curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-17 17:42:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

schannel: re-indent to use curl style better

Browse Source 
Only white space changes

Closes #9301
This commit is contained in:
Daniel Stenberg 2022-08-12 10:48:29 +02:00
parent 2f0056680f
commit 193772084f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 65 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
lib/vtls/schannel.c
View File

@ -109,14 +109,14 @@
#endif #endif
/* Workaround broken compilers like MingW. /* Workaround broken compilers like MingW.
Return the number of elements in a statically sized array. Return the number of elements in a statically sized array.
*/ */
#ifndef ARRAYSIZE #ifndef ARRAYSIZE
#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
#endif #endif
#if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) \ #if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) \
&& !defined(DISABLE_SCHANNEL_CLIENT_CERT) && !defined(DISABLE_SCHANNEL_CLIENT_CERT)
#define HAS_CLIENT_CERT_PATH #define HAS_CLIENT_CERT_PATH
#endif #endif
@ -221,13 +221,12 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
case CURL_SSLVERSION_MAX_NONE: case CURL_SSLVERSION_MAX_NONE:
case CURL_SSLVERSION_MAX_DEFAULT: case CURL_SSLVERSION_MAX_DEFAULT:
/* Windows Server 2022 and newer (including Windows 11) /* Windows Server 2022 and newer (including Windows 11) support TLS 1.3
support TLS 1.3 built-in. Previous builds of Windows 10 built-in. Previous builds of Windows 10 had broken TLS 1.3
had broken TLS 1.3 implementations that could be enabled implementations that could be enabled via registry.
via registry.
*/ */
if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT, if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) { VERSION_GREATER_THAN_EQUAL)) {
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
} }
else /* Windows 10 and older */ else /* Windows 10 and older */
@ -251,7 +250,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
/* Windows Server 2022 and newer */ /* Windows Server 2022 and newer */
if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT, if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) { VERSION_GREATER_THAN_EQUAL)) {
(*enabled_protocols) |= SP_PROT_TLS1_3_CLIENT; (*enabled_protocols) |= SP_PROT_TLS1_3_CLIENT;
break; break;
} }
@ -448,13 +447,13 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
else if(_tcsncmp(path, TEXT("Users"), store_name_len) == 0) else if(_tcsncmp(path, TEXT("Users"), store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_USERS; *store_name = CERT_SYSTEM_STORE_USERS;
else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"), else if(_tcsncmp(path, TEXT("CurrentUserGroupPolicy"),
store_name_len) == 0) store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY; *store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"), else if(_tcsncmp(path, TEXT("LocalMachineGroupPolicy"),
store_name_len) == 0) store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY; *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"), else if(_tcsncmp(path, TEXT("LocalMachineEnterprise"),
store_name_len) == 0) store_name_len) == 0)
*store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE; *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE;
else else
return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM;
@ -597,7 +596,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
result = get_cert_location(cert_path, &cert_store_name, result = get_cert_location(cert_path, &cert_store_name,
