)data; DEBUGASSERT(backend); - backend->gtls.io_result = CURLE_OK; - rc = gnutls_record_send(backend->gtls.session, mem, len); + while(blen) { + backend->gtls.io_result = CURLE_OK; + rc = gnutls_record_send(backend->gtls.session, buf, blen); - if(rc < 0) { - *curlcode = (rc == GNUTLS_E_AGAIN)? - CURLE_AGAIN : - (backend->gtls.io_result? backend->gtls.io_result : CURLE_SEND_ERROR); + if(rc < 0) { + if(total_written && (rc == GNUTLS_E_AGAIN)) { + *curlcode = CURLE_OK; + rc = (ssize_t)total_written; + goto out; + } + *curlcode = (rc == GNUTLS_E_AGAIN)? + CURLE_AGAIN : + (backend->gtls.io_result? backend->gtls.io_result : CURLE_SEND_ERROR); - rc = -1; + rc = -1; + goto out; + } + nwritten = (size_t)rc; + total_written += nwritten; + DEBUGASSERT(nwritten <= blen); + buf = (char *)buf + nwritten; + blen -= nwritten; } + rc = total_written; +out: return rc; } -static void gtls_close(struct Curl_cfilter *cf, - struct Curl_easy *data) +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +static CURLcode gtls_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = (struct gtls_ssl_backend_data *)connssl->backend; + char buf[1024]; + CURLcode result = CURLE_OK; + ssize_t nread; + size_t i; - (void) data; DEBUGASSERT(backend); + if(!backend->gtls.session || cf->shutdown) { + *done = TRUE; + goto out; + } - if(backend->gtls.session) { - char buf[32]; - /* Maybe the server has already sent a close notify alert. - Read it to avoid an RST on the TCP connection. */ - (void)gnutls_record_recv(backend->gtls.session, buf, sizeof(buf)); - gnutls_bye(backend->gtls.session, GNUTLS_SHUT_WR); - gnutls_deinit(backend->gtls.session); - backend->gtls.session = NULL; + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + + if(!backend->gtls.sent_shutdown) { + /* do this only once */ + backend->gtls.sent_shutdown = TRUE; + if(send_shutdown) { + int ret = gnutls_bye(backend->gtls.session, GNUTLS_SHUT_RDWR); + if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { + CURL_TRC_CF(data, cf, "SSL shutdown, gnutls_bye EAGAIN"); + connssl->io_need = gnutls_record_get_direction(backend->gtls.session)? + CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; + backend->gtls.sent_shutdown = FALSE; + result = CURLE_OK; + goto out; + } + if(ret != GNUTLS_E_SUCCESS) { + CURL_TRC_CF(data, cf, "SSL shutdown, gnutls_bye error: '%s'(%d)", + gnutls_strerror((int)ret), (int)ret); + result = CURLE_RECV_ERROR; + goto out; + } + } } - if(backend->gtls.cred) { - gnutls_certificate_free_credentials(backend->gtls.cred); - backend->gtls.cred = NULL; + + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + for(i = 0; i < 10; ++i) { + nread = gnutls_record_recv(backend->gtls.session, buf, sizeof(buf)); + if(nread <= 0) + break; } -#ifdef USE_GNUTLS_SRP - if(backend->gtls.srp_client_cred) { - gnutls_srp_free_client_credentials(backend->gtls.srp_client_cred); - backend->gtls.srp_client_cred = NULL; + if(nread > 0) { + /* still data coming in? */ } -#endif + else if(nread == 0) { + /* We got the close notify alert and are done. */ + *done = TRUE; + } + else if((nread == GNUTLS_E_AGAIN) || (nread == GNUTLS_E_INTERRUPTED)) { + connssl->io_need = gnutls_record_get_direction(backend->gtls.session)? + CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; + } + else { + CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)", + gnutls_strerror((int)nread), (int)nread); + result = CURLE_RECV_ERROR; + } + +out: + cf->shutdown = (result || *done); + return result; } -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int gtls_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data) +static void gtls_close(struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; struct gtls_ssl_backend_data *backend = (struct gtls_ssl_backend_data *)connssl->backend; - int retval = 0; + (void) data; DEBUGASSERT(backend); - -#ifndef CURL_DISABLE_FTP - /* This has only been tested on the proftpd server, and the mod_tls code - sends a close notify alert without waiting for a close notify alert in - response. Thus we wait for a close notify alert from the server, but - we do not send one. Let's hope other servers do the same... */ - - if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) - gnutls_bye(backend->gtls.session, GNUTLS_SHUT_WR); -#endif - + CURL_TRC_CF(data, cf, "close"); if(backend->gtls.session) { - ssize_t result; - bool done = FALSE; - char buf[120]; - - while(!done && !connssl->peer_closed) { - int what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), - SSL_SHUTDOWN_TIMEOUT); - if(what > 0) { - /* Something to read, let's do it and hope that it is the close - notify alert from the server */ - result = gnutls_record_recv(backend->gtls.session, - buf, sizeof(buf)); - switch(result) { - case 0: - /* This is the expected response. There was no data but only - the close notify alert */ - done = TRUE; - break; - case GNUTLS_E_AGAIN: - case GNUTLS_E_INTERRUPTED: - infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED"); - break; - default: - retval = -1; - done = TRUE; - break; - } - } - else if(0 == what) { - /* timeout */ - failf(data, "SSL shutdown timeout"); - done = TRUE; - } - else { - /* anything that gets here is fatally bad */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - retval = -1; - done = TRUE; - } - } gnutls_deinit(backend->gtls.session); + backend->gtls.session = NULL; + } + if(backend->gtls.shared_creds) { + Curl_gtls_shared_creds_free(&backend->gtls.shared_creds); } - gnutls_certificate_free_credentials(backend->gtls.cred); - #ifdef USE_GNUTLS_SRP - { - struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - if(ssl_config->primary.username) - gnutls_srp_free_client_credentials(backend->gtls.srp_client_cred); + if(backend->gtls.srp_client_cred) { + gnutls_srp_free_client_credentials(backend->gtls.srp_client_cred); + backend->gtls.srp_client_cred = NULL; } #endif - - backend->gtls.cred = NULL; - backend->gtls.session = NULL; - - return retval; } static ssize_t gtls_recv(struct Curl_cfilter *cf, @@ -1831,7 +2017,8 @@ const struct Curl_ssl Curl_ssl_gnutls = { SSLSUPP_CA_PATH | SSLSUPP_CERTINFO | SSLSUPP_PINNEDPUBKEY | - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CA_CACHE, sizeof(struct gtls_ssl_backend_data), @@ -1856,9 +2043,9 @@ const struct Curl_ssl Curl_ssl_gnutls = { gtls_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ gtls_recv, /* recv decrypted data */ gtls_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_GNUTLS */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/gtls.h b/vendor/hydra/vendor/curl/lib/vtls/gtls.h index f8388b37..b0ca55bf 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/gtls.h +++ b/vendor/hydra/vendor/curl/lib/vtls/gtls.h @@ -30,6 +30,7 @@ #ifdef USE_GNUTLS #include +#include "timeval.h" #ifdef HAVE_GNUTLS_SRP /* the function exists */ @@ -45,14 +46,27 @@ struct ssl_primary_config; struct ssl_config_data; struct ssl_peer; +struct gtls_shared_creds { + gnutls_certificate_credentials_t creds; + char *CAfile; /* CAfile path used to generate X509 store */ + struct curltime time; /* when the shared creds was created */ + size_t refcount; + BIT(trust_setup); /* x509 anchors + CRLs have been set up */ +}; + +CURLcode Curl_gtls_shared_creds_create(struct Curl_easy *data, + struct gtls_shared_creds **pcreds); +CURLcode Curl_gtls_shared_creds_up_ref(struct gtls_shared_creds *creds); +void Curl_gtls_shared_creds_free(struct gtls_shared_creds **pcreds); + struct gtls_ctx { gnutls_session_t session; - gnutls_certificate_credentials_t cred; + struct gtls_shared_creds *shared_creds; #ifdef USE_GNUTLS_SRP gnutls_srp_client_credentials_t srp_client_cred; #endif CURLcode io_result; /* result of last IO cfilter operation */ - BIT(trust_setup); /* x509 anchors + CRLs have been set up */ + BIT(sent_shutdown); }; typedef CURLcode Curl_gtls_ctx_setup_cb(struct Curl_cfilter *cf, diff --git a/vendor/hydra/vendor/curl/lib/vtls/hostcheck.c b/vendor/hydra/vendor/curl/lib/vtls/hostcheck.c index 2726dca7..e46439a5 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/hostcheck.c +++ b/vendor/hydra/vendor/curl/lib/vtls/hostcheck.c @@ -62,7 +62,7 @@ static bool pmatch(const char *hostname, size_t hostlen, * We use the matching rule described in RFC6125, section 6.4.3. * https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3 * - * In addition: ignore trailing dots in the host names and wildcards, so that + * In addition: ignore trailing dots in the hostnames and wildcards, so that * the names are used normalized. This is what the browsers do. * * Do not allow wildcard matching on IP numbers. There are apparently diff --git a/vendor/hydra/vendor/curl/lib/vtls/hostcheck.h b/vendor/hydra/vendor/curl/lib/vtls/hostcheck.h index 22a1ac2e..6b4e3796 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/hostcheck.h +++ b/vendor/hydra/vendor/curl/lib/vtls/hostcheck.h @@ -26,7 +26,7 @@ #include -/* returns TRUE if there's a match */ +/* returns TRUE if there is a match */ bool Curl_cert_hostcheck(const char *match_pattern, size_t matchlen, const char *hostname, size_t hostlen); diff --git a/vendor/hydra/vendor/curl/lib/vtls/mbedtls.c b/vendor/hydra/vendor/curl/lib/vtls/mbedtls.c index ec0b10dd..1c00cbe1 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/mbedtls.c +++ b/vendor/hydra/vendor/curl/lib/vtls/mbedtls.c @@ -75,6 +75,7 @@ #include "mbedtls.h" #include "vtls.h" #include "vtls_int.h" +#include "x509asn1.h" #include "parsedate.h" #include "connect.h" /* for the connect timeout */ #include "select.h" @@ -110,6 +111,8 @@ struct mbed_ssl_backend_data { const char *protocols[3]; #endif int *ciphersuites; + BIT(initialized); /* mbedtls_ssl_context is initialized */ + BIT(sent_shutdown); }; /* apply threading? */ @@ -197,7 +200,8 @@ static int mbedtls_bio_cf_write(void *bio, if(!data) return 0; - nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &result); + nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, FALSE, + &result); CURL_TRC_CF(data, cf, "mbedtls_bio_cf_out_write(len=%zu) -> %zd, err=%d", blen, nwritten, result); if(nwritten < 0 && CURLE_AGAIN == result) { @@ -246,8 +250,8 @@ static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = 1024, /* RSA min key len */ }; -/* See https://tls.mbed.org/discussions/generic/ - howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der +/* See https://web.archive.org/web/20200921194007/tls.mbed.org/discussions/ + generic/howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der */ #define RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE) #define ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES) @@ -255,138 +259,91 @@ static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = #define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES) -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 -static CURLcode mbedtls_version_from_curl( - mbedtls_ssl_protocol_version* mbedver, long version) +static CURLcode +mbed_set_ssl_version_min_max(struct Curl_easy *data, + struct mbed_ssl_backend_data *backend, + struct ssl_primary_config *conn_config) { - switch(version) { + /* TLS 1.0 and TLS 1.1 were dropped with mbedTLS 3.0.0 (2021). So, since + * then, and before the introduction of TLS 1.3 in 3.6.0 (2024), this + * function basically always sets TLS 1.2 as min/max, unless given + * unsupported option values. */ + +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + int ver_min = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ + int ver_max = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ +#else + /* mbedTLS 3.2.0 (2022) introduced new methods for setting TLS version */ + mbedtls_ssl_protocol_version ver_min = MBEDTLS_SSL_VERSION_TLS1_2; + mbedtls_ssl_protocol_version ver_max = MBEDTLS_SSL_VERSION_TLS1_2; +#endif + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: + ver_min = MBEDTLS_SSL_MINOR_VERSION_1; + break; case CURL_SSLVERSION_TLSv1_1: + ver_min = MBEDTLS_SSL_MINOR_VERSION_2; + break; +#else + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: +#endif case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_VERSION_TLS1_2; - return CURLE_OK; + /* ver_min = MBEDTLS_SSL_VERSION_TLS1_2; */ + break; case CURL_SSLVERSION_TLSv1_3: #ifdef TLS13_SUPPORT - *mbedver = MBEDTLS_SSL_VERSION_TLS1_3; - return CURLE_OK; -#else + ver_min = MBEDTLS_SSL_VERSION_TLS1_3; break; #endif + default: + failf(data, "mbedTLS: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } - return CURLE_SSL_CONNECT_ERROR; -} -#else -static CURLcode mbedtls_version_from_curl(int *mbedver, long version) -{ -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 - switch(version) { - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_3; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - break; - } -#else - switch(version) { - case CURL_SSLVERSION_TLSv1_0: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_1; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_1: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_2; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_2: - *mbedver = MBEDTLS_SSL_MINOR_VERSION_3; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - break; - } -#endif - - return CURLE_SSL_CONNECT_ERROR; -} -#endif - -static CURLcode -set_ssl_version_min_max(struct Curl_cfilter *cf, struct Curl_easy *data) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct mbed_ssl_backend_data *backend = - (struct mbed_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 - mbedtls_ssl_protocol_version mbedtls_ver_min = MBEDTLS_SSL_VERSION_TLS1_2; + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: #ifdef TLS13_SUPPORT - mbedtls_ssl_protocol_version mbedtls_ver_max = MBEDTLS_SSL_VERSION_TLS1_3; -#else - mbedtls_ssl_protocol_version mbedtls_ver_max = MBEDTLS_SSL_VERSION_TLS1_2; -#endif -#elif MBEDTLS_VERSION_NUMBER >= 0x03000000 - int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_3; - int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_3; -#else - int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1; - int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_1; + ver_max = MBEDTLS_SSL_VERSION_TLS1_3; + break; #endif - long ssl_version = conn_config->version; - long ssl_version_max = conn_config->version_max; - CURLcode result = CURLE_OK; - - DEBUGASSERT(backend); - - switch(ssl_version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - ssl_version = CURL_SSLVERSION_TLSv1_0; - break; - } - - switch(ssl_version_max) { - case CURL_SSLVERSION_MAX_NONE: - case CURL_SSLVERSION_MAX_DEFAULT: -#ifdef TLS13_SUPPORT - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; + case CURL_SSLVERSION_MAX_TLSv1_2: + /* ver_max = MBEDTLS_SSL_VERSION_TLS1_2; */ + break; +#if MBEDTLS_VERSION_NUMBER < 0x03000000 + case CURL_SSLVERSION_MAX_TLSv1_1: + ver_max = MBEDTLS_SSL_MINOR_VERSION_2; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + ver_max = MBEDTLS_SSL_MINOR_VERSION_1; + break; #else - ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; + case CURL_SSLVERSION_MAX_TLSv1_1: + case CURL_SSLVERSION_MAX_TLSv1_0: #endif - break; - } - - result = mbedtls_version_from_curl(&mbedtls_ver_min, ssl_version); - if(result) { - failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); - return result; - } - result = mbedtls_version_from_curl(&mbedtls_ver_max, ssl_version_max >> 16); - if(result) { - failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); - return result; + default: + failf(data, "mbedTLS: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 - mbedtls_ssl_conf_min_tls_version(&backend->config, mbedtls_ver_min); - mbedtls_ssl_conf_max_tls_version(&backend->config, mbedtls_ver_max); -#else +#if MBEDTLS_VERSION_NUMBER < 0x03020000 mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - mbedtls_ver_min); + ver_min); mbedtls_ssl_conf_max_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - mbedtls_ver_max); -#endif - -#ifdef TLS13_SUPPORT - if(mbedtls_ver_min == MBEDTLS_SSL_VERSION_TLS1_3) { - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_REQUIRED); - } - else { - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_OPTIONAL); - } + ver_max); #else - mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_min_tls_version(&backend->config, ver_min); + mbedtls_ssl_conf_max_tls_version(&backend->config, ver_max); #endif - return result; + return CURLE_OK; } /* TLS_ECJPAKE_WITH_AES_128_CCM_8 (0xC0FF) is marked experimental @@ -425,11 +382,13 @@ mbed_cipher_suite_walk_str(const char **str, const char **end) static CURLcode mbed_set_selected_ciphers(struct Curl_easy *data, struct mbed_ssl_backend_data *backend, - const char *ciphers) + const char *ciphers12, + const char *ciphers13) { + const char *ciphers = ciphers12; const int *supported; int *selected; - size_t supported_len, count = 0, i; + size_t supported_len, count = 0, default13_count = 0, i, j; const char *ptr, *end; supported = mbedtls_ssl_list_ciphersuites(); @@ -440,6 +399,26 @@ mbed_set_selected_ciphers(struct Curl_easy *data, if(!selected) return CURLE_OUT_OF_MEMORY; +#ifndef TLS13_SUPPORT + (void) ciphers13, (void) j; +#else + if(!ciphers13) { + /* Add default TLSv1.3 ciphers to selection */ + for(j = 0; j < supported_len; j++) { + uint16_t id = (uint16_t) supported[j]; + if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) != 0) + continue; + + selected[count++] = id; + } + + default13_count = count; + } + else + ciphers = ciphers13; + +add_ciphers: +#endif for(ptr = ciphers; ptr[0] != '\0' && count < supported_len; ptr = end) { uint16_t id = mbed_cipher_suite_walk_str(&ptr, &end); @@ -459,14 +438,38 @@ mbed_set_selected_ciphers(struct Curl_easy *data, /* No duplicates allowed (so selected cannot overflow) */ for(i = 0; i < count && selected[i] != id; i++); if(i < count) { - infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"", - (int) (end - ptr), ptr); + if(i >= default13_count) + infof(data, "mbedTLS: duplicate cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); continue; } selected[count++] = id; } +#ifdef TLS13_SUPPORT + if(ciphers == ciphers13 && ciphers12) { + ciphers = ciphers12; + goto add_ciphers; + } + + if(!ciphers12) { + /* Add default TLSv1.2 ciphers to selection */ + for(j = 0; j < supported_len; j++) { + uint16_t id = (uint16_t) supported[j]; + if(strncmp(mbedtls_ssl_get_ciphersuite_name(id), "TLS1-3", 6) == 0) + continue; + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != id; i++); + if(i < count) + continue; + + selected[count++] = id; + } + } +#endif + selected[count] = 0; if(count == 0) { @@ -482,6 +485,80 @@ mbed_set_selected_ciphers(struct Curl_easy *data, return CURLE_OK; } +static void +mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) +{ +#if defined(CURL_DISABLE_VERBOSE_STRINGS) || \ + (MBEDTLS_VERSION_NUMBER >= 0x03000000 && defined(MBEDTLS_X509_REMOVE_INFO)) + (void) data, (void) crt; +#else + const size_t bufsize = 16384; + char *p, *buffer = malloc(bufsize); + + if(buffer && mbedtls_x509_crt_info(buffer, bufsize, " ", crt) > 0) { + infof(data, "Server certificate:"); + for(p = buffer; *p; p += *p != '\0') { + size_t s = strcspn(p, "\n"); + infof(data, "%.*s", (int) s, p); + p += s; + } + } + else + infof(data, "Unable to dump certificate information"); + + free(buffer); +#endif +} + +static void +mbed_extract_certinfo(struct Curl_easy *data, const mbedtls_x509_crt *crt) +{ + CURLcode result; + const mbedtls_x509_crt *cur; + int i; + + for(i = 0, cur = crt; cur; ++i, cur = cur->next); + result = Curl_ssl_init_certinfo(data, i); + + for(i = 0, cur = crt; result == CURLE_OK && cur; ++i, cur = cur->next) { + const char *beg = (const char *) cur->raw.p; + const char *end = beg + cur->raw.len; + result = Curl_extract_certinfo(data, i, beg, end); + } +} + +static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt, + int depth, uint32_t *flags) +{ + struct Curl_cfilter *cf = (struct Curl_cfilter *) ptr; + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct Curl_easy *data = CF_DATA_CURRENT(cf); + + if(depth == 0) { + if(data->set.verbose) + mbed_dump_cert_info(data, crt); + if(data->set.ssl.certinfo) + mbed_extract_certinfo(data, crt); + } + + if(!conn_config->verifypeer) + *flags = 0; + else if(!conn_config->verifyhost) + *flags &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; + + if(*flags) { +#if MBEDTLS_VERSION_NUMBER < 0x03000000 || !defined(MBEDTLS_X509_REMOVE_INFO) + char buf[128]; + mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags); + failf(data, "mbedTLS: %s", buf); +#else + failf(data, "mbedTLS: cerificate verification error 0x%08x", *flags); +#endif + } + + return 0; +} + static CURLcode mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) { @@ -504,6 +581,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) char errorbuf[128]; DEBUGASSERT(backend); + DEBUGASSERT(!backend->initialized); if((conn_config->version == CURL_SSLVERSION_SSLv2) || (conn_config->version == CURL_SSLVERSION_SSLv3)) { @@ -636,7 +714,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "Error reading private key %s - mbedTLS: (-0x%04X) %s", + failf(data, "Error reading client cert data %s - mbedTLS: (-0x%04X) %s", ssl_config->key, -ret, errorbuf); return CURLE_SSL_CERTPROBLEM; } @@ -738,35 +816,22 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; } + /* Always let mbedTLS verify certificates, if verifypeer or verifyhost are + * disabled we clear the corresponding error flags in the verify callback + * function. That is also where we log verification errors. */ + mbedtls_ssl_conf_verify(&backend->config, mbed_verify_cb, cf); + mbedtls_ssl_conf_authmode(&backend->config, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_ssl_init(&backend->ssl); + backend->initialized = TRUE; /* new profile with RSA min key len = 1024 ... */ mbedtls_ssl_conf_cert_profile(&backend->config, &mbedtls_x509_crt_profile_fr); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_1); - infof(data, "mbedTLS: Set min SSL version to TLS 1.0"); - break; -#endif - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - { - CURLcode result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - } - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } + ret = mbed_set_ssl_version_min_max(data, backend, conn_config); + if(ret != CURLE_OK) + return ret; mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random, &backend->ctr_drbg); @@ -784,11 +849,20 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) mbedtls_bio_cf_read, NULL /* rev_timeout() */); +#ifndef TLS13_SUPPORT if(conn_config->cipher_list) { - ret = mbed_set_selected_ciphers(data, backend, conn_config->cipher_list); - if(ret) { + CURLcode result = mbed_set_selected_ciphers(data, backend, + conn_config->cipher_list, + NULL); +#else + if(conn_config->cipher_list || conn_config->cipher_list13) { + CURLcode result = mbed_set_selected_ciphers(data, backend, + conn_config->cipher_list, + conn_config->cipher_list13); +#endif + if(result != CURLE_OK) { failf(data, "mbedTLS: failed to set cipher suites"); - return ret; + return result; } } else { @@ -807,8 +881,8 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) MBEDTLS_SSL_SESSION_TICKETS_DISABLED); #endif - /* Check if there's a cached ID we can/should use here! */ - if(ssl_config->primary.sessionid) { + /* Check if there is a cached ID we can/should use here! */ + if(ssl_config->primary.cache_session) { void *old_session = NULL; Curl_ssl_sessionid_lock(data); @@ -854,7 +928,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) for(i = 0; i < connssl->alpn->count; ++i) { backend->protocols[i] = connssl->alpn->entries[i]; } - /* this function doesn't clone the protocols array, which is why we need + /* this function does not clone the protocols array, which is why we need to keep it around */ if(mbedtls_ssl_conf_alpn_protocols(&backend->config, &backend->protocols[0])) { @@ -880,11 +954,11 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* give application a chance to interfere with mbedTLS set up. */ if(data->set.ssl.fsslctx) { - ret = (*data->set.ssl.fsslctx)(data, &backend->config, - data->set.ssl.fsslctxp); - if(ret) { + CURLcode result = (*data->set.ssl.fsslctx)(data, &backend->config, + data->set.ssl.fsslctxp); + if(result != CURLE_OK) { failf(data, "error signaled by ssl ctx callback"); - return ret; + return result; } } @@ -900,10 +974,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - const mbedtls_x509_crt *peercert; - char cipher_str[64]; - uint16_t cipher_id; #ifndef CURL_DISABLE_PROXY const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]: @@ -917,78 +987,52 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) ret = mbedtls_ssl_handshake(&backend->ssl); if(ret == MBEDTLS_ERR_SSL_WANT_READ) { - connssl->connecting_state = ssl_connect_2_reading; + connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } else if(ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - connssl->connecting_state = ssl_connect_2_writing; + connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } + else if(ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { + failf(data, "peer certificate could not be verified"); + return CURLE_PEER_FAILED_VERIFICATION; + } else if(ret) { char errorbuf[128]; +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 + CURL_TRC_CF(data, cf, "TLS version %04X", + mbedtls_ssl_get_version_number(&backend->ssl)); +#endif mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "ssl_handshake returned - mbedTLS: (-0x%04X) %s", + failf(data, "ssl_handshake returned: (-0x%04X) %s", -ret, errorbuf); return CURLE_SSL_CONNECT_ERROR; } - cipher_id = (uint16_t) - mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); - mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true); - infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str); - - ret = mbedtls_ssl_get_verify_result(&backend->ssl); - - if(!conn_config->verifyhost) - /* Ignore hostname errors if verifyhost is disabled */ - ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; - - if(ret && conn_config->verifypeer) { - if(ret & MBEDTLS_X509_BADCERT_EXPIRED) - failf(data, "Cert verify failed: BADCERT_EXPIRED"); - - else if(ret & MBEDTLS_X509_BADCERT_REVOKED) - failf(data, "Cert verify failed: BADCERT_REVOKED"); - - else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) - failf(data, "Cert verify failed: BADCERT_CN_MISMATCH"); - - else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED) - failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED"); - - else if(ret & MBEDTLS_X509_BADCERT_FUTURE) - failf(data, "Cert verify failed: BADCERT_FUTURE"); - - return CURLE_PEER_FAILED_VERIFICATION; +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 + { + char cipher_str[64]; + uint16_t cipher_id; + cipher_id = (uint16_t) + mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl); + mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true); + infof(data, "mbedTLS: %s Handshake complete, cipher is %s", + mbedtls_ssl_get_version(&backend->ssl), cipher_str); } - - peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); - - if(peercert && data->set.verbose) { -#ifndef MBEDTLS_X509_REMOVE_INFO - const size_t bufsize = 16384; - char *buffer = malloc(bufsize); - - if(!buffer) - return CURLE_OUT_OF_MEMORY; - - if(mbedtls_x509_crt_info(buffer, bufsize, "* ", peercert) > 0) - infof(data, "Dumping cert info: %s", buffer); - else - infof(data, "Unable to dump certificate information"); - - free(buffer); #else - infof(data, "Unable to dump certificate information"); + infof(data, "mbedTLS: %s Handshake complete", + mbedtls_ssl_get_version(&backend->ssl)); #endif - } if(pinnedpubkey) { int size; CURLcode result; + const mbedtls_x509_crt *peercert; mbedtls_x509_crt *p = NULL; unsigned char *pubkey = NULL; + peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); #if MBEDTLS_VERSION_NUMBER == 0x03000000 if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) { @@ -1088,10 +1132,9 @@ mbed_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); DEBUGASSERT(backend); - if(ssl_config->primary.sessionid) { + if(ssl_config->primary.cache_session) { int ret; mbedtls_ssl_session *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session)); if(!our_ssl_sessionid) @@ -1108,15 +1151,11 @@ mbed_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; } - /* If there's already a matching session in the cache, delete it */ + /* If there is already a matching session in the cache, delete it */ Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, - &old_ssl_sessionid, NULL)) - Curl_ssl_delsessionid(data, old_ssl_sessionid); - - retcode = Curl_ssl_addsessionid(cf, data, &connssl->peer, - our_ssl_sessionid, 0, - mbedtls_session_free); + retcode = Curl_ssl_set_sessionid(cf, data, &connssl->peer, + our_ssl_sessionid, 0, + mbedtls_session_free); Curl_ssl_sessionid_unlock(data); if(retcode) return retcode; @@ -1141,8 +1180,13 @@ static ssize_t mbed_send(struct Curl_cfilter *cf, struct Curl_easy *data, ret = mbedtls_ssl_write(&backend->ssl, (unsigned char *)mem, len); if(ret < 0) { - *curlcode = (ret == MBEDTLS_ERR_SSL_WANT_WRITE) ? - CURLE_AGAIN : CURLE_SEND_ERROR; + CURL_TRC_CF(data, cf, "mbedtls_ssl_write(len=%zu) -> -0x%04X", + len, -ret); + *curlcode = ((ret == MBEDTLS_ERR_SSL_WANT_WRITE) +#ifdef TLS13_SUPPORT + || (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) +#endif + )? CURLE_AGAIN : CURLE_SEND_ERROR; ret = -1; } @@ -1154,33 +1198,120 @@ static void mbedtls_close_all(struct Curl_easy *data) (void)data; } -static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode mbedtls_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)connssl->backend; - char buf[32]; + unsigned char buf[1024]; + CURLcode result = CURLE_OK; + int ret; + size_t i; - (void)data; DEBUGASSERT(backend); - /* Maybe the server has already sent a close notify alert. - Read it to avoid an RST on the TCP connection. */ - (void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf)); + if(!backend->initialized || cf->shutdown) { + *done = TRUE; + return CURLE_OK; + } - mbedtls_pk_free(&backend->pk); - mbedtls_x509_crt_free(&backend->clicert); - mbedtls_x509_crt_free(&backend->cacert); + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + + if(!backend->sent_shutdown) { + /* do this only once */ + backend->sent_shutdown = TRUE; + if(send_shutdown) { + ret = mbedtls_ssl_close_notify(&backend->ssl); + switch(ret) { + case 0: /* we sent it, receive from the server */ + break; + case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: /* server also closed */ + *done = TRUE; + goto out; + case MBEDTLS_ERR_SSL_WANT_READ: + connssl->io_need = CURL_SSL_IO_NEED_RECV; + goto out; + case MBEDTLS_ERR_SSL_WANT_WRITE: + connssl->io_need = CURL_SSL_IO_NEED_SEND; + goto out; + default: + CURL_TRC_CF(data, cf, "mbedtls_shutdown error -0x%04X", -ret); + result = CURLE_RECV_ERROR; + goto out; + } + } + } + + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + for(i = 0; i < 10; ++i) { + ret = mbedtls_ssl_read(&backend->ssl, buf, sizeof(buf)); + /* This seems to be a bug in mbedTLS TLSv1.3 where it reports + * WANT_READ, but has not encountered an EAGAIN. */ + if(ret == MBEDTLS_ERR_SSL_WANT_READ) + ret = mbedtls_ssl_read(&backend->ssl, buf, sizeof(buf)); +#ifdef TLS13_SUPPORT + if(ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) + continue; +#endif + if(ret <= 0) + break; + } + + if(ret > 0) { + /* still data coming in? */ + CURL_TRC_CF(data, cf, "mbedtls_shutdown, still getting data"); + } + else if(ret == 0 || (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)) { + /* We got the close notify alert and are done. */ + CURL_TRC_CF(data, cf, "mbedtls_shutdown done"); + *done = TRUE; + } + else if(ret == MBEDTLS_ERR_SSL_WANT_READ) { + CURL_TRC_CF(data, cf, "mbedtls_shutdown, need RECV"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; + } + else if(ret == MBEDTLS_ERR_SSL_WANT_WRITE) { + CURL_TRC_CF(data, cf, "mbedtls_shutdown, need SEND"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + } + else { + CURL_TRC_CF(data, cf, "mbedtls_shutdown error -0x%04X", -ret); + result = CURLE_RECV_ERROR; + } + +out: + cf->shutdown = (result || *done); + return result; +} + +static void mbedtls_close(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct mbed_ssl_backend_data *backend = + (struct mbed_ssl_backend_data *)connssl->backend; + + (void)data; + DEBUGASSERT(backend); + if(backend->initialized) { + mbedtls_pk_free(&backend->pk); + mbedtls_x509_crt_free(&backend->clicert); + mbedtls_x509_crt_free(&backend->cacert); #ifdef MBEDTLS_X509_CRL_PARSE_C - mbedtls_x509_crl_free(&backend->crl); + mbedtls_x509_crl_free(&backend->crl); #endif - Curl_safefree(backend->ciphersuites); - mbedtls_ssl_config_free(&backend->config); - mbedtls_ssl_free(&backend->ssl); - mbedtls_ctr_drbg_free(&backend->ctr_drbg); + Curl_safefree(backend->ciphersuites); + mbedtls_ssl_config_free(&backend->config); + mbedtls_ssl_free(&backend->ssl); + mbedtls_ctr_drbg_free(&backend->ctr_drbg); #ifndef THREADING_SUPPORT - mbedtls_entropy_free(&backend->entropy); + mbedtls_entropy_free(&backend->entropy); #endif /* THREADING_SUPPORT */ + backend->initialized = FALSE; + } } static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -1198,16 +1329,21 @@ static ssize_t mbed_recv(struct Curl_cfilter *cf, struct Curl_easy *data, ret = mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, buffersize); - if(ret <= 0) { + CURL_TRC_CF(data, cf, "mbedtls_ssl_read(len=%zu) -> -0x%04X", + buffersize, -ret); if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) return 0; - *curlcode = ((ret == MBEDTLS_ERR_SSL_WANT_READ) #ifdef TLS13_SUPPORT || (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) #endif ) ? CURLE_AGAIN : CURLE_RECV_ERROR; + if(*curlcode != CURLE_AGAIN) { + char errorbuf[128]; + mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); + failf(data, "ssl_read returned: (-0x%04X) %s", -ret, errorbuf); + } return -1; } @@ -1290,7 +1426,7 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, } if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ + /* Find out how much more time we are allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -1303,9 +1439,7 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, return retcode; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -1316,14 +1450,13 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading - || connssl->connecting_state == ssl_connect_2_writing) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -1353,11 +1486,10 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, * ensuring that a client using select() or epoll() will always * have a valid fdset to wait on. */ + connssl->io_need = CURL_SSL_IO_NEED_NONE; retcode = mbed_connect_step2(cf, data); - if(retcode || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(retcode || + (nonblocking && (ssl_connect_2 == connssl->connecting_state))) return retcode; } /* repeat step2 until all transactions are done. */ @@ -1474,9 +1606,14 @@ const struct Curl_ssl Curl_ssl_mbedtls = { SSLSUPP_CA_PATH | SSLSUPP_CAINFO_BLOB | + SSLSUPP_CERTINFO | SSLSUPP_PINNEDPUBKEY | SSLSUPP_SSL_CTX | - SSLSUPP_HTTPS_PROXY, +#ifdef TLS13_SUPPORT + SSLSUPP_TLS13_CIPHERSUITES | +#endif + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct mbed_ssl_backend_data), @@ -1484,7 +1621,7 @@ const struct Curl_ssl Curl_ssl_mbedtls = { mbedtls_cleanup, /* cleanup */ mbedtls_version, /* version */ Curl_none_check_cxn, /* check_cxn */ - Curl_none_shutdown, /* shutdown */ + mbedtls_shutdown, /* shutdown */ mbedtls_data_pending, /* data_pending */ mbedtls_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ @@ -1501,9 +1638,9 @@ const struct Curl_ssl Curl_ssl_mbedtls = { mbedtls_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ mbed_recv, /* recv decrypted data */ mbed_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_MBEDTLS */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/openssl.c b/vendor/hydra/vendor/curl/lib/vtls/openssl.c index 298a488a..b2f9e718 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/openssl.c +++ b/vendor/hydra/vendor/curl/lib/vtls/openssl.c @@ -231,7 +231,7 @@ /* * Whether SSL_CTX_set1_curves_list is available. * OpenSSL: supported since 1.0.2, see - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/ * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30) * LibreSSL: since 2.5.3 (April 12, 2017) */ @@ -254,13 +254,20 @@ #endif #endif +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) +typedef size_t numcert_t; +#else +typedef int numcert_t; +#endif +#define ossl_valsize_t numcert_t + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* up2date versions of OpenSSL maintain reasonably secure defaults without * breaking compatibility, so it is better not to override the defaults in curl */ #define DEFAULT_CIPHER_SELECTION NULL #else -/* ... but it is not the case with old versions of OpenSSL */ +/* not the case with old versions of OpenSSL */ #define DEFAULT_CIPHER_SELECTION \ "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH" #endif @@ -307,37 +314,36 @@ typedef unsigned long sslerr_t; #define USE_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) #endif /* !LIBRESSL_VERSION_NUMBER */ -#if defined(HAVE_SSL_X509_STORE_SHARE) -struct multi_ssl_backend_data { - char *CAfile; /* CAfile path used to generate X509 store */ - X509_STORE *store; /* cached X509 store or NULL if none */ - struct curltime time; /* when the cached store was created */ -}; -#endif /* HAVE_SSL_X509_STORE_SHARE */ +static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl); -#define push_certinfo(_label, _num) \ -do { \ - long info_len = BIO_get_mem_data(mem, &ptr); \ - Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \ - if(1 != BIO_reset(mem)) \ - break; \ -} while(0) +static CURLcode push_certinfo(struct Curl_easy *data, + BIO *mem, const char *label, int num) + WARN_UNUSED_RESULT; -static void pubkey_show(struct Curl_easy *data, - BIO *mem, - int num, - const char *type, - const char *name, - const BIGNUM *bn) +static CURLcode push_certinfo(struct Curl_easy *data, + BIO *mem, const char *label, int num) { char *ptr; + long len = BIO_get_mem_data(mem, &ptr); + CURLcode result = Curl_ssl_push_certinfo_len(data, num, label, ptr, len); + (void)BIO_reset(mem); + return result; +} + +static CURLcode pubkey_show(struct Curl_easy *data, + BIO *mem, + int num, + const char *type, + const char *name, + const BIGNUM *bn) +{ char namebuf[32]; msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); if(bn) BN_print(mem, bn); - push_certinfo(namebuf, num); + return push_certinfo(data, mem, namebuf, num); } #ifdef HAVE_OPAQUE_RSA_DSA_DH @@ -369,25 +375,26 @@ static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len) return 0; } -static void X509V3_ext(struct Curl_easy *data, - int certnum, - CONST_EXTS STACK_OF(X509_EXTENSION) *exts) +static CURLcode X509V3_ext(struct Curl_easy *data, + int certnum, + CONST_EXTS STACK_OF(X509_EXTENSION) *exts) { int i; + CURLcode result = CURLE_OK; if((int)sk_X509_EXTENSION_num(exts) <= 0) /* no extensions, bail out */ - return; + return result; for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, (ossl_valsize_t)i); BUF_MEM *biomem; char namebuf[128]; BIO *bio_out = BIO_new(BIO_s_mem()); if(!bio_out) - return; + return result; obj = X509_EXTENSION_get_object(ext); @@ -397,19 +404,16 @@ static void X509V3_ext(struct Curl_easy *data, ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext)); BIO_get_mem_ptr(bio_out, &biomem); - Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, - biomem->length); + result = Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, + biomem->length); BIO_free(bio_out); + if(result) + break; } + return result; } -#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) -typedef size_t numcert_t; -#else -typedef int numcert_t; -#endif - -CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) +static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl) { CURLcode result; STACK_OF(X509) *sk; @@ -427,38 +431,43 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) numcerts = sk_X509_num(sk); result = Curl_ssl_init_certinfo(data, (int)numcerts); - if(result) { + if(result) return result; - } mem = BIO_new(BIO_s_mem()); - if(!mem) { - return CURLE_OUT_OF_MEMORY; - } + if(!mem) + result = CURLE_OUT_OF_MEMORY; - for(i = 0; i < (int)numcerts; i++) { + for(i = 0; !result && (i < (int)numcerts); i++) { ASN1_INTEGER *num; - X509 *x = sk_X509_value(sk, i); + X509 *x = sk_X509_value(sk, (ossl_valsize_t)i); EVP_PKEY *pubkey = NULL; int j; - char *ptr; const ASN1_BIT_STRING *psig = NULL; X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); - push_certinfo("Subject", i); + result = push_certinfo(data, mem, "Subject", i); + if(result) + break; X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); - push_certinfo("Issuer", i); + result = push_certinfo(data, mem, "Issuer", i); + if(result) + break; BIO_printf(mem, "%lx", X509_get_version(x)); - push_certinfo("Version", i); + result = push_certinfo(data, mem, "Version", i); + if(result) + break; num = X509_get_serialNumber(x); if(num->type == V_ASN1_NEG_INTEGER) BIO_puts(mem, "-"); for(j = 0; j < num->length; j++) BIO_printf(mem, "%02x", num->data[j]); - push_certinfo("Serial Number", i); + result = push_certinfo(data, mem, "Serial Number", i); + if(result) + break; #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS) { @@ -471,7 +480,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) const ASN1_OBJECT *sigalgoid = NULL; X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg); i2a_ASN1_OBJECT(mem, sigalgoid); - push_certinfo("Signature Algorithm", i); + result = push_certinfo(data, mem, "Signature Algorithm", i); + if(result) + break; } xpubkey = X509_get_X509_PUBKEY(x); @@ -479,11 +490,15 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); if(pubkeyoid) { i2a_ASN1_OBJECT(mem, pubkeyoid); - push_certinfo("Public Key Algorithm", i); + result = push_certinfo(data, mem, "Public Key Algorithm", i); + if(result) + break; } } - X509V3_ext(data, i, X509_get0_extensions(x)); + result = X509V3_ext(data, i, X509_get0_extensions(x)); + if(result) + break; } #else { @@ -491,22 +506,32 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) X509_CINF *cinf = x->cert_info; i2a_ASN1_OBJECT(mem, cinf->signature->algorithm); - push_certinfo("Signature Algorithm", i); + result = push_certinfo(data, mem, "Signature Algorithm", i); - i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm); - push_certinfo("Public Key Algorithm", i); + if(!result) { + i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm); + result = push_certinfo(data, mem, "Public Key Algorithm", i); + } + + if(!result) + result = X509V3_ext(data, i, cinf->extensions); - X509V3_ext(data, i, cinf->extensions); + if(result) + break; psig = x->signature; } #endif ASN1_TIME_print(mem, X509_get0_notBefore(x)); - push_certinfo("Start date", i); + result = push_certinfo(data, mem, "Start date", i); + if(result) + break; ASN1_TIME_print(mem, X509_get0_notAfter(x)); - push_certinfo("Expire date", i); + result = push_certinfo(data, mem, "Expire date", i); + if(result) + break; pubkey = X509_get_pubkey(x); if(!pubkey) @@ -519,8 +544,7 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) pktype = pubkey->type; #endif switch(pktype) { - case EVP_PKEY_RSA: - { + case EVP_PKEY_RSA: { #ifndef HAVE_EVP_PKEY_GET_PARAMS RSA *rsa; #ifdef HAVE_OPAQUE_EVP_PKEY @@ -544,7 +568,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) #else BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0); #endif /* HAVE_OPAQUE_RSA_DSA_DH */ - push_certinfo("RSA Public Key", i); + result = push_certinfo(data, mem, "RSA Public Key", i); + if(result) + break; print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); FREE_PKEY_PARAM_BIGNUM(n); @@ -592,8 +618,7 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) #endif /* !OPENSSL_NO_DSA */ break; } - case EVP_PKEY_DH: - { + case EVP_PKEY_DH: { #ifndef HAVE_EVP_PKEY_GET_PARAMS DH *dh; #ifdef HAVE_OPAQUE_EVP_PKEY @@ -636,19 +661,25 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) EVP_PKEY_free(pubkey); } - if(psig) { + if(!result && psig) { for(j = 0; j < psig->length; j++) BIO_printf(mem, "%02x:", psig->data[j]); - push_certinfo("Signature", i); + result = push_certinfo(data, mem, "Signature", i); } - PEM_write_bio_X509(mem, x); - push_certinfo("Cert", i); + if(!result) { + PEM_write_bio_X509(mem, x); + result = push_certinfo(data, mem, "Cert", i); + } } BIO_free(mem); - return CURLE_OK; + if(result) + /* cleanup all leftovers */ + Curl_ssl_free_certinfo(data); + + return result; } #endif /* quiche or OpenSSL */ @@ -727,7 +758,11 @@ static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen) CURLcode result = CURLE_SEND_ERROR; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); + if(blen < 0) + return 0; + + nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, FALSE, + &result); CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d", blen, (int)nwritten, result); BIO_clear_retry_flags(bio); @@ -752,8 +787,10 @@ static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen) /* OpenSSL catches this case, so should we. */ if(!buf) return 0; + if(blen < 0) + return 0; - nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result); + nread = Curl_conn_cf_recv(cf->next, data, buf, (size_t)blen, &result); CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d", blen, (int)nread, result); BIO_clear_retry_flags(bio); @@ -844,7 +881,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line) #else /* * ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the - * OpenSSL being used doesn't have native support for doing that. + * OpenSSL being used does not have native support for doing that. */ static void ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) @@ -860,7 +897,7 @@ ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ !(defined(LIBRESSL_VERSION_NUMBER) && \ LIBRESSL_VERSION_NUMBER < 0x20700000L) - /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that + /* ssl->s3 is not checked in OpenSSL 1.1.0-pre6, but let's assume that * we have a valid SSL context if we have a non-NULL session. */ SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); master_key_length = (int) @@ -963,7 +1000,7 @@ static int passwd_callback(char *buf, int num, int encrypting, { DEBUGASSERT(0 == encrypting); - if(!encrypting) { + if(!encrypting && num >= 0) { int klen = curlx_uztosi(strlen((char *)global_passwd)); if(num > klen) { memcpy(buf, global_passwd, klen + 1); @@ -999,12 +1036,6 @@ static CURLcode ossl_seed(struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; #else -#ifdef RANDOM_FILE - RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH); - if(rand_enough()) - return CURLE_OK; -#endif - /* fallback to a custom seeding of the PRNG using a hash based on a current time */ do { @@ -1014,13 +1045,12 @@ static CURLcode ossl_seed(struct Curl_easy *data) for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) { struct curltime tv = Curl_now(); Curl_wait_ms(1); - tv.tv_sec *= i + 1; - tv.tv_usec *= (unsigned int)i + 2; - tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) * - (i + 3)) << 8; - tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec + - Curl_now().tv_usec) * - (i + 4)) << 16; + tv.tv_sec *= (time_t)i + 1; + tv.tv_usec *= (int)i + 2; + tv.tv_sec ^= ((Curl_now().tv_sec + (time_t)Curl_now().tv_usec) * + (time_t)(i + 3)) << 8; + tv.tv_usec ^= (int) ((Curl_now().tv_sec + (time_t)Curl_now().tv_usec) * + (time_t)(i + 4)) << 16; memcpy(&randb[i * sizeof(struct curltime)], &tv, sizeof(struct curltime)); } @@ -1033,7 +1063,7 @@ static CURLcode ossl_seed(struct Curl_easy *data) fname[0] = 0; /* blank it first */ RAND_file_name(fname, sizeof(fname)); if(fname[0]) { - /* we got a file name to try */ + /* we got a filename to try */ RAND_load_file(fname, RAND_LOAD_LENGTH); if(rand_enough()) return CURLE_OK; @@ -1052,7 +1082,7 @@ static CURLcode ossl_seed(struct Curl_easy *data) #ifndef SSL_FILETYPE_PKCS12 #define SSL_FILETYPE_PKCS12 43 #endif -static int do_file_type(const char *type) +static int ossl_do_file_type(const char *type) { if(!type || !type[0]) return SSL_FILETYPE_PEM; @@ -1274,7 +1304,7 @@ int cert_stuff(struct Curl_easy *data, char error_buffer[256]; bool check_privkey = TRUE; - int file_type = do_file_type(cert_type); + int file_type = ossl_do_file_type(cert_type); if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE)) { SSL *ssl; @@ -1369,7 +1399,7 @@ int cert_stuff(struct Curl_easy *data, } if(!params.cert) { - failf(data, "ssl engine didn't initialized the certificate " + failf(data, "ssl engine did not initialized the certificate " "properly."); return 0; } @@ -1380,10 +1410,10 @@ int cert_stuff(struct Curl_easy *data, sizeof(error_buffer))); return 0; } - X509_free(params.cert); /* we don't need the handle any more... */ + X509_free(params.cert); /* we do not need the handle any more... */ } else { - failf(data, "crypto engine not set, can't load certificate"); + failf(data, "crypto engine not set, cannot load certificate"); return 0; } } @@ -1479,7 +1509,7 @@ int cert_stuff(struct Curl_easy *data, * Note that sk_X509_pop() is used below to make sure the cert is * removed from the stack properly before getting passed to * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously - * we used sk_X509_value() instead, but then we'd clean it in the + * we used sk_X509_value() instead, but then we would clean it in the * subsequent sk_X509_pop_free() call. */ X509 *x = sk_X509_pop(ca); @@ -1515,7 +1545,7 @@ int cert_stuff(struct Curl_easy *data, key_blob = cert_blob; } else - file_type = do_file_type(key_type); + file_type = ossl_do_file_type(key_type); switch(file_type) { case SSL_FILETYPE_PEM: @@ -1572,10 +1602,10 @@ int cert_stuff(struct Curl_easy *data, EVP_PKEY_free(priv_key); return 0; } - EVP_PKEY_free(priv_key); /* we don't need the handle any more... */ + EVP_PKEY_free(priv_key); /* we do not need the handle any more... */ } else { - failf(data, "crypto engine not set, can't load private key"); + failf(data, "crypto engine not set, cannot load private key"); return 0; } } @@ -1614,8 +1644,8 @@ int cert_stuff(struct Curl_easy *data, #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL) && \ !defined(OPENSSL_NO_DEPRECATED_3_0) { - /* If RSA is used, don't check the private key if its flags indicate - * it doesn't support it. */ + /* If RSA is used, do not check the private key if its flags indicate + * it does not support it. */ EVP_PKEY *priv_key = SSL_get_privatekey(ssl); int pktype; #ifdef HAVE_OPAQUE_EVP_PKEY @@ -1649,22 +1679,6 @@ int cert_stuff(struct Curl_easy *data, return 1; } -CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx, - char *cert_file, - const struct curl_blob *cert_blob, - const char *cert_type, char *key_file, - const struct curl_blob *key_blob, - const char *key_type, char *key_passwd) -{ - int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file, - key_blob, key_type, key_passwd); - if(rv != 1) { - return CURLE_SSL_CERTPROBLEM; - } - - return CURLE_OK; -} - /* returns non-zero on failure */ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) { @@ -1681,7 +1695,7 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) if((size_t)biomem->length < size) size = biomem->length; else - size--; /* don't overwrite the buffer end */ + size--; /* do not overwrite the buffer end */ memcpy(buf, biomem->data, size); buf[size] = 0; @@ -1873,210 +1887,146 @@ static struct curl_slist *ossl_engines_list(struct Curl_easy *data) return list; } -static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode ossl_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; + CURLcode result = CURLE_OK; + char buf[1024]; + int nread = -1, err; + unsigned long sslerr; + size_t i; - (void)data; DEBUGASSERT(octx); + if(!octx->ssl || cf->shutdown) { + *done = TRUE; + goto out; + } - if(octx->ssl) { - /* Send the TLS shutdown if we are still connected *and* if - * the peer did not already close the connection. */ - if(cf->next && cf->next->connected && !connssl->peer_closed) { - char buf[1024]; - int nread, err; - long sslerr; - - /* Maybe the server has already sent a close notify alert. - Read it to avoid an RST on the TCP connection. */ - ERR_clear_error(); + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + if(!(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { + /* We have not started the shutdown from our side yet. Check + * if the server already sent us one. */ + ERR_clear_error(); + for(i = 0; i < 10; ++i) { nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); - err = SSL_get_error(octx->ssl, nread); - if(!nread && err == SSL_ERROR_ZERO_RETURN) { - CURLcode result; - ssize_t n; - size_t blen = sizeof(buf); - CURL_TRC_CF(data, cf, "peer has shutdown TLS"); - /* SSL_read() will not longer touch the socket, let's receive - * directly from the next filter to see if the underlying - * connection has also been closed. */ - n = Curl_conn_cf_recv(cf->next, data, buf, blen, &result); - if(!n) { - connssl->peer_closed = TRUE; - CURL_TRC_CF(data, cf, "peer closed connection"); - } - } - ERR_clear_error(); - if(connssl->peer_closed) { - /* As the peer closed, we do not expect it to read anything more we - * may send. It may be harmful, leading to TCP RST and delaying - * a lingering close. Just leave. */ - CURL_TRC_CF(data, cf, "not from sending TLS shutdown on " - "connection closed by peer"); - } - else if(SSL_shutdown(octx->ssl) == 1) { - CURL_TRC_CF(data, cf, "SSL shutdown finished"); + CURL_TRC_CF(data, cf, "SSL shutdown not sent, read -> %d", nread); + if(nread <= 0) + break; + } + err = SSL_get_error(octx->ssl, nread); + if(!nread && err == SSL_ERROR_ZERO_RETURN) { + bool input_pending; + /* Yes, it did. */ + if(!send_shutdown) { + CURL_TRC_CF(data, cf, "SSL shutdown received, not sending"); + *done = TRUE; + goto out; } - else { - nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); - err = SSL_get_error(octx->ssl, nread); - switch(err) { - case SSL_ERROR_NONE: /* this is not an error */ - case SSL_ERROR_ZERO_RETURN: /* no more data */ - CURL_TRC_CF(data, cf, "SSL shutdown, EOF from server"); - break; - case SSL_ERROR_WANT_READ: - /* SSL has send its notify and now wants to read the reply - * from the server. We are not really interested in that. */ - CURL_TRC_CF(data, cf, "SSL shutdown sent"); - break; - case SSL_ERROR_WANT_WRITE: - CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); - break; - default: - sslerr = ERR_get_error(); - CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s', errno %d", - (sslerr ? - ossl_strerror(sslerr, buf, sizeof(buf)) : - SSL_ERROR_to_str(err)), - SOCKERRNO); - break; - } + else if(!cf->next->cft->is_alive(cf->next, data, &input_pending)) { + /* Server closed the connection after its closy notify. It + * seems not interested to see our close notify, so do not + * send it. We are done. */ + connssl->peer_closed = TRUE; + CURL_TRC_CF(data, cf, "peer closed connection"); + *done = TRUE; + goto out; } - - ERR_clear_error(); - SSL_set_connect_state(octx->ssl); } + } - SSL_free(octx->ssl); - octx->ssl = NULL; + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + if(send_shutdown) { + ERR_clear_error(); + if(SSL_shutdown(octx->ssl) == 1) { + CURL_TRC_CF(data, cf, "SSL shutdown finished"); + *done = TRUE; + goto out; + } + if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) { + CURL_TRC_CF(data, cf, "SSL shutdown still wants to send"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + goto out; + } + /* Having sent the close notify, we use SSL_read() to get the + * missing close notify from the server. */ } - if(octx->ssl_ctx) { - SSL_CTX_free(octx->ssl_ctx); - octx->ssl_ctx = NULL; - octx->x509_store_setup = FALSE; + + for(i = 0; i < 10; ++i) { + ERR_clear_error(); + nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); + CURL_TRC_CF(data, cf, "SSL shutdown read -> %d", nread); + if(nread <= 0) + break; } - if(octx->bio_method) { - ossl_bio_cf_method_free(octx->bio_method); - octx->bio_method = NULL; + err = SSL_get_error(octx->ssl, nread); + switch(err) { + case SSL_ERROR_ZERO_RETURN: /* no more data */ + CURL_TRC_CF(data, cf, "SSL shutdown not received, but closed"); + *done = TRUE; + break; + case SSL_ERROR_NONE: /* just did not get anything */ + case SSL_ERROR_WANT_READ: + /* SSL has send its notify and now wants to read the reply + * from the server. We are not really interested in that. */ + CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; + break; + case SSL_ERROR_WANT_WRITE: + CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + break; + default: + /* Server seems to have closed the connection without sending us + * a close notify. */ + sslerr = ERR_get_error(); + CURL_TRC_CF(data, cf, "SSL shutdown, ignore recv error: '%s', errno %d", + (sslerr ? + ossl_strerror(sslerr, buf, sizeof(buf)) : + SSL_ERROR_to_str(err)), + SOCKERRNO); + *done = TRUE; + result = CURLE_OK; + break; } + +out: + cf->shutdown = (result || *done); + return result; } -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int ossl_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data) +static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data) { - int retval = 0; struct ssl_connect_data *connssl = cf->ctx; - char buf[256]; /* We will use this for the OpenSSL error buffer, so it has - to be at least 256 bytes long. */ - unsigned long sslerror; - int nread; - int buffsize; - int err; - bool done = FALSE; struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; - int loop = 10; + (void)data; DEBUGASSERT(octx); -#ifndef CURL_DISABLE_FTP - /* This has only been tested on the proftpd server, and the mod_tls code - sends a close notify alert without waiting for a close notify alert in - response. Thus we wait for a close notify alert from the server, but - we do not send one. Let's hope other servers do the same... */ - - if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) - (void)SSL_shutdown(octx->ssl); -#endif - if(octx->ssl) { - buffsize = (int)sizeof(buf); - while(!done && loop--) { - int what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), - SSL_SHUTDOWN_TIMEOUT); - if(what > 0) { - ERR_clear_error(); - - /* Something to read, let's do it and hope that it is the close - notify alert from the server */ - nread = SSL_read(octx->ssl, buf, buffsize); - err = SSL_get_error(octx->ssl, nread); - - switch(err) { - case SSL_ERROR_NONE: /* this is not an error */ - case SSL_ERROR_ZERO_RETURN: /* no more data */ - /* This is the expected response. There was no data but only - the close notify alert */ - done = TRUE; - break; - case SSL_ERROR_WANT_READ: - /* there's data pending, re-invoke SSL_read() */ - infof(data, "SSL_ERROR_WANT_READ"); - break; - case SSL_ERROR_WANT_WRITE: - /* SSL wants a write. Really odd. Let's bail out. */ - infof(data, "SSL_ERROR_WANT_WRITE"); - done = TRUE; - break; - default: - /* openssl/ssl.h says "look at error stack/return value/errno" */ - sslerror = ERR_get_error(); - failf(data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d", - (sslerror ? - ossl_strerror(sslerror, buf, sizeof(buf)) : - SSL_ERROR_to_str(err)), - SOCKERRNO); - done = TRUE; - break; - } - } - else if(0 == what) { - /* timeout */ - failf(data, "SSL shutdown timeout"); - done = TRUE; - } - else { - /* anything that gets here is fatally bad */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - retval = -1; - done = TRUE; - } - } /* while()-loop for the select() */ - - if(data->set.verbose) { -#ifdef HAVE_SSL_GET_SHUTDOWN - switch(SSL_get_shutdown(octx->ssl)) { - case SSL_SENT_SHUTDOWN: - infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN"); - break; - case SSL_RECEIVED_SHUTDOWN: - infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN"); - break; - case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN: - infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|" - "SSL_RECEIVED__SHUTDOWN"); - break; - } -#endif - } - SSL_free(octx->ssl); octx->ssl = NULL; } - return retval; + if(octx->ssl_ctx) { + SSL_CTX_free(octx->ssl_ctx); + octx->ssl_ctx = NULL; + octx->x509_store_setup = FALSE; + } + if(octx->bio_method) { + ossl_bio_cf_method_free(octx->bio_method); + octx->bio_method = NULL; + } } static void ossl_session_free(void *sessionid, size_t idsize) { /* free the ID */ (void)idsize; - SSL_SESSION_free(sessionid); + free(sessionid); } /* @@ -2107,7 +2057,7 @@ static void ossl_close_all(struct Curl_easy *data) /* ====================================================== */ /* - * Match subjectAltName against the host name. + * Match subjectAltName against the hostname. */ static bool subj_alt_hostcheck(struct Curl_easy *data, const char *match_pattern, @@ -2137,7 +2087,7 @@ static bool subj_alt_hostcheck(struct Curl_easy *data, Certification Authorities are encouraged to use the dNSName instead. Matching is performed using the matching rules specified by - [RFC2459]. If more than one identity of a given type is present in + [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name @@ -2150,8 +2100,9 @@ static bool subj_alt_hostcheck(struct Curl_easy *data, This function is now used from ngtcp2 (QUIC) as well. */ -CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - struct ssl_peer *peer, X509 *server_cert) +static CURLcode ossl_verifyhost(struct Curl_easy *data, + struct connectdata *conn, + struct ssl_peer *peer, X509 *server_cert) { bool matched = FALSE; int target; /* target type, GEN_DNS or GEN_IPADD */ @@ -2208,7 +2159,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, bool ipmatched = FALSE; /* get amount of alternatives, RFC2459 claims there MUST be at least - one, but we don't depend on it... */ + one, but we do not depend on it... */ numalts = sk_GENERAL_NAME_num(altnames); /* loop through all alternatives - until a dnsmatch */ @@ -2229,7 +2180,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, switch(target) { case GEN_DNS: /* name/pattern comparison */ - /* The OpenSSL man page explicitly says: "In general it cannot be + /* The OpenSSL manpage explicitly says: "In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls." But also that "The actual format of the data will depend on the actual string @@ -2239,7 +2190,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, is always null-terminated. */ if((altlen == strlen(altptr)) && - /* if this isn't true, there was an embedded zero in the name + /* if this is not true, there was an embedded zero in the name string and we cannot match it. */ subj_alt_hostcheck(data, altptr, altlen, peer->hostname, hostlen, @@ -2271,7 +2222,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, /* an alternative name matched */ ; else if(dNSName || iPAddress) { - const char *tname = (peer->type == CURL_SSL_PEER_DNS) ? "host name" : + const char *tname = (peer->type == CURL_SSL_PEER_DNS) ? "hostname" : (peer->type == CURL_SSL_PEER_IPV4) ? "ipv4 address" : "ipv6 address"; infof(data, " subjectAltName does not match %s %s", tname, peer->dispname); @@ -2342,7 +2293,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, else if(!Curl_cert_hostcheck((const char *)peer_CN, peerlen, peer->hostname, hostlen)) { failf(data, "SSL: certificate subject name '%s' does not match " - "target host name '%s'", peer_CN, peer->dispname); + "target hostname '%s'", peer_CN, peer->dispname); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -2358,9 +2309,9 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) static CURLcode verifystatus(struct Curl_cfilter *cf, - struct Curl_easy *data) + struct Curl_easy *data, + struct ossl_ctx *octx) { - struct ssl_connect_data *connssl = cf->ctx; int i, ocsp_status; #if defined(OPENSSL_IS_AWSLC) const uint8_t *status; @@ -2373,7 +2324,6 @@ static CURLcode verifystatus(struct Curl_cfilter *cf, OCSP_BASICRESP *br = NULL; X509_STORE *st = NULL; STACK_OF(X509) *ch = NULL; - struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; X509 *cert; OCSP_CERTID *id = NULL; int cert_status, crl_reason; @@ -2381,9 +2331,10 @@ static CURLcode verifystatus(struct Curl_cfilter *cf, int ret; long len; + (void)cf; DEBUGASSERT(octx); - len = SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status); + len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status); if(!status) { failf(data, "No OCSP response received"); @@ -2425,8 +2376,8 @@ static CURLcode verifystatus(struct Curl_cfilter *cf, (defined(LIBRESSL_VERSION_NUMBER) && \ LIBRESSL_VERSION_NUMBER <= 0x2040200fL)) /* The authorized responder cert in the OCSP response MUST be signed by the - peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert, - no problem, but if it's an intermediate cert OpenSSL has a bug where it + peer cert's issuer (see RFC6960 section 4.2.2.2). If that is a root cert, + no problem, but if it is an intermediate cert OpenSSL has a bug where it expects this issuer to be present in the chain embedded in the OCSP response. So we add it if necessary. */ @@ -2464,7 +2415,7 @@ static CURLcode verifystatus(struct Curl_cfilter *cf, } for(i = 0; i < (int)sk_X509_num(ch); i++) { - X509 *issuer = sk_X509_value(ch, i); + X509 *issuer = sk_X509_value(ch, (ossl_valsize_t)i); if(X509_check_issued(issuer, cert) == X509_V_OK) { id = OCSP_cert_to_id(EVP_sha1(), cert, issuer); break; @@ -2525,7 +2476,7 @@ static CURLcode verifystatus(struct Curl_cfilter *cf, #endif /* USE_OPENSSL */ -/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions +/* The SSL_CTRL_SET_MSG_CALLBACK does not exist in ancient OpenSSL versions and thus this cannot be done there. */ #ifdef SSL_CTRL_SET_MSG_CALLBACK @@ -2710,7 +2661,7 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, ssl_ver >>= 8; /* check the upper 8 bits only below */ - /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL + /* SSLv2 does not seem to have TLS record-type headers, so OpenSSL * always pass-up content-type as 0. But the interesting message-type * is at 'buf[0]'. */ @@ -2797,7 +2748,7 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx) } /* CURL_SSLVERSION_DEFAULT means that no option was selected. - We don't want to pass 0 to SSL_CTX_set_min_proto_version as + We do not want to pass 0 to SSL_CTX_set_min_proto_version as it would enable all versions down to the lowest supported by the library. So we skip this, and stay with the library default @@ -2809,7 +2760,7 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx) } /* ... then, TLS max version */ - curl_ssl_version_max = conn_config->version_max; + curl_ssl_version_max = (long)conn_config->version_max; /* convert curl max SSL version option to OpenSSL constant */ switch(curl_ssl_version_max) { @@ -2850,6 +2801,9 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx) typedef uint32_t ctx_option_t; #elif OPENSSL_VERSION_NUMBER >= 0x30000000L typedef uint64_t ctx_option_t; +#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && \ + !defined(LIBRESSL_VERSION_NUMBER) +typedef unsigned long ctx_option_t; #else typedef long ctx_option_t; #endif @@ -2857,14 +2811,14 @@ typedef long ctx_option_t; #if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */ static CURLcode ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, - struct Curl_cfilter *cf, - struct Curl_easy *data) + struct Curl_cfilter *cf, + struct Curl_easy *data) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); long ssl_version = conn_config->version; long ssl_version_max = conn_config->version_max; - (void) data; /* In case it's unused. */ + (void) data; /* In case it is unused. */ switch(ssl_version) { case CURL_SSLVERSION_TLSv1_3: @@ -2937,42 +2891,44 @@ CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, SSL_SESSION *session) { const struct ssl_config_data *config; - bool isproxy; - bool added = FALSE; + CURLcode result = CURLE_OK; + size_t der_session_size; + unsigned char *der_session_buf; + unsigned char *der_session_ptr; if(!cf || !data) goto out; - isproxy = Curl_ssl_cf_is_proxy(cf); - config = Curl_ssl_cf_get_config(cf, data); - if(config->primary.sessionid) { - bool incache; - void *old_session = NULL; + if(config->primary.cache_session) { - Curl_ssl_sessionid_lock(data); - if(isproxy) - incache = FALSE; - else - incache = !(Curl_ssl_getsessionid(cf, data, peer, - &old_session, NULL)); - if(incache && (old_session != session)) { - infof(data, "old SSL session ID is stale, removing"); - Curl_ssl_delsessionid(data, old_session); - incache = FALSE; + der_session_size = i2d_SSL_SESSION(session, NULL); + if(der_session_size == 0) { + result = CURLE_OUT_OF_MEMORY; + goto out; } - if(!incache) { - added = TRUE; - Curl_ssl_addsessionid(cf, data, peer, session, 0, ossl_session_free); + der_session_buf = der_session_ptr = malloc(der_session_size); + if(!der_session_buf) { + result = CURLE_OUT_OF_MEMORY; + goto out; } + + der_session_size = i2d_SSL_SESSION(session, &der_session_ptr); + if(der_session_size == 0) { + result = CURLE_OUT_OF_MEMORY; + free(der_session_buf); + goto out; + } + + Curl_ssl_sessionid_lock(data); + result = Curl_ssl_set_sessionid(cf, data, peer, der_session_buf, + der_session_size, ossl_session_free); Curl_ssl_sessionid_unlock(data); } out: - if(!added) - ossl_session_free(session, 0); - return CURLE_OK; + return result; } /* The "new session" callback must return zero if the session can be removed @@ -2988,7 +2944,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) connssl = cf? cf->ctx : NULL; data = connssl? CF_DATA_CURRENT(cf) : NULL; Curl_ossl_add_session(cf, data, &connssl->peer, ssl_sessionid); - return 1; + return 0; } static CURLcode load_cacert_from_memory(X509_STORE *store, @@ -3017,7 +2973,7 @@ static CURLcode load_cacert_from_memory(X509_STORE *store, /* add each entry from PEM file to x509_store */ for(i = 0; i < (int)sk_X509_INFO_num(inf); ++i) { - itmp = sk_X509_INFO_value(inf, i); + itmp = sk_X509_INFO_value(inf, (ossl_valsize_t)i); if(itmp->x509) { if(X509_STORE_add_cert(store, itmp->x509)) { ++count; @@ -3043,7 +2999,7 @@ static CURLcode load_cacert_from_memory(X509_STORE *store, sk_X509_INFO_pop_free(inf, X509_INFO_free); BIO_free(cbio); - /* if we didn't end up importing anything, treat that as an error */ + /* if we did not end up importing anything, treat that as an error */ return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE; } @@ -3164,7 +3120,7 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data, else continue; - x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded); + x509 = d2i_X509(NULL, &encoded_cert, (long)pContext->cbCertEncoded); if(!x509) continue; @@ -3302,8 +3258,8 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, #ifdef CURL_CA_FALLBACK if(!ssl_cafile && !ssl_capath && !imported_native_ca && !imported_ca_info_blob) { - /* verifying the peer without any CA certificates won't - work so use openssl's built-in default as fallback */ + /* verifying the peer without any CA certificates will not + work so use OpenSSL's built-in default as fallback */ X509_STORE_set_default_paths(store); } #endif @@ -3328,10 +3284,11 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, if(verifypeer) { /* Try building a chain using issuers in the trusted store first to avoid - problems with server-sent legacy intermediates. Newer versions of + problems with server-sent legacy intermediates. Newer versions of OpenSSL do alternate chain checking by default but we do not know how to determine that in a reliable manner. - https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + https://web.archive.org/web/20190422050538/ + rt.openssl.org/Ticket/Display.html?id=3621 */ #if defined(X509_V_FLAG_TRUSTED_FIRST) X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); @@ -3355,23 +3312,49 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, } #if defined(HAVE_SSL_X509_STORE_SHARE) -static bool cached_x509_store_expired(const struct Curl_easy *data, - const struct multi_ssl_backend_data *mb) + +/* key to use at `multi->proto_hash` */ +#define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share" + +struct ossl_x509_share { + char *CAfile; /* CAfile path used to generate X509 store */ + X509_STORE *store; /* cached X509 store or NULL if none */ + struct curltime time; /* when the cached store was created */ +}; + +static void oss_x509_share_free(void *key, size_t key_len, void *p) { - const struct ssl_general_config *cfg = &data->set.general_ssl; - struct curltime now = Curl_now(); - timediff_t elapsed_ms = Curl_timediff(now, mb->time); - timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; + struct ossl_x509_share *share = p; + DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1)); + DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len)); + (void)key; + (void)key_len; + if(share->store) { + X509_STORE_free(share->store); + } + free(share->CAfile); + free(share); +} - if(timeout_ms < 0) - return false; +static bool +cached_x509_store_expired(const struct Curl_easy *data, + const struct ossl_x509_share *mb) +{ + const struct ssl_general_config *cfg = &data->set.general_ssl; + if(cfg->ca_cache_timeout < 0) + return FALSE; + else { + struct curltime now = Curl_now(); + timediff_t elapsed_ms = Curl_timediff(now, mb->time); + timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; - return elapsed_ms >= timeout_ms; + return elapsed_ms >= timeout_ms; + } } -static bool cached_x509_store_different( - struct Curl_cfilter *cf, - const struct multi_ssl_backend_data *mb) +static bool +cached_x509_store_different(struct Curl_cfilter *cf, + const struct ossl_x509_share *mb) { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); if(!mb->CAfile || !conn_config->CAfile) @@ -3384,15 +3367,17 @@ static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, const struct Curl_easy *data) { struct Curl_multi *multi = data->multi; + struct ossl_x509_share *share; X509_STORE *store = NULL; DEBUGASSERT(multi); - if(multi && - multi->ssl_backend_data && - multi->ssl_backend_data->store && - !cached_x509_store_expired(data, multi->ssl_backend_data) && - !cached_x509_store_different(cf, multi->ssl_backend_data)) { - store = multi->ssl_backend_data->store; + share = multi? Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_OSSL_X509_KEY, + sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL; + if(share && share->store && + !cached_x509_store_expired(data, share) && + !cached_x509_store_different(cf, share)) { + store = share->store; } return store; @@ -3404,20 +3389,28 @@ static void set_cached_x509_store(struct Curl_cfilter *cf, { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct Curl_multi *multi = data->multi; - struct multi_ssl_backend_data *mbackend; + struct ossl_x509_share *share; DEBUGASSERT(multi); if(!multi) return; + share = Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_OSSL_X509_KEY, + sizeof(MPROTO_OSSL_X509_KEY)-1); - if(!multi->ssl_backend_data) { - multi->ssl_backend_data = calloc(1, sizeof(struct multi_ssl_backend_data)); - if(!multi->ssl_backend_data) + if(!share) { + share = calloc(1, sizeof(*share)); + if(!share) return; + if(!Curl_hash_add2(&multi->proto_hash, + (void *)MPROTO_OSSL_X509_KEY, + sizeof(MPROTO_OSSL_X509_KEY)-1, + share, oss_x509_share_free)) { + free(share); + return; + } } - mbackend = multi->ssl_backend_data; - if(X509_STORE_up_ref(store)) { char *CAfile = NULL; @@ -3429,14 +3422,14 @@ static void set_cached_x509_store(struct Curl_cfilter *cf, } } - if(mbackend->store) { - X509_STORE_free(mbackend->store); - free(mbackend->CAfile); + if(share->store) { + X509_STORE_free(share->store); + free(share->CAfile); } - mbackend->time = Curl_now(); - mbackend->store = store; - mbackend->CAfile = CAfile; + share->time = Curl_now(); + share->store = store; + share->CAfile = CAfile; } } @@ -3451,7 +3444,7 @@ CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf, bool cache_criteria_met; /* Consider the X509 store cacheable if it comes exclusively from a CAfile, - or no source is provided and we are falling back to openssl's built-in + or no source is provided and we are falling back to OpenSSL's built-in default. */ cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) && conn_config->verifypeer && @@ -3501,18 +3494,17 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, const char *ciphers; SSL_METHOD_QUAL SSL_METHOD *req_method = NULL; ctx_option_t ctx_options = 0; - void *ssl_sessionid = NULL; + SSL_SESSION *ssl_session = NULL; + const unsigned char *der_sessionid = NULL; + size_t der_sessionid_size = 0; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - const long int ssl_version = conn_config->version; + const long int ssl_version_min = conn_config->version; char * const ssl_cert = ssl_config->primary.clientcert; const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; const char * const ssl_cert_type = ssl_config->cert_type; const bool verifypeer = conn_config->verifypeer; char error_buffer[256]; -#ifdef USE_ECH - struct ssl_connect_data *connssl = cf->ctx; -#endif /* Make funny stuff to get random input */ result = ossl_seed(data); @@ -3523,8 +3515,8 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, switch(transport) { case TRNSPRT_TCP: - /* check to see if we've been told to use an explicit SSL/TLS version */ - switch(ssl_version) { + /* check to see if we have been told to use an explicit SSL/TLS version */ + switch(ssl_version_min) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: @@ -3550,11 +3542,12 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, } break; case TRNSPRT_QUIC: - if((ssl_version != CURL_SSLVERSION_DEFAULT) && - (ssl_version < CURL_SSLVERSION_TLSv1_3)) { + if(conn_config->version_max && + (conn_config->version_max != CURL_SSLVERSION_MAX_TLSv1_3)) { failf(data, "QUIC needs at least TLS version 1.3"); return CURLE_SSL_CONNECT_ERROR; - } + } + #ifdef USE_OPENSSL_QUIC req_method = OSSL_QUIC_client_method(); #elif (OPENSSL_VERSION_NUMBER >= 0x10100000L) @@ -3573,7 +3566,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, octx->ssl_ctx = SSL_CTX_new(req_method); if(!octx->ssl_ctx) { - failf(data, "SSL: couldn't create a context: %s", + failf(data, "SSL: could not create a context: %s", ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer))); return CURLE_OUT_OF_MEMORY; } @@ -3594,12 +3587,12 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, /* OpenSSL contains code to work around lots of bugs and flaws in various SSL-implementations. SSL_CTX_set_options() is used to enabled those - work-arounds. The man page for this option states that SSL_OP_ALL enables + work-arounds. The manpage for this option states that SSL_OP_ALL enables all the work-arounds and that "It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired." - The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to + The "-no_ticket" option was introduced in OpenSSL 0.9.8j. it is a flag to disable "rfc4507bis session ticket support". rfc4507bis was later turned into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077 @@ -3620,12 +3613,12 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, CVE-2010-4180 when using previous OpenSSL versions we no longer enable this option regardless of OpenSSL version and SSL_OP_ALL definition. - OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability - (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to - SSL_OP_ALL that _disables_ that work-around despite the fact that - SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to - keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit - must not be set. + OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability: + https://web.archive.org/web/20240114184648/openssl.org/~bodo/tls-cbc.txt. + In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around + despite the fact that SSL_OP_ALL is documented to do "rather harmless" + workarounds. In order to keep the secure work-around, the + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set. */ ctx_options = SSL_OP_ALL; @@ -3640,17 +3633,17 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG /* mitigate CVE-2010-4180 */ - ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; + ctx_options &= ~(ctx_option_t)SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; #endif #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS /* unless the user explicitly asks to allow the protocol vulnerability we use the work-around */ if(!ssl_config->enable_beast) - ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ctx_options &= ~(ctx_option_t)SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; #endif - switch(ssl_version) { + switch(ssl_version_min) { case CURL_SSLVERSION_SSLv2: case CURL_SSLVERSION_SSLv3: return CURLE_NOT_BUILT_IN; @@ -3683,6 +3676,11 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, SSL_CTX_set_options(octx->ssl_ctx, ctx_options); +#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + /* We do retry writes sometimes from another buffer address */ + SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#endif + #ifdef HAS_ALPN if(alpn && alpn_len) { if(SSL_CTX_set_alpn_protos(octx->ssl_ctx, alpn, (int)alpn_len)) { @@ -3752,7 +3750,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, infof(data, "Using TLS-SRP username: %s", ssl_username); if(!SSL_CTX_set_srp_username(octx->ssl_ctx, ssl_username)) { - failf(data, "Unable to set SRP user name"); + failf(data, "Unable to set SRP username"); return CURLE_BAD_FUNCTION_ARGUMENT; } if(!SSL_CTX_set_srp_password(octx->ssl_ctx, ssl_password)) { @@ -3785,7 +3783,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #endif if(cb_new_session) { - /* Enable the session cache because it's a prerequisite for the + /* Enable the session cache because it is a prerequisite for the * "new session" callback. Use the "external storage" mode to prevent * OpenSSL from creating an internal session cache. */ @@ -3821,7 +3819,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, SSL_free(octx->ssl); octx->ssl = SSL_new(octx->ssl_ctx); if(!octx->ssl) { - failf(data, "SSL: couldn't create a context (handle)"); + failf(data, "SSL: could not create a context (handle)"); return CURLE_OUT_OF_MEMORY; } @@ -3876,7 +3874,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, ech_config_len = 2 * strlen(b64); result = Curl_base64_decode(b64, &ech_config, &ech_config_len); if(result || !ech_config) { - infof(data, "ECH: can't base64 decode ECHConfig from command line"); + infof(data, "ECH: cannot base64 decode ECHConfig from command line"); if(data->set.tls_ech & CURLECH_HARD) return result; } @@ -3910,7 +3908,8 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, else { struct Curl_dns_entry *dns = NULL; - dns = Curl_fetch_addr(data, connssl->peer.hostname, connssl->peer.port); + if(peer->hostname) + dns = Curl_fetch_addr(data, peer->hostname, peer->port); if(!dns) { infof(data, "ECH: requested but no DNS info available"); if(data->set.tls_ech & CURLECH_HARD) @@ -3940,7 +3939,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, # endif else { trying_ech_now = 1; - infof(data, "ECH: imported ECHConfigList of length %ld", elen); + infof(data, "ECH: imported ECHConfigList of length %zu", elen); } } else { @@ -3948,20 +3947,20 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, if(data->set.tls_ech & CURLECH_HARD) return CURLE_SSL_CONNECT_ERROR; } - Curl_resolv_unlock(data, dns); + Curl_resolv_unlink(data, &dns); } } # ifdef OPENSSL_IS_BORINGSSL if(trying_ech_now && outername) { - infof(data, "ECH: setting public_name not supported with boringssl"); + infof(data, "ECH: setting public_name not supported with BoringSSL"); return CURLE_SSL_CONNECT_ERROR; } # else if(trying_ech_now && outername) { infof(data, "ECH: inner: '%s', outer: '%s'", - connssl->peer.hostname, outername); + peer->hostname ? peer->hostname : "NULL", outername); result = SSL_ech_set_server_names(octx->ssl, - connssl->peer.hostname, outername, + peer->hostname, outername, 0 /* do send outer */); if(result != 1) { infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result); @@ -3971,7 +3970,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, # endif /* not BORING */ if(trying_ech_now && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) { - infof(data, "ECH: Can't force TLSv1.3 [ERROR]"); + infof(data, "ECH: cannot force TLSv1.3 [ERROR]"); return CURLE_SSL_CONNECT_ERROR; } } @@ -3980,20 +3979,31 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #endif octx->reused_session = FALSE; - if(ssl_config->primary.sessionid && transport == TRNSPRT_TCP) { + if(ssl_config->primary.cache_session && transport == TRNSPRT_TCP) { Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(cf, data, peer, &ssl_sessionid, NULL)) { + if(!Curl_ssl_getsessionid(cf, data, peer, (void **)&der_sessionid, + &der_sessionid_size)) { /* we got a session id, use it! */ - if(!SSL_set_session(octx->ssl, ssl_sessionid)) { - Curl_ssl_sessionid_unlock(data); - failf(data, "SSL: SSL_set_session failed: %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer))); - return CURLE_SSL_CONNECT_ERROR; + ssl_session = d2i_SSL_SESSION(NULL, &der_sessionid, + (long)der_sessionid_size); + if(ssl_session) { + if(!SSL_set_session(octx->ssl, ssl_session)) { + Curl_ssl_sessionid_unlock(data); + SSL_SESSION_free(ssl_session); + failf(data, "SSL: SSL_set_session failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } + SSL_SESSION_free(ssl_session); + /* Informational message */ + infof(data, "SSL reusing session ID"); + octx->reused_session = TRUE; + } + else { + Curl_ssl_sessionid_unlock(data); + return CURLE_SSL_CONNECT_ERROR; } - /* Informational message */ - infof(data, "SSL reusing session ID"); - octx->reused_session = TRUE; } Curl_ssl_sessionid_unlock(data); } @@ -4041,7 +4051,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, /* with OpenSSL v1.1.1 we get an alternative to SSL_set_bio() that works * without backward compat quirks. Every call takes one reference, so we * up it and pass. SSL* then owns it and will free. - * We check on the function in configure, since libressl and friends + * We check on the function in configure, since LibreSSL and friends * each have their own versions to add support for this. */ BIO_up_ref(bio); SSL_set0_rbio(octx->ssl, bio); @@ -4131,11 +4141,10 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, struct ssl_connect_data *connssl = cf->ctx; struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - DEBUGASSERT(ssl_connect_2 == connssl->connecting_state - || ssl_connect_2_reading == connssl->connecting_state - || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(ssl_connect_2 == connssl->connecting_state); DEBUGASSERT(octx); + connssl->io_need = CURL_SSL_IO_NEED_NONE; ERR_clear_error(); err = SSL_connect(octx->ssl); @@ -4150,14 +4159,11 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, } #ifndef HAVE_KEYLOG_CALLBACK - if(Curl_tls_keylog_enabled()) { - /* If key logging is enabled, wait for the handshake to complete and then - * proceed with logging secrets (for TLS 1.2 or older). - */ - bool done = FALSE; - ossl_log_tls12_secret(octx->ssl, &done); - octx->keylog_done = done; - } + /* If key logging is enabled, wait for the handshake to complete and then + * proceed with logging secrets (for TLS 1.2 or older). + */ + if(Curl_tls_keylog_enabled() && !octx->keylog_done) + ossl_log_tls12_secret(octx->ssl, &octx->keylog_done); #endif /* 1 is fine @@ -4165,30 +4171,34 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, <0 is "handshake was not successful, because a fatal error occurred" */ if(1 != err) { int detail = SSL_get_error(octx->ssl, err); + CURL_TRC_CF(data, cf, "SSL_connect() -> err=%d, detail=%d", err, detail); if(SSL_ERROR_WANT_READ == detail) { - connssl->connecting_state = ssl_connect_2_reading; + CURL_TRC_CF(data, cf, "SSL_connect() -> want recv"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } if(SSL_ERROR_WANT_WRITE == detail) { - connssl->connecting_state = ssl_connect_2_writing; + CURL_TRC_CF(data, cf, "SSL_connect() -> want send"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } #ifdef SSL_ERROR_WANT_ASYNC if(SSL_ERROR_WANT_ASYNC == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want async"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; connssl->connecting_state = ssl_connect_2; return CURLE_OK; } #endif #ifdef SSL_ERROR_WANT_RETRY_VERIFY if(SSL_ERROR_WANT_RETRY_VERIFY == detail) { + CURL_TRC_CF(data, cf, "SSL_connect() -> want retry_verify"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; connssl->connecting_state = ssl_connect_2; return CURLE_OK; } #endif - if(octx->io_result == CURLE_AGAIN) { - return CURLE_OK; - } else { /* untreated error */ sslerr_t errdetail; @@ -4198,7 +4208,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, int lib; int reason; - /* the connection failed, we're not waiting for anything else. */ + /* the connection failed, we are not waiting for anything else. */ connssl->connecting_state = ssl_connect_2; /* Get the earliest error code from the thread's error queue and remove @@ -4259,7 +4269,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, /* detail is already set to the SSL error above */ - /* If we e.g. use SSLv2 request-method and the server doesn't like us + /* If we e.g. use SSLv2 request-method and the server does not like us * (RST connection, etc.), OpenSSL gives no explanation whatsoever and * the SO_ERROR is also lost. */ @@ -4285,7 +4295,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, int psigtype_nid = NID_undef; const char *negotiated_group_name = NULL; - /* we connected fine, we're not waiting for anything else. */ + /* we connected fine, we are not waiting for anything else. */ connssl->connecting_state = ssl_connect_3; #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) @@ -4398,7 +4408,7 @@ static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - /* if a path wasn't specified, don't pin */ + /* if a path was not specified, do not pin */ if(!pinnedpubkey) return CURLE_OK; @@ -4419,12 +4429,12 @@ static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, if(!buff1) break; /* failed */ - /* https://www.openssl.org/docs/crypto/d2i_X509.html */ + /* https://docs.openssl.org/master/man3/d2i_X509/ */ len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp); /* * These checks are verifying we got back the same values as when we - * sized the buffer. It's pretty weak since they should always be the + * sized the buffer. it is pretty weak since they should always be the * same. But it gives us something to test. */ if((len1 != len2) || !temp || ((temp - buff1) != len1)) @@ -4543,7 +4553,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, if(data->set.ssl.certinfo) /* asked to gather certificate info */ - (void)Curl_ossl_certchain(data, octx->ssl); + (void)ossl_certchain(data, octx->ssl); octx->server_cert = SSL_get1_peer_certificate(octx->ssl); if(!octx->server_cert) { @@ -4551,7 +4561,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, if(!strict) return CURLE_OK; - failf(data, "SSL: couldn't get peer certificate"); + failf(data, "SSL: could not get peer certificate"); return CURLE_PEER_FAILED_VERIFICATION; } @@ -4580,7 +4590,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, BIO_free(mem); if(conn_config->verifyhost) { - result = Curl_ossl_verifyhost(data, conn, peer, octx->server_cert); + result = ossl_verifyhost(data, conn, peer, octx->server_cert); if(result) { X509_free(octx->server_cert); octx->server_cert = NULL; @@ -4592,7 +4602,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, buffer, sizeof(buffer)); if(rc) { if(strict) - failf(data, "SSL: couldn't get X509-issuer name"); + failf(data, "SSL: could not get X509-issuer name"); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -4695,8 +4705,8 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) if(conn_config->verifystatus && !octx->reused_session) { - /* don't do this after Session ID reuse */ - result = verifystatus(cf, data); + /* do not do this after Session ID reuse */ + result = verifystatus(cf, data, octx); if(result) { /* when verifystatus failed, remove the session id from the cache again if present */ @@ -4721,7 +4731,7 @@ CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, #endif if(!strict) - /* when not strict, we don't bother about the verify cert problems */ + /* when not strict, we do not bother about the verify cert problems */ result = CURLE_OK; #ifndef CURL_DISABLE_PROXY @@ -4754,7 +4764,7 @@ static CURLcode ossl_connect_step3(struct Curl_cfilter *cf, /* * We check certificates to authenticate the server; otherwise we risk - * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to + * man-in-the-middle attack; NEVERTHELESS, if we are told explicitly not to * verify the peer, ignore faults and failures from the server cert * operations. */ @@ -4776,6 +4786,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); int what; + connssl->io_need = CURL_SSL_IO_NEED_NONE; /* check if the connection has already been established */ if(ssl_connection_complete == connssl->state) { *done = TRUE; @@ -4783,7 +4794,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, } if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ + /* Find out how much more time we are allowed */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -4797,9 +4808,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, goto out; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { /* check allowed time left */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -4811,15 +4820,13 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, goto out; } - /* if ssl is expecting something, check if it's available. */ - if(!nonblocking && - (connssl->connecting_state == ssl_connect_2_reading || - connssl->connecting_state == ssl_connect_2_writing)) { + /* if ssl is expecting something, check if it is available. */ + if(!nonblocking && connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, timeout_ms); @@ -4845,10 +4852,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf, * or epoll() will always have a valid fdset to wait on. */ result = ossl_connect_step2(cf, data); - if(result || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(result || (nonblocking && (ssl_connect_2 == connssl->connecting_state))) goto out; } /* repeat step2 until all transactions are done. */ @@ -4929,6 +4933,7 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, ERR_clear_error(); + connssl->io_need = CURL_SSL_IO_NEED_NONE; memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; rc = SSL_write(octx->ssl, mem, memlen); @@ -4937,10 +4942,11 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, switch(err) { case SSL_ERROR_WANT_READ: + connssl->io_need = CURL_SSL_IO_NEED_RECV; + *curlcode = CURLE_AGAIN; + rc = -1; + goto out; case SSL_ERROR_WANT_WRITE: - /* The operation did not complete; the same TLS/SSL I/O function - should be called again later. This is basically an EWOULDBLOCK - equivalent. */ *curlcode = CURLE_AGAIN; rc = -1; goto out; @@ -5012,6 +5018,7 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, ERR_clear_error(); + connssl->io_need = CURL_SSL_IO_NEED_NONE; buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize); @@ -5030,15 +5037,18 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, connclose(conn, "TLS close_notify"); break; case SSL_ERROR_WANT_READ: + *curlcode = CURLE_AGAIN; + nread = -1; + goto out; case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_read() */ + connssl->io_need = CURL_SSL_IO_NEED_SEND; *curlcode = CURLE_AGAIN; nread = -1; goto out; default: /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return value/errno" */ - /* https://www.openssl.org/docs/crypto/ERR_get_error.html */ + /* https://docs.openssl.org/master/man3/ERR_get_error/ */ if(octx->io_result == CURLE_AGAIN) { *curlcode = CURLE_AGAIN; nread = -1; @@ -5065,7 +5075,7 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, /* For debug builds be a little stricter and error on any SSL_ERROR_SYSCALL. For example a server may have closed the connection abruptly without a close_notify alert. For compatibility with older - peers we don't do this by default. #4624 + peers we do not do this by default. #4624 We can use this to gauge how many users may be affected, and if it goes ok eventually transition to allow in dev and release with @@ -5094,12 +5104,97 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, return nread; } +static CURLcode ossl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding) +{ + /* required for X509_get_signature_nid support */ +#if OPENSSL_VERSION_NUMBER > 0x10100000L + X509 *cert; + int algo_nid; + const EVP_MD *algo_type; + const char *algo_name; + unsigned int length; + unsigned char buf[EVP_MAX_MD_SIZE]; + + const char prefix[] = "tls-server-end-point:"; + struct connectdata *conn = data->conn; + struct Curl_cfilter *cf = conn->cfilter[sockindex]; + struct ossl_ctx *octx = NULL; + + do { + const struct Curl_cftype *cft = cf->cft; + struct ssl_connect_data *connssl = cf->ctx; + + if(cft->name && !strcmp(cft->name, "SSL")) { + octx = (struct ossl_ctx *)connssl->backend; + break; + } + + if(cf->next) + cf = cf->next; + + } while(cf->next); + + if(!octx) { + failf(data, + "Failed to find SSL backend for endpoint"); + return CURLE_SSL_ENGINE_INITFAILED; + } + + cert = SSL_get1_peer_certificate(octx->ssl); + if(!cert) { + /* No server certificate, don't do channel binding */ + return CURLE_OK; + } + + if(!