113   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
131     connssl->cred = old_cred;
196     connssl->cred = malloc(sizeof(struct curl_schannel_cred));
197     if(!connssl->cred) {
201     memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));
206       &connssl->cred->cred_handle, &connssl->cred->time_stamp);
215       Curl_safefree(connssl->cred);
234   connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
239   connssl->ctxt = malloc(sizeof(struct curl_schannel_ctxt));
240   if(!connssl->ctxt) {
244   memset(connssl->ctxt, 0, sizeof(struct curl_schannel_ctxt));
253     &connssl->cred->cred_handle, NULL, host_name,
254     connssl->req_flags, 0, 0, NULL, 0, &connssl->ctxt->ctxt_handle,
255     &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
266     Curl_safefree(connssl->ctxt);
287   connssl->connecting_state = ssl_connect_2;
298   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
308   doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
314   if(connssl->encdata_buffer == NULL) {
315     connssl->encdata_offset = 0;
316     connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
317     connssl->encdata_buffer = malloc(connssl->encdata_length);
318     if(connssl->encdata_buffer == NULL) {
325   if(connssl->encdata_length - connssl->encdata_offset <
328     connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
329     connssl->encdata_buffer = realloc(connssl->encdata_buffer,
330                                       connssl->encdata_length);
332     if(connssl->encdata_buffer == NULL) {
342                 (char *) (connssl->encdata_buffer + connssl->encdata_offset),
343                           connssl->encdata_length - connssl->encdata_offset,
346         if(connssl->connecting_state != ssl_connect_2_writing)
347           connssl->connecting_state = ssl_connect_2_reading;
359       connssl->encdata_offset += nread;
363         connssl->encdata_offset, connssl->encdata_length);
366     InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset),
367                   curlx_uztoul(connssl->encdata_offset));
382     memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer,
383            connssl->encdata_offset);
392       &connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle,
393       host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL,
394       &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
403       connssl->connecting_state = ssl_connect_2_reading;
458       if(connssl->encdata_offset > inbuf[1].cbBuffer) {
459         memmove(connssl->encdata_buffer,
460                 (connssl->encdata_buffer + connssl->encdata_offset) -
462         connssl->encdata_offset = inbuf[1].cbBuffer;
470       connssl->encdata_offset = 0;
477     connssl->connecting_state = ssl_connect_2_reading;
483     connssl->connecting_state = ssl_connect_3;
502   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
506   DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
512   if(connssl->ret_flags != connssl->req_flags) {
513     if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT))
515     if(!(connssl->ret_flags & ISC_RET_REPLAY_DETECT))
517     if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))
519     if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))
521     if(!(connssl->ret_flags & ISC_RET_STREAM))
527   if(connssl->cred && connssl->ctxt) {
528     connssl->cred->refcount++;
530           connssl->cred->refcount);
536     if(old_cred != connssl->cred) {
543     retcode = Curl_ssl_addsessionid(conn, (void*)connssl->cred,
550       connssl->cred->cached = TRUE;
555   connssl->connecting_state = ssl_connect_done;
566   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
572   if(ssl_connection_complete == connssl->state) {
577   if(ssl_connect_1 == connssl->connecting_state) {
592   while(ssl_connect_2 == connssl->connecting_state ||
593         ssl_connect_2_reading == connssl->connecting_state ||
594         ssl_connect_2_writing == connssl->connecting_state) {
606     if(connssl->connecting_state == ssl_connect_2_reading
607        || connssl->connecting_state == ssl_connect_2_writing) {
610         connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
612         connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
643                    (ssl_connect_2 == connssl->connecting_state ||
644                     ssl_connect_2_reading == connssl->connecting_state ||
645                     ssl_connect_2_writing == connssl->connecting_state)))
650   if(ssl_connect_3 == connssl->connecting_state) {
656   if(ssl_connect_done == connssl->connecting_state) {
657     connssl->state = ssl_connection_complete;
666   connssl->connecting_state = ssl_connect_1;
678   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
685   if(connssl->stream_sizes.cbMaximumMessage == 0) {
687                               &connssl->ctxt->ctxt_handle,
689                               &connssl->stream_sizes);
697   if(len > connssl->stream_sizes.cbMaximumMessage) {