&cert_store_path, &cert_thumbprint_str); &cert_store_path, &cert_thumbprint_str);
if(result && (data->set.ssl.primary.clientcert[0]!='\0')) if(result && (data->set.ssl.primary.clientcert[0]!='\0'))
fInCert = fopen(data->set.ssl.primary.clientcert, "rb"); fInCert = fopen(data->set.ssl.primary.clientcert, "rb");
@ -612,18 +611,18 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
} }
if((fInCert || blob) && (data->set.ssl.cert_type) && if((fInCert || blob) && (data->set.ssl.cert_type) &&
(!strcasecompare(data->set.ssl.cert_type, "P12"))) { (!strcasecompare(data->set.ssl.cert_type, "P12"))) {
failf(data, "schannel: certificate format compatibility error " failf(data, "schannel: certificate format compatibility error "
" for %s", " for %s",
blob ? "(memory blob)" : data->set.ssl.primary.clientcert); blob ? "(memory blob)" : data->set.ssl.primary.clientcert);
curlx_unicodefree(cert_path); curlx_unicodefree(cert_path);
return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM;
} }
if(fInCert || blob) { if(fInCert || blob) {
/* Reading a .P12 or .pfx file, like the example at bottom of /* Reading a .P12 or .pfx file, like the example at bottom of
https://social.msdn.microsoft.com/Forums/windowsdesktop/ https://social.msdn.microsoft.com/Forums/windowsdesktop/
en-US/3e7bc95f-b21a-4bcd-bd2c-7f996718cae5 en-US/3e7bc95f-b21a-4bcd-bd2c-7f996718cae5
*/ */
CRYPT_DATA_BLOB datablob; CRYPT_DATA_BLOB datablob;
WCHAR* pszPassword; WCHAR* pszPassword;
@ -651,7 +650,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
fclose(fInCert); fclose(fInCert);
if(!continue_reading) { if(!continue_reading) {
failf(data, "schannel: Failed to read cert file %s", failf(data, "schannel: Failed to read cert file %s",
data->set.ssl.primary.clientcert); data->set.ssl.primary.clientcert);
free(certdata); free(certdata);
return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM;
} }
@ -667,9 +666,10 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
if(pszPassword) { if(pszPassword) {
if(pwd_len > 0) if(pwd_len > 0)
str_w_len = MultiByteToWideChar(CP_UTF8, str_w_len = MultiByteToWideChar(CP_UTF8,
MB_ERR_INVALID_CHARS, MB_ERR_INVALID_CHARS,
data->set.ssl.key_passwd, (int)pwd_len, data->set.ssl.key_passwd,
pszPassword, (int)(pwd_len + 1)); (int)pwd_len,
pszPassword, (int)(pwd_len + 1));
if((str_w_len >= 0) && (str_w_len <= (int)pwd_len)) if((str_w_len >= 0) && (str_w_len <= (int)pwd_len))
pszPassword[str_w_len] = 0; pszPassword[str_w_len] = 0;
@ -774,7 +774,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
/* Windows 10, 1809 (a.k.a. Windows 10 build 17763) */ /* Windows 10, 1809 (a.k.a. Windows 10 build 17763) */
if(curlx_verify_windows_version(10, 0, 17763, PLATFORM_WINNT, if(curlx_verify_windows_version(10, 0, 17763, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) { VERSION_GREATER_THAN_EQUAL)) {
char *ciphers13 = 0; char *ciphers13 = 0;
@ -794,15 +794,15 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
/* If TLS 1.3 ciphers are explictly listed, then /* If TLS 1.3 ciphers are explictly listed, then
* disable all the ciphers and re-enable which * disable all the ciphers and re-enable which
* ciphers the user has provided. * ciphers the user has provided.
*/ */
ciphers13 = SSL_CONN_CONFIG(cipher_list13); ciphers13 = SSL_CONN_CONFIG(cipher_list13);
if(ciphers13) { if(ciphers13) {
const int remaining_ciphers = 5; const int remaining_ciphers = 5;
/* detect which remaining ciphers to enable /* detect which remaining ciphers to enable
and then disable everything else. and then disable everything else.