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &algo_nid, NULL)) { + failf(data, + "Unable to find digest NID for certificate signature algorithm"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + /* https://datatracker.ietf.org/doc/html/rfc5929#section-4.1 */ + if(algo_nid == NID_md5 || algo_nid == NID_sha1) { + algo_type = EVP_sha256(); + } + else { + algo_type = EVP_get_digestbynid(algo_nid); + if(!algo_type) { + algo_name = OBJ_nid2sn(algo_nid); + failf(data, "Could not find digest algorithm %s (NID %d)", + algo_name ? algo_name : "(null)", algo_nid); + return CURLE_SSL_INVALIDCERTSTATUS; + } + } + + if(!X509_digest(cert, algo_type, buf, &length)) { + failf(data, "X509_digest() failed"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + /* Append "tls-server-end-point:" */ + if(Curl_dyn_addn(binding, prefix, sizeof(prefix) - 1) != CURLE_OK) + return CURLE_OUT_OF_MEMORY; + /* Append digest */ + if(Curl_dyn_addn(binding, buf, length)) + return CURLE_OUT_OF_MEMORY; + + return CURLE_OK; +#else + /* No X509_get_signature_nid support */ + (void)data; /* unused */ + (void)sockindex; /* unused */ + (void)binding; /* unused */ + return CURLE_OK; +#endif +} + static size_t ossl_version(char *buffer, size_t size) { #ifdef LIBRESSL_VERSION_NUMBER #ifdef HAVE_OPENSSL_VERSION char *p; - int count; + size_t count; const char *ver = OpenSSL_version(OPENSSL_VERSION); const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */ if(strncasecompare(ver, expected, sizeof(expected) - 1)) { @@ -5181,14 +5276,14 @@ static CURLcode ossl_random(struct Curl_easy *data, int rc; if(data) { if(ossl_seed(data)) /* Initiate the seed if not already done */ - return CURLE_FAILED_INIT; /* couldn't seed for some reason */ + return CURLE_FAILED_INIT; /* could not seed for some reason */ } else { if(!rand_enough()) return CURLE_FAILED_INIT; } /* RAND_bytes() returns 1 on success, 0 otherwise. */ - rc = RAND_bytes(entropy, curlx_uztosi(length)); + rc = RAND_bytes(entropy, (ossl_valsize_t)curlx_uztosi(length)); return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT); } @@ -5236,20 +5331,6 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl, (void *)octx->ssl_ctx : (void *)octx->ssl; } -static void ossl_free_multi_ssl_backend_data( - struct multi_ssl_backend_data *mbackend) -{ -#if defined(HAVE_SSL_X509_STORE_SHARE) - if(mbackend->store) { - X509_STORE_free(mbackend->store); - } - free(mbackend->CAfile); - free(mbackend); -#else /* HAVE_SSL_X509_STORE_SHARE */ - (void)mbackend; -#endif /* HAVE_SSL_X509_STORE_SHARE */ -} - const struct Curl_ssl Curl_ssl_openssl = { { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */ @@ -5264,7 +5345,9 @@ const struct Curl_ssl Curl_ssl_openssl = { #ifdef USE_ECH SSLSUPP_ECH | #endif - SSLSUPP_HTTPS_PROXY, + SSLSUPP_CA_CACHE | + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct ossl_ctx), @@ -5293,9 +5376,9 @@ const struct Curl_ssl Curl_ssl_openssl = { #endif NULL, /* use of data in this connection */ NULL, /* remote of data from this connection */ - ossl_free_multi_ssl_backend_data, /* free_multi_ssl_backend_data */ ossl_recv, /* recv decrypted data */ ossl_send, /* send data to encrypt */ + ossl_get_channel_binding /* get_channel_binding */ }; #endif /* USE_OPENSSL */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/openssl.h b/vendor/hydra/vendor/curl/lib/vtls/openssl.h index 55e06bda..7aba947d 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/openssl.h +++ b/vendor/hydra/vendor/curl/lib/vtls/openssl.h @@ -45,8 +45,9 @@ struct ossl_ctx { BIO_METHOD *bio_method; CURLcode io_result; /* result of last BIO cfilter operation */ #ifndef HAVE_KEYLOG_CALLBACK - /* Set to true once a valid keylog entry has been created to avoid dupes. */ - BIT(keylog_done); + /* Set to true once a valid keylog entry has been created to avoid dupes. + This is a bool and not a bitfield because it is passed by address. */ + bool keylog_done; #endif BIT(x509_store_setup); /* x509 store has been set up */ BIT(reused_session); /* session-ID was reused for this */ @@ -73,19 +74,8 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, #define SSL_get1_peer_certificate SSL_get_peer_certificate #endif -CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - struct ssl_peer *peer, X509 *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; -CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, - SSL_CTX *ctx, char *cert_file, - const struct curl_blob *cert_blob, - const char *cert_type, char *key_file, - const struct curl_blob *key_blob, - const char *key_type, char *key_passwd); - -CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl); - /** * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and * easy handle `data`. Will allow reuse of a shared cache if suitable diff --git a/vendor/hydra/vendor/curl/lib/vtls/rustls.c b/vendor/hydra/vendor/curl/lib/vtls/rustls.c index 8b6588a3..02ed4ec4 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/rustls.c +++ b/vendor/hydra/vendor/curl/lib/vtls/rustls.c @@ -41,6 +41,8 @@ #include "strerror.h" #include "multiif.h" #include "connect.h" /* for the connect timeout */ +#include "cipher_suite.h" +#include "rand.h" struct rustls_ssl_backend_data { @@ -48,6 +50,7 @@ struct rustls_ssl_backend_data struct rustls_connection *conn; size_t plain_out_buffered; BIT(data_in_pending); + BIT(sent_shutdown); }; /* For a given rustls_result error code, return the best-matching CURLcode. */ @@ -101,7 +104,7 @@ read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n) } else if(nread == 0) connssl->peer_closed = TRUE; - *out_n = (int)nread; + *out_n = (uintptr_t)nread; CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next recv(len=%zu) -> %zd, %d", len, nread, result); return ret; @@ -114,7 +117,8 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n) CURLcode result; int ret = 0; ssize_t nwritten = Curl_conn_cf_send(io_ctx->cf->next, io_ctx->data, - (const char *)buf, len, &result); + (const char *)buf, len, FALSE, + &result); if(nwritten < 0) { nwritten = 0; if(CURLE_AGAIN == result) @@ -122,7 +126,7 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n) else ret = EINVAL; } - *out_n = (int)nwritten; + *out_n = (uintptr_t)nwritten; CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next send(len=%zu) -> %zd, %d", len, nwritten, result); return ret; @@ -173,15 +177,15 @@ static ssize_t tls_recv_more(struct Curl_cfilter *cf, /* * On each run: - * - Read a chunk of bytes from the socket into rustls' TLS input buffer. - * - Tell rustls to process any new packets. - * - Read out as many plaintext bytes from rustls as possible, until hitting + * - Read a chunk of bytes from the socket into Rustls' TLS input buffer. + * - Tell Rustls to process any new packets. + * - Read out as many plaintext bytes from Rustls as possible, until hitting * error, EOF, or EAGAIN/EWOULDBLOCK, or plainbuf/plainlen is filled up. * - * It's okay to call this function with plainbuf == NULL and plainlen == 0. - * In that case, it will copy bytes from the socket into rustls' TLS input - * buffer, and process packets, but won't consume bytes from rustls' plaintext - * output buffer. + * it is okay to call this function with plainbuf == NULL and plainlen == 0. In + * that case, it will copy bytes from the socket into Rustls' TLS input + * buffer, and process packets, but will not consume bytes from Rustls' + * plaintext output buffer. */ static ssize_t cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -212,21 +216,21 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } rresult = rustls_connection_read(rconn, - (uint8_t *)plainbuf + plain_bytes_copied, - plainlen - plain_bytes_copied, - &n); + (uint8_t *)plainbuf + plain_bytes_copied, + plainlen - plain_bytes_copied, + &n); if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) { backend->data_in_pending = FALSE; } else if(rresult == RUSTLS_RESULT_UNEXPECTED_EOF) { failf(data, "rustls: peer closed TCP connection " - "without first closing TLS connection"); + "without first closing TLS connection"); *err = CURLE_RECV_ERROR; nread = -1; goto out; } else if(rresult != RUSTLS_RESULT_OK) { - /* n always equals 0 in this case, don't need to check it */ + /* n always equals 0 in this case, do not need to check it */ char errorbuf[255]; size_t errorlen; rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); @@ -304,13 +308,13 @@ static CURLcode cr_flush_out(struct Curl_cfilter *cf, struct Curl_easy *data, /* * On each call: - * - Copy `plainlen` bytes into rustls' plaintext input buffer (if > 0). - * - Fully drain rustls' plaintext output buffer into the socket until + * - Copy `plainlen` bytes into Rustls' plaintext input buffer (if > 0). + * - Fully drain Rustls' plaintext output buffer into the socket until * we get either an error or EAGAIN/EWOULDBLOCK. * - * It's okay to call this function with plainbuf == NULL and plainlen == 0. - * In that case, it won't read anything into rustls' plaintext input buffer. - * It will only drain rustls' plaintext output buffer into the socket. + * it is okay to call this function with plainbuf == NULL and plainlen == 0. + * In that case, it will not read anything into Rustls' plaintext input buffer. + * It will only drain Rustls' plaintext output buffer into the socket. */ static ssize_t cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -355,7 +359,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, } if(blen > 0) { - CURL_TRC_CF(data, cf, "cf_send: adding %zu plain bytes to rustls", blen); + CURL_TRC_CF(data, cf, "cf_send: adding %zu plain bytes to Rustls", blen); rresult = rustls_connection_write(rconn, buf, blen, &plainwritten); if(rresult != RUSTLS_RESULT_OK) { rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); @@ -374,9 +378,9 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, if(*err) { if(CURLE_AGAIN == *err) { /* The TLS bytes may have been partially written, but we fail the - * complete send() and remember how much we already added to rustls. */ + * complete send() and remember how much we already added to Rustls. */ CURL_TRC_CF(data, cf, "cf_send: EAGAIN, remember we added %zu plain" - " bytes already to rustls", blen); + " bytes already to Rustls", blen); backend->plain_out_buffered = plainwritten; if(nwritten) { *err = CURLE_OK; @@ -393,7 +397,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, return nwritten; } -/* A server certificate verify callback for rustls that always returns +/* A server certificate verify callback for Rustls that always returns RUSTLS_RESULT_OK, or in other words disable certificate verification. */ static uint32_t cr_verify_none(void *userdata UNUSED_PARAM, @@ -402,20 +406,119 @@ cr_verify_none(void *userdata UNUSED_PARAM, return RUSTLS_RESULT_OK; } -static bool -cr_hostname_is_ip(const char *hostname) +static int +read_file_into(const char *filename, + struct dynbuf *out) +{ + FILE *f = fopen(filename, FOPEN_READTEXT); + if(!f) { + return 0; + } + + while(!feof(f)) { + uint8_t buf[256]; + size_t rr = fread(buf, 1, sizeof(buf), f); + if(rr == 0 || + CURLE_OK != Curl_dyn_addn(out, buf, rr)) { + fclose(f); + return 0; + } + } + + return fclose(f) == 0; +} + +static void +cr_get_selected_ciphers(struct Curl_easy *data, + const char *ciphers12, + const char *ciphers13, + const struct rustls_supported_ciphersuite **selected, + size_t *selected_size) { - struct in_addr in; -#ifdef USE_IPV6 - struct in6_addr in6; - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) { - return true; + size_t supported_len = *selected_size; + size_t default_len = rustls_default_crypto_provider_ciphersuites_len(); + const struct rustls_supported_ciphersuite *entry; + const char *ciphers = ciphers12; + size_t count = 0, default13_count = 0, i, j; + const char *ptr, *end; + + DEBUGASSERT(default_len <= supported_len); + + if(!ciphers13) { + /* Add default TLSv1.3 ciphers to selection */ + for(j = 0; j < default_len; j++) { + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) != + RUSTLS_TLS_VERSION_TLSV1_3) + continue; + + selected[count++] = entry; + } + + default13_count = count; + + if(!ciphers) + ciphers = ""; } -#endif /* USE_IPV6 */ - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) { - return true; + else + ciphers = ciphers13; + +add_ciphers: + for(ptr = ciphers; ptr[0] != '\0' && count < supported_len; ptr = end) { + uint16_t id = Curl_cipher_suite_walk_str(&ptr, &end); + + /* Check if cipher is supported */ + if(id) { + for(i = 0; i < supported_len; i++) { + entry = rustls_default_crypto_provider_ciphersuites_get(i); + if(rustls_supported_ciphersuite_get_suite(entry) == id) + break; + } + if(i == supported_len) + id = 0; + } + if(!id) { + if(ptr[0] != '\0') + infof(data, "rustls: unknown cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); + continue; + } + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != entry; i++); + if(i < count) { + if(i >= default13_count) + infof(data, "rustls: duplicate cipher in list: \"%.*s\"", + (int) (end - ptr), ptr); + continue; + } + + selected[count++] = entry; + } + + if(ciphers == ciphers13 && ciphers12) { + ciphers = ciphers12; + goto add_ciphers; + } + + if(!ciphers12) { + /* Add default TLSv1.2 ciphers to selection */ + for(j = 0; j < default_len; j++) { + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) == + RUSTLS_TLS_VERSION_TLSV1_3) + continue; + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != entry; i++); + if(i < count) + continue; + + selected[count++] = entry; + } } - return false; + + *selected_size = count; } static CURLcode @@ -424,6 +527,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, { struct ssl_connect_data *connssl = cf->ctx; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct rustls_crypto_provider_builder *custom_provider_builder = NULL; + const struct rustls_crypto_provider *custom_provider = NULL; struct rustls_connection *rconn = NULL; struct rustls_client_config_builder *config_builder = NULL; const struct rustls_root_cert_store *roots = NULL; @@ -435,15 +540,113 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ (ca_info_blob ? NULL : conn_config->CAfile); const bool verifypeer = conn_config->verifypeer; - const char *hostname = connssl->peer.hostname; char errorbuf[256]; size_t errorlen; - int result; + rustls_result result; DEBUGASSERT(backend); rconn = backend->conn; - config_builder = rustls_client_config_builder_new(); + { + uint16_t tls_versions[2] = { + RUSTLS_TLS_VERSION_TLSV1_2, + RUSTLS_TLS_VERSION_TLSV1_3, + }; + size_t tls_versions_len = 2; + const struct rustls_supported_ciphersuite **cipher_suites; + size_t cipher_suites_len = + rustls_default_crypto_provider_ciphersuites_len(); + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + break; + case CURL_SSLVERSION_TLSv1_3: + tls_versions[0] = RUSTLS_TLS_VERSION_TLSV1_3; + tls_versions_len = 1; + break; + default: + failf(data, "rustls: unsupported minimum TLS version value"); + return CURLE_SSL_ENGINE_INITFAILED; + } + + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + break; + case CURL_SSLVERSION_MAX_TLSv1_2: + if(tls_versions[0] == RUSTLS_TLS_VERSION_TLSV1_2) { + tls_versions_len = 1; + break; + } + FALLTHROUGH(); + case CURL_SSLVERSION_MAX_TLSv1_1: + case CURL_SSLVERSION_MAX_TLSv1_0: + default: + failf(data, "rustls: unsupported maximum TLS version value"); + return CURLE_SSL_ENGINE_INITFAILED; + } + + cipher_suites = malloc(sizeof(cipher_suites) * (cipher_suites_len)); + if(!cipher_suites) + return CURLE_OUT_OF_MEMORY; + + cr_get_selected_ciphers(data, + conn_config->cipher_list, + conn_config->cipher_list13, + cipher_suites, &cipher_suites_len); + if(cipher_suites_len == 0) { + failf(data, "rustls: no supported cipher in list"); + free(cipher_suites); + return CURLE_SSL_CIPHER; + } + + result = rustls_crypto_provider_builder_new_from_default( + &custom_provider_builder); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to create crypto provider builder from default"); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = + rustls_crypto_provider_builder_set_cipher_suites( + custom_provider_builder, + cipher_suites, + cipher_suites_len); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to set ciphersuites for crypto provider builder"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = rustls_crypto_provider_builder_build( + custom_provider_builder, &custom_provider); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build custom crypto provider"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = rustls_client_config_builder_new_custom(custom_provider, + tls_versions, + tls_versions_len, + &config_builder); + free(cipher_suites); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to create client config"); + return CURLE_SSL_ENGINE_INITFAILED; + } + } + + rustls_crypto_provider_builder_free(custom_provider_builder); + rustls_crypto_provider_free(custom_provider); + if(connssl->alpn) { struct alpn_proto_buf proto; rustls_slice_bytes alpn[ALPN_ENTRIES_MAX]; @@ -461,20 +664,12 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(!verifypeer) { rustls_client_config_builder_dangerous_set_certificate_verifier( config_builder, cr_verify_none); - /* rustls doesn't support IP addresses (as of 0.19.0), and will reject - * connections created with an IP address, even when certificate - * verification is turned off. Set a placeholder hostname and disable - * SNI. */ - if(cr_hostname_is_ip(hostname)) { - rustls_client_config_builder_set_enable_sni(config_builder, false); - hostname = "example.invalid"; - } } else if(ca_info_blob || ssl_cafile) { roots_builder = rustls_root_cert_store_builder_new(); if(ca_info_blob) { - /* Enable strict parsing only if verification isn't disabled. */ + /* Enable strict parsing only if verification is not disabled. */ result = rustls_root_cert_store_builder_add_pem(roots_builder, ca_info_blob->data, ca_info_blob->len, @@ -482,20 +677,18 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to parse trusted certificates from blob"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } else if(ssl_cafile) { - /* Enable strict parsing only if verification isn't disabled. */ + /* Enable strict parsing only if verification is not disabled. */ result = rustls_root_cert_store_builder_load_roots_from_file( roots_builder, ssl_cafile, verifypeer); if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to load trusted certificates"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } @@ -503,30 +696,60 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, result = rustls_root_cert_store_builder_build(roots_builder, &roots); rustls_root_cert_store_builder_free(roots_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + failf(data, "rustls: failed to build trusted root certificate store"); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(roots); + rustls_root_cert_store_free(roots); + + if(conn_config->CRLfile) { + struct dynbuf crl_contents; + Curl_dyn_init(&crl_contents, SIZE_MAX); + if(!read_file_into(conn_config->CRLfile, &crl_contents)) { + failf(data, "rustls: failed to read revocation list file"); + Curl_dyn_free(&crl_contents); + rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); + return CURLE_SSL_CRL_BADFILE; + } + + result = rustls_web_pki_server_cert_verifier_builder_add_crl( + verifier_builder, + Curl_dyn_uptr(&crl_contents), + Curl_dyn_len(&crl_contents)); + Curl_dyn_free(&crl_contents); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to parse revocation list"); + rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); + return CURLE_SSL_CRL_BADFILE; + } + } result = rustls_web_pki_server_cert_verifier_builder_build( verifier_builder, &server_cert_verifier); rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); + failf(data, "rustls: failed to build certificate verifier"); rustls_server_cert_verifier_free(server_cert_verifier); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } rustls_client_config_builder_set_server_verifier(config_builder, server_cert_verifier); + rustls_server_cert_verifier_free(server_cert_verifier); + } + + result = rustls_client_config_builder_build( + config_builder, + &backend->config); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build client config"); + rustls_client_config_free(backend->config); + return CURLE_SSL_ENGINE_INITFAILED; } - backend->config = rustls_client_config_builder_build(config_builder); DEBUGASSERT(rconn == NULL); result = rustls_client_connection_new(backend->config, connssl->peer.hostname, &rconn); @@ -601,30 +824,44 @@ cr_connect_common(struct Curl_cfilter *cf, /* Read/write data until the handshake is done or the socket would block. */ for(;;) { /* - * Connection has been established according to rustls. Set send/recv + * Connection has been established according to Rustls. Set send/recv * handlers, and update the state machine. */ + connssl->io_need = CURL_SSL_IO_NEED_NONE; if(!rustls_connection_is_handshaking(rconn)) { - infof(data, "Done handshaking"); - /* rustls claims it is no longer handshaking *before* it has + /* Rustls claims it is no longer handshaking *before* it has * send its FINISHED message off. We attempt to let it write * one more time. Oh my. */ cr_set_negotiated_alpn(cf, data, rconn); cr_send(cf, data, NULL, 0, &tmperr); if(tmperr == CURLE_AGAIN) { - connssl->connecting_state = ssl_connect_2_writing; + connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } else if(tmperr != CURLE_OK) { return tmperr; } /* REALLY Done with the handshake. */ + { + uint16_t proto = rustls_connection_get_protocol_version(rconn); + uint16_t cipher = rustls_connection_get_negotiated_ciphersuite(rconn); + char buf[64] = ""; + const char *ver = "TLS version unknown"; + if(proto == RUSTLS_TLS_VERSION_TLSV1_3) + ver = "TLSv1.3"; + if(proto == RUSTLS_TLS_VERSION_TLSV1_2) + ver = "TLSv1.2"; + Curl_cipher_suite_get_str(cipher, buf, sizeof(buf), true); + infof(data, "rustls: handshake complete, %s, cipher: %s", + ver, buf); + } connssl->state = ssl_connection_complete; *done = TRUE; return CURLE_OK; } + connssl->connecting_state = ssl_connect_2; wants_read = rustls_connection_wants_read(rconn); wants_write = rustls_connection_wants_write(rconn) || backend->plain_out_buffered; @@ -632,8 +869,6 @@ cr_connect_common(struct Curl_cfilter *cf, writefd = wants_write?sockfd:CURL_SOCKET_BAD; readfd = wants_read?sockfd:CURL_SOCKET_BAD; - connssl->connecting_state = wants_write? - ssl_connect_2_writing : ssl_connect_2_reading; /* check allowed time left */ timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -653,14 +888,18 @@ cr_connect_common(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } if(blocking && 0 == what) { - failf(data, "rustls connection timeout after %" - CURL_FORMAT_TIMEDIFF_T " ms", socket_check_timeout); + failf(data, "rustls: connection timeout after %" FMT_TIMEDIFF_T " ms", + socket_check_timeout); return CURLE_OPERATION_TIMEDOUT; } if(0 == what) { CURL_TRC_CF(data, cf, "Curl_socket_check: %s would block", wants_read&&wants_write ? "writing and reading" : wants_write ? "writing" : "reading"); + if(wants_write) + connssl->io_need |= CURL_SSL_IO_NEED_SEND; + if(wants_read) + connssl->io_need |= CURL_SSL_IO_NEED_RECV; return CURLE_OK; } /* socket is readable or writable */ @@ -695,7 +934,7 @@ cr_connect_common(struct Curl_cfilter *cf, } /* We should never fall through the loop. We should return either because - the handshake is done or because we can't read/write without blocking. */ + the handshake is done or because we cannot read/write without blocking. */ DEBUGASSERT(false); } @@ -723,24 +962,85 @@ cr_get_internals(struct ssl_connect_data *connssl, return &backend->conn; } -static void -cr_close(struct Curl_cfilter *cf, struct Curl_easy *data) +static CURLcode +cr_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { struct ssl_connect_data *connssl = cf->ctx; struct rustls_ssl_backend_data *backend = (struct rustls_ssl_backend_data *)connssl->backend; - CURLcode tmperr = CURLE_OK; - ssize_t n = 0; + CURLcode result = CURLE_OK; + ssize_t nwritten, nread; + char buf[1024]; + size_t i; DEBUGASSERT(backend); - if(backend->conn && !connssl->peer_closed) { - CURL_TRC_CF(data, cf, "closing connection, send notify"); - rustls_connection_send_close_notify(backend->conn); - n = cr_send(cf, data, NULL, 0, &tmperr); - if(n < 0) { - failf(data, "rustls: error sending close_notify: %d", tmperr); + if(!backend->conn || cf->shutdown) { + *done = TRUE; + goto out; + } + + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + + if(!backend->sent_shutdown) { + /* do this only once */ + backend->sent_shutdown = TRUE; + if(send_shutdown) { + rustls_connection_send_close_notify(backend->conn); } + } + nwritten = cr_send(cf, data, NULL, 0, &result); + if(nwritten < 0) { + if(result == CURLE_AGAIN) { + connssl->io_need = CURL_SSL_IO_NEED_SEND; + result = CURLE_OK; + goto out; + } + DEBUGASSERT(result); + CURL_TRC_CF(data, cf, "shutdown send failed: %d", result); + goto out; + } + + for(i = 0; i < 10; ++i) { + nread = cr_recv(cf, data, buf, (int)sizeof(buf), &result); + if(nread <= 0) + break; + } + + if(nread > 0) { + /* still data coming in? */ + } + else if(nread == 0) { + /* We got the close notify alert and are done. */ + *done = TRUE; + } + else if(result == CURLE_AGAIN) { + connssl->io_need = CURL_SSL_IO_NEED_RECV; + result = CURLE_OK; + } + else { + DEBUGASSERT(result); + CURL_TRC_CF(data, cf, "shutdown, error: %d", result); + } + +out: + cf->shutdown = (result || *done); + return result; +} + +static void +cr_close(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct rustls_ssl_backend_data *backend = + (struct rustls_ssl_backend_data *)connssl->backend; + + (void)data; + DEBUGASSERT(backend); + if(backend->conn) { rustls_connection_free(backend->conn); backend->conn = NULL; } @@ -756,19 +1056,31 @@ static size_t cr_version(char *buffer, size_t size) return msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data); } +static CURLcode +cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length) +{ + rustls_result rresult = 0; + (void)data; + rresult = + rustls_default_crypto_provider_random(entropy, length); + return map_error(rresult); +} + const struct Curl_ssl Curl_ssl_rustls = { { CURLSSLBACKEND_RUSTLS, "rustls" }, SSLSUPP_CAINFO_BLOB | /* supports */ - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST | + SSLSUPP_TLS13_CIPHERSUITES, sizeof(struct rustls_ssl_backend_data), Curl_none_init, /* init */ Curl_none_cleanup, /* cleanup */ cr_version, /* version */ Curl_none_check_cxn, /* check_cxn */ - Curl_none_shutdown, /* shutdown */ + cr_shutdown, /* shutdown */ cr_data_pending, /* data_pending */ - Curl_none_random, /* random */ + cr_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ cr_connect_blocking, /* connect */ cr_connect_nonblocking, /* connect_nonblocking */ @@ -783,9 +1095,9 @@ const struct Curl_ssl Curl_ssl_rustls = { NULL, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ cr_recv, /* recv decrypted data */ cr_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_RUSTLS */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/schannel.c b/vendor/hydra/vendor/curl/lib/vtls/schannel.c index 19cdc4b2..a9dcbe45 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/schannel.c +++ b/vendor/hydra/vendor/curl/lib/vtls/schannel.c @@ -34,7 +34,7 @@ #ifdef USE_SCHANNEL #ifndef USE_WINDOWS_SSPI -# error "Can't compile SCHANNEL support without SSPI." +# error "cannot compile SCHANNEL support without SSPI." #endif #include "schannel.h" @@ -171,7 +171,7 @@ schannel_set_ssl_version_min_max(DWORD *enabled_protocols, { struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); long ssl_version = conn_config->version; - long ssl_version_max = conn_config->version_max; + long ssl_version_max = (long)conn_config->version_max; long i = ssl_version; switch(ssl_version_max) { @@ -364,7 +364,7 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, if(!alg) alg = get_alg_id_by_name(startCur); if(alg) - algIds[algCount++] = alg; + algIds[algCount++] = (ALG_ID)alg; else if(!strncmp(startCur, "USE_STRONG_CRYPTO", sizeof("USE_STRONG_CRYPTO") - 1) || !strncmp(startCur, "SCH_USE_STRONG_CRYPTO", @@ -377,7 +377,7 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, startCur++; } schannel_cred->palgSupportedAlgs = algIds; - schannel_cred->cSupportedAlgs = algCount; + schannel_cred->cSupportedAlgs = (DWORD)algCount; return CURLE_OK; } @@ -513,7 +513,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, } if(!ssl_config->auto_client_cert) { - flags &= ~SCH_CRED_USE_DEFAULT_CREDS; + flags &= ~(DWORD)SCH_CRED_USE_DEFAULT_CREDS; flags |= SCH_CRED_NO_DEFAULT_CREDS; infof(data, "schannel: disabled automatic use of client certificate"); } @@ -950,7 +950,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, tls_parameters.pDisabledCrypto = crypto_settings; /* The number of blocked suites */ - tls_parameters.cDisabledCrypto = crypto_settings_idx; + tls_parameters.cDisabledCrypto = (DWORD)crypto_settings_idx; credentials.pTlsParameters = &tls_parameters; credentials.cTlsParameters = 1; @@ -968,7 +968,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, #endif sspi_status = - s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &credentials, NULL, NULL, &backend->cred->cred_handle, @@ -976,7 +976,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, } else { /* Pre-Windows 10 1809 or the user set a legacy algorithm list. Although MS - doesn't document it, currently Schannel will not negotiate TLS 1.3 when + does not document it, currently Schannel will not negotiate TLS 1.3 when SCHANNEL_CRED is used. */ ALG_ID algIds[NUM_CIPHERS]; char *ciphers = conn_config->cipher_list; @@ -1015,7 +1015,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, #endif sspi_status = - s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, + Curl_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL, &backend->cred->cred_handle, @@ -1083,7 +1083,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef HAS_ALPN /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above. - Also it doesn't seem to be supported for Wine, see curl bug #983. */ + Also it does not seem to be supported for WINE, see curl bug #983. */ backend->use_alpn = connssl->alpn && !GetProcAddress(GetModuleHandle(TEXT("ntdll")), "wine_get_version") && @@ -1095,11 +1095,11 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef _WIN32_WCE #ifdef HAS_MANUAL_VERIFY_API - /* certificate validation on CE doesn't seem to work right; we'll + /* certificate validation on CE does not seem to work right; we will * do it following a more manual process. */ backend->use_manual_cred_validation = true; #else -#error "compiler too old to support requisite manual cert verify for Win CE" +#error "compiler too old to support Windows CE requisite manual cert verify" #endif #else #ifdef HAS_MANUAL_VERIFY_API @@ -1127,7 +1127,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) backend->cred = NULL; /* check for an existing reusable credential handle */ - if(ssl_config->primary.sessionid) { + if(ssl_config->primary.cache_session) { Curl_ssl_sessionid_lock(data); if(!Curl_ssl_getsessionid(cf, data, &connssl->peer, (void **)&old_cred, NULL)) { @@ -1241,11 +1241,11 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* Schannel InitializeSecurityContext: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx - At the moment we don't pass inbuf unless we're using ALPN since we only - use it for that, and Wine (for which we currently disable ALPN) is giving + At the moment we do not pass inbuf unless we are using ALPN since we only + use it for that, and WINE (for which we currently disable ALPN) is giving us problems with inbuf regardless. https://github.com/curl/curl/issues/983 */ - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, NULL, backend->cred->sni_hostname, backend->req_flags, 0, 0, (backend->use_alpn ? &inbuf_desc : NULL), @@ -1287,9 +1287,9 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* send initial handshake data which is now stored in output buffer */ written = Curl_conn_cf_send(cf->next, data, - outbuf.pvBuffer, outbuf.cbBuffer, + outbuf.pvBuffer, outbuf.cbBuffer, FALSE, &result); - s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); + Curl_pSecFn->FreeContextBuffer(outbuf.pvBuffer); if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) { failf(data, "schannel: failed to send initial handshake data: " "sent %zd of %lu bytes", written, outbuf.cbBuffer); @@ -1332,7 +1332,8 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(backend); - doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE; + doread = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? FALSE : TRUE; + connssl->io_need = CURL_SSL_IO_NEED_NONE; DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 2/3)", @@ -1393,8 +1394,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) backend->encdata_offset, &result); if(result == CURLE_AGAIN) { - if(connssl->connecting_state != ssl_connect_2_writing) - connssl->connecting_state = ssl_connect_2_reading; + connssl->io_need = CURL_SSL_IO_NEED_RECV; DEBUGF(infof(data, "schannel: failed to receive handshake, " "need more data")); return CURLE_OK; @@ -1436,7 +1436,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) memcpy(inbuf[0].pvBuffer, backend->encdata_buffer, backend->encdata_offset); - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, backend->cred->sni_hostname, backend->req_flags, 0, 0, &inbuf_desc, 0, NULL, @@ -1448,7 +1448,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* check if the handshake was incomplete */ if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { backend->encdata_is_incomplete = true; - connssl->connecting_state = ssl_connect_2_reading; + connssl->io_need = CURL_SSL_IO_NEED_RECV; DEBUGF(infof(data, "schannel: received incomplete message, need more data")); return CURLE_OK; @@ -1460,7 +1460,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS && !(backend->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) { backend->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; - connssl->connecting_state = ssl_connect_2_writing; + connssl->io_need = CURL_SSL_IO_NEED_SEND; DEBUGF(infof(data, "schannel: a client certificate has been requested")); return CURLE_OK; @@ -1477,7 +1477,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* send handshake token to server */ written = Curl_conn_cf_send(cf->next, data, outbuf[i].pvBuffer, outbuf[i].cbBuffer, - &result); + FALSE, &result); if((result != CURLE_OK) || (outbuf[i].cbBuffer != (size_t) written)) { failf(data, "schannel: failed to send next handshake data: " @@ -1488,7 +1488,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* free obsolete buffer */ if(outbuf[i].pvBuffer) { - s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer); + Curl_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer); } } } @@ -1531,7 +1531,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) inbuf[1].cbBuffer)); /* There are two cases where we could be getting extra data here: - 1) If we're renegotiating a connection and the handshake is already + 1) If we are renegotiating a connection and the handshake is already complete (from the server perspective), it can encrypted app data (not handshake data) in an extra buffer at this point. 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a @@ -1560,7 +1560,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* check if the handshake needs to be continued */ if(sspi_status == SEC_I_CONTINUE_NEEDED) { - connssl->connecting_state = ssl_connect_2_reading; + connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } @@ -1593,7 +1593,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) #endif /* Verify the hostname manually when certificate verification is disabled, - because in that case Schannel won't verify it. */ + because in that case Schannel will not verify it. */ if(!conn_config->verifypeer && conn_config->verifyhost) return Curl_verify_host(cf, data); @@ -1684,7 +1684,7 @@ static void schannel_session_free(void *sessionid, size_t idsize) if(cred) { cred->refcount--; if(cred->refcount == 0) { - s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + Curl_pSecFn->FreeCredentialsHandle(&cred->cred_handle); curlx_unicodefree(cred->sni_hostname); #ifdef HAS_CLIENT_CERT_PATH if(cred->client_cert_store) { @@ -1739,7 +1739,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) #ifdef HAS_ALPN if(backend->use_alpn) { sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result); @@ -1772,40 +1772,22 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) #endif /* save the current session data for possible reuse */ - if(ssl_config->primary.sessionid) { - bool incache; - struct Curl_schannel_cred *old_cred = NULL; - + if(ssl_config->primary.cache_session) { Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(cf, data, &connssl->peer, - (void **)&old_cred, NULL)); - if(incache) { - if(old_cred != backend->cred) { - DEBUGF(infof(data, - "schannel: old credential handle is stale, removing")); - /* we're not taking old_cred ownership here, no refcount++ is needed */ - Curl_ssl_delsessionid(data, (void *)old_cred); - incache = FALSE; - } - } - if(!incache) { - /* Up ref count since call takes ownership */ - backend->cred->refcount++; - result = Curl_ssl_addsessionid(cf, data, &connssl->peer, backend->cred, - sizeof(struct Curl_schannel_cred), - schannel_session_free); - if(result) { - Curl_ssl_sessionid_unlock(data); - return result; - } - } + /* Up ref count since call takes ownership */ + backend->cred->refcount++; + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, backend->cred, + sizeof(struct Curl_schannel_cred), + schannel_session_free); Curl_ssl_sessionid_unlock(data); + if(result) + return result; } if(data->set.ssl.certinfo) { int certs_count = 0; sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context); @@ -1853,7 +1835,7 @@ schannel_connect_common(struct Curl_cfilter *cf, } if(ssl_connect_1 == connssl->connecting_state) { - /* check out how much more time we're allowed */ + /* check out how much more time we are allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -1867,11 +1849,9 @@ schannel_connect_common(struct Curl_cfilter *cf, return result; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { - /* check out how much more time we're allowed */ + /* check out how much more time we are allowed */ timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -1880,14 +1860,13 @@ schannel_connect_common(struct Curl_cfilter *cf, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading - || connssl->connecting_state == ssl_connect_2_writing) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state ? sockfd : CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state ? sockfd : CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd : CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd : CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -1918,10 +1897,7 @@ schannel_connect_common(struct Curl_cfilter *cf, * have a valid fdset to wait on. */ result = schannel_connect_step2(cf, data); - if(result || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(result || (nonblocking && (ssl_connect_2 == connssl->connecting_state))) return result; } /* repeat step2 until all transactions are done. */ @@ -1979,7 +1955,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, /* check if the maximum stream sizes were queried */ if(backend->stream_sizes.cbMaximumMessage == 0) { - sspi_status = s_pSecFn->QueryContextAttributes( + sspi_status = Curl_pSecFn->QueryContextAttributes( &backend->ctxt->ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &backend->stream_sizes); @@ -2018,7 +1994,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, memcpy(outbuf[1].pvBuffer, buf, len); /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */ - sspi_status = s_pSecFn->EncryptMessage(&backend->ctxt->ctxt_handle, 0, + sspi_status = Curl_pSecFn->EncryptMessage(&backend->ctxt->ctxt_handle, 0, &outbuf_desc, 0); /* check if the message was encrypted */ @@ -2029,10 +2005,10 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer; /* - It's important to send the full message which includes the header, - encrypted payload, and trailer. Until the client receives all the + it is important to send the full message which includes the header, + encrypted payload, and trailer. Until the client receives all the data a coherent message has not been delivered and the client - can't read any of it. + cannot read any of it. If we wanted to buffer the unwritten encrypted bytes, we would tell the client that all data it has requested to be sent has been @@ -2078,7 +2054,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data, this_write = Curl_conn_cf_send(cf->next, data, ptr + written, len - written, - &result); + FALSE, &result); if(result == CURLE_AGAIN) continue; else if(result != CURLE_OK) { @@ -2129,8 +2105,9 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, DEBUGASSERT(backend); /**************************************************************************** - * Don't return or set backend->recv_unrecoverable_err unless in the cleanup. - * The pattern for return error is set *err, optional infof, goto cleanup. + * Do not return or set backend->recv_unrecoverable_err unless in the + * cleanup. The pattern for return error is set *err, optional infof, goto + * cleanup. * * Our priority is to always return as much decrypted data to the caller as * possible, even if an error occurs. The state of the decrypted buffer must @@ -2155,7 +2132,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, infof(data, "schannel: server indicated shutdown in a prior call"); goto cleanup; } - /* It's debatable what to return when !len. Regardless we can't return + /* it is debatable what to return when !len. Regardless we cannot return immediately because there may be data to decrypt (in the case we want to decrypt all encrypted cached data) so handle !len later in cleanup. */ @@ -2234,7 +2211,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */ - sspi_status = s_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle, + sspi_status = Curl_pSecFn->DecryptMessage(&backend->ctxt->ctxt_handle, &inbuf_desc, 0, NULL); /* check if everything went fine (server may want to renegotiate @@ -2313,14 +2290,15 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(sspi_status == SEC_I_RENEGOTIATE) { infof(data, "schannel: remote party requests renegotiation"); if(*err && *err != CURLE_AGAIN) { - infof(data, "schannel: can't renegotiate, an error is pending"); + infof(data, "schannel: cannot renegotiate, an error is pending"); goto cleanup; } /* begin renegotiation */ infof(data, "schannel: renegotiating SSL/TLS connection"); connssl->state = ssl_connection_negotiating; - connssl->connecting_state = ssl_connect_2_writing; + connssl->connecting_state = ssl_connect_2; + connssl->io_need = CURL_SSL_IO_NEED_SEND; backend->recv_renegotiating = true; *err = schannel_connect_common(cf, data, FALSE, &done); backend->recv_renegotiating = false; @@ -2377,13 +2355,13 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, /* Error if the connection has closed without a close_notify. - The behavior here is a matter of debate. We don't want to be vulnerable - to a truncation attack however there's some browser precedent for + The behavior here is a matter of debate. We do not want to be vulnerable + to a truncation attack however there is some browser precedent for ignoring the close_notify for compatibility reasons. Additionally, Windows 2000 (v5.0) is a special case since it seems it - doesn't return close_notify. In that case if the connection was closed we - assume it was graceful (close_notify) since there doesn't seem to be a + does not return close_notify. In that case if the connection was closed we + assume it was graceful (close_notify) since there does not seem to be a way to tell. */ if(len && !backend->decdata_offset && backend->recv_connection_closed && @@ -2420,7 +2398,7 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, if(!*err && !backend->recv_connection_closed) *err = CURLE_AGAIN; - /* It's debatable what to return when !len. We could return whatever error + /* it is debatable what to return when !len. We could return whatever error we got from decryption but instead we override here so the return is consistent. */ @@ -2475,8 +2453,9 @@ static bool schannel_data_pending(struct Curl_cfilter *cf, /* shut down the SSL connection and clean up related memory. this function can be called multiple times on the same connection including if the SSL connection failed (eg connection made but failed handshake). */ -static int schannel_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data) +static CURLcode schannel_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) { /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx * Shutting Down an Schannel Connection @@ -2484,41 +2463,57 @@ static int schannel_shutdown(struct Curl_cfilter *cf, struct ssl_connect_data *connssl = cf->ctx; struct schannel_ssl_backend_data *backend = (struct schannel_ssl_backend_data *)connssl->backend; + CURLcode result = CURLE_OK; + + if(cf->shutdown) { + *done = TRUE; + return CURLE_OK; + } DEBUGASSERT(data); DEBUGASSERT(backend); + /* Not supported in schannel */ + (void)send_shutdown; + + *done = FALSE; if(backend->ctxt) { infof(data, "schannel: shutting down SSL/TLS connection with %s port %d", connssl->peer.hostname, connssl->peer.port); } - if(backend->cred && backend->ctxt) { + if(!backend->ctxt || cf->shutdown) { + *done = TRUE; + goto out; + } + + if(backend->cred && backend->ctxt && !backend->sent_shutdown) { SecBufferDesc BuffDesc; SecBuffer Buffer; SECURITY_STATUS sspi_status; SecBuffer outbuf; SecBufferDesc outbuf_desc; - CURLcode result; DWORD dwshut = SCHANNEL_SHUTDOWN; InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); InitSecBufferDesc(&BuffDesc, &Buffer, 1); - sspi_status = s_pSecFn->ApplyControlToken(&backend->ctxt->ctxt_handle, + sspi_status = Curl_pSecFn->ApplyControlToken(&backend->ctxt->ctxt_handle, &BuffDesc); if(sspi_status != SEC_E_OK) { char buffer[STRERROR_LEN]; failf(data, "schannel: ApplyControlToken failure: %s", Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); + result = CURLE_SEND_ERROR; + goto out; } /* setup output buffer */ InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, &outbuf, 1); - sspi_status = s_pSecFn->InitializeSecurityContext( + sspi_status = Curl_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, backend->cred->sni_hostname, @@ -2536,19 +2531,81 @@ static int schannel_shutdown(struct Curl_cfilter *cf, /* send close message which is in output buffer */ ssize_t written = Curl_conn_cf_send(cf->next, data, outbuf.pvBuffer, outbuf.cbBuffer, - &result); - s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); - if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) { - infof(data, "schannel: failed to send close msg: %s" - " (bytes written: %zd)", curl_easy_strerror(result), written); + FALSE, &result); + Curl_pSecFn->FreeContextBuffer(outbuf.pvBuffer); + if(!result) { + if(written < (ssize_t)outbuf.cbBuffer) { + /* TODO: handle partial sends */ + infof(data, "schannel: failed to send close msg: %s" + " (bytes written: %zd)", curl_easy_strerror(result), written); + result = CURLE_SEND_ERROR; + goto out; + } + backend->sent_shutdown = TRUE; + *done = TRUE; + } + else if(result == CURLE_AGAIN) { + connssl->io_need = CURL_SSL_IO_NEED_SEND; + result = CURLE_OK; + goto out; } + else { + if(!backend->recv_connection_closed) { + infof(data, "schannel: error sending close msg: %d", result); + result = CURLE_SEND_ERROR; + goto out; + } + /* Looks like server already closed the connection. + * An error to send our close notify is not a failure. */ + *done = TRUE; + result = CURLE_OK; + } + } + } + + /* If the connection seems open and we have not seen the close notify + * from the server yet, try to receive it. */ + if(backend->cred && backend->ctxt && + !backend->recv_sspi_close_notify && !backend->recv_connection_closed) { + char buffer[1024]; + ssize_t nread; + + nread = schannel_recv(cf, data, buffer, sizeof(buffer), &result); + if(nread > 0) { + /* still data coming in? */ + } + else if(nread == 0) { + /* We got the close notify alert and are done. */ + backend->recv_connection_closed = TRUE; + *done = TRUE; + } + else if(nread < 0 && result == CURLE_AGAIN) { + connssl->io_need = CURL_SSL_IO_NEED_RECV; + } + else { + CURL_TRC_CF(data, cf, "SSL shutdown, error %d", result); + result = CURLE_RECV_ERROR; } } +out: + cf->shutdown = (result || *done); + return result; +} + +static void schannel_close(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct schannel_ssl_backend_data *backend = + (struct schannel_ssl_backend_data *)connssl->backend; + + DEBUGASSERT(data); + DEBUGASSERT(backend); + /* free SSPI Schannel API security context handle */ if(backend->ctxt) { DEBUGF(infof(data, "schannel: clear security context handle")); - s_pSecFn->DeleteSecurityContext(&backend->ctxt->ctxt_handle); + Curl_pSecFn->DeleteSecurityContext(&backend->ctxt->ctxt_handle); Curl_safefree(backend->ctxt); } @@ -2574,13 +2631,6 @@ static int schannel_shutdown(struct Curl_cfilter *cf, backend->decdata_length = 0; backend->decdata_offset = 0; } - - return CURLE_OK; -} - -static void schannel_close(struct Curl_cfilter *cf, struct Curl_easy *data) -{ - schannel_shutdown(cf, data); } static int schannel_init(void) @@ -2595,9 +2645,7 @@ static void schannel_cleanup(void) static size_t schannel_version(char *buffer, size_t size) { - size = msnprintf(buffer, size, "Schannel"); - - return size; + return msnprintf(buffer, size, "Schannel"); } static CURLcode schannel_random(struct Curl_easy *data UNUSED_PARAM, @@ -2622,7 +2670,7 @@ static CURLcode schannel_pkp_pin_peer_pubkey(struct Curl_cfilter *cf, DEBUGASSERT(backend); - /* if a path wasn't specified, don't pin */ + /* if a path was not specified, do not pin */ if(!pinnedpubkey) return CURLE_OK; @@ -2634,7 +2682,7 @@ static CURLcode schannel_pkp_pin_peer_pubkey(struct Curl_cfilter *cf, struct Curl_asn1Element *pubkey; sspi_status = - s_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&backend->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); @@ -2684,6 +2732,13 @@ static void schannel_checksum(const unsigned char *input, DWORD provType, const unsigned int algId) { +#ifdef CURL_WINDOWS_APP + (void)input; + (void)inputlen; + (void)provType; + (void)algId; + memset(checksum, 0, checksumlen); +#else HCRYPTPROV hProv = 0; HCRYPTHASH hHash = 0; DWORD cbHashSize = 0; @@ -2724,6 +2779,7 @@ static void schannel_checksum(const unsigned char *input, if(hProv) CryptReleaseContext(hProv, 0); +#endif } static CURLcode schannel_sha256sum(const unsigned char *input, @@ -2752,7 +2808,7 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct Curl_multi *multi = data->multi; const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; - struct schannel_multi_ssl_backend_data *mbackend; + struct schannel_cert_share *share; const struct ssl_general_config *cfg = &data->set.general_ssl; timediff_t timeout_ms; timediff_t elapsed_ms; @@ -2761,12 +2817,14 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, DEBUGASSERT(multi); - if(!multi || !multi->ssl_backend_data) { + if(!multi) { return NULL; } - mbackend = (struct schannel_multi_ssl_backend_data *)multi->ssl_backend_data; - if(!mbackend->cert_store) { + share = Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_SCHANNEL_CERT_SHARE_KEY, + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1); + if(!share || !share->cert_store) { return NULL; } @@ -2781,37 +2839,47 @@ HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; if(timeout_ms >= 0) { now = Curl_now(); - elapsed_ms = Curl_timediff(now, mbackend->time); + elapsed_ms = Curl_timediff(now, share->time); if(elapsed_ms >= timeout_ms) { return NULL; } } if(ca_info_blob) { - if(!mbackend->CAinfo_blob_digest) { - return NULL; - } - if(mbackend->CAinfo_blob_size != ca_info_blob->len) { + if(share->CAinfo_blob_size != ca_info_blob->len) { return NULL; } schannel_sha256sum((const unsigned char *)ca_info_blob->data, ca_info_blob->len, info_blob_digest, CURL_SHA256_DIGEST_LENGTH); - if(memcmp(mbackend->CAinfo_blob_digest, - info_blob_digest, + if(memcmp(share->CAinfo_blob_digest, info_blob_digest, CURL_SHA256_DIGEST_LENGTH)) { - return NULL; + return NULL; } } else { - if(!conn_config->CAfile || !mbackend->CAfile || - strcmp(mbackend->CAfile, conn_config->CAfile)) { + if(!conn_config->CAfile || !share->CAfile || + strcmp(share->CAfile, conn_config->CAfile)) { return NULL; } } - return mbackend->cert_store; + return share->cert_store; +} + +static void schannel_cert_share_free(void *key, size_t key_len, void *p) +{ + struct schannel_cert_share *share = p; + DEBUGASSERT(key_len == (sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1)); + DEBUGASSERT(!memcmp(MPROTO_SCHANNEL_CERT_SHARE_KEY, key, key_len)); + (void)key; + (void)key_len; + if(share->cert_store) { + CertCloseStore(share->cert_store, 0); + } + free(share->CAfile); + free(share); } bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, @@ -2821,8 +2889,7 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct Curl_multi *multi = data->multi; const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; - struct schannel_multi_ssl_backend_data *mbackend; - unsigned char *CAinfo_blob_digest = NULL; + struct schannel_cert_share *share; size_t CAinfo_blob_size = 0; char *CAfile = NULL; @@ -2832,25 +2899,27 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, return false; } - if(!multi->ssl_backend_data) { - multi->ssl_backend_data = - calloc(1, sizeof(struct schannel_multi_ssl_backend_data)); - if(!multi->ssl_backend_data) { + share = Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_SCHANNEL_CERT_SHARE_KEY, + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1); + if(!share) { + share = calloc(1, sizeof(*share)); + if(!share) { + return false; + } + if(!Curl_hash_add2(&multi->proto_hash, + (void *)MPROTO_SCHANNEL_CERT_SHARE_KEY, + sizeof(MPROTO_SCHANNEL_CERT_SHARE_KEY)-1, + share, schannel_cert_share_free)) { + free(share); return false; } } - mbackend = (struct schannel_multi_ssl_backend_data *)multi->ssl_backend_data; - - if(ca_info_blob) { - CAinfo_blob_digest = malloc(CURL_SHA256_DIGEST_LENGTH); - if(!CAinfo_blob_digest) { - return false; - } schannel_sha256sum((const unsigned char *)ca_info_blob->data, ca_info_blob->len, - CAinfo_blob_digest, + share->CAinfo_blob_digest, CURL_SHA256_DIGEST_LENGTH); CAinfo_blob_size = ca_info_blob->len; } @@ -2864,33 +2933,18 @@ bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, } /* free old cache data */ - if(mbackend->cert_store) { - CertCloseStore(mbackend->cert_store, 0); + if(share->cert_store) { + CertCloseStore(share->cert_store, 0); } - free(mbackend->CAinfo_blob_digest); - free(mbackend->CAfile); + free(share->CAfile); - mbackend->time = Curl_now(); - mbackend->cert_store = cert_store; - mbackend->CAinfo_blob_digest = CAinfo_blob_digest; - mbackend->CAinfo_blob_size = CAinfo_blob_size; - mbackend->CAfile = CAfile; + share->time = Curl_now(); + share->cert_store = cert_store; + share->CAinfo_blob_size = CAinfo_blob_size; + share->CAfile = CAfile; return true; } -static void schannel_free_multi_ssl_backend_data( - struct multi_ssl_backend_data *msbd) -{ - struct schannel_multi_ssl_backend_data *mbackend = - (struct schannel_multi_ssl_backend_data*)msbd; - if(mbackend->cert_store) { - CertCloseStore(mbackend->cert_store, 0); - } - free(mbackend->CAinfo_blob_digest); - free(mbackend->CAfile); - free(mbackend); -} - const struct Curl_ssl Curl_ssl_schannel = { { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */ @@ -2898,9 +2952,13 @@ const struct Curl_ssl Curl_ssl_schannel = { #ifdef HAS_MANUAL_VERIFY_API SSLSUPP_CAINFO_BLOB | #endif +#ifndef CURL_WINDOWS_APP SSLSUPP_PINNEDPUBKEY | +#endif SSLSUPP_TLS13_CIPHERSUITES | - SSLSUPP_HTTPS_PROXY, + SSLSUPP_CA_CACHE | + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct schannel_ssl_backend_data), @@ -2925,9 +2983,9 @@ const struct Curl_ssl Curl_ssl_schannel = { schannel_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - schannel_free_multi_ssl_backend_data, /* free_multi_ssl_backend_data */ schannel_recv, /* recv decrypted data */ schannel_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif /* USE_SCHANNEL */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/schannel_int.h b/vendor/hydra/vendor/curl/lib/vtls/schannel_int.h index 5e233a9d..800fdf88 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/schannel_int.h +++ b/vendor/hydra/vendor/curl/lib/vtls/schannel_int.h @@ -28,7 +28,10 @@ #ifdef USE_SCHANNEL -#if defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN) +#include "vtls.h" + +#if (defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)) \ + && !defined(CURL_WINDOWS_APP) #define HAS_MANUAL_VERIFY_API #endif @@ -144,7 +147,7 @@ struct schannel_ssl_backend_data { size_t encdata_offset, decdata_offset; unsigned char *encdata_buffer, *decdata_buffer; /* encdata_is_incomplete: if encdata contains only a partial record that - can't be decrypted without another recv() (that is, status is + cannot be decrypted without another recv() (that is, status is SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds more bytes into encdata then set this back to false. */ bool encdata_is_incomplete; @@ -157,10 +160,14 @@ struct schannel_ssl_backend_data { #ifdef HAS_MANUAL_VERIFY_API bool use_manual_cred_validation; /* true if manual cred validation is used */ #endif + BIT(sent_shutdown); }; -struct schannel_multi_ssl_backend_data { - unsigned char *CAinfo_blob_digest; /* CA info blob digest */ +/* key to use at `multi->proto_hash` */ +#define MPROTO_SCHANNEL_CERT_SHARE_KEY "tls:schannel:cert:share" + +struct schannel_cert_share { + unsigned char CAinfo_blob_digest[CURL_SHA256_DIGEST_LENGTH]; size_t CAinfo_blob_size; /* CA info blob size */ char *CAfile; /* CAfile path used to generate certificate store */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/schannel_verify.c b/vendor/hydra/vendor/curl/lib/vtls/schannel_verify.c index 24146d0b..11e61b68 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/schannel_verify.c +++ b/vendor/hydra/vendor/curl/lib/vtls/schannel_verify.c @@ -33,7 +33,7 @@ #ifdef USE_SCHANNEL #ifndef USE_WINDOWS_SSPI -# error "Can't compile SCHANNEL support without SSPI." +# error "cannot compile SCHANNEL support without SSPI." #endif #include "schannel.h" @@ -82,8 +82,8 @@ static int is_cr_or_lf(char c) } /* Search the substring needle,needlelen into string haystack,haystacklen - * Strings don't need to be terminated by a '\0'. - * Similar of OSX/Linux memmem (not available on Visual Studio). + * Strings do not need to be terminated by a '\0'. + * Similar of macOS/Linux memmem (not available on Visual Studio). * Return position of beginning of first occurrence or NULL if not found */ static const char *c_memmem(const void *haystack, size_t haystacklen, @@ -335,7 +335,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, /* * Returns the number of characters necessary to populate all the host_names. - * If host_names is not NULL, populate it with all the host names. Each string + * If host_names is not NULL, populate it with all the hostnames. Each string * in the host_names is null-terminated and the last string is double * null-terminated. If no DNS names are found, a single null-terminated empty * string is returned. @@ -346,6 +346,12 @@ static DWORD cert_get_name_string(struct Curl_easy *data, DWORD length) { DWORD actual_length = 0; +#if defined(CURL_WINDOWS_APP) + (void)data; + (void)cert_context; + (void)host_names; + (void)length; +#else BOOL compute_content = FALSE; CERT_INFO *cert_info = NULL; CERT_EXTENSION *extension = NULL; @@ -441,14 +447,14 @@ static DWORD cert_get_name_string(struct Curl_easy *data, } /* Sanity check to prevent buffer overrun. */ if((actual_length + current_length) > length) { - failf(data, "schannel: Not enough memory to list all host names."); + failf(data, "schannel: Not enough memory to list all hostnames."); break; } dns_w = entry->pwszDNSName; - /* pwszDNSName is in ia5 string format and hence doesn't contain any - * non-ascii characters. */ + /* pwszDNSName is in ia5 string format and hence does not contain any + * non-ASCII characters. */ while(*dns_w != '\0') { - *current_pos++ = (char)(*dns_w++); + *current_pos++ = (TCHAR)(*dns_w++); } *current_pos++ = '\0'; actual_length += (DWORD)current_length; @@ -457,6 +463,7 @@ static DWORD cert_get_name_string(struct Curl_easy *data, /* Last string has double null-terminator. */ *current_pos = '\0'; } +#endif return actual_length; } @@ -476,7 +483,7 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, DWORD actual_len = 0; sspi_status = - s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); @@ -605,7 +612,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, DEBUGASSERT(BACKEND); sspi_status = - s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, + Curl_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pCertContextServer); diff --git a/vendor/hydra/vendor/curl/lib/vtls/sectransp.c b/vendor/hydra/vendor/curl/lib/vtls/sectransp.c index f49db648..0eb079bb 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/sectransp.c +++ b/vendor/hydra/vendor/curl/lib/vtls/sectransp.c @@ -30,6 +30,8 @@ #include "curl_setup.h" +#ifdef USE_SECTRANSP + #include "urldata.h" /* for the Curl_easy definition */ #include "curl_base64.h" #include "strtok.h" @@ -37,19 +39,16 @@ #include "strcase.h" #include "x509asn1.h" #include "strerror.h" - -#ifdef USE_SECTRANSP +#include "cipher_suite.h" #ifdef __clang__ #pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wtautological-pointer-compare" +#pragma clang diagnostic ignored "-Wunreachable-code" #endif /* __clang__ */ #ifdef __GNUC__ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Waddress" -#pragma GCC diagnostic ignored "-Wundef" -#pragma GCC diagnostic ignored "-Wunreachable-code" #endif #include @@ -72,7 +71,7 @@ #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050 -#error "The Secure Transport back-end requires Leopard or later." +#error "The Secure Transport backend requires Leopard or later." #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */ #define CURL_BUILD_IOS 0 @@ -122,7 +121,7 @@ #define CURL_SUPPORT_MAC_10_9 0 #else -#error "The Secure Transport back-end requires iOS or macOS." +#error "The Secure Transport backend requires iOS or macOS." #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */ #if CURL_BUILD_MAC @@ -144,7 +143,8 @@ #include "memdebug.h" -/* From MacTypes.h (which we can't include because it isn't present in iOS: */ +/* From MacTypes.h (which we cannot include because it is not present in + iOS: */ #define ioErr -36 #define paramErr -50 @@ -152,636 +152,60 @@ struct st_ssl_backend_data { SSLContextRef ssl_ctx; bool ssl_direction; /* true if writing, false if reading */ size_t ssl_write_buffered_length; + BIT(sent_shutdown); }; -struct st_cipher { - const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */ - const char *alias_name; /* Alias name is the same as OpenSSL cipher name */ - SSLCipherSuite num; /* Cipher suite code/number defined in IANA registry */ - bool weak; /* Flag to mark cipher as weak based on previous implementation - of Secure Transport back-end by CURL */ -}; - -/* Macro to initialize st_cipher data structure: stringify id to name, cipher - number/id, 'weak' suite flag +/* Create the list of default ciphers to use by making an intersection of the + * ciphers supported by Secure Transport and the list below, using the order + * of the former. + * This list is based on TLS recommendations by Mozilla, balancing between + * security and wide compatibility: "Most ciphers that are not clearly broken + * and dangerous to use are supported" */ -#define CIPHER_DEF(num, alias, weak) \ - { #num, alias, num, weak } - -/* - Macro to initialize st_cipher data structure with name, code (IANA cipher - number/id value), and 'weak' suite flag. The first 28 cipher suite numbers - have the same IANA code for both SSL and TLS standards: numbers 0x0000 to - 0x001B. They have different names though. The first 4 letters of the cipher - suite name are the protocol name: "SSL_" or "TLS_", rest of the IANA name is - the same for both SSL and TLS cipher suite name. - The second part of the problem is that macOS/iOS SDKs don't define all TLS - codes but only 12 of them. The SDK defines all SSL codes though, i.e. SSL_NUM - constant is always defined for those 28 ciphers while TLS_NUM is defined only - for 12 of the first 28 ciphers. Those 12 TLS cipher codes match to - corresponding SSL enum value and represent the same cipher suite. Therefore - we'll use the SSL enum value for those cipher suites because it is defined - for all 28 of them. - We make internal data consistent and based on TLS names, i.e. all st_cipher - item names start with the "TLS_" prefix. - Summarizing all the above, those 28 first ciphers are presented in our table - with both TLS and SSL names. Their cipher numbers are assigned based on the - SDK enum value for the SSL cipher, which matches to IANA TLS number. - */ -#define CIPHER_DEF_SSLTLS(num_wo_prefix, alias, weak) \ - { "TLS_" #num_wo_prefix, alias, SSL_##num_wo_prefix, weak } - -/* - Cipher suites were marked as weak based on the following: - RC4 encryption - rfc7465, the document contains a list of deprecated ciphers. - Marked in the code below as weak. - RC2 encryption - many mentions, was found vulnerable to a relatively easy - attack https://link.springer.com/chapter/10.1007%2F3-540-69710-1_14 - Marked in the code below as weak. - DES and IDEA encryption - rfc5469, has a list of deprecated ciphers. - Marked in the code below as weak. - Anonymous Diffie-Hellman authentication and anonymous elliptic curve - Diffie-Hellman - vulnerable to a man-in-the-middle attack. Deprecated by - RFC 4346 aka TLS 1.1 (section A.5, page 60) - Null bulk encryption suites - not encrypted communication - Export ciphers, i.e. ciphers with restrictions to be used outside the US for - software exported to some countries, they were excluded from TLS 1.1 - version. More precisely, they were noted as ciphers which MUST NOT be - negotiated in RFC 4346 aka TLS 1.1 (section A.5, pages 60 and 61). - All of those filters were considered weak because they contain a weak - algorithm like DES, RC2 or RC4, and already considered weak by other - criteria. - 3DES - NIST deprecated it and is going to retire it by 2023 - https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA - OpenSSL https://www.openssl.org/blog/blog/2016/08/24/sweet32/ also - deprecated those ciphers. Some other libraries also consider it - vulnerable or at least not strong enough. - - CBC ciphers are vulnerable with SSL3.0 and TLS1.0: - https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance - /118518-technote-esa-00.html - We don't take care of this issue because it is resolved by later TLS - versions and for us, it requires more complicated checks, we need to - check a protocol version also. Vulnerability doesn't look very critical - and we do not filter out those cipher suites. - */ - -#define CIPHER_WEAK_NOT_ENCRYPTED TRUE -#define CIPHER_WEAK_RC_ENCRYPTION TRUE -#define CIPHER_WEAK_DES_ENCRYPTION TRUE -#define CIPHER_WEAK_IDEA_ENCRYPTION TRUE -#define CIPHER_WEAK_ANON_AUTH TRUE -#define CIPHER_WEAK_3DES_ENCRYPTION TRUE -#define CIPHER_STRONG_ENOUGH FALSE - -/* Please do not change the order of the first ciphers available for SSL. - Do not insert and do not delete any of them. Code below - depends on their order and continuity. - If you add a new cipher, please maintain order by number, i.e. - insert in between existing items to appropriate place based on - cipher suite IANA number -*/ -static const struct st_cipher ciphertable[] = { - /* SSL version 3.0 and initial TLS 1.0 cipher suites. - Defined since SDK 10.2.8 */ - CIPHER_DEF_SSLTLS(NULL_WITH_NULL_NULL, /* 0x0000 */ - NULL, - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF_SSLTLS(RSA_WITH_NULL_MD5, /* 0x0001 */ - "NULL-MD5", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF_SSLTLS(RSA_WITH_NULL_SHA, /* 0x0002 */ - "NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC4_40_MD5, /* 0x0003 */ - "EXP-RC4-MD5", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_MD5, /* 0x0004 */ - "RC4-MD5", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_SHA, /* 0x0005 */ - "RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* 0x0006 */ - "EXP-RC2-CBC-MD5", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_WITH_IDEA_CBC_SHA, /* 0x0007 */ - "IDEA-CBC-SHA", - CIPHER_WEAK_IDEA_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0008 */ - "EXP-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_WITH_DES_CBC_SHA, /* 0x0009 */ - "DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ - "DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x000B */ - "EXP-DH-DSS-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_DSS_WITH_DES_CBC_SHA, /* 0x000C */ - "DH-DSS-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x000D */ - "DH-DSS-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x000E */ - "EXP-DH-RSA-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_RSA_WITH_DES_CBC_SHA, /* 0x000F */ - "DH-RSA-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0010 */ - "DH-RSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x0011 */ - "EXP-EDH-DSS-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_DSS_WITH_DES_CBC_SHA, /* 0x0012 */ - "EDH-DSS-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x0013 */ - "DHE-DSS-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0014 */ - "EXP-EDH-RSA-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_RSA_WITH_DES_CBC_SHA, /* 0x0015 */ - "EDH-RSA-DES-CBC-SHA", - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0016 */ - "DHE-RSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_RC4_40_MD5, /* 0x0017 */ - "EXP-ADH-RC4-MD5", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF_SSLTLS(DH_anon_WITH_RC4_128_MD5, /* 0x0018 */ - "ADH-RC4-MD5", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_DES40_CBC_SHA, /* 0x0019 */ - "EXP-ADH-DES-CBC-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF_SSLTLS(DH_anon_WITH_DES_CBC_SHA, /* 0x001A */ - "ADH-DES-CBC-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF_SSLTLS(DH_anon_WITH_3DES_EDE_CBC_SHA, /* 0x001B */ - "ADH-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* 0x001C */ - NULL, - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* 0x001D */ - NULL, - CIPHER_STRONG_ENOUGH), - -#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 - /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */ - CIPHER_DEF(TLS_PSK_WITH_NULL_SHA, /* 0x002C */ - "PSK-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA, /* 0x002D */ - "DHE-PSK-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA, /* 0x002E */ - "RSA-PSK-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), -#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - - /* TLS addenda using AES, per RFC 3268. Defined since SDK 10.4u */ - CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */ - "AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA, /* 0x0030 */ - "DH-DSS-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA, /* 0x0031 */ - "DH-RSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* 0x0032 */ - "DHE-DSS-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* 0x0033 */ - "DHE-RSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA, /* 0x0034 */ - "ADH-AES128-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */ - "AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA, /* 0x0036 */ - "DH-DSS-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA, /* 0x0037 */ - "DH-RSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* 0x0038 */ - "DHE-DSS-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 0x0039 */ - "DHE-RSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA, /* 0x003A */ - "ADH-AES256-SHA", - CIPHER_WEAK_ANON_AUTH), - -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - /* TLS 1.2 addenda, RFC 5246 */ - /* Server provided RSA certificate for key exchange. */ - CIPHER_DEF(TLS_RSA_WITH_NULL_SHA256, /* 0x003B */ - "NULL-SHA256", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */ - "AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */ - "AES256-SHA256", - CIPHER_STRONG_ENOUGH), - /* Server-authenticated (and optionally client-authenticated) - Diffie-Hellman. */ - CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA256, /* 0x003E */ - "DH-DSS-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA256, /* 0x003F */ - "DH-RSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, /* 0x0040 */ - "DHE-DSS-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - - /* TLS 1.2 addenda, RFC 5246 */ - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, /* 0x0067 */ - "DHE-RSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA256, /* 0x0068 */ - "DH-DSS-AES256-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA256, /* 0x0069 */ - "DH-RSA-AES256-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, /* 0x006A */ - "DHE-DSS-AES256-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, /* 0x006B */ - "DHE-RSA-AES256-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA256, /* 0x006C */ - "ADH-AES128-SHA256", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA256, /* 0x006D */ - "ADH-AES256-SHA256", - CIPHER_WEAK_ANON_AUTH), -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - -#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 - /* Addendum from RFC 4279, TLS PSK */ - CIPHER_DEF(TLS_PSK_WITH_RC4_128_SHA, /* 0x008A */ - "PSK-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008B */ - "PSK-3DES-EDE-CBC-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA, /* 0x008C */ - "PSK-AES128-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA, /* 0x008D */ - "PSK-AES256-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_RC4_128_SHA, /* 0x008E */ - "DHE-PSK-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008F */ - "DHE-PSK-3DES-EDE-CBC-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA, /* 0x0090 */ - "DHE-PSK-AES128-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA, /* 0x0091 */ - "DHE-PSK-AES256-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_RC4_128_SHA, /* 0x0092 */ - "RSA-PSK-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x0093 */ - "RSA-PSK-3DES-EDE-CBC-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA, /* 0x0094 */ - "RSA-PSK-AES128-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA, /* 0x0095 */ - "RSA-PSK-AES256-CBC-SHA", - CIPHER_STRONG_ENOUGH), -#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites - for TLS. */ - CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */ - "AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */ - "AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, /* 0x009E */ - "DHE-RSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, /* 0x009F */ - "DHE-RSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, /* 0x00A0 */ - "DH-RSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, /* 0x00A1 */ - "DH-RSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A2 */ - "DHE-DSS-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A3 */ - "DHE-DSS-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A4 */ - "DH-DSS-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A5 */ - "DH-DSS-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_128_GCM_SHA256, /* 0x00A6 */ - "ADH-AES128-GCM-SHA256", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_DH_anon_WITH_AES_256_GCM_SHA384, /* 0x00A7 */ - "ADH-AES256-GCM-SHA384", - CIPHER_WEAK_ANON_AUTH), -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - -#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 - /* RFC 5487 - PSK with SHA-256/384 and AES GCM */ - CIPHER_DEF(TLS_PSK_WITH_AES_128_GCM_SHA256, /* 0x00A8 */ - "PSK-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_PSK_WITH_AES_256_GCM_SHA384, /* 0x00A9 */ - "PSK-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AA */ - "DHE-PSK-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AB */ - "DHE-PSK-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AC */ - "RSA-PSK-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AD */ - "RSA-PSK-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA256, /* 0x00AE */ - "PSK-AES128-CBC-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA384, /* 