1 #ifndef HEADER_CURL_SCHANNEL_H
2 #define HEADER_CURL_SCHANNEL_H
3 /***************************************************************************
4  *                                  _   _ ____  _
5  *  Project                     ___| | | |  _ \| |
6  *                             / __| | | | |_) | |
7  *                            | (__| |_| |  _ <| |___
8  *                             \___|\___/|_| \_\_____|
9  *
10  * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
11  * Copyright (C) 2012 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
12  *
13  * This software is licensed as described in the file COPYING, which
14  * you should have received as part of this distribution. The terms
15  * are also available at https://curl.se/docs/copyright.html.
16  *
17  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
18  * copies of the Software, and permit persons to whom the Software is
19  * furnished to do so, under the terms of the COPYING file.
20  *
21  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
22  * KIND, either express or implied.
23  *
24  ***************************************************************************/
25 #include "curl_setup.h"
26 
27 #ifdef USE_SCHANNEL
28 
29 #include <schnlsp.h>
30 #include <schannel.h>
31 #include "curl_sspi.h"
32 
33 #include "urldata.h"
34 
35 /* <wincrypt.h> has been included via the above <schnlsp.h>.
36  * Or in case of ldap.c, it was included via <winldap.h>.
37  * And since <wincrypt.h> has this:
38  *   #define X509_NAME  ((LPCSTR) 7)
39  *
40  * And in BoringSSL's <openssl/base.h> there is:
41  *  typedef struct X509_name_st X509_NAME;
42  *  etc.
43  *
44  * this will cause all kinds of C-preprocessing paste errors in
45  * BoringSSL's <openssl/x509.h>: So just undefine those defines here
46  * (and only here).
47  */
48 #if defined(HAVE_BORINGSSL) || defined(OPENSSL_IS_BORINGSSL)
49 # undef X509_NAME
50 # undef X509_CERT_PAIR
51 # undef X509_EXTENSIONS
52 #endif
53 
54 extern const struct Curl_ssl Curl_ssl_schannel;
55 
56 CURLcode Curl_verify_certificate(struct connectdata *conn, int sockindex);
57 
58 /* structs to expose only in schannel.c and schannel_verify.c */
59 #ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS
60 
61 #ifdef __MINGW32__
62 #include <_mingw.h>
63 #ifdef __MINGW64_VERSION_MAJOR
64 #define HAS_MANUAL_VERIFY_API
65 #endif
66 #else
67 #include <wincrypt.h>
68 #ifdef CERT_CHAIN_REVOCATION_CHECK_CHAIN
69 #define HAS_MANUAL_VERIFY_API
70 #endif
71 #endif
72 
73 struct Curl_schannel_cred {
74   CredHandle cred_handle;
75   TimeStamp time_stamp;
76   int refcount;
77 };
78 
79 struct Curl_schannel_ctxt {
80   CtxtHandle ctxt_handle;
81   TimeStamp time_stamp;
82 };
83 
84 struct ssl_backend_data {
85   struct Curl_schannel_cred *cred;
86   struct Curl_schannel_ctxt *ctxt;
87   SecPkgContext_StreamSizes stream_sizes;
88   size_t encdata_length, decdata_length;
89   size_t encdata_offset, decdata_offset;
90   unsigned char *encdata_buffer, *decdata_buffer;
91   /* encdata_is_incomplete: if encdata contains only a partial record that
92      can't be decrypted without another Curl_read_plain (that is, status is
93      SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
94      more bytes into encdata then set this back to false. */
95   bool encdata_is_incomplete;
96   unsigned long req_flags, ret_flags;
97   CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
98   bool recv_sspi_close_notify; /* true if connection closed by close_notify */
99   bool recv_connection_closed; /* true if connection closed, regardless how */
100   bool use_alpn; /* true if ALPN is used for this connection */
101 #ifdef HAS_MANUAL_VERIFY_API
102   bool use_manual_cred_validation; /* true if manual cred validation is used */
103 #endif
104 };
105 #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
106 
107 #endif /* USE_SCHANNEL */
108 #endif /* HEADER_CURL_SCHANNEL_H */
109