*/ */
char *startCur = ciphers13; char *startCur = ciphers13;
@ -831,23 +831,23 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
tmp[n] = 0; tmp[n] = 0;
if(disable_aes_gcm_sha384 if(disable_aes_gcm_sha384
&& !strcmp("TLS_AES_256_GCM_SHA384", tmp)) { && !strcmp("TLS_AES_256_GCM_SHA384", tmp)) {
disable_aes_gcm_sha384 = FALSE; disable_aes_gcm_sha384 = FALSE;
} }
else if(disable_aes_gcm_sha256 else if(disable_aes_gcm_sha256
&& !strcmp("TLS_AES_128_GCM_SHA256", tmp)) { && !strcmp("TLS_AES_128_GCM_SHA256", tmp)) {
disable_aes_gcm_sha256 = FALSE; disable_aes_gcm_sha256 = FALSE;
} }
else if(disable_chacha_poly else if(disable_chacha_poly
&& !strcmp("TLS_CHACHA20_POLY1305_SHA256", tmp)) { && !strcmp("TLS_CHACHA20_POLY1305_SHA256", tmp)) {
disable_chacha_poly = FALSE; disable_chacha_poly = FALSE;
} }
else if(disable_aes_ccm_8_sha256 else if(disable_aes_ccm_8_sha256
&& !strcmp("TLS_AES_128_CCM_8_SHA256", tmp)) { && !strcmp("TLS_AES_128_CCM_8_SHA256", tmp)) {
disable_aes_ccm_8_sha256 = FALSE; disable_aes_ccm_8_sha256 = FALSE;
} }
else if(disable_aes_ccm_sha256 else if(disable_aes_ccm_sha256
&& !strcmp("TLS_AES_128_CCM_SHA256", tmp)) { && !strcmp("TLS_AES_128_CCM_SHA256", tmp)) {
disable_aes_ccm_sha256 = FALSE; disable_aes_ccm_sha256 = FALSE;
} }
else { else {
@ -864,8 +864,8 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
} }
if(disable_aes_gcm_sha384 && disable_aes_gcm_sha256 if(disable_aes_gcm_sha384 && disable_aes_gcm_sha256
&& disable_chacha_poly && disable_aes_ccm_8_sha256 && disable_chacha_poly && disable_aes_ccm_8_sha256
&& disable_aes_ccm_sha256) { && disable_aes_ccm_sha256) {
failf(data, "All available TLS 1.3 ciphers were disabled."); failf(data, "All available TLS 1.3 ciphers were disabled.");
return CURLE_SSL_CIPHER; return CURLE_SSL_CIPHER;
} }
@ -880,17 +880,17 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
blocked_ccm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_CCM; blocked_ccm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_CCM;
crypto_settings[crypto_settings_idx].eAlgorithmUsage = crypto_settings[crypto_settings_idx].eAlgorithmUsage =
TlsParametersCngAlgUsageCipher; TlsParametersCngAlgUsageCipher;
crypto_settings[crypto_settings_idx].rgstrChainingModes = crypto_settings[crypto_settings_idx].rgstrChainingModes =
blocked_ccm_modes; blocked_ccm_modes;
crypto_settings[crypto_settings_idx].cChainingModes = crypto_settings[crypto_settings_idx].cChainingModes =
ARRAYSIZE(blocked_ccm_modes); ARRAYSIZE(blocked_ccm_modes);
crypto_settings[crypto_settings_idx].strCngAlgId.Length = crypto_settings[crypto_settings_idx].strCngAlgId.Length =
sizeof(BCRYPT_AES_ALGORITHM); sizeof(BCRYPT_AES_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength = crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
sizeof(BCRYPT_AES_ALGORITHM); sizeof(BCRYPT_AES_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.Buffer = crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
(PWSTR)BCRYPT_AES_ALGORITHM; (PWSTR)BCRYPT_AES_ALGORITHM;
/* only disabling one of the CCM modes */ /* only disabling one of the CCM modes */
if(disable_aes_ccm_8_sha256 != disable_aes_ccm_sha256) { if(disable_aes_ccm_8_sha256 != disable_aes_ccm_sha256) {
@ -914,23 +914,23 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
blocked_gcm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_GCM; blocked_gcm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_GCM;
/* if only one is disabled, then explictly disable the /* if only one is disabled, then explictly disable the
digest cipher suite (sha384 or sha256) */ digest cipher suite (sha384 or sha256) */
if(disable_aes_gcm_sha384 != disable_aes_gcm_sha256) { if(disable_aes_gcm_sha384 != disable_aes_gcm_sha256) {
crypto_settings[crypto_settings_idx].eAlgorithmUsage = crypto_settings[crypto_settings_idx].eAlgorithmUsage =
TlsParametersCngAlgUsageDigest; TlsParametersCngAlgUsageDigest;
crypto_settings[crypto_settings_idx].strCngAlgId.Length = crypto_settings[crypto_settings_idx].strCngAlgId.Length =
sizeof(disable_aes_gcm_sha384 ? sizeof(disable_aes_gcm_sha384 ?
BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM); BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength = crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
sizeof(disable_aes_gcm_sha384 ? sizeof(disable_aes_gcm_sha384 ?
BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM); BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.Buffer = crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
(PWSTR)(disable_aes_gcm_sha384 ? (PWSTR)(disable_aes_gcm_sha384 ?
BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM); BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
} }
else { /* Disable both AES_GCM ciphers */ else { /* Disable both AES_GCM ciphers */
crypto_settings[crypto_settings_idx].eAlgorithmUsage = crypto_settings[crypto_settings_idx].eAlgorithmUsage =
TlsParametersCngAlgUsageCipher; TlsParametersCngAlgUsageCipher;
crypto_settings[crypto_settings_idx].strCngAlgId.Length = crypto_settings[crypto_settings_idx].strCngAlgId.Length =
sizeof(BCRYPT_AES_ALGORITHM); sizeof(BCRYPT_AES_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength = crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
@ -940,7 +940,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
} }
crypto_settings[crypto_settings_idx].rgstrChainingModes = crypto_settings[crypto_settings_idx].rgstrChainingModes =
blocked_gcm_modes; blocked_gcm_modes;
crypto_settings[crypto_settings_idx].cChainingModes = 1; crypto_settings[crypto_settings_idx].cChainingModes = 1;
crypto_settings_idx++; crypto_settings_idx++;
@ -951,13 +951,13 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
*/ */
if(disable_chacha_poly) { if(disable_chacha_poly) {
crypto_settings[crypto_settings_idx].eAlgorithmUsage = crypto_settings[crypto_settings_idx].eAlgorithmUsage =
TlsParametersCngAlgUsageCipher; TlsParametersCngAlgUsageCipher;
crypto_settings[crypto_settings_idx].strCngAlgId.Length = crypto_settings[crypto_settings_idx].strCngAlgId.Length =
sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM); sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength = crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM); sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM);
crypto_settings[crypto_settings_idx].strCngAlgId.Buffer = crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
(PWSTR)BCRYPT_CHACHA20_POLY1305_ALGORITHM; (PWSTR)BCRYPT_CHACHA20_POLY1305_ALGORITHM;
crypto_settings_idx++; crypto_settings_idx++;
} }
@ -972,7 +972,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
credentials.dwFlags = flags | SCH_USE_STRONG_CRYPTO; credentials.dwFlags = flags | SCH_USE_STRONG_CRYPTO;
credentials.pTlsParameters->grbitDisabledProtocols = credentials.pTlsParameters->grbitDisabledProtocols =
(DWORD)~enabled_protocols; (DWORD)~enabled_protocols;
#ifdef HAS_CLIENT_CERT_PATH #ifdef HAS_CLIENT_CERT_PATH
if(client_certs[0]) { if(client_certs[0]) {
@ -982,11 +982,11 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
#endif #endif
sspi_status = sspi_status =
s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME,
SECPKG_CRED_OUTBOUND, NULL, SECPKG_CRED_OUTBOUND, NULL,
&credentials, NULL, NULL, &credentials, NULL, NULL,
&backend->cred->cred_handle, &backend->cred->cred_handle,
&backend->cred->time_stamp); &backend->cred->time_stamp);
} }
else { else {
/* Pre-Windows 10 1809 */ /* Pre-Windows 10 1809 */
@ -1016,11 +1016,11 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
#endif #endif
sspi_status = sspi_status =
s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME, s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR*)UNISP_NAME,
SECPKG_CRED_OUTBOUND, NULL, SECPKG_CRED_OUTBOUND, NULL,
&schannel_cred, NULL, NULL, &schannel_cred, NULL, NULL,
&backend->cred->cred_handle, &backend->cred->cred_handle,
&backend->cred->time_stamp); &backend->cred->time_stamp);
} }
#ifdef HAS_CLIENT_CERT_PATH #ifdef HAS_CLIENT_CERT_PATH