0x00AF */ - "PSK-AES256-CBC-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_PSK_WITH_NULL_SHA256, /* 0x00B0 */ - "PSK-NULL-SHA256", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_PSK_WITH_NULL_SHA384, /* 0x00B1 */ - "PSK-NULL-SHA384", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B2 */ - "DHE-PSK-AES128-CBC-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B3 */ - "DHE-PSK-AES256-CBC-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA256, /* 0x00B4 */ - "DHE-PSK-NULL-SHA256", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA384, /* 0x00B5 */ - "DHE-PSK-NULL-SHA384", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B6 */ - "RSA-PSK-AES128-CBC-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B7 */ - "RSA-PSK-AES256-CBC-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA256, /* 0x00B8 */ - "RSA-PSK-NULL-SHA256", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA384, /* 0x00B9 */ - "RSA-PSK-NULL-SHA384", - CIPHER_WEAK_NOT_ENCRYPTED), -#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - - /* RFC 5746 - Secure Renegotiation. This is not a real suite, - it is a response to initiate negotiation again */ - CIPHER_DEF(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, /* 0x00FF */ - NULL, - CIPHER_STRONG_ENOUGH), - -#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 - /* TLS 1.3 standard cipher suites for ChaCha20+Poly1305. - Note: TLS 1.3 ciphersuites do not specify the key exchange - algorithm -- they only specify the symmetric ciphers. - Cipher alias name matches to OpenSSL cipher name, and for - TLS 1.3 ciphers */ - CIPHER_DEF(TLS_AES_128_GCM_SHA256, /* 0x1301 */ - NULL, /* The OpenSSL cipher name matches to the IANA name */ - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_AES_256_GCM_SHA384, /* 0x1302 */ - NULL, /* The OpenSSL cipher name matches to the IANA name */ - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_CHACHA20_POLY1305_SHA256, /* 0x1303 */ - NULL, /* The OpenSSL cipher name matches to the IANA name */ - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_AES_128_CCM_SHA256, /* 0x1304 */ - NULL, /* The OpenSSL cipher name matches to the IANA name */ - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_AES_128_CCM_8_SHA256, /* 0x1305 */ - NULL, /* The OpenSSL cipher name matches to the IANA name */ - CIPHER_STRONG_ENOUGH), -#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ +static const uint16_t default_ciphers[] = { + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ + TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */ + TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */ #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS - /* ECDSA addenda, RFC 4492 */ - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_NULL_SHA, /* 0xC001 */ - "ECDH-ECDSA-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* 0xC002 */ - "ECDH-ECDSA-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ - "ECDH-ECDSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ - "ECDH-ECDSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */ - "ECDH-ECDSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_NULL_SHA, /* 0xC006 */ - "ECDHE-ECDSA-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, /* 0xC007 */ - "ECDHE-ECDSA-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */ - "ECDHE-ECDSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */ - "ECDHE-ECDSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */ - "ECDHE-ECDSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_NULL_SHA, /* 0xC00B */ - "ECDH-RSA-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_ECDH_RSA_WITH_RC4_128_SHA, /* 0xC00C */ - "ECDH-RSA-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */ - "ECDH-RSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */ - "ECDH-RSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */ - "ECDH-RSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_NULL_SHA, /* 0xC010 */ - "ECDHE-RSA-NULL-SHA", - CIPHER_WEAK_NOT_ENCRYPTED), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_RC4_128_SHA, /* 0xC011 */ - "ECDHE-RSA-RC4-SHA", - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */ - "ECDHE-RSA-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */ - "ECDHE-RSA-AES128-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */ - "ECDHE-RSA-AES256-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_anon_WITH_NULL_SHA, /* 0xC015 */ - "AECDH-NULL-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_ECDH_anon_WITH_RC4_128_SHA, /* 0xC016 */ - "AECDH-RC4-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, /* 0xC017 */ - "AECDH-DES-CBC3-SHA", - CIPHER_WEAK_3DES_ENCRYPTION), - CIPHER_DEF(TLS_ECDH_anon_WITH_AES_128_CBC_SHA, /* 0xC018 */ - "AECDH-AES128-SHA", - CIPHER_WEAK_ANON_AUTH), - CIPHER_DEF(TLS_ECDH_anon_WITH_AES_256_CBC_SHA, /* 0xC019 */ - "AECDH-AES256-SHA", - CIPHER_WEAK_ANON_AUTH), + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */ + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */ + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */ #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */ #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with - HMAC SHA-256/384. */ - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */ - "ECDHE-ECDSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */ - "ECDHE-ECDSA-AES256-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */ - "ECDH-ECDSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */ - "ECDH-ECDSA-AES256-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */ - "ECDHE-RSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */ - "ECDHE-RSA-AES256-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */ - "ECDH-RSA-AES128-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */ - "ECDH-RSA-AES256-SHA384", - CIPHER_STRONG_ENOUGH), - /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with - SHA-256/384 and AES Galois Counter Mode (GCM) */ - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */ - "ECDHE-ECDSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */ - "ECDHE-ECDSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */ - "ECDH-ECDSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */ - "ECDH-ECDSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */ - "ECDHE-RSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */ - "ECDHE-RSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */ - "ECDH-RSA-AES128-GCM-SHA256", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */ - "ECDH-RSA-AES256-GCM-SHA384", - CIPHER_STRONG_ENOUGH), + TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */ + TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, /* 0x0067 */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, /* 0x006B */ + TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */ + TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */ + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, /* 0x009E */ + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, /* 0x009F */ + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */ + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */ + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */ + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */ + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */ #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ -#if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 - /* ECDHE_PSK Cipher Suites for Transport Layer Security (TLS), RFC 5489 */ - CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, /* 0xC035 */ - "ECDHE-PSK-AES128-CBC-SHA", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, /* 0xC036 */ - "ECDHE-PSK-AES256-CBC-SHA", - CIPHER_STRONG_ENOUGH), -#endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */ - #if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 - /* Addenda from rfc 7905 ChaCha20-Poly1305 Cipher Suites for - Transport Layer Security (TLS). */ - CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ - "ECDHE-RSA-CHACHA20-POLY1305", - CIPHER_STRONG_ENOUGH), - CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ - "ECDHE-ECDSA-CHACHA20-POLY1305", - CIPHER_STRONG_ENOUGH), + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ + + /* TLSv1.3 is not supported by sectransp, but there is also other + * code referencing TLSv1.3, like: kTLSProtocol13 ? */ + TLS_AES_128_GCM_SHA256, /* 0x1301 */ + TLS_AES_256_GCM_SHA384, /* 0x1302 */ + TLS_CHACHA20_POLY1305_SHA256, /* 0x1303 */ #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ - -#if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 - /* ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS), - RFC 7905 */ - CIPHER_DEF(TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCAB */ - "PSK-CHACHA20-POLY1305", - CIPHER_STRONG_ENOUGH), -#endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */ - - /* Tags for SSL 2 cipher kinds which are not specified for SSL 3. - Defined since SDK 10.2.8 */ - CIPHER_DEF(SSL_RSA_WITH_RC2_CBC_MD5, /* 0xFF80 */ - NULL, - CIPHER_WEAK_RC_ENCRYPTION), - CIPHER_DEF(SSL_RSA_WITH_IDEA_CBC_MD5, /* 0xFF81 */ - NULL, - CIPHER_WEAK_IDEA_ENCRYPTION), - CIPHER_DEF(SSL_RSA_WITH_DES_CBC_MD5, /* 0xFF82 */ - NULL, - CIPHER_WEAK_DES_ENCRYPTION), - CIPHER_DEF(SSL_RSA_WITH_3DES_EDE_CBC_MD5, /* 0xFF83 */ - NULL, - CIPHER_WEAK_3DES_ENCRYPTION), }; -#define NUM_OF_CIPHERS sizeof(ciphertable)/sizeof(ciphertable[0]) +#define DEFAULT_CIPHERS_LEN sizeof(default_ciphers)/sizeof(default_ciphers[0]) /* pinned public key support tests */ @@ -792,7 +216,7 @@ static const struct st_cipher ciphertable[] = { #define SECTRANSP_PINNEDPUBKEY_V1 1 #endif -/* version 2 supports MacOSX 10.7+ */ +/* version 2 supports macOS 10.7+ */ #if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070) #define SECTRANSP_PINNEDPUBKEY_V2 1 #endif @@ -816,7 +240,7 @@ static const unsigned char rsa2048SpkiHeader[] = { 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00}; #ifdef SECTRANSP_PINNEDPUBKEY_V1 -/* the *new* version doesn't return DER encoded ecdsa certs like the old... */ +/* the *new* version does not return DER encoded ecdsa certs like the old... */ static const unsigned char ecDsaSecp256r1SpkiHeader[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, @@ -886,7 +310,8 @@ static OSStatus sectransp_bio_cf_out_write(SSLConnectionRef connection, OSStatus rtn = noErr; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, &result); + nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, FALSE, + &result); CURL_TRC_CF(data, cf, "bio_send(len=%zu) -> %zd, result=%d", *dataLength, nwritten, result); if(nwritten <= 0) { @@ -906,25 +331,6 @@ static OSStatus sectransp_bio_cf_out_write(SSLConnectionRef connection, return rtn; } -CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) -{ - /* The first ciphers in the ciphertable are continuous. Here we do small - optimization and instead of loop directly get SSL name by cipher number. - */ - size_t i; - if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) { - return ciphertable[cipher].name; - } - /* Iterate through the rest of the ciphers */ - for(i = SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA + 1; i < NUM_OF_CIPHERS; - ++i) { - if(ciphertable[i].num == cipher) { - return ciphertable[i].name; - } - } - return ciphertable[SSL_NULL_WITH_NULL_NULL].name; -} - #if CURL_BUILD_MAC CF_INLINE void GetDarwinVersionNumber(int *major, int *minor) { @@ -957,27 +363,27 @@ CF_INLINE void GetDarwinVersionNumber(int *major, int *minor) #endif /* CURL_BUILD_MAC */ /* Apple provides a myriad of ways of getting information about a certificate - into a string. Some aren't available under iOS or newer cats. So here's - a unified function for getting a string describing the certificate that - ought to work in all cats starting with Leopard. */ + into a string. Some are not available under iOS or newer cats. Here's a + unified function for getting a string describing the certificate that ought + to work in all cats starting with Leopard. */ CF_INLINE CFStringRef getsubject(SecCertificateRef cert) { CFStringRef server_cert_summary = CFSTR("(null)"); #if CURL_BUILD_IOS - /* iOS: There's only one way to do this. */ + /* iOS: There is only one way to do this. */ server_cert_summary = SecCertificateCopySubjectSummary(cert); #else #if CURL_BUILD_MAC_10_7 /* Lion & later: Get the long description if we can. */ - if(SecCertificateCopyLongDescription) + if(&SecCertificateCopyLongDescription) server_cert_summary = SecCertificateCopyLongDescription(NULL, cert, NULL); else #endif /* CURL_BUILD_MAC_10_7 */ #if CURL_BUILD_MAC_10_6 /* Snow Leopard: Get the certificate summary. */ - if(SecCertificateCopySubjectSummary) + if(&SecCertificateCopySubjectSummary) server_cert_summary = SecCertificateCopySubjectSummary(cert); else #endif /* CURL_BUILD_MAC_10_6 */ @@ -1015,7 +421,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1; cbuf = calloc(1, cbuf_size); if(cbuf) { - if(!CFStringGetCString(c, cbuf, cbuf_size, + if(!CFStringGetCString(c, cbuf, (CFIndex)cbuf_size, kCFStringEncodingUTF8)) { failf(data, "SSL: invalid CA certificate subject"); result = CURLE_PEER_FAILED_VERIFICATION; @@ -1025,7 +431,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, *certp = cbuf; } else { - failf(data, "SSL: couldn't allocate %zu bytes of memory", cbuf_size); + failf(data, "SSL: could not allocate %zu bytes of memory", cbuf_size); result = CURLE_OUT_OF_MEMORY; } } @@ -1037,7 +443,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, #if CURL_SUPPORT_MAC_10_6 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise - deprecation warnings, so let's not compile this unless it's necessary: */ + deprecation warnings, so let's not compile this unless it is necessary: */ static OSStatus CopyIdentityWithLabelOldSchool(char *label, SecIdentityRef *out_c_a_k) { @@ -1090,7 +496,7 @@ static OSStatus CopyIdentityWithLabel(char *label, /* SecItemCopyMatching() was introduced in iOS and Snow Leopard. kSecClassIdentity was introduced in Lion. If both exist, let's use them to find the certificate. */ - if(SecItemCopyMatching && kSecClassIdentity) { + if(&SecItemCopyMatching && kSecClassIdentity) { CFTypeRef keys[5]; CFTypeRef values[5]; CFDictionaryRef query_dict; @@ -1108,7 +514,7 @@ static OSStatus CopyIdentityWithLabel(char *label, /* identity searches need a SecPolicyRef in order to work */ values[3] = SecPolicyCreateSSL(false, NULL); keys[3] = kSecMatchPolicy; - /* match the name of the certificate (doesn't work in macOS 10.12.1) */ + /* match the name of the certificate (does not work in macOS 10.12.1) */ values[4] = label_cf; keys[4] = kSecAttrLabel; query_dict = CFDictionaryCreate(NULL, (const void **)keys, @@ -1120,7 +526,7 @@ static OSStatus CopyIdentityWithLabel(char *label, /* Do we have a match? */ status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list); - /* Because kSecAttrLabel matching doesn't work with kSecClassIdentity, + /* Because kSecAttrLabel matching does not work with kSecClassIdentity, * we need to find the correct identity ourselves */ if(status == noErr) { keys_list_count = CFArrayGetCount(keys_list); @@ -1186,7 +592,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, cPassword, kCFStringEncodingUTF8) : NULL; CFDataRef pkcs_data = NULL; - /* We can import P12 files on iOS or OS X 10.7 or later: */ + /* We can import P12 files on iOS or macOS 10.7 or later: */ /* These constants are documented as having first appeared in 10.6 but they raise linker errors when used on that cat for some reason. */ #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS @@ -1194,7 +600,8 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, if(blob) { pkcs_data = CFDataCreate(kCFAllocatorDefault, - (const unsigned char *)blob->data, blob->len); + (const unsigned char *)blob->data, + (CFIndex)blob->len); status = (pkcs_data != NULL) ? errSecSuccess : errSecAllocate; resource_imported = (pkcs_data != NULL); } @@ -1202,7 +609,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL, (const UInt8 *)cPath, - strlen(cPath), false); + (CFIndex)strlen(cPath), false); resource_imported = CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data, @@ -1231,7 +638,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, /* On macOS SecPKCS12Import will always add the client certificate to * the Keychain. * - * As this doesn't match iOS, and apps may not want to see their client + * As this does not match iOS, and apps may not want to see their client * certificate saved in the user's keychain, we use SecItemImport * with a NULL keychain to avoid importing it. * @@ -1311,336 +718,308 @@ CF_INLINE bool is_file(const char *filename) return false; } -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS -static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver, - long ssl_version) +static CURLcode +sectransp_set_ssl_version_min_max(struct Curl_easy *data, + struct st_ssl_backend_data *backend, + struct ssl_primary_config *conn_config) { - switch(ssl_version) { +#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS + OSStatus err; + SSLProtocol ver_min; + SSLProtocol ver_max; + +#if CURL_SUPPORT_MAC_10_7 + if(!&SSLSetProtocolVersionMax) + goto legacy; +#endif + + switch(conn_config->version) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: - *darwinver = kTLSProtocol1; - return CURLE_OK; + ver_min = kTLSProtocol1; + break; case CURL_SSLVERSION_TLSv1_1: - *darwinver = kTLSProtocol11; - return CURLE_OK; + ver_min = kTLSProtocol11; + break; case CURL_SSLVERSION_TLSv1_2: - *darwinver = kTLSProtocol12; - return CURLE_OK; - case CURL_SSLVERSION_TLSv1_3: - /* TLS 1.3 support first appeared in iOS 11 and macOS 10.13 */ -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - *darwinver = kTLSProtocol13; - return CURLE_OK; - } -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - HAVE_BUILTIN_AVAILABLE == 1 */ + ver_min = kTLSProtocol12; break; + case CURL_SSLVERSION_TLSv1_3: + default: + failf(data, "SSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } - return CURLE_SSL_CONNECT_ERROR; -} -#endif -static CURLcode set_ssl_version_min_max(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct st_ssl_backend_data *backend = - (struct st_ssl_backend_data *)connssl->backend; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - long ssl_version = conn_config->version; - long ssl_version_max = conn_config->version_max; - long max_supported_version_by_os; - - DEBUGASSERT(backend); + switch(conn_config->version_max) { + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + case CURL_SSLVERSION_MAX_TLSv1_3: + case CURL_SSLVERSION_MAX_TLSv1_2: + ver_max = kTLSProtocol12; + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + ver_max = kTLSProtocol11; + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + ver_max = kTLSProtocol1; + break; + default: + failf(data, "SSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } - /* macOS 10.5-10.7 supported TLS 1.0 only. - macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. - macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3; + err = SSLSetProtocolVersionMin(backend->ssl_ctx, ver_min); + if(err != noErr) { + failf(data, "SSL: failed to set minimum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } - else { - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; + err = SSLSetProtocolVersionMax(backend->ssl_ctx, ver_max); + if(err != noErr) { + failf(data, "SSL: failed to set maximum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } -#else - max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2; -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - HAVE_BUILTIN_AVAILABLE == 1 */ - switch(ssl_version) { + return CURLE_OK; +#endif +#if CURL_SUPPORT_MAC_10_7 + goto legacy; +legacy: + switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: - ssl_version = CURL_SSLVERSION_TLSv1_0; - break; - } - - switch(ssl_version_max) { - case CURL_SSLVERSION_MAX_NONE: - case CURL_SSLVERSION_MAX_DEFAULT: - ssl_version_max = max_supported_version_by_os; + case CURL_SSLVERSION_TLSv1_0: break; + default: + failf(data, "SSL: unsupported minimum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; } -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(SSLSetProtocolVersionMax) { - SSLProtocol darwin_ver_min = kTLSProtocol1; - SSLProtocol darwin_ver_max = kTLSProtocol1; - CURLcode result = sectransp_version_from_curl(&darwin_ver_min, - ssl_version); - if(result) { - failf(data, "unsupported min version passed via CURLOPT_SSLVERSION"); - return result; - } - result = sectransp_version_from_curl(&darwin_ver_max, - ssl_version_max >> 16); - if(result) { - failf(data, "unsupported max version passed via CURLOPT_SSLVERSION"); - return result; - } + /* only TLS 1.0 is supported, disable SSL 3.0 and SSL 2.0 */ + SSLSetProtocolVersionEnabled(backend->ssl_ctx, kSSLProtocolAll, false); + SSLSetProtocolVersionEnabled(backend->ssl_ctx, kTLSProtocol1, true); - (void)SSLSetProtocolVersionMin(backend->ssl_ctx, darwin_ver_min); - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, darwin_ver_max); - return result; - } - else { -#if CURL_SUPPORT_MAC_10_8 - long i = ssl_version; - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kSSLProtocolAll, - false); - for(; i <= (ssl_version_max >> 16); i++) { - switch(i) { - case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - break; - case CURL_SSLVERSION_TLSv1_1: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol11, - true); - break; - case CURL_SSLVERSION_TLSv1_2: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol12, - true); - break; - case CURL_SSLVERSION_TLSv1_3: - failf(data, "Your version of the OS does not support TLSv1.3"); - return CURLE_SSL_CONNECT_ERROR; - } - } - return CURLE_OK; -#endif /* CURL_SUPPORT_MAC_10_8 */ - } -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ - failf(data, "Secure Transport: cannot set SSL protocol"); - return CURLE_SSL_CONNECT_ERROR; + return CURLE_OK; +#endif } -static bool is_cipher_suite_strong(SSLCipherSuite suite_num) +static int sectransp_cipher_suite_get_str(uint16_t id, char *buf, + size_t buf_size, bool prefer_rfc) { - size_t i; - for(i = 0; i < NUM_OF_CIPHERS; ++i) { - if(ciphertable[i].num == suite_num) { - return !ciphertable[i].weak; - } - } - /* If the cipher is not in our list, assume it is a new one - and therefore strong. Previous implementation was the same, - if cipher suite is not in the list, it was considered strong enough */ - return true; + /* are these fortezza suites even supported ? */ + if(id == SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) + msnprintf(buf, buf_size, "%s", "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA"); + else if(id == SSL_FORTEZZA_DMS_WITH_NULL_SHA) + msnprintf(buf, buf_size, "%s", "SSL_FORTEZZA_DMS_WITH_NULL_SHA"); + /* can TLS_EMPTY_RENEGOTIATION_INFO_SCSV even be set ? */ + else if(id == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + msnprintf(buf, buf_size, "%s", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"); + /* do we still need to support these SSL2-only ciphers ? */ + else if(id == SSL_RSA_WITH_RC2_CBC_MD5) + msnprintf(buf, buf_size, "%s", "SSL_RSA_WITH_RC2_CBC_MD5"); + else if(id == SSL_RSA_WITH_IDEA_CBC_MD5) + msnprintf(buf, buf_size, "%s", "SSL_RSA_WITH_IDEA_CBC_MD5"); + else if(id == SSL_RSA_WITH_DES_CBC_MD5) + msnprintf(buf, buf_size, "%s", "SSL_RSA_WITH_DES_CBC_MD5"); + else if(id == SSL_RSA_WITH_3DES_EDE_CBC_MD5) + msnprintf(buf, buf_size, "%s", "SSL_RSA_WITH_3DES_EDE_CBC_MD5"); + else + return Curl_cipher_suite_get_str(id, buf, buf_size, prefer_rfc); + return 0; } -static bool sectransp_is_separator(char c) +static uint16_t sectransp_cipher_suite_walk_str(const char **str, + const char **end) { - /* Return whether character is a cipher list separator. */ - switch(c) { - case ' ': - case '\t': - case ':': - case ',': - case ';': - return true; - } - return false; + uint16_t id = Curl_cipher_suite_walk_str(str, end); + size_t len = *end - *str; + + if(!id) { + /* are these fortezza suites even supported ? */ + if(strncasecompare("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", *str, len)) + id = SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA; + else if(strncasecompare("SSL_FORTEZZA_DMS_WITH_NULL_SHA", *str, len)) + id = SSL_FORTEZZA_DMS_WITH_NULL_SHA; + /* can TLS_EMPTY_RENEGOTIATION_INFO_SCSV even be set ? */ + else if(strncasecompare("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", *str, len)) + id = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; + /* do we still need to support these SSL2-only ciphers ? */ + else if(strncasecompare("SSL_RSA_WITH_RC2_CBC_MD5", *str, len)) + id = SSL_RSA_WITH_RC2_CBC_MD5; + else if(strncasecompare("SSL_RSA_WITH_IDEA_CBC_MD5", *str, len)) + id = SSL_RSA_WITH_IDEA_CBC_MD5; + else if(strncasecompare("SSL_RSA_WITH_DES_CBC_MD5", *str, len)) + id = SSL_RSA_WITH_DES_CBC_MD5; + else if(strncasecompare("SSL_RSA_WITH_3DES_EDE_CBC_MD5", *str, len)) + id = SSL_RSA_WITH_3DES_EDE_CBC_MD5; + } + return id; } -static CURLcode sectransp_set_default_ciphers(struct Curl_easy *data, - SSLContextRef ssl_ctx) +/* allocated memory must be freed */ +static SSLCipherSuite * sectransp_get_supported_ciphers(SSLContextRef ssl_ctx, + size_t *len) { - size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i; - SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL; + SSLCipherSuite *ciphers = NULL; OSStatus err = noErr; + *len = 0; -#if CURL_BUILD_MAC - int darwinver_maj = 0, darwinver_min = 0; + err = SSLGetNumberSupportedCiphers(ssl_ctx, len); + if(err != noErr) + goto failed; - GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); -#endif /* CURL_BUILD_MAC */ + ciphers = malloc(*len * sizeof(SSLCipherSuite)); + if(!ciphers) + goto failed; + + err = SSLGetSupportedCiphers(ssl_ctx, ciphers, len); + if(err != noErr) + goto failed; - /* Disable cipher suites that ST supports but are not safe. These ciphers - are unlikely to be used in any case since ST gives other ciphers a much - higher priority, but it's probably better that we not connect at all than - to give the user a false sense of security if the server only supports - insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */ - err = SSLGetNumberSupportedCiphers(ssl_ctx, &all_ciphers_count); - if(err != noErr) { - failf(data, "SSL: SSLGetNumberSupportedCiphers() failed: OSStatus %d", - err); - return CURLE_SSL_CIPHER; - } - all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); - if(!all_ciphers) { - failf(data, "SSL: Failed to allocate memory for all ciphers"); - return CURLE_OUT_OF_MEMORY; - } - allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); - if(!allowed_ciphers) { - Curl_safefree(all_ciphers); - failf(data, "SSL: Failed to allocate memory for allowed ciphers"); - return CURLE_OUT_OF_MEMORY; - } - err = SSLGetSupportedCiphers(ssl_ctx, all_ciphers, - &all_ciphers_count); - if(err != noErr) { - Curl_safefree(all_ciphers); - Curl_safefree(allowed_ciphers); - return CURLE_SSL_CIPHER; - } - for(i = 0UL ; i < all_ciphers_count ; i++) { #if CURL_BUILD_MAC - /* There's a known bug in early versions of Mountain Lion where ST's ECC - ciphers (cipher suite 0xC001 through 0xC032) simply do not work. - Work around the problem here by disabling those ciphers if we are - running in an affected version of OS X. */ - if(darwinver_maj == 12 && darwinver_min <= 3 && - all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) { - continue; + { + int maj = 0, min = 0; + GetDarwinVersionNumber(&maj, &min); + /* There is a known bug in early versions of Mountain Lion where ST's ECC + ciphers (cipher suite 0xC001 through 0xC032) simply do not work. + Work around the problem here by disabling those ciphers if we are + running in an affected version of macOS. */ + if(maj == 12 && min <= 3) { + size_t i = 0, j = 0; + for(; i < *len; i++) { + if(ciphers[i] >= 0xC001 && ciphers[i] <= 0xC032) + continue; + ciphers[j++] = ciphers[i]; + } + *len = j; } -#endif /* CURL_BUILD_MAC */ - if(is_cipher_suite_strong(all_ciphers[i])) { - allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i]; + } +#endif + + return ciphers; +failed: + *len = 0; + Curl_safefree(ciphers); + return NULL; +} + +static CURLcode sectransp_set_default_ciphers(struct Curl_easy *data, + SSLContextRef ssl_ctx) +{ + CURLcode ret = CURLE_SSL_CIPHER; + size_t count = 0, i, j; + OSStatus err; + size_t supported_len; + SSLCipherSuite *ciphers = NULL; + + ciphers = sectransp_get_supported_ciphers(ssl_ctx, &supported_len); + if(!ciphers) { + failf(data, "SSL: Failed to get supported ciphers"); + goto failed; + } + + /* Intersect the ciphers supported by Secure Transport with the default + * ciphers, using the order of the former. */ + for(i = 0; i < supported_len; i++) { + for(j = 0; j < DEFAULT_CIPHERS_LEN; j++) { + if(default_ciphers[j] == ciphers[i]) { + ciphers[count++] = ciphers[i]; + break; + } } } - err = SSLSetEnabledCiphers(ssl_ctx, allowed_ciphers, - allowed_ciphers_count); - Curl_safefree(all_ciphers); - Curl_safefree(allowed_ciphers); + + if(count == 0) { + failf(data, "SSL: no supported default ciphers"); + goto failed; + } + + err = SSLSetEnabledCiphers(ssl_ctx, ciphers, count); if(err != noErr) { failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err); - return CURLE_SSL_CIPHER; + goto failed; } - return CURLE_OK; + + ret = CURLE_OK; +failed: + Curl_safefree(ciphers); + return ret; } static CURLcode sectransp_set_selected_ciphers(struct Curl_easy *data, SSLContextRef ssl_ctx, const char *ciphers) { - size_t ciphers_count = 0; - const char *cipher_start = ciphers; - OSStatus err = noErr; - SSLCipherSuite selected_ciphers[NUM_OF_CIPHERS]; + CURLcode ret = CURLE_SSL_CIPHER; + size_t count = 0, i; + const char *ptr, *end; + OSStatus err; + size_t supported_len; + SSLCipherSuite *supported = NULL; + SSLCipherSuite *selected = NULL; - if(!ciphers) - return CURLE_OK; + supported = sectransp_get_supported_ciphers(ssl_ctx, &supported_len); + if(!supported) { + failf(data, "SSL: Failed to get supported ciphers"); + goto failed; + } - while(sectransp_is_separator(*ciphers)) /* Skip initial separators. */ - ciphers++; - if(!*ciphers) - return CURLE_OK; + selected = malloc(supported_len * sizeof(SSLCipherSuite)); + if(!selected) { + failf(data, "SSL: Failed to allocate memory"); + goto failed; + } - cipher_start = ciphers; - while(*cipher_start && ciphers_count < NUM_OF_CIPHERS) { - bool cipher_found = FALSE; - size_t cipher_len = 0; - const char *cipher_end = NULL; - bool tls_name = FALSE; - size_t i; - - /* Skip separators */ - while(sectransp_is_separator(*cipher_start)) - cipher_start++; - if(*cipher_start == '\0') { - break; - } - /* Find last position of a cipher in the ciphers string */ - cipher_end = cipher_start; - while(*cipher_end != '\0' && !sectransp_is_separator(*cipher_end)) { - ++cipher_end; - } + for(ptr = ciphers; ptr[0] != '\0' && count < supported_len; ptr = end) { + uint16_t id = sectransp_cipher_suite_walk_str(&ptr, &end); - /* IANA cipher names start with the TLS_ or SSL_ prefix. - If the 4th symbol of the cipher is '_' we look for a cipher in the - table by its (TLS) name. - Otherwise, we try to match cipher by an alias. */ - if(cipher_start[3] == '_') { - tls_name = TRUE; + /* Check if cipher is supported */ + if(id) { + for(i = 0; i < supported_len && supported[i] != id; i++); + if(i == supported_len) + id = 0; } - /* Iterate through the cipher table and look for the cipher, starting - the cipher number 0x01 because the 0x00 is not the real cipher */ - cipher_len = cipher_end - cipher_start; - for(i = 1; i < NUM_OF_CIPHERS; ++i) { - const char *table_cipher_name = NULL; - if(tls_name) { - table_cipher_name = ciphertable[i].name; - } - else if(ciphertable[i].alias_name) { - table_cipher_name = ciphertable[i].alias_name; - } - else { - continue; - } - /* Compare a part of the string between separators with a cipher name - in the table and make sure we matched the whole cipher name */ - if(strncmp(cipher_start, table_cipher_name, cipher_len) == 0 - && table_cipher_name[cipher_len] == '\0') { - selected_ciphers[ciphers_count] = ciphertable[i].num; - ++ciphers_count; - cipher_found = TRUE; - break; - } - } - if(!cipher_found) { - /* It would be more human-readable if we print the wrong cipher name - but we don't want to allocate any additional memory and copy the name - into it, then add it into logs. - Also, we do not modify an original cipher list string. We just point - to positions where cipher starts and ends in the cipher list string. - The message is a bit cryptic and longer than necessary but can be - understood by humans. */ - failf(data, "SSL: cipher string \"%s\" contains unsupported cipher name" - " starting position %zd and ending position %zd", - ciphers, - cipher_start - ciphers, - cipher_end - ciphers); - return CURLE_SSL_CIPHER; - } - if(*cipher_end) { - cipher_start = cipher_end + 1; + if(!id) { + if(ptr[0] != '\0') + infof(data, "SSL: unknown cipher in list: \"%.*s\"", (int) (end - ptr), + ptr); + continue; } - else { - break; + + /* No duplicates allowed (so selected cannot overflow) */ + for(i = 0; i < count && selected[i] != id; i++); + if(i < count) { + infof(data, "SSL: duplicate cipher in list: \"%.*s\"", (int) (end - ptr), + ptr); + continue; } + + selected[count++] = id; + } + + if(count == 0) { + failf(data, "SSL: no supported cipher in list"); + goto failed; } - /* All cipher suites in the list are found. Report to logs as-is */ - infof(data, "SSL: Setting cipher suites list \"%s\"", ciphers); - err = SSLSetEnabledCiphers(ssl_ctx, selected_ciphers, ciphers_count); + err = SSLSetEnabledCiphers(ssl_ctx, selected, count); if(err != noErr) { failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err); - return CURLE_SSL_CIPHER; + goto failed; } - return CURLE_OK; + + ret = CURLE_OK; +failed: + Curl_safefree(supported); + Curl_safefree(selected); + return ret; } static void sectransp_session_free(void *sessionid, size_t idsize) { /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a cached session ID inside the Security framework. There is a private - function that does this, but I don't want to have to explain to you why I + function that does this, but I do not want to have to explain to you why I got your application rejected from the App Store due to the use of a private API, so the best we can do is free up our own char array that we created way back in sectransp_connect_step1... */ @@ -1665,6 +1044,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; char *ciphers; OSStatus err = noErr; + CURLcode result; #if CURL_BUILD_MAC int darwinver_maj = 0, darwinver_min = 0; @@ -1675,23 +1055,23 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, #endif /* CURL_BUILD_MAC */ #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(SSLCreateContext) { /* use the newer API if available */ + if(&SSLCreateContext) { /* use the newer API if available */ if(backend->ssl_ctx) CFRelease(backend->ssl_ctx); backend->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); if(!backend->ssl_ctx) { - failf(data, "SSL: couldn't create a context"); + failf(data, "SSL: could not create a context"); return CURLE_OUT_OF_MEMORY; } } else { - /* The old ST API does not exist under iOS, so don't compile it: */ + /* The old ST API does not exist under iOS, so do not compile it: */ #if CURL_SUPPORT_MAC_10_8 if(backend->ssl_ctx) (void)SSLDisposeContext(backend->ssl_ctx); err = SSLNewContext(false, &(backend->ssl_ctx)); if(err != noErr) { - failf(data, "SSL: couldn't create a context: OSStatus %d", err); + failf(data, "SSL: could not create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; } #endif /* CURL_SUPPORT_MAC_10_8 */ @@ -1701,123 +1081,18 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, (void)SSLDisposeContext(backend->ssl_ctx); err = SSLNewContext(false, &(backend->ssl_ctx)); if(err != noErr) { - failf(data, "SSL: couldn't create a context: OSStatus %d", err); + failf(data, "SSL: could not create a context: OSStatus %d", err); return CURLE_OUT_OF_MEMORY; } #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ backend->ssl_write_buffered_length = 0UL; /* reset buffered write length */ - /* check to see if we've been told to use an explicit SSL/TLS version */ -#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(SSLSetProtocolVersionMax) { - switch(conn_config->version) { - case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionMin(backend->ssl_ctx, kTLSProtocol1); -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 - if(__builtin_available(macOS 10.13, iOS 11.0, *)) { - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol13); - } - else { - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12); - } -#else - (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12); -#endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && - HAVE_BUILTIN_AVAILABLE == 1 */ - break; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - { - CURLcode result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - } - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_SSLv2: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else { -#if CURL_SUPPORT_MAC_10_8 - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kSSLProtocolAll, - false); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol11, - true); - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol12, - true); - break; - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: - case CURL_SSLVERSION_TLSv1_3: - { - CURLcode result = set_ssl_version_min_max(cf, data); - if(result != CURLE_OK) - return result; - break; - } - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_SSLv2: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } -#endif /* CURL_SUPPORT_MAC_10_8 */ - } -#else - if(conn_config->version_max != CURL_SSLVERSION_MAX_NONE) { - failf(data, "Your version of the OS does not support to set maximum" - " SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; - } - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, kSSLProtocolAll, false); - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, - kTLSProtocol1, - true); - break; - case CURL_SSLVERSION_TLSv1_1: - failf(data, "Your version of the OS does not support TLSv1.1"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_2: - failf(data, "Your version of the OS does not support TLSv1.2"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_TLSv1_3: - failf(data, "Your version of the OS does not support TLSv1.3"); - return CURLE_SSL_CONNECT_ERROR; - case CURL_SSLVERSION_SSLv2: - case CURL_SSLVERSION_SSLv3: - failf(data, "SSL versions not supported"); - return CURLE_NOT_BUILT_IN; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } -#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ + result = sectransp_set_ssl_version_min_max(data, backend, conn_config); + if(result != CURLE_OK) + return result; -#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 +#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ + defined(HAVE_BUILTIN_AVAILABLE) if(connssl->alpn) { if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) { struct alpn_proto_buf proto; @@ -1886,7 +1161,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, err = SecIdentityCopyCertificate(cert_and_key, &cert); if(err == noErr) { char *certp; - CURLcode result = CopyCertSubject(data, cert, &certp); + result = CopyCertSubject(data, cert, &certp); if(!result) { infof(data, "Client certificate: %s", certp); free(certp); @@ -1929,11 +1204,11 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, cert_showfilename_error); break; case errSecItemNotFound: - failf(data, "SSL: Can't find the certificate \"%s\" and its private " + failf(data, "SSL: cannot find the certificate \"%s\" and its private " "key in the Keychain.", cert_showfilename_error); break; default: - failf(data, "SSL: Can't load the certificate \"%s\" and its private " + failf(data, "SSL: cannot load the certificate \"%s\" and its private " "key: OSStatus %d", cert_showfilename_error, err); break; } @@ -1948,7 +1223,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS /* Snow Leopard introduced the SSLSetSessionOption() function, but due to a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag - works, it doesn't work as expected under Snow Leopard, Lion or + works, it does not work as expected under Snow Leopard, Lion or Mountain Lion. So we need to call SSLSetEnableCertVerify() on those older cats in order to disable certificate validation if the user turned that off. @@ -1962,9 +1237,9 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, Darwin 15.x.x is El Capitan (10.11) */ #if CURL_BUILD_MAC - if(SSLSetSessionOption && darwinver_maj >= 13) { + if(&SSLSetSessionOption && darwinver_maj >= 13) { #else - if(SSLSetSessionOption) { + if(&SSLSetSessionOption) { #endif /* CURL_BUILD_MAC */ bool break_on_auth = !conn_config->verifypeer || ssl_cafile || ssl_cablob; @@ -2000,7 +1275,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, bool is_cert_file = (!is_cert_data) && is_file(ssl_cafile); if(!(is_cert_file || is_cert_data)) { - failf(data, "SSL: can't load CA certificate file %s", + failf(data, "SSL: cannot load CA certificate file %s", ssl_cafile ? ssl_cafile : "(blob memory)"); return CURLE_SSL_CACERT_BADFILE; } @@ -2031,21 +1306,21 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, ciphers = conn_config->cipher_list; if(ciphers) { - err = sectransp_set_selected_ciphers(data, backend->ssl_ctx, ciphers); + result = sectransp_set_selected_ciphers(data, backend->ssl_ctx, ciphers); } else { - err = sectransp_set_default_ciphers(data, backend->ssl_ctx); + result = sectransp_set_default_ciphers(data, backend->ssl_ctx); } - if(err != noErr) { + if(result != CURLE_OK) { failf(data, "SSL: Unable to set ciphers for SSL/TLS handshake. " - "Error code: %d", err); + "Error code: %d", (int)result); return CURLE_SSL_CIPHER; } #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 /* We want to enable 1/n-1 when using a CBC cipher unless the user - specifically doesn't want us doing that: */ - if(SSLSetSessionOption) { + specifically does not want us doing that: */ + if(&SSLSetSessionOption) { SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionSendOneByteRecord, !ssl_config->enable_beast); SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionFalseStart, @@ -2053,8 +1328,8 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, } #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - /* Check if there's a cached ID we can/should use here! */ - if(ssl_config->primary.sessionid) { + /* Check if there is a cached ID we can/should use here! */ + if(ssl_config->primary.cache_session) { char *ssl_sessionid; size_t ssl_sessionid_len; @@ -2071,10 +1346,9 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, /* Informational message */ infof(data, "SSL reusing session ID"); } - /* If there isn't one, then let's make one up! This has to be done prior + /* If there is not one, then let's make one up! This has to be done prior to starting the handshake. */ else { - CURLcode result; ssl_sessionid = aprintf("%s:%d:%d:%s:%d", ssl_cafile ? ssl_cafile : "(blob memory)", @@ -2089,9 +1363,9 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } - result = Curl_ssl_addsessionid(cf, data, &connssl->peer, ssl_sessionid, - ssl_sessionid_len, - sectransp_session_free); + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, ssl_sessionid, + ssl_sessionid_len, + sectransp_session_free); Curl_ssl_sessionid_unlock(data); if(result) return result; @@ -2121,7 +1395,7 @@ static long pem_to_der(const char *in, unsigned char **out, size_t *outlen) char *sep_start, *sep_end, *cert_start, *cert_end; size_t i, j, err; size_t len; - unsigned char *b64; + char *b64; /* Jump through the separators at the beginning of the certificate. */ sep_start = strstr(in, "-----"); @@ -2202,16 +1476,16 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen) return 0; } -static int append_cert_to_array(struct Curl_easy *data, - const unsigned char *buf, size_t buflen, - CFMutableArrayRef array) +static CURLcode append_cert_to_array(struct Curl_easy *data, + const unsigned char *buf, size_t buflen, + CFMutableArrayRef array) { char *certp; CURLcode result; SecCertificateRef cacert; CFDataRef certdata; - certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen); + certdata = CFDataCreate(kCFAllocatorDefault, buf, (CFIndex)buflen); if(!certdata) { failf(data, "SSL: failed to allocate array for CA certificate"); return CURLE_OUT_OF_MEMORY; @@ -2248,7 +1522,8 @@ static CURLcode verify_cert_buf(struct Curl_cfilter *cf, const unsigned char *certbuf, size_t buflen, SSLContextRef ctx) { - int n = 0, rc; + int n = 0; + CURLcode rc; long res; unsigned char *der; size_t derlen, offset = 0; @@ -2419,7 +1694,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; - /* if a path wasn't specified, don't pin */ + /* if a path was not specified, do not pin */ if(!pinnedpubkey) return CURLE_OK; @@ -2451,17 +1726,17 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, #elif SECTRANSP_PINNEDPUBKEY_V2 { - OSStatus success; - success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL, - &publicKeyBits); - CFRelease(keyRef); - if(success != errSecSuccess || !publicKeyBits) - break; + OSStatus success; + success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL, + &publicKeyBits); + CFRelease(keyRef); + if(success != errSecSuccess || !publicKeyBits) + break; } #endif /* SECTRANSP_PINNEDPUBKEY_V2 */ - pubkeylen = CFDataGetLength(publicKeyBits); + pubkeylen = (size_t)CFDataGetLength(publicKeyBits); pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits); switch(pubkeylen) { @@ -2530,24 +1805,23 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, SSLCipherSuite cipher; SSLProtocol protocol = 0; - DEBUGASSERT(ssl_connect_2 == connssl->connecting_state - || ssl_connect_2_reading == connssl->connecting_state - || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(ssl_connect_2 == connssl->connecting_state); DEBUGASSERT(backend); CURL_TRC_CF(data, cf, "connect_step2"); /* Here goes nothing: */ check_handshake: + connssl->io_need = CURL_SSL_IO_NEED_NONE; err = SSLHandshake(backend->ssl_ctx); if(err != noErr) { switch(err) { - case errSSLWouldBlock: /* they're not done with us yet */ - connssl->connecting_state = backend->ssl_direction ? - ssl_connect_2_writing : ssl_connect_2_reading; + case errSSLWouldBlock: /* they are not done with us yet */ + connssl->io_need = backend->ssl_direction ? + CURL_SSL_IO_NEED_SEND : CURL_SSL_IO_NEED_RECV; return CURLE_OK; - /* The below is errSSLServerAuthCompleted; it's not defined in + /* The below is errSSLServerAuthCompleted; it is not defined in Leopard's headers */ case -9841: if((conn_config->CAfile || conn_config->ca_info_blob) && @@ -2657,8 +1931,8 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, "authority"); break; - /* This error is raised if the server's cert didn't match the server's - host name: */ + /* This error is raised if the server's cert did not match the server's + hostname: */ case errSSLHostNameMismatch: failf(data, "SSL certificate peer verification failed, the " "certificate did not match \"%s\"\n", connssl->peer.dispname); @@ -2759,7 +2033,8 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } else { - /* we have been connected fine, we're not waiting for anything else. */ + char cipher_str[64]; + /* we have been connected fine, we are not waiting for anything else. */ connssl->connecting_state = ssl_connect_3; #ifdef SECTRANSP_PINNEDPUBKEY @@ -2777,33 +2052,30 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, /* Informational message */ (void)SSLGetNegotiatedCipher(backend->ssl_ctx, &cipher); (void)SSLGetNegotiatedProtocolVersion(backend->ssl_ctx, &protocol); + + sectransp_cipher_suite_get_str((uint16_t) cipher, cipher_str, + sizeof(cipher_str), true); switch(protocol) { case kSSLProtocol2: - infof(data, "SSL 2.0 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "SSL 2.0 connection using %s", cipher_str); break; case kSSLProtocol3: - infof(data, "SSL 3.0 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "SSL 3.0 connection using %s", cipher_str); break; case kTLSProtocol1: - infof(data, "TLS 1.0 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "TLS 1.0 connection using %s", cipher_str); break; #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS case kTLSProtocol11: - infof(data, "TLS 1.1 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "TLS 1.1 connection using %s", cipher_str); break; case kTLSProtocol12: - infof(data, "TLS 1.2 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "TLS 1.2 connection using %s", cipher_str); break; #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ #if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 case kTLSProtocol13: - infof(data, "TLS 1.3 connection using %s", - TLSCipherNameForNumber(cipher)); + infof(data, "TLS 1.3 connection using %s", cipher_str); break; #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ default: @@ -2811,7 +2083,8 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, break; } -#if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 +#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \ + defined(HAVE_BUILTIN_AVAILABLE) if(connssl->alpn) { if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) { CFArrayRef alpnArr = NULL; @@ -2835,11 +2108,8 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf, else infof(data, VTLS_INFOF_NO_ALPN); - Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); - /* chosenProtocol is a reference to the string within alpnArr - and doesn't need to be freed separately */ + and does not need to be freed separately */ if(alpnArr) CFRelease(alpnArr); } @@ -2941,10 +2211,10 @@ static CURLcode collect_server_cert(struct Curl_cfilter *cf, /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion. The function SecTrustGetCertificateAtIndex() is officially present in Lion, but it is unfortunately also present in Snow Leopard as - private API and doesn't work as expected. So we have to look for + private API and does not work as expected. So we have to look for a different symbol to make sure this code is only executed under Lion or later. */ - if(SecTrustCopyPublicKey) { + if(&SecTrustCopyPublicKey) { #pragma unused(server_certs) err = SSLCopyPeerTrust(backend->ssl_ctx, &trust); /* For some reason, SSLCopyPeerTrust() can return noErr and yet return @@ -3030,7 +2300,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, } if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ + /* Find out how much more time we are allowed */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -3044,9 +2314,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, return result; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { /* check allowed time left */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -3057,14 +2325,13 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading || - connssl->connecting_state == ssl_connect_2_writing) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking ? 0 : timeout_ms); @@ -3094,10 +2361,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, * or epoll() will always have a valid fdset to wait on. */ result = sectransp_connect_step2(cf, data); - if(result || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(result || (nonblocking && (ssl_connect_2 == connssl->connecting_state))) return result; } /* repeat step2 until all transactions are done. */ @@ -3146,6 +2410,92 @@ static CURLcode sectransp_connect(struct Curl_cfilter *cf, return CURLE_OK; } +static ssize_t sectransp_recv(struct Curl_cfilter *cf, + struct Curl_easy *data, + char *buf, + size_t buffersize, + CURLcode *curlcode); + +static CURLcode sectransp_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct st_ssl_backend_data *backend = + (struct st_ssl_backend_data *)connssl->backend; + CURLcode result = CURLE_OK; + ssize_t nread; + char buf[1024]; + size_t i; + + DEBUGASSERT(backend); + if(!backend->ssl_ctx || cf->shutdown) { + *done = TRUE; + goto out; + } + + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + + if(send_shutdown && !backend->sent_shutdown) { + OSStatus err; + + CURL_TRC_CF(data, cf, "shutdown, send close notify"); + err = SSLClose(backend->ssl_ctx); + switch(err) { + case noErr: + backend->sent_shutdown = TRUE; + break; + case errSSLWouldBlock: + connssl->io_need = CURL_SSL_IO_NEED_SEND; + result = CURLE_OK; + goto out; + default: + CURL_TRC_CF(data, cf, "shutdown, error: %d", (int)err); + result = CURLE_SEND_ERROR; + goto out; + } + } + + for(i = 0; i < 10; ++i) { + if(!backend->sent_shutdown) { + nread = sectransp_recv(cf, data, buf, (int)sizeof(buf), &result); + } + else { + /* We would like to read the close notify from the server using + * secure transport, however SSLRead() no longer works after we + * sent the notify from our side. So, we just read from the + * underlying filter and hope it will end. */ + nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); + } + CURL_TRC_CF(data, cf, "shutdown read -> %zd, %d", nread, result); + if(nread <= 0) + break; + } + + if(nread > 0) { + /* still data coming in? */ + connssl->io_need = CURL_SSL_IO_NEED_RECV; + } + else if(nread == 0) { + /* We got the close notify alert and are done. */ + CURL_TRC_CF(data, cf, "shutdown done"); + *done = TRUE; + } + else if(result == CURLE_AGAIN) { + connssl->io_need = CURL_SSL_IO_NEED_RECV; + result = CURLE_OK; + } + else { + DEBUGASSERT(result); + CURL_TRC_CF(data, cf, "shutdown, error: %d", result); + } + +out: + cf->shutdown = (result || *done); + return result; +} + static void sectransp_close(struct Curl_cfilter *cf, struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; @@ -3158,9 +2508,8 @@ static void sectransp_close(struct Curl_cfilter *cf, struct Curl_easy *data) if(backend->ssl_ctx) { CURL_TRC_CF(data, cf, "close"); - (void)SSLClose(backend->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS - if(SSLCreateContext) + if(&SSLCreateContext) CFRelease(backend->ssl_ctx); #if CURL_SUPPORT_MAC_10_8 else @@ -3173,69 +2522,6 @@ static void sectransp_close(struct Curl_cfilter *cf, struct Curl_easy *data) } } -static int sectransp_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct st_ssl_backend_data *backend = - (struct st_ssl_backend_data *)connssl->backend; - ssize_t nread; - int what; - int rc; - char buf[120]; - int loop = 10; /* avoid getting stuck */ - CURLcode result; - - DEBUGASSERT(backend); - - if(!backend->ssl_ctx) - return 0; - -#ifndef CURL_DISABLE_FTP - if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) - return 0; -#endif - - sectransp_close(cf, data); - - rc = 0; - - what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), - SSL_SHUTDOWN_TIMEOUT); - - CURL_TRC_CF(data, cf, "shutdown"); - while(loop--) { - if(what < 0) { - /* anything that gets here is fatally bad */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - rc = -1; - break; - } - - if(!what) { /* timeout */ - failf(data, "SSL shutdown timeout"); - break; - } - - /* Something to read, let's do it and hope that it is the close - notify alert from the server. No way to SSL_Read now, so use read(). */ - - nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); - - if(nread < 0) { - failf(data, "read: %s", curl_easy_strerror(result)); - rc = -1; - } - - if(nread <= 0) - break; - - what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), 0); - } - - return rc; -} - static size_t sectransp_version(char *buffer, size_t size) { return msnprintf(buffer, size, "SecureTransport"); @@ -3267,7 +2553,7 @@ static bool sectransp_data_pending(struct Curl_cfilter *cf, static CURLcode sectransp_random(struct Curl_easy *data UNUSED_PARAM, unsigned char *entropy, size_t length) { - /* arc4random_buf() isn't available on cats older than Lion, so let's + /* arc4random_buf() is not available on cats older than Lion, so let's do this manually for the benefit of the older cats. */ size_t i; u_int32_t random_number = 0; @@ -3298,7 +2584,7 @@ static CURLcode sectransp_sha256sum(const unsigned char *tmp, /* input */ static bool sectransp_false_start(void) { #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 - if(SSLSetSessionOption) + if(&SSLSetSessionOption) return TRUE; #endif return FALSE; @@ -3325,7 +2611,7 @@ static ssize_t sectransp_send(struct Curl_cfilter *cf, Now, one could interpret that as "written to the socket," but actually, it returns the amount of data that was written to a buffer internal to - the SSLContextRef instead. So it's possible for SSLWrite() to return + the SSLContextRef instead. So it is possible for SSLWrite() to return errSSLWouldBlock and a number of bytes "written" because those bytes were encrypted and written to a buffer, not to the socket. @@ -3338,7 +2624,7 @@ static ssize_t sectransp_send(struct Curl_cfilter *cf, err = SSLWrite(backend->ssl_ctx, NULL, 0UL, &processed); switch(err) { case noErr: - /* processed is always going to be 0 because we didn't write to + /* processed is always going to be 0 because we did not write to the buffer, so return how much was written to the socket */ processed = backend->ssl_write_buffered_length; backend->ssl_write_buffered_length = 0UL; @@ -3353,7 +2639,7 @@ static ssize_t sectransp_send(struct Curl_cfilter *cf, } } else { - /* We've got new data to write: */ + /* We have got new data to write: */ err = SSLWrite(backend->ssl_ctx, mem, len, &processed); if(err != noErr) { switch(err) { @@ -3410,7 +2696,7 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf, *curlcode = CURLE_OK; return 0; - /* The below is errSSLPeerAuthCompleted; it's not defined in + /* The below is errSSLPeerAuthCompleted; it is not defined in Leopard's headers */ case -9841: if((conn_config->CAfile || conn_config->ca_info_blob) && @@ -3451,7 +2737,8 @@ const struct Curl_ssl Curl_ssl_sectransp = { #ifdef SECTRANSP_PINNEDPUBKEY SSLSUPP_PINNEDPUBKEY | #endif /* SECTRANSP_PINNEDPUBKEY */ - SSLSUPP_HTTPS_PROXY, + SSLSUPP_HTTPS_PROXY | + SSLSUPP_CIPHER_LIST, sizeof(struct st_ssl_backend_data), @@ -3476,9 +2763,9 @@ const struct Curl_ssl Curl_ssl_sectransp = { sectransp_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ sectransp_recv, /* recv decrypted data */ sectransp_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #ifdef __GNUC__ diff --git a/vendor/hydra/vendor/curl/lib/vtls/vtls.c b/vendor/hydra/vendor/curl/lib/vtls/vtls.c index 570a10d5..36a42267 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/vtls.c +++ b/vendor/hydra/vendor/curl/lib/vtls/vtls.c @@ -68,7 +68,10 @@ #include "curl_base64.h" #include "curl_printf.h" #include "inet_pton.h" +#include "connect.h" +#include "select.h" #include "strdup.h" +#include "rand.h" /* The last #include files should be: */ #include "curl_memory.h" @@ -103,7 +106,7 @@ static CURLcode blobdup(struct curl_blob **dest, DEBUGASSERT(dest); DEBUGASSERT(!*dest); if(src) { - /* only if there's data to dupe! */ + /* only if there is data to dupe! */ struct curl_blob *d; d = malloc(sizeof(struct curl_blob) + src->len); if(!d) @@ -136,6 +139,9 @@ static const struct alpn_spec ALPN_SPEC_H11 = { { ALPN_HTTP_1_1 }, 1 }; #ifdef USE_HTTP2 +static const struct alpn_spec ALPN_SPEC_H2 = { + { ALPN_H2 }, 1 +}; static const struct alpn_spec ALPN_SPEC_H2_H11 = { { ALPN_H2, ALPN_HTTP_1_1 }, 2 }; @@ -146,13 +152,15 @@ static const struct alpn_spec *alpn_get_spec(int httpwant, bool use_alpn) if(!use_alpn) return NULL; #ifdef USE_HTTP2 + if(httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) + return &ALPN_SPEC_H2; if(httpwant >= CURL_HTTP_VERSION_2) return &ALPN_SPEC_H2_H11; #else (void)httpwant; #endif /* Use the ALPN protocol "http/1.1" for HTTP/1.x. - Avoid "http/1.0" because some servers don't support it. */ + Avoid "http/1.0" because some servers do not support it. */ return &ALPN_SPEC_H11; } #endif /* USE_SSL */ @@ -166,7 +174,7 @@ void Curl_ssl_easy_config_init(struct Curl_easy *data) */ data->set.ssl.primary.verifypeer = TRUE; data->set.ssl.primary.verifyhost = TRUE; - data->set.ssl.primary.sessionid = TRUE; /* session ID caching by default */ + data->set.ssl.primary.cache_session = TRUE; /* caching by default */ #ifndef CURL_DISABLE_PROXY data->set.proxy_ssl = data->set.ssl; #endif @@ -228,7 +236,7 @@ static bool clone_ssl_primary_config(struct ssl_primary_config *source, dest->verifypeer = source->verifypeer; dest->verifyhost = source->verifyhost; dest->verifystatus = source->verifystatus; - dest->sessionid = source->sessionid; + dest->cache_session = source->cache_session; dest->ssl_options = source->ssl_options; CLONE_BLOB(cert_blob); @@ -411,23 +419,6 @@ int Curl_ssl_init(void) return Curl_ssl->init(); } -#if defined(CURL_WITH_MULTI_SSL) -static const struct Curl_ssl Curl_ssl_multi; -#endif - -/* Global cleanup */ -void Curl_ssl_cleanup(void) -{ - if(init_ssl) { - /* only cleanup if we did a previous init */ - Curl_ssl->cleanup(); -#if defined(CURL_WITH_MULTI_SSL) - Curl_ssl = &Curl_ssl_multi; -#endif - init_ssl = FALSE; - } -} - static bool ssl_prefs_check(struct Curl_easy *data) { /* check for CURLOPT_SSLVERSION invalid parameter value */ @@ -453,7 +444,7 @@ static bool ssl_prefs_check(struct Curl_easy *data) } static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data, - const struct alpn_spec *alpn) + const struct alpn_spec *alpn) { struct ssl_connect_data *ctx; @@ -529,8 +520,8 @@ void Curl_ssl_sessionid_unlock(struct Curl_easy *data) } /* - * Check if there's a session ID for the given connection in the cache, and if - * there's one suitable, it is provided. Returns TRUE when no entry matched. + * Check if there is a session ID for the given connection in the cache, and if + * there is one suitable, it is provided. Returns TRUE when no entry matched. */ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -549,9 +540,9 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, if(!ssl_config) return TRUE; - DEBUGASSERT(ssl_config->primary.sessionid); + DEBUGASSERT(ssl_config->primary.cache_session); - if(!ssl_config->primary.sessionid || !data->state.session) + if(!ssl_config->primary.cache_session || !data->state.session) /* session ID reuse is disabled or the session cache has not been setup */ return TRUE; @@ -589,10 +580,9 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, } } - DEBUGF(infof(data, "%s Session ID in cache for %s %s://%s:%d", - no_match? "Didn't find": "Found", - Curl_ssl_cf_is_proxy(cf) ? "proxy" : "host", - cf->conn->handler->scheme, peer->hostname, peer->port)); + CURL_TRC_CF(data, cf, "%s cached session ID for %s://%s:%d", + no_match? "No": "Found", + cf->conn->handler->scheme, peer->hostname, peer->port); return no_match; } @@ -635,18 +625,12 @@ void Curl_ssl_delsessionid(struct Curl_easy *data, void *ssl_sessionid) } } -/* - * Store session id in the session cache. The ID passed on to this function - * must already have been extracted and allocated the proper way for the SSL - * layer. Curl_XXXX_session_free() will be called to free/kill the session ID - * later on. - */ -CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, - struct Curl_easy *data, - const struct ssl_peer *peer, - void *ssl_sessionid, - size_t idsize, - Curl_ssl_sessionid_dtor *sessionid_free_cb) +CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, + struct Curl_easy *data, + const struct ssl_peer *peer, + void *ssl_sessionid, + size_t idsize, + Curl_ssl_sessionid_dtor *sessionid_free_cb) { struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); @@ -657,6 +641,8 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, char *clone_conn_to_host = NULL; int conn_to_port; long *general_age; + void *old_sessionid; + size_t old_size; CURLcode result = CURLE_OUT_OF_MEMORY; DEBUGASSERT(ssl_sessionid); @@ -667,9 +653,20 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, return CURLE_OK; } + if(!Curl_ssl_getsessionid(cf, data, peer, &old_sessionid, &old_size)) { + if((old_size == idsize) && + ((old_sessionid == ssl_sessionid) || + (idsize && !memcmp(old_sessionid, ssl_sessionid, idsize)))) { + /* the very same */ + sessionid_free_cb(ssl_sessionid, idsize); + return CURLE_OK; + } + Curl_ssl_delsessionid(data, old_sessionid); + } + store = &data->state.session[0]; oldest_age = data->state.session[0].age; /* zero if unused */ - DEBUGASSERT(ssl_config->primary.sessionid); + DEBUGASSERT(ssl_config->primary.cache_session); (void)ssl_config; clone_host = strdup(peer->hostname); @@ -687,7 +684,7 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, else conn_to_port = -1; - /* Now we should add the session ID and the host name to the cache, (remove + /* Now we should add the session ID and the hostname to the cache, (remove the oldest if necessary) */ /* If using shared SSL session, lock! */ @@ -722,12 +719,12 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, store->idsize = idsize; store->sessionid_free = sessionid_free_cb; store->age = *general_age; /* set current age */ - /* free it if there's one already present */ + /* free it if there is one already present */ free(store->name); free(store->conn_to_host); - store->name = clone_host; /* clone host name */ + store->name = clone_host; /* clone hostname */ clone_host = NULL; - store->conn_to_host = clone_conn_to_host; /* clone connect to host name */ + store->conn_to_host = clone_conn_to_host; /* clone connect to hostname */ clone_conn_to_host = NULL; store->conn_to_port = conn_to_port; /* connect to port number */ /* port number */ @@ -753,10 +750,12 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, return CURLE_OK; } -void Curl_free_multi_ssl_backend_data(struct multi_ssl_backend_data *mbackend) +CURLcode Curl_ssl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding) { - if(Curl_ssl->free_multi_ssl_backend_data && mbackend) - Curl_ssl->free_multi_ssl_backend_data(mbackend); + if(Curl_ssl->get_channel_binding) + return Curl_ssl->get_channel_binding(data, sockindex, binding); + return CURLE_OK; } void Curl_ssl_close_all(struct Curl_easy *data) @@ -778,19 +777,20 @@ void Curl_ssl_close_all(struct Curl_easy *data) void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps) { - if(!cf->connected) { - struct ssl_connect_data *connssl = cf->ctx; + struct ssl_connect_data *connssl = cf->ctx; + + if(connssl->io_need) { curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); if(sock != CURL_SOCKET_BAD) { - if(connssl->connecting_state == ssl_connect_2_writing) { + if(connssl->io_need & CURL_SSL_IO_NEED_SEND) { Curl_pollset_set_out_only(data, ps, sock); - CURL_TRC_CF(data, cf, "adjust_pollset, POLLOUT fd=%" - CURL_FORMAT_SOCKET_T, sock); + CURL_TRC_CF(data, cf, "adjust_pollset, POLLOUT fd=%" FMT_SOCKET_T, + sock); } else { Curl_pollset_set_in_only(data, ps, sock); - CURL_TRC_CF(data, cf, "adjust_pollset, POLLIN fd=%" - CURL_FORMAT_SOCKET_T, sock); + CURL_TRC_CF(data, cf, "adjust_pollset, POLLIN fd=%" FMT_SOCKET_T, + sock); } } } @@ -901,7 +901,9 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, CURLcode result = CURLE_OK; struct dynbuf build; - Curl_dyn_init(&build, 10000); + DEBUGASSERT(certnum < ci->num_of_certs); + + Curl_dyn_init(&build, CURL_X509_STR_MAX); if(Curl_dyn_add(&build, label) || Curl_dyn_addn(&build, ":", 1) || @@ -920,11 +922,16 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, return result; } +/* get 32 bits of random */ CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *entropy, size_t length) { - return Curl_ssl->random(data, entropy, length); + DEBUGASSERT(length == sizeof(int)); + if(Curl_ssl->random) + return Curl_ssl->random(data, entropy, length); + else + return CURLE_NOT_BUILT_IN; } /* @@ -1000,7 +1007,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, (void)data; #endif - /* if a path wasn't specified, don't pin */ + /* if a path was not specified, do not pin */ if(!pinnedpubkey) return CURLE_OK; if(!pubkey || !pubkeylen) @@ -1048,7 +1055,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, end_pos = strstr(begin_pos, ";sha256//"); /* * if there is an end_pos, null terminate, - * otherwise it'll go to the end of the original string + * otherwise it will go to the end of the original string */ if(end_pos) end_pos[0] = '\0'; @@ -1094,7 +1101,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, /* * if the size of our certificate is bigger than the file - * size then it can't match + * size then it cannot match */ size = curlx_sotouz((curl_off_t) filesize); if(pubkeylen > size) @@ -1112,7 +1119,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, if((int) fread(buf, size, 1, fp) != 1) break; - /* If the sizes are the same, it can't be base64 encoded, must be der */ + /* If the sizes are the same, it cannot be base64 encoded, must be der */ if(pubkeylen == size) { if(!memcmp(pubkey, buf, pubkeylen)) result = CURLE_OK; @@ -1120,18 +1127,18 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, } /* - * Otherwise we will assume it's PEM and try to decode it + * Otherwise we will assume it is PEM and try to decode it * after placing null terminator */ buf[size] = '\0'; pem_read = pubkey_pem_to_der((const char *)buf, &pem_ptr, &pem_len); - /* if it wasn't read successfully, exit */ + /* if it was not read successfully, exit */ if(pem_read) break; /* - * if the size of our certificate doesn't match the size of - * the decoded file, they can't be the same, otherwise compare + * if the size of our certificate does not match the size of + * the decoded file, they cannot be the same, otherwise compare */ if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen)) result = CURLE_OK; @@ -1173,12 +1180,18 @@ int Curl_none_init(void) void Curl_none_cleanup(void) { } -int Curl_none_shutdown(struct Curl_cfilter *cf UNUSED_PARAM, - struct Curl_easy *data UNUSED_PARAM) +CURLcode Curl_none_shutdown(struct Curl_cfilter *cf UNUSED_PARAM, + struct Curl_easy *data UNUSED_PARAM, + bool send_shutdown UNUSED_PARAM, + bool *done) { (void)data; (void)cf; - return 0; + (void)send_shutdown; + /* Every SSL backend should have a shutdown implementation. Until we + * have implemented that, we put this fake in place. */ + *done = TRUE; + return CURLE_OK; } int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -1188,16 +1201,6 @@ int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data) return -1; } -CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM, - unsigned char *entropy UNUSED_PARAM, - size_t length UNUSED_PARAM) -{ - (void)data; - (void)entropy; - (void)length; - return CURLE_NOT_BUILT_IN; -} - void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM) { (void)data; @@ -1324,7 +1327,7 @@ static const struct Curl_ssl Curl_ssl_multi = { Curl_none_check_cxn, /* check_cxn */ Curl_none_shutdown, /* shutdown */ Curl_none_data_pending, /* data_pending */ - Curl_none_random, /* random */ + NULL, /* random */ Curl_none_cert_status_request, /* cert_status_request */ multissl_connect, /* connect */ multissl_connect_nonblocking, /* connect_nonblocking */ @@ -1339,9 +1342,9 @@ static const struct Curl_ssl Curl_ssl_multi = { NULL, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ multissl_recv_plain, /* recv decrypted data */ multissl_send_plain, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; const struct Curl_ssl *Curl_ssl = @@ -1349,8 +1352,6 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_multi; #elif defined(USE_WOLFSSL) &Curl_ssl_wolfssl; -#elif defined(USE_SECTRANSP) - &Curl_ssl_sectransp; #elif defined(USE_GNUTLS) &Curl_ssl_gnutls; #elif defined(USE_MBEDTLS) @@ -1359,6 +1360,8 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_rustls; #elif defined(USE_OPENSSL) &Curl_ssl_openssl; +#elif defined(USE_SECTRANSP) + &Curl_ssl_sectransp; #elif defined(USE_SCHANNEL) &Curl_ssl_schannel; #elif defined(USE_BEARSSL) @@ -1371,9 +1374,6 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_WOLFSSL) &Curl_ssl_wolfssl, #endif -#if defined(USE_SECTRANSP) - &Curl_ssl_sectransp, -#endif #if defined(USE_GNUTLS) &Curl_ssl_gnutls, #endif @@ -1383,6 +1383,9 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_OPENSSL) &Curl_ssl_openssl, #endif +#if defined(USE_SECTRANSP) + &Curl_ssl_sectransp, +#endif #if defined(USE_SCHANNEL) &Curl_ssl_schannel, #endif @@ -1395,6 +1398,19 @@ static const struct Curl_ssl *available_backends[] = { NULL }; +/* Global cleanup */ +void Curl_ssl_cleanup(void) +{ + if(init_ssl) { + /* only cleanup if we did a previous init */ + Curl_ssl->cleanup(); +#if defined(CURL_WITH_MULTI_SSL) + Curl_ssl = &Curl_ssl_multi; +#endif + init_ssl = FALSE; + } +} + static size_t multissl_version(char *buffer, size_t size) { static const struct Curl_ssl *selected; @@ -1562,69 +1578,70 @@ CURLcode Curl_ssl_peer_init(struct ssl_peer *peer, struct Curl_cfilter *cf, int transport) { const char *ehostname, *edispname; - int eport; + CURLcode result = CURLE_OUT_OF_MEMORY; - /* We need the hostname for SNI negotiation. Once handshaked, this - * remains the SNI hostname for the TLS connection. But when the - * connection is reused, the settings in cf->conn might change. - * So we keep a copy of the hostname we use for SNI. + /* We expect a clean struct, e.g. called only ONCE */ + DEBUGASSERT(peer); + DEBUGASSERT(!peer->hostname); + DEBUGASSERT(!peer->dispname); + DEBUGASSERT(!peer->sni); + /* We need the hostname for SNI negotiation. Once handshaked, this remains + * the SNI hostname for the TLS connection. When the connection is reused, + * the settings in cf->conn might change. We keep a copy of the hostname we + * use for SNI. */ + peer->transport = transport; #ifndef CURL_DISABLE_PROXY if(Curl_ssl_cf_is_proxy(cf)) { ehostname = cf->conn->http_proxy.host.name; edispname = cf->conn->http_proxy.host.dispname; - eport = cf->conn->http_proxy.port; + peer->port = cf->conn->http_proxy.port; } else #endif { ehostname = cf->conn->host.name; edispname = cf->conn->host.dispname; - eport = cf->conn->remote_port; + peer->port = cf->conn->remote_port; } - /* change if ehostname changed */ - DEBUGASSERT(!ehostname || ehostname[0]); - if(ehostname && (!peer->hostname - || strcmp(ehostname, peer->hostname))) { - Curl_ssl_peer_cleanup(peer); - peer->hostname = strdup(ehostname); - if(!peer->hostname) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - if(!edispname || !strcmp(ehostname, edispname)) - peer->dispname = peer->hostname; - else { - peer->dispname = strdup(edispname); - if(!peer->dispname) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - } + /* hostname MUST exist and not be empty */ + if(!ehostname || !ehostname[0]) { + result = CURLE_FAILED_INIT; + goto out; + } - peer->type = get_peer_type(peer->hostname); - if(peer->type == CURL_SSL_PEER_DNS && peer->hostname[0]) { - /* not an IP address, normalize according to RCC 6066 ch. 3, - * max len of SNI is 2^16-1, no trailing dot */ - size_t len = strlen(peer->hostname); - if(len && (peer->hostname[len-1] == '.')) - len--; - if(len < USHRT_MAX) { - peer->sni = calloc(1, len + 1); - if(!peer->sni) { - Curl_ssl_peer_cleanup(peer); - return CURLE_OUT_OF_MEMORY; - } - Curl_strntolower(peer->sni, peer->hostname, len); - peer->sni[len] = 0; - } + peer->hostname = strdup(ehostname); + if(!peer->hostname) + goto out; + if(!edispname || !strcmp(ehostname, edispname)) + peer->dispname = peer->hostname; + else { + peer->dispname = strdup(edispname); + if(!peer->dispname) + goto out; + } + peer->type = get_peer_type(peer->hostname); + if(peer->type == CURL_SSL_PEER_DNS) { + /* not an IP address, normalize according to RCC 6066 ch. 3, + * max len of SNI is 2^16-1, no trailing dot */ + size_t len = strlen(peer->hostname); + if(len && (peer->hostname[len-1] == '.')) + len--; + if(len < USHRT_MAX) { + peer->sni = calloc(1, len + 1); + if(!peer->sni) + goto out; + Curl_strntolower(peer->sni, peer->hostname, len); + peer->sni[len] = 0; } - } - peer->port = eport; - peer->transport = transport; - return CURLE_OK; + result = CURLE_OK; + +out: + if(result) + Curl_ssl_peer_cleanup(peer); + return result; } static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -1663,22 +1680,29 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf, return CURLE_OK; } + if(!cf->next) { + *done = FALSE; + return CURLE_FAILED_INIT; + } + + if(!cf->next->connected) { + result = cf->next->cft->do_connect(cf->next, data, blocking, done); + if(result || !*done) + return result; + } + CF_DATA_SAVE(save, cf, data); CURL_TRC_CF(data, cf, "cf_connect()"); - (void)connssl; DEBUGASSERT(data->conn); DEBUGASSERT(data->conn == cf->conn); DEBUGASSERT(connssl); - DEBUGASSERT(cf->conn->host.name); - - result = cf->next->cft->do_connect(cf->next, data, blocking, done); - if(result || !*done) - goto out; *done = FALSE; - result = Curl_ssl_peer_init(&connssl->peer, cf, TRNSPRT_TCP); - if(result) - goto out; + if(!connssl->peer.hostname) { + result = Curl_ssl_peer_init(&connssl->peer, cf, TRNSPRT_TCP); + if(result) + goto out; + } if(blocking) { result = ssl_connect(cf, data); @@ -1716,11 +1740,12 @@ static bool ssl_cf_data_pending(struct Curl_cfilter *cf, static ssize_t ssl_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, - CURLcode *err) + bool eos, CURLcode *err) { struct cf_call_data save; ssize_t nwritten; + (void)eos; /* unused */ CF_DATA_SAVE(save, cf, data); *err = CURLE_OK; nwritten = Curl_ssl->send_plain(cf, data, buf, len, err); @@ -1751,17 +1776,34 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf, return nread; } -static void ssl_cf_adjust_pollset(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct easy_pollset *ps) +static CURLcode ssl_cf_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool *done) { - struct cf_call_data save; + CURLcode result = CURLE_OK; + + *done = TRUE; + if(!cf->shutdown) { + struct cf_call_data save; - if(!cf->connected) { CF_DATA_SAVE(save, cf, data); - Curl_ssl->adjust_pollset(cf, data, ps); + result = Curl_ssl->shut_down(cf, data, TRUE, done); + CURL_TRC_CF(data, cf, "cf_shutdown -> %d, done=%d", result, *done); CF_DATA_RESTORE(cf, save); + cf->shutdown = (result || *done); } + return result; +} + +static void ssl_cf_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) +{ + struct cf_call_data save; + + CF_DATA_SAVE(save, cf, data); + Curl_ssl->adjust_pollset(cf, data, ps); + CF_DATA_RESTORE(cf, save); } static CURLcode ssl_cf_cntrl(struct Curl_cfilter *cf, @@ -1851,6 +1893,7 @@ struct Curl_cftype Curl_cft_ssl = { ssl_cf_destroy, ssl_cf_connect, ssl_cf_close, + ssl_cf_shutdown, Curl_cf_def_get_host, ssl_cf_adjust_pollset, ssl_cf_data_pending, @@ -1871,6 +1914,7 @@ struct Curl_cftype Curl_cft_ssl_proxy = { ssl_cf_destroy, ssl_cf_connect, ssl_cf_close, + ssl_cf_shutdown, Curl_cf_def_get_host, ssl_cf_adjust_pollset, ssl_cf_data_pending, @@ -1982,10 +2026,10 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at, #endif /* !CURL_DISABLE_PROXY */ -bool Curl_ssl_supports(struct Curl_easy *data, int option) +bool Curl_ssl_supports(struct Curl_easy *data, unsigned int ssl_option) { (void)data; - return (Curl_ssl->supports & option)? TRUE : FALSE; + return (Curl_ssl->supports & ssl_option)? TRUE : FALSE; } static struct Curl_cfilter *get_ssl_filter(struct Curl_cfilter *cf) @@ -2021,19 +2065,77 @@ void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex, return result; } +static CURLcode vtls_shutdown_blocking(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct cf_call_data save; + CURLcode result = CURLE_OK; + timediff_t timeout_ms; + int what, loop = 10; + + if(cf->shutdown) { + *done = TRUE; + return CURLE_OK; + } + CF_DATA_SAVE(save, cf, data); + + *done = FALSE; + while(!result && !*done && loop--) { + timeout_ms = Curl_shutdown_timeleft(cf->conn, cf->sockindex, NULL); + + if(timeout_ms < 0) { + /* no need to continue if time is already up */ + failf(data, "SSL shutdown timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + + result = Curl_ssl->shut_down(cf, data, send_shutdown, done); + if(result ||*done) + goto out; + + if(connssl->io_need) { + what = Curl_conn_cf_poll(cf, data, timeout_ms); + if(what < 0) { + /* fatal error */ + failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); + result = CURLE_RECV_ERROR; + goto out; + } + else if(0 == what) { + /* timeout */ + failf(data, "SSL shutdown timeout"); + result = CURLE_OPERATION_TIMEDOUT; + goto out; + } + /* socket is readable or writable */ + } + } +out: + CF_DATA_RESTORE(cf, save); + cf->shutdown = (result || *done); + return result; +} + CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data, - int sockindex) + int sockindex, bool send_shutdown) { struct Curl_cfilter *cf, *head; CURLcode result = CURLE_OK; - (void)data; head = data->conn? data->conn->cfilter[sockindex] : NULL; for(cf = head; cf; cf = cf->next) { if(cf->cft == &Curl_cft_ssl) { - if(Curl_ssl->shut_down(cf, data)) + bool done; + CURL_TRC_CF(data, cf, "shutdown and remove SSL, start"); + Curl_shutdown_start(data, sockindex, NULL); + result = vtls_shutdown_blocking(cf, data, send_shutdown, &done); + Curl_shutdown_clear(data, sockindex); + if(!result && !done) /* blocking failed? */ result = CURLE_SSL_SHUTDOWN_FAILED; Curl_conn_cf_discard_sub(head, cf, data, FALSE); + CURL_TRC_CF(data, cf, "shutdown and remove SSL, done -> %d", result); break; } } @@ -2118,7 +2220,6 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, const unsigned char *proto, size_t proto_len) { - int can_multi = 0; unsigned char *palpn = #ifndef CURL_DISABLE_PROXY (cf->conn->bits.tunnel_proxy && Curl_ssl_cf_is_proxy(cf))? @@ -2137,14 +2238,12 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, else if(proto_len == ALPN_H2_LENGTH && !memcmp(ALPN_H2, proto, ALPN_H2_LENGTH)) { *palpn = CURL_HTTP_VERSION_2; - can_multi = 1; } #endif #ifdef USE_HTTP3 else if(proto_len == ALPN_H3_LENGTH && !memcmp(ALPN_H3, proto, ALPN_H3_LENGTH)) { *palpn = CURL_HTTP_VERSION_3; - can_multi = 1; } #endif else { @@ -2163,9 +2262,6 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, } out: - if(!Curl_ssl_cf_is_proxy(cf)) - Curl_multiuse_state(data, can_multi? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); return CURLE_OK; } diff --git a/vendor/hydra/vendor/curl/lib/vtls/vtls.h b/vendor/hydra/vendor/curl/lib/vtls/vtls.h index c40ff262..fce1e001 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/vtls.h +++ b/vendor/hydra/vendor/curl/lib/vtls/vtls.h @@ -38,6 +38,8 @@ struct Curl_ssl_session; #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */ #define SSLSUPP_CAINFO_BLOB (1<<6) #define SSLSUPP_ECH (1<<7) +#define SSLSUPP_CA_CACHE (1<<8) +#define SSLSUPP_CIPHER_LIST (1<<9) /* supports TLS 1.0-1.2 ciphersuites */ #define ALPN_ACCEPTED "ALPN: server accepted " @@ -52,7 +54,6 @@ struct Curl_ssl_session; /* Curl_multi SSL backend-specific data; declared differently by each SSL backend */ -struct multi_ssl_backend_data; struct Curl_cfilter; CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name, @@ -92,7 +93,7 @@ CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, void Curl_ssl_conn_config_cleanup(struct connectdata *conn); /** - * Return TRUE iff SSL configuration from `conn` is functionally the + * Return TRUE iff SSL configuration from `data` is functionally the * same as the one on `candidate`. * @param proxy match the proxy SSL config or the main one */ @@ -131,6 +132,7 @@ CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t); void Curl_ssl_version(char *buffer, size_t size); /* Certificate information list handling. */ +#define CURL_X509_STR_MAX 100000 void Curl_ssl_free_certinfo(struct Curl_easy *data); CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num); @@ -181,7 +183,24 @@ bool Curl_ssl_cert_status_request(void); bool Curl_ssl_false_start(struct Curl_easy *data); -void Curl_free_multi_ssl_backend_data(struct multi_ssl_backend_data *mbackend); +/* The maximum size of the SSL channel binding is 85 bytes, as defined in + * RFC 5929, Section 4.1. The 'tls-server-end-point:' prefix is 21 bytes long, + * and SHA-512 is the longest supported hash algorithm, with a digest length of + * 64 bytes. + * The maximum size of the channel binding is therefore 21 + 64 = 85 bytes. + */ +#define SSL_CB_MAX_SIZE 85 + +/* Return the tls-server-end-point channel binding, including the + * 'tls-server-end-point:' prefix. + * If successful, the data is written to the dynbuf, and CURLE_OK is returned. + * The dynbuf MUST HAVE a minimum toobig size of SSL_CB_MAX_SIZE. + * If the dynbuf is too small, CURLE_OUT_OF_MEMORY is returned. + * If channel binding is not supported, binding stays empty and CURLE_OK is + * returned. + */ +CURLcode Curl_ssl_get_channel_binding(struct Curl_easy *data, int sockindex, + struct dynbuf *binding); #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */ @@ -193,7 +212,7 @@ CURLcode Curl_cf_ssl_insert_after(struct Curl_cfilter *cf_at, struct Curl_easy *data); CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data, - int sockindex); + int sockindex, bool send_shutdown); #ifndef CURL_DISABLE_PROXY CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at, @@ -205,7 +224,7 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at, * Option is one of the defined SSLSUPP_* values. * `data` maybe NULL for the features of the default implementation. */ -bool Curl_ssl_supports(struct Curl_easy *data, int ssl_option); +bool Curl_ssl_supports(struct Curl_easy *data, unsigned int ssl_option); /** * Get the internal ssl instance (like OpenSSL's SSL*) from the filter @@ -252,7 +271,7 @@ extern struct Curl_cftype Curl_cft_ssl_proxy; #define Curl_ssl_get_internals(a,b,c,d) NULL #define Curl_ssl_supports(a,b) FALSE #define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN -#define Curl_ssl_cfilter_remove(a,b) CURLE_OK +#define Curl_ssl_cfilter_remove(a,b,c) CURLE_OK #define Curl_ssl_cf_get_config(a,b) NULL #define Curl_ssl_cf_get_primary_config(a) NULL #endif diff --git a/vendor/hydra/vendor/curl/lib/vtls/vtls_int.h b/vendor/hydra/vendor/curl/lib/vtls/vtls_int.h index 5259babb..836bfad7 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/vtls_int.h +++ b/vendor/hydra/vendor/curl/lib/vtls/vtls_int.h @@ -64,15 +64,34 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, const unsigned char *proto, size_t proto_len); +/* enum for the nonblocking SSL connection state machine */ +typedef enum { + ssl_connect_1, + ssl_connect_2, + ssl_connect_3, + ssl_connect_done +} ssl_connect_state; + +typedef enum { + ssl_connection_none, + ssl_connection_negotiating, + ssl_connection_complete +} ssl_connection_state; + +#define CURL_SSL_IO_NEED_NONE (0) +#define CURL_SSL_IO_NEED_RECV (1<<0) +#define CURL_SSL_IO_NEED_SEND (1<<1) + /* Information in each SSL cfilter context: cf->ctx */ struct ssl_connect_data { - ssl_connection_state state; - ssl_connect_state connecting_state; struct ssl_peer peer; const struct alpn_spec *alpn; /* ALPN to use or NULL for none */ void *backend; /* vtls backend specific props */ struct cf_call_data call_data; /* data handle used in current call */ struct curltime handshake_done; /* time when handshake finished */ + ssl_connection_state state; + ssl_connect_state connecting_state; + int io_need; /* TLS signals special SEND/RECV needs */ BIT(use_alpn); /* if ALPN shall be used in handshake */ BIT(peer_closed); /* peer has closed connection */ }; @@ -99,8 +118,8 @@ struct Curl_ssl { size_t (*version)(char *buffer, size_t size); int (*check_cxn)(struct Curl_cfilter *cf, struct Curl_easy *data); - int (*shut_down)(struct Curl_cfilter *cf, - struct Curl_easy *data); + CURLcode (*shut_down)(struct Curl_cfilter *cf, struct Curl_easy *data, + bool send_shutdown, bool *done); bool (*data_pending)(struct Curl_cfilter *cf, const struct Curl_easy *data); @@ -115,9 +134,8 @@ struct Curl_ssl { struct Curl_easy *data, bool *done); - /* During handshake, adjust the pollset to include the socket - * for POLLOUT or POLLIN as needed. - * Mandatory. */ + /* During handshake/shutdown, adjust the pollset to include the socket + * for POLLOUT or POLLIN as needed. Mandatory. */ void (*adjust_pollset)(struct Curl_cfilter *cf, struct Curl_easy *data, struct easy_pollset *ps); void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info); @@ -135,13 +153,14 @@ struct Curl_ssl { bool (*attach_data)(struct Curl_cfilter *cf, struct Curl_easy *data); void (*detach_data)(struct Curl_cfilter *cf, struct Curl_easy *data); - void (*free_multi_ssl_backend_data)(struct multi_ssl_backend_data *mbackend); - ssize_t (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data, char *buf, size_t len, CURLcode *code); ssize_t (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data, const void *mem, size_t len, CURLcode *code); + CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex, + struct dynbuf *binding); + }; extern const struct Curl_ssl *Curl_ssl; @@ -149,10 +168,9 @@ extern const struct Curl_ssl *Curl_ssl; int Curl_none_init(void); void Curl_none_cleanup(void); -int Curl_none_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data); +CURLcode Curl_none_shutdown(struct Curl_cfilter *cf, struct Curl_easy *data, + bool send_shutdown, bool *done); int Curl_none_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data); -CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy, - size_t length); void Curl_none_close_all(struct Curl_easy *data); void Curl_none_session_free(void *ptr); bool Curl_none_data_pending(struct Curl_cfilter *cf, @@ -181,19 +199,22 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, const struct ssl_peer *peer, void **ssl_sessionid, size_t *idsize); /* set 0 if unknown */ -/* add a new session ID + +/* Set a TLS session ID for `peer`. Replaces an existing session ID if + * not already the very same. * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock). + * Call takes ownership of `ssl_sessionid`, using `sessionid_free_cb` + * to deallocate it. Is called in all outcomes, either right away or + * later when the session cache is cleaned up. * Caller must ensure that it has properly shared ownership of this sessionid * object with cache (e.g. incrementing refcount on success) - * Call takes ownership of `ssl_sessionid`, using `sessionid_free_cb` - * to destroy it in case of failure or later removal. */ -CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, - struct Curl_easy *data, - const struct ssl_peer *peer, - void *ssl_sessionid, - size_t idsize, - Curl_ssl_sessionid_dtor *sessionid_free_cb); +CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, + struct Curl_easy *data, + const struct ssl_peer *peer, + void *sessionid, + size_t sessionid_size, + Curl_ssl_sessionid_dtor *sessionid_free_cb); #include "openssl.h" /* OpenSSL versions */ #include "gtls.h" /* GnuTLS versions */ @@ -202,7 +223,7 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, #include "sectransp.h" /* SecureTransport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ #include "bearssl.h" /* BearSSL versions */ -#include "rustls.h" /* rustls versions */ +#include "rustls.h" /* Rustls versions */ #endif /* USE_SSL */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/wolfssl.c b/vendor/hydra/vendor/curl/lib/vtls/wolfssl.c index 2c92f56e..bd7963ec 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/wolfssl.c +++ b/vendor/hydra/vendor/curl/lib/vtls/wolfssl.c @@ -36,6 +36,10 @@ #include #include +#if LIBWOLFSSL_VERSION_HEX < 0x03004006 /* wolfSSL 3.4.6 (2015) */ +#error "wolfSSL version should be at least 3.4.6" +#endif + /* To determine what functions are available we rely on one or both of: - the user's options.h generated by wolfSSL - the symbols detected by curl's configure @@ -99,17 +103,11 @@ #undef USE_BIO_CHAIN #endif -struct wolfssl_ssl_backend_data { - WOLFSSL_CTX *ctx; - WOLFSSL *handle; - CURLcode io_result; /* result of last BIO cfilter operation */ -}; - #ifdef OPENSSL_EXTRA /* * Availability note: * The TLS 1.3 secret callback (wolfSSL_set_tls13_secret_cb) was added in - * WolfSSL 4.4.0, but requires the -DHAVE_SECRET_CALLBACK build option. If that + * wolfSSL 4.4.0, but requires the -DHAVE_SECRET_CALLBACK build option. If that * option is not set, then TLS 1.3 will not be logged. * For TLS 1.2 and before, we use wolfSSL_get_keys(). * SSL_get_client_random and wolfSSL_get_keys require OPENSSL_EXTRA @@ -207,7 +205,7 @@ wolfssl_log_tls12_secret(SSL *ssl) } #endif /* OPENSSL_EXTRA */ -static int do_file_type(const char *type) +static int wolfssl_do_file_type(const char *type) { if(!type || !type[0]) return SSL_FILETYPE_PEM; @@ -218,7 +216,7 @@ static int do_file_type(const char *type) return -1; } -#ifdef HAVE_LIBOQS +#ifdef WOLFSSL_HAVE_KYBER struct group_name_map { const word16 group; const char *name; @@ -290,20 +288,35 @@ static int wolfssl_bio_cf_out_write(WOLFSSL_BIO *bio, { struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio); struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; struct Curl_easy *data = CF_DATA_CURRENT(cf); - ssize_t nwritten; + ssize_t nwritten, skiplen = 0; CURLcode result = CURLE_OK; DEBUGASSERT(data); - nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result); + if(backend->shutting_down && backend->io_send_blocked_len && + (backend->io_send_blocked_len < blen)) { + /* bug in wolfSSL: + * It adds the close notify message again every time we retry + * sending during shutdown. */ + CURL_TRC_CF(data, cf, "bio_write, shutdown restrict send of %d" + " to %d bytes", blen, backend->io_send_blocked_len); + skiplen = (ssize_t)(blen - backend->io_send_blocked_len); + blen = backend->io_send_blocked_len; + } + nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, FALSE, &result); backend->io_result = result; CURL_TRC_CF(data, cf, "bio_write(len=%d) -> %zd, %d", blen, nwritten, result); wolfSSL_BIO_clear_retry_flags(bio); - if(nwritten < 0 && CURLE_AGAIN == result) + if(nwritten < 0 && CURLE_AGAIN == result) { BIO_set_retry_write(bio); + if(backend->shutting_down && !backend->io_send_blocked_len) + backend->io_send_blocked_len = blen; + } + else if(!result && skiplen) + nwritten += skiplen; return (int)nwritten; } @@ -311,8 +324,8 @@ static int wolfssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen) { struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio); struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; struct Curl_easy *data = CF_DATA_CURRENT(cf); ssize_t nread; CURLcode result = CURLE_OK; @@ -357,6 +370,335 @@ static void wolfssl_bio_cf_free_methods(void) #endif /* !USE_BIO_CHAIN */ +static CURLcode populate_x509_store(struct Curl_cfilter *cf, + struct Curl_easy *data, + X509_STORE *store, + struct wolfssl_ctx *wssl) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; + const char * const ssl_cafile = + /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ + (ca_info_blob ? NULL : conn_config->CAfile); + const char * const ssl_capath = conn_config->CApath; + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + bool imported_native_ca = false; + +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SYS_CA_CERTS) + /* load native CA certificates */ + if(ssl_config->native_ca_store) { + if(wolfSSL_CTX_load_system_CA_certs(wssl->ctx) != WOLFSSL_SUCCESS) { + infof(data, "error importing native CA store, continuing anyway"); + } + else { + imported_native_ca = true; + infof(data, "successfully imported native CA store"); + wssl->x509_store_setup = TRUE; + } + } +#endif /* !NO_FILESYSTEM */ + + /* load certificate blob */ + if(ca_info_blob) { + if(wolfSSL_CTX_load_verify_buffer(wssl->ctx, ca_info_blob->data, + (long)ca_info_blob->len, + SSL_FILETYPE_PEM) != SSL_SUCCESS) { + if(imported_native_ca) { + infof(data, "error importing CA certificate blob, continuing anyway"); + } + else { + failf(data, "error importing CA certificate blob"); + return CURLE_SSL_CACERT_BADFILE; + } + } + else { + infof(data, "successfully imported CA certificate blob"); + wssl->x509_store_setup = TRUE; + } + } + +#ifndef NO_FILESYSTEM + /* load trusted cacert from file if not blob */ + + CURL_TRC_CF(data, cf, "populate_x509_store, path=%s, blob=%d", + ssl_cafile? ssl_cafile : "none", !!ca_info_blob); + if(!store) + return CURLE_OUT_OF_MEMORY; + + if((ssl_cafile || ssl_capath) && (!wssl->x509_store_setup)) { + int rc = + wolfSSL_CTX_load_verify_locations_ex(wssl->ctx, + ssl_cafile, + ssl_capath, + WOLFSSL_LOAD_FLAG_IGNORE_ERR); + if(SSL_SUCCESS != rc) { + if(conn_config->verifypeer) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "error setting certificate verify locations," + " continuing anyway:"); + } + } + else { + /* Everything is fine. */ + infof(data, "successfully set certificate verify locations:"); + } + infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); + } +#endif + (void)store; + wssl->x509_store_setup = TRUE; + return CURLE_OK; +} + +/* key to use at `multi->proto_hash` */ +#define MPROTO_WSSL_X509_KEY "tls:wssl:x509:share" + +struct wssl_x509_share { + char *CAfile; /* CAfile path used to generate X509 store */ + WOLFSSL_X509_STORE *store; /* cached X509 store or NULL if none */ + struct curltime time; /* when the cached store was created */ +}; + +static void wssl_x509_share_free(void *key, size_t key_len, void *p) +{ + struct wssl_x509_share *share = p; + DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY)-1)); + DEBUGASSERT(!memcmp(MPROTO_WSSL_X509_KEY, key, key_len)); + (void)key; + (void)key_len; + if(share->store) { + wolfSSL_X509_STORE_free(share->store); + } + free(share->CAfile); + free(share); +} + +static bool +cached_x509_store_expired(const struct Curl_easy *data, + const struct wssl_x509_share *mb) +{ + const struct ssl_general_config *cfg = &data->set.general_ssl; + struct curltime now = Curl_now(); + timediff_t elapsed_ms = Curl_timediff(now, mb->time); + timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; + + if(timeout_ms < 0) + return false; + + return elapsed_ms >= timeout_ms; +} + +static bool +cached_x509_store_different(struct Curl_cfilter *cf, + const struct wssl_x509_share *mb) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!mb->CAfile || !conn_config->CAfile) + return mb->CAfile != conn_config->CAfile; + + return strcmp(mb->CAfile, conn_config->CAfile); +} + +static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, + const struct Curl_easy *data) +{ + struct Curl_multi *multi = data->multi; + struct wssl_x509_share *share; + WOLFSSL_X509_STORE *store = NULL; + + DEBUGASSERT(multi); + share = multi? Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_WSSL_X509_KEY, + sizeof(MPROTO_WSSL_X509_KEY)-1) : NULL; + if(share && share->store && + !cached_x509_store_expired(data, share) && + !cached_x509_store_different(cf, share)) { + store = share->store; + } + + return store; +} + +static void set_cached_x509_store(struct Curl_cfilter *cf, + const struct Curl_easy *data, + X509_STORE *store) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct Curl_multi *multi = data->multi; + struct wssl_x509_share *share; + + DEBUGASSERT(multi); + if(!multi) + return; + share = Curl_hash_pick(&multi->proto_hash, + (void *)MPROTO_WSSL_X509_KEY, + sizeof(MPROTO_WSSL_X509_KEY)-1); + + if(!share) { + share = calloc(1, sizeof(*share)); + if(!share) + return; + if(!Curl_hash_add2(&multi->proto_hash, + (void *)MPROTO_WSSL_X509_KEY, + sizeof(MPROTO_WSSL_X509_KEY)-1, + share, wssl_x509_share_free)) { + free(share); + return; + } + } + + if(wolfSSL_X509_STORE_up_ref(store)) { + char *CAfile = NULL; + + if(conn_config->CAfile) { + CAfile = strdup(conn_config->CAfile); + if(!CAfile) { + X509_STORE_free(store); + return; + } + } + + if(share->store) { + X509_STORE_free(share->store); + free(share->CAfile); + } + + share->time = Curl_now(); + share->store = store; + share->CAfile = CAfile; + } +} + +CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct wolfssl_ctx *wssl) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + CURLcode result = CURLE_OK; + WOLFSSL_X509_STORE *cached_store; + bool cache_criteria_met; + + /* Consider the X509 store cacheable if it comes exclusively from a CAfile, + or no source is provided and we are falling back to wolfSSL's built-in + default. */ + cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) && + conn_config->verifypeer && + !conn_config->CApath && + !conn_config->ca_info_blob && + !ssl_config->primary.CRLfile && + !ssl_config->native_ca_store; + + cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL; + if(cached_store && wolfSSL_CTX_get_cert_store(wssl->ctx) == cached_store) { + /* The cached store is already in use, do nothing. */ + } + else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) { + wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store); + } + else if(cache_criteria_met) { + /* wolfSSL's initial store in CTX is not shareable by default. + * Make a new one, suitable for adding to the cache. See #14278 */ + X509_STORE *store = wolfSSL_X509_STORE_new(); + if(!store) { + failf(data, "SSL: could not create a X509 store"); + return CURLE_OUT_OF_MEMORY; + } + wolfSSL_CTX_set_cert_store(wssl->ctx, store); + + result = populate_x509_store(cf, data, store, wssl); + if(!result) { + set_cached_x509_store(cf, data, store); + } + } + else { + /* We never share the CTX's store, use it. */ + X509_STORE *store = wolfSSL_CTX_get_cert_store(wssl->ctx); + result = populate_x509_store(cf, data, store, wssl); + } + + return result; +} + +#ifdef WOLFSSL_TLS13 +static size_t +wssl_get_default_ciphers(bool tls13, char *buf, size_t size) +{ + size_t len = 0; + char *term = buf; + int i; + char *str; + size_t n; + + for(i = 0; (str = wolfSSL_get_cipher_list(i)); i++) { + if((strncmp(str, "TLS13", 5) == 0) != tls13) + continue; + + n = strlen(str); + if(buf && len + n + 1 <= size) { + memcpy(buf + len, str, n); + term = buf + len + n; + *term = ':'; + } + len += n + 1; + } + + if(buf) + *term = '\0'; + + return len > 0 ? len - 1 : 0; +} +#endif + +#if LIBWOLFSSL_VERSION_HEX < 0x04002000 /* 4.2.0 (2019) */ +static int +wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) +{ + int res; + switch(version) { + default: + case TLS1_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1); + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_1_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_1); + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_2_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_2); +#ifdef WOLFSSL_TLS13 + if(res == WOLFSSL_SUCCESS) + return res; + FALLTHROUGH(); + case TLS1_3_VERSION: + res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3); +#endif + } + return res; +} +static int +wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) +{ + (void) ctx, (void) version; + return WOLFSSL_NOT_IMPLEMENTED; +} +#define wolfSSL_CTX_set_min_proto_version wssl_legacy_CTX_set_min_proto_version +#define wolfSSL_CTX_set_max_proto_version wssl_legacy_CTX_set_max_proto_version +#endif + /* * This function loads all the client/CA certificates and CRLs. Setup the TLS * layer and do all necessary magic. @@ -364,136 +706,98 @@ static void wolfssl_bio_cf_free_methods(void) static CURLcode wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) { + int res; char *ciphers, *curves; struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; const struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); - const char * const ssl_cafile = - /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ - (ca_info_blob ? NULL : conn_config->CAfile); - const char * const ssl_capath = conn_config->CApath; WOLFSSL_METHOD* req_method = NULL; -#ifdef HAVE_LIBOQS - word16 oqsAlg = 0; +#ifdef WOLFSSL_HAVE_KYBER + word16 pqkem = 0; size_t idx = 0; #endif -#ifdef HAVE_SNI - bool sni = FALSE; -#define use_sni(x) sni = (x) -#else -#define use_sni(x) Curl_nop_stmt -#endif - bool imported_native_ca = false; - bool imported_ca_info_blob = false; DEBUGASSERT(backend); if(connssl->state == ssl_connection_complete) return CURLE_OK; - if(conn_config->version_max != CURL_SSLVERSION_MAX_NONE) { - failf(data, "wolfSSL does not support to set maximum SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; +#if LIBWOLFSSL_VERSION_HEX < 0x04002000 /* 4.2.0 (2019) */ + req_method = wolfSSLv23_client_method(); +#else + req_method = wolfTLS_client_method(); +#endif + if(!req_method) { + failf(data, "wolfSSL: could not create a client method"); + return CURLE_OUT_OF_MEMORY; + } + + if(backend->ctx) + wolfSSL_CTX_free(backend->ctx); + + backend->ctx = wolfSSL_CTX_new(req_method); + if(!backend->ctx) { + failf(data, "wolfSSL: could not create a context"); + return CURLE_OUT_OF_MEMORY; } - /* check to see if we've been told to use an explicit SSL/TLS version */ switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: -#if LIBWOLFSSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ - /* minimum protocol version is set later after the CTX object is created */ - req_method = SSLv23_client_method(); -#else - infof(data, "wolfSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " - "TLS 1.0 is used exclusively"); - req_method = TLSv1_client_method(); -#endif - use_sni(TRUE); - break; case CURL_SSLVERSION_TLSv1_0: -#if defined(WOLFSSL_ALLOW_TLSV10) && !defined(NO_OLD_TLS) - req_method = TLSv1_client_method(); - use_sni(TRUE); + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_VERSION); break; -#else - failf(data, "wolfSSL does not support TLS 1.0"); - return CURLE_NOT_BUILT_IN; -#endif case CURL_SSLVERSION_TLSv1_1: -#ifndef NO_OLD_TLS - req_method = TLSv1_1_client_method(); - use_sni(TRUE); -#else - failf(data, "wolfSSL does not support TLS 1.1"); - return CURLE_NOT_BUILT_IN; -#endif + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_1_VERSION); break; case CURL_SSLVERSION_TLSv1_2: -#ifndef WOLFSSL_NO_TLS12 - req_method = TLSv1_2_client_method(); - use_sni(TRUE); -#else - failf(data, "wolfSSL does not support TLS 1.2"); - return CURLE_NOT_BUILT_IN; -#endif + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_2_VERSION); break; - case CURL_SSLVERSION_TLSv1_3: #ifdef WOLFSSL_TLS13 - req_method = wolfTLSv1_3_client_method(); - use_sni(TRUE); + case CURL_SSLVERSION_TLSv1_3: + res = wolfSSL_CTX_set_min_proto_version(backend->ctx, TLS1_3_VERSION); break; -#else - failf(data, "wolfSSL: TLS 1.3 is not yet supported"); - return CURLE_SSL_CONNECT_ERROR; #endif default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + failf(data, "wolfSSL: unsupported minimum TLS version value"); return CURLE_SSL_CONNECT_ERROR; } - - if(!req_method) { - failf(data, "SSL: couldn't create a method"); - return CURLE_OUT_OF_MEMORY; - } - - if(backend->ctx) - wolfSSL_CTX_free(backend->ctx); - backend->ctx = wolfSSL_CTX_new(req_method); - - if(!backend->ctx) { - failf(data, "SSL: couldn't create a context"); - return CURLE_OUT_OF_MEMORY; + if(res != WOLFSSL_SUCCESS) { + failf(data, "wolfSSL: failed set the minimum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } - switch(conn_config->version) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if LIBWOLFSSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */ - /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is - * whatever minimum version of TLS was built in and at least TLS 1.0. For - * later library versions that could change (eg TLS 1.0 built in but - * defaults to TLS 1.1) so we have this short circuit evaluation to find - * the minimum supported TLS version. - */ - if((wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1) != 1) && - (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_1) != 1) && - (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_2) != 1) + switch(conn_config->version_max) { #ifdef WOLFSSL_TLS13 - && (wolfSSL_CTX_SetMinVersion(backend->ctx, WOLFSSL_TLSV1_3) != 1) -#endif - ) { - failf(data, "SSL: couldn't set the minimum protocol version"); - return CURLE_SSL_CONNECT_ERROR; - } + case CURL_SSLVERSION_MAX_TLSv1_3: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION); + break; #endif - FALLTHROUGH(); - default: + case CURL_SSLVERSION_MAX_TLSv1_2: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_2_VERSION); + break; + case CURL_SSLVERSION_MAX_TLSv1_1: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_1_VERSION); + break; + case CURL_SSLVERSION_MAX_TLSv1_0: + res = wolfSSL_CTX_set_max_proto_version(backend->ctx, TLS1_VERSION); + break; + case CURL_SSLVERSION_MAX_DEFAULT: + case CURL_SSLVERSION_MAX_NONE: + res = WOLFSSL_SUCCESS; break; + default: + failf(data, "wolfSSL: unsupported maximum TLS version value"); + return CURLE_SSL_CONNECT_ERROR; + } + if(res != WOLFSSL_SUCCESS) { + failf(data, "wolfSSL: failed set the maximum TLS version"); + return CURLE_SSL_CONNECT_ERROR; } +#ifndef WOLFSSL_TLS13 ciphers = conn_config->cipher_list; if(ciphers) { if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { @@ -502,19 +806,57 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } infof(data, "Cipher selection: %s", ciphers); } +#else + if(conn_config->cipher_list || conn_config->cipher_list13) { + const char *ciphers12 = conn_config->cipher_list; + const char *ciphers13 = conn_config->cipher_list13; + + /* Set ciphers to a combination of ciphers_list and ciphers_list13. + * If cipher_list is not set use the default TLSv1.2 (1.1, 1.0) ciphers. + * If cipher_list13 is not set use the default TLSv1.3 ciphers. */ + size_t len13 = ciphers13 ? strlen(ciphers13) + : wssl_get_default_ciphers(true, NULL, 0); + size_t len12 = ciphers12 ? strlen(ciphers12) + : wssl_get_default_ciphers(false, NULL, 0); + + ciphers = malloc(len13 + 1 + len12 + 1); + if(!ciphers) + return CURLE_OUT_OF_MEMORY; + + if(ciphers13) + memcpy(ciphers, ciphers13, len13); + else + wssl_get_default_ciphers(true, ciphers, len13 + 1); + ciphers[len13] = ':'; + + if(ciphers12) + memcpy(ciphers + len13 + 1, ciphers12, len12); + else + wssl_get_default_ciphers(false, ciphers + len13 + 1, len12 + 1); + ciphers[len13 + 1 + len12] = '\0'; + + if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + free(ciphers); + return CURLE_SSL_CIPHER; + } + infof(data, "Cipher selection: %s", ciphers); + free(ciphers); + } +#endif curves = conn_config->curves; if(curves) { -#ifdef HAVE_LIBOQS +#ifdef WOLFSSL_HAVE_KYBER for(idx = 0; gnm[idx].name != NULL; idx++) { if(strncmp(curves, gnm[idx].name, strlen(gnm[idx].name)) == 0) { - oqsAlg = gnm[idx].group; + pqkem = gnm[idx].group; break; } } - if(oqsAlg == 0) + if(pqkem == 0) #endif { if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { @@ -524,99 +866,89 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } } -#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SYS_CA_CERTS) - /* load native CA certificates */ - if(ssl_config->native_ca_store) { - if(wolfSSL_CTX_load_system_CA_certs(backend->ctx) != WOLFSSL_SUCCESS) { - infof(data, "error importing native CA store, continuing anyway"); - } - else { - imported_native_ca = true; - infof(data, "successfully imported native CA store"); - } - } -#endif /* !NO_FILESYSTEM */ + /* Load the client certificate, and private key */ +#ifndef NO_FILESYSTEM + if(ssl_config->primary.cert_blob || ssl_config->primary.clientcert) { + const char *cert_file = ssl_config->primary.clientcert; + const char *key_file = ssl_config->key; + const struct curl_blob *cert_blob = ssl_config->primary.cert_blob; + const struct curl_blob *key_blob = ssl_config->key_blob; + int file_type = wolfssl_do_file_type(ssl_config->cert_type); + int rc; - /* load certificate blob */ - if(ca_info_blob) { - if(wolfSSL_CTX_load_verify_buffer(backend->ctx, ca_info_blob->data, - ca_info_blob->len, - SSL_FILETYPE_PEM) != SSL_SUCCESS) { - if(imported_native_ca) { - infof(data, "error importing CA certificate blob, continuing anyway"); - } - else { - failf(data, "error importing CA certificate blob"); - return CURLE_SSL_CACERT_BADFILE; - } + switch(file_type) { + case WOLFSSL_FILETYPE_PEM: + rc = cert_blob ? + wolfSSL_CTX_use_certificate_chain_buffer(backend->ctx, + cert_blob->data, + (long)cert_blob->len) : + wolfSSL_CTX_use_certificate_chain_file(backend->ctx, cert_file); + break; + case WOLFSSL_FILETYPE_ASN1: + rc = cert_blob ? + wolfSSL_CTX_use_certificate_buffer(backend->ctx, cert_blob->data, + (long)cert_blob->len, file_type) : + wolfSSL_CTX_use_certificate_file(backend->ctx, cert_file, file_type); + break; + default: + failf(data, "unknown cert type"); + return CURLE_BAD_FUNCTION_ARGUMENT; } - else { - imported_ca_info_blob = true; - infof(data, "successfully imported CA certificate blob"); + if(rc != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; } - } -#ifndef NO_FILESYSTEM - /* load trusted cacert from file if not blob */ - if(ssl_cafile || ssl_capath) { - int rc = - wolfSSL_CTX_load_verify_locations_ex(backend->ctx, - ssl_cafile, - ssl_capath, - WOLFSSL_LOAD_FLAG_IGNORE_ERR); - if(SSL_SUCCESS != rc) { - if(conn_config->verifypeer && !imported_ca_info_blob && - !imported_native_ca) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:" - " CAfile: %s CApath: %s", - ssl_cafile ? ssl_cafile : "none", - ssl_capath ? ssl_capath : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - else { - /* Just continue with a warning if no strict certificate - verification is required. */ - infof(data, "error setting certificate verify locations," - " continuing anyway:"); - } + if(!key_blob && !key_file) { + key_blob = cert_blob; + key_file = cert_file; } - else { - /* Everything is fine. */ - infof(data, "successfully set certificate verify locations:"); + else + file_type = wolfssl_do_file_type(ssl_config->key_type); + + rc = key_blob ? + wolfSSL_CTX_use_PrivateKey_buffer(backend->ctx, key_blob->data, + (long)key_blob->len, file_type) : + wolfSSL_CTX_use_PrivateKey_file(backend->ctx, key_file, file_type); + if(rc != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; } - infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); - infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } +#else /* NO_FILESYSTEM */ + if(ssl_config->primary.cert_blob) { + const struct curl_blob *cert_blob = ssl_config->primary.cert_blob; + const struct curl_blob *key_blob = ssl_config->key_blob; + int file_type = wolfssl_do_file_type(ssl_config->cert_type); + int rc; - /* Load the client certificate, and private key */ - if(ssl_config->primary.clientcert && ssl_config->key) { - int file_type = do_file_type(ssl_config->cert_type); - - if(file_type == WOLFSSL_FILETYPE_PEM) { - if(wolfSSL_CTX_use_certificate_chain_file(backend->ctx, - ssl_config->primary.clientcert) - != 1) { - failf(data, "unable to use client certificate"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else if(file_type == WOLFSSL_FILETYPE_ASN1) { - if(wolfSSL_CTX_use_certificate_file(backend->ctx, - ssl_config->primary.clientcert, - file_type) != 1) { - failf(data, "unable to use client certificate"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else { + switch(file_type) { + case WOLFSSL_FILETYPE_PEM: + rc = wolfSSL_CTX_use_certificate_chain_buffer(backend->ctx, + cert_blob->data, + (long)cert_blob->len); + break; + case WOLFSSL_FILETYPE_ASN1: + rc = wolfSSL_CTX_use_certificate_buffer(backend->ctx, cert_blob->data, + (long)cert_blob->len, file_type); + break; + default: failf(data, "unknown cert type"); return CURLE_BAD_FUNCTION_ARGUMENT; } + if(rc != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; + } + + if(!key_blob) + key_blob = cert_blob; + else + file_type = wolfssl_do_file_type(ssl_config->key_type); - file_type = do_file_type(ssl_config->key_type); - if(wolfSSL_CTX_use_PrivateKey_file(backend->ctx, ssl_config->key, - file_type) != 1) { + if(wolfSSL_CTX_use_PrivateKey_buffer(backend->ctx, key_blob->data, + (long)key_blob->len, + file_type) != 1) { failf(data, "unable to set private key"); return CURLE_SSL_CONNECT_ERROR; } @@ -632,7 +964,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) SSL_VERIFY_NONE, NULL); #ifdef HAVE_SNI - if(sni && connssl->peer.sni) { + if(connssl->peer.sni) { size_t sni_len = strlen(connssl->peer.sni); if((sni_len < USHRT_MAX)) { if(wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, @@ -647,8 +979,14 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { - CURLcode result = (*data->set.ssl.fsslctx)(data, backend->ctx, - data->set.ssl.fsslctxp); + CURLcode result; + if(!backend->x509_store_setup) { + result = Curl_wssl_setup_x509_store(cf, data, backend); + if(result) + return result; + } + result = (*data->set.ssl.fsslctx)(data, backend->ctx, + data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); return result; @@ -656,7 +994,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } #ifdef NO_FILESYSTEM else if(conn_config->verifypeer) { - failf(data, "SSL: Certificates can't be loaded because wolfSSL was built" + failf(data, "SSL: Certificates cannot be loaded because wolfSSL was built" " with \"no filesystem\". Either disable peer verification" " (insecure) or if you are building an application with libcurl you" " can load certificates via CURLOPT_SSL_CTX_FUNCTION."); @@ -669,14 +1007,14 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) wolfSSL_free(backend->handle); backend->handle = wolfSSL_new(backend->ctx); if(!backend->handle) { - failf(data, "SSL: couldn't create a handle"); + failf(data, "SSL: could not create a handle"); return CURLE_OUT_OF_MEMORY; } -#ifdef HAVE_LIBOQS - if(oqsAlg) { - if(wolfSSL_UseKeyShare(backend->handle, oqsAlg) != WOLFSSL_SUCCESS) { - failf(data, "unable to use oqs KEM"); +#ifdef WOLFSSL_HAVE_KYBER + if(pqkem) { + if(wolfSSL_UseKeyShare(backend->handle, pqkem) != WOLFSSL_SUCCESS) { + failf(data, "unable to use PQ KEM"); } } #endif @@ -688,7 +1026,8 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) result = Curl_alpn_to_proto_str(&proto, connssl->alpn); if(result || - wolfSSL_UseALPN(backend->handle, (char *)proto.data, proto.len, + wolfSSL_UseALPN(backend->handle, + (char *)proto.data, (unsigned int)proto.len, WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { failf(data, "SSL: failed setting ALPN protocols"); return CURLE_SSL_CONNECT_ERROR; @@ -715,8 +1054,8 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } #endif /* HAVE_SECURE_RENEGOTIATION */ - /* Check if there's a cached ID we can/should use here! */ - if(ssl_config->primary.sessionid) { + /* Check if there is a cached ID we can/should use here! */ + if(ssl_config->primary.cache_session) { void *ssl_sessionid = NULL; Curl_ssl_sessionid_lock(data); @@ -725,7 +1064,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* we got a session id, use it! */ if(!SSL_set_session(backend->handle, ssl_sessionid)) { Curl_ssl_delsessionid(data, ssl_sessionid); - infof(data, "Can't use session ID, going on without"); + infof(data, "cannot use session ID, going on without"); } else infof(data, "SSL reusing session ID"); @@ -738,7 +1077,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) int trying_ech_now = 0; if(data->set.str[STRING_ECH_PUBLIC]) { - infof(data, "ECH: outername not (yet) supported with WolfSSL"); + infof(data, "ECH: outername not (yet) supported with wolfSSL"); return CURLE_SSL_CONNECT_ERROR; } if(data->set.tls_ech == CURLECH_GREASE) { @@ -796,13 +1135,13 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(data->set.tls_ech & CURLECH_HARD) return CURLE_SSL_CONNECT_ERROR; } - Curl_resolv_unlock(data, dns); + Curl_resolv_unlink(data, &dns); } } if(trying_ech_now && SSL_set_min_proto_version(backend->handle, TLS1_3_VERSION) != 1) { - infof(data, "ECH: Can't force TLSv1.3 [ERROR]"); + infof(data, "ECH: cannot force TLSv1.3 [ERROR]"); return CURLE_SSL_CONNECT_ERROR; } @@ -834,13 +1173,31 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } +static char *wolfssl_strerror(unsigned long error, char *buf, + unsigned long size) +{ + DEBUGASSERT(size > 40); + *buf = '\0'; + + wolfSSL_ERR_error_string_n(error, buf, size); + + if(!*buf) { + const char *msg = error ? "Unknown error" : "No error"; + /* the string fits because the assert above assures this */ + strcpy(buf, msg); + } + + return buf; +} + + static CURLcode wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) { int ret = -1; struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); #ifndef CURL_DISABLE_PROXY const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)? @@ -862,6 +1219,16 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; } + if(!backend->x509_store_setup) { + /* After having send off the ClientHello, we prepare the x509 + * store to verify the coming certificate from the server */ + CURLcode result; + result = Curl_wssl_setup_x509_store(cf, data, backend); + if(result) + return result; + } + + connssl->io_need = CURL_SSL_IO_NEED_NONE; ret = wolfSSL_connect(backend->handle); #ifdef OPENSSL_EXTRA @@ -889,15 +1256,14 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) #endif /* OPENSSL_EXTRA */ if(ret != 1) { - char error_buffer[WOLFSSL_MAX_ERROR_SZ]; - int detail = wolfSSL_get_error(backend->handle, ret); + int detail = wolfSSL_get_error(backend->handle, ret); if(SSL_ERROR_WANT_READ == detail) { - connssl->connecting_state = ssl_connect_2_reading; + connssl->io_need = CURL_SSL_IO_NEED_RECV; return CURLE_OK; } else if(SSL_ERROR_WANT_WRITE == detail) { - connssl->connecting_state = ssl_connect_2_writing; + connssl->io_need = CURL_SSL_IO_NEED_SEND; return CURLE_OK; } /* There is no easy way to override only the CN matching. @@ -929,7 +1295,6 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) } #endif } -#if LIBWOLFSSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ else if(ASN_NO_SIGNER_E == detail) { if(conn_config->verifypeer) { failf(data, " CA signer not available for verification"); @@ -942,7 +1307,14 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) "continuing anyway"); } } -#endif + else if(ASN_AFTER_DATE_E == detail) { + failf(data, "server verification failed: certificate has expired."); + return CURLE_PEER_FAILED_VERIFICATION; + } + else if(ASN_BEFORE_DATE_E == detail) { + failf(data, "server verification failed: certificate not valid yet."); + return CURLE_PEER_FAILED_VERIFICATION; + } #ifdef USE_ECH else if(-1 == detail) { /* try access a retry_config ECHConfigList for tracing */ @@ -950,7 +1322,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) word32 echConfigsLen = 1000; int rv = 0; - /* this currently doesn't produce the retry_configs */ + /* this currently does not produce the retry_configs */ rv = wolfSSL_GetEchConfigs(backend->handle, echConfigs, &echConfigsLen); if(rv != WOLFSSL_SUCCESS) { @@ -972,8 +1344,10 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; } else { + char error_buffer[256]; failf(data, "SSL_connect failed with error %d: %s", detail, - wolfSSL_ERR_error_string(detail, error_buffer)); + wolfssl_strerror((unsigned long)detail, error_buffer, + sizeof(error_buffer))); return CURLE_SSL_CONNECT_ERROR; } } @@ -1070,31 +1444,23 @@ wolfssl_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) { CURLcode result = CURLE_OK; struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; const struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); DEBUGASSERT(backend); - if(ssl_config->primary.sessionid) { + if(ssl_config->primary.cache_session) { /* wolfSSL_get1_session allocates memory that has to be freed. */ WOLFSSL_SESSION *our_ssl_sessionid = wolfSSL_get1_session(backend->handle); if(our_ssl_sessionid) { - void *old_ssl_sessionid = NULL; - bool incache; Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(cf, data, &connssl->peer, - &old_ssl_sessionid, NULL)); - if(incache) { - Curl_ssl_delsessionid(data, old_ssl_sessionid); - } - /* call takes ownership of `our_ssl_sessionid` */ - result = Curl_ssl_addsessionid(cf, data, &connssl->peer, - our_ssl_sessionid, 0, - wolfssl_session_free); + result = Curl_ssl_set_sessionid(cf, data, &connssl->peer, + our_ssl_sessionid, 0, + wolfssl_session_free); Curl_ssl_sessionid_unlock(data); if(result) { failf(data, "failed to store ssl session"); @@ -1116,9 +1482,8 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf, CURLcode *curlcode) { struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; - char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; int rc; @@ -1133,7 +1498,7 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf, switch(err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_write() */ + /* there is data pending, re-invoke SSL_write() */ CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len); *curlcode = CURLE_AGAIN; return -1; @@ -1144,9 +1509,13 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf, return -1; } CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d", len, rc, err); - failf(data, "SSL write: %s, errno %d", - wolfSSL_ERR_error_string(err, error_buffer), - SOCKERRNO); + { + char error_buffer[256]; + failf(data, "SSL write: %s, errno %d", + wolfssl_strerror((unsigned long)err, error_buffer, + sizeof(error_buffer)), + SOCKERRNO); + } *curlcode = CURLE_SEND_ERROR; return -1; } @@ -1155,23 +1524,122 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf, return rc; } +static CURLcode wolfssl_shutdown(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool send_shutdown, bool *done) +{ + struct ssl_connect_data *connssl = cf->ctx; + struct wolfssl_ctx *wctx = (struct wolfssl_ctx *)connssl->backend; + CURLcode result = CURLE_OK; + char buf[1024]; + char error_buffer[256]; + int nread = -1, err; + size_t i; + int detail; + + DEBUGASSERT(wctx); + if(!wctx->handle || cf->shutdown) { + *done = TRUE; + goto out; + } + + wctx->shutting_down = TRUE; + connssl->io_need = CURL_SSL_IO_NEED_NONE; + *done = FALSE; + if(!(wolfSSL_get_shutdown(wctx->handle) & SSL_SENT_SHUTDOWN)) { + /* We have not started the shutdown from our side yet. Check + * if the server already sent us one. */ + ERR_clear_error(); + nread = wolfSSL_read(wctx->handle, buf, (int)sizeof(buf)); + err = wolfSSL_get_error(wctx->handle, nread); + CURL_TRC_CF(data, cf, "wolfSSL_read, nread=%d, err=%d", nread, err); + if(!nread && err == SSL_ERROR_ZERO_RETURN) { + bool input_pending; + /* Yes, it did. */ + if(!send_shutdown) { + CURL_TRC_CF(data, cf, "SSL shutdown received, not sending"); + *done = TRUE; + goto out; + } + else if(!cf->next->cft->is_alive(cf->next, data, &input_pending)) { + /* Server closed the connection after its closy notify. It + * seems not interested to see our close notify, so do not + * send it. We are done. */ + CURL_TRC_CF(data, cf, "peer closed connection"); + connssl->peer_closed = TRUE; + *done = TRUE; + goto out; + } + } + } + + /* SSL should now have started the shutdown from our side. Since it + * was not complete, we are lacking the close notify from the server. */ + if(send_shutdown) { + ERR_clear_error(); + if(wolfSSL_shutdown(wctx->handle) == 1) { + CURL_TRC_CF(data, cf, "SSL shutdown finished"); + *done = TRUE; + goto out; + } + if(SSL_ERROR_WANT_WRITE == wolfSSL_get_error(wctx->handle, nread)) { + CURL_TRC_CF(data, cf, "SSL shutdown still wants to send"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + goto out; + } + /* Having sent the close notify, we use wolfSSL_read() to get the + * missing close notify from the server. */ + } + + for(i = 0; i < 10; ++i) { + ERR_clear_error(); + nread = wolfSSL_read(wctx->handle, buf, (int)sizeof(buf)); + if(nread <= 0) + break; + } + err = wolfSSL_get_error(wctx->handle, nread); + switch(err) { + case SSL_ERROR_ZERO_RETURN: /* no more data */ + CURL_TRC_CF(data, cf, "SSL shutdown received"); + *done = TRUE; + break; + case SSL_ERROR_NONE: /* just did not get anything */ + case SSL_ERROR_WANT_READ: + /* SSL has send its notify and now wants to read the reply + * from the server. We are not really interested in that. */ + CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive"); + connssl->io_need = CURL_SSL_IO_NEED_RECV; + break; + case SSL_ERROR_WANT_WRITE: + CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); + connssl->io_need = CURL_SSL_IO_NEED_SEND; + break; + default: + detail = wolfSSL_get_error(wctx->handle, err); + CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)", + wolfssl_strerror((unsigned long)err, error_buffer, + sizeof(error_buffer)), + detail); + result = CURLE_RECV_ERROR; + break; + } + +out: + cf->shutdown = (result || *done); + return result; +} + static void wolfssl_close(struct Curl_cfilter *cf, struct Curl_easy *data) { struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; (void) data; DEBUGASSERT(backend); if(backend->handle) { - char buf[32]; - /* Maybe the server has already sent a close notify alert. - Read it to avoid an RST on the TCP connection. */ - (void)wolfSSL_read(backend->handle, buf, (int)sizeof(buf)); - if(!connssl->peer_closed) - (void)wolfSSL_shutdown(backend->handle); wolfSSL_free(backend->handle); backend->handle = NULL; } @@ -1187,9 +1655,8 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, CURLcode *curlcode) { struct ssl_connect_data *connssl = cf->ctx; - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; - char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen; int nread; @@ -1211,7 +1678,7 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, case SSL_ERROR_NONE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke wolfSSL_read() */ + /* there is data pending, re-invoke wolfSSL_read() */ CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen); *curlcode = CURLE_AGAIN; return -1; @@ -1221,8 +1688,13 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, *curlcode = CURLE_AGAIN; return -1; } - failf(data, "SSL read: %s, errno %d", - wolfSSL_ERR_error_string(err, error_buffer), SOCKERRNO); + { + char error_buffer[256]; + failf(data, "SSL read: %s, errno %d", + wolfssl_strerror((unsigned long)err, error_buffer, + sizeof(error_buffer)), + SOCKERRNO); + } *curlcode = CURLE_RECV_ERROR; return -1; } @@ -1269,43 +1741,18 @@ static bool wolfssl_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) { struct ssl_connect_data *ctx = cf->ctx; - struct wolfssl_ssl_backend_data *backend; + struct wolfssl_ctx *backend; (void)data; DEBUGASSERT(ctx && ctx->backend); - backend = (struct wolfssl_ssl_backend_data *)ctx->backend; + backend = (struct wolfssl_ctx *)ctx->backend; if(backend->handle) /* SSL is in use */ return (0 != wolfSSL_pending(backend->handle)) ? TRUE : FALSE; else return FALSE; } - -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int wolfssl_shutdown(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct ssl_connect_data *ctx = cf->ctx; - struct wolfssl_ssl_backend_data *backend; - int retval = 0; - - (void)data; - DEBUGASSERT(ctx && ctx->backend); - - backend = (struct wolfssl_ssl_backend_data *)ctx->backend; - if(backend->handle) { - wolfSSL_ERR_clear_error(); - wolfSSL_free(backend->handle); - backend->handle = NULL; - } - return retval; -} - - static CURLcode wolfssl_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -1324,7 +1771,7 @@ wolfssl_connect_common(struct Curl_cfilter *cf, } if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ + /* Find out how much more time we are allowed */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { @@ -1338,9 +1785,7 @@ wolfssl_connect_common(struct Curl_cfilter *cf, return result; } - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { + while(ssl_connect_2 == connssl->connecting_state) { /* check allowed time left */ const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); @@ -1351,14 +1796,13 @@ wolfssl_connect_common(struct Curl_cfilter *cf, return CURLE_OPERATION_TIMEDOUT; } - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading - || connssl->connecting_state == ssl_connect_2_writing) { + /* if ssl is expecting something, check if it is available. */ + if(connssl->io_need) { - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t writefd = (connssl->io_need & CURL_SSL_IO_NEED_SEND)? + sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = (connssl->io_need & CURL_SSL_IO_NEED_RECV)? + sockfd:CURL_SOCKET_BAD; what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, nonblocking?0:timeout_ms); @@ -1389,10 +1833,7 @@ wolfssl_connect_common(struct Curl_cfilter *cf, * have a valid fdset to wait on. */ result = wolfssl_connect_step2(cf, data); - if(result || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) + if(result || (nonblocking && (ssl_connect_2 == connssl->connecting_state))) return result; } /* repeat step2 until all transactions are done. */ @@ -1472,15 +1913,15 @@ static CURLcode wolfssl_sha256sum(const unsigned char *tmp, /* input */ static void *wolfssl_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { - struct wolfssl_ssl_backend_data *backend = - (struct wolfssl_ssl_backend_data *)connssl->backend; + struct wolfssl_ctx *backend = + (struct wolfssl_ctx *)connssl->backend; (void)info; DEBUGASSERT(backend); return backend->handle; } const struct Curl_ssl Curl_ssl_wolfssl = { - { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */ + { CURLSSLBACKEND_WOLFSSL, "wolfssl" }, /* info */ #ifdef KEEP_PEER_CERT SSLSUPP_PINNEDPUBKEY | @@ -1493,9 +1934,14 @@ const struct Curl_ssl Curl_ssl_wolfssl = { #ifdef USE_ECH SSLSUPP_ECH | #endif - SSLSUPP_SSL_CTX, + SSLSUPP_SSL_CTX | +#ifdef WOLFSSL_TLS13 + SSLSUPP_TLS13_CIPHERSUITES | +#endif + SSLSUPP_CA_CACHE | + SSLSUPP_CIPHER_LIST, - sizeof(struct wolfssl_ssl_backend_data), + sizeof(struct wolfssl_ctx), wolfssl_init, /* init */ wolfssl_cleanup, /* cleanup */ @@ -1518,9 +1964,9 @@ const struct Curl_ssl Curl_ssl_wolfssl = { wolfssl_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ wolfssl_recv, /* recv decrypted data */ wolfssl_send, /* send data to encrypt */ + NULL, /* get_channel_binding */ }; #endif diff --git a/vendor/hydra/vendor/curl/lib/vtls/wolfssl.h b/vendor/hydra/vendor/curl/lib/vtls/wolfssl.h index a5ed8480..318d8b4a 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/wolfssl.h +++ b/vendor/hydra/vendor/curl/lib/vtls/wolfssl.h @@ -26,8 +26,27 @@ #include "curl_setup.h" #ifdef USE_WOLFSSL +#include +#include +#include +#include + +#include "urldata.h" extern const struct Curl_ssl Curl_ssl_wolfssl; +struct wolfssl_ctx { + WOLFSSL_CTX *ctx; + WOLFSSL *handle; + CURLcode io_result; /* result of last BIO cfilter operation */ + int io_send_blocked_len; /* length of last BIO write that EAGAINed */ + BIT(x509_store_setup); /* x509 store has been set up */ + BIT(shutting_down); /* TLS is being shut down */ +}; + +CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct wolfssl_ctx *wssl); + #endif /* USE_WOLFSSL */ #endif /* HEADER_CURL_WOLFSSL_H */ diff --git a/vendor/hydra/vendor/curl/lib/vtls/x509asn1.c b/vendor/hydra/vendor/curl/lib/vtls/x509asn1.c index 4564ea95..4c93ce78 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/x509asn1.c +++ b/vendor/hydra/vendor/curl/lib/vtls/x509asn1.c @@ -25,13 +25,15 @@ #include "curl_setup.h" #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \ - defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ + defined(USE_MBEDTLS) #if defined(USE_WOLFSSL) || defined(USE_SCHANNEL) #define WANT_PARSEX509 /* uses Curl_parseX509() */ #endif -#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ + defined(USE_MBEDTLS) #define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */ #define WANT_PARSEX509 /* ... uses Curl_parseX509() */ #endif @@ -97,10 +99,6 @@ #define CURL_ASN1_CHARACTER_STRING 29 #define CURL_ASN1_BMP_STRING 30 -/* Max sixes */ - -#define MAX_X509_STR 10000 -#define MAX_X509_CERT 100000 #ifdef WANT_EXTRACT_CERTINFO /* ASN.1 OID table entry. */ @@ -110,15 +108,16 @@ struct Curl_OID { }; /* ASN.1 OIDs. */ -static const char cnOID[] = "2.5.4.3"; /* Common name. */ -static const char sanOID[] = "2.5.29.17"; /* Subject alternative name. */ - static const struct Curl_OID OIDtable[] = { { "1.2.840.10040.4.1", "dsa" }, { "1.2.840.10040.4.3", "dsa-with-sha1" }, { "1.2.840.10045.2.1", "ecPublicKey" }, { "1.2.840.10045.3.0.1", "c2pnb163v1" }, { "1.2.840.10045.4.1", "ecdsa-with-SHA1" }, + { "1.2.840.10045.4.3.1", "ecdsa-with-SHA224" }, + { "1.2.840.10045.4.3.2", "ecdsa-with-SHA256" }, + { "1.2.840.10045.4.3.3", "ecdsa-with-SHA384" }, + { "1.2.840.10045.4.3.4", "ecdsa-with-SHA512" }, { "1.2.840.10046.2.1", "dhpublicnumber" }, { "1.2.840.113549.1.1.1", "rsaEncryption" }, { "1.2.840.113549.1.1.2", "md2WithRSAEncryption" }, @@ -132,7 +131,7 @@ static const struct Curl_OID OIDtable[] = { { "1.2.840.113549.2.2", "md2" }, { "1.2.840.113549.2.5", "md5" }, { "1.3.14.3.2.26", "sha1" }, - { cnOID, "CN" }, + { "2.5.4.3", "CN" }, { "2.5.4.4", "SN" }, { "2.5.4.5", "serialNumber" }, { "2.5.4.6", "C" }, @@ -153,7 +152,7 @@ static const struct Curl_OID OIDtable[] = { { "2.5.4.65", "pseudonym" }, { "1.2.840.113549.1.9.1", "emailAddress" }, { "2.5.4.72", "role" }, - { sanOID, "subjectAltName" }, + { "2.5.29.17", "subjectAltName" }, { "2.5.29.18", "issuerAltName" }, { "2.5.29.19", "basicConstraints" }, { "2.16.840.1.101.3.4.2.4", "sha224" }, @@ -372,7 +371,7 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) else { while(!result && (from < end)) { char buf[4]; /* decode buffer */ - int charsize = 1; + size_t charsize = 1; unsigned int wc = 0; switch(size) { @@ -390,7 +389,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) if(wc >= 0x00000800) { if(wc >= 0x00010000) { if(wc >= 0x00200000) { - free(buf); /* Invalid char. size for target encoding. */ return CURLE_WEIRD_SERVER_REPLY; } @@ -461,7 +459,7 @@ static CURLcode OID2str(struct dynbuf *store, if(beg < end) { if(symbolic) { struct dynbuf buf; - Curl_dyn_init(&buf, MAX_X509_STR); + Curl_dyn_init(&buf, CURL_X509_STR_MAX); result = encodeOID(&buf, beg, end); if(!result) { @@ -469,7 +467,7 @@ static CURLcode OID2str(struct dynbuf *store, if(op) result = Curl_dyn_add(store, op->textoid); else - result = CURLE_BAD_FUNCTION_ARGUMENT; + result = Curl_dyn_add(store, Curl_dyn_ptr(&buf)); Curl_dyn_free(&buf); } } @@ -492,7 +490,7 @@ static CURLcode GTime2str(struct dynbuf *store, /* Convert an ASN.1 Generalized time to a printable string. Return the dynamically allocated string, or NULL if an error occurs. */ - for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++) + for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++) ; /* Get seconds digits. */ @@ -511,32 +509,44 @@ static CURLcode GTime2str(struct dynbuf *store, return CURLE_BAD_FUNCTION_ARGUMENT; } - /* Scan for timezone, measure fractional seconds. */ + /* timezone follows optional fractional seconds. */ tzp = fracp; - fracl = 0; + fracl = 0; /* no fractional seconds detected so far */ if(fracp < end && (*fracp == '.' || *fracp == ',')) { - fracp++; - do + /* Have fractional seconds, e.g. "[.,]\d+". How many? */ + fracp++; /* should be a digit char or BAD ARGUMENT */ + tzp = fracp; + while(tzp < end && ISDIGIT(*tzp)) tzp++; - while(tzp < end && *tzp >= '0' && *tzp <= '9'); - /* Strip leading zeroes in fractional seconds. */ - for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) - ; + if(tzp == fracp) /* never looped, no digit after [.,] */ + return CURLE_BAD_FUNCTION_ARGUMENT; + fracl = tzp - fracp; /* number of fractional sec digits */ + DEBUGASSERT(fracl > 0); + /* Strip trailing zeroes in fractional seconds. + * May reduce fracl to 0 if only '0's are present. */ + while(fracl && fracp[fracl - 1] == '0') + fracl--; } /* Process timezone. */ - if(tzp >= end) - ; /* Nothing to do. */ + if(tzp >= end) { + tzp = ""; + tzl = 0; + } else if(*tzp == 'Z') { - tzp = " GMT"; - end = tzp + 4; + sep = " "; + tzp = "GMT"; + tzl = 3; + } + else if((*tzp == '+') || (*tzp == '-')) { + sep = " UTC"; + tzl = end - tzp; } else { sep = " "; - tzp++; + tzl = end - tzp; } - tzl = end - tzp; return Curl_dyn_addf(store, "%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", beg, beg + 4, beg + 6, @@ -545,6 +555,15 @@ static CURLcode GTime2str(struct dynbuf *store, sep, (int)tzl, tzp); } +#ifdef UNITTESTS +/* used by unit1656.c */ +CURLcode Curl_x509_GTime2str(struct dynbuf *store, + const char *beg, const char *end) +{ + return GTime2str(store, beg, end); +} +#endif + /* * Convert an ASN.1 UTC time to a printable string. * @@ -598,7 +617,7 @@ static CURLcode ASN1tostr(struct dynbuf *store, { CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; if(elem->constructed) - return CURLE_OK; /* No conversion of structured elements. */ + return result; /* No conversion of structured elements. */ if(!type) type = elem->tag; /* Type not forced: use element tag as type. */ @@ -662,7 +681,7 @@ static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn) CURLcode result = CURLE_OK; bool added = FALSE; struct dynbuf temp; - Curl_dyn_init(&temp, MAX_X509_STR); + Curl_dyn_init(&temp, CURL_X509_STR_MAX); for(p1 = dn->beg; p1 < dn->end;) { p1 = getASN1Element(&rdn, p1, dn->end); @@ -692,6 +711,11 @@ static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn) str = Curl_dyn_ptr(&temp); + if(!str) { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto error; + } + /* Encode delimiter. If attribute has a short uppercase name, delimiter is ", ". */ for(p3 = str; ISUPPER(*p3); p3++) @@ -921,7 +945,7 @@ static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum, CURLcode result; struct dynbuf out; - Curl_dyn_init(&out, MAX_X509_STR); + Curl_dyn_init(&out, CURL_X509_STR_MAX); /* Generate a certificate information record for the public key. */ @@ -959,7 +983,8 @@ static int do_pubkey(struct Curl_easy *data, int certnum, if(ssl_push_certinfo(data, certnum, "ECC Public Key", q)) return 1; } - return do_pubkey_field(data, certnum, "ecPublicKey", pubkey); + return do_pubkey_field(data, certnum, "ecPublicKey", pubkey) == CURLE_OK + ? 0 : 1; } /* Get the public key (single element). */ @@ -1064,7 +1089,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, if(certnum) return CURLE_OK; - Curl_dyn_init(&out, MAX_X509_STR); + Curl_dyn_init(&out, CURL_X509_STR_MAX); /* Prepare the certificate information for curl_easy_getinfo(). */ /* Extract the certificate ASN.1 elements. */ @@ -1223,6 +1248,8 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, result = ssl_push_certinfo_dyn(data, certnum, "Cert", &out); done: + if(result) + failf(data, "Failed extracting certificate chain"); Curl_dyn_free(&out); return result; } diff --git a/vendor/hydra/vendor/curl/lib/vtls/x509asn1.h b/vendor/hydra/vendor/curl/lib/vtls/x509asn1.h index 23a67b82..5b48596c 100644 --- a/vendor/hydra/vendor/curl/lib/vtls/x509asn1.h +++ b/vendor/hydra/vendor/curl/lib/vtls/x509asn1.h @@ -28,7 +28,8 @@ #include "curl_setup.h" #if defined(USE_GNUTLS) || defined(USE_WOLFSSL) || \ - defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ + defined(USE_MBEDTLS) #include "cfilters.h" #include "urldata.h" @@ -76,5 +77,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, const char *beg, const char *end); CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, const char *beg, const char *end); + +#ifdef UNITTESTS +#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ + defined(USE_MBEDTLS) + +/* used by unit1656.c */ +CURLcode Curl_x509_GTime2str(struct dynbuf *store, + const char *beg, const char *end); +#endif +#endif + #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */ #endif /* HEADER_CURL_X509ASN1_H */ diff --git a/vendor/hydra/vendor/curl/lib/ws.c b/vendor/hydra/vendor/curl/lib/ws.c index 6ccf9e65..67069447 100644 --- a/vendor/hydra/vendor/curl/lib/ws.c +++ b/vendor/hydra/vendor/curl/lib/ws.c @@ -37,6 +37,7 @@ #include "ws.h" #include "easyif.h" #include "transfer.h" +#include "select.h" #include "nonblock.h" /* The last 3 #include files should be in this order */ @@ -102,7 +103,7 @@ static unsigned char ws_frame_flags2op(int flags) size_t i; for(i = 0; i < sizeof(WS_FRAMES)/sizeof(WS_FRAMES[0]); ++i) { if(WS_FRAMES[i].flags & flags) - return WS_FRAMES[i].proto_opcode; + return (unsigned char)WS_FRAMES[i].proto_opcode; } return 0; } @@ -127,7 +128,7 @@ static void ws_dec_info(struct ws_decoder *dec, struct Curl_easy *data, } else { CURL_TRC_WRITE(data, "websocket, decoded %s [%s%s payload=%" - CURL_FORMAT_CURL_OFF_T "/%" CURL_FORMAT_CURL_OFF_T "]", + FMT_OFF_T "/%" FMT_OFF_T "]", msg, ws_frame_name_of_op(dec->head[0]), (dec->head[0] & WSBIT_FIN)? "" : " NON-FINAL", dec->payload_offset, dec->payload_len); @@ -136,6 +137,9 @@ static void ws_dec_info(struct ws_decoder *dec, struct Curl_easy *data, } } +static CURLcode ws_send_raw_blocking(CURL *data, struct websocket *ws, + const char *buffer, size_t buflen); + typedef ssize_t ws_write_payload(const unsigned char *buf, size_t buflen, int frame_age, int frame_flags, curl_off_t payload_offset, @@ -171,7 +175,7 @@ static CURLcode ws_dec_read_head(struct ws_decoder *dec, dec->head[0] = *inbuf; Curl_bufq_skip(inraw, 1); - dec->frame_flags = ws_frame_op2flags(dec->head[0]); + dec->frame_flags = ws_frame_op2flags(dec->head[0]); if(!dec->frame_flags) { failf(data, "WS: unknown opcode: %x", dec->head[0]); ws_dec_reset(dec); @@ -278,7 +282,7 @@ static CURLcode ws_dec_pass_payload(struct ws_decoder *dec, dec->payload_offset += (curl_off_t)nwritten; remain = dec->payload_len - dec->payload_offset; CURL_TRC_WRITE(data, "websocket, passed %zd bytes payload, %" - CURL_FORMAT_CURL_OFF_T " remain", nwritten, remain); + FMT_OFF_T " remain", nwritten, remain); } return remain? CURLE_AGAIN : CURLE_OK; @@ -488,8 +492,7 @@ static const struct Curl_cwtype ws_cw_decode = { static void ws_enc_info(struct ws_encoder *enc, struct Curl_easy *data, const char *msg) { - infof(data, "WS-ENC: %s [%s%s%s payload=%" CURL_FORMAT_CURL_OFF_T - "/%" CURL_FORMAT_CURL_OFF_T "]", + infof(data, "WS-ENC: %s [%s%s%s payload=%" FMT_OFF_T "/%" FMT_OFF_T "]", msg, ws_frame_name_of_op(enc->firstbyte), (enc->firstbyte & WSBIT_OPCODE_MASK) == WSBIT_OPCODE_CONT ? " CONT" : "", @@ -547,20 +550,20 @@ static ssize_t ws_enc_write_head(struct Curl_easy *data, if(payload_len < 0) { failf(data, "WS: starting new frame with negative payload length %" - CURL_FORMAT_CURL_OFF_T, payload_len); + FMT_OFF_T, payload_len); *err = CURLE_SEND_ERROR; return -1; } if(enc->payload_remain > 0) { /* trying to write a new frame before the previous one is finished */ - failf(data, "WS: starting new frame with %zd bytes from last one" + failf(data, "WS: starting new frame with %zd bytes from last one " "remaining to be sent", (ssize_t)enc->payload_remain); *err = CURLE_SEND_ERROR; return -1; } - opcode = ws_frame_flags2op(flags); + opcode = ws_frame_flags2op((int)flags & ~CURLWS_CONT); if(!opcode) { failf(data, "WS: provided flags not recognized '%x'", flags); *err = CURLE_SEND_ERROR; @@ -579,7 +582,7 @@ static ssize_t ws_enc_write_head(struct Curl_easy *data, enc->contfragment = FALSE; } else if(enc->contfragment) { - /* the previous fragment was not a final one and this isn't either, keep a + /* the previous fragment was not a final one and this is not either, keep a CONT opcode and no FIN bit */ firstbyte |= WSBIT_OPCODE_CONT; } @@ -773,7 +776,7 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, } } #endif - DEBUGF(infof(data, "WS, using chunk size %zu", chunk_size)); + CURL_TRC_WS(data, "WS, using chunk size %zu", chunk_size); Curl_bufq_init2(&ws->recvbuf, chunk_size, WS_CHUNK_COUNT, BUFQ_OPT_SOFT_LIMIT); Curl_bufq_init2(&ws->sendbuf, chunk_size, WS_CHUNK_COUNT, @@ -970,8 +973,8 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, infof(data, "connection expectedly closed?"); return CURLE_GOT_NOTHING; } - DEBUGF(infof(data, "curl_ws_recv, added %zu bytes from network", - Curl_bufq_len(&ws->recvbuf))); + CURL_TRC_WS(data, "curl_ws_recv, added %zu bytes from network", + Curl_bufq_len(&ws->recvbuf)); } result = ws_dec_pass(&ws->dec, data, &ws->recvbuf, @@ -1001,14 +1004,14 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, ctx.payload_len, ctx.bufidx); *metap = &ws->frame; *nread = ws->frame.len; - /* infof(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %" - CURL_FORMAT_CURL_OFF_T ", %" CURL_FORMAT_CURL_OFF_T " left)", - buflen, *nread, ws->frame.offset, ws->frame.bytesleft); */ + CURL_TRC_WS(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %" + FMT_OFF_T ", %" FMT_OFF_T " left)", + buflen, *nread, ws->frame.offset, ws->frame.bytesleft); return CURLE_OK; } static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, - bool complete) + bool blocking) { if(!Curl_bufq_is_empty(&ws->sendbuf)) { CURLcode result; @@ -1016,30 +1019,26 @@ static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, size_t outlen, n; while(Curl_bufq_peek(&ws->sendbuf, &out, &outlen)) { - if(data->set.connect_only) + if(blocking) { + result = ws_send_raw_blocking(data, ws, (char *)out, outlen); + n = result? 0 : outlen; + } + else if(data->set.connect_only || Curl_is_in_callback(data)) result = Curl_senddata(data, out, outlen, &n); else { - result = Curl_xfer_send(data, out, outlen, &n); + result = Curl_xfer_send(data, out, outlen, FALSE, &n); if(!result && !n && outlen) result = CURLE_AGAIN; } - if(result) { - if(result == CURLE_AGAIN) { - if(!complete) { - infof(data, "WS: flush EAGAIN, %zu bytes remain in buffer", - Curl_bufq_len(&ws->sendbuf)); - return result; - } - /* TODO: the current design does not allow for buffered writes. - * We need to flush the buffer now. There is no ws_flush() later */ - n = 0; - continue; - } - else if(result) { - failf(data, "WS: flush, write error %d", result); - return result; - } + if(result == CURLE_AGAIN) { + CURL_TRC_WS(data, "flush EAGAIN, %zu bytes remain in buffer", + Curl_bufq_len(&ws->sendbuf)); + return result; + } + else if(result) { + failf(data, "WS: flush, write error %d", result); + return result; } else { infof(data, "WS: flushed %zu bytes", n); @@ -1050,6 +1049,83 @@ static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws, return CURLE_OK; } +static CURLcode ws_send_raw_blocking(CURL *data, struct websocket *ws, + const char *buffer, size_t buflen) +{ + CURLcode result = CURLE_OK; + size_t nwritten; + + (void)ws; + while(buflen) { + result = Curl_xfer_send(data, buffer, buflen, FALSE, &nwritten); + if(result) + return result; + DEBUGASSERT(nwritten <= buflen); + buffer += nwritten; + buflen -= nwritten; + if(buflen) { + curl_socket_t sock = data->conn->sock[FIRSTSOCKET]; + timediff_t left_ms; + int ev; + + CURL_TRC_WS(data, "ws_send_raw_blocking() partial, %zu left to send", + buflen); + left_ms = Curl_timeleft(data, NULL, FALSE); + if(left_ms < 0) { + failf(data, "Timeout waiting for socket becoming writable"); + return CURLE_SEND_ERROR; + } + + /* POLLOUT socket */ + if(sock == CURL_SOCKET_BAD) + return CURLE_SEND_ERROR; + ev = Curl_socket_check(CURL_SOCKET_BAD, CURL_SOCKET_BAD, sock, + left_ms? left_ms : 500); + if(ev < 0) { + failf(data, "Error while waiting for socket becoming writable"); + return CURLE_SEND_ERROR; + } + } + } + return result; +} + +static CURLcode ws_send_raw(CURL *data, const void *buffer, + size_t buflen, size_t *pnwritten) +{ + struct websocket *ws = data->conn->proto.ws; + CURLcode result; + + if(!ws) { + failf(data, "Not a websocket transfer"); + return CURLE_SEND_ERROR; + } + if(!buflen) + return CURLE_OK; + + if(Curl_is_in_callback(data)) { + /* When invoked from inside callbacks, we do a blocking send as the + * callback will probably not implement partial writes that may then + * mess up the ws framing subsequently. + * We need any pending data to be flushed before sending. */ + result = ws_flush(data, ws, TRUE); + if(result) + return result; + result = ws_send_raw_blocking(data, ws, buffer, buflen); + } + else { + /* We need any pending data to be sent or EAGAIN this call. */ + result = ws_flush(data, ws, FALSE); + if(result) + return result; + result = Curl_senddata(data, buffer, buflen, pnwritten); + } + + CURL_TRC_WS(data, "ws_send_raw(len=%zu) -> %d, %zu", + buflen, result, *pnwritten); + return result; +} + CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, size_t buflen, size_t *sent, curl_off_t fragsize, @@ -1057,60 +1133,53 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, { struct websocket *ws; ssize_t n; - size_t nwritten, space; + size_t space, payload_added; CURLcode result; + CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T + ", flags=%x), raw=%d", + buflen, fragsize, flags, data->set.ws_raw_mode); *sent = 0; if(!data->conn && data->set.connect_only) { result = Curl_connect_only_attach(data); if(result) - return result; + goto out; } if(!data->conn) { failf(data, "No associated connection"); - return CURLE_SEND_ERROR; + result = CURLE_SEND_ERROR; + goto out; } if(!data->conn->proto.ws) { failf(data, "Not a websocket transfer"); - return CURLE_SEND_ERROR; + result = CURLE_SEND_ERROR; + goto out; } ws = data->conn->proto.ws; + /* try flushing any content still waiting to be sent. */ + result = ws_flush(data, ws, FALSE); + if(result) + goto out; + if(data->set.ws_raw_mode) { + /* In raw mode, we write directly to the connection */ if(fragsize || flags) { - DEBUGF(infof(data, "ws_send: " - "fragsize and flags cannot be non-zero in raw mode")); + failf(data, "ws_send, raw mode: fragsize and flags cannot be non-zero"); return CURLE_BAD_FUNCTION_ARGUMENT; } - if(!buflen) - /* nothing to do */ - return CURLE_OK; - /* raw mode sends exactly what was requested, and this is from within - the write callback */ - if(Curl_is_in_callback(data)) { - result = Curl_xfer_send(data, buffer, buflen, &nwritten); - } - else - result = Curl_senddata(data, buffer, buflen, &nwritten); - - infof(data, "WS: wanted to send %zu bytes, sent %zu bytes", - buflen, nwritten); - *sent = nwritten; - return result; + result = ws_send_raw(data, buffer, buflen, sent); + goto out; } /* Not RAW mode, buf we do the frame encoding */ - result = ws_flush(data, ws, FALSE); - if(result) - return result; - - /* TODO: the current design does not allow partial writes, afaict. - * It is not clear how the application is supposed to react. */ space = Curl_bufq_space(&ws->sendbuf); - DEBUGF(infof(data, "curl_ws_send(len=%zu), sendbuf len=%zu space %zu", - buflen, Curl_bufq_len(&ws->sendbuf), space)); - if(space < 14) - return CURLE_AGAIN; + CURL_TRC_WS(data, "curl_ws_send(len=%zu), sendbuf=%zu space_left=%zu", + buflen, Curl_bufq_len(&ws->sendbuf), space); + if(space < 14) { + result = CURLE_AGAIN; + goto out; + } if(flags & CURLWS_OFFSET) { if(fragsize) { @@ -1118,12 +1187,12 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, n = ws_enc_write_head(data, &ws->enc, flags, fragsize, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; } else { if((curl_off_t)buflen > ws->enc.payload_remain) { infof(data, "WS: unaligned frame size (sending %zu instead of %" - CURL_FORMAT_CURL_OFF_T ")", + FMT_OFF_T ")", buflen, ws->enc.payload_remain); } } @@ -1132,16 +1201,66 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, n = ws_enc_write_head(data, &ws->enc, flags, (curl_off_t)buflen, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; } n = ws_enc_write_payload(&ws->enc, data, buffer, buflen, &ws->sendbuf, &result); if(n < 0) - return result; + goto out; + payload_added = (size_t)n; + + while(!result && (buflen || !Curl_bufq_is_empty(&ws->sendbuf))) { + /* flush, blocking when in callback */ + result = ws_flush(data, ws, Curl_is_in_callback(data)); + if(!result) { + DEBUGASSERT(payload_added <= buflen); + /* all buffered data sent. Try sending the rest if there is any. */ + *sent += payload_added; + buffer = (const char *)buffer + payload_added; + buflen -= payload_added; + payload_added = 0; + if(buflen) { + n = ws_enc_write_payload(&ws->enc, data, + buffer, buflen, &ws->sendbuf, &result); + if(n < 0) + goto out; + payload_added = Curl_bufq_len(&ws->sendbuf); + } + } + else if(result == CURLE_AGAIN) { + /* partially sent. how much of the call data has been part of it? what + * should we report to out caller so it can retry/send the rest? */ + if(payload_added < buflen) { + /* We did not add everything the caller wanted. Return just + * the partial write to our buffer. */ + *sent = payload_added; + result = CURLE_OK; + goto out; + } + else if(!buflen) { + /* We have no payload to report a partial write. EAGAIN would make + * the caller repeat this and add the frame again. + * Flush blocking seems the only way out of this. */ + *sent = (size_t)n; + result = ws_flush(data, ws, TRUE); + goto out; + } + /* We added the complete data to our sendbuf. Report one byte less as + * sent. This parital success should make the caller invoke us again + * with the last byte. */ + *sent = payload_added - 1; + result = Curl_bufq_unwrite(&ws->sendbuf, 1); + if(!result) + result = CURLE_AGAIN; + } + } - *sent = (size_t)n; - return ws_flush(data, ws, TRUE); +out: + CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T + ", flags=%x, raw=%d) -> %d, %zu", + buflen, fragsize, flags, data->set.ws_raw_mode, result, *sent); + return result; } static void ws_free(struct connectdata *conn) @@ -1156,7 +1275,7 @@ static void ws_free(struct connectdata *conn) static CURLcode ws_setup_conn(struct Curl_easy *data, struct connectdata *conn) { - /* websockets is 1.1 only (for now) */ + /* WebSockets is 1.1 only (for now) */ data->state.httpwant = CURL_HTTP_VERSION_1_1; return Curl_http_setup_conn(data, conn); } diff --git a/vendor/hydra/vendor/curl/lib/ws.h b/vendor/hydra/vendor/curl/lib/ws.h index baa77b44..398900cc 100644 --- a/vendor/hydra/vendor/curl/lib/ws.h +++ b/vendor/hydra/vendor/curl/lib/ws.h @@ -57,7 +57,7 @@ struct ws_encoder { curl_off_t payload_len; /* payload length of current frame */ curl_off_t payload_remain; /* remaining payload of current */ unsigned int xori; /* xor index */ - unsigned char mask[4]; /* 32 bit mask for this connection */ + unsigned char mask[4]; /* 32-bit mask for this connection */ unsigned char firstbyte; /* first byte of frame we encode */ bool contfragment; /* set TRUE if the previous fragment sent was not final */ }; diff --git a/vendor/hydra/vendor/noa/LICENSE b/vendor/hydra/vendor/noa/LICENSE index 4c43a09e..efbd81c9 100644 --- a/vendor/hydra/vendor/noa/LICENSE +++ b/vendor/hydra/vendor/noa/LICENSE @@ -1,201 +1,661 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2023 Sourcemeta Ltd. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + Noa - A set of re-usable and opinionated utilities for Sourcemeta projects + Copyright (C) 2022 Juan Cruz Viotti + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. diff --git a/vendor/hydra/vendor/noa/cmake/noa.cmake b/vendor/hydra/vendor/noa/cmake/noa.cmake index 71b9247d..d55ca540 100644 --- a/vendor/hydra/vendor/noa/cmake/noa.cmake +++ b/vendor/hydra/vendor/noa/cmake/noa.cmake @@ -2,8 +2,9 @@ set(NOA_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/noa") include("${NOA_DIRECTORY}/shim.cmake") include("${NOA_DIRECTORY}/variables.cmake") include("${NOA_DIRECTORY}/defaults.cmake") -include("${NOA_DIRECTORY}/library.cmake") include("${NOA_DIRECTORY}/compiler/sanitizer.cmake") +include("${NOA_DIRECTORY}/compiler/options.cmake") +include("${NOA_DIRECTORY}/library.cmake") include("${NOA_DIRECTORY}/options/enum.cmake") include("${NOA_DIRECTORY}/commands/copy-file.cmake") include("${NOA_DIRECTORY}/targets/clang-format.cmake") diff --git a/vendor/hydra/vendor/noa/cmake/noa/compiler/options.cmake b/vendor/hydra/vendor/noa/cmake/noa/compiler/options.cmake new file mode 100644 index 00000000..dde90f21 --- /dev/null +++ b/vendor/hydra/vendor/noa/cmake/noa/compiler/options.cmake @@ -0,0 +1,109 @@ +function(noa_add_default_options visibility target) + if(NOA_COMPILER_MSVC) + # See https://learn.microsoft.com/en-us/cpp/build/reference/compiler-options-listed-by-category + target_compile_options("${target}" ${visibility} + /options:strict + /permissive- + /W4 + /WL + /MP + /sdl) + else() + target_compile_options("${target}" ${visibility} + -Wall + -Wextra + -Wpedantic + -Wshadow + -Wdouble-promotion + -Wconversion + -Wunused-parameter + -Wtrigraphs + -Wunreachable-code + -Wmissing-braces + -Wparentheses + -Wswitch + -Wunused-function + -Wunused-label + -Wunused-parameter + -Wunused-variable + -Wunused-value + -Wempty-body + -Wuninitialized + -Wshadow + -Wconversion + -Wenum-conversion + -Wfloat-conversion + -Wimplicit-fallthrough + -Wsign-compare + -Wsign-conversion + -Wunknown-pragmas + -Wnon-virtual-dtor + -Woverloaded-virtual + -Winvalid-offsetof + -funroll-loops + -fstrict-aliasing + -ftree-vectorize + + # To improve how much GCC/Clang will vectorize + -fno-math-errno + + # Assume that signed arithmetic overflow of addition, subtraction and + # multiplication wraps around using twos-complement representation + # See https://users.cs.utah.edu/~regehr/papers/overflow12.pdf + # See https://www.postgresql.org/message-id/1689.1134422394@sss.pgh.pa.us + -fwrapv) + endif() + + if(NOA_COMPILER_LLVM) + target_compile_options("${target}" ${visibility} + -Wbool-conversion + -Wint-conversion + -Wpointer-sign + -Wconditional-uninitialized + -Wconstant-conversion + -Wnon-literal-null-conversion + -Wshorten-64-to-32 + -Wdeprecated-implementations + -Winfinite-recursion + -Wnewline-eof + -Wfour-char-constants + -Wselector + -Wundeclared-selector + -Wdocumentation + -Wmove + -Wc++11-extensions + -Wcomma + -Wno-exit-time-destructors + -Wrange-loop-analysis + + # Enable loop vectorization for performance reasons + -fvectorize + # Enable vectorization of straight-line code for performance + -fslp-vectorize) + elseif(NOA_COMPILER_GCC) + target_compile_options("${target}" ${visibility} + -fno-trapping-math + # Newer versions of GCC (i.e. 14) seem to print a lot of false-positives here + -Wno-dangling-reference + # GCC seems to print a lot of false-positives here + -Wno-free-nonheap-object + # Disables runtime type information + -fno-rtti) + endif() +endfunction() + +# For studying failed vectorization results +# - On Clang , seems to only take effect on release shared builds +# - On GCC, seems to only take effect on release shared builds +function(noa_add_vectorization_diagnostics target) + if(NOA_COMPILER_LLVM) + # See https://llvm.org/docs/Vectorizers.html#id6 + target_compile_options("${target}" PRIVATE + -Rpass-analysis=loop-vectorize + -Rpass-missed=loop-vectorize) + elseif(NOA_COMPILER_GCC) + target_compile_options("${target}" PRIVATE + -fopt-info-vec-missed + -fopt-info-loop-missed) + endif() +endfunction() diff --git a/vendor/hydra/vendor/noa/cmake/noa/defaults.cmake b/vendor/hydra/vendor/noa/cmake/noa/defaults.cmake index 21a50b3c..0709ee22 100644 --- a/vendor/hydra/vendor/noa/cmake/noa/defaults.cmake +++ b/vendor/hydra/vendor/noa/cmake/noa/defaults.cmake @@ -69,3 +69,26 @@ if(WIN32) # For DLL files set(CMAKE_LIBRARY_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin" CACHE STRING "") endif() + +# Enable IPO/LTO to help the compiler optimize across modules. +# Only do so in release, given these optimizations can significantly +# increase build times. +# See: https://cmake.org/cmake/help/latest/module/CheckIPOSupported.html +if(CMAKE_BUILD_TYPE STREQUAL "Release" AND NOT BUILD_SHARED_LIBS) + include(CheckIPOSupported) + check_ipo_supported(RESULT ipo_supported OUTPUT ipo_supported_error) + if(ipo_supported) + # TODO: Make IPO/LTO work on Linux + LLVM + if(APPLE OR NOT NOA_COMPILER_LLVM) + message(STATUS "Enabling IPO") + cmake_policy(SET CMP0069 NEW) + set(CMAKE_INTERPROCEDURAL_OPTIMIZATION ON) + else() + message(WARNING "Avoiding IPO on this configuration") + endif() + else() + message(WARNING "IPO not supported: ${ipo_supported_error}") + endif() + unset(ipo_supported) + unset(ipo_supported_error) +endif() diff --git a/vendor/hydra/vendor/noa/cmake/noa/library.cmake b/vendor/hydra/vendor/noa/cmake/noa/library.cmake index dd7019a5..9868714d 100644 --- a/vendor/hydra/vendor/noa/cmake/noa/library.cmake +++ b/vendor/hydra/vendor/noa/cmake/noa/library.cmake @@ -1,6 +1,6 @@ function(noa_library) cmake_parse_arguments(NOA_LIBRARY "" - "NAMESPACE;PROJECT;NAME;FOLDER" "PRIVATE_HEADERS;SOURCES" ${ARGN}) + "NAMESPACE;PROJECT;NAME;FOLDER;VARIANT" "PRIVATE_HEADERS;SOURCES" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -18,17 +18,22 @@ function(noa_library) set(INCLUDE_PREFIX "include/${NOA_LIBRARY_PROJECT}") endif() - set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + if(NOT NOA_LIBRARY_VARIANT) + set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + else() + set(PUBLIC_HEADER "../${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + endif() if(NOA_LIBRARY_SOURCES) set(ABSOLUTE_PRIVATE_HEADERS "${CMAKE_CURRENT_BINARY_DIR}/${NOA_LIBRARY_NAME}_export.h") - foreach(private_header IN LISTS NOA_LIBRARY_PRIVATE_HEADERS) - list(APPEND ABSOLUTE_PRIVATE_HEADERS "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}_${private_header}") - endforeach() else() set(ABSOLUTE_PRIVATE_HEADERS) endif() + foreach(private_header IN LISTS NOA_LIBRARY_PRIVATE_HEADERS) + list(APPEND ABSOLUTE_PRIVATE_HEADERS "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}_${private_header}") + endforeach() + if(NOA_LIBRARY_NAMESPACE) set(TARGET_NAME "${NOA_LIBRARY_NAMESPACE}_${NOA_LIBRARY_PROJECT}_${NOA_LIBRARY_NAME}") set(ALIAS_NAME "${NOA_LIBRARY_NAMESPACE}::${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") @@ -37,33 +42,51 @@ function(noa_library) set(ALIAS_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + set(ALIAS_NAME "${ALIAS_NAME}::${NOA_LIBRARY_VARIANT}") + endif() + if(NOA_LIBRARY_SOURCES) add_library(${TARGET_NAME} ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS} ${NOA_LIBRARY_SOURCES}) + noa_add_default_options(PRIVATE ${TARGET_NAME}) else() add_library(${TARGET_NAME} INTERFACE ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS}) + noa_add_default_options(INTERFACE ${TARGET_NAME}) endif() add_library(${ALIAS_NAME} ALIAS ${TARGET_NAME}) + if(NOT NOA_LIBRARY_VARIANT) + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/include") + else() + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/../include") + endif() if(NOA_LIBRARY_SOURCES) target_include_directories(${TARGET_NAME} PUBLIC - "$" + "$" "$") else() target_include_directories(${TARGET_NAME} INTERFACE - "$" + "$" "$") endif() if(NOA_LIBRARY_SOURCES) + if(NOA_LIBRARY_VARIANT) + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}::${NOA_LIBRARY_VARIANT}") + else() + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") + endif() + set_target_properties(${TARGET_NAME} PROPERTIES OUTPUT_NAME ${TARGET_NAME} PUBLIC_HEADER "${PUBLIC_HEADER}" PRIVATE_HEADER "${ABSOLUTE_PRIVATE_HEADERS}" - EXPORT_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}" + EXPORT_NAME "${export_name}" FOLDER "${NOA_LIBRARY_FOLDER}") else() set_target_properties(${TARGET_NAME} @@ -90,7 +113,7 @@ function(noa_library) endfunction() function(noa_library_install) - cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME" "" ${ARGN}) + cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME;VARIANT" "" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -111,6 +134,10 @@ function(noa_library_install) set(NAMESPACE_PREFIX "") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + endif() + include(GNUInstallDirs) install(TARGETS ${TARGET_NAME} EXPORT ${TARGET_NAME} diff --git a/vendor/hydra/vendor/uwebsockets/src/App.h b/vendor/hydra/vendor/uwebsockets/src/App.h index f0e2a4dc..db916822 100644 --- a/vendor/hydra/vendor/uwebsockets/src/App.h +++ b/vendor/hydra/vendor/uwebsockets/src/App.h @@ -18,6 +18,8 @@ #ifndef UWS_APP_H #define UWS_APP_H +#define _CRT_SECURE_NO_WARNINGS + #include #include #include @@ -77,7 +79,7 @@ namespace uWS { static_assert(sizeof(struct us_socket_context_options_t) == sizeof(SocketContextOptions), "Mismatching uSockets/uWebSockets ABI"); -template +template struct TemplatedApp { private: /* The app always owns at least one http context, but creates websocket contexts on demand */ @@ -92,7 +94,7 @@ struct TemplatedApp { TopicTree *topicTree = nullptr; /* Server name */ - TemplatedApp &&addServerName(std::string hostname_pattern, SocketContextOptions options = {}) { + BuilderPatternReturnType &&addServerName(std::string hostname_pattern, SocketContextOptions options = {}) { /* Do nothing if not even on SSL */ if constexpr (SSL) { @@ -102,10 +104,10 @@ struct TemplatedApp { us_socket_context_add_server_name(SSL, (struct us_socket_context_t *) httpContext, hostname_pattern.c_str(), options, domainRouter); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&removeServerName(std::string hostname_pattern) { + BuilderPatternReturnType &&removeServerName(std::string hostname_pattern) { /* This will do for now, would be better if us_socket_context_remove_server_name returned the user data */ auto *domainRouter = us_socket_context_find_server_name_userdata(SSL, (struct us_socket_context_t *) httpContext, hostname_pattern.c_str()); @@ -114,10 +116,10 @@ struct TemplatedApp { } us_socket_context_remove_server_name(SSL, (struct us_socket_context_t *) httpContext, hostname_pattern.c_str()); - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&missingServerName(MoveOnlyFunction handler) { + BuilderPatternReturnType &&missingServerName(MoveOnlyFunction handler) { if (!constructorFailed()) { httpContext->getSocketContextData()->missingServerNameHandler = std::move(handler); @@ -130,7 +132,7 @@ struct TemplatedApp { }); } - return std::move(*this); + return std::move(static_cast(*this)); } /* Returns the SSL_CTX of this app, or nullptr. */ @@ -139,10 +141,10 @@ struct TemplatedApp { } /* Attaches a "filter" function to track socket connections/disconnections */ - TemplatedApp &&filter(MoveOnlyFunction *, int)> &&filterHandler) { + BuilderPatternReturnType &&filter(MoveOnlyFunction *, int)> &&filterHandler) { httpContext->filter(std::move(filterHandler)); - return std::move(*this); + return std::move(static_cast(*this)); } /* Publishes a message to all websocket contexts - conceptually as if publishing to the one single @@ -187,12 +189,12 @@ struct TemplatedApp { /* Delete TopicTree */ if (topicTree) { - delete topicTree; - /* And unregister loop callbacks */ /* We must unregister any loop post handler here */ Loop::get()->removePostHandler(topicTree); Loop::get()->removePreHandler(topicTree); + + delete topicTree; } } @@ -257,23 +259,23 @@ struct TemplatedApp { }; /* Closes all sockets including listen sockets. */ - TemplatedApp &&close() { + BuilderPatternReturnType &&close() { us_socket_context_close(SSL, (struct us_socket_context_t *) httpContext); for (void *webSocketContext : webSocketContexts) { us_socket_context_close(SSL, (struct us_socket_context_t *) webSocketContext); } - return std::move(*this); + return std::move(static_cast(*this)); } template - TemplatedApp &&ws(std::string pattern, WebSocketBehavior &&behavior) { + BuilderPatternReturnType &&ws(std::string pattern, WebSocketBehavior &&behavior) { /* Don't compile if alignment rules cannot be satisfied */ static_assert(alignof(UserData) <= LIBUS_EXT_ALIGNMENT, "µWebSockets cannot satisfy UserData alignment requirements. You need to recompile µSockets with LIBUS_EXT_ALIGNMENT adjusted accordingly."); if (!httpContext) { - return std::move(*this); + return std::move(static_cast(*this)); } /* Terminate on misleading idleTimeout values */ @@ -382,14 +384,7 @@ struct TemplatedApp { webSocketContext->getExt()->droppedHandler = std::move(behavior.dropped); webSocketContext->getExt()->drainHandler = std::move(behavior.drain); webSocketContext->getExt()->subscriptionHandler = std::move(behavior.subscription); - webSocketContext->getExt()->closeHandler = std::move([closeHandler = std::move(behavior.close)](WebSocket *ws, int code, std::string_view message) mutable { - if (closeHandler) { - closeHandler(ws, code, message); - } - - /* Destruct user data after returning from close handler */ - ((UserData *) ws->getUserData())->~UserData(); - }); + webSocketContext->getExt()->closeHandler = std::move(behavior.close); webSocketContext->getExt()->pingHandler = std::move(behavior.ping); webSocketContext->getExt()->pongHandler = std::move(behavior.pong); @@ -443,11 +438,11 @@ struct TemplatedApp { req->setYield(true); } }, true); - return std::move(*this); + return std::move(static_cast(*this)); } /* Browse to a server name, changing the router to this domain */ - TemplatedApp &&domain(std::string serverName) { + BuilderPatternReturnType &&domain(std::string serverName) { HttpContextData *httpContextData = httpContext->getSocketContextData(); void *domainRouter = us_socket_context_find_server_name_userdata(SSL, (struct us_socket_context_t *) httpContext, serverName.c_str()); @@ -459,137 +454,188 @@ struct TemplatedApp { httpContextData->currentRouter = &httpContextData->router; } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&get(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&get(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("GET", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&post(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&post(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("POST", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&options(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&options(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("OPTIONS", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&del(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&del(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("DELETE", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&patch(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&patch(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("PATCH", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&put(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&put(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("PUT", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&head(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&head(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("HEAD", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&connect(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&connect(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("CONNECT", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&trace(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&trace(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("TRACE", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } /* This one catches any method */ - TemplatedApp &&any(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { + BuilderPatternReturnType &&any(std::string pattern, MoveOnlyFunction *, HttpRequest *)> &&handler) { if (httpContext) { httpContext->onHttp("*", pattern, std::move(handler)); } - return std::move(*this); + return std::move(static_cast(*this)); } /* Host, port, callback */ - TemplatedApp &&listen(std::string host, int port, MoveOnlyFunction &&handler) { + BuilderPatternReturnType &&listen(std::string host, int port, MoveOnlyFunction &&handler) { if (!host.length()) { return listen(port, std::move(handler)); } handler(httpContext ? httpContext->listen(host.c_str(), port, 0) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* Host, port, options, callback */ - TemplatedApp &&listen(std::string host, int port, int options, MoveOnlyFunction &&handler) { + BuilderPatternReturnType &&listen(std::string host, int port, int options, MoveOnlyFunction &&handler) { if (!host.length()) { return listen(port, options, std::move(handler)); } handler(httpContext ? httpContext->listen(host.c_str(), port, options) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* Port, callback */ - TemplatedApp &&listen(int port, MoveOnlyFunction &&handler) { + BuilderPatternReturnType &&listen(int port, MoveOnlyFunction &&handler) { handler(httpContext ? httpContext->listen(nullptr, port, 0) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* Port, options, callback */ - TemplatedApp &&listen(int port, int options, MoveOnlyFunction &&handler) { + BuilderPatternReturnType &&listen(int port, int options, MoveOnlyFunction &&handler) { handler(httpContext ? httpContext->listen(nullptr, port, options) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* options, callback, path to unix domain socket */ - TemplatedApp &&listen(int options, MoveOnlyFunction &&handler, std::string path) { + BuilderPatternReturnType &&listen(int options, MoveOnlyFunction &&handler, std::string path) { handler(httpContext ? httpContext->listen(path.c_str(), options) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* callback, path to unix domain socket */ - TemplatedApp &&listen(MoveOnlyFunction &&handler, std::string path) { + BuilderPatternReturnType &&listen(MoveOnlyFunction &&handler, std::string path) { handler(httpContext ? httpContext->listen(path.c_str(), 0) : nullptr); - return std::move(*this); + return std::move(static_cast(*this)); } /* Register event handler for accepted FD. Can be used together with adoptSocket. */ - TemplatedApp &&preOpen(LIBUS_SOCKET_DESCRIPTOR (*handler)(LIBUS_SOCKET_DESCRIPTOR)) { + BuilderPatternReturnType &&preOpen(LIBUS_SOCKET_DESCRIPTOR (*handler)(struct us_socket_context_t *, LIBUS_SOCKET_DESCRIPTOR)) { httpContext->onPreOpen(handler); - return std::move(*this); + return std::move(static_cast(*this)); + } + + BuilderPatternReturnType &&removeChildApp(BuilderPatternReturnType *app) { + /* Remove this app from httpContextData list over child apps and reset round robin */ + auto &childApps = httpContext->getSocketContextData()->childApps; + childApps.erase( + std::remove(childApps.begin(), childApps.end(), (void *) app), + childApps.end() + ); + httpContext->getSocketContextData()->roundRobin = 0; + + return std::move(static_cast(*this)); + } + + BuilderPatternReturnType &&addChildApp(BuilderPatternReturnType *app) { + /* Add this app to httpContextData list over child apps and set onPreOpen */ + httpContext->getSocketContextData()->childApps.push_back((void *) app); + + httpContext->onPreOpen([](struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR fd) -> LIBUS_SOCKET_DESCRIPTOR { + + HttpContext *httpContext = (HttpContext *) context; + + if (httpContext->getSocketContextData()->childApps.empty()) { + return fd; + } + + //std::cout << "Distributing fd: " << fd << " from context: " << context << std::endl; + + unsigned int *roundRobin = &httpContext->getSocketContextData()->roundRobin; + + //std::cout << "Round robin is: " << *roundRobin << " and size of apps is: " << httpContext->getSocketContextData()->childApps.size() << std::endl; + + BuilderPatternReturnType *receivingApp = (BuilderPatternReturnType *) httpContext->getSocketContextData()->childApps[*roundRobin]; + + + //std::cout << "Loop is " << receivingApp->getLoop() << std::endl; + + + receivingApp->getLoop()->defer([fd, receivingApp]() { + //std::cout << "About to adopt socket " << fd << " on receivingApp " << receivingApp << std::endl; + receivingApp->adoptSocket(fd); + //std::cout << "Done " << std::endl; + }); + + if (++(*roundRobin) == httpContext->getSocketContextData()->childApps.size()) { + *roundRobin = 0; + } + + return fd + 1; + }); + return std::move(static_cast(*this)); } /* adopt an externally accepted socket */ - TemplatedApp &&adoptSocket(LIBUS_SOCKET_DESCRIPTOR accepted_fd) { + BuilderPatternReturnType &&adoptSocket(LIBUS_SOCKET_DESCRIPTOR accepted_fd) { httpContext->adoptAcceptedSocket(accepted_fd); - return std::move(*this); + return std::move(static_cast(*this)); } - TemplatedApp &&run() { + BuilderPatternReturnType &&run() { uWS::run(); - return std::move(*this); + return std::move(static_cast(*this)); } Loop *getLoop() { @@ -598,9 +644,13 @@ struct TemplatedApp { }; -typedef TemplatedApp App; -typedef TemplatedApp SSLApp; +} +#include "CachingApp.h" + +namespace uWS { + typedef uWS::CachingApp App; + typedef uWS::CachingApp SSLApp; } #endif // UWS_APP_H diff --git a/vendor/hydra/vendor/uwebsockets/src/AsyncSocket.h b/vendor/hydra/vendor/uwebsockets/src/AsyncSocket.h index 2406d640..bf7b50a7 100644 --- a/vendor/hydra/vendor/uwebsockets/src/AsyncSocket.h +++ b/vendor/hydra/vendor/uwebsockets/src/AsyncSocket.h @@ -47,7 +47,7 @@ struct AsyncSocket { /* This guy is promiscuous */ template friend struct HttpContext; template friend struct WebSocketContext; - template friend struct TemplatedApp; + template friend struct TemplatedApp; template friend struct WebSocketContextData; template friend struct TopicTree; template friend struct HttpResponse; @@ -141,7 +141,7 @@ struct AsyncSocket { getLoopData()->corkedSocket = this; } - /* Returns wheter we are corked or not */ + /* Returns whether we are corked or not */ bool isCorked() { return getLoopData()->corkedSocket == this; } @@ -231,7 +231,7 @@ struct AsyncSocket { } /* Write in three levels of prioritization: cork-buffer, syscall, socket-buffer. Always drain if possible. - * Returns pair of bytes written (anywhere) and wheter or not this call resulted in the polling for + * Returns pair of bytes written (anywhere) and whether or not this call resulted in the polling for * writable (or we are in a state that implies polling for writable). */ std::pair write(const char *src, int length, bool optionally = false, int nextLength = 0) { /* Fake success if closed, simple fix to allow uncork of closed socket to succeed */ diff --git a/vendor/hydra/vendor/uwebsockets/src/BloomFilter.h b/vendor/hydra/vendor/uwebsockets/src/BloomFilter.h index 5d2398eb..a98cc395 100644 --- a/vendor/hydra/vendor/uwebsockets/src/BloomFilter.h +++ b/vendor/hydra/vendor/uwebsockets/src/BloomFilter.h @@ -30,7 +30,7 @@ struct BloomFilter { private: std::bitset<256> filter; static inline uint32_t perfectHash(uint32_t features) { - return features *= 1843993368; + return features * 1843993368; } union ScrambleArea { diff --git a/vendor/hydra/vendor/uwebsockets/src/CachingApp.h b/vendor/hydra/vendor/uwebsockets/src/CachingApp.h new file mode 100644 index 00000000..7593bb7e --- /dev/null +++ b/vendor/hydra/vendor/uwebsockets/src/CachingApp.h @@ -0,0 +1,113 @@ +#ifndef UWS_CACHINGAPP_H +#define UWS_CACHINGAPP_H + +#include "App.h" +#include +#include +#include +#include + +namespace uWS { + +struct StringViewHash { + size_t operator()(std::string_view sv) const { + return std::hash{}(sv); + } +}; + +struct StringViewEqual { + bool operator()(std::string_view sv1, std::string_view sv2) const { + return sv1 == sv2; + } +}; + + + +class CachingHttpResponse { +public: + CachingHttpResponse(uWS::HttpResponse *res) + : res(res) {} + + void write(std::string_view data) { + buffer.append(data); + } + + void end(std::string_view data = "", bool closeConnection = false) { + buffer.append(data); + + // end for all queued up sockets also + res->end(buffer); + + created = time(0); + } + +public: + uWS::HttpResponse* res; // should be a vector of waiting sockets + + + std::string buffer; // body + time_t created; +}; + +typedef std::unordered_map CacheType; + +// we can also derive from H3app later on +template +struct CachingApp : public uWS::TemplatedApp> { +public: + CachingApp(SocketContextOptions options = {}) : uWS::TemplatedApp>(options) {} + + using uWS::TemplatedApp>::get; + + CachingApp(const CachingApp &other) = delete; + CachingApp(CachingApp &&other) : uWS::TemplatedApp>(std::move(other)) { + // also move the cache + } + + ~CachingApp() { + + } + + // variant 1: only taking URL into account + CachingApp &&get(const std::string& url, uWS::MoveOnlyFunction &&handler, unsigned int secondsToExpiry) { + ((uWS::TemplatedApp> *)this)->get(url, [this, handler = std::move(handler), secondsToExpiry](auto* res, auto* req) mutable { + /* We need to know the cache key and the time of now */ + std::string_view cache_key = req->getFullUrl(); + time_t now = static_cast(us_loop_ext((us_loop_t *)uWS::Loop::get()))->cacheTimepoint; + + auto it = cache.find(cache_key); + if (it != cache.end()) { + + if (it->second->created + secondsToExpiry > now) { + res->end(it->second->buffer); // tryEnd! + return; + } + + /* We are no longer valid, delete old cache and fall through to create a new entry */ + delete it->second; + + // is the cache completed? if not, add yourself to the waiting list of sockets to that cache + + // if the cache completed? ok, is it still valid? use it + } + + // immediately take the place in the cache + CachingHttpResponse *cachingRes; + cache[cache_key] = (cachingRes = new CachingHttpResponse(res)); + + handler(cachingRes, req); + }); + return std::move(*this); + } + + // variant 2: taking URL and a list of headers into account + // todo + +private: + CacheType cache; +}; + +} +#endif \ No newline at end of file diff --git a/vendor/hydra/vendor/uwebsockets/src/HttpContext.h b/vendor/hydra/vendor/uwebsockets/src/HttpContext.h index 1f47b8bc..a5db82b4 100644 --- a/vendor/hydra/vendor/uwebsockets/src/HttpContext.h +++ b/vendor/hydra/vendor/uwebsockets/src/HttpContext.h @@ -35,7 +35,7 @@ template struct HttpResponse; template struct HttpContext { - template friend struct TemplatedApp; + template friend struct TemplatedApp; template friend struct HttpResponse; private: HttpContext() = delete; @@ -149,7 +149,9 @@ struct HttpContext { HttpResponseData *httpResponseData = (HttpResponseData *) us_socket_ext(SSL, (us_socket_t *) s); httpResponseData->offset = 0; - /* Are we not ready for another request yet? Terminate the connection. */ + /* Are we not ready for another request yet? Terminate the connection. + * Important for denying async pipelining until, if ever, we want to suppot it. + * Otherwise requests can get mixed up on the same connection. We still support sync pipelining. */ if (httpResponseData->state & HttpResponseData::HTTP_RESPONSE_PENDING) { us_socket_close(SSL, (us_socket_t *) s, 0, nullptr); return nullptr; @@ -487,7 +489,7 @@ struct HttpContext { return us_socket_context_listen_unix(SSL, getSocketContext(), path, options, sizeof(HttpResponseData)); } - void onPreOpen(LIBUS_SOCKET_DESCRIPTOR (*handler)(LIBUS_SOCKET_DESCRIPTOR)) { + void onPreOpen(LIBUS_SOCKET_DESCRIPTOR (*handler)(struct us_socket_context_t *, LIBUS_SOCKET_DESCRIPTOR)) { us_socket_context_on_pre_open(SSL, getSocketContext(), handler); } diff --git a/vendor/hydra/vendor/uwebsockets/src/HttpContextData.h b/vendor/hydra/vendor/uwebsockets/src/HttpContextData.h index 157af353..9473660a 100644 --- a/vendor/hydra/vendor/uwebsockets/src/HttpContextData.h +++ b/vendor/hydra/vendor/uwebsockets/src/HttpContextData.h @@ -31,7 +31,7 @@ template struct alignas(16) HttpContextData { template friend struct HttpContext; template friend struct HttpResponse; - template friend struct TemplatedApp; + template friend struct TemplatedApp; private: std::vector *, int)>> filterHandlers; @@ -49,6 +49,10 @@ struct alignas(16) HttpContextData { HttpRouter router; void *upgradedWebSocket = nullptr; bool isParsingHttp = false; + + /* If we are main acceptor, distribute to these apps */ + std::vector childApps; + unsigned int roundRobin = 0; }; } diff --git a/vendor/hydra/vendor/uwebsockets/src/HttpParser.h b/vendor/hydra/vendor/uwebsockets/src/HttpParser.h index 02126ed1..cf86cd2b 100644 --- a/vendor/hydra/vendor/uwebsockets/src/HttpParser.h +++ b/vendor/hydra/vendor/uwebsockets/src/HttpParser.h @@ -311,11 +311,20 @@ struct HttpParser { if (memcmp(" HTTP/1.1\r\n", data, 11) == 0) { return data + 11; } - return nullptr; + /* If we stand at the post padded CR, we have fragmented input so try again later */ + if (data[0] == '\r') { + return nullptr; + } + /* This is an error */ + return (char *) 0x1; } } } - return nullptr; + /* If we stand at the post padded CR, we have fragmented input so try again later */ + if (data[0] == '\r') { + return nullptr; + } + return (char *) 0x1; } /* RFC 9110: 5.5 Field Values (TLDR; anything above 31 is allowed; htab (9) is also allowed) @@ -364,10 +373,10 @@ struct HttpParser { * which is then removed, and our counters to flip due to overflow and we end up with a crash */ /* The request line is different from the field names / field values */ - if (!(postPaddedBuffer = consumeRequestLine(postPaddedBuffer, headers[0]))) { + if ((char *) 2 > (postPaddedBuffer = consumeRequestLine(postPaddedBuffer, headers[0]))) { /* Error - invalid request line */ /* Assuming it is 505 HTTP Version Not Supported */ - err = HTTP_ERROR_505_HTTP_VERSION_NOT_SUPPORTED; + err = postPaddedBuffer ? HTTP_ERROR_505_HTTP_VERSION_NOT_SUPPORTED : 0; return 0; } headers++; @@ -437,6 +446,7 @@ struct HttpParser { } } /* We ran out of header space, too large request */ + err = HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE; return 0; } diff --git a/vendor/hydra/vendor/uwebsockets/src/HttpResponse.h b/vendor/hydra/vendor/uwebsockets/src/HttpResponse.h index bf623f41..633cd038 100644 --- a/vendor/hydra/vendor/uwebsockets/src/HttpResponse.h +++ b/vendor/hydra/vendor/uwebsockets/src/HttpResponse.h @@ -46,7 +46,7 @@ static const int HTTP_TIMEOUT_S = 10; template struct HttpResponse : public AsyncSocket { /* Solely used for getHttpResponseData() */ - template friend struct TemplatedApp; + template friend struct TemplatedApp; typedef AsyncSocket Super; private: HttpResponseData *getHttpResponseData() { diff --git a/vendor/hydra/vendor/uwebsockets/src/LocalCluster.h b/vendor/hydra/vendor/uwebsockets/src/LocalCluster.h index 81feffc9..f59a8d18 100644 --- a/vendor/hydra/vendor/uwebsockets/src/LocalCluster.h +++ b/vendor/hydra/vendor/uwebsockets/src/LocalCluster.h @@ -34,7 +34,7 @@ struct LocalCluster { cb(*app); - app->preOpen([](LIBUS_SOCKET_DESCRIPTOR fd) -> LIBUS_SOCKET_DESCRIPTOR { + app->preOpen([](struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR fd) -> LIBUS_SOCKET_DESCRIPTOR { /* Distribute this socket in round robin fashion */ //std::cout << "About to load balance " << fd << " to " << roundRobin << std::endl; diff --git a/vendor/hydra/vendor/uwebsockets/src/LoopData.h b/vendor/hydra/vendor/uwebsockets/src/LoopData.h index 986bf0cb..1b79659c 100644 --- a/vendor/hydra/vendor/uwebsockets/src/LoopData.h +++ b/vendor/hydra/vendor/uwebsockets/src/LoopData.h @@ -61,13 +61,13 @@ struct alignas(16) LoopData { } void updateDate() { - time_t now = time(0); + cacheTimepoint = time(0); struct tm tstruct = {}; #ifdef _WIN32 /* Micro, fucking soft never follows spec. */ - gmtime_s(&tstruct, &now); + gmtime_s(&tstruct, &cacheTimepoint); #else - gmtime_r(&now, &tstruct); + gmtime_r(&cacheTimepoint, &tstruct); #endif static const char wday_name[][4] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" @@ -87,6 +87,7 @@ struct alignas(16) LoopData { } char date[32]; + time_t cacheTimepoint = 0; /* Be silent */ bool noMark = false; diff --git a/vendor/hydra/vendor/uwebsockets/src/WebSocket.h b/vendor/hydra/vendor/uwebsockets/src/WebSocket.h index f2663e58..0b738abe 100644 --- a/vendor/hydra/vendor/uwebsockets/src/WebSocket.h +++ b/vendor/hydra/vendor/uwebsockets/src/WebSocket.h @@ -29,7 +29,7 @@ namespace uWS { template struct WebSocket : AsyncSocket { - template friend struct TemplatedApp; + template friend struct TemplatedApp; template friend struct HttpResponse; private: typedef AsyncSocket Super; @@ -115,7 +115,7 @@ struct WebSocket : AsyncSocket { /* Special path for long sends of non-compressed, non-SSL messages */ if (message.length() >= 16 * 1024 && !compress && !SSL && !webSocketData->subscriber && getBufferedAmount() == 0 && Super::getLoopData()->corkOffset == 0) { char header[10]; - int header_length = (int) protocol::formatMessage(header, nullptr, 0, opCode, message.length(), compress, fin); + int header_length = (int) protocol::formatMessage(header, "", 0, opCode, message.length(), compress, fin); int written = us_socket_write2(0, (struct us_socket_t *)this, header, header_length, message.data(), (int) message.length()); if (written != header_length + (int) message.length()) { @@ -241,6 +241,7 @@ struct WebSocket : AsyncSocket { if (webSocketContextData->closeHandler) { webSocketContextData->closeHandler(this, code, message); } + ((USERDATA *) this->getUserData())->~USERDATA(); } /* Corks the response if possible. Leaves already corked socket be. */ diff --git a/vendor/hydra/vendor/uwebsockets/src/WebSocketContext.h b/vendor/hydra/vendor/uwebsockets/src/WebSocketContext.h index c49a6ac9..8b8b418b 100644 --- a/vendor/hydra/vendor/uwebsockets/src/WebSocketContext.h +++ b/vendor/hydra/vendor/uwebsockets/src/WebSocketContext.h @@ -27,7 +27,7 @@ namespace uWS { template struct WebSocketContext { - template friend struct TemplatedApp; + template friend struct TemplatedApp; template friend struct WebSocketProtocol; private: WebSocketContext() = delete; @@ -269,9 +269,11 @@ struct WebSocketContext { webSocketContextData->topicTree->freeSubscriber(webSocketData->subscriber); webSocketData->subscriber = nullptr; + auto *ws = (WebSocket *) s; if (webSocketContextData->closeHandler) { - webSocketContextData->closeHandler((WebSocket *) s, 1006, {(char *) reason, (size_t) code}); + webSocketContextData->closeHandler(ws, 1006, {(char *) reason, (size_t) code}); } + ((USERDATA *) ws->getUserData())->~USERDATA(); } /* Destruct in-placed data struct */ @@ -369,11 +371,11 @@ struct WebSocketContext { return s; }); - /* Handle FIN, HTTP does not support half-closed sockets, so simply close */ + /* Handle FIN, WebSocket does not support half-closed sockets, so simply close */ us_socket_context_on_end(SSL, getSocketContext(), [](auto *s) { /* If we get a fin, we just close I guess */ - us_socket_close(SSL, (us_socket_t *) s, 0, nullptr); + us_socket_close(SSL, (us_socket_t *) s, (int) ERR_TCP_FIN.length(), (void *) ERR_TCP_FIN.data()); return s; }); diff --git a/vendor/hydra/vendor/uwebsockets/src/WebSocketProtocol.h b/vendor/hydra/vendor/uwebsockets/src/WebSocketProtocol.h index a1f4ca19..a37120d2 100644 --- a/vendor/hydra/vendor/uwebsockets/src/WebSocketProtocol.h +++ b/vendor/hydra/vendor/uwebsockets/src/WebSocketProtocol.h @@ -33,6 +33,8 @@ const std::string_view ERR_WEBSOCKET_TIMEOUT("WebSocket timed out from inactivit const std::string_view ERR_INVALID_TEXT("Received invalid UTF-8"); const std::string_view ERR_TOO_BIG_MESSAGE_INFLATION("Received too big message, or other inflation error"); const std::string_view ERR_INVALID_CLOSE_PAYLOAD("Received invalid close payload"); +const std::string_view ERR_PROTOCOL("Received invalid WebSocket frame"); +const std::string_view ERR_TCP_FIN("Received TCP FIN before WebSocket close frame"); enum OpCode : unsigned char { CONTINUATION = 0, @@ -113,14 +115,15 @@ T cond_byte_swap(T value) { // https://www.cl.cam.ac.uk/~mgk25/ucs/utf8_check.c // Optimized for predominantly 7-bit content by Alex Hultman, 2016 // Licensed as Zlib, like the rest of this project +// This runs about 40% faster than simdutf with g++ -mavx static bool isValidUtf8(unsigned char *s, size_t length) { for (unsigned char *e = s + length; s != e; ) { - if (s + 4 <= e) { - uint32_t tmp; - memcpy(&tmp, s, 4); - if ((tmp & 0x80808080) == 0) { - s += 4; + if (s + 16 <= e) { + uint64_t tmp[2]; + memcpy(tmp, s, 16); + if (((tmp[0] & 0x8080808080808080) | (tmp[1] & 0x8080808080808080)) == 0) { + s += 16; continue; } } @@ -170,7 +173,7 @@ static inline CloseFrame parseClosePayload(char *src, size_t length) { if (cf.code < 1000 || cf.code > 4999 || (cf.code > 1011 && cf.code < 4000) || (cf.code >= 1004 && cf.code <= 1006) || !isValidUtf8((unsigned char *) cf.message, cf.length)) { /* Even though we got a WebSocket close frame, it in itself is abnormal */ - return {1006, nullptr, 0}; + return {1006, (char *) ERR_INVALID_CLOSE_PAYLOAD.data(), ERR_INVALID_CLOSE_PAYLOAD.length()}; } } return cf; @@ -340,12 +343,12 @@ struct WebSocketProtocol { static inline bool consumeMessage(T payLength, char *&src, unsigned int &length, WebSocketState *wState, void *user) { if (getOpCode(src)) { if (wState->state.opStack == 1 || (!wState->state.lastFin && getOpCode(src) < 2)) { - Impl::forceClose(wState, user); + Impl::forceClose(wState, user, ERR_PROTOCOL); return true; } wState->state.opCode[++wState->state.opStack] = (OpCode) getOpCode(src); } else if (wState->state.opStack == -1) { - Impl::forceClose(wState, user); + Impl::forceClose(wState, user, ERR_PROTOCOL); return true; } wState->state.lastFin = isFin(src); @@ -468,7 +471,7 @@ struct WebSocketProtocol { // invalid reserved bits / invalid opcodes / invalid control frames / set compressed frame if ((rsv1(src) && !Impl::setCompressed(wState, user)) || rsv23(src) || (getOpCode(src) > 2 && getOpCode(src) < 8) || getOpCode(src) > 10 || (getOpCode(src) > 2 && (!isFin(src) || payloadLength(src) > 125))) { - Impl::forceClose(wState, user); + Impl::forceClose(wState, user, ERR_PROTOCOL); return; } diff --git a/vendor/hydra/vendor/uwebsockets/uSockets/src/context.c b/vendor/hydra/vendor/uwebsockets/uSockets/src/context.c index 4b57d895..61e2f14d 100644 --- a/vendor/hydra/vendor/uwebsockets/uSockets/src/context.c +++ b/vendor/hydra/vendor/uwebsockets/uSockets/src/context.c @@ -418,7 +418,7 @@ struct us_socket_t *us_socket_context_adopt_socket(int ssl, struct us_socket_con } /* For backwards compatibility, this function will be set to nullptr by default. */ -void us_socket_context_on_pre_open(int ssl, struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(LIBUS_SOCKET_DESCRIPTOR fd)) { +void us_socket_context_on_pre_open(int ssl, struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR fd)) { /* For this event, there is no difference between SSL and non-SSL */ context->on_pre_open = on_pre_open; } diff --git a/vendor/hydra/vendor/uwebsockets/uSockets/src/internal/internal.h b/vendor/hydra/vendor/uwebsockets/uSockets/src/internal/internal.h index 2bb4213e..ce7a24c2 100644 --- a/vendor/hydra/vendor/uwebsockets/uSockets/src/internal/internal.h +++ b/vendor/hydra/vendor/uwebsockets/uSockets/src/internal/internal.h @@ -130,7 +130,7 @@ struct us_socket_context_t { struct us_socket_t *iterator; struct us_socket_context_t *prev, *next; - LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(LIBUS_SOCKET_DESCRIPTOR fd); + LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR fd); struct us_socket_t *(*on_open)(struct us_socket_t *, int is_client, char *ip, int ip_length); struct us_socket_t *(*on_data)(struct us_socket_t *, char *data, int length); struct us_socket_t *(*on_writable)(struct us_socket_t *); diff --git a/vendor/hydra/vendor/uwebsockets/uSockets/src/libusockets.h b/vendor/hydra/vendor/uwebsockets/uSockets/src/libusockets.h index 344c68ce..dde4bb67 100644 --- a/vendor/hydra/vendor/uwebsockets/uSockets/src/libusockets.h +++ b/vendor/hydra/vendor/uwebsockets/uSockets/src/libusockets.h @@ -156,7 +156,7 @@ void us_socket_context_free(int ssl, struct us_socket_context_t *context); /* Setters of various async callbacks */ void us_socket_context_on_pre_open(int ssl, struct us_socket_context_t *context, - LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(LIBUS_SOCKET_DESCRIPTOR fd)); + LIBUS_SOCKET_DESCRIPTOR (*on_pre_open)(struct us_socket_context_t *context, LIBUS_SOCKET_DESCRIPTOR fd)); void us_socket_context_on_open(int ssl, struct us_socket_context_t *context, struct us_socket_t *(*on_open)(struct us_socket_t *s, int is_client, char *ip, int ip_length)); void us_socket_context_on_close(int ssl, struct us_socket_context_t *context, diff --git a/vendor/hydra/vendor/uwebsockets/uSockets/src/loop.c b/vendor/hydra/vendor/uwebsockets/uSockets/src/loop.c index 88709d0b..77b75986 100644 --- a/vendor/hydra/vendor/uwebsockets/uSockets/src/loop.c +++ b/vendor/hydra/vendor/uwebsockets/uSockets/src/loop.c @@ -277,7 +277,7 @@ void us_internal_dispatch_ready_poll(struct us_poll_t *p, int error, int events) do { struct us_socket_context_t *context = us_socket_context(0, &listen_socket->s); /* See if we want to export the FD or keep it here (this event can be unset) */ - if (context->on_pre_open == 0 || context->on_pre_open(client_fd) == client_fd) { + if (context->on_pre_open == 0 || context->on_pre_open(context, client_fd) == client_fd) { /* Adopt the newly accepted socket */ us_adopt_accepted_socket(0, context, diff --git a/vendor/hydra/vendor/uwebsockets/uSockets/src/quic.c b/vendor/hydra/vendor/uwebsockets/uSockets/src/quic.c index 94a37b9d..6ed335be 100644 --- a/vendor/hydra/vendor/uwebsockets/uSockets/src/quic.c +++ b/vendor/hydra/vendor/uwebsockets/uSockets/src/quic.c @@ -152,7 +152,7 @@ void on_udp_socket_data_client(struct us_udp_socket_t *s, struct us_udp_packet_b } - int ret = lsquic_engine_packet_in(context->client_engine, payload, length, (struct sockaddr *) &local_addr, peer_addr, (void *) s, 0); + int ret = lsquic_engine_packet_in(context->client_engine, (unsigned char *) payload, length, (struct sockaddr *) &local_addr, peer_addr, (void *) s, 0); //printf("Engine returned: %d\n", ret); @@ -215,7 +215,7 @@ void on_udp_socket_data(struct us_udp_socket_t *s, struct us_udp_packet_buffer_t } - int ret = lsquic_engine_packet_in(context->engine, payload, length, (struct sockaddr *) &local_addr, peer_addr, (void *) s, 0); + int ret = lsquic_engine_packet_in(context->engine, (unsigned char *) payload, length, (struct sockaddr *) &local_addr, peer_addr, (void *) s, 0); //printf("Engine returned: %d\n", ret); diff --git a/vendor/jsonbinpack/src/compiler/encoding.h b/vendor/jsonbinpack/src/compiler/encoding.h index be1f2b36..304d45c8 100644 --- a/vendor/jsonbinpack/src/compiler/encoding.h +++ b/vendor/jsonbinpack/src/compiler/encoding.h @@ -4,8 +4,6 @@ #include #include -#include // std::future - namespace sourcemeta::jsonbinpack { constexpr auto ENCODING_V1{"tag:sourcemeta.com,2024:jsonbinpack/encoding/v1"}; @@ -13,22 +11,19 @@ constexpr auto ENCODING_V1{"tag:sourcemeta.com,2024:jsonbinpack/encoding/v1"}; inline auto make_resolver(const sourcemeta::jsontoolkit::SchemaResolver &fallback) -> auto { return [&fallback](std::string_view identifier) - -> std::future> { - std::promise> promise; + -> std::optional { if (identifier == ENCODING_V1) { - promise.set_value(sourcemeta::jsontoolkit::parse(R"JSON({ + return sourcemeta::jsontoolkit::parse(R"JSON({ "$id": "tag:sourcemeta.com,2024:jsonbinpack/encoding/v1", "$schema": "https://json-schema.org/draft/2020-12/schema", "$vocabulary": { "https://json-schema.org/draft/2020-12/vocab/core": true, "tag:sourcemeta.com,2024:jsonbinpack/encoding/v1": true } - })JSON")); + })JSON"); } else { - promise.set_value(fallback(identifier).get()); + return fallback(identifier); } - - return promise.get_future(); }; } diff --git a/vendor/jsonbinpack/vendor/noa/cmake/noa/compiler/options.cmake b/vendor/jsonbinpack/vendor/noa/cmake/noa/compiler/options.cmake index b1fc6e53..dde90f21 100644 --- a/vendor/jsonbinpack/vendor/noa/cmake/noa/compiler/options.cmake +++ b/vendor/jsonbinpack/vendor/noa/cmake/noa/compiler/options.cmake @@ -42,6 +42,10 @@ function(noa_add_default_options visibility target) -Winvalid-offsetof -funroll-loops -fstrict-aliasing + -ftree-vectorize + + # To improve how much GCC/Clang will vectorize + -fno-math-errno # Assume that signed arithmetic overflow of addition, subtraction and # multiplication wraps around using twos-complement representation @@ -78,10 +82,28 @@ function(noa_add_default_options visibility target) -fslp-vectorize) elseif(NOA_COMPILER_GCC) target_compile_options("${target}" ${visibility} + -fno-trapping-math # Newer versions of GCC (i.e. 14) seem to print a lot of false-positives here -Wno-dangling-reference - + # GCC seems to print a lot of false-positives here + -Wno-free-nonheap-object # Disables runtime type information -fno-rtti) endif() endfunction() + +# For studying failed vectorization results +# - On Clang , seems to only take effect on release shared builds +# - On GCC, seems to only take effect on release shared builds +function(noa_add_vectorization_diagnostics target) + if(NOA_COMPILER_LLVM) + # See https://llvm.org/docs/Vectorizers.html#id6 + target_compile_options("${target}" PRIVATE + -Rpass-analysis=loop-vectorize + -Rpass-missed=loop-vectorize) + elseif(NOA_COMPILER_GCC) + target_compile_options("${target}" PRIVATE + -fopt-info-vec-missed + -fopt-info-loop-missed) + endif() +endfunction() diff --git a/vendor/jsonbinpack/vendor/noa/cmake/noa/library.cmake b/vendor/jsonbinpack/vendor/noa/cmake/noa/library.cmake index 05d57748..9868714d 100644 --- a/vendor/jsonbinpack/vendor/noa/cmake/noa/library.cmake +++ b/vendor/jsonbinpack/vendor/noa/cmake/noa/library.cmake @@ -1,6 +1,6 @@ function(noa_library) cmake_parse_arguments(NOA_LIBRARY "" - "NAMESPACE;PROJECT;NAME;FOLDER" "PRIVATE_HEADERS;SOURCES" ${ARGN}) + "NAMESPACE;PROJECT;NAME;FOLDER;VARIANT" "PRIVATE_HEADERS;SOURCES" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -18,7 +18,11 @@ function(noa_library) set(INCLUDE_PREFIX "include/${NOA_LIBRARY_PROJECT}") endif() - set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + if(NOT NOA_LIBRARY_VARIANT) + set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + else() + set(PUBLIC_HEADER "../${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + endif() if(NOA_LIBRARY_SOURCES) set(ABSOLUTE_PRIVATE_HEADERS "${CMAKE_CURRENT_BINARY_DIR}/${NOA_LIBRARY_NAME}_export.h") @@ -38,6 +42,11 @@ function(noa_library) set(ALIAS_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + set(ALIAS_NAME "${ALIAS_NAME}::${NOA_LIBRARY_VARIANT}") + endif() + if(NOA_LIBRARY_SOURCES) add_library(${TARGET_NAME} ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS} ${NOA_LIBRARY_SOURCES}) @@ -50,23 +59,34 @@ function(noa_library) add_library(${ALIAS_NAME} ALIAS ${TARGET_NAME}) + if(NOT NOA_LIBRARY_VARIANT) + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/include") + else() + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/../include") + endif() if(NOA_LIBRARY_SOURCES) target_include_directories(${TARGET_NAME} PUBLIC - "$" + "$" "$") else() target_include_directories(${TARGET_NAME} INTERFACE - "$" + "$" "$") endif() if(NOA_LIBRARY_SOURCES) + if(NOA_LIBRARY_VARIANT) + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}::${NOA_LIBRARY_VARIANT}") + else() + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") + endif() + set_target_properties(${TARGET_NAME} PROPERTIES OUTPUT_NAME ${TARGET_NAME} PUBLIC_HEADER "${PUBLIC_HEADER}" PRIVATE_HEADER "${ABSOLUTE_PRIVATE_HEADERS}" - EXPORT_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}" + EXPORT_NAME "${export_name}" FOLDER "${NOA_LIBRARY_FOLDER}") else() set_target_properties(${TARGET_NAME} @@ -93,7 +113,7 @@ function(noa_library) endfunction() function(noa_library_install) - cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME" "" ${ARGN}) + cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME;VARIANT" "" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -114,6 +134,10 @@ function(noa_library_install) set(NAMESPACE_PREFIX "") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + endif() + include(GNUInstallDirs) install(TARGETS ${TARGET_NAME} EXPORT ${TARGET_NAME} diff --git a/vendor/jsontoolkit/CMakeLists.txt b/vendor/jsontoolkit/CMakeLists.txt index 37f1c948..00afac4f 100644 --- a/vendor/jsontoolkit/CMakeLists.txt +++ b/vendor/jsontoolkit/CMakeLists.txt @@ -1,6 +1,6 @@ cmake_minimum_required(VERSION 3.16) -project(jsontoolkit VERSION 2.0.0 LANGUAGES CXX - DESCRIPTION "The high-performance JSON Schema evaluator and related JSON utilities for modern C++" +project(jsontoolkit VERSION 2.0.0 LANGUAGES C CXX + DESCRIPTION "The swiss-army knife for JSON programming in C++" HOMEPAGE_URL "https://jsontoolkit.sourcemeta.com") list(APPEND CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake") include(vendor/noa/cmake/noa.cmake) @@ -9,7 +9,6 @@ include(vendor/noa/cmake/noa.cmake) option(JSONTOOLKIT_URI "Build the JSON Toolkit URI library" ON) option(JSONTOOLKIT_JSON "Build the JSON Toolkit JSON library" ON) option(JSONTOOLKIT_JSONSCHEMA "Build the JSON Toolkit JSON Schema library" ON) -option(JSONTOOLKIT_EVALUATOR "Build the JSON Toolkit JSON Schema evaluator library" ON) option(JSONTOOLKIT_JSONPOINTER "Build the JSON Toolkit JSON Pointer library" ON) option(JSONTOOLKIT_JSONL "Build the JSON Toolkit JSONL library" ON) option(JSONTOOLKIT_TESTS "Build the JSON Toolkit tests" OFF) @@ -50,13 +49,7 @@ if(JSONTOOLKIT_JSON AND JSONTOOLKIT_JSONPOINTER) endif() if(JSONTOOLKIT_URI AND JSONTOOLKIT_JSON AND - JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_EVALUATOR) - add_subdirectory(src/evaluator) -endif() - -if(JSONTOOLKIT_URI AND JSONTOOLKIT_JSON AND - JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_EVALUATOR AND - JSONTOOLKIT_JSONSCHEMA) + JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_JSONSCHEMA) add_subdirectory(src/jsonschema) endif() @@ -77,6 +70,7 @@ endif() if(PROJECT_IS_TOP_LEVEL) noa_target_clang_format(SOURCES + bindings/*.cc src/*.h src/*.cc benchmark/*.h benchmark/*.cc test/*.h test/*.cc) @@ -102,13 +96,7 @@ if(JSONTOOLKIT_TESTS) endif() if(JSONTOOLKIT_URI AND JSONTOOLKIT_JSON AND - JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_EVALUATOR) - add_subdirectory(test/evaluator) - endif() - - if(JSONTOOLKIT_URI AND JSONTOOLKIT_JSON AND - JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_EVALUATOR AND - JSONTOOLKIT_JSONSCHEMA) + JSONTOOLKIT_JSONPOINTER AND JSONTOOLKIT_JSONSCHEMA) add_subdirectory(test/jsonschema) endif() diff --git a/vendor/jsontoolkit/cmake/FindGoogleBenchmark.cmake b/vendor/jsontoolkit/cmake/FindGoogleBenchmark.cmake index 1ae1b8af..da442f63 100644 --- a/vendor/jsontoolkit/cmake/FindGoogleBenchmark.cmake +++ b/vendor/jsontoolkit/cmake/FindGoogleBenchmark.cmake @@ -1,5 +1,5 @@ -if(NOT Benchnark_FOUND) +if(NOT Benchmark_FOUND) set(BENCHMARK_ENABLE_TESTING OFF CACHE BOOL "Enable testing of the benchmark library.") add_subdirectory("${PROJECT_SOURCE_DIR}/vendor/googlebenchmark") - set(Benchnark_FOUND ON) + set(Benchmark_FOUND ON) endif() diff --git a/vendor/jsontoolkit/cmake/FindUriParser.cmake b/vendor/jsontoolkit/cmake/FindUriParser.cmake index 29a44938..0a73a5c9 100644 --- a/vendor/jsontoolkit/cmake/FindUriParser.cmake +++ b/vendor/jsontoolkit/cmake/FindUriParser.cmake @@ -1,17 +1,73 @@ if(NOT UriParser_FOUND) - set(URIPARSER_BUILD_DOCS OFF CACHE BOOL "omit docs") - set(URIPARSER_BUILD_TESTS OFF CACHE BOOL "omit tests") - set(URIPARSER_BUILD_TOOLS OFF CACHE BOOL "omit tools") - set(URIPARSER_BUILD_TOOLS OFF CACHE BOOL "omit tools") - set(URIPARSER_ENABLE_INSTALL OFF CACHE BOOL "omit installation") + set(URIPARSER_DIR "${PROJECT_SOURCE_DIR}/vendor/uriparser") - add_subdirectory("${PROJECT_SOURCE_DIR}/vendor/uriparser") + set(URIPARSER_PUBLIC_HEADER "${URIPARSER_DIR}/include/uriparser/Uri.h") + set(URIPARSER_PRIVATE_HEADERS + "${URIPARSER_DIR}/include/uriparser/UriBase.h" + "${URIPARSER_DIR}/include/uriparser/UriDefsAnsi.h" + "${URIPARSER_DIR}/include/uriparser/UriDefsConfig.h" + "${URIPARSER_DIR}/include/uriparser/UriDefsUnicode.h" + "${URIPARSER_DIR}/include/uriparser/UriIp4.h") + + configure_file("${URIPARSER_DIR}/src/UriConfig.h.in" + "${CMAKE_CURRENT_BINARY_DIR}/uriparser/UriConfig.h") + + set(URIPARSER_SOURCES + "${URIPARSER_PUBLIC_HEADER}" ${URIPARSER_PRIVATE_HEADERS} + "${CMAKE_CURRENT_BINARY_DIR}/uriparser/UriConfig.h" + "${URIPARSER_DIR}/src/UriCommon.c" + "${URIPARSER_DIR}/src/UriCommon.h" + "${URIPARSER_DIR}/src/UriCompare.c" + "${URIPARSER_DIR}/src/UriEscape.c" + "${URIPARSER_DIR}/src/UriFile.c" + "${URIPARSER_DIR}/src/UriIp4.c" + "${URIPARSER_DIR}/src/UriIp4Base.c" + "${URIPARSER_DIR}/src/UriIp4Base.h" + "${URIPARSER_DIR}/src/UriMemory.c" + "${URIPARSER_DIR}/src/UriMemory.h" + "${URIPARSER_DIR}/src/UriNormalize.c" + "${URIPARSER_DIR}/src/UriNormalizeBase.c" + "${URIPARSER_DIR}/src/UriNormalizeBase.h" + "${URIPARSER_DIR}/src/UriParse.c" + "${URIPARSER_DIR}/src/UriParseBase.c" + "${URIPARSER_DIR}/src/UriParseBase.h" + "${URIPARSER_DIR}/src/UriQuery.c" + "${URIPARSER_DIR}/src/UriRecompose.c" + "${URIPARSER_DIR}/src/UriResolve.c" + "${URIPARSER_DIR}/src/UriShorten.c") + + add_library(uriparser ${URIPARSER_SOURCES}) add_library(uriparser::uriparser ALIAS uriparser) + if(BUILD_SHARED_LIBS) + target_compile_definitions(uriparser PUBLIC URI_LIBRARY_BUILD) + target_compile_definitions(uriparser PUBLIC URI_VISIBILITY) + else() + target_compile_definitions(uriparser PUBLIC URI_STATIC_BUILD) + endif() + + target_include_directories(uriparser PRIVATE "${URIPARSER_DIR}/include") + target_include_directories(uriparser PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/uriparser") + + target_include_directories(uriparser PUBLIC + "$" + "$") + + set_target_properties(uriparser + PROPERTIES + OUTPUT_NAME uriparser + PUBLIC_HEADER "${URIPARSER_PUBLIC_HEADER}" + PRIVATE_HEADER "${URIPARSER_PRIVATE_HEADERS}" + EXPORT_NAME uriparser) + if(JSONTOOLKIT_INSTALL) include(GNUInstallDirs) install(TARGETS uriparser EXPORT uriparser + PUBLIC_HEADER DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/uriparser" + COMPONENT sourcemeta_jsontoolkit_dev + PRIVATE_HEADER DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/uriparser" + COMPONENT sourcemeta_jsontoolkit_dev RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT sourcemeta_jsontoolkit LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" diff --git a/vendor/jsontoolkit/config.cmake.in b/vendor/jsontoolkit/config.cmake.in index 6d611955..4a7d224b 100644 --- a/vendor/jsontoolkit/config.cmake.in +++ b/vendor/jsontoolkit/config.cmake.in @@ -9,7 +9,6 @@ if(NOT JSONTOOLKIT_COMPONENTS) list(APPEND JSONTOOLKIT_COMPONENTS jsonl) list(APPEND JSONTOOLKIT_COMPONENTS jsonpointer) list(APPEND JSONTOOLKIT_COMPONENTS jsonschema) - list(APPEND JSONTOOLKIT_COMPONENTS evaluator) endif() foreach(component ${JSONTOOLKIT_COMPONENTS}) @@ -36,22 +35,7 @@ foreach(component ${JSONTOOLKIT_COMPONENTS}) include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_uri.cmake") include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_json.cmake") include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_jsonpointer.cmake") - include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_evaluator.cmake") - - # GCC does not allow the use of std::promise, std::future - # without compiling with pthreads support. - if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - set(CMAKE_THREAD_PREFER_PTHREAD TRUE) - set(THREADS_PREFER_PTHREAD_FLAG TRUE) - include(CMakeFindDependencyMacro) - find_dependency(Threads) - endif() - include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_jsonschema.cmake") - elseif(component STREQUAL "evaluator") - include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_uri.cmake") - include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_json.cmake") - include("${CMAKE_CURRENT_LIST_DIR}/sourcemeta_jsontoolkit_evaluator.cmake") else() message(FATAL_ERROR "Unknown JSON Toolkit component: ${component}") endif() diff --git a/vendor/jsontoolkit/src/evaluator/CMakeLists.txt b/vendor/jsontoolkit/src/evaluator/CMakeLists.txt deleted file mode 100644 index 1140bc9f..00000000 --- a/vendor/jsontoolkit/src/evaluator/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -noa_library(NAMESPACE sourcemeta PROJECT jsontoolkit NAME evaluator - FOLDER "JSON Toolkit/Evaluator" - PRIVATE_HEADERS error.h value.h template.h context.h - SOURCES evaluator.cc context.cc trace.h) - -if(JSONTOOLKIT_INSTALL) - noa_library_install(NAMESPACE sourcemeta PROJECT jsontoolkit NAME evaluator) -endif() - -if(PROJECT_IS_TOP_LEVEL) - noa_add_vectorization_diagnostics(sourcemeta_jsontoolkit_evaluator) -endif() - -target_link_libraries(sourcemeta_jsontoolkit_evaluator PUBLIC - sourcemeta::jsontoolkit::json) -target_link_libraries(sourcemeta_jsontoolkit_evaluator PUBLIC - sourcemeta::jsontoolkit::jsonpointer) -target_link_libraries(sourcemeta_jsontoolkit_evaluator PRIVATE - sourcemeta::jsontoolkit::uri) diff --git a/vendor/jsontoolkit/src/evaluator/context.cc b/vendor/jsontoolkit/src/evaluator/context.cc deleted file mode 100644 index 699f63b0..00000000 --- a/vendor/jsontoolkit/src/evaluator/context.cc +++ /dev/null @@ -1,288 +0,0 @@ -#include -#include - -#include // assert - -namespace sourcemeta::jsontoolkit { - -auto EvaluationContext::prepare(const JSON &instance) -> void { - // Do a full reset for the next run - assert(this->evaluate_path_.empty()); - assert(this->instance_location_.empty()); - assert(this->frame_sizes.empty()); - assert(this->resources_.empty()); - this->instances_.clear(); - this->instances_.emplace_back(instance); - this->annotation_blacklist.clear(); - this->annotations_.clear(); - this->labels.clear(); - this->property_as_instance = false; -} - -auto EvaluationContext::push_without_traverse( - const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, const bool dynamic) -> void { - // Guard against infinite recursion in a cheap manner, as - // infinite recursion will manifest itself through huge - // ever-growing evaluate paths - constexpr auto EVALUATE_PATH_LIMIT{300}; - if (this->evaluate_path_.size() > EVALUATE_PATH_LIMIT) [[unlikely]] { - throw sourcemeta::jsontoolkit::SchemaEvaluationError( - "The evaluation path depth limit was reached " - "likely due to infinite recursion"); - } - - this->frame_sizes.emplace_back(relative_schema_location.size(), - relative_instance_location.size()); - this->evaluate_path_.push_back(relative_schema_location); - this->instance_location_.push_back(relative_instance_location); - - if (dynamic) { - // Note that we are potentially repeatedly pushing back the - // same schema resource over and over again. However, the - // logic for making sure this list is "pure" takes a lot of - // computation power. Being silly seems faster. - this->resources_.push_back(schema_resource); - } -} - -auto EvaluationContext::push(const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, - const bool dynamic) -> void { - this->push_without_traverse(relative_schema_location, - relative_instance_location, schema_resource, - dynamic); - if (!relative_instance_location.empty()) { - assert(!this->instances_.empty()); - this->instances_.emplace_back( - get(this->instances_.back().get(), relative_instance_location)); - } -} - -auto EvaluationContext::push(const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, - const bool dynamic, - std::reference_wrapper &&new_instance) - -> void { - this->push_without_traverse(relative_schema_location, - relative_instance_location, schema_resource, - dynamic); - assert(!relative_instance_location.empty()); - this->instances_.emplace_back(new_instance); -} - -auto EvaluationContext::pop(const bool dynamic) -> void { - assert(!this->frame_sizes.empty()); - const auto &sizes{this->frame_sizes.back()}; - this->evaluate_path_.pop_back(sizes.first); - this->instance_location_.pop_back(sizes.second); - if (sizes.second > 0) { - this->instances_.pop_back(); - } - - this->frame_sizes.pop_back(); - - // TODO: Do schema resource management using hashes to avoid - // expensive string comparisons - if (dynamic) { - assert(!this->resources_.empty()); - this->resources_.pop_back(); - } -} - -auto EvaluationContext::annotate(const WeakPointer ¤t_instance_location, - const JSON &value) - -> std::pair, bool> { - const auto result{this->annotations_.insert({current_instance_location, {}}) - .first->second.insert({this->evaluate_path(), {}}) - .first->second.insert(value)}; - return {*(result.first), result.second}; -} - -auto EvaluationContext::defines_annotation( - const WeakPointer &expected_instance_location, - const WeakPointer &base_evaluate_path, - const std::vector &keywords, const JSON &value) const -> bool { - if (keywords.empty()) { - return false; - } - - const auto instance_location_result{ - this->annotations_.find(expected_instance_location)}; - if (instance_location_result == this->annotations_.end()) { - return false; - } - - for (const auto &[schema_location, schema_annotations] : - instance_location_result->second) { - assert(!schema_location.empty()); - const auto &keyword{schema_location.back()}; - - if (keyword.is_property() && - std::find(keywords.cbegin(), keywords.cend(), keyword.to_property()) != - keywords.cend() && - schema_annotations.contains(value) && - schema_location.initial().starts_with(base_evaluate_path)) { - bool blacklisted = false; - for (const auto &masked : this->annotation_blacklist) { - if (schema_location.starts_with(masked) && - !this->evaluate_path_.starts_with(masked)) { - blacklisted = true; - break; - } - } - - if (!blacklisted) { - return true; - } - } - } - - return false; -} - -auto EvaluationContext::largest_annotation_index( - const WeakPointer &expected_instance_location, - const std::vector &keywords, - const std::uint64_t default_value) const -> std::uint64_t { - // TODO: We should be taking masks into account - - std::uint64_t result{default_value}; - - const auto instance_location_result{ - this->annotations_.find(expected_instance_location)}; - if (instance_location_result == this->annotations_.end()) { - return result; - } - - for (const auto &[schema_location, schema_annotations] : - instance_location_result->second) { - assert(!schema_location.empty()); - const auto &keyword{schema_location.back()}; - if (!keyword.is_property()) { - continue; - } - - if (std::find(keywords.cbegin(), keywords.cend(), keyword.to_property()) == - keywords.cend()) { - continue; - } - - for (const auto &annotation : schema_annotations) { - if (annotation.is_integer() && annotation.is_positive()) { - result = std::max( - result, static_cast(annotation.to_integer()) + 1); - } - } - } - - return result; -} - -auto EvaluationContext::enter(const WeakPointer::Token::Property &property) - -> void { - this->instance_location_.push_back(property); - this->instances_.emplace_back(this->instances_.back().get().at(property)); -} - -auto EvaluationContext::enter(const WeakPointer::Token::Index &index) -> void { - this->instance_location_.push_back(index); - this->instances_.emplace_back(this->instances_.back().get().at(index)); -} - -auto EvaluationContext::leave() -> void { - this->instance_location_.pop_back(); - this->instances_.pop_back(); -} - -auto EvaluationContext::instances() const noexcept - -> const std::vector> & { - return this->instances_; -} - -auto EvaluationContext::resources() const noexcept - -> const std::vector & { - return this->resources_; -} - -auto EvaluationContext::evaluate_path() const noexcept -> const WeakPointer & { - return this->evaluate_path_; -} - -auto EvaluationContext::instance_location() const noexcept - -> const WeakPointer & { - return this->instance_location_; -} - -auto EvaluationContext::target_type(const TargetType type) noexcept -> void { - this->property_as_instance = (type == TargetType::Key); -} - -auto EvaluationContext::resolve_target() -> const JSON & { - if (this->property_as_instance) [[unlikely]] { - // In this case, we still need to return a string in order - // to cope with non-string keywords inside `propertyNames` - // that need to fail validation. But then, the actual string - // we return doesn't matter, so we can always return a dummy one. - static const JSON empty_string{""}; - return empty_string; - } - - return this->instances_.back().get(); -} - -auto EvaluationContext::resolve_string_target() - -> std::optional> { - if (this->property_as_instance) [[unlikely]] { - assert(!this->instance_location().empty()); - assert(this->instance_location().back().is_property()); - return this->instance_location().back().to_property(); - } else { - const auto &result{this->instances_.back().get()}; - if (!result.is_string()) { - return std::nullopt; - } - - return result.to_string(); - } -} - -auto EvaluationContext::mark(const std::size_t id, - const SchemaCompilerTemplate &children) -> void { - this->labels.try_emplace(id, children); -} - -// TODO: At least currently, we only need to mask if a schema -// makes use of `unevaluatedProperties` or `unevaluatedItems` -// Detect if a schema does need this so if not, we avoid -// an unnecessary copy -auto EvaluationContext::mask() -> void { - this->annotation_blacklist.push_back(this->evaluate_path_); -} - -auto EvaluationContext::jump(const std::size_t id) const noexcept - -> const SchemaCompilerTemplate & { - assert(this->labels.contains(id)); - return this->labels.at(id).get(); -} - -auto EvaluationContext::find_dynamic_anchor(const std::string &anchor) const - -> std::optional { - for (const auto &resource : this->resources()) { - std::ostringstream name; - name << resource; - name << '#'; - name << anchor; - const auto label{std::hash{}(name.str())}; - if (this->labels.contains(label)) { - return label; - } - } - - return std::nullopt; -} - -} // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/evaluator/evaluator.cc b/vendor/jsontoolkit/src/evaluator/evaluator.cc deleted file mode 100644 index e9d46829..00000000 --- a/vendor/jsontoolkit/src/evaluator/evaluator.cc +++ /dev/null @@ -1,1189 +0,0 @@ -#include -#include - -#include "trace.h" - -#include // std::min, std::any_of -#include // assert -#include // std::distance, std::advance -#include // std::numeric_limits -#include // std::optional - -namespace { - -auto evaluate_step( - const sourcemeta::jsontoolkit::SchemaCompilerTemplate::value_type &step, - const sourcemeta::jsontoolkit::SchemaCompilerEvaluationMode mode, - const std::optional< - sourcemeta::jsontoolkit::SchemaCompilerEvaluationCallback> &callback, - sourcemeta::jsontoolkit::EvaluationContext &context) -> bool { - SOURCEMETA_TRACE_REGISTER_ID(trace_dispatch_id); - SOURCEMETA_TRACE_REGISTER_ID(trace_id); - SOURCEMETA_TRACE_START(trace_dispatch_id, "Dispatch"); - using namespace sourcemeta::jsontoolkit; - -#define STRINGIFY(x) #x - -#define EVALUATE_BEGIN(step_category, step_type, precondition) \ - SOURCEMETA_TRACE_END(trace_dispatch_id, "Dispatch"); \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - const auto &target{context.resolve_target()}; \ - if (!(precondition)) { \ - context.pop(step_category.dynamic); \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - bool result{false}; - -#define EVALUATE_BEGIN_IF_STRING(step_category, step_type) \ - SOURCEMETA_TRACE_END(trace_dispatch_id, "Dispatch"); \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - const auto &maybe_target{context.resolve_string_target()}; \ - if (!maybe_target.has_value()) { \ - context.pop(step_category.dynamic); \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - const auto &target{maybe_target.value().get()}; \ - bool result{false}; - -#define EVALUATE_BEGIN_NO_TARGET(step_category, step_type, precondition) \ - SOURCEMETA_TRACE_END(trace_dispatch_id, "Dispatch"); \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - if (!(precondition)) { \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - bool result{false}; - - // This is a slightly complicated dance to avoid traversing the relative - // instance location twice. We first need to traverse it to check if its - // valid in the document as part of the condition, but if it is, we can - // pass it to `.push()` so that it doesn't need to traverse it again. -#define EVALUATE_BEGIN_TRY_TARGET(step_category, step_type, precondition) \ - SOURCEMETA_TRACE_END(trace_dispatch_id, "Dispatch"); \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &target{context.resolve_target()}; \ - const auto &step_category{std::get(step)}; \ - if (!(precondition)) { \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - auto target_check{ \ - try_get(target, step_category.relative_instance_location)}; \ - if (!target_check.has_value()) { \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic, \ - std::move(target_check.value())); \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - bool result{false}; - -#define EVALUATE_BEGIN_NO_PRECONDITION(step_category, step_type) \ - SOURCEMETA_TRACE_END(trace_dispatch_id, "Dispatch"); \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - bool result{false}; - -#define EVALUATE_END(step_category, step_type) \ - if (step_category.report && callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Post, result, step, \ - context.evaluate_path(), context.instance_location(), \ - context.null); \ - } \ - context.pop(step_category.dynamic); \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return result; - - // As a safety guard, only emit the annotation if it didn't exist already. - // Otherwise we risk confusing consumers - -#define EVALUATE_ANNOTATION(step_category, step_type, precondition, \ - destination, annotation_value) \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - assert(step_category.relative_instance_location.empty()); \ - const auto &target{context.resolve_target()}; \ - if (!(precondition)) { \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; \ - } \ - const auto annotation_result{ \ - context.annotate(destination, annotation_value)}; \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - if (annotation_result.second && step_category.report && \ - callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), destination, context.null); \ - callback.value()(SchemaCompilerEvaluationType::Post, true, step, \ - context.evaluate_path(), destination, \ - annotation_result.first); \ - } \ - context.pop(step_category.dynamic); \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; - -#define EVALUATE_ANNOTATION_NO_PRECONDITION(step_category, step_type, \ - destination, annotation_value) \ - SOURCEMETA_TRACE_START(trace_id, STRINGIFY(step_type)); \ - const auto &step_category{std::get(step)}; \ - const auto annotation_result{ \ - context.annotate(destination, annotation_value)}; \ - context.push(step_category.relative_schema_location, \ - step_category.relative_instance_location, \ - step_category.schema_resource, step_category.dynamic); \ - if (annotation_result.second && step_category.report && \ - callback.has_value()) { \ - callback.value()(SchemaCompilerEvaluationType::Pre, true, step, \ - context.evaluate_path(), destination, context.null); \ - callback.value()(SchemaCompilerEvaluationType::Post, true, step, \ - context.evaluate_path(), destination, \ - annotation_result.first); \ - } \ - context.pop(step_category.dynamic); \ - SOURCEMETA_TRACE_END(trace_id, STRINGIFY(step_type)); \ - return true; - -#define IS_STEP(step_type) SchemaCompilerTemplateIndex::step_type - switch (static_cast(step.index())) { - case IS_STEP(SchemaCompilerAssertionFail): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, SchemaCompilerAssertionFail); - EVALUATE_END(assertion, SchemaCompilerAssertionFail); - } - - case IS_STEP(SchemaCompilerAssertionDefines): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionDefines, - target.is_object()); - result = target.defines(assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionDefines); - } - - case IS_STEP(SchemaCompilerAssertionDefinesAll): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionDefinesAll, - target.is_object()); - - // Otherwise we are we even emitting this instruction? - assert(assertion.value.size() > 1); - result = true; - for (const auto &property : assertion.value) { - if (!target.defines(property)) { - result = false; - break; - } - } - - EVALUATE_END(assertion, SchemaCompilerAssertionDefinesAll); - } - - case IS_STEP(SchemaCompilerAssertionPropertyDependencies): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionPropertyDependencies, - target.is_object()); - // Otherwise we are we even emitting this instruction? - assert(!assertion.value.empty()); - result = true; - for (const auto &[property, dependencies] : assertion.value) { - if (!target.defines(property)) { - continue; - } - - assert(!dependencies.empty()); - for (const auto &dependency : dependencies) { - if (!target.defines(dependency)) { - result = false; - // For efficiently breaking from the outer loop too - goto evaluate_assertion_property_dependencies_end; - } - } - } - - evaluate_assertion_property_dependencies_end: - EVALUATE_END(assertion, SchemaCompilerAssertionPropertyDependencies); - } - - case IS_STEP(SchemaCompilerAssertionType): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, SchemaCompilerAssertionType); - const auto &target{context.resolve_target()}; - // In non-strict mode, we consider a real number that represents an - // integer to be an integer - result = - target.type() == assertion.value || - (assertion.value == JSON::Type::Integer && target.is_integer_real()); - EVALUATE_END(assertion, SchemaCompilerAssertionType); - } - - case IS_STEP(SchemaCompilerAssertionTypeAny): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, SchemaCompilerAssertionTypeAny); - // Otherwise we are we even emitting this instruction? - assert(assertion.value.size() > 1); - const auto &target{context.resolve_target()}; - // In non-strict mode, we consider a real number that represents an - // integer to be an integer - for (const auto type : assertion.value) { - if (type == JSON::Type::Integer && target.is_integer_real()) { - result = true; - break; - } else if (type == target.type()) { - result = true; - break; - } - } - - EVALUATE_END(assertion, SchemaCompilerAssertionTypeAny); - } - - case IS_STEP(SchemaCompilerAssertionTypeStrict): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionTypeStrict); - result = context.resolve_target().type() == assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionTypeStrict); - } - - case IS_STEP(SchemaCompilerAssertionTypeStrictAny): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionTypeStrictAny); - // Otherwise we are we even emitting this instruction? - assert(assertion.value.size() > 1); - result = (std::find(assertion.value.cbegin(), assertion.value.cend(), - context.resolve_target().type()) != - assertion.value.cend()); - EVALUATE_END(assertion, SchemaCompilerAssertionTypeStrictAny); - } - - case IS_STEP(SchemaCompilerAssertionTypeStringBounded): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionTypeStringBounded); - const auto &target{context.resolve_target()}; - const auto minimum{std::get<0>(assertion.value)}; - const auto maximum{std::get<1>(assertion.value)}; - assert(!maximum.has_value() || maximum.value() >= minimum); - // Require early breaking - assert(!std::get<2>(assertion.value)); - result = target.type() == JSON::Type::String && - target.size() >= minimum && - (!maximum.has_value() || target.size() <= maximum.value()); - EVALUATE_END(assertion, SchemaCompilerAssertionTypeStringBounded); - } - - case IS_STEP(SchemaCompilerAssertionTypeArrayBounded): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionTypeArrayBounded); - const auto &target{context.resolve_target()}; - const auto minimum{std::get<0>(assertion.value)}; - const auto maximum{std::get<1>(assertion.value)}; - assert(!maximum.has_value() || maximum.value() >= minimum); - // Require early breaking - assert(!std::get<2>(assertion.value)); - result = target.type() == JSON::Type::Array && target.size() >= minimum && - (!maximum.has_value() || target.size() <= maximum.value()); - EVALUATE_END(assertion, SchemaCompilerAssertionTypeArrayBounded); - } - - case IS_STEP(SchemaCompilerAssertionTypeObjectBounded): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionTypeObjectBounded); - const auto &target{context.resolve_target()}; - const auto minimum{std::get<0>(assertion.value)}; - const auto maximum{std::get<1>(assertion.value)}; - assert(!maximum.has_value() || maximum.value() >= minimum); - // Require early breaking - assert(!std::get<2>(assertion.value)); - result = target.type() == JSON::Type::Object && - target.size() >= minimum && - (!maximum.has_value() || target.size() <= maximum.value()); - EVALUATE_END(assertion, SchemaCompilerAssertionTypeObjectBounded); - } - - case IS_STEP(SchemaCompilerAssertionRegex): { - EVALUATE_BEGIN_IF_STRING(assertion, SchemaCompilerAssertionRegex); - result = std::regex_search(target, assertion.value.first); - EVALUATE_END(assertion, SchemaCompilerAssertionRegex); - } - - case IS_STEP(SchemaCompilerAssertionStringSizeLess): { - EVALUATE_BEGIN_IF_STRING(assertion, - SchemaCompilerAssertionStringSizeLess); - result = (JSON::size(target) < assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionStringSizeLess); - } - - case IS_STEP(SchemaCompilerAssertionStringSizeGreater): { - EVALUATE_BEGIN_IF_STRING(assertion, - SchemaCompilerAssertionStringSizeGreater); - result = (JSON::size(target) > assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionStringSizeGreater); - } - - case IS_STEP(SchemaCompilerAssertionArraySizeLess): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionArraySizeLess, - target.is_array()); - result = (target.size() < assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionArraySizeLess); - } - - case IS_STEP(SchemaCompilerAssertionArraySizeGreater): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionArraySizeGreater, - target.is_array()); - result = (target.size() > assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionArraySizeGreater); - } - - case IS_STEP(SchemaCompilerAssertionObjectSizeLess): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionObjectSizeLess, - target.is_object()); - result = (target.size() < assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionObjectSizeLess); - } - - case IS_STEP(SchemaCompilerAssertionObjectSizeGreater): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionObjectSizeGreater, - target.is_object()); - result = (target.size() > assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionObjectSizeGreater); - } - - case IS_STEP(SchemaCompilerAssertionEqual): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, SchemaCompilerAssertionEqual); - result = (context.resolve_target() == assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionEqual); - } - - case IS_STEP(SchemaCompilerAssertionEqualsAny): { - EVALUATE_BEGIN_NO_PRECONDITION(assertion, - SchemaCompilerAssertionEqualsAny); - result = (std::find(assertion.value.cbegin(), assertion.value.cend(), - context.resolve_target()) != assertion.value.cend()); - EVALUATE_END(assertion, SchemaCompilerAssertionEqualsAny); - } - - case IS_STEP(SchemaCompilerAssertionGreaterEqual): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionGreaterEqual, - target.is_number()); - result = target >= assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionGreaterEqual); - } - - case IS_STEP(SchemaCompilerAssertionLessEqual): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionLessEqual, - target.is_number()); - result = target <= assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionLessEqual); - } - - case IS_STEP(SchemaCompilerAssertionGreater): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionGreater, - target.is_number()); - result = target > assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionGreater); - } - - case IS_STEP(SchemaCompilerAssertionLess): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionLess, - target.is_number()); - result = target < assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionLess); - } - - case IS_STEP(SchemaCompilerAssertionUnique): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionUnique, - target.is_array()); - result = target.unique(); - EVALUATE_END(assertion, SchemaCompilerAssertionUnique); - } - - case IS_STEP(SchemaCompilerAssertionDivisible): { - EVALUATE_BEGIN(assertion, SchemaCompilerAssertionDivisible, - target.is_number()); - assert(assertion.value.is_number()); - result = target.divisible_by(assertion.value); - EVALUATE_END(assertion, SchemaCompilerAssertionDivisible); - } - - case IS_STEP(SchemaCompilerAssertionStringType): { - EVALUATE_BEGIN_IF_STRING(assertion, SchemaCompilerAssertionStringType); - switch (assertion.value) { - case SchemaCompilerValueStringType::URI: - try { - // TODO: This implies a string copy - result = URI{target}.is_absolute(); - } catch (const URIParseError &) { - result = false; - } - - break; - default: - // We should never get here - assert(false); - } - - EVALUATE_END(assertion, SchemaCompilerAssertionStringType); - } - - case IS_STEP(SchemaCompilerAssertionPropertyType): { - EVALUATE_BEGIN_TRY_TARGET( - assertion, SchemaCompilerAssertionPropertyType, - // Note that here are are referring to the parent - // object that might hold the given property, - // before traversing into the actual property - target.is_object()); - // Now here we refer to the actual property - const auto &effective_target{context.resolve_target()}; - // In non-strict mode, we consider a real number that represents an - // integer to be an integer - result = effective_target.type() == assertion.value || - (assertion.value == JSON::Type::Integer && - effective_target.is_integer_real()); - EVALUATE_END(assertion, SchemaCompilerAssertionPropertyType); - } - - case IS_STEP(SchemaCompilerAssertionPropertyTypeStrict): { - EVALUATE_BEGIN_TRY_TARGET( - assertion, SchemaCompilerAssertionPropertyTypeStrict, - // Note that here are are referring to the parent - // object that might hold the given property, - // before traversing into the actual property - target.is_object()); - // Now here we refer to the actual property - result = context.resolve_target().type() == assertion.value; - EVALUATE_END(assertion, SchemaCompilerAssertionPropertyTypeStrict); - } - - case IS_STEP(SchemaCompilerLogicalOr): { - EVALUATE_BEGIN_NO_PRECONDITION(logical, SchemaCompilerLogicalOr); - result = logical.children.empty(); - for (const auto &child : logical.children) { - if (evaluate_step(child, mode, callback, context)) { - result = true; - // This boolean value controls whether we should still evaluate - // every disjunction even on fast mode - if (mode == SchemaCompilerEvaluationMode::Fast && !logical.value) { - break; - } - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalOr); - } - - case IS_STEP(SchemaCompilerLogicalAnd): { - EVALUATE_BEGIN_NO_PRECONDITION(logical, SchemaCompilerLogicalAnd); - result = true; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalAnd); - } - - case IS_STEP(SchemaCompilerLogicalWhenType): { - EVALUATE_BEGIN(logical, SchemaCompilerLogicalWhenType, - target.type() == logical.value); - result = true; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalWhenType); - } - - case IS_STEP(SchemaCompilerLogicalWhenDefines): { - EVALUATE_BEGIN(logical, SchemaCompilerLogicalWhenDefines, - target.is_object() && target.defines(logical.value)); - result = true; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalWhenDefines); - } - - case IS_STEP(SchemaCompilerLogicalWhenArraySizeGreater): { - EVALUATE_BEGIN(logical, SchemaCompilerLogicalWhenArraySizeGreater, - target.is_array() && target.size() > logical.value); - result = true; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalWhenArraySizeGreater); - } - - case IS_STEP(SchemaCompilerLogicalWhenArraySizeEqual): { - EVALUATE_BEGIN(logical, SchemaCompilerLogicalWhenArraySizeEqual, - target.is_array() && target.size() == logical.value); - result = true; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalWhenArraySizeEqual); - } - - case IS_STEP(SchemaCompilerLogicalXor): { - EVALUATE_BEGIN_NO_PRECONDITION(logical, SchemaCompilerLogicalXor); - result = true; - bool has_matched{false}; - for (const auto &child : logical.children) { - if (evaluate_step(child, mode, callback, context)) { - if (has_matched) { - result = false; - if (mode == SchemaCompilerEvaluationMode::Fast) { - break; - } - } else { - has_matched = true; - } - } - } - - result = result && has_matched; - EVALUATE_END(logical, SchemaCompilerLogicalXor); - } - - case IS_STEP(SchemaCompilerLogicalCondition): { - EVALUATE_BEGIN_NO_PRECONDITION(logical, SchemaCompilerLogicalCondition); - result = true; - const auto children_size{logical.children.size()}; - assert(children_size >= logical.value.first); - assert(children_size >= logical.value.second); - - auto condition_end{children_size}; - if (logical.value.first > 0) { - condition_end = logical.value.first; - } else if (logical.value.second > 0) { - condition_end = logical.value.second; - } - - for (std::size_t cursor = 0; cursor < condition_end; cursor++) { - if (!evaluate_step(logical.children[cursor], mode, callback, context)) { - result = false; - break; - } - } - - const auto consequence_start{result ? logical.value.first - : logical.value.second}; - const auto consequence_end{(result && logical.value.second > 0) - ? logical.value.second - : children_size}; - result = true; - if (consequence_start > 0) { - for (auto cursor = consequence_start; cursor < consequence_end; - cursor++) { - if (!evaluate_step(logical.children[cursor], mode, callback, - context)) { - result = false; - break; - } - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalCondition); - } - - case IS_STEP(SchemaCompilerLogicalNot): { - EVALUATE_BEGIN_NO_PRECONDITION(logical, SchemaCompilerLogicalNot); - // Ignore annotations produced inside "not" - context.mask(); - result = false; - for (const auto &child : logical.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = true; - if (mode == SchemaCompilerEvaluationMode::Fast) { - break; - } - } - } - - EVALUATE_END(logical, SchemaCompilerLogicalNot); - } - - case IS_STEP(SchemaCompilerControlLabel): { - EVALUATE_BEGIN_NO_PRECONDITION(control, SchemaCompilerControlLabel); - context.mark(control.value, control.children); - result = true; - for (const auto &child : control.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(control, SchemaCompilerControlLabel); - } - - case IS_STEP(SchemaCompilerControlMark): { - SOURCEMETA_TRACE_START(trace_id, "SchemaCompilerControlMark"); - const auto &control{std::get(step)}; - context.mark(control.value, control.children); - SOURCEMETA_TRACE_END(trace_id, "SchemaCompilerControlMark"); - return true; - } - - case IS_STEP(SchemaCompilerControlJump): { - EVALUATE_BEGIN_NO_PRECONDITION(control, SchemaCompilerControlJump); - result = true; - for (const auto &child : context.jump(control.value)) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - - EVALUATE_END(control, SchemaCompilerControlJump); - } - - case IS_STEP(SchemaCompilerControlDynamicAnchorJump): { - EVALUATE_BEGIN_NO_PRECONDITION(control, - SchemaCompilerControlDynamicAnchorJump); - const auto id{context.find_dynamic_anchor(control.value)}; - result = id.has_value(); - if (id.has_value()) { - for (const auto &child : context.jump(id.value())) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - break; - } - } - } - - EVALUATE_END(control, SchemaCompilerControlDynamicAnchorJump); - } - - case IS_STEP(SchemaCompilerAnnotationEmit): { - EVALUATE_ANNOTATION_NO_PRECONDITION( - annotation, SchemaCompilerAnnotationEmit, context.instance_location(), - annotation.value); - } - - case IS_STEP(SchemaCompilerAnnotationWhenArraySizeEqual): { - EVALUATE_ANNOTATION( - annotation, SchemaCompilerAnnotationWhenArraySizeEqual, - target.is_array() && target.size() == annotation.value.first, - context.instance_location(), annotation.value.second); - } - - case IS_STEP(SchemaCompilerAnnotationWhenArraySizeGreater): { - EVALUATE_ANNOTATION( - annotation, SchemaCompilerAnnotationWhenArraySizeGreater, - target.is_array() && target.size() > annotation.value.first, - context.instance_location(), annotation.value.second); - } - - case IS_STEP(SchemaCompilerAnnotationToParent): { - EVALUATE_ANNOTATION_NO_PRECONDITION( - annotation, SchemaCompilerAnnotationToParent, - // TODO: Can we avoid a copy of the instance location here? - context.instance_location().initial(), annotation.value); - } - - case IS_STEP(SchemaCompilerAnnotationBasenameToParent): { - EVALUATE_ANNOTATION_NO_PRECONDITION( - annotation, SchemaCompilerAnnotationBasenameToParent, - // TODO: Can we avoid a copy of the instance location here? - context.instance_location().initial(), - context.instance_location().back().to_json()); - } - - case IS_STEP(SchemaCompilerLoopPropertiesMatch): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesMatch, - target.is_object()); - assert(!loop.value.empty()); - result = true; - for (const auto &entry : target.as_object()) { - const auto index{loop.value.find(entry.first)}; - if (index == loop.value.cend()) { - continue; - } - - const auto &substep{loop.children[index->second]}; - assert(std::holds_alternative(substep)); - for (const auto &child : - std::get(substep).children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - // For efficiently breaking from the outer loop too - goto evaluate_loop_properties_match_end; - } - } - } - - evaluate_loop_properties_match_end: - EVALUATE_END(loop, SchemaCompilerLoopPropertiesMatch); - } - - case IS_STEP(SchemaCompilerLoopProperties): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopProperties, target.is_object()); - result = true; - for (const auto &entry : target.as_object()) { - context.enter(entry.first); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - // For efficiently breaking from the outer loop too - goto evaluate_loop_properties_end; - } - } - - context.leave(); - } - - evaluate_loop_properties_end: - EVALUATE_END(loop, SchemaCompilerLoopProperties); - } - - case IS_STEP(SchemaCompilerLoopPropertiesRegex): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesRegex, - target.is_object()); - result = true; - for (const auto &entry : target.as_object()) { - if (!std::regex_search(entry.first, loop.value.first)) { - continue; - } - - context.enter(entry.first); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - // For efficiently breaking from the outer loop too - goto evaluate_loop_properties_regex_end; - } - } - - context.leave(); - } - - evaluate_loop_properties_regex_end: - EVALUATE_END(loop, SchemaCompilerLoopPropertiesRegex); - } - - case IS_STEP(SchemaCompilerLoopPropertiesNoAnnotation): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesNoAnnotation, - target.is_object()); - result = true; - assert(!loop.value.empty()); - - for (const auto &entry : target.as_object()) { - // TODO: It might be more efficient to get all the annotations we - // potentially care about as a set first, and the make the loop - // check for O(1) containment in that set? - if (context.defines_annotation( - context.instance_location(), - // TODO: Can we avoid doing this expensive operation on a loop? - context.evaluate_path().initial(), loop.value, - // TODO: This conversion implies a string copy - JSON{entry.first})) { - continue; - } - - context.enter(entry.first); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - // For efficiently breaking from the outer loop too - goto evaluate_loop_properties_no_annotation_end; - } - } - - context.leave(); - } - - evaluate_loop_properties_no_annotation_end: - EVALUATE_END(loop, SchemaCompilerLoopPropertiesNoAnnotation); - } - - case IS_STEP(SchemaCompilerLoopPropertiesExcept): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesExcept, - target.is_object()); - result = true; - // Otherwise why emit this instruction? - assert(!loop.value.first.empty() || !loop.value.second.empty()); - - for (const auto &entry : target.as_object()) { - if (loop.value.first.contains(entry.first) || - std::any_of(loop.value.second.cbegin(), loop.value.second.cend(), - [&entry](const auto &pattern) { - return std::regex_search(entry.first, pattern.first); - })) { - continue; - } - - context.enter(entry.first); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - // For efficiently breaking from the outer loop too - goto evaluate_loop_properties_except_end; - } - } - - context.leave(); - } - - evaluate_loop_properties_except_end: - EVALUATE_END(loop, SchemaCompilerLoopPropertiesExcept); - } - - case IS_STEP(SchemaCompilerLoopPropertiesType): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesType, - target.is_object()); - result = true; - for (const auto &entry : target.as_object()) { - context.enter(entry.first); - const auto &entry_target{context.resolve_target()}; - // In non-strict mode, we consider a real number that represents an - // integer to be an integer - if (entry_target.type() != loop.value && - (loop.value != JSON::Type::Integer || - entry_target.is_integer_real())) { - result = false; - context.leave(); - break; - } - - context.leave(); - } - - EVALUATE_END(loop, SchemaCompilerLoopPropertiesType); - } - - case IS_STEP(SchemaCompilerLoopPropertiesTypeStrict): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopPropertiesTypeStrict, - target.is_object()); - result = true; - for (const auto &entry : target.as_object()) { - context.enter(entry.first); - if (context.resolve_target().type() != loop.value) { - result = false; - context.leave(); - break; - } - - context.leave(); - } - - EVALUATE_END(loop, SchemaCompilerLoopPropertiesTypeStrict); - } - - case IS_STEP(SchemaCompilerLoopKeys): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopKeys, target.is_object()); - result = true; - context.target_type( - sourcemeta::jsontoolkit::EvaluationContext::TargetType::Key); - for (const auto &entry : target.as_object()) { - context.enter(entry.first); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - goto evaluate_loop_keys_end; - } - } - - context.leave(); - } - - evaluate_loop_keys_end: - context.target_type( - sourcemeta::jsontoolkit::EvaluationContext::TargetType::Value); - EVALUATE_END(loop, SchemaCompilerLoopKeys); - } - - case IS_STEP(SchemaCompilerLoopItems): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopItems, target.is_array()); - const auto &array{target.as_array()}; - result = true; - auto iterator{array.cbegin()}; - - // We need this check, as advancing an iterator past its bounds - // is considered undefined behavior - // See https://en.cppreference.com/w/cpp/iterator/advance - std::advance(iterator, - std::min(static_cast(loop.value), - static_cast(target.size()))); - - for (; iterator != array.cend(); ++iterator) { - const auto index{std::distance(array.cbegin(), iterator)}; - context.enter(static_cast(index)); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - goto evaluate_compiler_loop_items_end; - } - } - - context.leave(); - } - - evaluate_compiler_loop_items_end: - EVALUATE_END(loop, SchemaCompilerLoopItems); - } - - case IS_STEP(SchemaCompilerLoopItemsUnmarked): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopItemsUnmarked, - target.is_array() && - !context.defines_annotation( - context.instance_location(), - context.evaluate_path(), loop.value, JSON{true})); - // Otherwise you shouldn't be using this step? - assert(!loop.value.empty()); - const auto &array{target.as_array()}; - result = true; - - for (auto iterator = array.cbegin(); iterator != array.cend(); - ++iterator) { - const auto index{std::distance(array.cbegin(), iterator)}; - context.enter(static_cast(index)); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - goto evaluate_compiler_loop_items_unmarked_end; - } - } - - context.leave(); - } - - evaluate_compiler_loop_items_unmarked_end: - EVALUATE_END(loop, SchemaCompilerLoopItemsUnmarked); - } - - case IS_STEP(SchemaCompilerLoopItemsUnevaluated): { - // TODO: This precondition is very expensive due to pointer manipulation - EVALUATE_BEGIN(loop, SchemaCompilerLoopItemsUnevaluated, - target.is_array() && !context.defines_annotation( - context.instance_location(), - context.evaluate_path().initial(), - loop.value.mask, JSON{true})); - const auto &array{target.as_array()}; - result = true; - auto iterator{array.cbegin()}; - - // Determine the proper start based on integer annotations collected for - // the current instance location by the keyword requested by the user. - const std::uint64_t start{context.largest_annotation_index( - context.instance_location(), {loop.value.index}, 0)}; - - // We need this check, as advancing an iterator past its bounds - // is considered undefined behavior - // See https://en.cppreference.com/w/cpp/iterator/advance - std::advance(iterator, - std::min(static_cast(start), - static_cast(target.size()))); - - for (; iterator != array.cend(); ++iterator) { - const auto index{std::distance(array.cbegin(), iterator)}; - - if (context.defines_annotation( - context.instance_location(), - // TODO: Can we avoid doing this expensive operation on a loop? - context.evaluate_path().initial(), loop.value.filter, - JSON{static_cast(index)})) { - continue; - } - - context.enter(static_cast(index)); - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - result = false; - context.leave(); - goto evaluate_compiler_loop_items_unevaluated_end; - } - } - - context.leave(); - } - - evaluate_compiler_loop_items_unevaluated_end: - EVALUATE_END(loop, SchemaCompilerLoopItemsUnevaluated); - } - - case IS_STEP(SchemaCompilerLoopContains): { - EVALUATE_BEGIN(loop, SchemaCompilerLoopContains, target.is_array()); - const auto minimum{std::get<0>(loop.value)}; - const auto &maximum{std::get<1>(loop.value)}; - assert(!maximum.has_value() || maximum.value() >= minimum); - const auto is_exhaustive{std::get<2>(loop.value)}; - result = minimum == 0 && target.empty(); - const auto &array{target.as_array()}; - auto match_count{std::numeric_limits::min()}; - for (auto iterator = array.cbegin(); iterator != array.cend(); - ++iterator) { - const auto index{std::distance(array.cbegin(), iterator)}; - context.enter(static_cast(index)); - bool subresult{true}; - for (const auto &child : loop.children) { - if (!evaluate_step(child, mode, callback, context)) { - subresult = false; - break; - } - } - - context.leave(); - - if (subresult) { - match_count += 1; - - // Exceeding the upper bound is definitely a failure - if (maximum.has_value() && match_count > maximum.value()) { - result = false; - - // Note that here we don't want to consider whether to run - // exhaustively or not. At this point, its already a failure, - // and anything that comes after would not run at all anyway - break; - } - - if (match_count >= minimum) { - result = true; - - // Exceeding the lower bound when there is no upper bound - // is definitely a success - if (!maximum.has_value() && !is_exhaustive) { - break; - } - } - } - } - - EVALUATE_END(loop, SchemaCompilerLoopContains); - } - -#undef IS_STEP -#undef STRINGIFY -#undef EVALUATE_BEGIN -#undef EVALUATE_BEGIN_IF_STRING -#undef EVALUATE_BEGIN_NO_TARGET -#undef EVALUATE_BEGIN_TRY_TARGET -#undef EVALUATE_BEGIN_NO_PRECONDITION -#undef EVALUATE_END -#undef EVALUATE_ANNOTATION -#undef EVALUATE_ANNOTATION_NO_PRECONDITION - - default: - // We should never get here - assert(false); - return false; - } -} - -inline auto evaluate_internal( - sourcemeta::jsontoolkit::EvaluationContext &context, - const sourcemeta::jsontoolkit::SchemaCompilerTemplate &steps, - const sourcemeta::jsontoolkit::SchemaCompilerEvaluationMode mode, - const std::optional< - sourcemeta::jsontoolkit::SchemaCompilerEvaluationCallback> &callback) - -> bool { - bool overall{true}; - for (const auto &step : steps) { - if (!evaluate_step(step, mode, callback, context)) { - overall = false; - break; - } - } - - // The evaluation path and instance location must be empty by the time - // we are done, otherwise there was a frame push/pop mismatch - assert(context.evaluate_path().empty()); - assert(context.instance_location().empty()); - assert(context.resources().empty()); - // We should end up at the root of the instance - assert(context.instances().size() == 1); - return overall; -} - -} // namespace - -namespace sourcemeta::jsontoolkit { - -auto evaluate(const SchemaCompilerTemplate &steps, const JSON &instance, - const SchemaCompilerEvaluationMode mode, - const SchemaCompilerEvaluationCallback &callback) -> bool { - EvaluationContext context; - context.prepare(instance); - return evaluate_internal(context, steps, mode, callback); -} - -auto evaluate(const SchemaCompilerTemplate &steps, const JSON &instance) - -> bool { - EvaluationContext context; - context.prepare(instance); - return evaluate_internal(context, steps, - // Otherwise what's the point of an exhaustive - // evaluation if you don't get the results? - SchemaCompilerEvaluationMode::Fast, std::nullopt); -} - -auto evaluate(const SchemaCompilerTemplate &steps, EvaluationContext &context) - -> bool { - return evaluate_internal(context, steps, - // Otherwise what's the point of an exhaustive - // evaluation if you don't get the results? - SchemaCompilerEvaluationMode::Fast, std::nullopt); -} - -} // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator.h b/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator.h deleted file mode 100644 index b7d0f78a..00000000 --- a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator.h +++ /dev/null @@ -1,181 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_H_ -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_H_ - -#include "evaluator_export.h" - -#include -#include -#include - -#include -#include - -#include // std::uint8_t -#include // std::function - -/// @defgroup evaluator Evaluator -/// @brief A high-performance JSON Schema evaluator -/// -/// This functionality is included as follows: -/// -/// ```cpp -/// #include -/// ``` - -namespace sourcemeta::jsontoolkit { - -/// @ingroup evaluator -/// Represents the mode of evalution -enum class SchemaCompilerEvaluationMode : std::uint8_t { - /// Attempt to get to a boolean result as fast as possible - Fast, - /// Perform a full schema evaluation - Exhaustive -}; - -/// @ingroup evaluator -/// Represents the state of a step evaluation -enum class SchemaCompilerEvaluationType : std::uint8_t { Pre, Post }; - -/// @ingroup evaluator -/// A callback of this type is invoked after evaluating any keyword. The -/// arguments go as follows: -/// -/// - The stage at which the step in question is -/// - Whether the evaluation was successful or not (always true before -/// evaluation) -/// - The step that was just evaluated -/// - The evaluation path -/// - The instance location -/// - The annotation result, if any (otherwise null) -/// -/// You can use this callback mechanism to implement arbitrary output formats. -using SchemaCompilerEvaluationCallback = - std::function; - -/// @ingroup evaluator -/// -/// This function evaluates a schema compiler template in validation mode, -/// returning a boolean without error information. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// const sourcemeta::jsontoolkit::JSON instance{"foo bar"}; -/// const auto result{sourcemeta::jsontoolkit::evaluate( -/// schema_template, instance)}; -/// assert(result); -/// ``` -auto SOURCEMETA_JSONTOOLKIT_EVALUATOR_EXPORT -evaluate(const SchemaCompilerTemplate &steps, const JSON &instance) -> bool; - -/// @ingroup evaluator -/// -/// This function evaluates a schema compiler template, executing the given -/// callback at every step of the way. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// static auto callback( -/// bool result, -/// const sourcemeta::jsontoolkit::SchemaCompilerTemplate::value_type &step, -/// const sourcemeta::jsontoolkit::Pointer &evaluate_path, -/// const sourcemeta::jsontoolkit::Pointer &instance_location, -/// const sourcemeta::jsontoolkit::JSON &document, -/// const sourcemeta::jsontoolkit::JSON &annotation) -> void { -/// std::cout << "TYPE: " << (result ? "Success" : "Failure") << "\n"; -/// std::cout << "STEP:\n"; -/// sourcemeta::jsontoolkit::prettify(sourcemeta::jsontoolkit::to_json({step}), -/// std::cout); -/// std::cout << "\nEVALUATE PATH:"; -/// sourcemeta::jsontoolkit::stringify(evaluate_path, std::cout); -/// std::cout << "\nINSTANCE LOCATION:"; -/// sourcemeta::jsontoolkit::stringify(instance_location, std::cout); -/// std::cout << "\nANNOTATION:\n"; -/// sourcemeta::jsontoolkit::prettify(annotation, std::cout); -/// std::cout << "\n"; -/// } -/// -/// const sourcemeta::jsontoolkit::JSON instance{"foo bar"}; -/// const auto result{sourcemeta::jsontoolkit::evaluate( -/// schema_template, instance, -/// sourcemeta::jsontoolkit::SchemaCompilerEvaluationMode::Fast, -/// callback)}; -/// -/// assert(result); -/// ``` -auto SOURCEMETA_JSONTOOLKIT_EVALUATOR_EXPORT -evaluate(const SchemaCompilerTemplate &steps, const JSON &instance, - const SchemaCompilerEvaluationMode mode, - const SchemaCompilerEvaluationCallback &callback) -> bool; - -/// @ingroup evaluator -/// -/// This function evaluates a schema compiler template from an evaluation -/// context, returning a boolean without error information. The evaluation -/// context can be re-used among evaluations (as long as its always loaded with -/// the new instance first) for performance reasons. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// const sourcemeta::jsontoolkit::JSON instance{"foo bar"}; -/// sourcemeta::jsontoolkit::EvaluationContext context; -/// context.prepare(instance); -/// -/// const auto result{sourcemeta::jsontoolkit::evaluate( -/// schema_template, context)}; -/// assert(result); -/// ``` -auto SOURCEMETA_JSONTOOLKIT_EVALUATOR_EXPORT evaluate( - const SchemaCompilerTemplate &steps, EvaluationContext &context) -> bool; - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_context.h b/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_context.h deleted file mode 100644 index 9a10278e..00000000 --- a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_context.h +++ /dev/null @@ -1,138 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_CONTEXT_H -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_CONTEXT_H - -#include "evaluator_export.h" - -#include - -#include -#include - -#include // assert -#include // std::uint8_t -#include // std::reference_wrapper -#include // std::map -#include // std::optional -#include // std::set -#include // std::vector - -namespace sourcemeta::jsontoolkit { - -/// @ingroup evaluator -/// Represents a stateful schema evaluation context -class SOURCEMETA_JSONTOOLKIT_EVALUATOR_EXPORT EvaluationContext { -public: - /// Prepare the schema evaluation context with a given instance. - /// Performing evaluation on a context without preparing it with - /// an instance is undefined behavior. - auto prepare(const JSON &instance) -> void; - - // All of these methods are considered internal and no - // client must depend on them -#ifndef DOXYGEN - - /////////////////////////////////////////////// - // Evaluation stack - /////////////////////////////////////////////// - - auto evaluate_path() const noexcept -> const WeakPointer &; - auto instance_location() const noexcept -> const WeakPointer &; - auto push(const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, const bool dynamic) -> void; - // A performance shortcut for pushing without re-traversing the target - // if we already know that the destination target will be - auto push(const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, const bool dynamic, - std::reference_wrapper &&new_instance) -> void; - auto pop(const bool dynamic) -> void; - auto enter(const WeakPointer::Token::Property &property) -> void; - auto enter(const WeakPointer::Token::Index &index) -> void; - auto leave() -> void; - -private: - auto push_without_traverse(const Pointer &relative_schema_location, - const Pointer &relative_instance_location, - const std::string &schema_resource, - const bool dynamic) -> void; - -public: - /////////////////////////////////////////////// - // Target resolution - /////////////////////////////////////////////// - - auto instances() const noexcept - -> const std::vector> &; - enum class TargetType : std::uint8_t { Key, Value }; - auto target_type(const TargetType type) noexcept -> void; - auto resolve_target() -> const JSON &; - auto resolve_string_target() - -> std::optional>; - - /////////////////////////////////////////////// - // References and anchors - /////////////////////////////////////////////// - - auto resources() const noexcept -> const std::vector &; - auto mark(const std::size_t id, const SchemaCompilerTemplate &children) - -> void; - // TODO: At least currently, we only need to mask if a schema - // makes use of `unevaluatedProperties` or `unevaluatedItems` - // Detect if a schema does need this so if not, we avoid - // an unnecessary copy - auto mask() -> void; - auto jump(const std::size_t id) const noexcept - -> const SchemaCompilerTemplate &; - auto find_dynamic_anchor(const std::string &anchor) const - -> std::optional; - - /////////////////////////////////////////////// - // Annotations - /////////////////////////////////////////////// - - auto annotate(const WeakPointer ¤t_instance_location, const JSON &value) - -> std::pair, bool>; - auto defines_annotation(const WeakPointer &expected_instance_location, - const WeakPointer &base_evaluate_path, - const std::vector &keywords, - const JSON &value) const -> bool; - auto largest_annotation_index(const WeakPointer &expected_instance_location, - const std::vector &keywords, - const std::uint64_t default_value) const - -> std::uint64_t; - -public: - // TODO: Remove this - const JSON null{nullptr}; - -private: -// Exporting symbols that depends on the standard C++ library is considered -// safe. -// https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-2-c4275?view=msvc-170&redirectedfrom=MSDN -#if defined(_MSC_VER) -#pragma warning(disable : 4251 4275) -#endif - std::vector> instances_; - WeakPointer evaluate_path_; - WeakPointer instance_location_; - std::vector> frame_sizes; - // TODO: Keep hashes of schema resources URI instead for performance reasons - std::vector resources_; - std::vector annotation_blacklist; - // We don't use a pair for holding the two pointers for runtime - // efficiency when resolving keywords like `unevaluatedProperties` - std::map>> annotations_; - std::map> - labels; - bool property_as_instance{false}; -#if defined(_MSC_VER) -#pragma warning(default : 4251 4275) -#endif -#endif -}; - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_error.h b/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_error.h deleted file mode 100644 index 46df2644..00000000 --- a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_error.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_ERROR_H -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_ERROR_H - -#include "evaluator_export.h" - -#include // std::exception -#include // std::string -#include // std::move - -namespace sourcemeta::jsontoolkit { - -// Exporting symbols that depends on the standard C++ library is considered -// safe. -// https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-2-c4275?view=msvc-170&redirectedfrom=MSDN -#if defined(_MSC_VER) -#pragma warning(disable : 4251 4275) -#endif - -/// @ingroup jsonschema -/// An error that represents a schema evaluation error event -class SOURCEMETA_JSONTOOLKIT_EVALUATOR_EXPORT SchemaEvaluationError - : public std::exception { -public: - SchemaEvaluationError(std::string message) : message_{std::move(message)} {} - [[nodiscard]] auto what() const noexcept -> const char * override { - return this->message_.c_str(); - } - -private: - std::string message_; -}; - -#if defined(_MSC_VER) -#pragma warning(default : 4251 4275) -#endif - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_template.h b/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_template.h deleted file mode 100644 index 9a71442a..00000000 --- a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_template.h +++ /dev/null @@ -1,516 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_TEMPLATE_H -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_TEMPLATE_H - -#include - -#include - -#include // std::uint8_t -#include // std::string -#include // std::vector - -namespace sourcemeta::jsontoolkit { - -// Forward declarations for the sole purpose of being bale to define circular -// structures -#ifndef DOXYGEN -struct SchemaCompilerAssertionFail; -struct SchemaCompilerAssertionDefines; -struct SchemaCompilerAssertionDefinesAll; -struct SchemaCompilerAssertionPropertyDependencies; -struct SchemaCompilerAssertionType; -struct SchemaCompilerAssertionTypeAny; -struct SchemaCompilerAssertionTypeStrict; -struct SchemaCompilerAssertionTypeStrictAny; -struct SchemaCompilerAssertionTypeStringBounded; -struct SchemaCompilerAssertionTypeArrayBounded; -struct SchemaCompilerAssertionTypeObjectBounded; -struct SchemaCompilerAssertionRegex; -struct SchemaCompilerAssertionStringSizeLess; -struct SchemaCompilerAssertionStringSizeGreater; -struct SchemaCompilerAssertionArraySizeLess; -struct SchemaCompilerAssertionArraySizeGreater; -struct SchemaCompilerAssertionObjectSizeLess; -struct SchemaCompilerAssertionObjectSizeGreater; -struct SchemaCompilerAssertionEqual; -struct SchemaCompilerAssertionEqualsAny; -struct SchemaCompilerAssertionGreaterEqual; -struct SchemaCompilerAssertionLessEqual; -struct SchemaCompilerAssertionGreater; -struct SchemaCompilerAssertionLess; -struct SchemaCompilerAssertionUnique; -struct SchemaCompilerAssertionDivisible; -struct SchemaCompilerAssertionStringType; -struct SchemaCompilerAssertionPropertyType; -struct SchemaCompilerAssertionPropertyTypeStrict; -struct SchemaCompilerAnnotationEmit; -struct SchemaCompilerAnnotationWhenArraySizeEqual; -struct SchemaCompilerAnnotationWhenArraySizeGreater; -struct SchemaCompilerAnnotationToParent; -struct SchemaCompilerAnnotationBasenameToParent; -struct SchemaCompilerLogicalOr; -struct SchemaCompilerLogicalAnd; -struct SchemaCompilerLogicalXor; -struct SchemaCompilerLogicalCondition; -struct SchemaCompilerLogicalNot; -struct SchemaCompilerLogicalWhenType; -struct SchemaCompilerLogicalWhenDefines; -struct SchemaCompilerLogicalWhenArraySizeGreater; -struct SchemaCompilerLogicalWhenArraySizeEqual; -struct SchemaCompilerLoopPropertiesMatch; -struct SchemaCompilerLoopProperties; -struct SchemaCompilerLoopPropertiesRegex; -struct SchemaCompilerLoopPropertiesNoAnnotation; -struct SchemaCompilerLoopPropertiesExcept; -struct SchemaCompilerLoopPropertiesType; -struct SchemaCompilerLoopPropertiesTypeStrict; -struct SchemaCompilerLoopKeys; -struct SchemaCompilerLoopItems; -struct SchemaCompilerLoopItemsUnmarked; -struct SchemaCompilerLoopItemsUnevaluated; -struct SchemaCompilerLoopContains; -struct SchemaCompilerControlLabel; -struct SchemaCompilerControlMark; -struct SchemaCompilerControlJump; -struct SchemaCompilerControlDynamicAnchorJump; -#endif - -/// @ingroup evaluator -/// Represents a schema compilation step that can be evaluated -using SchemaCompilerTemplate = std::vector>; - -#if !defined(DOXYGEN) -// For fast internal instruction dispatching. It must stay -// in sync with the variant ordering above -enum class SchemaCompilerTemplateIndex : std::uint8_t { - SchemaCompilerAssertionFail = 0, - SchemaCompilerAssertionDefines, - SchemaCompilerAssertionDefinesAll, - SchemaCompilerAssertionPropertyDependencies, - SchemaCompilerAssertionType, - SchemaCompilerAssertionTypeAny, - SchemaCompilerAssertionTypeStrict, - SchemaCompilerAssertionTypeStrictAny, - SchemaCompilerAssertionTypeStringBounded, - SchemaCompilerAssertionTypeArrayBounded, - SchemaCompilerAssertionTypeObjectBounded, - SchemaCompilerAssertionRegex, - SchemaCompilerAssertionStringSizeLess, - SchemaCompilerAssertionStringSizeGreater, - SchemaCompilerAssertionArraySizeLess, - SchemaCompilerAssertionArraySizeGreater, - SchemaCompilerAssertionObjectSizeLess, - SchemaCompilerAssertionObjectSizeGreater, - SchemaCompilerAssertionEqual, - SchemaCompilerAssertionEqualsAny, - SchemaCompilerAssertionGreaterEqual, - SchemaCompilerAssertionLessEqual, - SchemaCompilerAssertionGreater, - SchemaCompilerAssertionLess, - SchemaCompilerAssertionUnique, - SchemaCompilerAssertionDivisible, - SchemaCompilerAssertionStringType, - SchemaCompilerAssertionPropertyType, - SchemaCompilerAssertionPropertyTypeStrict, - SchemaCompilerAnnotationEmit, - SchemaCompilerAnnotationWhenArraySizeEqual, - SchemaCompilerAnnotationWhenArraySizeGreater, - SchemaCompilerAnnotationToParent, - SchemaCompilerAnnotationBasenameToParent, - SchemaCompilerLogicalOr, - SchemaCompilerLogicalAnd, - SchemaCompilerLogicalXor, - SchemaCompilerLogicalCondition, - SchemaCompilerLogicalNot, - SchemaCompilerLogicalWhenType, - SchemaCompilerLogicalWhenDefines, - SchemaCompilerLogicalWhenArraySizeGreater, - SchemaCompilerLogicalWhenArraySizeEqual, - SchemaCompilerLoopPropertiesMatch, - SchemaCompilerLoopProperties, - SchemaCompilerLoopPropertiesRegex, - SchemaCompilerLoopPropertiesNoAnnotation, - SchemaCompilerLoopPropertiesExcept, - SchemaCompilerLoopPropertiesType, - SchemaCompilerLoopPropertiesTypeStrict, - SchemaCompilerLoopKeys, - SchemaCompilerLoopItems, - SchemaCompilerLoopItemsUnmarked, - SchemaCompilerLoopItemsUnevaluated, - SchemaCompilerLoopContains, - SchemaCompilerControlLabel, - SchemaCompilerControlMark, - SchemaCompilerControlJump, - SchemaCompilerControlDynamicAnchorJump -}; -#endif - -#define DEFINE_STEP_WITH_VALUE(category, name, type) \ - struct SchemaCompiler##category##name { \ - const Pointer relative_schema_location; \ - const Pointer relative_instance_location; \ - const std::string keyword_location; \ - const std::string schema_resource; \ - const bool dynamic; \ - const bool report; \ - const type value; \ - }; - -#define DEFINE_STEP_APPLICATOR(category, name, type) \ - struct SchemaCompiler##category##name { \ - const Pointer relative_schema_location; \ - const Pointer relative_instance_location; \ - const std::string keyword_location; \ - const std::string schema_resource; \ - const bool dynamic; \ - const bool report; \ - const type value; \ - const SchemaCompilerTemplate children; \ - }; - -/// @defgroup evaluator_instructions Instruction Set -/// @ingroup evaluator -/// @brief The set of instructions supported by the evaluator. -/// @details -/// -/// Every instruction operates at a specific instance location and with the -/// given value, whose type depends on the instruction. - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that always fails -DEFINE_STEP_WITH_VALUE(Assertion, Fail, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if an object defines -/// a given property -DEFINE_STEP_WITH_VALUE(Assertion, Defines, SchemaCompilerValueString) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if an object defines -/// a set of properties -DEFINE_STEP_WITH_VALUE(Assertion, DefinesAll, SchemaCompilerValueStrings) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if an object defines -/// a set of properties if it defines other set of properties -DEFINE_STEP_WITH_VALUE(Assertion, PropertyDependencies, - SchemaCompilerValueStringMap) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// the given type -DEFINE_STEP_WITH_VALUE(Assertion, Type, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// any of the given types -DEFINE_STEP_WITH_VALUE(Assertion, TypeAny, SchemaCompilerValueTypes) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// the given type (strict version) -DEFINE_STEP_WITH_VALUE(Assertion, TypeStrict, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// any of the given types (strict version) -DEFINE_STEP_WITH_VALUE(Assertion, TypeStrictAny, SchemaCompilerValueTypes) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// type string and adheres to the given bounds -DEFINE_STEP_WITH_VALUE(Assertion, TypeStringBounded, SchemaCompilerValueRange) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// type array and adheres to the given bounds -DEFINE_STEP_WITH_VALUE(Assertion, TypeArrayBounded, SchemaCompilerValueRange) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks if a document is of -/// type object and adheres to the given bounds -DEFINE_STEP_WITH_VALUE(Assertion, TypeObjectBounded, SchemaCompilerValueRange) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a string against an -/// ECMA regular expression -DEFINE_STEP_WITH_VALUE(Assertion, Regex, SchemaCompilerValueRegex) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given string has -/// less than a certain number of characters -DEFINE_STEP_WITH_VALUE(Assertion, StringSizeLess, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given string has -/// greater than a certain number of characters -DEFINE_STEP_WITH_VALUE(Assertion, StringSizeGreater, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given array has -/// less than a certain number of items -DEFINE_STEP_WITH_VALUE(Assertion, ArraySizeLess, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given array has -/// greater than a certain number of items -DEFINE_STEP_WITH_VALUE(Assertion, ArraySizeGreater, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given object has -/// less than a certain number of properties -DEFINE_STEP_WITH_VALUE(Assertion, ObjectSizeLess, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given object has -/// greater than a certain number of properties -DEFINE_STEP_WITH_VALUE(Assertion, ObjectSizeGreater, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks the instance equals -/// a given JSON document -DEFINE_STEP_WITH_VALUE(Assertion, Equal, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks that a JSON document -/// is equal to at least one of the given elements -DEFINE_STEP_WITH_VALUE(Assertion, EqualsAny, SchemaCompilerValueArray) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a JSON document is -/// greater than or equal to another JSON document -DEFINE_STEP_WITH_VALUE(Assertion, GreaterEqual, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a JSON document is -/// less than or equal to another JSON document -DEFINE_STEP_WITH_VALUE(Assertion, LessEqual, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a JSON document is -/// greater than another JSON document -DEFINE_STEP_WITH_VALUE(Assertion, Greater, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a JSON document is -/// less than another JSON document -DEFINE_STEP_WITH_VALUE(Assertion, Less, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a given JSON array -/// does not contain duplicate items -DEFINE_STEP_WITH_VALUE(Assertion, Unique, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks a number is -/// divisible by another number -DEFINE_STEP_WITH_VALUE(Assertion, Divisible, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks that a string is of -/// a certain type -DEFINE_STEP_WITH_VALUE(Assertion, StringType, SchemaCompilerValueStringType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks that an instance -/// property is of a given type if present -DEFINE_STEP_WITH_VALUE(Assertion, PropertyType, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler assertion step that checks that an instance -/// property is of a given type if present (strict mode) -DEFINE_STEP_WITH_VALUE(Assertion, PropertyTypeStrict, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that emits an annotation -DEFINE_STEP_WITH_VALUE(Annotation, Emit, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that emits an annotation when the size of -/// the array instance is equal to the given size -DEFINE_STEP_WITH_VALUE(Annotation, WhenArraySizeEqual, - SchemaCompilerValueIndexedJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that emits an annotation when the size of -/// the array instance is greater than the given size -DEFINE_STEP_WITH_VALUE(Annotation, WhenArraySizeGreater, - SchemaCompilerValueIndexedJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that emits an annotation to the parent -DEFINE_STEP_WITH_VALUE(Annotation, ToParent, SchemaCompilerValueJSON) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that emits the current basename as an -/// annotation to the parent -DEFINE_STEP_WITH_VALUE(Annotation, BasenameToParent, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a disjunction -DEFINE_STEP_APPLICATOR(Logical, Or, SchemaCompilerValueBoolean) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a conjunction -DEFINE_STEP_APPLICATOR(Logical, And, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents an exclusive -/// disjunction -DEFINE_STEP_APPLICATOR(Logical, Xor, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents an imperative conditional compiler logical step -DEFINE_STEP_APPLICATOR(Logical, Condition, SchemaCompilerValueIndexPair) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a negation -DEFINE_STEP_APPLICATOR(Logical, Not, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a conjunction when -/// the instance is of a given type -DEFINE_STEP_APPLICATOR(Logical, WhenType, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a conjunction when -/// the instance is an object and defines a given property -DEFINE_STEP_APPLICATOR(Logical, WhenDefines, SchemaCompilerValueString) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a conjunction when -/// the array instance size is greater than the given number -DEFINE_STEP_APPLICATOR(Logical, WhenArraySizeGreater, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler logical step that represents a conjunction when -/// the array instance size is equal to the given number -DEFINE_STEP_APPLICATOR(Logical, WhenArraySizeEqual, - SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that matches steps to object properties -DEFINE_STEP_APPLICATOR(Loop, PropertiesMatch, SchemaCompilerValueNamedIndexes) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over object properties -DEFINE_STEP_APPLICATOR(Loop, Properties, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over object properties that -/// match a given ECMA regular expression -DEFINE_STEP_APPLICATOR(Loop, PropertiesRegex, SchemaCompilerValueRegex) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over object properties that -/// were not collected as annotations -DEFINE_STEP_APPLICATOR(Loop, PropertiesNoAnnotation, SchemaCompilerValueStrings) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over object properties that -/// do not match the given property filters -DEFINE_STEP_APPLICATOR(Loop, PropertiesExcept, - SchemaCompilerValuePropertyFilter) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that checks every object property is of a -/// given type -DEFINE_STEP_WITH_VALUE(Loop, PropertiesType, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that checks every object property is of a -/// given type (strict mode) -DEFINE_STEP_WITH_VALUE(Loop, PropertiesTypeStrict, SchemaCompilerValueType) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over object property keys -DEFINE_STEP_APPLICATOR(Loop, Keys, SchemaCompilerValueNone) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over array items starting from -/// a given index -DEFINE_STEP_APPLICATOR(Loop, Items, SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over array items when the array -/// is considered unmarked -DEFINE_STEP_APPLICATOR(Loop, ItemsUnmarked, SchemaCompilerValueStrings) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that loops over unevaluated array items -DEFINE_STEP_APPLICATOR(Loop, ItemsUnevaluated, - SchemaCompilerValueItemsAnnotationKeywords) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that checks array items match a given -/// criteria -DEFINE_STEP_APPLICATOR(Loop, Contains, SchemaCompilerValueRange) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that consists of a mark to jump to while -/// executing children instructions -DEFINE_STEP_APPLICATOR(Control, Label, SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that consists of a mark to jump to, but -/// without executing children instructions -DEFINE_STEP_APPLICATOR(Control, Mark, SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that consists of jumping into a -/// pre-registered label -DEFINE_STEP_WITH_VALUE(Control, Jump, SchemaCompilerValueUnsignedInteger) - -/// @ingroup evaluator_instructions -/// @brief Represents a compiler step that consists of jump to a dynamic anchor -DEFINE_STEP_WITH_VALUE(Control, DynamicAnchorJump, SchemaCompilerValueString) - -#undef DEFINE_STEP_WITH_VALUE -#undef DEFINE_STEP_APPLICATOR - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_value.h b/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_value.h deleted file mode 100644 index 2a2ba107..00000000 --- a/vendor/jsontoolkit/src/evaluator/include/sourcemeta/jsontoolkit/evaluator_value.h +++ /dev/null @@ -1,115 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_VALUE_H -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_VALUE_H - -#include -#include - -#include // std::uint8_t -#include // std::optional, std::nullopt -#include // std::regex -#include // std::set -#include // std::string -#include // std::tuple -#include // std::unordered_map -#include // std::pair -#include // std::vector - -namespace sourcemeta::jsontoolkit { - -/// @ingroup evaluator -/// @brief Represents a compiler step empty value -struct SchemaCompilerValueNone {}; - -/// @ingroup evaluator -/// Represents a compiler step JSON value -using SchemaCompilerValueJSON = JSON; - -// Note that for these steps, we prefer vectors over sets as the former performs -// better for small collections, where we can even guarantee uniqueness when -// generating the instructions - -/// @ingroup evaluator -/// Represents a set of JSON values -using SchemaCompilerValueArray = std::vector; - -/// @ingroup evaluator -/// Represents a compiler step string values -using SchemaCompilerValueStrings = std::vector; - -/// @ingroup evaluator -/// Represents a compiler step JSON types value -using SchemaCompilerValueTypes = std::vector; - -/// @ingroup evaluator -/// Represents a compiler step string value -using SchemaCompilerValueString = JSON::String; - -/// @ingroup evaluator -/// Represents a compiler step JSON type value -using SchemaCompilerValueType = JSON::Type; - -/// @ingroup evaluator -/// Represents a compiler step ECMA regular expression value. We store both the -/// original string and the regular expression as standard regular expressions -/// do not keep a copy of their original value (which we need for serialization -/// purposes) -using SchemaCompilerValueRegex = std::pair; - -/// @ingroup evaluator -/// Represents a compiler step JSON unsigned integer value -using SchemaCompilerValueUnsignedInteger = std::size_t; - -/// @ingroup evaluator -/// Represents a compiler step range value. The boolean option -/// modifies whether the range is considered exhaustively or -/// if the evaluator is allowed to break early -using SchemaCompilerValueRange = - std::tuple, bool>; - -/// @ingroup evaluator -/// Represents a compiler step boolean value -using SchemaCompilerValueBoolean = bool; - -/// @ingroup evaluator -/// Represents a compiler step string to index map -using SchemaCompilerValueNamedIndexes = - std::unordered_map; - -/// @ingroup evaluator -/// Represents a compiler step string logical type -enum class SchemaCompilerValueStringType : std::uint8_t { URI }; - -/// @ingroup evaluator -/// Represents an array loop compiler step annotation keywords -struct SchemaCompilerValueItemsAnnotationKeywords { - const SchemaCompilerValueString index; - const SchemaCompilerValueStrings filter; - const SchemaCompilerValueStrings mask; -}; - -/// @ingroup evaluator -/// Represents an compiler step that maps strings to strings -using SchemaCompilerValueStringMap = - std::unordered_map; - -/// @ingroup evaluator -/// Represents a compiler step JSON value accompanied with an index -using SchemaCompilerValueIndexedJSON = - std::pair; - -// Note that while we generally avoid sets, in this case, we want -// hash-based lookups on string collections that might get large. -/// @ingroup evaluator -/// Represents a compiler step value that consist of object property filters -using SchemaCompilerValuePropertyFilter = - std::pair, - std::vector>; - -/// @ingroup evaluator -/// Represents a compiler step value that consists of two indexes -using SchemaCompilerValueIndexPair = std::pair; - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/evaluator/trace.h b/vendor/jsontoolkit/src/evaluator/trace.h deleted file mode 100644 index 770967f2..00000000 --- a/vendor/jsontoolkit/src/evaluator/trace.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_EVALUATOR_TRACE_H_ -#define SOURCEMETA_JSONTOOLKIT_EVALUATOR_TRACE_H_ - -// We only perform tracing on debugging builds, at least for now -#if !defined(NDEBUG) && defined(__APPLE__) && defined(__clang__) - -#include -#include - -// See -// https://www.jviotti.com/2022/02/21/emitting-signposts-to-instruments-on-macos-using-cpp.html - -static os_log_t log_handle = os_log_create("com.sourcemeta.jsontoolkit", - OS_LOG_CATEGORY_POINTS_OF_INTEREST); - -#define SOURCEMETA_TRACE_REGISTER_ID(name) \ - const os_signpost_id_t name = os_signpost_id_generate(log_handle); \ - assert((name) != OS_SIGNPOST_ID_INVALID); -#define SOURCEMETA_TRACE_START(id, title) \ - os_signpost_interval_begin(log_handle, id, title); -#define SOURCEMETA_TRACE_END(id, title) \ - os_signpost_interval_end(log_handle, id, title); - -#else -#define SOURCEMETA_TRACE_REGISTER_ID(name) -#define SOURCEMETA_TRACE_START(id, title) -#define SOURCEMETA_TRACE_END(id, title) -#endif - -#endif diff --git a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json.h b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json.h index 19fd1b97..88224e69 100644 --- a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json.h +++ b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSON_H_ #define SOURCEMETA_JSONTOOLKIT_JSON_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSON_EXPORT #include "json_export.h" +#endif #include #include diff --git a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_error.h b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_error.h index 08b90cab..4e9b341a 100644 --- a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_error.h +++ b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_error.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSON_ERROR_H_ #define SOURCEMETA_JSONTOOLKIT_JSON_ERROR_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSON_EXPORT #include "json_export.h" +#endif #include // std::uint64_t #include // std::exception diff --git a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_value.h b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_value.h index e2142b02..005561f7 100644 --- a/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_value.h +++ b/vendor/jsontoolkit/src/json/include/sourcemeta/jsontoolkit/json_value.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSON_VALUE_H_ #define SOURCEMETA_JSONTOOLKIT_JSON_VALUE_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSON_EXPORT #include "json_export.h" +#endif #include #include diff --git a/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl.h b/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl.h index 0f76cad1..813210f8 100644 --- a/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl.h +++ b/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONL_H_ #define SOURCEMETA_JSONTOOLKIT_JSONL_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONL_EXPORT #include "jsonl_export.h" +#endif #include #include diff --git a/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl_iterator.h b/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl_iterator.h index 654098ad..6e2d31b7 100644 --- a/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl_iterator.h +++ b/vendor/jsontoolkit/src/jsonl/include/sourcemeta/jsontoolkit/jsonl_iterator.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONL_ITERATOR_H_ #define SOURCEMETA_JSONTOOLKIT_JSONL_ITERATOR_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONL_EXPORT #include "jsonl_export.h" +#endif #include diff --git a/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer.h b/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer.h index cedda358..2cd68d9a 100644 --- a/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer.h +++ b/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONPOINTER_H_ #define SOURCEMETA_JSONTOOLKIT_JSONPOINTER_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONPOINTER_EXPORT #include "jsonpointer_export.h" +#endif #include #include diff --git a/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer_error.h b/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer_error.h index 6710219d..71b08a12 100644 --- a/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer_error.h +++ b/vendor/jsontoolkit/src/jsonpointer/include/sourcemeta/jsontoolkit/jsonpointer_error.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONPOINTER_ERROR_H_ #define SOURCEMETA_JSONTOOLKIT_JSONPOINTER_ERROR_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONPOINTER_EXPORT #include "jsonpointer_export.h" +#endif #include diff --git a/vendor/jsontoolkit/src/jsonschema/CMakeLists.txt b/vendor/jsontoolkit/src/jsonschema/CMakeLists.txt index d7ae24d4..901fece7 100644 --- a/vendor/jsontoolkit/src/jsonschema/CMakeLists.txt +++ b/vendor/jsontoolkit/src/jsonschema/CMakeLists.txt @@ -5,19 +5,10 @@ include(./official_resolver.cmake) noa_library(NAMESPACE sourcemeta PROJECT jsontoolkit NAME jsonschema FOLDER "JSON Toolkit/JSON Schema" PRIVATE_HEADERS anchor.h bundle.h resolver.h - walker.h reference.h error.h compile.h + walker.h reference.h error.h SOURCES jsonschema.cc default_walker.cc reference.cc anchor.cc resolver.cc - walker.cc bundle.cc compile.cc - compile_json.cc compile_describe.cc - compile_helpers.h default_compiler.cc - - default_compiler_2020_12.h - default_compiler_2019_09.h - default_compiler_draft7.h - default_compiler_draft6.h - default_compiler_draft4.h - + walker.cc bundle.cc "${CMAKE_CURRENT_BINARY_DIR}/official_resolver.cc") if(JSONTOOLKIT_INSTALL) @@ -30,14 +21,3 @@ target_link_libraries(sourcemeta_jsontoolkit_jsonschema PUBLIC sourcemeta::jsontoolkit::jsonpointer) target_link_libraries(sourcemeta_jsontoolkit_jsonschema PRIVATE sourcemeta::jsontoolkit::uri) -target_link_libraries(sourcemeta_jsontoolkit_jsonschema PUBLIC - sourcemeta::jsontoolkit::evaluator) - -# GCC does not allow the use of std::promise, std::future -# without compiling with pthreads support. -if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - set(CMAKE_THREAD_PREFER_PTHREAD TRUE) - set(THREADS_PREFER_PTHREAD_FLAG TRUE) - find_package(Threads REQUIRED) - target_link_libraries(sourcemeta_jsontoolkit_jsonschema PUBLIC Threads::Threads) -endif() diff --git a/vendor/jsontoolkit/src/jsonschema/anchor.cc b/vendor/jsontoolkit/src/jsonschema/anchor.cc index f6d69e57..69e30060 100644 --- a/vendor/jsontoolkit/src/jsonschema/anchor.cc +++ b/vendor/jsontoolkit/src/jsonschema/anchor.cc @@ -8,13 +8,10 @@ namespace sourcemeta::jsontoolkit { auto anchors(const JSON &schema, const SchemaResolver &resolver, const std::optional &default_dialect) - -> std::future> { + -> std::map { const std::map vocabularies{ - sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect) - .get()}; - std::promise> promise; - promise.set_value(anchors(schema, vocabularies)); - return promise.get_future(); + sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect)}; + return anchors(schema, vocabularies); } auto anchors(const JSON &schema, diff --git a/vendor/jsontoolkit/src/jsonschema/bundle.cc b/vendor/jsontoolkit/src/jsonschema/bundle.cc index cd4ae5b0..b8032113 100644 --- a/vendor/jsontoolkit/src/jsonschema/bundle.cc +++ b/vendor/jsontoolkit/src/jsonschema/bundle.cc @@ -46,9 +46,7 @@ auto is_official_metaschema_reference( const std::string &destination) -> bool { return !pointer.empty() && pointer.back().is_property() && pointer.back().to_property() == "$schema" && - sourcemeta::jsontoolkit::official_resolver(destination) - .get() - .has_value(); + sourcemeta::jsontoolkit::official_resolver(destination).has_value(); } auto bundle_schema(sourcemeta::jsontoolkit::JSON &root, @@ -60,8 +58,7 @@ auto bundle_schema(sourcemeta::jsontoolkit::JSON &root, const std::optional &default_dialect) -> void { sourcemeta::jsontoolkit::ReferenceMap references; sourcemeta::jsontoolkit::frame(subschema, frame, references, walker, resolver, - default_dialect) - .wait(); + default_dialect); for (const auto &[key, reference] : references) { if (frame.contains({sourcemeta::jsontoolkit::ReferenceType::Static, @@ -86,7 +83,7 @@ auto bundle_schema(sourcemeta::jsontoolkit::JSON &root, assert(reference.base.has_value()); const auto identifier{reference.base.value()}; - const auto remote{resolver(identifier).get()}; + const auto remote{resolver(identifier)}; if (!remote.has_value()) { if (frame.contains( {sourcemeta::jsontoolkit::ReferenceType::Static, identifier}) || @@ -138,8 +135,7 @@ auto remove_identifiers(sourcemeta::jsontoolkit::JSON &schema, sourcemeta::jsontoolkit::ReferenceFrame frame; sourcemeta::jsontoolkit::ReferenceMap references; sourcemeta::jsontoolkit::frame(schema, frame, references, walker, resolver, - default_dialect) - .wait(); + default_dialect); // (2) Remove all identifiers and anchors for (const auto &entry : sourcemeta::jsontoolkit::SchemaIterator{ @@ -199,8 +195,7 @@ auto bundle(sourcemeta::jsontoolkit::JSON &schema, const SchemaWalker &walker, const SchemaResolver &resolver, const BundleOptions options, const std::optional &default_dialect) -> void { const auto vocabularies{ - sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect) - .get()}; + sourcemeta::jsontoolkit::vocabularies(schema, resolver, default_dialect)}; sourcemeta::jsontoolkit::ReferenceFrame frame; bundle_schema(schema, definitions_keyword(vocabularies), schema, frame, walker, resolver, default_dialect); diff --git a/vendor/jsontoolkit/src/jsonschema/compile.cc b/vendor/jsontoolkit/src/jsonschema/compile.cc deleted file mode 100644 index d2b06f98..00000000 --- a/vendor/jsontoolkit/src/jsonschema/compile.cc +++ /dev/null @@ -1,283 +0,0 @@ -#include -#include - -#include // std::move, std::any_of -#include // assert -#include // std::back_inserter -#include // std::move - -#include "compile_helpers.h" - -namespace { - -auto compile_subschema( - const sourcemeta::jsontoolkit::SchemaCompilerContext &context, - const sourcemeta::jsontoolkit::SchemaCompilerSchemaContext &schema_context, - const sourcemeta::jsontoolkit::SchemaCompilerDynamicContext - &dynamic_context, - const std::optional &default_dialect) - -> sourcemeta::jsontoolkit::SchemaCompilerTemplate { - using namespace sourcemeta::jsontoolkit; - assert(is_schema(schema_context.schema)); - - // Handle boolean schemas earlier on, as nobody should be able to - // override what these mean. - if (schema_context.schema.is_boolean()) { - if (schema_context.schema.to_boolean()) { - return {}; - } else { - return {make(true, context, schema_context, - dynamic_context, - SchemaCompilerValueNone{})}; - } - } - - SchemaCompilerTemplate steps; - for (const auto &entry : - SchemaKeywordIterator{schema_context.schema, context.walker, - context.resolver, default_dialect}) { - assert(entry.pointer.back().is_property()); - const auto &keyword{entry.pointer.back().to_property()}; - for (auto &&step : context.compiler( - context, - {schema_context.relative_pointer.concat({keyword}), - schema_context.schema, entry.vocabularies, schema_context.base, - // TODO: This represents a copy - schema_context.labels, schema_context.references}, - {keyword, dynamic_context.base_schema_location, - dynamic_context.base_instance_location})) { - // Just a sanity check to ensure every keyword location is indeed valid - assert(context.frame.contains( - {ReferenceType::Static, - std::visit([](const auto &value) { return value.keyword_location; }, - step)})); - steps.push_back(std::move(step)); - } - } - - return steps; -} - -} // namespace - -namespace sourcemeta::jsontoolkit { - -auto compile(const JSON &schema, const SchemaWalker &walker, - const SchemaResolver &resolver, const SchemaCompiler &compiler, - const std::optional &default_dialect) - -> SchemaCompilerTemplate { - assert(is_schema(schema)); - - // Make sure the input schema is bundled, otherwise we won't be able to - // resolve remote references here - const JSON result{bundle(schema, walker, resolver, BundleOptions::Default, - default_dialect)}; - - // Perform framing to resolve references later on - ReferenceFrame frame; - ReferenceMap references; - sourcemeta::jsontoolkit::frame(result, frame, references, walker, resolver, - default_dialect) - .wait(); - - const std::string base{ - URI{sourcemeta::jsontoolkit::identify( - schema, resolver, - sourcemeta::jsontoolkit::IdentificationStrategy::Strict, - default_dialect) - .get() - .value_or("")} - .canonicalize() - .recompose()}; - - assert(frame.contains({ReferenceType::Static, base})); - const auto root_frame_entry{frame.at({ReferenceType::Static, base})}; - - // Check whether dynamic referencing takes places in this schema. If not, - // we can avoid the overhead of keeping track of dynamics scopes, etc - bool uses_dynamic_scopes{false}; - for (const auto &reference : references) { - if (reference.first.first == ReferenceType::Dynamic) { - uses_dynamic_scopes = true; - break; - } - } - - const sourcemeta::jsontoolkit::SchemaCompilerContext context{ - result, frame, references, walker, - resolver, compiler, uses_dynamic_scopes}; - sourcemeta::jsontoolkit::SchemaCompilerSchemaContext schema_context{ - empty_pointer, - result, - vocabularies(schema, resolver, root_frame_entry.dialect).get(), - root_frame_entry.base, - {}, - {}}; - const sourcemeta::jsontoolkit::SchemaCompilerDynamicContext dynamic_context{ - relative_dynamic_context}; - sourcemeta::jsontoolkit::SchemaCompilerTemplate compiler_template; - - if (uses_dynamic_scopes && - (schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/core") || - schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/core"))) { - for (const auto &entry : frame) { - // We are only trying to find dynamic anchors - if (entry.second.type != ReferenceEntryType::Anchor || - entry.first.first != ReferenceType::Dynamic) { - continue; - } - - const URI anchor_uri{entry.first.second}; - std::ostringstream name; - name << anchor_uri.recompose_without_fragment().value_or(""); - name << '#'; - name << anchor_uri.fragment().value_or(""); - const auto label{std::hash{}(name.str())}; - schema_context.labels.insert(label); - - // Configure a schema context that corresponds to the - // schema resource that we are precompiling - auto subschema{get(result, entry.second.pointer)}; - auto nested_vocabularies{ - vocabularies(subschema, resolver, entry.second.dialect).get()}; - const sourcemeta::jsontoolkit::SchemaCompilerSchemaContext - nested_schema_context{entry.second.relative_pointer, - std::move(subschema), - std::move(nested_vocabularies), - entry.second.base, - {}, - {}}; - - compiler_template.push_back(make( - true, context, nested_schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{label}, - compile(context, nested_schema_context, relative_dynamic_context, - empty_pointer, empty_pointer, entry.first.second))); - } - } - - auto children{compile_subschema(context, schema_context, dynamic_context, - root_frame_entry.dialect)}; - if (compiler_template.empty()) { - return children; - } else { - compiler_template.reserve(compiler_template.size() + children.size()); - std::move(children.begin(), children.end(), - std::back_inserter(compiler_template)); - return compiler_template; - } -} - -auto compile(const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, - const Pointer &schema_suffix, const Pointer &instance_suffix, - const std::optional &uri) -> SchemaCompilerTemplate { - // Determine URI of the destination after recursion - const std::string destination{ - uri.has_value() - ? URI{uri.value()}.canonicalize().recompose() - : to_uri(schema_context.relative_pointer.concat(schema_suffix), - schema_context.base) - .canonicalize() - .recompose()}; - - // Otherwise the recursion attempt is non-sense - if (!context.frame.contains({ReferenceType::Static, destination})) { - throw SchemaReferenceError( - destination, schema_context.relative_pointer, - "The target of the reference does not exist in the schema"); - } - - const auto &entry{context.frame.at({ReferenceType::Static, destination})}; - const auto &new_schema{get(context.root, entry.pointer)}; - - if (!is_schema(new_schema)) { - throw SchemaReferenceError( - destination, schema_context.relative_pointer, - "The target of the reference is not a valid schema"); - } - - const Pointer destination_pointer{ - dynamic_context.keyword.empty() - ? dynamic_context.base_schema_location.concat(schema_suffix) - : dynamic_context.base_schema_location - .concat({dynamic_context.keyword}) - .concat(schema_suffix)}; - - return compile_subschema( - context, - {entry.relative_pointer, new_schema, - vocabularies(new_schema, context.resolver, entry.dialect).get(), - entry.base, - // TODO: This represents a copy - schema_context.labels, schema_context.references}, - {dynamic_context.keyword, destination_pointer, - dynamic_context.base_instance_location.concat(instance_suffix)}, - entry.dialect); -} - -SchemaCompilerErrorTraceOutput::SchemaCompilerErrorTraceOutput( - const JSON &instance, const WeakPointer &base) - : instance_{instance}, base_{base} {} - -auto SchemaCompilerErrorTraceOutput::begin() const -> const_iterator { - return this->output.begin(); -} - -auto SchemaCompilerErrorTraceOutput::end() const -> const_iterator { - return this->output.end(); -} - -auto SchemaCompilerErrorTraceOutput::cbegin() const -> const_iterator { - return this->output.cbegin(); -} - -auto SchemaCompilerErrorTraceOutput::cend() const -> const_iterator { - return this->output.cend(); -} - -auto SchemaCompilerErrorTraceOutput::operator()( - const SchemaCompilerEvaluationType type, const bool result, - const SchemaCompilerTemplate::value_type &step, - const WeakPointer &evaluate_path, const WeakPointer &instance_location, - const JSON &annotation) -> void { - assert(!evaluate_path.empty()); - assert(evaluate_path.back().is_property()); - - if (type == sourcemeta::jsontoolkit::SchemaCompilerEvaluationType::Pre) { - assert(result); - const auto &keyword{evaluate_path.back().to_property()}; - // To ease the output - if (keyword == "oneOf" || keyword == "not") { - this->mask.insert(evaluate_path); - } - } else if (type == - sourcemeta::jsontoolkit::SchemaCompilerEvaluationType::Post && - this->mask.contains(evaluate_path)) { - this->mask.erase(evaluate_path); - } - - // Ignore successful or masked steps - if (result || std::any_of(this->mask.cbegin(), this->mask.cend(), - [&evaluate_path](const auto &entry) { - return evaluate_path.starts_with(entry); - })) { - return; - } - - auto effective_evaluate_path{evaluate_path.resolve_from(this->base_)}; - if (effective_evaluate_path.empty()) { - return; - } - - this->output.push_back( - {sourcemeta::jsontoolkit::describe(result, step, evaluate_path, - instance_location, this->instance_, - annotation), - instance_location, std::move(effective_evaluate_path)}); -} - -} // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/jsonschema/compile_describe.cc b/vendor/jsontoolkit/src/jsonschema/compile_describe.cc deleted file mode 100644 index a65f49d1..00000000 --- a/vendor/jsontoolkit/src/jsonschema/compile_describe.cc +++ /dev/null @@ -1,1746 +0,0 @@ -#include - -#include // std::any_of -#include // assert -#include // std::ostringstream -#include // std::visit - -namespace { -using namespace sourcemeta::jsontoolkit; - -template auto step_value(const T &step) -> decltype(auto) { - if constexpr (requires { step.value; }) { - return step.value; - } else { - return step.id; - } -} - -auto to_string(const JSON::Type type) -> std::string { - // Otherwise the type "real" might not make a lot - // of sense to JSON Schema users - if (type == JSON::Type::Real) { - return "number"; - } else { - std::ostringstream result; - result << type; - return result.str(); - } -} - -auto escape_string(const std::string &input) -> std::string { - std::ostringstream result; - result << '"'; - - for (const auto character : input) { - if (character == '"') { - result << "\\\""; - } else { - result << character; - } - } - - result << '"'; - return result.str(); -} - -auto describe_type_check(const bool valid, const JSON::Type current, - const JSON::Type expected, std::ostringstream &message) - -> void { - message << "The value was expected to be of type "; - message << to_string(expected); - if (!valid) { - message << " but it was of type "; - message << to_string(current); - } -} - -auto describe_types_check(const bool valid, const JSON::Type current, - const std::vector &expected, - std::ostringstream &message) -> void { - assert(expected.size() > 1); - auto copy = expected; - - const auto match_real{ - std::find(copy.cbegin(), copy.cend(), JSON::Type::Real)}; - const auto match_integer{ - std::find(copy.cbegin(), copy.cend(), JSON::Type::Integer)}; - if (match_real != copy.cend() && match_integer != copy.cend()) { - copy.erase(match_integer); - } - - if (copy.size() == 1) { - describe_type_check(valid, current, *(copy.cbegin()), message); - return; - } - - message << "The value was expected to be of type "; - for (auto iterator = copy.cbegin(); iterator != copy.cend(); ++iterator) { - if (std::next(iterator) == copy.cend()) { - message << "or " << to_string(*iterator); - } else { - message << to_string(*iterator) << ", "; - } - } - - if (valid) { - message << " and it was of type "; - } else { - message << " but it was of type "; - } - - if (valid && current == JSON::Type::Integer && - std::find(copy.cbegin(), copy.cend(), JSON::Type::Real) != copy.cend()) { - message << "number"; - } else { - message << to_string(current); - } -} - -auto describe_reference(const JSON &target) -> std::string { - std::ostringstream message; - message << "The " << to_string(target.type()) - << " value was expected to validate against the statically " - "referenced schema"; - return message.str(); -} - -auto is_within_keyword(const WeakPointer &evaluate_path, - const std::string &keyword) -> bool { - return std::any_of(evaluate_path.cbegin(), evaluate_path.cend(), - [&keyword](const auto &token) { - return token.is_property() && - token.to_property() == keyword; - }); -} - -auto unknown() -> std::string { - // In theory we should never get here - assert(false); - return ""; -} - -struct DescribeVisitor { - const bool valid; - const WeakPointer &evaluate_path; - const std::string &keyword; - const WeakPointer &instance_location; - const JSON ⌖ - const JSON &annotation; - - auto operator()(const SchemaCompilerAssertionFail &) const -> std::string { - if (this->keyword == "contains") { - return "The constraints declared for this keyword were not satisfiable"; - } - - if (this->keyword == "additionalProperties" || - this->keyword == "unevaluatedProperties") { - std::ostringstream message; - assert(!this->instance_location.empty()); - assert(this->instance_location.back().is_property()); - message << "The object value was not expected to define the property " - << escape_string(this->instance_location.back().to_property()); - return message.str(); - } - - assert(this->keyword.empty()); - return "No instance is expected to succeed against the false schema"; - } - - auto operator()(const SchemaCompilerLogicalOr &step) const -> std::string { - assert(!step.children.empty()); - std::ostringstream message; - message << "The " << to_string(this->target.type()) - << " value was expected to validate against "; - if (step.children.size() > 1) { - message << "at least one of the " << step.children.size() - << " given subschemas"; - } else { - message << "the given subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLogicalAnd &step) const -> std::string { - if (this->keyword == "allOf") { - assert(!step.children.empty()); - std::ostringstream message; - message << "The " << to_string(this->target.type()) - << " value was expected to validate against the "; - if (step.children.size() > 1) { - message << step.children.size() << " given subschemas"; - } else { - message << "given subschema"; - } - - return message.str(); - } - - if (this->keyword == "properties") { - assert(!step.children.empty()); - assert(this->target.is_object()); - std::ostringstream message; - message << "The object value was expected to validate against the "; - if (step.children.size() == 1) { - message << "single defined property subschema"; - } else { - // We cannot provide the specific number of properties, - // as the number of children might be flatten out - // for performance reasons - message << "defined properties subschemas"; - } - - return message.str(); - } - - if (this->keyword == "$ref") { - return describe_reference(this->target); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerLogicalXor &step) const -> std::string { - assert(!step.children.empty()); - std::ostringstream message; - message << "The " << to_string(this->target.type()) - << " value was expected to validate against "; - if (step.children.size() > 1) { - message << "one and only one of the " << step.children.size() - << " given subschemas"; - } else { - message << "the given subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLogicalCondition &) const -> std::string { - return unknown(); - } - - auto operator()(const SchemaCompilerLogicalNot &) const -> std::string { - std::ostringstream message; - message - << "The " << to_string(this->target.type()) - << " value was expected to not validate against the given subschema"; - if (!this->valid) { - message << ", but it did"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerControlLabel &) const -> std::string { - return describe_reference(this->target); - } - - auto operator()(const SchemaCompilerControlMark &) const -> std::string { - return describe_reference(this->target); - } - - auto operator()(const SchemaCompilerControlJump &) const -> std::string { - return describe_reference(this->target); - } - - auto operator()(const SchemaCompilerControlDynamicAnchorJump &step) const - -> std::string { - if (this->keyword == "$dynamicRef") { - const auto &value{step_value(step)}; - std::ostringstream message; - message << "The " << to_string(target.type()) - << " value was expected to validate against the first subschema " - "in scope that declared the dynamic anchor " - << escape_string(value); - return message.str(); - } - - assert(this->keyword == "$recursiveRef"); - std::ostringstream message; - message << "The " << to_string(target.type()) - << " value was expected to validate against the first subschema " - "in scope that declared a recursive anchor"; - return message.str(); - } - - auto operator()(const SchemaCompilerAnnotationEmit &) const -> std::string { - if (this->keyword == "properties") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The object property " - << escape_string(this->annotation.to_string()) - << " successfully validated against its property " - "subschema"; - return message.str(); - } - - if ((this->keyword == "items" || this->keyword == "additionalItems") && - this->annotation.is_boolean() && this->annotation.to_boolean()) { - assert(this->target.is_array()); - std::ostringstream message; - message << "At least one item of the array value successfully validated " - "against the given subschema"; - return message.str(); - } - - if ((this->keyword == "prefixItems" || this->keyword == "items") && - this->annotation.is_integer()) { - assert(this->target.is_array()); - assert(this->annotation.is_positive()); - std::ostringstream message; - if (this->annotation.to_integer() == 0) { - message << "The first item of the array value successfully validated " - "against the first " - "positional subschema"; - } else { - message << "The first " << this->annotation.to_integer() + 1 - << " items of the array value successfully validated against " - "the given " - "positional subschemas"; - } - - return message.str(); - } - - if (this->keyword == "title" || this->keyword == "description") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The " << this->keyword << " of the"; - if (this->instance_location.empty()) { - message << " instance"; - } else { - message << " instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " was " << escape_string(this->annotation.to_string()); - return message.str(); - } - - if (this->keyword == "default") { - std::ostringstream message; - message << "The default value of the"; - if (this->instance_location.empty()) { - message << " instance"; - } else { - message << " instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " was "; - stringify(this->annotation, message); - return message.str(); - } - - if (this->keyword == "deprecated" && this->annotation.is_boolean()) { - std::ostringstream message; - if (this->instance_location.empty()) { - message << "The instance"; - } else { - message << "The instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - if (this->annotation.to_boolean()) { - message << " was considered deprecated"; - } else { - message << " was not considered deprecated"; - } - - return message.str(); - } - - if (this->keyword == "readOnly" && this->annotation.is_boolean()) { - std::ostringstream message; - if (this->instance_location.empty()) { - message << "The instance"; - } else { - message << "The instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - if (this->annotation.to_boolean()) { - message << " was considered read-only"; - } else { - message << " was not considered read-only"; - } - - return message.str(); - } - - if (this->keyword == "writeOnly" && this->annotation.is_boolean()) { - std::ostringstream message; - if (this->instance_location.empty()) { - message << "The instance"; - } else { - message << "The instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - if (this->annotation.to_boolean()) { - message << " was considered write-only"; - } else { - message << " was not considered write-only"; - } - - return message.str(); - } - - if (this->keyword == "examples") { - assert(this->annotation.is_array()); - std::ostringstream message; - if (this->instance_location.empty()) { - message << "Examples of the instance"; - } else { - message << "Examples of the instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " were "; - for (auto iterator = this->annotation.as_array().cbegin(); - iterator != this->annotation.as_array().cend(); ++iterator) { - if (std::next(iterator) == this->annotation.as_array().cend()) { - message << "and "; - stringify(*iterator, message); - } else { - stringify(*iterator, message); - message << ", "; - } - } - - return message.str(); - } - - if (this->keyword == "contentEncoding") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The content encoding of the"; - if (this->instance_location.empty()) { - message << " instance"; - } else { - message << " instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " was " << escape_string(this->annotation.to_string()); - return message.str(); - } - - if (this->keyword == "contentMediaType") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The content media type of the"; - if (this->instance_location.empty()) { - message << " instance"; - } else { - message << " instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " was " << escape_string(this->annotation.to_string()); - return message.str(); - } - - if (this->keyword == "contentSchema") { - std::ostringstream message; - message << "When decoded, the"; - if (this->instance_location.empty()) { - message << " instance"; - } else { - message << " instance location \""; - stringify(this->instance_location, message); - message << "\""; - } - - message << " was expected to validate against the schema "; - stringify(this->annotation, message); - return message.str(); - } - - std::ostringstream message; - message << "The unrecognized keyword " << escape_string(this->keyword) - << " was collected as the annotation "; - stringify(this->annotation, message); - return message.str(); - } - - auto operator()(const SchemaCompilerAnnotationWhenArraySizeEqual &) const - -> std::string { - if (this->keyword == "items" && this->annotation.is_boolean() && - this->annotation.to_boolean()) { - assert(this->target.is_array()); - std::ostringstream message; - message << "At least one item of the array value successfully validated " - "against the given subschema"; - return message.str(); - } - - if (this->keyword == "prefixItems" && this->annotation.is_boolean() && - this->annotation.to_boolean()) { - assert(this->target.is_array()); - std::ostringstream message; - message << "Every item of the array value validated against the given " - "positional subschemas"; - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAnnotationWhenArraySizeGreater &) const - -> std::string { - if ((this->keyword == "prefixItems" || this->keyword == "items") && - this->annotation.is_integer()) { - assert(this->target.is_array()); - assert(this->annotation.is_positive()); - std::ostringstream message; - if (this->annotation.to_integer() == 0) { - message << "The first item of the array value successfully validated " - "against the first " - "positional subschema"; - } else { - message << "The first " << this->annotation.to_integer() + 1 - << " items of the array value successfully validated against " - "the given " - "positional subschemas"; - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAnnotationToParent &) const - -> std::string { - if (this->keyword == "unevaluatedItems" && this->annotation.is_boolean() && - this->annotation.to_boolean()) { - assert(this->target.is_array()); - std::ostringstream message; - message << "At least one item of the array value successfully validated " - "against the subschema for unevaluated items"; - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAnnotationBasenameToParent &) const - -> std::string { - if (this->keyword == "patternProperties") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The object property " - << escape_string(this->annotation.to_string()) - << " successfully validated against its pattern property " - "subschema"; - return message.str(); - } - - if (this->keyword == "additionalProperties") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The object property " - << escape_string(this->annotation.to_string()) - << " successfully validated against the additional properties " - "subschema"; - return message.str(); - } - - if (this->keyword == "unevaluatedProperties") { - assert(this->annotation.is_string()); - std::ostringstream message; - message << "The object property " - << escape_string(this->annotation.to_string()) - << " successfully validated against the subschema for " - "unevaluated properties"; - return message.str(); - } - - if (this->keyword == "contains" && this->annotation.is_integer()) { - assert(this->target.is_array()); - assert(this->annotation.is_positive()); - std::ostringstream message; - message << "The item at index " << this->annotation.to_integer() - << " of the array value successfully validated against the " - "containment check subschema"; - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerLoopProperties &step) const - -> std::string { - assert(this->keyword == "additionalProperties"); - std::ostringstream message; - if (step.children.size() == 1 && - std::holds_alternative( - step.children.front())) { - message << "The object value was not expected to define additional " - "properties"; - } else { - message << "The object properties not covered by other adjacent object " - "keywords were expected to validate against this subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLoopPropertiesNoAnnotation &step) const - -> std::string { - if (this->keyword == "unevaluatedProperties") { - std::ostringstream message; - if (!step.children.empty() && - std::holds_alternative( - step.children.front())) { - message << "The object value was not expected to define unevaluated " - "properties"; - } else { - message << "The object properties not covered by other object " - "keywords were expected to validate against this subschema"; - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerLoopPropertiesExcept &step) const - -> std::string { - assert(this->keyword == "additionalProperties"); - std::ostringstream message; - if (step.children.size() == 1 && - std::holds_alternative( - step.children.front())) { - message << "The object value was not expected to define additional " - "properties"; - } else { - message << "The object properties not covered by other adjacent object " - "keywords were expected to validate against this subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLoopPropertiesType &step) const - -> std::string { - std::ostringstream message; - message << "The object properties were expected to be of type " - << to_string(step.value); - return message.str(); - } - - auto operator()(const SchemaCompilerLoopPropertiesTypeStrict &step) const - -> std::string { - std::ostringstream message; - message << "The object properties were expected to be of type " - << to_string(step.value); - return message.str(); - } - - auto operator()(const SchemaCompilerLoopKeys &) const -> std::string { - assert(this->keyword == "propertyNames"); - assert(this->target.is_object()); - std::ostringstream message; - - if (this->target.size() == 0) { - assert(this->valid); - message << "The object is empty and no properties were expected to " - "validate against the given subschema"; - } else if (this->target.size() == 1) { - message << "The object property "; - message << escape_string(this->target.as_object().cbegin()->first); - message << " was expected to validate against the given subschema"; - } else { - message << "The object properties "; - for (auto iterator = this->target.as_object().cbegin(); - iterator != this->target.as_object().cend(); ++iterator) { - if (std::next(iterator) == this->target.as_object().cend()) { - message << "and " << escape_string(iterator->first); - } else { - message << escape_string(iterator->first) << ", "; - } - } - - message << " were expected to validate against the given subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLoopItems &step) const -> std::string { - assert(this->target.is_array()); - const auto &value{step_value(step)}; - std::ostringstream message; - message << "Every item in the array value"; - if (value == 1) { - message << " except for the first one"; - } else if (value > 0) { - message << " except for the first " << value; - } - - message << " was expected to validate against the given subschema"; - return message.str(); - } - - auto operator()(const SchemaCompilerLoopItemsUnmarked &) const - -> std::string { - return unknown(); - } - - auto operator()(const SchemaCompilerLoopItemsUnevaluated &step) const - -> std::string { - assert(this->keyword == "unevaluatedItems"); - const auto &value{step_value(step)}; - std::ostringstream message; - message << "The array items not evaluated by the keyword " - << escape_string(value.index) - << ", if any, were expected to validate against this subschema"; - return message.str(); - } - - auto operator()(const SchemaCompilerLoopContains &step) const -> std::string { - assert(this->target.is_array()); - std::ostringstream message; - const auto &value{step_value(step)}; - const auto minimum{std::get<0>(value)}; - const auto maximum{std::get<1>(value)}; - bool plural{true}; - - message << "The array value was expected to contain "; - if (maximum.has_value()) { - if (minimum == maximum.value() && minimum == 0) { - message << "any number of"; - } else if (minimum == maximum.value()) { - message << "exactly " << minimum; - if (minimum == 1) { - plural = false; - } - } else if (minimum == 0) { - message << "up to " << maximum.value(); - if (maximum.value() == 1) { - plural = false; - } - } else { - message << minimum << " to " << maximum.value(); - if (maximum.value() == 1) { - plural = false; - } - } - } else { - message << "at least " << minimum; - if (minimum == 1) { - plural = false; - } - } - - if (plural) { - message << " items that validate against the given subschema"; - } else { - message << " item that validates against the given subschema"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionDefines &step) const - -> std::string { - std::ostringstream message; - message << "The object value was expected to define the property " - << escape_string(step_value(step)); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionDefinesAll &step) const - -> std::string { - const auto &value{step_value(step)}; - assert(value.size() > 1); - std::ostringstream message; - message << "The object value was expected to define properties "; - for (auto iterator = value.cbegin(); iterator != value.cend(); ++iterator) { - if (std::next(iterator) == value.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - - if (this->valid) { - return message.str(); - } - - assert(this->target.is_object()); - std::set missing; - for (const auto &property : value) { - if (!this->target.defines(property)) { - missing.insert(property); - } - } - - assert(!missing.empty()); - if (missing.size() == 1) { - message << " but did not define the property " - << escape_string(*(missing.cbegin())); - } else { - message << " but did not define properties "; - for (auto iterator = missing.cbegin(); iterator != missing.cend(); - ++iterator) { - if (std::next(iterator) == missing.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionType &step) const - -> std::string { - std::ostringstream message; - describe_type_check(this->valid, this->target.type(), step_value(step), - message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeStrict &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - if (!this->valid && value == JSON::Type::Real && - this->target.type() == JSON::Type::Integer) { - message - << "The value was expected to be a real number but it was an integer"; - } else if (!this->valid && value == JSON::Type::Integer && - this->target.type() == JSON::Type::Real) { - message - << "The value was expected to be an integer but it was a real number"; - } else { - describe_type_check(this->valid, this->target.type(), value, message); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeAny &step) const - -> std::string { - std::ostringstream message; - describe_types_check(this->valid, this->target.type(), step_value(step), - message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeStrictAny &step) const - -> std::string { - std::ostringstream message; - describe_types_check(this->valid, this->target.type(), step_value(step), - message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeStringBounded &step) const - -> std::string { - std::ostringstream message; - - const auto minimum{std::get<0>(step.value)}; - const auto maximum{std::get<1>(step.value)}; - if (minimum == 0 && maximum.has_value()) { - message << "The value was expected to consist of a string of at most " - << maximum.value() - << (maximum.value() == 1 ? " character" : " characters"); - } else if (maximum.has_value()) { - message << "The value was expected to consist of a string of " << minimum - << " to " << maximum.value() - << (maximum.value() == 1 ? " character" : " characters"); - } else { - message << "The value was expected to consist of a string of at least " - << minimum << (minimum == 1 ? " character" : " characters"); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeArrayBounded &step) const - -> std::string { - std::ostringstream message; - - const auto minimum{std::get<0>(step.value)}; - const auto maximum{std::get<1>(step.value)}; - if (minimum == 0 && maximum.has_value()) { - message << "The value was expected to consist of an array of at most " - << maximum.value() << (maximum.value() == 1 ? " item" : " items"); - } else if (maximum.has_value()) { - message << "The value was expected to consist of an array of " << minimum - << " to " << maximum.value() - << (maximum.value() == 1 ? " item" : " items"); - } else { - message << "The value was expected to consist of an array of at least " - << minimum << (minimum == 1 ? " item" : " items"); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionTypeObjectBounded &step) const - -> std::string { - std::ostringstream message; - - const auto minimum{std::get<0>(step.value)}; - const auto maximum{std::get<1>(step.value)}; - if (minimum == 0 && maximum.has_value()) { - message << "The value was expected to consist of an object of at most " - << maximum.value() - << (maximum.value() == 1 ? " property" : " properties"); - } else if (maximum.has_value()) { - message << "The value was expected to consist of an object of " << minimum - << " to " << maximum.value() - << (maximum.value() == 1 ? " property" : " properties"); - } else { - message << "The value was expected to consist of an object of at least " - << minimum << (minimum == 1 ? " property" : " properties"); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionRegex &step) const - -> std::string { - assert(this->target.is_string()); - std::ostringstream message; - message << "The string value " << escape_string(this->target.to_string()) - << " was expected to match the regular expression " - << escape_string(step_value(step).second); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionStringSizeLess &step) const - -> std::string { - if (this->keyword == "maxLength") { - std::ostringstream message; - const auto maximum{step_value(step) - 1}; - - if (is_within_keyword(this->evaluate_path, "propertyNames")) { - assert(this->instance_location.back().is_property()); - message << "The object property name " - << escape_string(this->instance_location.back().to_property()); - } else { - message << "The string value "; - stringify(this->target, message); - } - - message << " was expected to consist of at most " << maximum - << (maximum == 1 ? " character" : " characters"); - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it consisted of "; - - if (is_within_keyword(this->evaluate_path, "propertyNames")) { - message << this->instance_location.back().to_property().size(); - message << (this->instance_location.back().to_property().size() == 1 - ? " character" - : " characters"); - } else { - message << this->target.size(); - message << (this->target.size() == 1 ? " character" : " characters"); - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionStringSizeGreater &step) const - -> std::string { - if (this->keyword == "minLength") { - std::ostringstream message; - const auto minimum{step_value(step) + 1}; - - if (is_within_keyword(this->evaluate_path, "propertyNames")) { - assert(this->instance_location.back().is_property()); - message << "The object property name " - << escape_string(this->instance_location.back().to_property()); - } else { - message << "The string value "; - stringify(this->target, message); - } - - message << " was expected to consist of at least " << minimum - << (minimum == 1 ? " character" : " characters"); - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it consisted of "; - - if (is_within_keyword(this->evaluate_path, "propertyNames")) { - message << this->instance_location.back().to_property().size(); - message << (this->instance_location.back().to_property().size() == 1 - ? " character" - : " characters"); - } else { - message << this->target.size(); - message << (this->target.size() == 1 ? " character" : " characters"); - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionArraySizeLess &step) const - -> std::string { - if (this->keyword == "maxItems") { - assert(this->target.is_array()); - std::ostringstream message; - const auto maximum{step_value(step) - 1}; - message << "The array value was expected to contain at most " << maximum; - assert(maximum > 0); - if (maximum == 1) { - message << " item"; - } else { - message << " items"; - } - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it contained " << this->target.size(); - if (this->target.size() == 1) { - message << " item"; - } else { - message << " items"; - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionArraySizeGreater &step) const - -> std::string { - if (this->keyword == "minItems") { - assert(this->target.is_array()); - std::ostringstream message; - const auto minimum{step_value(step) + 1}; - message << "The array value was expected to contain at least " << minimum; - assert(minimum > 0); - if (minimum == 1) { - message << " item"; - } else { - message << " items"; - } - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it contained " << this->target.size(); - if (this->target.size() == 1) { - message << " item"; - } else { - message << " items"; - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionObjectSizeLess &step) const - -> std::string { - if (this->keyword == "maxProperties") { - assert(this->target.is_object()); - std::ostringstream message; - const auto maximum{step_value(step) - 1}; - message << "The object value was expected to contain at most " << maximum; - assert(maximum > 0); - if (maximum == 1) { - message << " property"; - } else { - message << " properties"; - } - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it contained " << this->target.size(); - if (this->target.size() == 1) { - message << " property: "; - message << escape_string(this->target.as_object().cbegin()->first); - } else { - message << " properties: "; - - std::vector properties; - for (const auto &entry : this->target.as_object()) { - properties.push_back(entry.first); - } - std::sort(properties.begin(), properties.end()); - - for (auto iterator = properties.cbegin(); iterator != properties.cend(); - ++iterator) { - if (std::next(iterator) == properties.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionObjectSizeGreater &step) const - -> std::string { - if (this->keyword == "minProperties") { - assert(this->target.is_object()); - std::ostringstream message; - const auto minimum{step_value(step) + 1}; - message << "The object value was expected to contain at least " - << minimum; - assert(minimum > 0); - if (minimum == 1) { - message << " property"; - } else { - message << " properties"; - } - - if (this->valid) { - message << " and"; - } else { - message << " but"; - } - - message << " it contained " << this->target.size(); - if (this->target.size() == 1) { - message << " property: "; - message << escape_string(this->target.as_object().cbegin()->first); - } else { - message << " properties: "; - std::vector properties; - for (const auto &entry : this->target.as_object()) { - properties.push_back(entry.first); - } - std::sort(properties.begin(), properties.end()); - - for (auto iterator = properties.cbegin(); iterator != properties.cend(); - ++iterator) { - if (std::next(iterator) == properties.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionEqual &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to equal the " << to_string(value.type()) - << " constant "; - stringify(value, message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionGreaterEqual &step) const { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to be greater than or equal to the " - << to_string(value.type()) << " "; - stringify(value, message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionLessEqual &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to be less than or equal to the " - << to_string(value.type()) << " "; - stringify(value, message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionGreater &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to be greater than the " - << to_string(value.type()) << " "; - stringify(value, message); - if (!this->valid && value == this->target) { - message << ", but they were equal"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionLess &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to be less than the " << to_string(value.type()) - << " "; - stringify(value, message); - if (!this->valid && value == this->target) { - message << ", but they were equal"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionUnique &) const -> std::string { - assert(this->target.is_array()); - auto array{this->target.as_array()}; - std::ostringstream message; - if (this->valid) { - message << "The array value was expected to not contain duplicate items"; - } else { - std::set duplicates; - for (auto iterator = array.cbegin(); iterator != array.cend(); - ++iterator) { - for (auto subiterator = std::next(iterator); - subiterator != array.cend(); ++subiterator) { - if (*iterator == *subiterator) { - duplicates.insert(*iterator); - } - } - } - - assert(!duplicates.empty()); - message << "The array value contained the following duplicate"; - if (duplicates.size() == 1) { - message << " item: "; - stringify(*(duplicates.cbegin()), message); - } else { - message << " items: "; - for (auto subiterator = duplicates.cbegin(); - subiterator != duplicates.cend(); ++subiterator) { - if (std::next(subiterator) == duplicates.cend()) { - message << "and "; - stringify(*subiterator, message); - } else { - stringify(*subiterator, message); - message << ", "; - } - } - } - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionDivisible &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - message << " was expected to be divisible by the " - << to_string(value.type()) << " "; - stringify(value, message); - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionEqualsAny &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - message << "The " << to_string(this->target.type()) << " value "; - stringify(this->target, message); - assert(!value.empty()); - - if (value.size() == 1) { - message << " was expected to equal the " - << to_string(value.cbegin()->type()) << " constant "; - stringify(*(value.cbegin()), message); - } else { - if (this->valid) { - message << " was expected to equal one of the " << value.size() - << " declared values"; - } else { - message << " was expected to equal one of the following values: "; - for (auto iterator = value.cbegin(); iterator != value.cend(); - ++iterator) { - if (std::next(iterator) == value.cend()) { - message << "and "; - stringify(*iterator, message); - } else { - stringify(*iterator, message); - message << ", "; - } - } - } - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionStringType &step) const - -> std::string { - assert(this->target.is_string()); - std::ostringstream message; - message << "The string value " << escape_string(this->target.to_string()) - << " was expected to represent a valid"; - switch (step_value(step)) { - case SchemaCompilerValueStringType::URI: - message << " URI"; - break; - default: - return unknown(); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionPropertyType &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - if (!this->valid && value == JSON::Type::Real && - this->target.type() == JSON::Type::Integer) { - message - << "The value was expected to be a real number but it was an integer"; - } else if (!this->valid && value == JSON::Type::Integer && - this->target.type() == JSON::Type::Real) { - message - << "The value was expected to be an integer but it was a real number"; - } else { - describe_type_check(this->valid, this->target.type(), value, message); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerAssertionPropertyTypeStrict &step) const - -> std::string { - std::ostringstream message; - const auto &value{step_value(step)}; - if (!this->valid && value == JSON::Type::Real && - this->target.type() == JSON::Type::Integer) { - message - << "The value was expected to be a real number but it was an integer"; - } else if (!this->valid && value == JSON::Type::Integer && - this->target.type() == JSON::Type::Real) { - message - << "The value was expected to be an integer but it was a real number"; - } else { - describe_type_check(this->valid, this->target.type(), value, message); - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLoopPropertiesMatch &step) const - -> std::string { - assert(!step.children.empty()); - assert(this->target.is_object()); - std::ostringstream message; - message << "The object value was expected to validate against the "; - if (step.children.size() == 1) { - message << "single defined property subschema"; - } else { - message << step.children.size() << " defined properties subschemas"; - } - - return message.str(); - } - - auto operator()(const SchemaCompilerLogicalWhenType &step) const - -> std::string { - if (this->keyword == "patternProperties") { - assert(!step.children.empty()); - assert(this->target.is_object()); - std::ostringstream message; - message << "The object value was expected to validate against the "; - if (step.children.size() == 1) { - message << "single defined pattern property subschema"; - } else { - message << step.children.size() - << " defined pattern properties subschemas"; - } - - return message.str(); - } - - if (this->keyword == "items" || this->keyword == "prefixItems") { - assert(!step.children.empty()); - assert(this->target.is_array()); - std::ostringstream message; - message << "The first "; - if (step.children.size() == 1) { - message << "item of the array value was"; - } else { - message << step.children.size() << " items of the array value were"; - } - - message << " expected to validate against the corresponding subschemas"; - return message.str(); - } - - if (this->keyword == "dependencies") { - assert(this->target.is_object()); - assert(!step.children.empty()); - - std::set present; - std::set present_with_schemas; - std::set present_with_properties; - std::set all_dependencies; - std::set required_properties; - - for (const auto &child : step.children) { - // Schema - if (std::holds_alternative(child)) { - const auto &substep{ - std::get(child)}; - const auto &property{step_value(substep)}; - all_dependencies.insert(property); - if (!this->target.defines(property)) { - continue; - } - - present.insert(property); - present_with_schemas.insert(property); - - // Properties - } else { - assert(std::holds_alternative< - SchemaCompilerAssertionPropertyDependencies>(child)); - const auto &substep{ - std::get(child)}; - - for (const auto &[property, dependencies] : substep.value) { - all_dependencies.insert(property); - if (this->target.defines(property)) { - present.insert(property); - present_with_properties.insert(property); - for (const auto &dependency : dependencies) { - if (this->valid || !this->target.defines(dependency)) { - required_properties.insert(dependency); - } - } - } - } - } - } - - std::ostringstream message; - - if (present_with_schemas.empty() && present_with_properties.empty()) { - message << "The object value did not define the"; - assert(!all_dependencies.empty()); - if (all_dependencies.size() == 1) { - message << " property " - << escape_string(*(all_dependencies.cbegin())); - } else { - message << " properties "; - for (auto iterator = all_dependencies.cbegin(); - iterator != all_dependencies.cend(); ++iterator) { - if (std::next(iterator) == all_dependencies.cend()) { - message << "or " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } - - if (present.size() == 1) { - message << "Because the object value defined the"; - message << " property " << escape_string(*(present.cbegin())); - } else { - message << "Because the object value defined the"; - message << " properties "; - for (auto iterator = present.cbegin(); iterator != present.cend(); - ++iterator) { - if (std::next(iterator) == present.