703   data_len = connssl->stream_sizes.cbHeader + len +
704               connssl->stream_sizes.cbTrailer;
713                 data, connssl->stream_sizes.cbHeader);
715                 data + connssl->stream_sizes.cbHeader, curlx_uztoul(len));
717                 data + connssl->stream_sizes.cbHeader + len,
718                 connssl->stream_sizes.cbTrailer);
726   sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0,
826   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
836   if(connssl->decdata_buffer == NULL) {
837     connssl->decdata_offset = 0;
838     connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
839     connssl->decdata_buffer = malloc(connssl->decdata_length);
840     if(connssl->decdata_buffer == NULL) {
848   while(connssl->encdata_length - connssl->encdata_offset <
849         CURL_SCHANNEL_BUFFER_FREE_SIZE || connssl->encdata_length < len) {
851     connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
852     connssl->encdata_buffer = realloc(connssl->encdata_buffer,
853                                       connssl->encdata_length);
855     if(connssl->encdata_buffer == NULL) {
864         connssl->encdata_offset, connssl->encdata_length);
865   size = connssl->encdata_length - connssl->encdata_offset;
868                   (char *) (connssl->encdata_buffer + connssl->encdata_offset),
876         connssl->encdata_offset += nread;
883         connssl->encdata_offset, connssl->encdata_length);
886   while(connssl->encdata_offset > 0 && sspi_status == SEC_E_OK &&
887         connssl->decdata_offset < len) {
889     InitSecBuffer(&inbuf[0], SECBUFFER_DATA, connssl->encdata_buffer,
890                   curlx_uztoul(connssl->encdata_offset));
900     sspi_status = s_pSecFn->DecryptMessage(&connssl->ctxt->ctxt_handle,
922         while(connssl->decdata_length - connssl->decdata_offset < size ||
923               connssl->decdata_length < len) {
925           connssl->decdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
926           connssl->decdata_buffer = realloc(connssl->decdata_buffer,
927                                             connssl->decdata_length);
929           if(connssl->decdata_buffer == NULL) {
939           memcpy(connssl->decdata_buffer + connssl->decdata_offset,
941           connssl->decdata_offset += size;
946               connssl->decdata_offset, connssl->decdata_length);
957         if(connssl->encdata_offset > inbuf[3].cbBuffer) {
960           memmove(connssl->encdata_buffer,
961                   (connssl->encdata_buffer + connssl->encdata_offset) -
963           connssl->encdata_offset = inbuf[3].cbBuffer;
967               connssl->encdata_offset, connssl->encdata_length);
971         connssl->encdata_offset = 0;
981       connssl->state = ssl_connection_negotiating;
982       connssl->connecting_state = ssl_connect_2_writing;
995         connssl->decdata_offset, connssl->decdata_length);
998   size = len < connssl->decdata_offset ? len : connssl->decdata_offset;
1000     memcpy(buf, connssl->decdata_buffer, size);
1004     memmove(connssl->decdata_buffer, connssl->decdata_buffer + size,
1005             connssl->decdata_offset - size);
1006     connssl->decdata_offset -= size;
1010           connssl->decdata_offset, connssl->decdata_length);
1016         connssl->encdata_offset > 0 && connssl->encdata_buffer[0] == 0x15))) {
1057   const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1059   if(connssl->use) /* SSL/TLS is in use */
1060     return (connssl->encdata_offset > 0 ||
1061             connssl->decdata_offset > 0 ) ? TRUE : FALSE;
1079   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1084   if(connssl->cred && connssl->ctxt) {
1097     sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,
1113          &connssl->cred->cred_handle,
1114          &connssl->ctxt->ctxt_handle,
1116          connssl->req_flags,
1121          &connssl->ctxt->ctxt_handle,
1123          &connssl->ret_flags,
1124          &connssl->ctxt->time_stamp);
1142     if(connssl->ctxt) {
1144       s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);
1145       Curl_safefree(connssl->ctxt);
1149     if(connssl->cred) {
1151       if(connssl->cred->refcount > 0) {
1152         connssl->cred->refcount--;
1154               connssl->cred->refcount);
1158       if(!connssl->cred->cached && connssl->cred->refcount == 0) {
1160         s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
1161         Curl_safefree(connssl->cred);
1167   if(connssl->encdata_buffer != NULL) {
1168     Curl_safefree(connssl->encdata_buffer);
1169     connssl->encdata_length = 0;
1170     connssl->encdata_offset = 0;
1174   if(connssl->decdata_buffer != NULL) {
1175     Curl_safefree(connssl->decdata_buffer);
1176     connssl->decdata_length = 0;
1177     connssl->decdata_offset = 0;
1215   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1220   status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,

Indexes created Tue Jul 09 22:07:09 MDT 2024