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - if (!required_properties.empty()) { - message << ", it was also expected to define the"; - if (required_properties.size() == 1) { - message << " property " - << escape_string(*(required_properties.cbegin())); - } else { - message << " properties "; - for (auto iterator = required_properties.cbegin(); - iterator != required_properties.cend(); ++iterator) { - if (std::next(iterator) == required_properties.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - } - - if (!present_with_schemas.empty()) { - message << ", "; - if (!required_properties.empty()) { - message << "and "; - } - - message << "it was also expected to successfully validate against the " - "corresponding "; - if (present_with_schemas.size() == 1) { - message << escape_string(*(present_with_schemas.cbegin())); - message << " subschema"; - } else { - for (auto iterator = present_with_schemas.cbegin(); - iterator != present_with_schemas.cend(); ++iterator) { - if (std::next(iterator) == present_with_schemas.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - - message << " subschemas"; - } - } - - return message.str(); - } - - if (this->keyword == "dependentSchemas") { - assert(this->target.is_object()); - assert(!step.children.empty()); - std::set present; - std::set all_dependencies; - for (const auto &child : step.children) { - assert(std::holds_alternative(child)); - const auto &substep{std::get(child)}; - const auto &property{step_value(substep)}; - all_dependencies.insert(property); - if (!this->target.defines(property)) { - continue; - } - - present.insert(property); - } - - std::ostringstream message; - - if (present.empty()) { - message << "The object value did not define the"; - assert(!all_dependencies.empty()); - if (all_dependencies.size() == 1) { - message << " property " - << escape_string(*(all_dependencies.cbegin())); - } else { - message << " properties "; - for (auto iterator = all_dependencies.cbegin(); - iterator != all_dependencies.cend(); ++iterator) { - if (std::next(iterator) == all_dependencies.cend()) { - message << "or " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - } else if (present.size() == 1) { - message << "Because the object value defined the"; - message << " property " << escape_string(*(present.cbegin())); - message - << ", it was also expected to validate against the corresponding " - "subschema"; - } else { - message << "Because the object value defined the"; - message << " properties "; - for (auto iterator = present.cbegin(); iterator != present.cend(); - ++iterator) { - if (std::next(iterator) == present.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - - message - << ", it was also expected to validate against the corresponding " - "subschemas"; - } - - return message.str(); - } - - return unknown(); - } - - auto operator()(const SchemaCompilerAssertionPropertyDependencies &step) const - -> std::string { - if (this->keyword == "dependentRequired") { - assert(this->target.is_object()); - std::set present; - std::set all_dependencies; - std::set required; - - for (const auto &[property, dependencies] : step.value) { - all_dependencies.insert(property); - if (this->target.defines(property)) { - present.insert(property); - for (const auto &dependency : dependencies) { - if (this->valid || !this->target.defines(dependency)) { - required.insert(dependency); - } - } - } - } - - std::ostringstream message; - - if (present.empty()) { - message << "The object value did not define the"; - assert(!all_dependencies.empty()); - if (all_dependencies.size() == 1) { - message << " property " - << escape_string(*(all_dependencies.cbegin())); - } else { - message << " properties "; - for (auto iterator = all_dependencies.cbegin(); - iterator != all_dependencies.cend(); ++iterator) { - if (std::next(iterator) == all_dependencies.cend()) { - message << "or " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } else if (present.size() == 1) { - message << "Because the object value defined the"; - message << " property " << escape_string(*(present.cbegin())); - } else { - message << "Because the object value defined the"; - message << " properties "; - for (auto iterator = present.cbegin(); iterator != present.cend(); - ++iterator) { - if (std::next(iterator) == present.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - assert(!required.empty()); - message << ", it was also expected to define the"; - if (required.size() == 1) { - message << " property " << escape_string(*(required.cbegin())); - } else { - message << " properties "; - for (auto iterator = required.cbegin(); iterator != required.cend(); - ++iterator) { - if (std::next(iterator) == required.cend()) { - message << "and " << escape_string(*iterator); - } else { - message << escape_string(*iterator) << ", "; - } - } - } - - return message.str(); - } - - return unknown(); - } - - // These steps are never described, at least not right now - - auto operator()(const SchemaCompilerLogicalWhenArraySizeGreater &) const - -> std::string { - return unknown(); - } - auto operator()(const SchemaCompilerLogicalWhenArraySizeEqual &) const - -> std::string { - return unknown(); - } - auto operator()(const SchemaCompilerLogicalWhenDefines &) const - -> std::string { - return unknown(); - } - auto operator()(const SchemaCompilerLoopPropertiesRegex &) const - -> std::string { - return unknown(); - } -}; - -} // namespace - -namespace sourcemeta::jsontoolkit { - -// TODO: What will unlock even better error messages is being able to -// get the subschema being evaluated along with the keyword -auto describe(const bool valid, const SchemaCompilerTemplate::value_type &step, - const WeakPointer &evaluate_path, - const WeakPointer &instance_location, const JSON &instance, - const JSON &annotation) -> std::string { - assert(evaluate_path.empty() || evaluate_path.back().is_property()); - return std::visit( - DescribeVisitor{ - valid, evaluate_path, - evaluate_path.empty() ? "" : evaluate_path.back().to_property(), - instance_location, get(instance, instance_location), annotation}, - step); -} - -} // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/jsonschema/compile_helpers.h b/vendor/jsontoolkit/src/jsonschema/compile_helpers.h deleted file mode 100644 index e0d66256..00000000 --- a/vendor/jsontoolkit/src/jsonschema/compile_helpers.h +++ /dev/null @@ -1,96 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_COMPILE_HELPERS_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_COMPILE_HELPERS_H_ - -#include - -#include // assert -#include // std::declval, std::move - -namespace sourcemeta::jsontoolkit { - -static const SchemaCompilerDynamicContext relative_dynamic_context{ - "", empty_pointer, empty_pointer}; - -// Instantiate a value-oriented step -template -auto make(const bool report, const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, - // Take the value type from the "type" property of the step struct - const decltype(std::declval().value) &value) -> Step { - return { - dynamic_context.keyword.empty() - ? dynamic_context.base_schema_location - : dynamic_context.base_schema_location.concat( - {dynamic_context.keyword}), - dynamic_context.base_instance_location, - to_uri(schema_context.relative_pointer, schema_context.base).recompose(), - schema_context.base.recompose(), - context.uses_dynamic_scopes, - report, - value}; -} - -// Instantiate an applicator step -template -auto make(const bool report, const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, - // Take the value type from the "value" property of the step struct - decltype(std::declval().value) &&value, - SchemaCompilerTemplate &&children) -> Step { - return { - dynamic_context.keyword.empty() - ? dynamic_context.base_schema_location - : dynamic_context.base_schema_location.concat( - {dynamic_context.keyword}), - dynamic_context.base_instance_location, - to_uri(schema_context.relative_pointer, schema_context.base).recompose(), - schema_context.base.recompose(), - context.uses_dynamic_scopes, - report, - std::move(value), - std::move(children)}; -} - -template -auto unroll(const SchemaCompilerDynamicContext &dynamic_context, - const Step &step, - const Pointer &base_instance_location = empty_pointer) -> Type { - assert(std::holds_alternative(step)); - return {dynamic_context.keyword.empty() - ? std::get(step).relative_schema_location - : dynamic_context.base_schema_location - .concat({dynamic_context.keyword}) - .concat(std::get(step).relative_schema_location), - base_instance_location.concat( - std::get(step).relative_instance_location), - std::get(step).keyword_location, - std::get(step).schema_resource, - std::get(step).dynamic, - std::get(step).report, - std::get(step).value}; -} - -inline auto unsigned_integer_property(const JSON &document, - const JSON::String &property) - -> std::optional { - if (document.defines(property) && document.at(property).is_integer()) { - const auto value{document.at(property).to_integer()}; - assert(value >= 0); - return static_cast(value); - } - - return std::nullopt; -} - -inline auto unsigned_integer_property(const JSON &document, - const JSON::String &property, - const std::size_t otherwise) - -> std::size_t { - return unsigned_integer_property(document, property).value_or(otherwise); -} - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/compile_json.cc b/vendor/jsontoolkit/src/jsonschema/compile_json.cc deleted file mode 100644 index 89ad1bec..00000000 --- a/vendor/jsontoolkit/src/jsonschema/compile_json.cc +++ /dev/null @@ -1,335 +0,0 @@ -#include - -#include // assert -#include // std::less -#include // std::map -#include // std::ostringstream -#include // std::string_view -#include // std::is_same_v -#include // std::move - -namespace { - -template -auto value_to_json(const T &value) -> sourcemeta::jsontoolkit::JSON { - using namespace sourcemeta::jsontoolkit; - JSON result{JSON::make_object()}; - result.assign("category", JSON{"value"}); - if constexpr (std::is_same_v) { - result.assign("type", JSON{"json"}); - result.assign("value", JSON{value}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"boolean"}); - result.assign("value", JSON{value}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"regex"}); - result.assign("value", JSON{value.second}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"type"}); - std::ostringstream type_string; - type_string << value; - result.assign("value", JSON{type_string.str()}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"types"}); - JSON types{JSON::make_array()}; - for (const auto type : value) { - std::ostringstream type_string; - type_string << type; - types.push_back(JSON{type_string.str()}); - } - - result.assign("value", std::move(types)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"string"}); - result.assign("value", JSON{value}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"strings"}); - JSON items{JSON::make_array()}; - for (const auto &item : value) { - items.push_back(JSON{item}); - } - - result.assign("value", std::move(items)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"array"}); - JSON items{JSON::make_array()}; - for (const auto &item : value) { - items.push_back(item); - } - - result.assign("value", std::move(items)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"unsigned-integer"}); - result.assign("value", JSON{value}); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"range"}); - JSON values{JSON::make_array()}; - const auto &range{value}; - values.push_back(JSON{std::get<0>(range)}); - values.push_back(std::get<1>(range).has_value() - ? JSON{std::get<1>(range).value()} - : JSON{nullptr}); - values.push_back(JSON{std::get<2>(range)}); - result.assign("value", std::move(values)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"named-indexes"}); - JSON values{JSON::make_object()}; - for (const auto &[name, index] : value) { - values.assign(name, JSON{index}); - } - - result.assign("value", std::move(values)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"string-map"}); - JSON map{JSON::make_object()}; - for (const auto &[string, strings] : value) { - JSON dependencies{JSON::make_array()}; - for (const auto &substring : strings) { - dependencies.push_back(JSON{substring}); - } - - map.assign(string, std::move(dependencies)); - } - - result.assign("value", std::move(map)); - return result; - } else if constexpr (std::is_same_v< - SchemaCompilerValueItemsAnnotationKeywords, T>) { - result.assign("type", JSON{"items-annotation-keywords"}); - JSON data{JSON::make_object()}; - data.assign("index", JSON{value.index}); - - JSON mask{JSON::make_array()}; - for (const auto &keyword : value.mask) { - mask.push_back(JSON{keyword}); - } - data.assign("mask", std::move(mask)); - - JSON filter{JSON::make_array()}; - for (const auto &keyword : value.filter) { - filter.push_back(JSON{keyword}); - } - data.assign("filter", std::move(filter)); - - result.assign("value", std::move(data)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"indexed-json"}); - JSON data{JSON::make_object()}; - data.assign("index", JSON{value.first}); - data.assign("value", value.second); - result.assign("value", std::move(data)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"property-filter"}); - JSON data{JSON::make_object()}; - data.assign("names", JSON::make_array()); - data.assign("patterns", JSON::make_array()); - - for (const auto &name : value.first) { - data.at("names").push_back(JSON{name}); - } - - for (const auto &pattern : value.second) { - data.at("patterns").push_back(JSON{pattern.second}); - } - - result.assign("value", std::move(data)); - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"string-type"}); - switch (value) { - case SchemaCompilerValueStringType::URI: - result.assign("value", JSON{"uri"}); - break; - default: - // We should never get here - assert(false); - } - - return result; - } else if constexpr (std::is_same_v) { - result.assign("type", JSON{"index-pair"}); - JSON data{JSON::make_array()}; - data.push_back(JSON{value.first}); - data.push_back(JSON{value.second}); - result.assign("value", std::move(data)); - return result; - } else { - static_assert(std::is_same_v); - return JSON{nullptr}; - } -} - -template -auto step_to_json( - const sourcemeta::jsontoolkit::SchemaCompilerTemplate::value_type &step) - -> sourcemeta::jsontoolkit::JSON { - static V visitor; - return std::visit(visitor, step); -} - -template -auto encode_step(const std::string_view category, const std::string_view type, - const T &step) -> sourcemeta::jsontoolkit::JSON { - using namespace sourcemeta::jsontoolkit; - JSON result{JSON::make_object()}; - result.assign("category", JSON{category}); - result.assign("type", JSON{type}); - result.assign("relativeSchemaLocation", - JSON{to_string(step.relative_schema_location)}); - result.assign("relativeInstanceLocation", - JSON{to_string(step.relative_instance_location)}); - result.assign("absoluteKeywordLocation", JSON{step.keyword_location}); - result.assign("schemaResource", JSON{step.schema_resource}); - result.assign("dynamic", JSON{step.dynamic}); - result.assign("report", JSON{step.report}); - result.assign("value", value_to_json(step.value)); - - if constexpr (requires { step.children; }) { - result.assign("children", JSON::make_array()); - for (const auto &child : step.children) { - result.at("children").push_back(step_to_json(child)); - } - } - - return result; -} - -struct StepVisitor { -#define HANDLE_STEP(category, type, name) \ - auto operator()(const sourcemeta::jsontoolkit::name &step) \ - const->sourcemeta::jsontoolkit::JSON { \ - return encode_step(category, type, step); \ - } - - HANDLE_STEP("assertion", "fail", SchemaCompilerAssertionFail) - HANDLE_STEP("assertion", "defines", SchemaCompilerAssertionDefines) - HANDLE_STEP("assertion", "defines-all", SchemaCompilerAssertionDefinesAll) - HANDLE_STEP("assertion", "property-dependencies", - SchemaCompilerAssertionPropertyDependencies) - HANDLE_STEP("assertion", "type", SchemaCompilerAssertionType) - HANDLE_STEP("assertion", "type-any", SchemaCompilerAssertionTypeAny) - HANDLE_STEP("assertion", "type-strict", SchemaCompilerAssertionTypeStrict) - HANDLE_STEP("assertion", "type-strict-any", - SchemaCompilerAssertionTypeStrictAny) - HANDLE_STEP("assertion", "type-string-bounded", - SchemaCompilerAssertionTypeStringBounded) - HANDLE_STEP("assertion", "type-array-bounded", - SchemaCompilerAssertionTypeArrayBounded) - HANDLE_STEP("assertion", "type-object-bounded", - SchemaCompilerAssertionTypeObjectBounded) - HANDLE_STEP("assertion", "regex", SchemaCompilerAssertionRegex) - HANDLE_STEP("assertion", "string-size-less", - SchemaCompilerAssertionStringSizeLess) - HANDLE_STEP("assertion", "string-size-greater", - SchemaCompilerAssertionStringSizeGreater) - HANDLE_STEP("assertion", "array-size-less", - SchemaCompilerAssertionArraySizeLess) - HANDLE_STEP("assertion", "array-size-greater", - SchemaCompilerAssertionArraySizeGreater) - HANDLE_STEP("assertion", "object-size-less", - SchemaCompilerAssertionObjectSizeLess) - HANDLE_STEP("assertion", "object-size-greater", - SchemaCompilerAssertionObjectSizeGreater) - HANDLE_STEP("assertion", "equal", SchemaCompilerAssertionEqual) - HANDLE_STEP("assertion", "greater-equal", SchemaCompilerAssertionGreaterEqual) - HANDLE_STEP("assertion", "less-equal", SchemaCompilerAssertionLessEqual) - HANDLE_STEP("assertion", "greater", SchemaCompilerAssertionGreater) - HANDLE_STEP("assertion", "less", SchemaCompilerAssertionLess) - HANDLE_STEP("assertion", "unique", SchemaCompilerAssertionUnique) - HANDLE_STEP("assertion", "divisible", SchemaCompilerAssertionDivisible) - HANDLE_STEP("assertion", "string-type", SchemaCompilerAssertionStringType) - HANDLE_STEP("assertion", "property-type", SchemaCompilerAssertionPropertyType) - HANDLE_STEP("assertion", "property-type-strict", - SchemaCompilerAssertionPropertyTypeStrict) - HANDLE_STEP("assertion", "equals-any", SchemaCompilerAssertionEqualsAny) - HANDLE_STEP("annotation", "emit", SchemaCompilerAnnotationEmit) - HANDLE_STEP("annotation", "when-array-size-equal", - SchemaCompilerAnnotationWhenArraySizeEqual) - HANDLE_STEP("annotation", "when-array-size-greater", - SchemaCompilerAnnotationWhenArraySizeGreater) - HANDLE_STEP("annotation", "to-parent", SchemaCompilerAnnotationToParent) - HANDLE_STEP("annotation", "basename-to-parent", - SchemaCompilerAnnotationBasenameToParent) - HANDLE_STEP("logical", "or", SchemaCompilerLogicalOr) - HANDLE_STEP("logical", "and", SchemaCompilerLogicalAnd) - HANDLE_STEP("logical", "xor", SchemaCompilerLogicalXor) - HANDLE_STEP("logical", "condition", SchemaCompilerLogicalCondition) - HANDLE_STEP("logical", "not", SchemaCompilerLogicalNot) - HANDLE_STEP("logical", "when-type", SchemaCompilerLogicalWhenType) - HANDLE_STEP("logical", "when-defines", SchemaCompilerLogicalWhenDefines) - HANDLE_STEP("logical", "when-array-size-greater", - SchemaCompilerLogicalWhenArraySizeGreater) - HANDLE_STEP("logical", "when-array-size-equal", - SchemaCompilerLogicalWhenArraySizeEqual) - HANDLE_STEP("loop", "properties-match", SchemaCompilerLoopPropertiesMatch) - HANDLE_STEP("loop", "properties", SchemaCompilerLoopProperties) - HANDLE_STEP("loop", "properties-regex", SchemaCompilerLoopPropertiesRegex) - HANDLE_STEP("loop", "properties-no-annotation", - SchemaCompilerLoopPropertiesNoAnnotation) - HANDLE_STEP("loop", "properties-except", SchemaCompilerLoopPropertiesExcept) - HANDLE_STEP("loop", "properties-type", SchemaCompilerLoopPropertiesType) - HANDLE_STEP("loop", "properties-type-strict", - SchemaCompilerLoopPropertiesTypeStrict) - HANDLE_STEP("loop", "keys", SchemaCompilerLoopKeys) - HANDLE_STEP("loop", "items", SchemaCompilerLoopItems) - HANDLE_STEP("loop", "items-unmarked", SchemaCompilerLoopItemsUnmarked) - HANDLE_STEP("loop", "items-unevaluated", SchemaCompilerLoopItemsUnevaluated) - HANDLE_STEP("loop", "contains", SchemaCompilerLoopContains) - HANDLE_STEP("control", "label", SchemaCompilerControlLabel) - HANDLE_STEP("control", "mark", SchemaCompilerControlMark) - HANDLE_STEP("control", "jump", SchemaCompilerControlJump) - HANDLE_STEP("control", "dynamic-anchor-jump", - SchemaCompilerControlDynamicAnchorJump) - -#undef HANDLE_STEP -}; - -} // namespace - -namespace sourcemeta::jsontoolkit { - -auto to_json(const SchemaCompilerTemplate &steps) -> JSON { - JSON result{JSON::make_array()}; - for (const auto &step : steps) { - result.push_back(step_to_json(step)); - } - - return result; -} - -auto compiler_template_format_compare(const JSON::String &left, - const JSON::String &right) -> bool { - using Rank = - std::map, - JSON::Allocator>>; - static Rank rank{{"category", 0}, - {"type", 1}, - {"value", 2}, - {"schemaResource", 3}, - {"absoluteKeywordLocation", 4}, - {"relativeSchemaLocation", 5}, - {"relativeInstanceLocation", 6}, - {"report", 7}, - {"dynamic", 8}, - {"children", 9}}; - - constexpr std::uint64_t DEFAULT_RANK{999}; - const auto left_rank{rank.contains(left) ? rank.at(left) : DEFAULT_RANK}; - const auto right_rank{rank.contains(right) ? rank.at(right) : DEFAULT_RANK}; - return left_rank < right_rank; -} - -} // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler.cc b/vendor/jsontoolkit/src/jsonschema/default_compiler.cc deleted file mode 100644 index 443804bb..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler.cc +++ /dev/null @@ -1,520 +0,0 @@ -#include -#include - -#include "default_compiler_2019_09.h" -#include "default_compiler_2020_12.h" -#include "default_compiler_draft4.h" -#include "default_compiler_draft6.h" -#include "default_compiler_draft7.h" - -#include // assert -#include // std::set -#include // std::string - -// TODO: Support every keyword -auto sourcemeta::jsontoolkit::default_schema_compiler( - const sourcemeta::jsontoolkit::SchemaCompilerContext &context, - const sourcemeta::jsontoolkit::SchemaCompilerSchemaContext &schema_context, - const sourcemeta::jsontoolkit::SchemaCompilerDynamicContext - &dynamic_context) -> sourcemeta::jsontoolkit::SchemaCompilerTemplate { - assert(!dynamic_context.keyword.empty()); - - static std::set SUPPORTED_VOCABULARIES{ - "https://json-schema.org/draft/2020-12/vocab/core", - "https://json-schema.org/draft/2020-12/vocab/applicator", - "https://json-schema.org/draft/2020-12/vocab/validation", - "https://json-schema.org/draft/2020-12/vocab/meta-data", - "https://json-schema.org/draft/2020-12/vocab/unevaluated", - "https://json-schema.org/draft/2020-12/vocab/format-annotation", - "https://json-schema.org/draft/2020-12/vocab/content", - "https://json-schema.org/draft/2019-09/vocab/core", - "https://json-schema.org/draft/2019-09/vocab/applicator", - "https://json-schema.org/draft/2019-09/vocab/validation", - "https://json-schema.org/draft/2019-09/vocab/meta-data", - "https://json-schema.org/draft/2019-09/vocab/format", - "https://json-schema.org/draft/2019-09/vocab/content", - "http://json-schema.org/draft-07/schema#", - "http://json-schema.org/draft-06/schema#", - "http://json-schema.org/draft-04/schema#"}; - for (const auto &vocabulary : schema_context.vocabularies) { - if (!SUPPORTED_VOCABULARIES.contains(vocabulary.first) && - vocabulary.second) { - throw SchemaVocabularyError(vocabulary.first, - "Cannot compile unsupported vocabulary"); - } - } - - using namespace sourcemeta::jsontoolkit; - -#define COMPILE(vocabulary, _keyword, handler) \ - if (schema_context.vocabularies.contains(vocabulary) && \ - dynamic_context.keyword == (_keyword)) { \ - return internal::handler(context, schema_context, dynamic_context); \ - } - -#define STOP_IF_SIBLING_KEYWORD(vocabulary, _keyword) \ - if (schema_context.vocabularies.contains(vocabulary) && \ - schema_context.schema.is_object() && \ - schema_context.schema.defines(_keyword)) { \ - return {}; \ - } - - // ******************************************** - // 2020-12 - // ******************************************** - - COMPILE("https://json-schema.org/draft/2020-12/vocab/core", "$dynamicRef", - compiler_2020_12_core_dynamicref); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "prefixItems", compiler_2020_12_applicator_prefixitems); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "items", - compiler_2020_12_applicator_items); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "contains", - compiler_2020_12_applicator_contains); - - // Same as 2019-09 - - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "dependentRequired", compiler_2019_09_validation_dependentrequired); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "dependentSchemas", compiler_2019_09_applicator_dependentschemas); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "properties", compiler_2019_09_applicator_properties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "patternProperties", compiler_2019_09_applicator_patternproperties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "additionalProperties", - compiler_2019_09_applicator_additionalproperties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "anyOf", - compiler_2019_09_applicator_anyof); - COMPILE("https://json-schema.org/draft/2020-12/vocab/unevaluated", - "unevaluatedProperties", - compiler_2019_09_applicator_unevaluatedproperties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/unevaluated", - "unevaluatedItems", compiler_2019_09_applicator_unevaluateditems); - - // Same as Draft 7 - - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "if", - compiler_draft7_applicator_if); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "then", - compiler_draft7_applicator_then); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "else", - compiler_draft7_applicator_else); - - // Same as Draft 6 - - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "propertyNames", compiler_draft6_validation_propertynames); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "type", - compiler_draft6_validation_type); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "const", - compiler_draft6_validation_const); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "exclusiveMaximum", compiler_draft6_validation_exclusivemaximum); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "exclusiveMinimum", compiler_draft6_validation_exclusiveminimum); - - // Same as Draft 4 - - // As per compatibility optional test - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", - "dependencies", compiler_draft4_applicator_dependencies); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/core", "$ref", - compiler_draft4_core_ref); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "allOf", - compiler_draft4_applicator_allof); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "oneOf", - compiler_draft4_applicator_oneof); - COMPILE("https://json-schema.org/draft/2020-12/vocab/applicator", "not", - compiler_draft4_applicator_not); - - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "enum", - compiler_draft4_validation_enum); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "uniqueItems", compiler_draft4_validation_uniqueitems); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "maxItems", - compiler_draft4_validation_maxitems); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "minItems", - compiler_draft4_validation_minitems); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "required", - compiler_draft4_validation_required); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "maxProperties", compiler_draft4_validation_maxproperties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "minProperties", compiler_draft4_validation_minproperties); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "maximum", - compiler_draft4_validation_maximum); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "minimum", - compiler_draft4_validation_minimum); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", - "multipleOf", compiler_draft4_validation_multipleof); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "maxLength", - compiler_draft4_validation_maxlength); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "minLength", - compiler_draft4_validation_minlength); - COMPILE("https://json-schema.org/draft/2020-12/vocab/validation", "pattern", - compiler_draft4_validation_pattern); - - // ******************************************** - // 2019-09 - // ******************************************** - - COMPILE("https://json-schema.org/draft/2019-09/vocab/core", "$recursiveRef", - compiler_2019_09_core_recursiveref); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "dependentRequired", compiler_2019_09_validation_dependentrequired); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "dependentSchemas", compiler_2019_09_applicator_dependentschemas); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "contains", - compiler_2019_09_applicator_contains); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "unevaluatedItems", compiler_2019_09_applicator_unevaluateditems); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "unevaluatedProperties", - compiler_2019_09_applicator_unevaluatedproperties); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "items", - compiler_2019_09_applicator_items); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "additionalItems", compiler_2019_09_applicator_additionalitems); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "anyOf", - compiler_2019_09_applicator_anyof); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "properties", compiler_2019_09_applicator_properties); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "patternProperties", compiler_2019_09_applicator_patternproperties); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "additionalProperties", - compiler_2019_09_applicator_additionalproperties); - - // Same as Draft 7 - - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "if", - compiler_draft7_applicator_if); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "then", - compiler_draft7_applicator_then); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "else", - compiler_draft7_applicator_else); - - // Same as Draft 6 - - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "propertyNames", compiler_draft6_validation_propertynames); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "type", - compiler_draft6_validation_type); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "const", - compiler_draft6_validation_const); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "exclusiveMaximum", compiler_draft6_validation_exclusivemaximum); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "exclusiveMinimum", compiler_draft6_validation_exclusiveminimum); - - // Same as Draft 4 - - // As per compatibility optional test - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", - "dependencies", compiler_draft4_applicator_dependencies); - - COMPILE("https://json-schema.org/draft/2019-09/vocab/core", "$ref", - compiler_draft4_core_ref); - - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "allOf", - compiler_draft4_applicator_allof); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "oneOf", - compiler_draft4_applicator_oneof); - COMPILE("https://json-schema.org/draft/2019-09/vocab/applicator", "not", - compiler_draft4_applicator_not); - - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "enum", - compiler_draft4_validation_enum); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "uniqueItems", compiler_draft4_validation_uniqueitems); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "maxItems", - compiler_draft4_validation_maxitems); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "minItems", - compiler_draft4_validation_minitems); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "required", - compiler_draft4_validation_required); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "maxProperties", compiler_draft4_validation_maxproperties); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "minProperties", compiler_draft4_validation_minproperties); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "maximum", - compiler_draft4_validation_maximum); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "minimum", - compiler_draft4_validation_minimum); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", - "multipleOf", compiler_draft4_validation_multipleof); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "maxLength", - compiler_draft4_validation_maxlength); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "minLength", - compiler_draft4_validation_minlength); - COMPILE("https://json-schema.org/draft/2019-09/vocab/validation", "pattern", - compiler_draft4_validation_pattern); - - // ******************************************** - // DRAFT 7 - // ******************************************** - - COMPILE("http://json-schema.org/draft-07/schema#", "$ref", - compiler_draft4_core_ref); - STOP_IF_SIBLING_KEYWORD("http://json-schema.org/draft-07/schema#", "$ref"); - - // Any - COMPILE("http://json-schema.org/draft-07/schema#", "if", - compiler_draft7_applicator_if); - COMPILE("http://json-schema.org/draft-07/schema#", "then", - compiler_draft7_applicator_then); - COMPILE("http://json-schema.org/draft-07/schema#", "else", - compiler_draft7_applicator_else); - - // Same as Draft 6 - - COMPILE("http://json-schema.org/draft-07/schema#", "type", - compiler_draft6_validation_type); - COMPILE("http://json-schema.org/draft-07/schema#", "const", - compiler_draft6_validation_const); - COMPILE("http://json-schema.org/draft-07/schema#", "contains", - compiler_draft6_applicator_contains); - COMPILE("http://json-schema.org/draft-07/schema#", "propertyNames", - compiler_draft6_validation_propertynames); - COMPILE("http://json-schema.org/draft-07/schema#", "exclusiveMaximum", - compiler_draft6_validation_exclusivemaximum); - COMPILE("http://json-schema.org/draft-07/schema#", "exclusiveMinimum", - compiler_draft6_validation_exclusiveminimum); - - // Same as Draft 4 - - COMPILE("http://json-schema.org/draft-07/schema#", "allOf", - compiler_draft4_applicator_allof); - COMPILE("http://json-schema.org/draft-07/schema#", "anyOf", - compiler_draft4_applicator_anyof); - COMPILE("http://json-schema.org/draft-07/schema#", "oneOf", - compiler_draft4_applicator_oneof); - COMPILE("http://json-schema.org/draft-07/schema#", "not", - compiler_draft4_applicator_not); - COMPILE("http://json-schema.org/draft-07/schema#", "enum", - compiler_draft4_validation_enum); - - COMPILE("http://json-schema.org/draft-07/schema#", "items", - compiler_draft4_applicator_items); - COMPILE("http://json-schema.org/draft-07/schema#", "additionalItems", - compiler_draft4_applicator_additionalitems); - COMPILE("http://json-schema.org/draft-07/schema#", "uniqueItems", - compiler_draft4_validation_uniqueitems); - COMPILE("http://json-schema.org/draft-07/schema#", "maxItems", - compiler_draft4_validation_maxitems); - COMPILE("http://json-schema.org/draft-07/schema#", "minItems", - compiler_draft4_validation_minitems); - - COMPILE("http://json-schema.org/draft-07/schema#", "required", - compiler_draft4_validation_required); - COMPILE("http://json-schema.org/draft-07/schema#", "maxProperties", - compiler_draft4_validation_maxproperties); - COMPILE("http://json-schema.org/draft-07/schema#", "minProperties", - compiler_draft4_validation_minproperties); - COMPILE("http://json-schema.org/draft-07/schema#", "properties", - compiler_draft4_applicator_properties); - COMPILE("http://json-schema.org/draft-07/schema#", "patternProperties", - compiler_draft4_applicator_patternproperties); - COMPILE("http://json-schema.org/draft-07/schema#", "additionalProperties", - compiler_draft4_applicator_additionalproperties); - COMPILE("http://json-schema.org/draft-07/schema#", "dependencies", - compiler_draft4_applicator_dependencies); - - COMPILE("http://json-schema.org/draft-07/schema#", "maximum", - compiler_draft4_validation_maximum); - COMPILE("http://json-schema.org/draft-07/schema#", "minimum", - compiler_draft4_validation_minimum); - COMPILE("http://json-schema.org/draft-07/schema#", "multipleOf", - compiler_draft4_validation_multipleof); - - COMPILE("http://json-schema.org/draft-07/schema#", "maxLength", - compiler_draft4_validation_maxlength); - COMPILE("http://json-schema.org/draft-07/schema#", "minLength", - compiler_draft4_validation_minlength); - COMPILE("http://json-schema.org/draft-07/schema#", "pattern", - compiler_draft4_validation_pattern); - - // ******************************************** - // DRAFT 6 - // ******************************************** - - COMPILE("http://json-schema.org/draft-06/schema#", "$ref", - compiler_draft4_core_ref); - STOP_IF_SIBLING_KEYWORD("http://json-schema.org/draft-06/schema#", "$ref"); - - // Any - COMPILE("http://json-schema.org/draft-06/schema#", "type", - compiler_draft6_validation_type); - COMPILE("http://json-schema.org/draft-06/schema#", "const", - compiler_draft6_validation_const); - - // Array - COMPILE("http://json-schema.org/draft-06/schema#", "contains", - compiler_draft6_applicator_contains); - - // Object - COMPILE("http://json-schema.org/draft-06/schema#", "propertyNames", - compiler_draft6_validation_propertynames); - - // Number - COMPILE("http://json-schema.org/draft-06/schema#", "exclusiveMaximum", - compiler_draft6_validation_exclusivemaximum); - COMPILE("http://json-schema.org/draft-06/schema#", "exclusiveMinimum", - compiler_draft6_validation_exclusiveminimum); - - // Same as Draft 4 - - COMPILE("http://json-schema.org/draft-06/schema#", "allOf", - compiler_draft4_applicator_allof); - COMPILE("http://json-schema.org/draft-06/schema#", "anyOf", - compiler_draft4_applicator_anyof); - COMPILE("http://json-schema.org/draft-06/schema#", "oneOf", - compiler_draft4_applicator_oneof); - COMPILE("http://json-schema.org/draft-06/schema#", "not", - compiler_draft4_applicator_not); - COMPILE("http://json-schema.org/draft-06/schema#", "enum", - compiler_draft4_validation_enum); - - COMPILE("http://json-schema.org/draft-06/schema#", "items", - compiler_draft4_applicator_items); - COMPILE("http://json-schema.org/draft-06/schema#", "additionalItems", - compiler_draft4_applicator_additionalitems); - COMPILE("http://json-schema.org/draft-06/schema#", "uniqueItems", - compiler_draft4_validation_uniqueitems); - COMPILE("http://json-schema.org/draft-06/schema#", "maxItems", - compiler_draft4_validation_maxitems); - COMPILE("http://json-schema.org/draft-06/schema#", "minItems", - compiler_draft4_validation_minitems); - - COMPILE("http://json-schema.org/draft-06/schema#", "required", - compiler_draft4_validation_required); - COMPILE("http://json-schema.org/draft-06/schema#", "maxProperties", - compiler_draft4_validation_maxproperties); - COMPILE("http://json-schema.org/draft-06/schema#", "minProperties", - compiler_draft4_validation_minproperties); - COMPILE("http://json-schema.org/draft-06/schema#", "properties", - compiler_draft4_applicator_properties); - COMPILE("http://json-schema.org/draft-06/schema#", "patternProperties", - compiler_draft4_applicator_patternproperties); - COMPILE("http://json-schema.org/draft-06/schema#", "additionalProperties", - compiler_draft4_applicator_additionalproperties); - COMPILE("http://json-schema.org/draft-06/schema#", "dependencies", - compiler_draft4_applicator_dependencies); - - COMPILE("http://json-schema.org/draft-06/schema#", "maximum", - compiler_draft4_validation_maximum); - COMPILE("http://json-schema.org/draft-06/schema#", "minimum", - compiler_draft4_validation_minimum); - COMPILE("http://json-schema.org/draft-06/schema#", "multipleOf", - compiler_draft4_validation_multipleof); - - COMPILE("http://json-schema.org/draft-06/schema#", "maxLength", - compiler_draft4_validation_maxlength); - COMPILE("http://json-schema.org/draft-06/schema#", "minLength", - compiler_draft4_validation_minlength); - COMPILE("http://json-schema.org/draft-06/schema#", "pattern", - compiler_draft4_validation_pattern); - - // ******************************************** - // DRAFT 4 - // ******************************************** - - COMPILE("http://json-schema.org/draft-04/schema#", "$ref", - compiler_draft4_core_ref); - STOP_IF_SIBLING_KEYWORD("http://json-schema.org/draft-04/schema#", "$ref"); - - // Applicators - COMPILE("http://json-schema.org/draft-04/schema#", "allOf", - compiler_draft4_applicator_allof); - COMPILE("http://json-schema.org/draft-04/schema#", "anyOf", - compiler_draft4_applicator_anyof); - COMPILE("http://json-schema.org/draft-04/schema#", "oneOf", - compiler_draft4_applicator_oneof); - COMPILE("http://json-schema.org/draft-04/schema#", "not", - compiler_draft4_applicator_not); - COMPILE("http://json-schema.org/draft-04/schema#", "properties", - compiler_draft4_applicator_properties); - COMPILE("http://json-schema.org/draft-04/schema#", "patternProperties", - compiler_draft4_applicator_patternproperties); - COMPILE("http://json-schema.org/draft-04/schema#", "additionalProperties", - compiler_draft4_applicator_additionalproperties); - COMPILE("http://json-schema.org/draft-04/schema#", "items", - compiler_draft4_applicator_items); - COMPILE("http://json-schema.org/draft-04/schema#", "additionalItems", - compiler_draft4_applicator_additionalitems); - COMPILE("http://json-schema.org/draft-04/schema#", "dependencies", - compiler_draft4_applicator_dependencies); - - // Any - COMPILE("http://json-schema.org/draft-04/schema#", "type", - compiler_draft4_validation_type); - COMPILE("http://json-schema.org/draft-04/schema#", "enum", - compiler_draft4_validation_enum); - - // Object - COMPILE("http://json-schema.org/draft-04/schema#", "required", - compiler_draft4_validation_required); - COMPILE("http://json-schema.org/draft-04/schema#", "maxProperties", - compiler_draft4_validation_maxproperties); - COMPILE("http://json-schema.org/draft-04/schema#", "minProperties", - compiler_draft4_validation_minproperties); - - // Array - COMPILE("http://json-schema.org/draft-04/schema#", "uniqueItems", - compiler_draft4_validation_uniqueitems); - COMPILE("http://json-schema.org/draft-04/schema#", "maxItems", - compiler_draft4_validation_maxitems); - COMPILE("http://json-schema.org/draft-04/schema#", "minItems", - compiler_draft4_validation_minitems); - - // String - COMPILE("http://json-schema.org/draft-04/schema#", "pattern", - compiler_draft4_validation_pattern); - COMPILE("http://json-schema.org/draft-04/schema#", "maxLength", - compiler_draft4_validation_maxlength); - COMPILE("http://json-schema.org/draft-04/schema#", "minLength", - compiler_draft4_validation_minlength); - COMPILE("http://json-schema.org/draft-04/schema#", "format", - compiler_draft4_validation_format); - - // Number - COMPILE("http://json-schema.org/draft-04/schema#", "maximum", - compiler_draft4_validation_maximum); - COMPILE("http://json-schema.org/draft-04/schema#", "minimum", - compiler_draft4_validation_minimum); - COMPILE("http://json-schema.org/draft-04/schema#", "multipleOf", - compiler_draft4_validation_multipleof); - -#undef COMPILE -#undef STOP_IF_SIBLING_KEYWORD - - if ((schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/core") || - schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/core")) && - !dynamic_context.keyword.starts_with('$') && - dynamic_context.keyword != "definitions") { - - // We handle these keywords as part of "contains" - if ((schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/validation") || - schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/validation")) && - (dynamic_context.keyword == "minContains" || - dynamic_context.keyword == "maxContains")) { - return {}; - } - - return internal::compiler_2019_09_core_annotation(context, schema_context, - dynamic_context); - } - - return {}; -} diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler_2019_09.h b/vendor/jsontoolkit/src/jsonschema/default_compiler_2019_09.h deleted file mode 100644 index 36c4957b..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler_2019_09.h +++ /dev/null @@ -1,345 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_2019_09_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_2019_09_H_ - -#include -#include - -#include "compile_helpers.h" -#include "default_compiler_draft4.h" - -namespace internal { -using namespace sourcemeta::jsontoolkit; - -auto compiler_2019_09_applicator_dependentschemas( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_object()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - SchemaCompilerTemplate children; - - // To guarantee order - std::vector dependents; - for (const auto &entry : - schema_context.schema.at(dynamic_context.keyword).as_object()) { - dependents.push_back(entry.first); - } - std::sort(dependents.begin(), dependents.end()); - - for (const auto &dependent : dependents) { - const auto &dependency{ - schema_context.schema.at(dynamic_context.keyword).at(dependent)}; - if (!is_schema(dependency)) { - continue; - } - - if (!dependency.is_boolean() || !dependency.to_boolean()) { - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueString{dependent}, - compile(context, schema_context, relative_dynamic_context, - {dependent}, empty_pointer))); - } - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object, - std::move(children))}; -} - -auto compiler_2019_09_validation_dependentrequired( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (!schema_context.schema.at(dynamic_context.keyword).is_object()) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - SchemaCompilerValueStringMap dependencies; - for (const auto &entry : - schema_context.schema.at(dynamic_context.keyword).as_object()) { - if (!entry.second.is_array()) { - continue; - } - - std::vector properties; - for (const auto &property : entry.second.as_array()) { - assert(property.is_string()); - properties.push_back(property.to_string()); - } - - if (!properties.empty()) { - dependencies.emplace(entry.first, std::move(properties)); - } - } - - if (dependencies.empty()) { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, std::move(dependencies))}; -} - -auto compiler_2019_09_core_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; -} - -auto compiler_2019_09_applicator_contains_conditional_annotate( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - std::size_t minimum{1}; - if (schema_context.schema.defines("minContains")) { - if (schema_context.schema.at("minContains").is_integer() && - schema_context.schema.at("minContains").is_positive()) { - minimum = static_cast( - schema_context.schema.at("minContains").to_integer()); - } else if (schema_context.schema.at("minContains").is_real() && - schema_context.schema.at("minContains").is_positive()) { - minimum = static_cast( - schema_context.schema.at("minContains").as_integer()); - } - } - - std::optional maximum; - if (schema_context.schema.defines("maxContains")) { - if (schema_context.schema.at("maxContains").is_integer() && - schema_context.schema.at("maxContains").is_positive()) { - maximum = schema_context.schema.at("maxContains").to_integer(); - } else if (schema_context.schema.at("maxContains").is_real() && - schema_context.schema.at("maxContains").is_positive()) { - maximum = schema_context.schema.at("maxContains").as_integer(); - } - } - - if (maximum.has_value() && minimum > maximum.value()) { - return {make(true, context, schema_context, - dynamic_context, - SchemaCompilerValueNone{})}; - } - - if (minimum == 0 && !maximum.has_value()) { - return {}; - } - - SchemaCompilerTemplate children{compile(context, schema_context, - relative_dynamic_context, - empty_pointer, empty_pointer)}; - - if (annotate) { - children.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{})); - - // TODO: If after emitting the above annotation, the number of annotations - // for the current schema location + instance location is equal to the - // array size (which means we annotated all of the items), then emit - // an annotation "true" - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueRange{ - minimum, maximum, - // TODO: We only need to be exhaustive here if `unevaluatedItems` is - // in use on the schema. Can we pre-determine that and speed things up - // if not? - annotate}, - std::move(children))}; -} - -auto compiler_2019_09_applicator_contains( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_2019_09_applicator_contains_conditional_annotate( - context, schema_context, dynamic_context, false); -} - -auto compiler_2019_09_applicator_additionalproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_additionalproperties_conditional_annotation( - context, schema_context, dynamic_context, true); -} - -auto compiler_2019_09_applicator_items( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_items_conditional_annotation( - context, schema_context, dynamic_context, true); -} - -auto compiler_2019_09_applicator_additionalitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_additionalitems_conditional_annotation( - context, schema_context, dynamic_context, true); -} - -auto compiler_2019_09_applicator_unevaluateditems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - SchemaCompilerTemplate children{compile(context, schema_context, - relative_dynamic_context, - empty_pointer, empty_pointer)}; - children.push_back(make( - true, context, schema_context, relative_dynamic_context, JSON{true})); - - if (schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/applicator")) { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueItemsAnnotationKeywords{ - "items", {}, {"items", "additionalItems", "unevaluatedItems"}}, - std::move(children))}; - } else if (schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/applicator")) { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueItemsAnnotationKeywords{ - "prefixItems", - {"contains"}, - {"prefixItems", "items", "contains", "unevaluatedItems"}}, - std::move(children))}; - } else { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueStrings{"unevaluatedItems"}, std::move(children))}; - } -} - -auto compiler_2019_09_applicator_unevaluatedproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - SchemaCompilerValueStrings dependencies{"unevaluatedProperties"}; - - if (schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/applicator")) { - dependencies.push_back("properties"); - dependencies.push_back("patternProperties"); - dependencies.push_back("additionalProperties"); - } - - if (schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/applicator")) { - dependencies.push_back("properties"); - dependencies.push_back("patternProperties"); - dependencies.push_back("additionalProperties"); - } - - SchemaCompilerTemplate children{compile(context, schema_context, - relative_dynamic_context, - empty_pointer, empty_pointer)}; - children.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{})); - - return {make( - true, context, schema_context, dynamic_context, std::move(dependencies), - std::move(children))}; -} - -auto compiler_2019_09_core_recursiveref( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - const auto current{ - to_uri(schema_context.relative_pointer, schema_context.base).recompose()}; - assert(context.frame.contains({ReferenceType::Static, current})); - const auto &entry{context.frame.at({ReferenceType::Static, current})}; - // In this case, just behave as a normal static reference - if (!context.references.contains({ReferenceType::Dynamic, entry.pointer})) { - return compiler_draft4_core_ref(context, schema_context, dynamic_context); - } - - return {make( - true, context, schema_context, dynamic_context, "")}; -} - -auto compiler_2019_09_applicator_anyof( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_anyof_conditional_exhaustive( - context, schema_context, dynamic_context, - // TODO: This set to true means that every disjunction of `anyOf` - // is always evaluated. In fact, we only need to enable this if - // the schema makes any use of `unevaluatedItems` or - // `unevaluatedProperties` - true); -} - -auto compiler_2019_09_applicator_properties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_properties_conditional_annotation( - context, schema_context, dynamic_context, true); -} - -auto compiler_2019_09_applicator_patternproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_patternproperties_conditional_annotation( - context, schema_context, dynamic_context, true); -} - -} // namespace internal -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler_2020_12.h b/vendor/jsontoolkit/src/jsonschema/default_compiler_2020_12.h deleted file mode 100644 index 8d184028..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler_2020_12.h +++ /dev/null @@ -1,76 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_2020_12_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_2020_12_H_ - -#include -#include -#include - -#include "compile_helpers.h" -#include "default_compiler_draft4.h" - -namespace internal { -using namespace sourcemeta::jsontoolkit; - -auto compiler_2020_12_applicator_prefixitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_items_array(context, schema_context, - dynamic_context, true); -} - -auto compiler_2020_12_applicator_items( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - const auto cursor{(schema_context.schema.defines("prefixItems") && - schema_context.schema.at("prefixItems").is_array()) - ? schema_context.schema.at("prefixItems").size() - : 0}; - - return compiler_draft4_applicator_additionalitems_from_cursor( - context, schema_context, dynamic_context, cursor, true); -} - -auto compiler_2020_12_applicator_contains( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_2019_09_applicator_contains_conditional_annotate( - context, schema_context, dynamic_context, true); -} - -auto compiler_2020_12_core_dynamicref( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - const auto current{ - to_uri(schema_context.relative_pointer, schema_context.base).recompose()}; - assert(context.frame.contains({ReferenceType::Static, current})); - const auto &entry{context.frame.at({ReferenceType::Static, current})}; - // In this case, just behave as a normal static reference - if (!context.references.contains({ReferenceType::Dynamic, entry.pointer})) { - return compiler_draft4_core_ref(context, schema_context, dynamic_context); - } - - assert(schema_context.schema.at(dynamic_context.keyword).is_string()); - URI reference{schema_context.schema.at(dynamic_context.keyword).to_string()}; - reference.resolve_from_if_absolute(schema_context.base); - reference.canonicalize(); - // We handle the non-anchor variant by not treating it as a dynamic reference - assert(reference.fragment().has_value()); - - // Note we don't need to even care about the static part of the dynamic - // reference (if any), as even if we jump first there, we will still - // look for the oldest dynamic anchor in the schema resource chain. - return {make( - true, context, schema_context, dynamic_context, - std::string{reference.fragment().value()})}; -} - -} // namespace internal -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft4.h b/vendor/jsontoolkit/src/jsonschema/default_compiler_draft4.h deleted file mode 100644 index df2c31da..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft4.h +++ /dev/null @@ -1,1364 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT4_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT4_H_ - -#include -#include - -#include // std::sort, std::any_of -#include // assert -#include // std::regex, std::regex_error -#include // std::set -#include // std::ostringstream -#include // std::move - -#include "compile_helpers.h" - -static auto parse_regex(const std::string &pattern, - const sourcemeta::jsontoolkit::URI &base, - const sourcemeta::jsontoolkit::Pointer &schema_location) - -> std::regex { - try { - return std::regex{pattern, std::regex::ECMAScript | std::regex::nosubs}; - } catch (const std::regex_error &) { - std::ostringstream message; - message << "Invalid regular expression: " << pattern; - throw sourcemeta::jsontoolkit::SchemaCompilationError(base, schema_location, - message.str()); - } -} - -namespace internal { -using namespace sourcemeta::jsontoolkit; - -auto compiler_draft4_core_ref( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - // Determine the label - const auto type{ReferenceType::Static}; - const auto current{ - to_uri(schema_context.relative_pointer, schema_context.base).recompose()}; - assert(context.frame.contains({type, current})); - const auto &entry{context.frame.at({type, current})}; - if (!context.references.contains({type, entry.pointer})) { - assert(schema_context.schema.at(dynamic_context.keyword).is_string()); - throw SchemaReferenceError( - schema_context.schema.at(dynamic_context.keyword).to_string(), - entry.pointer, "The schema location is inside of an unknown keyword"); - } - - const auto &reference{context.references.at({type, entry.pointer})}; - const auto label{std::hash{}(reference.destination)}; - - // The label is already registered, so just jump to it - if (schema_context.labels.contains(label)) { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{label})}; - } - - auto new_schema_context{schema_context}; - new_schema_context.references.insert(reference.destination); - - std::size_t direct_children_references{0}; - if (context.frame.contains({type, reference.destination})) { - for (const auto &reference_entry : context.references) { - if (reference_entry.first.second.starts_with( - context.frame.at({type, reference.destination}).pointer)) { - direct_children_references += 1; - } - } - } - - // If the reference is not a recursive one, we can avoid the extra - // overhead of marking the location for future jumps, and pretty much - // just expand the reference destination in place. - const bool is_recursive{ - // This means the reference is directly recursive, by jumping to - // a parent of the reference itself. - (context.frame.contains({type, reference.destination}) && - entry.pointer.starts_with( - context.frame.at({type, reference.destination}).pointer)) || - schema_context.references.contains(reference.destination)}; - - if (!is_recursive && direct_children_references <= 5) { - // TODO: Enable this optimization for 2019-09 on-wards - if (schema_context.vocabularies.contains( - "http://json-schema.org/draft-04/schema#") || - schema_context.vocabularies.contains( - "http://json-schema.org/draft-06/schema#") || - schema_context.vocabularies.contains( - "http://json-schema.org/draft-07/schema#")) { - return compile(context, new_schema_context, dynamic_context, - empty_pointer, empty_pointer, reference.destination); - } else { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueNone{}, - compile(context, new_schema_context, relative_dynamic_context, - empty_pointer, empty_pointer, reference.destination))}; - } - } - - // The idea to handle recursion is to expand the reference once, and when - // doing so, create a "checkpoint" that we can jump back to in a subsequent - // recursive reference. While unrolling the reference once may initially - // feel weird, we do it so we can handle references purely in this keyword - // handler, without having to add logic to every single keyword to check - // whether something points to them and add the "checkpoint" themselves. - new_schema_context.labels.insert(label); - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{label}, - compile(context, new_schema_context, relative_dynamic_context, - empty_pointer, empty_pointer, reference.destination))}; -} - -auto compiler_draft4_validation_type( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.at(dynamic_context.keyword).is_string()) { - const auto &type{ - schema_context.schema.at(dynamic_context.keyword).to_string()}; - if (type == "null") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Null)}; - } else if (type == "boolean") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Boolean)}; - } else if (type == "object") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minProperties", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxProperties")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object)}; - } else if (type == "array") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minItems", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxItems")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Array)}; - } else if (type == "number") { - return {make( - true, context, schema_context, dynamic_context, - std::vector{JSON::Type::Real, JSON::Type::Integer})}; - } else if (type == "integer") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Integer)}; - } else if (type == "string") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minLength", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxLength")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::String)}; - } else { - return {}; - } - } else if (schema_context.schema.at(dynamic_context.keyword).is_array() && - schema_context.schema.at(dynamic_context.keyword).size() == 1 && - schema_context.schema.at(dynamic_context.keyword) - .front() - .is_string()) { - const auto &type{ - schema_context.schema.at(dynamic_context.keyword).front().to_string()}; - if (type == "null") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Null)}; - } else if (type == "boolean") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Boolean)}; - } else if (type == "object") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object)}; - } else if (type == "array") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Array)}; - } else if (type == "number") { - return {make( - true, context, schema_context, dynamic_context, - std::vector{JSON::Type::Real, JSON::Type::Integer})}; - } else if (type == "integer") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Integer)}; - } else if (type == "string") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::String)}; - } else { - return {}; - } - } else if (schema_context.schema.at(dynamic_context.keyword).is_array()) { - std::vector types; - for (const auto &type : - schema_context.schema.at(dynamic_context.keyword).as_array()) { - assert(type.is_string()); - const auto &type_string{type.to_string()}; - if (type_string == "null") { - types.push_back(JSON::Type::Null); - } else if (type_string == "boolean") { - types.push_back(JSON::Type::Boolean); - } else if (type_string == "object") { - types.push_back(JSON::Type::Object); - } else if (type_string == "array") { - types.push_back(JSON::Type::Array); - } else if (type_string == "number") { - types.push_back(JSON::Type::Integer); - types.push_back(JSON::Type::Real); - } else if (type_string == "integer") { - types.push_back(JSON::Type::Integer); - } else if (type_string == "string") { - types.push_back(JSON::Type::String); - } - } - - assert(types.size() >= - schema_context.schema.at(dynamic_context.keyword).size()); - return {make( - true, context, schema_context, dynamic_context, std::move(types))}; - } - - return {}; -} - -auto compiler_draft4_validation_required( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - if (schema_context.schema.at(dynamic_context.keyword).empty()) { - return {}; - } else if (schema_context.schema.at(dynamic_context.keyword).size() > 1) { - std::vector properties; - for (const auto &property : - schema_context.schema.at(dynamic_context.keyword).as_array()) { - assert(property.is_string()); - properties.push_back(property.to_string()); - } - - if (properties.size() == 1) { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueString{*(properties.cbegin())})}; - } else { - return {make( - true, context, schema_context, dynamic_context, - std::move(properties))}; - } - } else { - assert( - schema_context.schema.at(dynamic_context.keyword).front().is_string()); - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueString{ - schema_context.schema.at(dynamic_context.keyword) - .front() - .to_string()})}; - } -} - -auto compiler_draft4_applicator_allof( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - assert(!schema_context.schema.at(dynamic_context.keyword).empty()); - - SchemaCompilerTemplate children; - for (std::uint64_t index = 0; - index < schema_context.schema.at(dynamic_context.keyword).size(); - index++) { - for (auto &&step : - compile(context, schema_context, relative_dynamic_context, - {static_cast(index)})) { - children.push_back(std::move(step)); - } - } - - return {make( - true, context, schema_context, dynamic_context, SchemaCompilerValueNone{}, - std::move(children))}; -} - -auto compiler_draft4_applicator_anyof_conditional_exhaustive( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool exhaustive) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - assert(!schema_context.schema.at(dynamic_context.keyword).empty()); - - SchemaCompilerTemplate disjunctors; - for (std::uint64_t index = 0; - index < schema_context.schema.at(dynamic_context.keyword).size(); - index++) { - disjunctors.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{}, - compile(context, schema_context, relative_dynamic_context, - {static_cast(index)}))); - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueBoolean{exhaustive}, std::move(disjunctors))}; -} - -auto compiler_draft4_applicator_anyof( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_anyof_conditional_exhaustive( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_applicator_oneof( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - assert(!schema_context.schema.at(dynamic_context.keyword).empty()); - - SchemaCompilerTemplate disjunctors; - for (std::uint64_t index = 0; - index < schema_context.schema.at(dynamic_context.keyword).size(); - index++) { - disjunctors.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{}, - compile(context, schema_context, relative_dynamic_context, - {static_cast(index)}))); - } - - return {make( - true, context, schema_context, dynamic_context, SchemaCompilerValueNone{}, - std::move(disjunctors))}; -} - -auto compiler_draft4_applicator_properties_conditional_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_object()); - if (schema_context.schema.at(dynamic_context.keyword).empty()) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - const auto size{schema_context.schema.at(dynamic_context.keyword).size()}; - const auto imports_validation_vocabulary = - schema_context.vocabularies.contains( - "http://json-schema.org/draft-04/schema#") || - schema_context.vocabularies.contains( - "http://json-schema.org/draft-06/schema#") || - schema_context.vocabularies.contains( - "http://json-schema.org/draft-07/schema#") || - schema_context.vocabularies.contains( - "https://json-schema.org/draft/2019-09/vocab/validation") || - schema_context.vocabularies.contains( - "https://json-schema.org/draft/2020-12/vocab/validation"); - std::set required; - if (imports_validation_vocabulary && - schema_context.schema.defines("required") && - schema_context.schema.at("required").is_array()) { - for (const auto &property : - schema_context.schema.at("required").as_array()) { - if (property.is_string() && - // Only count the required property if its indeed in "properties" - schema_context.schema.at(dynamic_context.keyword) - .defines(property.to_string())) { - required.insert(property.to_string()); - } - } - } - - std::size_t is_required = 0; - std::vector> properties; - for (const auto &entry : - schema_context.schema.at(dynamic_context.keyword).as_object()) { - properties.push_back( - {entry.first, compile(context, schema_context, relative_dynamic_context, - {entry.first}, {entry.first})}); - if (required.contains(entry.first)) { - is_required += 1; - } - } - - // In many cases, `properties` have some subschemas that are small - // and some subschemas that are large. To attempt to improve performance, - // we prefer to evaluate smaller subschemas first, in the hope of failing - // earlier without spending a lot of time on other subschemas - std::sort(properties.begin(), properties.end(), - [](const auto &left, const auto &right) { - return (left.second.size() == right.second.size()) - ? (left.first < right.first) - : (left.second.size() < right.second.size()); - }); - - assert(schema_context.relative_pointer.back().is_property()); - assert(schema_context.relative_pointer.back().to_property() == - dynamic_context.keyword); - const auto relative_pointer_size{schema_context.relative_pointer.size()}; - const auto is_directly_inside_oneof{ - relative_pointer_size > 2 && - schema_context.relative_pointer.at(relative_pointer_size - 2) - .is_index() && - schema_context.relative_pointer.at(relative_pointer_size - 3) - .is_property() && - schema_context.relative_pointer.at(relative_pointer_size - 3) - .to_property() == "oneOf"}; - - // There are two ways to compile `properties` depending on whether - // most of the properties are marked as required using `required` - // or whether most of the properties are optional. Each shines - // in the corresponding case. - const auto prefer_loop_over_instance{ - // This strategy only makes sense if most of the properties are "optional" - is_required <= (size / 2) && - // If `properties` only defines a relatively small amount of properties, - // then its probably still faster to unroll - schema_context.schema.at(dynamic_context.keyword).size() > 5 && - // Always unroll inside `oneOf`, to have a better chance at - // short-circuiting quickly - !is_directly_inside_oneof}; - - if (prefer_loop_over_instance) { - SchemaCompilerValueNamedIndexes indexes; - SchemaCompilerTemplate children; - std::size_t cursor = 0; - - for (auto &&[name, substeps] : properties) { - indexes.emplace(name, cursor); - if (annotate) { - substeps.push_back(make( - true, context, schema_context, relative_dynamic_context, - JSON{name})); - } - - // Note that the evaluator completely ignores this wrapper anyway - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{}, std::move(substeps))); - cursor += 1; - } - - return {make( - true, context, schema_context, dynamic_context, std::move(indexes), - std::move(children))}; - } - - SchemaCompilerTemplate children; - - for (auto &&[name, substeps] : properties) { - if (annotate) { - substeps.push_back(make( - true, context, schema_context, relative_dynamic_context, JSON{name})); - } - - const auto assume_object{imports_validation_vocabulary && - schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == - "object"}; - - // We can avoid this "defines" condition if the property is a required one - if (imports_validation_vocabulary && assume_object && - schema_context.schema.defines("required") && - schema_context.schema.at("required").is_array() && - schema_context.schema.at("required").contains(JSON{name})) { - // We can avoid the container too and just inline these steps - for (auto &&substep : substeps) { - children.push_back(std::move(substep)); - } - - // Optimize `properties` where its subschemas just include a type check, - // as that's a very common pattern - - } else if (substeps.size() == 1 && - std::holds_alternative( - substeps.front())) { - const auto &type_step{ - std::get(substeps.front())}; - children.push_back(SchemaCompilerAssertionPropertyTypeStrict{ - type_step.relative_schema_location, - dynamic_context.base_instance_location.concat( - type_step.relative_instance_location), - type_step.keyword_location, type_step.schema_resource, - type_step.dynamic, type_step.report, type_step.value}); - } else if (substeps.size() == 1 && - std::holds_alternative( - substeps.front())) { - const auto &type_step{ - std::get(substeps.front())}; - children.push_back(SchemaCompilerAssertionPropertyType{ - type_step.relative_schema_location, - dynamic_context.base_instance_location.concat( - type_step.relative_instance_location), - type_step.keyword_location, type_step.schema_resource, - type_step.dynamic, type_step.report, type_step.value}); - } else if (substeps.size() == 1 && - std::holds_alternative< - SchemaCompilerAssertionPropertyTypeStrict>( - substeps.front())) { - children.push_back(unroll( - relative_dynamic_context, substeps.front(), - dynamic_context.base_instance_location)); - } else if (substeps.size() == 1 && - std::holds_alternative( - substeps.front())) { - children.push_back(unroll( - relative_dynamic_context, substeps.front(), - dynamic_context.base_instance_location)); - - } else { - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueString{name}, std::move(substeps))); - } - } - - // Optimize away the wrapper when emitting a single instruction - if (children.size() == 1 && - std::holds_alternative( - children.front())) { - return {unroll( - dynamic_context, children.front())}; - } - - return {make( - true, context, schema_context, dynamic_context, SchemaCompilerValueNone{}, - std::move(children))}; -} - -auto compiler_draft4_applicator_properties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_properties_conditional_annotation( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_applicator_patternproperties_conditional_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_object()); - if (schema_context.schema.at(dynamic_context.keyword).empty()) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - SchemaCompilerTemplate children; - - // To guarantee ordering - std::vector patterns; - for (auto &entry : - schema_context.schema.at(dynamic_context.keyword).as_object()) { - patterns.push_back(entry.first); - } - - std::sort(patterns.begin(), patterns.end()); - - // For each regular expression and corresponding subschema in the object - for (const auto &pattern : patterns) { - auto substeps{compile(context, schema_context, relative_dynamic_context, - {pattern}, {})}; - - if (annotate) { - // The evaluator will make sure the same annotation is not reported twice. - // For example, if the same property matches more than one subschema in - // `patternProperties` - substeps.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{})); - } - - // If the `patternProperties` subschema for the given pattern does - // nothing, then we can avoid generating an entire loop for it - if (!substeps.empty()) { - // Loop over the instance properties - children.push_back(make( - // Treat this as an internal step - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueRegex{parse_regex(pattern, schema_context.base, - schema_context.relative_pointer), - pattern}, - std::move(substeps))); - } - } - - if (children.empty()) { - return {}; - } - - // If the instance is an object... - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object, - std::move(children))}; -} - -auto compiler_draft4_applicator_patternproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_patternproperties_conditional_annotation( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_applicator_additionalproperties_conditional_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - SchemaCompilerTemplate children{compile(context, schema_context, - relative_dynamic_context, - empty_pointer, empty_pointer)}; - - if (annotate) { - children.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueNone{})); - } - - SchemaCompilerValuePropertyFilter filter; - - if (schema_context.schema.defines("properties") && - schema_context.schema.at("properties").is_object()) { - for (const auto &entry : - schema_context.schema.at("properties").as_object()) { - filter.first.insert(entry.first); - } - } - - if (schema_context.schema.defines("patternProperties") && - schema_context.schema.at("patternProperties").is_object()) { - for (const auto &entry : - schema_context.schema.at("patternProperties").as_object()) { - filter.second.push_back( - {parse_regex(entry.first, schema_context.base, - schema_context.relative_pointer.initial().concat( - {"patternProperties"})), - entry.first}); - } - } - - if (!filter.first.empty() || !filter.second.empty()) { - return {make( - true, context, schema_context, dynamic_context, std::move(filter), - std::move(children))}; - } else { - if (children.size() == 1) { - // Optimize `additionalProperties` set to just `type`, which is a - // pretty common pattern - if (std::holds_alternative( - children.front())) { - const auto &type_step{ - std::get(children.front())}; - return {make( - true, context, schema_context, dynamic_context, type_step.value)}; - } else if (std::holds_alternative( - children.front())) { - const auto &type_step{ - std::get(children.front())}; - return {make( - true, context, schema_context, dynamic_context, type_step.value)}; - } - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueNone{}, std::move(children))}; - } -} - -auto compiler_draft4_applicator_additionalproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_additionalproperties_conditional_annotation( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_validation_pattern( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_string()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "string") { - return {}; - } - - const auto ®ex_string{ - schema_context.schema.at(dynamic_context.keyword).to_string()}; - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueRegex{parse_regex(regex_string, schema_context.base, - schema_context.relative_pointer), - regex_string})}; -} - -auto compiler_draft4_validation_format( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (!schema_context.schema.at(dynamic_context.keyword).is_string()) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "string") { - return {}; - } - - // Regular expressions - - static const std::string FORMAT_REGEX_IPV4{ - "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.(25[0-5]|2[0-4][0-" - "9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-" - "9][0-9]|[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$"}; - - const auto &format{ - schema_context.schema.at(dynamic_context.keyword).to_string()}; - - if (format == "uri") { - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueStringType::URI)}; - } - -#define COMPILE_FORMAT_REGEX(name, regular_expression) \ - if (format == (name)) { \ - return {make( \ - true, context, schema_context, dynamic_context, \ - SchemaCompilerValueRegex{parse_regex(regular_expression, \ - schema_context.base, \ - schema_context.relative_pointer), \ - (regular_expression)})}; \ - } - - COMPILE_FORMAT_REGEX("ipv4", FORMAT_REGEX_IPV4) - -#undef COMPILE_FORMAT_REGEX - - return {}; -} - -auto compiler_draft4_applicator_not( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return {make( - true, context, schema_context, dynamic_context, SchemaCompilerValueNone{}, - compile(context, schema_context, relative_dynamic_context, empty_pointer, - empty_pointer))}; -} - -auto compiler_draft4_applicator_items_array( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - const auto items_size{ - schema_context.schema.at(dynamic_context.keyword).size()}; - if (items_size == 0) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - // The idea here is to precompile all possibilities depending on the size - // of the instance array up to the size of the `items` keyword array. - // For example, if `items` is set to `[ {}, {}, {} ]`, we create 3 - // conjunctions: - // - [ {}, {}, {} ] if the instance array size is >= 3 - // - [ {}, {} ] if the instance array size is == 2 - // - [ {} ] if the instance array size is == 1 - - // Precompile subschemas - std::vector subschemas; - subschemas.reserve(items_size); - const auto &array{ - schema_context.schema.at(dynamic_context.keyword).as_array()}; - for (auto iterator{array.cbegin()}; iterator != array.cend(); ++iterator) { - subschemas.push_back(compile(context, schema_context, - relative_dynamic_context, {subschemas.size()}, - {subschemas.size()})); - } - - SchemaCompilerTemplate children; - for (std::size_t cursor = items_size; cursor > 0; cursor--) { - SchemaCompilerTemplate subchildren; - for (std::size_t index = 0; index < cursor; index++) { - for (const auto &substep : subschemas.at(index)) { - subchildren.push_back(substep); - } - } - - // The first entry - if (cursor == items_size) { - if (annotate) { - subchildren.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueIndexedJSON{cursor, JSON{true}})); - subchildren.push_back( - make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueIndexedJSON{cursor, JSON{cursor - 1}})); - } - - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueUnsignedInteger{cursor - 1}, - std::move(subchildren))); - } else { - if (annotate) { - subchildren.push_back(make( - true, context, schema_context, relative_dynamic_context, - JSON{cursor - 1})); - } - - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueUnsignedInteger{cursor}, std::move(subchildren))); - } - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Array, - std::move(children))}; -} - -auto compiler_draft4_applicator_items_conditional_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - if (is_schema(schema_context.schema.at(dynamic_context.keyword))) { - if (annotate) { - SchemaCompilerTemplate children; - children.push_back(make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueUnsignedInteger{0}, - compile(context, schema_context, relative_dynamic_context, - empty_pointer, empty_pointer))); - children.push_back(make( - true, context, schema_context, relative_dynamic_context, JSON{true})); - - return {make( - false, context, schema_context, dynamic_context, JSON::Type::Array, - std::move(children))}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{0}, - compile(context, schema_context, relative_dynamic_context, - empty_pointer, empty_pointer))}; - } - - return compiler_draft4_applicator_items_array(context, schema_context, - dynamic_context, annotate); -} - -auto compiler_draft4_applicator_items( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_items_conditional_annotation( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_applicator_additionalitems_from_cursor( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, - const std::size_t cursor, const bool annotate) -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - SchemaCompilerTemplate children{make( - true, context, schema_context, relative_dynamic_context, - SchemaCompilerValueUnsignedInteger{cursor}, - compile(context, schema_context, relative_dynamic_context, empty_pointer, - empty_pointer))}; - - if (annotate) { - children.push_back(make( - true, context, schema_context, relative_dynamic_context, JSON{true})); - } - - return {make( - false, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{cursor}, std::move(children))}; -} - -auto compiler_draft4_applicator_additionalitems_conditional_annotation( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, const bool annotate) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - assert(schema_context.schema.is_object()); - - // Nothing to do here - if (!schema_context.schema.defines("items") || - schema_context.schema.at("items").is_object()) { - return {}; - } - - const auto cursor{(schema_context.schema.defines("items") && - schema_context.schema.at("items").is_array()) - ? schema_context.schema.at("items").size() - : 0}; - - return compiler_draft4_applicator_additionalitems_from_cursor( - context, schema_context, dynamic_context, cursor, annotate); -} - -auto compiler_draft4_applicator_additionalitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return compiler_draft4_applicator_additionalitems_conditional_annotation( - context, schema_context, dynamic_context, false); -} - -auto compiler_draft4_applicator_dependencies( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - assert(schema_context.schema.at(dynamic_context.keyword).is_object()); - SchemaCompilerTemplate children; - SchemaCompilerValueStringMap dependencies; - - for (const auto &entry : - schema_context.schema.at(dynamic_context.keyword).as_object()) { - if (is_schema(entry.second)) { - if (!entry.second.is_boolean() || !entry.second.to_boolean()) { - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - SchemaCompilerValueString{entry.first}, - compile(context, schema_context, relative_dynamic_context, - {entry.first}, empty_pointer))); - } - } else if (entry.second.is_array()) { - std::vector properties; - for (const auto &property : entry.second.as_array()) { - assert(property.is_string()); - properties.push_back(property.to_string()); - } - - if (!properties.empty()) { - dependencies.emplace(entry.first, std::move(properties)); - } - } - } - - if (!dependencies.empty()) { - children.push_back(make( - false, context, schema_context, relative_dynamic_context, - std::move(dependencies))); - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object, - std::move(children))}; -} - -auto compiler_draft4_validation_enum( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_array()); - - if (schema_context.schema.at(dynamic_context.keyword).size() == 1) { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword).front()})}; - } - - std::vector options; - for (const auto &option : - schema_context.schema.at(dynamic_context.keyword).as_array()) { - options.push_back(option); - } - - return {make( - true, context, schema_context, dynamic_context, std::move(options))}; -} - -auto compiler_draft4_validation_uniqueitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (!schema_context.schema.at(dynamic_context.keyword).is_boolean() || - !schema_context.schema.at(dynamic_context.keyword).to_boolean()) { - return {}; - } - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - return {make(true, context, schema_context, - dynamic_context, - SchemaCompilerValueNone{})}; -} - -auto compiler_draft4_validation_maxlength( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "string") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "string") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) + - 1})}; -} - -auto compiler_draft4_validation_minlength( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "string") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "string") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) - - 1})}; -} - -auto compiler_draft4_validation_maxitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "array") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) + - 1})}; -} - -auto compiler_draft4_validation_minitems( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "array") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) - - 1})}; -} - -auto compiler_draft4_validation_maxproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "object") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) + - 1})}; -} - -auto compiler_draft4_validation_minproperties( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_integer() || - schema_context.schema.at(dynamic_context.keyword).is_integer_real()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "object") { - return {}; - } - - // We'll handle it at the type level as an optimization - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() == "object") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueUnsignedInteger{ - static_cast( - schema_context.schema.at(dynamic_context.keyword).as_integer()) - - 1})}; -} - -auto compiler_draft4_validation_maximum( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_number()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "integer" && - schema_context.schema.at("type").to_string() != "number") { - return {}; - } - - // TODO: As an optimization, if `minimum` is set to the same number, do - // a single equality assertion - - assert(schema_context.schema.is_object()); - if (schema_context.schema.defines("exclusiveMaximum") && - schema_context.schema.at("exclusiveMaximum").is_boolean() && - schema_context.schema.at("exclusiveMaximum").to_boolean()) { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; - } else { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; - } -} - -auto compiler_draft4_validation_minimum( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_number()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "integer" && - schema_context.schema.at("type").to_string() != "number") { - return {}; - } - - // TODO: As an optimization, if `maximum` is set to the same number, do - // a single equality assertion - - assert(schema_context.schema.is_object()); - if (schema_context.schema.defines("exclusiveMinimum") && - schema_context.schema.at("exclusiveMinimum").is_boolean() && - schema_context.schema.at("exclusiveMinimum").to_boolean()) { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; - } else { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; - } -} - -auto compiler_draft4_validation_multipleof( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_number()); - assert(schema_context.schema.at(dynamic_context.keyword).is_positive()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "integer" && - schema_context.schema.at("type").to_string() != "number") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; -} - -} // namespace internal -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft6.h b/vendor/jsontoolkit/src/jsonschema/default_compiler_draft6.h deleted file mode 100644 index 977202cd..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft6.h +++ /dev/null @@ -1,224 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT6_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT6_H_ - -#include -#include - -#include "compile_helpers.h" - -namespace internal { -using namespace sourcemeta::jsontoolkit; - -auto compiler_draft6_validation_type( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.at(dynamic_context.keyword).is_string()) { - const auto &type{ - schema_context.schema.at(dynamic_context.keyword).to_string()}; - if (type == "null") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Null)}; - } else if (type == "boolean") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Boolean)}; - } else if (type == "object") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minProperties", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxProperties")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object)}; - } else if (type == "array") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minItems", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxItems")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Array)}; - } else if (type == "number") { - return {make( - true, context, schema_context, dynamic_context, - std::vector{JSON::Type::Real, JSON::Type::Integer})}; - } else if (type == "integer") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Integer)}; - } else if (type == "string") { - const auto minimum{ - unsigned_integer_property(schema_context.schema, "minLength", 0)}; - const auto maximum{ - unsigned_integer_property(schema_context.schema, "maxLength")}; - if (minimum > 0 || maximum.has_value()) { - return {make( - true, context, schema_context, dynamic_context, - {minimum, maximum, false})}; - } - - return {make( - true, context, schema_context, dynamic_context, JSON::Type::String)}; - } else { - return {}; - } - } else if (schema_context.schema.at(dynamic_context.keyword).is_array() && - schema_context.schema.at(dynamic_context.keyword).size() == 1 && - schema_context.schema.at(dynamic_context.keyword) - .front() - .is_string()) { - const auto &type{ - schema_context.schema.at(dynamic_context.keyword).front().to_string()}; - if (type == "null") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Null)}; - } else if (type == "boolean") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Boolean)}; - } else if (type == "object") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Object)}; - } else if (type == "array") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Array)}; - } else if (type == "number") { - return {make( - true, context, schema_context, dynamic_context, - std::vector{JSON::Type::Real, JSON::Type::Integer})}; - } else if (type == "integer") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::Integer)}; - } else if (type == "string") { - return {make( - true, context, schema_context, dynamic_context, JSON::Type::String)}; - } else { - return {}; - } - } else if (schema_context.schema.at(dynamic_context.keyword).is_array()) { - std::vector types; - for (const auto &type : - schema_context.schema.at(dynamic_context.keyword).as_array()) { - assert(type.is_string()); - const auto &type_string{type.to_string()}; - if (type_string == "null") { - types.push_back(JSON::Type::Null); - } else if (type_string == "boolean") { - types.push_back(JSON::Type::Boolean); - } else if (type_string == "object") { - types.push_back(JSON::Type::Object); - } else if (type_string == "array") { - types.push_back(JSON::Type::Array); - } else if (type_string == "number") { - types.push_back(JSON::Type::Integer); - types.push_back(JSON::Type::Real); - } else if (type_string == "integer") { - types.push_back(JSON::Type::Integer); - } else if (type_string == "string") { - types.push_back(JSON::Type::String); - } - } - - assert(types.size() >= - schema_context.schema.at(dynamic_context.keyword).size()); - return {make( - true, context, schema_context, dynamic_context, std::move(types))}; - } - - return {}; -} - -auto compiler_draft6_validation_const( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; -} - -auto compiler_draft6_validation_exclusivemaximum( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_number()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "integer" && - schema_context.schema.at("type").to_string() != "number") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; -} - -auto compiler_draft6_validation_exclusiveminimum( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - assert(schema_context.schema.at(dynamic_context.keyword).is_number()); - - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "integer" && - schema_context.schema.at("type").to_string() != "number") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - JSON{schema_context.schema.at(dynamic_context.keyword)})}; -} - -auto compiler_draft6_applicator_contains( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "array") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, - SchemaCompilerValueRange{1, std::nullopt, false}, - compile(context, schema_context, relative_dynamic_context, empty_pointer, - empty_pointer))}; -} - -auto compiler_draft6_validation_propertynames( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - if (schema_context.schema.defines("type") && - schema_context.schema.at("type").is_string() && - schema_context.schema.at("type").to_string() != "string") { - return {}; - } - - return {make( - true, context, schema_context, dynamic_context, SchemaCompilerValueNone{}, - compile(context, schema_context, relative_dynamic_context, empty_pointer, - empty_pointer))}; -} - -} // namespace internal -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft7.h b/vendor/jsontoolkit/src/jsonschema/default_compiler_draft7.h deleted file mode 100644 index 1bfd6a66..00000000 --- a/vendor/jsontoolkit/src/jsonschema/default_compiler_draft7.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT7_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_DEFAULT_COMPILER_DRAFT7_H_ - -#include -#include - -#include "compile_helpers.h" - -namespace internal { -using namespace sourcemeta::jsontoolkit; - -// TODO: Don't generate `if` if neither `then` nor `else` is defined -auto compiler_draft7_applicator_if( - const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context) - -> SchemaCompilerTemplate { - // `if` - SchemaCompilerTemplate children{compile( - context, schema_context, dynamic_context, empty_pointer, empty_pointer)}; - - // `then` - std::size_t then_cursor{0}; - if (schema_context.schema.defines("then")) { - then_cursor = children.size(); - const auto destination{ - to_uri(schema_context.relative_pointer.initial().concat({"then"}), - schema_context.base) - .recompose()}; - assert(context.frame.contains({ReferenceType::Static, destination})); - for (auto &&step : - compile(context, schema_context, relative_dynamic_context, {"then"}, - empty_pointer, destination)) { - children.push_back(std::move(step)); - } - - // In this case, `if` did nothing, so we can short-circuit - if (then_cursor == 0) { - return children; - } - } - - // `else` - std::size_t else_cursor{0}; - if (schema_context.schema.defines("else")) { - else_cursor = children.size(); - const auto destination{ - to_uri(schema_context.relative_pointer.initial().concat({"else"}), - schema_context.base) - .recompose()}; - assert(context.frame.contains({ReferenceType::Static, destination})); - for (auto &&step : - compile(context, schema_context, relative_dynamic_context, {"else"}, - empty_pointer, destination)) { - children.push_back(std::move(step)); - } - } - - return {make( - false, context, - {schema_context.relative_pointer.initial(), schema_context.schema, - schema_context.vocabularies, schema_context.base, schema_context.labels, - schema_context.references}, - relative_dynamic_context, {then_cursor, else_cursor}, - std::move(children))}; -} - -// We handle `then` as part of `if` -auto compiler_draft7_applicator_then(const SchemaCompilerContext &, - const SchemaCompilerSchemaContext &, - const SchemaCompilerDynamicContext &) - -> SchemaCompilerTemplate { - return {}; -} - -// We handle `else` as part of `if` -auto compiler_draft7_applicator_else(const SchemaCompilerContext &, - const SchemaCompilerSchemaContext &, - const SchemaCompilerDynamicContext &) - -> SchemaCompilerTemplate { - return {}; -} - -} // namespace internal -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema.h index 4218c8fe..54e0d9fe 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema.h @@ -1,18 +1,18 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include #include -#include #include #include #include #include -#include // std::future #include // std::map #include // std::optional #include // std::string @@ -71,7 +71,7 @@ enum class IdentificationStrategy : std::uint8_t { /// })JSON"); /// /// std::optional id{sourcemeta::jsontoolkit::identify( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// assert(id.has_value()); /// assert(id.value() == "https://sourcemeta.com/example-schema"); /// ``` @@ -85,7 +85,7 @@ auto identify( const IdentificationStrategy strategy = IdentificationStrategy::Strict, const std::optional &default_dialect = std::nullopt, const std::optional &default_id = std::nullopt) - -> std::future>; + -> std::optional; /// @ingroup jsonschema /// @@ -118,7 +118,7 @@ auto identify(const JSON &schema, const std::string &base_dialect, /// "https://json-schema.org/draft/2020-12/schema"); /// /// std::optional id{sourcemeta::jsontoolkit::identify( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// assert(!id.has_value()); /// ``` SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT @@ -145,7 +145,7 @@ auto anonymize(JSON &schema, const std::string &base_dialect) -> void; /// sourcemeta::jsontoolkit::official_resolver); /// /// std::optional id{sourcemeta::jsontoolkit::identify( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// assert(id.has_value()); /// assert(id.value() == "https://example.com/my-new-id"); /// ``` @@ -239,7 +239,7 @@ auto metaschema( /// /// const std::optional base_dialect{ /// sourcemeta::jsontoolkit::base_dialect( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// /// assert(base_dialect.has_value()); /// assert(base_dialect.value() == @@ -248,7 +248,7 @@ auto metaschema( SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto base_dialect(const JSON &schema, const SchemaResolver &resolver, const std::optional &default_dialect = - std::nullopt) -> std::future>; + std::nullopt) -> std::optional; /// @ingroup jsonschema /// @@ -272,7 +272,7 @@ auto base_dialect(const JSON &schema, const SchemaResolver &resolver, /// /// const std::map vocabularies{ /// sourcemeta::jsontoolkit::vocabularies( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// /// assert(vocabularies.at("https://json-schema.org/draft/2020-12/vocab/core")); /// assert(vocabularies.at("https://json-schema.org/draft/2020-12/vocab/applicator")); @@ -285,7 +285,7 @@ auto base_dialect(const JSON &schema, const SchemaResolver &resolver, SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto vocabularies(const JSON &schema, const SchemaResolver &resolver, const std::optional &default_dialect = - std::nullopt) -> std::future>; + std::nullopt) -> std::map; /// @ingroup jsonschema /// @@ -294,7 +294,7 @@ auto vocabularies(const JSON &schema, const SchemaResolver &resolver, SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto vocabularies(const SchemaResolver &resolver, const std::string &base_dialect, const std::string &dialect) - -> std::future>; + -> std::map; /// @ingroup jsonschema /// diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_anchor.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_anchor.h index 5a0dcea9..a55d0c7c 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_anchor.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_anchor.h @@ -1,13 +1,14 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_ANCHOR_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_ANCHOR_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include #include // std::uint8_t -#include // std::promise, std::future #include // std::map #include // std::optional #include // std::string @@ -38,7 +39,7 @@ enum class AnchorType : std::uint8_t { Static, Dynamic, All }; /// })JSON"); /// /// const auto anchors{sourcemeta::jsontoolkit::anchors( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// assert(anchors.size() == 1); /// assert(anchors.contains("foo")); /// // This is a static anchor @@ -47,7 +48,7 @@ enum class AnchorType : std::uint8_t { Static, Dynamic, All }; SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto anchors(const JSON &schema, const SchemaResolver &resolver, const std::optional &default_dialect = std::nullopt) - -> std::future>; + -> std::map; /// @ingroup jsonschema /// diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_bundle.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_bundle.h index 97822e53..bacca953 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_bundle.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_bundle.h @@ -1,14 +1,15 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_BUNDLE_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_BUNDLE_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include #include #include // std::uint8_t -#include // std::future #include // std::optional, std::nullopt #include // std::string @@ -43,20 +44,16 @@ enum class BundleOptions : std::uint8_t { /// /// // A custom resolver that knows about an additional schema /// static auto test_resolver(std::string_view identifier) -/// -> std::future> { -/// std::promise> promise; +/// -> std::optional { /// if (identifier == "https://www.example.com/test") { -/// promise.set_value(sourcemeta::jsontoolkit::parse(R"JSON({ +/// return sourcemeta::jsontoolkit::parse(R"JSON({ /// "$id": "https://www.example.com/test", /// "$schema": "https://json-schema.org/draft/2020-12/schema", /// "type": "string" -/// })JSON")); +/// })JSON"); /// } else { -/// promise.set_value( -/// sourcemeta::jsontoolkit::official_resolver(identifier).get()); +/// return sourcemeta::jsontoolkit::official_resolver(identifier); /// } -/// -/// return promise.get_future(); /// } /// /// sourcemeta::jsontoolkit::JSON document = @@ -104,20 +101,16 @@ auto bundle(sourcemeta::jsontoolkit::JSON &schema, const SchemaWalker &walker, /// /// // A custom resolver that knows about an additional schema /// static auto test_resolver(std::string_view identifier) -/// -> std::future> { -/// std::promise> promise; +/// -> std::optional { /// if (identifier == "https://www.example.com/test") { -/// promise.set_value(sourcemeta::jsontoolkit::parse(R"JSON({ +/// return sourcemeta::jsontoolkit::parse(R"JSON({ /// "$id": "https://www.example.com/test", /// "$schema": "https://json-schema.org/draft/2020-12/schema", /// "type": "string" -/// })JSON")); +/// })JSON"); /// } else { -/// promise.set_value( -/// sourcemeta::jsontoolkit::official_resolver(identifier).get()); +/// return sourcemeta::jsontoolkit::official_resolver(identifier); /// } -/// -/// return promise.get_future(); /// } /// /// const sourcemeta::jsontoolkit::JSON document = diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_compile.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_compile.h deleted file mode 100644 index 3f7b3690..00000000 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_compile.h +++ /dev/null @@ -1,302 +0,0 @@ -#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_COMPILE_H_ -#define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_COMPILE_H_ - -#include "jsonschema_export.h" - -#include -#include -#include -#include - -#include -#include -#include - -#include // std::function -#include // std::map -#include // std::optional, std::nullopt -#include // std::set -#include // std::string -#include // std::vector - -/// @ingroup jsonschema -/// @defgroup jsonschema_compiler Compiler -/// @brief Compile a JSON Schema into a set of low-level instructions for fast -/// evaluation - -namespace sourcemeta::jsontoolkit { - -/// @ingroup jsonschema_compiler -/// The schema compiler context is the current subschema information you have at -/// your disposal to implement a keyword -struct SchemaCompilerSchemaContext { - /// The schema location relative to the base URI - const Pointer &relative_pointer; - /// The current subschema - const JSON &schema; - /// The schema vocabularies in use - const std::map &vocabularies; - /// The schema base URI - const URI &base; - /// The set of labels registered so far - std::set labels; - /// The set of references destinations traversed so far - std::set references; -}; - -/// @ingroup jsonschema_compiler -/// The dynamic compiler context is the read-write information you have at your -/// disposal to implement a keyword -struct SchemaCompilerDynamicContext { - /// The schema keyword - const std::string &keyword; - /// The schema base keyword path - const Pointer &base_schema_location; - /// The base instance location that the keyword must be evaluated to - const Pointer &base_instance_location; -}; - -#if !defined(DOXYGEN) -struct SchemaCompilerContext; -#endif - -/// @ingroup jsonschema_compiler -/// A compiler is represented as a function that maps a keyword compiler -/// contexts into a compiler template. You can provide your own to implement -/// your own keywords -using SchemaCompiler = std::function; - -/// @ingroup jsonschema_compiler -/// The static compiler context is the information you have at your -/// disposal to implement a keyword that will never change throughout -/// the compilation process -struct SchemaCompilerContext { - /// The root schema resource - const JSON &root; - /// The reference frame of the entire schema - const ReferenceFrame &frame; - /// The references of the entire schema - const ReferenceMap &references; - /// The schema walker in use - const SchemaWalker &walker; - /// The schema resolver in use - const SchemaResolver &resolver; - /// The schema compiler in use - const SchemaCompiler &compiler; - /// Whether the schema makes use of dynamic scoping - const bool uses_dynamic_scopes; -}; - -/// @ingroup jsonschema_compiler -/// -/// A simple evaluation callback that reports a stack trace in the case of -/// validation error that you can report as you with. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// const sourcemeta::jsontoolkit::JSON instance{5}; -/// -/// sourcemeta::jsontoolkit::SchemaCompilerErrorTraceOutput output; -/// const auto result{sourcemeta::jsontoolkit::evaluate( -/// schema_template, instance, -/// sourcemeta::jsontoolkit::SchemaCompilerEvaluationMode::Fast, -/// std::ref(output))}; -/// -/// if (!result) { -/// for (const auto &trace : output) { -/// std::cerr << trace.message << "\n"; -/// sourcemeta::jsontoolkit::stringify(trace.instance_location, std::cerr); -/// std::cerr << "\n"; -/// sourcemeta::jsontoolkit::stringify(trace.evaluate_path, std::cerr); -/// std::cerr << "\n"; -/// } -/// } -/// ``` -class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT SchemaCompilerErrorTraceOutput { -public: - SchemaCompilerErrorTraceOutput(const JSON &instance, - const WeakPointer &base = empty_weak_pointer); - - // Prevent accidental copies - SchemaCompilerErrorTraceOutput(const SchemaCompilerErrorTraceOutput &) = - delete; - auto operator=(const SchemaCompilerErrorTraceOutput &) - -> SchemaCompilerErrorTraceOutput & = delete; - - struct Entry { - const std::string message; - const WeakPointer instance_location; - const WeakPointer evaluate_path; - }; - - auto operator()(const SchemaCompilerEvaluationType type, const bool result, - const SchemaCompilerTemplate::value_type &step, - const WeakPointer &evaluate_path, - const WeakPointer &instance_location, const JSON &annotation) - -> void; - - using container_type = typename std::vector; - using const_iterator = typename container_type::const_iterator; - auto begin() const -> const_iterator; - auto end() const -> const_iterator; - auto cbegin() const -> const_iterator; - auto cend() const -> const_iterator; - -private: -// Exporting symbols that depends on the standard C++ library is considered -// safe. -// https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-2-c4275?view=msvc-170&redirectedfrom=MSDN -#if defined(_MSC_VER) -#pragma warning(disable : 4251) -#endif - const JSON &instance_; - const WeakPointer base_; - container_type output; - std::set mask; -#if defined(_MSC_VER) -#pragma warning(default : 4251) -#endif -}; - -/// @ingroup jsonschema_compiler -/// -/// This function translates a step execution into a human-readable string. -/// Useful as the building block for producing user-friendly evaluation results. -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT -describe(const bool valid, const SchemaCompilerTemplate::value_type &step, - const WeakPointer &evaluate_path, const WeakPointer &instance_location, - const JSON &instance, const JSON &annotation) -> std::string; - -/// @ingroup jsonschema_compiler -/// A default compiler that aims to implement every keyword for official JSON -/// Schema dialects. -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT default_schema_compiler( - const SchemaCompilerContext &, const SchemaCompilerSchemaContext &, - const SchemaCompilerDynamicContext &) -> SchemaCompilerTemplate; - -/// @ingroup jsonschema_compiler -/// -/// This function compiles an input JSON Schema into a template that can be -/// later evaluated. For example: -/// -/// ```cpp -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// // Evaluate or encode -/// ``` -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT -compile(const JSON &schema, const SchemaWalker &walker, - const SchemaResolver &resolver, const SchemaCompiler &compiler, - const std::optional &default_dialect = std::nullopt) - -> SchemaCompilerTemplate; - -/// @ingroup jsonschema_compiler -/// -/// This function compiles a single subschema into a compiler template as -/// determined by the given pointer. If a URI is given, the compiler will -/// attempt to jump to that corresponding frame entry. Otherwise, it will -/// navigate within the current keyword. This function is not meant to be used -/// directly, but instead as a building block for supporting applicators on -/// compiler functions. -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT -compile(const SchemaCompilerContext &context, - const SchemaCompilerSchemaContext &schema_context, - const SchemaCompilerDynamicContext &dynamic_context, - const Pointer &schema_suffix, - const Pointer &instance_suffix = empty_pointer, - const std::optional &uri = std::nullopt) - -> SchemaCompilerTemplate; - -/// @ingroup jsonschema_compiler -/// -/// This function converts a compiler template into JSON. Convenient for storing -/// it or sending it over the wire. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// const sourcemeta::jsontoolkit::JSON result{ -/// sourcemeta::jsontoolkit::to_json(schema_template)}; -/// -/// sourcemeta::jsontoolkit::prettify(result, std::cout); -/// std::cout << "\n"; -/// ``` -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT -to_json(const SchemaCompilerTemplate &steps) -> JSON; - -/// @ingroup jsonschema_compiler -/// -/// An opinionated key comparison for printing JSON Schema compiler templates -/// with sourcemeta::jsontoolkit::prettify or -/// sourcemeta::jsontoolkit::stringify. For example: -/// -/// ```cpp -/// #include -/// #include -/// #include -/// -/// const sourcemeta::jsontoolkit::JSON schema = -/// sourcemeta::jsontoolkit::parse(R"JSON({ -/// "$schema": "https://json-schema.org/draft/2020-12/schema", -/// "type": "string" -/// })JSON"); -/// -/// const auto schema_template{sourcemeta::jsontoolkit::compile( -/// schema, sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver, -/// sourcemeta::jsontoolkit::default_schema_compiler)}; -/// -/// const sourcemeta::jsontoolkit::JSON result{ -/// sourcemeta::jsontoolkit::to_json(schema_template)}; -/// -/// sourcemeta::jsontoolkit::prettify(result, std::cout, -/// compiler_template_format_compare); std::cout << "\n"; -/// ``` -auto SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT compiler_template_format_compare( - const JSON::String &left, const JSON::String &right) -> bool; - -} // namespace sourcemeta::jsontoolkit - -#endif diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_error.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_error.h index 0a368029..887563f5 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_error.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_error.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_ERROR_H #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_ERROR_H +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include @@ -100,33 +102,6 @@ class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT SchemaReferenceError std::string message_; }; -/// @ingroup jsonschema -/// An error that represents a schema compilation failure event -class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT SchemaCompilationError - : public std::exception { -public: - SchemaCompilationError(const URI &base, const Pointer &schema_location, - std::string message) - : base_{base}, schema_location_{schema_location}, - message_{std::move(message)} {} - [[nodiscard]] auto what() const noexcept -> const char * override { - return this->message_.c_str(); - } - - [[nodiscard]] auto base() const noexcept -> const URI & { - return this->base_; - } - - [[nodiscard]] auto location() const noexcept -> const Pointer & { - return this->schema_location_; - } - -private: - URI base_; - Pointer schema_location_; - std::string message_; -}; - #if defined(_MSC_VER) #pragma warning(default : 4251 4275) #endif diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_reference.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_reference.h index 9a42e68f..3f4ff6af 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_reference.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_reference.h @@ -1,14 +1,15 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_REFERENCE_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_REFERENCE_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include #include #include // std::uint8_t -#include // std::future #include // std::map #include // std::optional #include // std::string @@ -102,11 +103,9 @@ using ReferenceMap = /// /// sourcemeta::jsontoolkit::ReferenceFrame frame; /// sourcemeta::jsontoolkit::ReferenceMap references; -/// sourcemeta::jsontoolkit::frame(document, frame, -/// references, +/// sourcemeta::jsontoolkit::frame(document, frame, references, /// sourcemeta::jsontoolkit::default_schema_walker, -/// sourcemeta::jsontoolkit::official_resolver) -/// .wait(); +/// sourcemeta::jsontoolkit::official_resolver); /// /// // IDs /// assert(frame.contains({sourcemeta::jsontoolkit::ReferenceType::Static, @@ -159,8 +158,7 @@ SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto frame(const JSON &schema, ReferenceFrame &frame, ReferenceMap &references, const SchemaWalker &walker, const SchemaResolver &resolver, const std::optional &default_dialect = std::nullopt, - const std::optional &default_id = std::nullopt) - -> std::future; + const std::optional &default_id = std::nullopt) -> void; } // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_resolver.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_resolver.h index 8715fbd7..d1cb51d8 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_resolver.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_resolver.h @@ -1,12 +1,13 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_RESOLVER_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_RESOLVER_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include // std::function -#include // std::future #include // std::map #include // std::optional #include // std::string_view @@ -28,14 +29,13 @@ namespace sourcemeta::jsontoolkit { /// requests, or anything your application might require. Unless your resolver /// is trivial, it is recommended to create a callable object that implements /// the function interface. -using SchemaResolver = - std::function>(std::string_view)>; +using SchemaResolver = std::function(std::string_view)>; /// @ingroup jsonschema /// A default resolver that relies on built-in official schemas. SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT auto official_resolver(std::string_view identifier) - -> std::future>; + -> std::optional; /// @ingroup jsonschema /// This is a convenient helper for constructing schema resolvers at runtime. @@ -60,7 +60,7 @@ auto official_resolver(std::string_view identifier) /// // (2) Register a schema /// resolver.add(schema); /// -/// assert(resolver("https://www.example.com").get().has_value()); +/// assert(resolver("https://www.example.com").has_value()); /// ``` class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT MapSchemaResolver { public: @@ -78,8 +78,7 @@ class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT MapSchemaResolver { const std::optional &default_id = std::nullopt) -> void; /// Attempt to resolve a schema - auto operator()(std::string_view identifier) const - -> std::future>; + auto operator()(std::string_view identifier) const -> std::optional; private: // Exporting symbols that depends on the standard C++ library is considered diff --git a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_walker.h b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_walker.h index de8e77b8..625a7f82 100644 --- a/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_walker.h +++ b/vendor/jsontoolkit/src/jsonschema/include/sourcemeta/jsontoolkit/jsonschema_walker.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_WALKER_H_ #define SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_WALKER_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT #include "jsonschema_export.h" +#endif #include #include @@ -262,7 +264,7 @@ class SOURCEMETA_JSONTOOLKIT_JSONSCHEMA_EXPORT SchemaIteratorFlat { /// /// const auto vocabularies{ /// sourcemeta::jsontoolkit::vocabularies( -/// document, sourcemeta::jsontoolkit::official_resolver).get()}; +/// document, sourcemeta::jsontoolkit::official_resolver)}; /// /// assert(sourcemeta::jsontoolkit::keyword_priority( /// "prefixItems", vocabularies, diff --git a/vendor/jsontoolkit/src/jsonschema/jsonschema.cc b/vendor/jsontoolkit/src/jsonschema/jsonschema.cc index 0d1c3d9b..ab18f167 100644 --- a/vendor/jsontoolkit/src/jsonschema/jsonschema.cc +++ b/vendor/jsontoolkit/src/jsonschema/jsonschema.cc @@ -4,7 +4,6 @@ #include // assert #include // std::uint64_t #include // std::less -#include // std::future #include // std::numeric_limits #include // std::ostringstream #include // std::remove_reference_t @@ -62,57 +61,43 @@ auto sourcemeta::jsontoolkit::identify( const IdentificationStrategy strategy, const std::optional &default_dialect, const std::optional &default_id) - -> std::future> { + -> std::optional { std::optional maybe_base_dialect; // TODO: Can we avoid a C++ exception as the potential normal way of // operation? try { - maybe_base_dialect = - sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect) - .get(); + maybe_base_dialect = sourcemeta::jsontoolkit::base_dialect(schema, resolver, + default_dialect); } catch (const SchemaResolutionError &) { // Attempt to play a heuristic guessing game before giving up if (strategy == IdentificationStrategy::Loose && schema.is_object()) { const auto keyword{id_keyword_guess(schema)}; - std::promise> promise; - if (keyword.has_value()) { - promise.set_value(schema.at(keyword.value()).to_string()); + return schema.at(keyword.value()).to_string(); } else { - promise.set_value(std::nullopt); + return std::nullopt; } - - return promise.get_future(); } throw; } if (!maybe_base_dialect.has_value()) { - // Attempt to play a heuristic guessing game before giving up if (strategy == IdentificationStrategy::Loose && schema.is_object()) { const auto keyword{id_keyword_guess(schema)}; - std::promise> promise; - if (keyword.has_value()) { - promise.set_value(schema.at(keyword.value()).to_string()); + return schema.at(keyword.value()).to_string(); } else { - promise.set_value(std::nullopt); + return std::nullopt; } - - return promise.get_future(); } - std::promise> promise; - promise.set_value(default_id); - return promise.get_future(); + return default_id; } - std::promise> promise; - promise.set_value(identify(schema, maybe_base_dialect.value(), default_id)); - return promise.get_future(); + return identify(schema, maybe_base_dialect.value(), default_id); } auto sourcemeta::jsontoolkit::identify( @@ -168,8 +153,7 @@ auto sourcemeta::jsontoolkit::reidentify( const SchemaResolver &resolver, const std::optional &default_dialect) -> void { const auto base_dialect{ - sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect) - .get()}; + sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect)}; if (!base_dialect.has_value()) { throw sourcemeta::jsontoolkit::SchemaError("Cannot determine base dialect"); } @@ -212,7 +196,7 @@ auto sourcemeta::jsontoolkit::metaschema( "Could not determine dialect of the schema"); } - const auto maybe_metaschema{resolver(maybe_dialect.value()).get()}; + const auto maybe_metaschema{resolver(maybe_dialect.value())}; if (!maybe_metaschema.has_value()) { throw sourcemeta::jsontoolkit::SchemaResolutionError( maybe_dialect.value(), @@ -226,7 +210,7 @@ auto sourcemeta::jsontoolkit::base_dialect( const sourcemeta::jsontoolkit::JSON &schema, const sourcemeta::jsontoolkit::SchemaResolver &resolver, const std::optional &default_dialect) - -> std::future> { + -> std::optional { assert(sourcemeta::jsontoolkit::is_schema(schema)); const std::optional dialect{ sourcemeta::jsontoolkit::dialect(schema, default_dialect)}; @@ -234,9 +218,7 @@ auto sourcemeta::jsontoolkit::base_dialect( // There is no metaschema information whatsoever // Nothing we can do at this point if (!dialect.has_value()) { - std::promise> promise; - promise.set_value(std::nullopt); - return promise.get_future(); + return std::nullopt; } const std::string &effective_dialect{dialect.value()}; @@ -246,9 +228,7 @@ auto sourcemeta::jsontoolkit::base_dialect( effective_dialect == "https://json-schema.org/draft/2019-09/schema" || effective_dialect == "http://json-schema.org/draft-07/schema#" || effective_dialect == "http://json-schema.org/draft-06/schema#") { - std::promise> promise; - promise.set_value(effective_dialect); - return promise.get_future(); + return effective_dialect; } // For compatibility with older JSON Schema drafts that didn't support $id nor @@ -266,9 +246,7 @@ auto sourcemeta::jsontoolkit::base_dialect( effective_dialect == "http://json-schema.org/draft-03/schema#" || effective_dialect == "http://json-schema.org/draft-04/hyper-schema#" || effective_dialect == "http://json-schema.org/draft-04/schema#") { - std::promise> promise; - promise.set_value(effective_dialect); - return promise.get_future(); + return effective_dialect; } // If we reach the bottom of the metaschema hierarchy, where the schema @@ -276,15 +254,13 @@ auto sourcemeta::jsontoolkit::base_dialect( if (schema.is_object() && schema.defines("$id")) { assert(schema.at("$id").is_string()); if (schema.at("$id").to_string() == effective_dialect) { - std::promise> promise; - promise.set_value(schema.at("$id").to_string()); - return promise.get_future(); + return schema.at("$id").to_string(); } } // Otherwise, traverse the metaschema hierarchy up const std::optional metaschema{ - resolver(effective_dialect).get()}; + resolver(effective_dialect)}; if (!metaschema.has_value()) { throw sourcemeta::jsontoolkit::SchemaResolutionError( effective_dialect, "Could not resolve the requested schema"); @@ -314,10 +290,9 @@ auto sourcemeta::jsontoolkit::vocabularies( const sourcemeta::jsontoolkit::JSON &schema, const sourcemeta::jsontoolkit::SchemaResolver &resolver, const std::optional &default_dialect) - -> std::future> { + -> std::map { const std::optional maybe_base_dialect{ - sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect) - .get()}; + sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect)}; if (!maybe_base_dialect.has_value()) { throw sourcemeta::jsontoolkit::SchemaError( "Could not determine base dialect for schema"); @@ -340,33 +315,25 @@ auto sourcemeta::jsontoolkit::vocabularies( auto sourcemeta::jsontoolkit::vocabularies(const SchemaResolver &resolver, const std::string &base_dialect, const std::string &dialect) - -> std::future> { + -> std::map { // As a performance optimization shortcut if (base_dialect == dialect) { if (dialect == "https://json-schema.org/draft/2020-12/schema") { - std::promise> promise; - promise.set_value( - {{"https://json-schema.org/draft/2020-12/vocab/core", true}, - {"https://json-schema.org/draft/2020-12/vocab/applicator", true}, - {"https://json-schema.org/draft/2020-12/vocab/unevaluated", true}, - {"https://json-schema.org/draft/2020-12/vocab/validation", true}, - {"https://json-schema.org/draft/2020-12/vocab/meta-data", true}, - {"https://json-schema.org/draft/2020-12/vocab/format-annotation", - true}, - {"https://json-schema.org/draft/2020-12/vocab/content", true}}); - - return promise.get_future(); + return {{"https://json-schema.org/draft/2020-12/vocab/core", true}, + {"https://json-schema.org/draft/2020-12/vocab/applicator", true}, + {"https://json-schema.org/draft/2020-12/vocab/unevaluated", true}, + {"https://json-schema.org/draft/2020-12/vocab/validation", true}, + {"https://json-schema.org/draft/2020-12/vocab/meta-data", true}, + {"https://json-schema.org/draft/2020-12/vocab/format-annotation", + true}, + {"https://json-schema.org/draft/2020-12/vocab/content", true}}; } else if (dialect == "https://json-schema.org/draft/2019-09/schema") { - std::promise> promise; - promise.set_value( - {{"https://json-schema.org/draft/2019-09/vocab/core", true}, - {"https://json-schema.org/draft/2019-09/vocab/applicator", true}, - {"https://json-schema.org/draft/2019-09/vocab/validation", true}, - {"https://json-schema.org/draft/2019-09/vocab/meta-data", true}, - {"https://json-schema.org/draft/2019-09/vocab/format", false}, - {"https://json-schema.org/draft/2019-09/vocab/content", true}}); - - return promise.get_future(); + return {{"https://json-schema.org/draft/2019-09/vocab/core", true}, + {"https://json-schema.org/draft/2019-09/vocab/applicator", true}, + {"https://json-schema.org/draft/2019-09/vocab/validation", true}, + {"https://json-schema.org/draft/2019-09/vocab/meta-data", true}, + {"https://json-schema.org/draft/2019-09/vocab/format", false}, + {"https://json-schema.org/draft/2019-09/vocab/content", true}}; } } @@ -387,9 +354,7 @@ auto sourcemeta::jsontoolkit::vocabularies(const SchemaResolver &resolver, base_dialect == "http://json-schema.org/draft-02/hyper-schema#" || base_dialect == "http://json-schema.org/draft-01/hyper-schema#" || base_dialect == "http://json-schema.org/draft-00/hyper-schema#") { - std::promise> promise; - promise.set_value({{base_dialect, true}}); - return promise.get_future(); + return {{base_dialect, true}}; } /* @@ -397,7 +362,7 @@ auto sourcemeta::jsontoolkit::vocabularies(const SchemaResolver &resolver, */ const std::optional maybe_schema_dialect{ - resolver(dialect).get()}; + resolver(dialect)}; if (!maybe_schema_dialect.has_value()) { throw sourcemeta::jsontoolkit::SchemaResolutionError( dialect, "Could not resolve the requested schema"); @@ -438,9 +403,7 @@ auto sourcemeta::jsontoolkit::vocabularies(const SchemaResolver &resolver, "The core vocabulary must always be required"); } - std::promise> promise; - promise.set_value(std::move(result)); - return promise.get_future(); + return result; } auto sourcemeta::jsontoolkit::schema_format_compare( diff --git a/vendor/jsontoolkit/src/jsonschema/official_resolver.in.cc b/vendor/jsontoolkit/src/jsonschema/official_resolver.in.cc index e138dcf9..6a14d0cd 100644 --- a/vendor/jsontoolkit/src/jsonschema/official_resolver.in.cc +++ b/vendor/jsontoolkit/src/jsonschema/official_resolver.in.cc @@ -1,229 +1,218 @@ #include auto sourcemeta::jsontoolkit::official_resolver(std::string_view identifier) - -> std::future> { - std::promise> promise; - + -> std::optional { // JSON Schema 2020-12 if (identifier == "https://json-schema.org/draft/2020-12/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_2020_12@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_2020_12@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/applicator") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_APPLICATOR@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_APPLICATOR@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/content") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_CONTENT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_CONTENT@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/core") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_CORE@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_CORE@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/format-annotation") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_FORMAT_ANNOTATION@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_FORMAT_ANNOTATION@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/format-assertion") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_FORMAT_ASSERTION@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_FORMAT_ASSERTION@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_HYPER_SCHEMA@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_HYPER_SCHEMA@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/meta-data") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_META_DATA@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_META_DATA@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/unevaluated") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_UNEVALUATED@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_UNEVALUATED@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/meta/validation") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_VALIDATION@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_VALIDATION@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_2020_12@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_LINKS_2020_12@)EOF"); } else if (identifier == "https://json-schema.org/draft/2020-12/output/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_OUTPUT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2020_12_OUTPUT@)EOF"); // JSON Schema 2019-09 } else if (identifier == "https://json-schema.org/draft/2019-09/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_2019_09@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_2019_09@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/applicator") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_APPLICATOR@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_APPLICATOR@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/content") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_CONTENT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_CONTENT@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/core") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_CORE@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_CORE@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/format") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_FORMAT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_FORMAT@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_HYPER_SCHEMA@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_HYPER_SCHEMA@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/meta-data") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_META_DATA@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_META_DATA@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/meta/validation") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_VALIDATION@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_VALIDATION@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_2019_09@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_LINKS_2019_09@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/output/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_OUTPUT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_2019_09_OUTPUT@)EOF"); } else if (identifier == "https://json-schema.org/draft/2019-09/output/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_2019_09_OUTPUT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_2019_09_OUTPUT@)EOF"); // JSON Schema Draft7 } else if (identifier == "http://json-schema.org/draft-07/schema#" || identifier == "http://json-schema.org/draft-07/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT7@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT7@)EOF"); } else if (identifier == "http://json-schema.org/draft-07/hyper-schema#" || identifier == "http://json-schema.org/draft-07/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT7@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT7@)EOF"); } else if (identifier == "http://json-schema.org/draft-07/links#" || identifier == "http://json-schema.org/draft-07/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT7@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT7@)EOF"); } else if (identifier == "http://json-schema.org/draft-07/hyper-schema-output") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT7_OUTPUT@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT7_OUTPUT@)EOF"); // JSON Schema Draft6 } else if (identifier == "http://json-schema.org/draft-06/schema#" || identifier == "http://json-schema.org/draft-06/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT6@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT6@)EOF"); } else if (identifier == "http://json-schema.org/draft-06/hyper-schema#" || identifier == "http://json-schema.org/draft-06/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT6@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT6@)EOF"); } else if (identifier == "http://json-schema.org/draft-06/links#" || identifier == "http://json-schema.org/draft-06/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT6@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT6@)EOF"); // JSON Schema Draft4 } else if (identifier == "http://json-schema.org/draft-04/schema#" || identifier == "http://json-schema.org/draft-04/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT4@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT4@)EOF"); } else if (identifier == "http://json-schema.org/draft-04/hyper-schema#" || identifier == "http://json-schema.org/draft-04/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT4@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT4@)EOF"); } else if (identifier == "http://json-schema.org/draft-04/links#" || identifier == "http://json-schema.org/draft-04/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT4@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT4@)EOF"); // JSON Schema Draft3 } else if (identifier == "http://json-schema.org/draft-03/schema#" || identifier == "http://json-schema.org/draft-03/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT3@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT3@)EOF"); } else if (identifier == "http://json-schema.org/draft-03/hyper-schema#" || identifier == "http://json-schema.org/draft-03/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT3@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT3@)EOF"); } else if (identifier == "http://json-schema.org/draft-03/links#" || identifier == "http://json-schema.org/draft-03/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT3@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT3@)EOF"); } else if (identifier == "http://json-schema.org/draft-03/json-ref#" || identifier == "http://json-schema.org/draft-03/json-ref") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSON_REF_DRAFT3@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSON_REF_DRAFT3@)EOF"); // JSON Schema Draft2 } else if (identifier == "http://json-schema.org/draft-02/schema#" || identifier == "http://json-schema.org/draft-02/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT2@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT2@)EOF"); } else if (identifier == "http://json-schema.org/draft-02/hyper-schema#" || identifier == "http://json-schema.org/draft-02/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT2@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT2@)EOF"); } else if (identifier == "http://json-schema.org/draft-02/links#" || identifier == "http://json-schema.org/draft-02/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT2@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT2@)EOF"); } else if (identifier == "http://json-schema.org/draft-02/json-ref#" || identifier == "http://json-schema.org/draft-02/json-ref") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSON_REF_DRAFT2@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSON_REF_DRAFT2@)EOF"); // JSON Schema Draft1 } else if (identifier == "http://json-schema.org/draft-01/schema#" || identifier == "http://json-schema.org/draft-01/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT1@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT1@)EOF"); } else if (identifier == "http://json-schema.org/draft-01/hyper-schema#" || identifier == "http://json-schema.org/draft-01/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT1@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT1@)EOF"); } else if (identifier == "http://json-schema.org/draft-01/links#" || identifier == "http://json-schema.org/draft-01/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT1@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT1@)EOF"); } else if (identifier == "http://json-schema.org/draft-01/json-ref#" || identifier == "http://json-schema.org/draft-01/json-ref") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSON_REF_DRAFT1@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSON_REF_DRAFT1@)EOF"); // JSON Schema Draft0 } else if (identifier == "http://json-schema.org/draft-00/schema#" || identifier == "http://json-schema.org/draft-00/schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT0@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSONSCHEMA_DRAFT0@)EOF"); } else if (identifier == "http://json-schema.org/draft-00/hyper-schema#" || identifier == "http://json-schema.org/draft-00/hyper-schema") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT0@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_HYPERSCHEMA_DRAFT0@)EOF"); } else if (identifier == "http://json-schema.org/draft-00/links#" || identifier == "http://json-schema.org/draft-00/links") { - promise.set_value( - sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT0@)EOF")); + return sourcemeta::jsontoolkit::parse(R"EOF(@METASCHEMA_LINKS_DRAFT0@)EOF"); } else if (identifier == "http://json-schema.org/draft-00/json-ref#" || identifier == "http://json-schema.org/draft-00/json-ref") { - promise.set_value(sourcemeta::jsontoolkit::parse( - R"EOF(@METASCHEMA_JSON_REF_DRAFT0@)EOF")); + return sourcemeta::jsontoolkit::parse( + R"EOF(@METASCHEMA_JSON_REF_DRAFT0@)EOF"); // Otherwise } else { - promise.set_value(std::nullopt); + return std::nullopt; } - - return promise.get_future(); } diff --git a/vendor/jsontoolkit/src/jsonschema/reference.cc b/vendor/jsontoolkit/src/jsonschema/reference.cc index 303ded4f..b455e5e7 100644 --- a/vendor/jsontoolkit/src/jsonschema/reference.cc +++ b/vendor/jsontoolkit/src/jsonschema/reference.cc @@ -130,7 +130,7 @@ auto sourcemeta::jsontoolkit::frame( const sourcemeta::jsontoolkit::SchemaWalker &walker, const sourcemeta::jsontoolkit::SchemaResolver &resolver, const std::optional &default_dialect, - const std::optional &default_id) -> std::future { + const std::optional &default_id) -> void { std::vector subschema_entries; std::map> base_uris; @@ -138,8 +138,7 @@ auto sourcemeta::jsontoolkit::frame( base_dialects; const std::optional root_base_dialect{ - sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect) - .get()}; + sourcemeta::jsontoolkit::base_dialect(schema, resolver, default_dialect)}; assert(root_base_dialect.has_value()); const std::optional root_id{sourcemeta::jsontoolkit::identify( @@ -463,6 +462,4 @@ auto sourcemeta::jsontoolkit::frame( } } } - - return std::promise{}.get_future(); } diff --git a/vendor/jsontoolkit/src/jsonschema/resolver.cc b/vendor/jsontoolkit/src/jsonschema/resolver.cc index 4622ba2f..f8f4bcb3 100644 --- a/vendor/jsontoolkit/src/jsonschema/resolver.cc +++ b/vendor/jsontoolkit/src/jsonschema/resolver.cc @@ -22,8 +22,7 @@ auto MapSchemaResolver::add(const JSON &schema, ReferenceFrame entries; ReferenceMap references; frame(schema, entries, references, default_schema_walker, *this, - default_dialect, default_id) - .wait(); + default_dialect, default_id); for (const auto &[key, entry] : entries) { if (entry.type != ReferenceEntryType::Resource) { @@ -33,11 +32,10 @@ auto MapSchemaResolver::add(const JSON &schema, auto subschema{get(schema, entry.pointer)}; // TODO: Set the base dialect in the frame entries const auto subschema_base_dialect{ - base_dialect(subschema, *this, entry.dialect).get()}; + base_dialect(subschema, *this, entry.dialect)}; assert(subschema_base_dialect.has_value()); const auto subschema_vocabularies{ - vocabularies(*this, subschema_base_dialect.value(), entry.dialect) - .get()}; + vocabularies(*this, subschema_base_dialect.value(), entry.dialect)}; // Given we might be resolving embedded resources, we fully // resolve their dialect and identifiers, otherwise the @@ -69,21 +67,17 @@ auto MapSchemaResolver::add(const JSON &schema, } auto MapSchemaResolver::operator()(std::string_view identifier) const - -> std::future> { + -> std::optional { const std::string string_identifier{identifier}; if (this->schemas.contains(string_identifier)) { - std::promise> promise; - promise.set_value(this->schemas.at(string_identifier)); - return promise.get_future(); + return this->schemas.at(string_identifier); } if (this->default_resolver) { return this->default_resolver(identifier); } - std::promise> promise; - promise.set_value(std::nullopt); - return promise.get_future(); + return std::nullopt; } } // namespace sourcemeta::jsontoolkit diff --git a/vendor/jsontoolkit/src/jsonschema/walker.cc b/vendor/jsontoolkit/src/jsonschema/walker.cc index 23856cfd..c3ff20cd 100644 --- a/vendor/jsontoolkit/src/jsonschema/walker.cc +++ b/vendor/jsontoolkit/src/jsonschema/walker.cc @@ -2,10 +2,9 @@ #include #include -#include // std::max +#include // std::max, std::sort #include // assert #include // std::accumulate -#include // std::ranges::sort auto sourcemeta::jsontoolkit::keyword_priority( std::string_view keyword, const std::map &vocabularies, @@ -44,13 +43,11 @@ auto walk(sourcemeta::jsontoolkit::Pointer &pointer, const std::string &new_dialect{current_dialect.value()}; const std::optional base_dialect{ - sourcemeta::jsontoolkit::base_dialect(subschema, resolver, new_dialect) - .get()}; + sourcemeta::jsontoolkit::base_dialect(subschema, resolver, new_dialect)}; assert(base_dialect.has_value()); const std::map vocabularies{ sourcemeta::jsontoolkit::vocabularies(resolver, base_dialect.value(), - new_dialect) - .get()}; + new_dialect)}; if (type == SchemaWalkerType_t::Deep || level > 0) { subschemas.push_back( @@ -193,13 +190,12 @@ sourcemeta::jsontoolkit::SchemaKeywordIterator::SchemaKeywordIterator( const std::optional dialect{ sourcemeta::jsontoolkit::dialect(schema, default_dialect)}; const std::optional base_dialect{ - sourcemeta::jsontoolkit::base_dialect(schema, resolver, dialect).get()}; + sourcemeta::jsontoolkit::base_dialect(schema, resolver, dialect)}; std::map vocabularies; if (base_dialect.has_value() && dialect.has_value()) { vocabularies.merge(sourcemeta::jsontoolkit::vocabularies( - resolver, base_dialect.value(), dialect.value()) - .get()); + resolver, base_dialect.value(), dialect.value())); } for (const auto &[key, value] : schema.as_object()) { @@ -208,8 +204,8 @@ sourcemeta::jsontoolkit::SchemaKeywordIterator::SchemaKeywordIterator( } // Sort keywords based on priority for correct evaluation - std::ranges::sort( - this->entries, + std::sort( + this->entries.begin(), this->entries.end(), [&vocabularies, &walker](const auto &left, const auto &right) -> bool { // These cannot be empty or indexes, as we created // the entries array from a JSON object diff --git a/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri.h b/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri.h index 8c5ef1d4..b9ee2d4c 100644 --- a/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri.h +++ b/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_URI_H_ #define SOURCEMETA_JSONTOOLKIT_URI_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_URI_EXPORT #include "uri_export.h" +#endif #include diff --git a/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri_error.h b/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri_error.h index 110bf799..8062f450 100644 --- a/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri_error.h +++ b/vendor/jsontoolkit/src/uri/include/sourcemeta/jsontoolkit/uri_error.h @@ -1,7 +1,9 @@ #ifndef SOURCEMETA_JSONTOOLKIT_URI_ERROR_H_ #define SOURCEMETA_JSONTOOLKIT_URI_ERROR_H_ +#ifndef SOURCEMETA_JSONTOOLKIT_URI_EXPORT #include "uri_export.h" +#endif #include // std::uint64_t #include // std::exception diff --git a/vendor/jsontoolkit/vendor/jsonschema-test-suite.mask b/vendor/jsontoolkit/vendor/jsonschema-test-suite.mask deleted file mode 100644 index 5d301d48..00000000 --- a/vendor/jsontoolkit/vendor/jsonschema-test-suite.mask +++ /dev/null @@ -1,18 +0,0 @@ -bin -output-tests -.editorconfig -CONTRIBUTING.md -output-test-schema.json -package.json -README.md -test-schema.json -tox.ini -tests/latest -tests/draft-next -tests/draft3 -remotes/draft-next -remotes/locationIndependentIdentifier.json -remotes/name-defs.json -remotes/ref-and-defs.json -remotes/tree.json -remotes/extendible-dynamic-ref.json diff --git a/vendor/jsontoolkit/vendor/noa/cmake/noa/compiler/options.cmake b/vendor/jsontoolkit/vendor/noa/cmake/noa/compiler/options.cmake index a368c0f6..dde90f21 100644 --- a/vendor/jsontoolkit/vendor/noa/cmake/noa/compiler/options.cmake +++ b/vendor/jsontoolkit/vendor/noa/cmake/noa/compiler/options.cmake @@ -85,6 +85,8 @@ function(noa_add_default_options visibility target) -fno-trapping-math # Newer versions of GCC (i.e. 14) seem to print a lot of false-positives here -Wno-dangling-reference + # GCC seems to print a lot of false-positives here + -Wno-free-nonheap-object # Disables runtime type information -fno-rtti) endif() diff --git a/vendor/jsontoolkit/vendor/noa/cmake/noa/library.cmake b/vendor/jsontoolkit/vendor/noa/cmake/noa/library.cmake index 05d57748..9868714d 100644 --- a/vendor/jsontoolkit/vendor/noa/cmake/noa/library.cmake +++ b/vendor/jsontoolkit/vendor/noa/cmake/noa/library.cmake @@ -1,6 +1,6 @@ function(noa_library) cmake_parse_arguments(NOA_LIBRARY "" - "NAMESPACE;PROJECT;NAME;FOLDER" "PRIVATE_HEADERS;SOURCES" ${ARGN}) + "NAMESPACE;PROJECT;NAME;FOLDER;VARIANT" "PRIVATE_HEADERS;SOURCES" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -18,7 +18,11 @@ function(noa_library) set(INCLUDE_PREFIX "include/${NOA_LIBRARY_PROJECT}") endif() - set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + if(NOT NOA_LIBRARY_VARIANT) + set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + else() + set(PUBLIC_HEADER "../${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + endif() if(NOA_LIBRARY_SOURCES) set(ABSOLUTE_PRIVATE_HEADERS "${CMAKE_CURRENT_BINARY_DIR}/${NOA_LIBRARY_NAME}_export.h") @@ -38,6 +42,11 @@ function(noa_library) set(ALIAS_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + set(ALIAS_NAME "${ALIAS_NAME}::${NOA_LIBRARY_VARIANT}") + endif() + if(NOA_LIBRARY_SOURCES) add_library(${TARGET_NAME} ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS} ${NOA_LIBRARY_SOURCES}) @@ -50,23 +59,34 @@ function(noa_library) add_library(${ALIAS_NAME} ALIAS ${TARGET_NAME}) + if(NOT NOA_LIBRARY_VARIANT) + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/include") + else() + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/../include") + endif() if(NOA_LIBRARY_SOURCES) target_include_directories(${TARGET_NAME} PUBLIC - "$" + "$" "$") else() target_include_directories(${TARGET_NAME} INTERFACE - "$" + "$" "$") endif() if(NOA_LIBRARY_SOURCES) + if(NOA_LIBRARY_VARIANT) + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}::${NOA_LIBRARY_VARIANT}") + else() + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") + endif() + set_target_properties(${TARGET_NAME} PROPERTIES OUTPUT_NAME ${TARGET_NAME} PUBLIC_HEADER "${PUBLIC_HEADER}" PRIVATE_HEADER "${ABSOLUTE_PRIVATE_HEADERS}" - EXPORT_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}" + EXPORT_NAME "${export_name}" FOLDER "${NOA_LIBRARY_FOLDER}") else() set_target_properties(${TARGET_NAME} @@ -93,7 +113,7 @@ function(noa_library) endfunction() function(noa_library_install) - cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME" "" ${ARGN}) + cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME;VARIANT" "" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -114,6 +134,10 @@ function(noa_library_install) set(NAMESPACE_PREFIX "") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + endif() + include(GNUInstallDirs) install(TARGETS ${TARGET_NAME} EXPORT ${TARGET_NAME} diff --git a/vendor/jsontoolkit/vendor/uriparser/CMakeLists.txt b/vendor/jsontoolkit/vendor/uriparser/CMakeLists.txt deleted file mode 100644 index 77f8adaa..00000000 --- a/vendor/jsontoolkit/vendor/uriparser/CMakeLists.txt +++ /dev/null @@ -1,505 +0,0 @@ -# uriparser - RFC 3986 URI parsing library -# -# Copyright (C) 2018, Sebastian Pipping -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of -# its contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# -cmake_minimum_required(VERSION 3.5.0) - -project(uriparser - VERSION - 0.9.8 - LANGUAGES - C -) - -# See https://verbump.de/ for what these numbers do -set(URIPARSER_SO_CURRENT 1) -set(URIPARSER_SO_REVISION 31) -set(URIPARSER_SO_AGE 0) - -include(CheckCCompilerFlag) -include(CheckFunctionExists) -include(CheckLibraryExists) -include(CheckSymbolExists) -include(CMakePackageConfigHelpers) -include(GNUInstallDirs) - -# -# Configuration -# -if(DEFINED BUILD_SHARED_LIBS) - set(_URIPARSER_SHARED_LIBS_DEFAULT ${BUILD_SHARED_LIBS}) -else() - set(_URIPARSER_SHARED_LIBS_DEFAULT ON) -endif() -option(URIPARSER_SHARED_LIBS "Build shared libraries (rather than static ones)" ${_URIPARSER_SHARED_LIBS_DEFAULT}) -option(URIPARSER_BUILD_DOCS "Build API documentation (requires Doxygen, Graphviz, and (optional) Qt's qhelpgenerator)" ON) -option(URIPARSER_BUILD_TESTS "Build test suite (requires GTest >=1.8.0)" ON) -option(URIPARSER_BUILD_TOOLS "Build tools (e.g. CLI \"uriparse\")" ON) -option(URIPARSER_BUILD_CHAR "Build code supporting data type 'char'" ON) -option(URIPARSER_BUILD_WCHAR_T "Build code supporting data type 'wchar_t'" ON) -option(URIPARSER_ENABLE_INSTALL "Enable installation of uriparser" ON) -option(URIPARSER_WARNINGS_AS_ERRORS "Treat all compiler warnings as errors" OFF) -set(URIPARSER_MSVC_RUNTIME "" CACHE STRING "Use of specific runtime library (/MT /MTd /MD /MDd) with MSVC") - -if(NOT URIPARSER_BUILD_CHAR AND NOT URIPARSER_BUILD_WCHAR_T) - message(SEND_ERROR "One or more of URIPARSER_BUILD_CHAR and URIPARSER_BUILD_WCHAR_T needs to be enabled.") -endif() -if(URIPARSER_BUILD_TESTS AND NOT (URIPARSER_BUILD_CHAR AND URIPARSER_BUILD_WCHAR_T)) - message(SEND_ERROR "URIPARSER_BUILD_TESTS=ON requires both URIPARSER_BUILD_CHAR=ON and URIPARSER_BUILD_WCHAR_T=ON.") -endif() -if(URIPARSER_BUILD_TOOLS AND NOT URIPARSER_BUILD_CHAR) - message(SEND_ERROR "URIPARSER_BUILD_TOOLS=ON requires URIPARSER_BUILD_CHAR=ON.") -endif() - -if(URIPARSER_BUILD_TESTS) - # We have to call enable_language() before modifying any CMAKE_CXX_* variables - enable_language(CXX) -endif() - -if(URIPARSER_SHARED_LIBS) - set(_URIPARSER_STATIC_OR_SHARED SHARED) -else() - set(_URIPARSER_STATIC_OR_SHARED STATIC) -endif() - -macro(uriparser_apply_msvc_runtime_to ref) - string(REGEX REPLACE "/M[DT]d?" ${URIPARSER_MSVC_RUNTIME} ${ref} "${${ref}}") -endmacro() - -if(MSVC AND URIPARSER_MSVC_RUNTIME) - uriparser_apply_msvc_runtime_to(CMAKE_C_FLAGS) - uriparser_apply_msvc_runtime_to(CMAKE_C_FLAGS_DEBUG) - uriparser_apply_msvc_runtime_to(CMAKE_C_FLAGS_RELEASE) -endif() - -macro(uriparser_install) - if(URIPARSER_ENABLE_INSTALL) - install(${ARGN}) - endif() -endmacro() - -# -# Compiler checks -# -set(URIPARSER_EXTRA_COMPILE_FLAGS) - -check_c_compiler_flag("-fvisibility=hidden" URIPARSER_COMPILER_SUPPORTS_VISIBILITY) -if(URIPARSER_COMPILER_SUPPORTS_VISIBILITY) - set(URIPARSER_EXTRA_COMPILE_FLAGS "${URIPARSER_EXTRA_COMPILE_FLAGS} -fvisibility=hidden") -endif() - -# -# UriConfig.h -# -check_symbol_exists(wprintf wchar.h HAVE_WPRINTF) -check_function_exists(reallocarray HAVE_REALLOCARRAY) # no luck with CheckSymbolExists -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/src/UriConfig.h.in UriConfig.h) - -# -# C library -# -set(API_HEADER_FILES - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/UriBase.h - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/UriDefsAnsi.h - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/UriDefsConfig.h - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/UriDefsUnicode.h - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/Uri.h - ${CMAKE_CURRENT_SOURCE_DIR}/include/uriparser/UriIp4.h -) -set(LIBRARY_CODE_FILES - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriCommon.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriCommon.h - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriCompare.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriEscape.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriFile.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriIp4Base.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriIp4Base.h - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriIp4.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriMemory.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriMemory.h - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriNormalizeBase.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriNormalizeBase.h - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriNormalize.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriParseBase.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriParseBase.h - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriParse.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriQuery.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriRecompose.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriResolve.c - ${CMAKE_CURRENT_SOURCE_DIR}/src/UriShorten.c -) - -add_library(uriparser - ${_URIPARSER_STATIC_OR_SHARED} - ${API_HEADER_FILES} - ${LIBRARY_CODE_FILES} -) - -if(NOT MSVC) - math(EXPR URIPARSER_SO_CURRENT_MINUS_AGE "${URIPARSER_SO_CURRENT} - ${URIPARSER_SO_AGE}") - set_property(TARGET uriparser PROPERTY VERSION ${URIPARSER_SO_CURRENT_MINUS_AGE}.${URIPARSER_SO_AGE}.${URIPARSER_SO_REVISION}) - set_property(TARGET uriparser PROPERTY SOVERSION ${URIPARSER_SO_CURRENT_MINUS_AGE}) - if(WIN32) - set_target_properties(uriparser PROPERTIES - OUTPUT_NAME uriparser - RUNTIME_OUTPUT_NAME uriparser-${URIPARSER_SO_CURRENT_MINUS_AGE} - ARCHIVE_OUTPUT_NAME uriparser) - endif() -endif() - -set_property( - TARGET - uriparser - PROPERTY - PUBLIC_HEADER "${API_HEADER_FILES}" -) - -target_compile_definitions(uriparser PRIVATE URI_LIBRARY_BUILD) -if (NOT URIPARSER_SHARED_LIBS) - target_compile_definitions(uriparser PUBLIC URI_STATIC_BUILD) -endif() -if(NOT URIPARSER_BUILD_CHAR) - target_compile_definitions(uriparser PUBLIC URI_NO_ANSI) -endif() -if(NOT URIPARSER_BUILD_WCHAR_T) - target_compile_definitions(uriparser PUBLIC URI_NO_UNICODE) -endif() -if(URIPARSER_COMPILER_SUPPORTS_VISIBILITY) - target_compile_definitions(uriparser PRIVATE URI_VISIBILITY) -endif() - -target_include_directories(uriparser - PUBLIC - $ - $ - PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} # for UriConfig.h -) - -uriparser_install( - TARGETS - uriparser - EXPORT - uriparser - ARCHIVE - DESTINATION - ${CMAKE_INSTALL_LIBDIR} - LIBRARY - DESTINATION - ${CMAKE_INSTALL_LIBDIR} - RUNTIME - DESTINATION - ${CMAKE_INSTALL_BINDIR} - PUBLIC_HEADER - DESTINATION - ${CMAKE_INSTALL_INCLUDEDIR}/uriparser -) - -# -# C command line tool -# -if(URIPARSER_BUILD_TOOLS) - add_executable(uriparse - ${CMAKE_CURRENT_SOURCE_DIR}/tool/uriparse.c - ) - - target_link_libraries(uriparse PUBLIC uriparser) - - if(HAIKU) - # Function inet_ntop needs -lsocket or -lnetwork (see pull request #45) - check_library_exists(socket inet_ntop "" HAVE_LIBSOCKET__INET_NTOP) - check_library_exists(network inet_ntop "" HAVE_LIBNETWORK__INET_NTOP) - if(HAVE_LIBSOCKET__INET_NTOP) - target_link_libraries(uriparse PUBLIC socket) - endif() - if(HAVE_LIBNETWORK__INET_NTOP) - target_link_libraries(uriparse PUBLIC network) - endif() - endif() - - if(WIN32) - target_link_libraries(uriparse PUBLIC ws2_32) - endif() - - uriparser_install( - TARGETS - uriparse - DESTINATION - ${CMAKE_INSTALL_BINDIR} - ) -endif() - -# -# C++ test runner -# -if(URIPARSER_BUILD_TESTS) - if(MSVC AND URIPARSER_MSVC_RUNTIME) - uriparser_apply_msvc_runtime_to(CMAKE_CXX_FLAGS) - uriparser_apply_msvc_runtime_to(CMAKE_CXX_FLAGS_DEBUG) - uriparser_apply_msvc_runtime_to(CMAKE_CXX_FLAGS_RELEASE) - endif() - - enable_testing() - - find_package(GTest 1.8.0 REQUIRED) - - add_executable(testrunner - ${CMAKE_CURRENT_SOURCE_DIR}/test/FourSuite.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/test/MemoryManagerSuite.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/test/test.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/test/VersionSuite.cpp - - # These library code files have non-public symbols that the test suite - # needs to link to, so they appear here as well: - ${API_HEADER_FILES} - ${LIBRARY_CODE_FILES} - ) - - target_compile_definitions(testrunner PRIVATE URI_STATIC_BUILD) - - if(MSVC) - target_compile_definitions(testrunner PRIVATE -D_CRT_NONSTDC_NO_WARNINGS) - target_compile_definitions(testrunner PRIVATE -D_CRT_SECURE_NO_WARNINGS) - endif() - - target_include_directories(testrunner SYSTEM PRIVATE - ${GTEST_INCLUDE_DIRS} - ) - - target_include_directories(testrunner PRIVATE - ${CMAKE_CURRENT_SOURCE_DIR}/include - ${CMAKE_CURRENT_BINARY_DIR} # for UriConfig.h - ) - - target_link_libraries(testrunner PUBLIC - ${GTEST_BOTH_LIBRARIES} - ) - - # NOTE: uriparser does not use pthreads itself but gtest does - find_package(Threads REQUIRED) - target_link_libraries(testrunner PRIVATE Threads::Threads) - - if(MSVC) - # Specify unwind semantics so that MSVC knowns how to handle exceptions - target_compile_options(testrunner PRIVATE /EHsc) - endif() - - if(MINGW) - set(_URIPARSER_TEST_COMMAND wine testrunner) - else() - set(_URIPARSER_TEST_COMMAND testrunner) - endif() - - add_test( - NAME - test - COMMAND - ${_URIPARSER_TEST_COMMAND} - ) - - add_custom_target(check COMMAND ${CMAKE_CTEST_COMMAND}) -endif() - -# -# Compiler flags -# -if(URIPARSER_WARNINGS_AS_ERRORS) - if(MSVC) - add_definitions(/WX) - else() - set(URIPARSER_EXTRA_COMPILE_FLAGS "${URIPARSER_EXTRA_COMPILE_FLAGS} -Werror") - endif() -endif() - -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${URIPARSER_EXTRA_COMPILE_FLAGS}") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${URIPARSER_EXTRA_COMPILE_FLAGS}") - -# -# Doxygen API documentation -# -if(URIPARSER_BUILD_DOCS) - find_package(Doxygen REQUIRED dot doxygen) - - set(QHG_LOCATION "" CACHE FILEPATH "Path to qhelpgenerator program (default: auto-detect)") - if(NOT QHG_LOCATION) - find_package(Qt5Help QUIET) - if(TARGET Qt5::qhelpgenerator) - get_target_property(QHG_LOCATION Qt5::qhelpgenerator LOCATION) - mark_as_advanced(Qt5Core_DIR) - mark_as_advanced(Qt5Gui_DIR) - mark_as_advanced(Qt5Help_DIR) - mark_as_advanced(Qt5Sql_DIR) - mark_as_advanced(Qt5Widgets_DIR) - endif() - endif() - - include(FindHTMLHelp) - - # Generate Doxyfile - if(HTML_HELP_COMPILER) - set(GENERATE_HTMLHELP YES) - else() - set(GENERATE_HTMLHELP NO) - endif() - if(QHG_LOCATION) - set(GENERATE_QHP YES) - else() - set(GENERATE_QHP NO) - endif() - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/doc/Doxyfile.in doc/Doxyfile @ONLY) - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/doc/release.sh.in doc/release.sh @ONLY) - - add_custom_target(doc - ALL - COMMAND - ${DOXYGEN_EXECUTABLE} - Doxyfile - WORKING_DIRECTORY - ${CMAKE_CURRENT_BINARY_DIR}/doc - COMMENT - "Generating API documentation with Doxygen" - VERBATIM - ) - - uriparser_install( - DIRECTORY - ${CMAKE_CURRENT_BINARY_DIR}/doc/html - DESTINATION - ${CMAKE_INSTALL_DOCDIR} - ) - if(QHG_LOCATION) - uriparser_install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/doc/uriparser-${PROJECT_VERSION}.qch - DESTINATION - ${CMAKE_INSTALL_DOCDIR} - ) - endif() -endif() - -# -# CMake files for find_package(uriparser [..] CONFIG [..]) -# -configure_package_config_file( - ${CMAKE_CURRENT_SOURCE_DIR}/cmake/uriparser-config.cmake.in - cmake/uriparser-config.cmake - INSTALL_DESTINATION - ${CMAKE_INSTALL_LIBDIR}/cmake/uriparser-${PROJECT_VERSION}/ -) -write_basic_package_version_file( - cmake/uriparser-config-version.cmake - COMPATIBILITY SameMajorVersion # i.e. semver -) -export( - TARGETS - uriparser - FILE - cmake/uriparser-targets.cmake # not going to be installed -) -uriparser_install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/cmake/uriparser-config.cmake - ${CMAKE_CURRENT_BINARY_DIR}/cmake/uriparser-config-version.cmake - DESTINATION - ${CMAKE_INSTALL_LIBDIR}/cmake/uriparser-${PROJECT_VERSION}/ -) -uriparser_install( - EXPORT - uriparser - DESTINATION - ${CMAKE_INSTALL_LIBDIR}/cmake/uriparser-${PROJECT_VERSION}/ - NAMESPACE - uriparser:: -) - -# -# pkg-config file -# -if(NOT MSVC) - if(CMAKE_INSTALL_LIBDIR MATCHES "^/") - set(_URIPARSER_PKGCONFIG_LIBDIR "${CMAKE_INSTALL_LIBDIR}") - else() - set(_URIPARSER_PKGCONFIG_LIBDIR "\${exec_prefix}/${CMAKE_INSTALL_LIBDIR}") - endif() - - if(CMAKE_INSTALL_INCLUDEDIR MATCHES "^/") - set(_URIPARSER_PKGCONFIG_INCLUDEDIR "${CMAKE_INSTALL_INCLUDEDIR}") - else() - set(_URIPARSER_PKGCONFIG_INCLUDEDIR "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}") - endif() - - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/liburiparser.pc.in liburiparser.pc @ONLY) - uriparser_install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/liburiparser.pc - DESTINATION - ${CMAKE_INSTALL_LIBDIR}/pkgconfig/ - ) -endif() - -# -# Summary -# -message(STATUS "===========================================================================") -message(STATUS "") -message(STATUS "Configuration") -message(STATUS " Build type ............. ${CMAKE_BUILD_TYPE}") -message(STATUS " Shared libraries ....... ${URIPARSER_SHARED_LIBS}") -message(STATUS " Compiler flags") -message(STATUS " C .................... ${CMAKE_C_FLAGS}") -message(STATUS " C++ .................. ${CMAKE_CXX_FLAGS}") -message(STATUS " Linker flags") -message(STATUS " Executable ........... ${CMAKE_EXE_LINKER_FLAGS}") -message(STATUS " Module ............... ${CMAKE_MODULE_LINKER_FLAGS}") -message(STATUS " Shared ............... ${CMAKE_SHARED_LINKER_FLAGS}") -message(STATUS " Paths") -message(STATUS " Prefix ............... ${CMAKE_INSTALL_PREFIX}") -message(STATUS " qhelpgenerator ....... ${QHG_LOCATION}") -message(STATUS "") -message(STATUS " Features") -message(STATUS " Code for char * ...... ${URIPARSER_BUILD_CHAR}") -message(STATUS " Code for wchar_t * ... ${URIPARSER_BUILD_WCHAR_T}") -message(STATUS " Tools ................ ${URIPARSER_BUILD_TOOLS}") -message(STATUS " Test suite ........... ${URIPARSER_BUILD_TESTS}") -message(STATUS " Documentation ........ ${URIPARSER_BUILD_DOCS}") -message(STATUS "") -if(CMAKE_GENERATOR STREQUAL "Unix Makefiles") - message(STATUS "Continue with") - message(STATUS " make") - message(STATUS " make test") - message(STATUS " sudo make install") - message(STATUS "") -endif() -message(STATUS "===========================================================================") diff --git a/vendor/jsontoolkit/vendor/uriparser/cmake/.gitignore b/vendor/jsontoolkit/vendor/uriparser/cmake/.gitignore deleted file mode 100644 index 3142a219..00000000 --- a/vendor/jsontoolkit/vendor/uriparser/cmake/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/uriparser-config.cmake -/uriparser-config-version.cmake -/uriparser-targets.cmake diff --git a/vendor/jsontoolkit/vendor/uriparser/cmake/uriparser-config.cmake.in b/vendor/jsontoolkit/vendor/uriparser/cmake/uriparser-config.cmake.in deleted file mode 100644 index 64938cff..00000000 --- a/vendor/jsontoolkit/vendor/uriparser/cmake/uriparser-config.cmake.in +++ /dev/null @@ -1,57 +0,0 @@ -# uriparser - RFC 3986 URI parsing library -# -# Copyright (C) 2018, Sebastian Pipping -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of -# its contributors may be used to endorse or promote products -# derived from this software without specific prior written -# permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# -if(NOT _uriparser_config_included) - # Protect against multiple inclusion - set(_uriparser_config_included TRUE) - - -include("${CMAKE_CURRENT_LIST_DIR}/uriparser.cmake") - -@PACKAGE_INIT@ - -# -# Supported components -# -macro(_register_component _NAME _AVAILABE) - set(uriparser_${_NAME}_FOUND ${_AVAILABE}) -endmacro() -_register_component(char @URIPARSER_BUILD_CHAR@) -_register_component(wchar_t @URIPARSER_BUILD_WCHAR_T@) -check_required_components(uriparser) - - -endif(NOT _uriparser_config_included) diff --git a/vendor/jsontoolkit/vendor/uriparser/liburiparser.pc.in b/vendor/jsontoolkit/vendor/uriparser/liburiparser.pc.in deleted file mode 100644 index cb780001..00000000 --- a/vendor/jsontoolkit/vendor/uriparser/liburiparser.pc.in +++ /dev/null @@ -1,12 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=@_URIPARSER_PKGCONFIG_LIBDIR@ -includedir=@_URIPARSER_PKGCONFIG_INCLUDEDIR@ - -Name: liburiparser -Description: URI parsing and handling library - -Version: @PROJECT_VERSION@ -URL: https://uriparser.github.io/ -Libs: -L${libdir} -luriparser -Cflags: -I${includedir} diff --git a/vendor/noa/cmake/noa/compiler/options.cmake b/vendor/noa/cmake/noa/compiler/options.cmake index b1fc6e53..dde90f21 100644 --- a/vendor/noa/cmake/noa/compiler/options.cmake +++ b/vendor/noa/cmake/noa/compiler/options.cmake @@ -42,6 +42,10 @@ function(noa_add_default_options visibility target) -Winvalid-offsetof -funroll-loops -fstrict-aliasing + -ftree-vectorize + + # To improve how much GCC/Clang will vectorize + -fno-math-errno # Assume that signed arithmetic overflow of addition, subtraction and # multiplication wraps around using twos-complement representation @@ -78,10 +82,28 @@ function(noa_add_default_options visibility target) -fslp-vectorize) elseif(NOA_COMPILER_GCC) target_compile_options("${target}" ${visibility} + -fno-trapping-math # Newer versions of GCC (i.e. 14) seem to print a lot of false-positives here -Wno-dangling-reference - + # GCC seems to print a lot of false-positives here + -Wno-free-nonheap-object # Disables runtime type information -fno-rtti) endif() endfunction() + +# For studying failed vectorization results +# - On Clang , seems to only take effect on release shared builds +# - On GCC, seems to only take effect on release shared builds +function(noa_add_vectorization_diagnostics target) + if(NOA_COMPILER_LLVM) + # See https://llvm.org/docs/Vectorizers.html#id6 + target_compile_options("${target}" PRIVATE + -Rpass-analysis=loop-vectorize + -Rpass-missed=loop-vectorize) + elseif(NOA_COMPILER_GCC) + target_compile_options("${target}" PRIVATE + -fopt-info-vec-missed + -fopt-info-loop-missed) + endif() +endfunction() diff --git a/vendor/noa/cmake/noa/library.cmake b/vendor/noa/cmake/noa/library.cmake index 05d57748..9868714d 100644 --- a/vendor/noa/cmake/noa/library.cmake +++ b/vendor/noa/cmake/noa/library.cmake @@ -1,6 +1,6 @@ function(noa_library) cmake_parse_arguments(NOA_LIBRARY "" - "NAMESPACE;PROJECT;NAME;FOLDER" "PRIVATE_HEADERS;SOURCES" ${ARGN}) + "NAMESPACE;PROJECT;NAME;FOLDER;VARIANT" "PRIVATE_HEADERS;SOURCES" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -18,7 +18,11 @@ function(noa_library) set(INCLUDE_PREFIX "include/${NOA_LIBRARY_PROJECT}") endif() - set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + if(NOT NOA_LIBRARY_VARIANT) + set(PUBLIC_HEADER "${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + else() + set(PUBLIC_HEADER "../${INCLUDE_PREFIX}/${NOA_LIBRARY_NAME}.h") + endif() if(NOA_LIBRARY_SOURCES) set(ABSOLUTE_PRIVATE_HEADERS "${CMAKE_CURRENT_BINARY_DIR}/${NOA_LIBRARY_NAME}_export.h") @@ -38,6 +42,11 @@ function(noa_library) set(ALIAS_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + set(ALIAS_NAME "${ALIAS_NAME}::${NOA_LIBRARY_VARIANT}") + endif() + if(NOA_LIBRARY_SOURCES) add_library(${TARGET_NAME} ${PUBLIC_HEADER} ${ABSOLUTE_PRIVATE_HEADERS} ${NOA_LIBRARY_SOURCES}) @@ -50,23 +59,34 @@ function(noa_library) add_library(${ALIAS_NAME} ALIAS ${TARGET_NAME}) + if(NOT NOA_LIBRARY_VARIANT) + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/include") + else() + set(include_dir "${CMAKE_CURRENT_SOURCE_DIR}/../include") + endif() if(NOA_LIBRARY_SOURCES) target_include_directories(${TARGET_NAME} PUBLIC - "$" + "$" "$") else() target_include_directories(${TARGET_NAME} INTERFACE - "$" + "$" "$") endif() if(NOA_LIBRARY_SOURCES) + if(NOA_LIBRARY_VARIANT) + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}::${NOA_LIBRARY_VARIANT}") + else() + set(export_name "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}") + endif() + set_target_properties(${TARGET_NAME} PROPERTIES OUTPUT_NAME ${TARGET_NAME} PUBLIC_HEADER "${PUBLIC_HEADER}" PRIVATE_HEADER "${ABSOLUTE_PRIVATE_HEADERS}" - EXPORT_NAME "${NOA_LIBRARY_PROJECT}::${NOA_LIBRARY_NAME}" + EXPORT_NAME "${export_name}" FOLDER "${NOA_LIBRARY_FOLDER}") else() set_target_properties(${TARGET_NAME} @@ -93,7 +113,7 @@ function(noa_library) endfunction() function(noa_library_install) - cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME" "" ${ARGN}) + cmake_parse_arguments(NOA_LIBRARY "" "NAMESPACE;PROJECT;NAME;VARIANT" "" ${ARGN}) if(NOT NOA_LIBRARY_PROJECT) message(FATAL_ERROR "You must pass the project name using the PROJECT option") @@ -114,6 +134,10 @@ function(noa_library_install) set(NAMESPACE_PREFIX "") endif() + if(NOA_LIBRARY_VARIANT) + set(TARGET_NAME "${TARGET_NAME}_${NOA_LIBRARY_VARIANT}") + endif() + include(GNUInstallDirs) install(TARGETS ${TARGET_NAME} EXPORT ${TARGET_NAME}